Re: [Puppet Users] Re: Is it possible to install actual OS using puppet?
On Thu, Sep 12, 2013 at 4:03 AM, Steven Nemetz snem...@hotmail.com wrote: Take a look at razor https://puppetlabs.com/solutions/next-generation-provisioning https://github.com/puppetlabs/razor http://www.slideshare.net/PuppetLabs/puppetandrazor http://www.slideshare.net/PuppetLabs/razor-puppet You should probably also be aware that Razor is currently being rewritten to provide a more stable base for future work; we hope to have that out soon™, but I can't make promises about the schedule there. There are more details on why in the first message of this thread: https://groups.google.com/forum/#!topic/puppet-razor/q4uCVMmUop0 Razor is awesome, but I would caution that you should expect to roll up your sleeves, pull on your developer hat, and at least be ready to diagnose and report bugs -- if not fix them -- if you plan on using it. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Installing Operating systems
Razor is still pretty experimental, so I wouldn't recommend it unless you are comfortable with alpha software. It does integrate with provisioning, in the sense that it will hand off through a broker to Puppet (or Chef, or other tools), so it should have a smooth transition between provisioning and configuration. If you are interested there is a Razor mailing list, puppet-ra...@googlegroups.com, where you would be welcome to join us. We would love more feedback on if, and how, Razor helps solve your problems - or how it falls short! On Mon, Feb 4, 2013 at 10:32 AM, joe lava...@gmail.com wrote: There is also razor (https://puppetlabs.com/solutions/next-generation-provisioning/). It is only for provisioning (not assigning classes) and is the future of provisioning and puppet. On Monday, February 4, 2013 11:29:33 AM UTC-7, joe wrote: Puppet doesn't do OS provisioning itself. You'd need a separate system to do that part, then hand off to puppet after a minimal install has been completed. You can use a tool like Foreman (http://theforeman.org/). It will handle the provisioning of the systems and also integrates with puppet to assign classes and handle ssl certs. On Monday, February 4, 2013 4:28:53 AM UTC-7, Manish Singh wrote: Hello All, I am new to puppet and was trying to figure out whether puppet can handle the requirement I had. The requirement is to reinstall an OS (Windows, distributions of Linux) on slave machines before a job is executed. This is needed as we need a clean OS before executing the jobs on the nodes.. Is there a way using puppet that I plugin a machine to the puppet network, I can install a OS of my choice on the node and then that node gets added as a puppet node for further job execution? -Manish -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: [Puppet-dev] How can i create a class with this....?? Pls help
On Tue, Jan 22, 2013 at 12:30 AM, yarlagadda ramya rams.15...@gmail.com wrote:
You really want the `puppet-users@googlegroups.com` list for this sort
of question; the dev list is about modifying Puppet itself, not about
manifest level questions.
I have created two manifests one for moving and other for renaming the moved
file.
these are the two manifests i wrote.
1)exec{/bin/mv t2.txt /opt/tcs:
cwd =/opt,
2)exec{/bin/mv t2.txt trename.txt:
cwd =/opt/tcs,
How can i combine them in a class??
You need to check with the documentation at
http://docs.puppetlabs.com/references/2.7.latest/
You probably care specifically about the file type:
http://docs.puppetlabs.com/references/2.7.latest/type.html#file
...and the `require` metaparameter to ensure ordering:
http://docs.puppetlabs.com/references/2.7.latest/metaparameter.html#require
For how to put them in a class, this:
http://docs.puppetlabs.com/puppet/2.7/reference/modules_fundamentals.html
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Razor Mongodb related questions
On Sun, Oct 21, 2012 at 10:12 AM, Hong hong.s...@gmail.com wrote: I'm new to Razor and have two questions related to Razor Mongodb: Hey. A better place for developer type questions like this is probably the dev list, just because the volume of mail here on the user list can make it easy to miss. 1. Is there available Razor object relationship diagram that describes relationships between Razor slices? Not really. There is some per-slice documentation that kind of covers this here: https://github.com/puppetlabs/Razor/wiki What, concretely, were you looking for? I know that better documentation is needed, but having real stories about the questions people were trying to answer will help make it much better, much sooner. :) 2. Does Razor make use of Mongo's JSON doc store features like automatic secondary indexing on all JSON attributes? ...not really, in the sense that Razor doesn't actually have *any* sort of query across the data, just key lookup or full collection lookup. Why do you ask? -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: The free software tarballs are now difficult to find
On Monday, October 15, 2012 2:07:16 PM UTC-7, windowsrefund wrote: Windows (may I call you by your first name?), you seem to forget that I complimented your ideals before politely disagreeing. Your responses have been disproportionate to the discussion. Right now it's my opinion that you're more interested in ranting and raving on the Internet behind a dubious nom de plume than having a real discussion on this issue. Please prove me wrong. Jeff, Not sure if it's your browser settings but my name is Adam Kosmin. If you scroll up and review, you'll see no nom, no de, and no plume. Also, I'm not here to prove anything to you. As you can see, I've raised a serious discussion and have kept it on track despite your obvious attempts to derail the thread into something petty and personal. So, if you can answer the outstanding questions (see above), fee free to contribute. Otherwise, please find another thread to hijack. Hi. I am going to have to ask both of you to stay polite, and avoid personal attacks, if you want to continue to discuss this as part of the Puppet mailing list. Adam, for better or worse, all your messages show up to me as being from windowsrefund. Jeffrey, Adam had used his name several times in the body of the messages you responded to. As a company we welcome debate, and disagreement, around how we run our business. They often mirror internal discussions that we have had about exactly the same set of topics. We do require that they remain polite, and impersonal. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DdyHHY61wzMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: razor hang
On Thursday, October 11, 2012 5:34:47 AM UTC-7, Markus Falb wrote:
On 9.10.2012 18:39, Daniel Pittman wrote:
On Monday, October 8, 2012 9:30:37 AM UTC-7, Markus Falb wrote:
I was playing with razor today. But I am not going far.
ipxe is downloading the microkernel but stays at 98%
On the server side I see
/opt/razor/Razor/bin/razor -w boot default
'{hw_id:00:50:56:2e:c4:50___,dhcp_mac:01-00-50-56-2e-c4-50}'
/opt/razor/Razor/bin/razor -w image path mk kernel
{http_err_code:200,errcode:0,response:/opt/razor/Razor/image/mk/687EqtppQJQPbgeirdhZy4/boot/vmlinuz,command:null,result:Ok,resource:ProjectRazor::Slice::Image}
This suggests that the download of the microkernel finished
successfully. If so, why doesnt the microkernel do something? Or did it
and I only don't know how to tell?
The iPXE progress meter is a bit special, in the classic run to 99
percent, sit there forever sense, but you are not wrong: this is not
doing
the right thing.
The client should download the kernel, then download an initrd, and then
boot a full Linux environment and run in it. You should see the usual
(verbose) Linux boot sequence progress through.
well, my razor test server is a virtualbox guest bridged to the lan.
The virtual host box is connected by wire.
My initial test client was a vmware guest on my laptop which is
connected per wlan.
I tried a virtualbox guest instead on my laptop with similar experience.
It downloaded the kernel but hangs at the initrd.
i tried a virtualbox guest on the same host as the razor server is and
the kernel boots and registers with razor.
So I got something to work with at least, in a limited scope for now,
though.
Hrm. That seems to point fairly squarely to some oddity at the network
layer: sending those files is pretty close to static file serving. If you
could capture a packet trace to figure out what was happening that would be
great.
Thank You, hoping that the puppet mailing list is the appropiate media
for questions about razor.
Yes, it is - no problems there. :)
--
Daniel Pittman
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/LjBt0ZkvnlMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: razor hang
On Monday, October 8, 2012 9:30:37 AM UTC-7, Markus Falb wrote:
I was playing with razor today. But I am not going far.
ipxe is downloading the microkernel but stays at 98%
On the server side I see
/opt/razor/Razor/bin/razor -w boot default
'{hw_id:00:50:56:2e:c4:50___,dhcp_mac:01-00-50-56-2e-c4-50}'
/opt/razor/Razor/bin/razor -w image path mk kernel
{http_err_code:200,errcode:0,response:/opt/razor/Razor/image/mk/687EqtppQJQPbgeirdhZy4/boot/vmlinuz,command:null,result:Ok,resource:ProjectRazor::Slice::Image}
This suggests that the download of the microkernel finished
successfully. If so, why doesnt the microkernel do something? Or did it
and I only don't know how to tell?
The iPXE progress meter is a bit special, in the classic run to 99
percent, sit there forever sense, but you are not wrong: this is not doing
the right thing.
The client should download the kernel, then download an initrd, and then
boot a full Linux environment and run in it. You should see the usual
(verbose) Linux boot sequence progress through.
Maybe I am missing something. I installed the server side (32bit) the
non puppet way, I added a microkernel, I configured dhcp and tftp.
The only razor thing I did was an razor image add -t mk -p ...
Not sure what to do next.
Sounds like you need to figure out what is going on at that point: is data
still being sent to the client? tcpdump is probably the tool I would reach
for, to verify that, but http://ipxe.org/howto/pcap documents it well.
You might also try a debug build of iPXE to see more of what is happening
in their HTTP client; see http://ipxe.org/download#debug_builds for
details, but that does require building your own iPXE image.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/NeV4cPwik20J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [pe-users] MySQL and PuppetDB
On Mon, Sep 24, 2012 at 3:03 PM, Stuart Cracraft smcracr...@me.com wrote: Anyone know how to resolve this mysql issue in the log below? Something is wrong with your RVM built Ruby - it doesn't have the 'psych' library for YAML support. That isn't the root cause of the problem, but it will totally mess you up later, so you should fix that. The MySQL problem looks like it can't find the OpenSSL headers or development libraries on your system. You should install those; more details are hidden, as the system notes, in the `mkmf.log` for the MySQL gem. I don't recall where RVM hides those by default, but you should hopefully be able to dig it out of the RVM reference. Finally, I wouldn't recommend using Ruby 1.9 with a Puppet 2.7 release. There is some support in there, but it generally isn't a great idea. Better to stick with Ruby 1.8.7 for the moment. (When Telly releases using 1.9.3-p125 or later should be pretty solid. :) On a related note, can PuppetDB be substituted for mysql and if so how? Yes and no: PuppetDB can replace the built-in ActiveRecord based StoreConfigs, which are the only thing you need the Ruby MySQL bindings for. PuppetDB has an internal database, or can use an external PostgreSQL database for extra performance. So, you should be able to run up PuppetDB and replace the use of MySQL with it. If the internal database is too slow you can upgrade by installing an external PostgreSQL server and using that for PuppetDB data. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [pe-users] MySQL and Pupp
On Mon, Sep 24, 2012 at 7:37 PM, Stuart Cracraft smcracr...@me.com wrote: Notes with ++ Something is wrong with your RVM built Ruby - it doesn't have the 'psych' library for YAML support. That isn't the root cause of the problem, but it will totally mess you up later, so you should fix that. ++ Thanks. Have installed YAML and Psych at last. The MySQL problem looks like it can't find the OpenSSL headers or development libraries on your system. ++ What is a reputable site to obtain these at for Redhat 5/6? Can you share the paths to the rpms or tarballs? They should be available as part of the core RedHat software distribution. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Testing for dependency loops?
On Tue, Sep 18, 2012 at 11:58 AM, LTH lthar...@vcu.edu wrote: We've been doing a puppet parser validate file before putting a manifest into production. however that doesn't seem to catch dependency loops. Is there a way to test for such problems? Not without compiling a full catalog. On the plus side, `puppet master` has an option to compile a catalog for you, so you could substitute that into place in favour of just `puppet parser validate`. On the minus side, you need a full set of modules, manifests, etc in place to test with for that, and you need to run it for a specific node, so you better have the YAML (or inventory_service, or whatever) facts available for it. Part of the challenge is that there is no way to statically determine if a loop exists or not without fully evaluating the DSL. (In some cases it may be possible, but never generically, thanks to the ENC, hiera, and create_resources.) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why agent report is so slow?
The agent builds up an in-memory report no matter what; you can't avoid that. You could write a null report terminus that responds to save by simply discarding the data, though. That would remove the cost of YAML serialization. I guess the key question, though, is why you feel you need this? On Mon, Sep 17, 2012 at 12:14 AM, flex frostyn...@gmail.com wrote: Thank you, Daniel. Then how can we make puppet not generate the reports? I try to add 'report=false', but seems no effect. On Sat, Sep 15, 2012 at 2:46 AM, Daniel Pittman dan...@puppetlabs.com wrote: On Fri, Sep 14, 2012 at 3:16 AM, flex frostyn...@gmail.com wrote: Thanks, Daniel. We do have some recursive file copies and hundreds of other resources. So we'd better decrease the resources numbers? Well, that would be the only short term path to making report output faster - but, in general, if you are managing it you probably need to be managing it. :) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] Do you rely on 'param=undef' being equal to '(nothing)'?
On Mon, Sep 17, 2012 at 11:58 AM, Eric Sorenson
eric.soren...@puppetlabs.com wrote:
Aaron -- could you distill this down to a code sample? Unless I'm
misunderstanding, it sounds like your case is slightly different to the ones
I posted. Thanks.
I recognise the case; this is a different use and, as far as I
understand, shouldn't be changed.
(It is also consistent with how the *new* behaviour of undef vs
parameter defaults works. :)
On Friday, September 14, 2012 3:29:05 PM UTC-7, Aaron Grewell wrote:
I'm using the current behavior in inherited classes to unset parameters
set by the parent class. If that no longer works it will definitely impact
my code.
On Sep 14, 2012 11:31 AM, Eric Sorenson eric.s...@puppetlabs.com
wrote:
Hi, there's an issue that came up recently in the 3.0RCs -- Big thanks to
Erik Dalén for reporting it in #16221 -- that involves a behaviour change to
part of the DSL. In a nutshell, this code:
define foobar ($param='Hello world') {
notice($param)
}
foobar { 'test': param = undef }
in 2.7, causes 'Hello world' in the notice. In 3.x, it's nothing. As I
said in the bug, this seems more correct to me -- I've overriden the default
with an explicit 'undef', taking off the default. The same thing goes for
invoking parameterised classes with undef arguments, which is perhaps more
ambiguous (example from matthaus):
class toplevel (
$maybe = false,
$optional = undef ) {
if ($maybe) {
class { toplevel::secondlevel: optional = undef }
}
}
In order to make use of the default for the `optional` parameter in
toplevel::secondlevel, you'd now need to either test in `toplevel` whether
`$optional` was passed into it, or have toplevel::secondlevel use an
`$optional_real` value inside it, similar to what's commonly done to append
to defaults that are array values.
The closest thing to documentation around this suggests the new behaviour
is what's intended
http://docs.puppetlabs.com/puppet/2.7/reference/lang_classes.html#overriding-resource-attributes:
You can remove an attribute’s previous value without setting a new
one by overriding it with the special value undef:
class base::freebsd inherits base::unix {
File['/etc/passwd'] {
group = undef,
}
}
So, I'm trying to determine whether this is a widespread pattern or an
edge-case. Do you expect 'param=undef' to be the same as not specifying
param at all, or for the receiver to see the undef?
Eric Sorenson - eric.s...@puppetlabs.com
PuppetConf'12 - 27-28 Sep in SF - http://bit.ly/pcsig12
--
You received this message because you are subscribed to the Google Groups
Puppet Developers group.
To post to this group, send email to puppe...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/KtqHUAhcelcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why agent report is so slow?
On Thu, Sep 13, 2012 at 12:31 AM, flex frostyn...@gmail.com wrote: I use cron to run puppet agent, but recently i found the script takes too long time. After using '--debug', i got this log: 2012-09-13 15:19:53.928744500 debug: Finishing transaction 69941650538440 2012-09-13 15:19:53.928988500 debug: Storing state 2012-09-13 15:19:54.930995500 debug: Stored state in 1.00 seconds 2012-09-13 15:19:54.931145500 notice: Finished catalog run in 48.21 seconds 2012-09-13 15:20:03.721411500 debug: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (b64_zlib_yaml) 2012-09-13 15:20:03.721578500 debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml 2012-09-13 15:21:10.805932500 Puppet run done. The last 'Puppet run done' is a bash echo after puppet agent. So we can see it took 1 minute and more before the echo line. But if i set 'report = false' in puppet.conf, there is no such long time. Does puppet use this time to generate and send reports? In essence, yes: we build the report structure as we go, but transforming it for submission, and sending it over the wire, certainly take time. That is proportional to the number of resources you have in your catalog, including things like recursive file copies or tidies. How can i tune this? There really isn't any way to improve performance: there isn't (much) you can do to improve YAML output performance - although Telly, Puppet 3.0.0, will be a bit faster at building YAML when it is released. You could check to see if the performance problem comes from network transmission problems, but really there isn't much you can do to improve a single HTTPS request, which is how we submit the report back to the the master. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet temp file issue
On Tue, Sep 11, 2012 at 2:00 AM, Axel Bock axel.b...@arbeitsagentur.de wrote:
I am trying to manage /etc/sysconfig/apache2 with puppet. Due to our
internal security guidelines I have only rw- rights on the file itself, but
not the directory it's in.
Now this happens:
err: /Stage[main]/Bas3::Webserver/File[/etc/sysconfig/apache2]/content:
change from {md5}2f2fecac48d78829670ac6a6e1b0b280 to
{md5}eb3d9c635452cfa9be615f0412fc5e2d failed: Permission denied -
/etc/sysconfig/apache2.puppettmp_5605
For me it's pretty obvious that puppet tries to actually create a temp file
in the directory /etc/sysconfig, which of course must fail. (Funnily I see
the diff output before, which is kind of interesting, because puppet seems
to actually use a temp file under /tmp/... for that - why not simply copy
this one over, which is permitted by the file system rights?)
The answer to why do it this way? is simple:
If we write directly over the file, or if we write to /tmp and then
copy over the target file, there is a window when the system can crash
and you have neither the old version or new version of the file. For
larger files there is also a window where other processes can see a
half-written file.
Instead we write a temporary file and then use rename to replace it in
one atomic rename - which is the Unix way to achieve this result.
Can anyone help me out here? It's not urgent, but somewhat annoying, and I
don't really get why this does not work.
The semantics of Unix make it impractical to safely overwrite a file,
and you can't perform an atomic rename across devices. That means
that the only really safe bet is to use the same directory for
temporary files.
There isn't a switch to run in please, risk data loss for me mode or
anything, so you would have to patch the core file type in Puppet to
change this. (Which you probably don't want anyhow.)
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent as WSDL service
On Tue, Sep 11, 2012 at 11:16 AM, Kayode Odeyemi drey...@gmail.com wrote: I will like to have puppet agent as WSDL service that can be consumed from an external application. I want to be able to have access to puppet agents via some URL from an external application. We don't provide any WSDL descriptions of the network API, and it seems unlikely that we ever would. You can find documentation about the facilities exposed here: http://docs.puppetlabs.com/guides/rest_api.html We also don't expose much, if any, externally useful functionality from the agent on the network. If you describe what you are trying to achieve we can possibly help you work out how to achieve it. (PS: the development list is generally better for these sort of questions.) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can you copy directories from puppet master to the puppet client?
On Tue, Sep 11, 2012 at 1:04 PM, JGonza1 jgonza1...@gmail.com wrote: Is there a way to copy directories and the subdirectories under the parent directory with puppet master to puppet client? How would I do that? Yes: use the file server, and the `file` type with `recurse`. http://docs.puppetlabs.com/guides/file_serving.html http://docs.puppetlabs.com/references/latest/type.html#file -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent as WSDL service
On Tue, Sep 11, 2012 at 12:22 PM, Kayode Odeyemi drey...@gmail.com wrote: On Tuesday, 11 September 2012 19:35:27 UTC+1, Daniel Pittman wrote: On Tue, Sep 11, 2012 at 11:16 AM, Kayode Odeyemi dre...@gmail.com wrote: I will like to have puppet agent as WSDL service that can be consumed from an external application. I want to be able to have access to puppet agents via some URL from an external application. I'm providing a management interface to manage DNS and other services running on nodes. Some of the things I want to be able to do from the management interface are; change network address change nameserver Install and configure DNS server Ping a host machine Install BIRD Start an instance of BIRD change domain name change hostname stop dns server start dns server So from a click of a button I want to be able to start or stop a DNS server etc. That doesn't actually map super-well to the design of Puppet, since it doesn't instantly react to change, it reacts on a schedule. You can obviously make the latency low by running all the time, but it is still non-zero. The things you want to do are also not done by talking directly to the agent - you do those by having the catalog that is compiled for the node assert the things you want. So, you are really looking for a way to configure catalog compilation to do what you want, not to talk to the agent. Take a look at the documentation on https://docs.puppetlabs.com/ around the DSL and modules to figure that out; the best match for what you want is an ENC, or External Node Classifier, which you would have to provide yourself. All that said, if you really want *instant* results, you want to look at MCollective: http://docs.puppetlabs.com/#mcollectivemcollective -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Facter does not deliver ip addresses
On Thu, Sep 6, 2012 at 1:01 AM, Axel Bock axel.b...@arbeitsagentur.de wrote: I have no idea what my init scripts are doing actually :) . I am just wondering why nothing shows up when *I* run puppet agent --test. And it still confuses me that this seems to be a requirement (which I could not find anywhere ... not that I looked, though :) for a command line tool which usually runs in a localized environment. Puppet, and Facter, usually force the environment locale to 'C' before running external commands - precisely so that you don't have to worry about this. If you have found somewhere that doesn't do that, it is clearly and unambiguously a bug, and you should file a ticket at http://projects.puppetlabs.com/projects/facter/issues/new -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the intention of thin_storeconfigs?
On Fri, Jul 13, 2012 at 2:08 AM, Brice Figureau brice-pup...@daysofwonder.com wrote: On 12/07/12 10:29, Bernd Adamowicz wrote: I started doing some experiments with the configuration option 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. However, I could not determine any change in behavior. As others already have explained, with thin_storeconfigs, only exported resources, facts and nodes are persisted to the DB. With regular (thick) storeconfigs every resources are persisted to the database. ...and to follow up on this late: when you use PuppetDB, not only is performance better than full storeconfigs, it is usually better than thin storeconfigs. PuppetDB delivers this *without* giving up any information. I can't recommend strongly enough that you look to PuppetDB before you look to thin storeconfigs in production. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] UX/UI of puppet help when face actions have unmet dependencies
On Fri, Jun 29, 2012 at 9:11 AM, Randall Hansen rand...@puppetlabs.com wrote: On Thu, Jun 28, 2012 at 8:00 PM, Daniel Pittman dan...@puppetlabs.com wrote: No, mentioning STDERR is terrible UX, even if I know what it means. :) I think a better approach would be to capture the error and report it meaningfully. The mockup does that, albeit before the rest of help output. I think we were too wedded to keeping errors on STDERR. Including them again in STDOUT below the help sounds better. Pieter is absolutely right that reporting errors on the output channel is a bad habit in Puppet - it makes us wildly different to the Unix standard. Every normal application behaves the way we do now - errors to stderr - and if the user isn't looking, they have that same problem with every other application too. You should separate unavailable subcommands from available subcommands entirely - display them in a distinct section of the help output. I disagree. They should stay in the list and in alphabetical order so that customers don't have to look to hard for them. That doesn't obviate your (excellent) suggestion to include them below as well. So, perhaps the title of that should change from available subcommands to all subcommands or something? That was the key part that, to me, was worth making that change - that these were absolutely *not* available, because they were broken. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] UX/UI of puppet help when face actions have unmet dependencies
On Thu, Jun 28, 2012 at 5:37 PM, Jeff McCune j...@puppetlabs.com wrote: We're trying to come up with a nice way to indicate when a Puppet module like cloud provisioner breaks a Puppet subcommand because of missing dependencies. When this happens in the current 3.0rc branch, all help for all subcommands is unavailable. This isn't very helpful. Indeed, no. We're planning to simply mark the subcommands that have incomplete actions as unavailable. Here's a mock up of what we're thinking: It seems like you could also mark some as partially available, if some-but-not-all actions could be loaded. https://gist.github.com/3014923 Do you think the message, check STDERR in each of the node, node_aws, and node_vmware subcommands is adequate? No, mentioning STDERR is terrible UX, even if I know what it means. :) I think a better approach would be to capture the error and report it meaningfully. The autoloader will catch and log the loading errors to STDERRO before the help page is actually finished formatting, so the actual reason the face failed to load will be presented before the formatted help output. As an interim measure, just reporting that the face (or action) failed to load seems like a tolerable compromise - the root cause is clearly indicated already, and mentioning STDERR doesn't add much value. Fixing the autoloader so that we can report meaningful errors rather than having them hidden or just printed seems like a better long term strategy, but is obviously more work. :) Any feedback you have on making puppet help more helpful would be greatly appreciated. You should separate unavailable subcommands from available subcommands entirely - display them in a distinct section of the help output. That obviates the need to add visual decoration, allows more space for error display, and generally makes it clearer what is going on. You should consider colour in this, as recent changes to UX include colour highlights through the text - see the module tool for examples. I think you should treat faces with some actions that failed separately. Perhaps call them out in this display, perhaps not, but certainly treat them in the `puppet help node` style output as available actions vs unavailable actions. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: Puppet 3.0.0rc1 Available
On Tue, May 29, 2012 at 2:11 PM, hai wu haiwu...@gmail.com wrote: G'day. Maybe I am missing something major, but why we would need to install both hiera and hiera-puppet packages on every puppet nodes (including client)? My understanding is that hiera is just for backend data, and is only needed on puppetmaster .. Hiera is the library that underlays the Data/Model Separation feature in Telly. You are mostly right, in that it is only used during compilation of a catalog - we use it while we work through the manifests and turn it into things we can act on. What you have missed is that `puppet apply` also uses the compiler, and transforms manifests into catalogs, then applies them - just like the master and agent do, but on a single system. One of the supported, core ways to run Puppet is without a master. It is an important goal that you can always use `puppet apply` to do anything that `puppet agent` can do, without needing a central master. That means that anywhere puppet *apply* is installed requires Hiera - and that is part of the same package that includes the Puppet agent. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: Puppet 3.0.0rc1 Available
On Tue, May 22, 2012 at 2:59 PM, Erik Dalén erik.gustav.da...@gmail.com wrote: After some tweaks I got a 3.0 puppetmaster and client working. But if I try a 3.0 client against a 2.7 master I get the following error: Error: Failed to apply catalog: Could not intern from pson: source '#Puppet::Node:0x7f' not in PSON! That output is the default Ruby stringification of a class that doesn't otherwise support being turned into PSON. I know it isn't generally supported to run new clients against older master versions. But it would be very practical if it worked, is there anything I could do to get that working? Any clues why this error occurs? The 3.0.0 agent performs a node lookup to determine which environment the ENC (if any) expects it to be in. The 2.7 master doesn't support PSON encoding for the node object that is transferred as part of that - but apparently doesn't correctly error, just returns the default Ruby stringification of the object. You could use the routes.yaml file on the agent to change the node terminus from REST to something else (eg: plain or so) in order to avoid that check. That would bypass the specific issue, although we make absolutely no assurance that anything else will work correctly either. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Mon, May 21, 2012 at 12:33 PM, Deepak Giridharagopal dee...@puppetlabs.com wrote: On Mon, May 21, 2012 at 11:02 AM, Marc Zampetti marc.zampe...@gmail.com wrote: Right now, I can say that due to these types of issues, I cannot even evaluate PuppetDB, and will not be able to for the foreseeable future. How many hosts do you have? Would the built-in, embedded database work for you as an interim solution? Also, does this mean that the existing inventory service and store configs functionality goes away? The existing inventory service API is still supported, and in fact PuppetDB works as a backing store for that API. So tools and code that use that API currently will continue to work. Puppet 3.0 still includes the old ActiveRecord-based storeconfigs backend, which still works. Speaking formally, and for the platform team who maintain that code: We hope that PuppetDB is the answer to the current StoreConfigs problems. Until we have real world proof that it is stable, and effective, we are not even going to talk about when we remove the previous set of functionality. When we do that it will be with a long time horizon - over a major release, a year from now - so that we don't take anything away suddenly. From our point of view the embedded database is a good solution for teams that can't use the PostgreSQL store. Given ~ 2MB of JVM heap per active node, the embedded database has performance equal to or better than the current MySQL and SQLite ActiveRecord backed engines. That makes it reasonable for most deployments without an external database, even if it is not as much of a performance win. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Re: Taking github noise away from puppet-dev list
We expect to have that done by the end of this week. (Don't ask why it turns out to be so hard. I don't even want to think about it. ;) On Wed, May 16, 2012 at 1:17 PM, Eric Sorenson eric.soren...@me.com wrote: Not to be a pest, but um...whatever happened with this? Seemed like the response was pretty unanimously in favour. On Monday, April 9, 2012 2:09:07 PM UTC-7, Michael Stanhke wrote: Since our move to github for pull requests and patches, the usefulness of puppet-dev has declined significantly. puppet-dev used to be a great list for development discussion of puppet and the ecosystem around it. With the information and pull request emails from github, unless everybody has finely-tuned their email clients, the puppet-dev list has turned into mostly noise. We have a goal to foster development discussion from the community. Because of that, I am proposing we move the github notifications to a new list, puppet-commits. I realize this may have a consequence of reducing patch/commit discussion. This should be compensated by: 1. Still having a list where pull requests can be commented on 2. Ability to comment on pull requests directly on github 3. More forethought and discussion on the dev list prior to making a pull request/patch. 4. You can also watch the RSS feed for the puppet projects you have the most interest in. This decision isn't final, but I would like to get opinions on the idea. I welcome feedback until Friday, April 13. Michael Stahnke Community Manager -- You received this message because you are subscribed to the Google Groups Puppet Developers group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-dev/-/6zO7qOk7lgMJ. To post to this group, send email to puppet-...@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
On Fri, May 4, 2012 at 12:05 PM, Ohad Levy ohadl...@gmail.com wrote:
On Fri, May 4, 2012 at 12:05 PM, R.I.Pienaar r...@devco.net wrote:
- Original Message -
From: Pieter van de Bruggen pie...@puppetlabs.com
snip
* How should we integrate hiera_array() and hiera_hash() ?
* How should we integrate hiera ’s “default” and “override”
parameters?
* How should we handle overlaps between data supplied by Hiera
and data supplied in a parameterized class include?
Given:
class foo($something=default) { }
I think the plan was that there would be a priority order as below:
- someone wrote in a manifest: class{foo: something = something}
- an ENC supplied the values for something on the class foo
- someone did include foo or class{foo: } this would consult hiera
- if hiera does not have an answer it would default to default
Would be possible to define which function is called in this case? by
default that should be heira, but in case someone wants something else, I
think we should allow that?
The implementation of the automatic lookup is through an indirection
and terminus - so you can (theoretically) run with `none` as the
back-end, and you can supply your own Ruby code that implements the
lookup in some other way.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Supported Ruby Versions for Telly
On Sun, Apr 15, 2012 at 08:29, Dan White y...@comcast.net wrote: I would have no problem trying either one of these, but the PHB-objections I face are that these do not come from Red Hat or a reliable source. They might trust them if they came from PuppetLabs' repository, but even that is no guarantee. They are inconsistently paranoid about what they will permit into their production environment. They had kittens when I initially pulled Cobbler and Puppet from EPEL, while they build replacements for some packages from source and install from the source build rather than with an RPM. Please tell me if I understand the versioning requirements: I need ruby 1.8.7 or 1.9.3 on the machine acting as Puppet Master. The clients/agents can use ruby 1.8.5 for now. That is spot-on. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Beginners: New list suggestion?
On Mon, Apr 2, 2012 at 22:53, Denmat tu2bg...@gmail.com wrote: How about a 'serverfault' or 'stackoverflow' or the like site? One of the issues I find is that previous answers are lost in mail lists and hard to search for. IRC isn't much help for searching previous answers either. I would absolutely support getting a new StackExchange site for configuration management or something going. What it really needs is someone to drive that forward - you can't just ask for one, it needs a community. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Undocumented feature: puppet --noop
On Tue, Feb 14, 2012 at 10:32, Peter Valdemar Mørch pmo...@gmail.com wrote:
G'day Peter.
http://docs.puppetlabs.com/man/apply.html does not mention a --noop
parameter, but it works:
capmon@peter:~ puppet apply --noop -e 'file { /tmp/foo: ensure = present
}'
notice: /Stage[main]//File[/tmp/foo]/ensure: is absent, should be present
(noop)
Can I rely on this in future versions? If so, attached is a patch.
You can rely on it into the future, yes. Thanks for the patch, that
should have been documented.
Meanwhile, sorry that you didn't get a more immediate response. Our
general guidelines for contributing code are here:
https://github.com/puppetlabs/puppet/blob/master/CONTRIBUTING.md
I can't tell if you have already signed a CLA, but we can't accept the
code without that; the way to do that is noted in the contributing
link, but is done by creating a RedMine account at
https://projects.puppetlabs.com/ and then hitting the URL
https://projects.puppetlabs.com/contributor_licenses/sign to read and
sign.
It would be awesome if you could submit this as a pull request, but
without that it would be sufficient to get the CLA done.
Thanks.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Yaml server facts, weird message: id00
Hey. So, to answer your questions in reverse order: There is almost certainly no way to get the old behaviour back without running the older software. This isn't something we are deliberately doing, it is a property of the YAML encoder, which is working absolutely as designed. You should read the content by ... using an YAML reader. There are YAML libraries for pretty much any language you want to use, and that will get the data out. If you *are* using a YAML reader, and you don't get that back, you are welcome to report a bug - attach the problem file, and include full details of what YAML reader you are using, and we can check if there is some unexpected corruption going on or something. If you are not, and were reading it as some sort of textual content without doing the full YAML decoding pass, then stop. Use a YAML reader. :) On Wed, Feb 15, 2012 at 07:44, Marek Dohojda chro...@gmail.com wrote: PS... is there any way to revert it back to the old behavior? (I am not seeing this on RHEL5 with older Ruby). -Original Message- From: Marek Dohojda Sent: Tuesday, February 14, 2012 10:11 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Yaml server facts, weird message: id00 The problem I am having is that I am using this to pull inventory from the puppet server. I don't want to use mcollective since when server is down I can't get inventory. I been using this for a long time, without an issue. Not sure if this is RHEL6 issue or what? So how can I read the actual data from the yaml? (Sorry if I sound like a newbe) On the server I am read this information: puppet: 2.7.6-2 ruby: 1.8.5-22 RHEL: 5 client server: puppet: 2.7.10-1 ruby: 1.8.7.352-4 RHEL: 6 Thank you! -Original Message- From: Daniel Pittman Sent: Tuesday, February 14, 2012 5:06 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Yaml server facts, weird message: id00 On Tue, Feb 14, 2012 at 15:52, chrobry chro...@gmail.com wrote: I looked on google, and here but can't seem to find a solution to my issue. You don't have an issue. ;) I just deployed puppet to few servers, rhel6.1, and my /var/lib/puppet/ yaml/facts are having some weird variables in them. For instance on one of my servers server.yaml here is what I see: puppetversion: *id001 selinux_mode: id003 targeted memorysize: *id002 Could someone please point me towards the direction of what I am doing wrong? You mistakenly thought that YAML was intended for human consumption, which is absolutely not the case. That is a secondary priority, following on from fully serialize a graph of objects. So, those are references to already defined values, and are emitted to allow shared object references and/or compress memory consumption. Your data contains multiple references to the same object, and YAML reflected that. Nothing to worry about here. Those should expand when loaded correctly. PS. I deleted the files, and recreated them with same results. In addition on mcollective facts.yaml the same (bad) information appears. That, though, could be a problem. Are you saying that when you use mcollective it sees `id001` as the value of that fact? Can you show how you are invoking mcollective, and a demonstration of the output around the problem? Also, which versions of Ruby, and MCollective, are you using? -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Removing the ability to serve symlinks as symlinks from the master...
On Tue, Feb 14, 2012 at 06:54, jcbollinger john.bollin...@stjude.org wrote: On Feb 13, 4:58 pm, Daniel Pittman dan...@puppetlabs.com wrote: We recently found some issues with the `links = follow` setting in recursive file copying; the designed behaviour is that it should allow you to determine if the master serves a symlink in a module as a symlink, or as the content of the file that the symlink points to. The full details are here:https://projects.puppetlabs.com/issues/12418 The short version is that toggling that value doesn't work right - it won't notice changes from don't follow to follow. Our general feeling is that putting a symlink in a module, and expecting the same symlink to be created on the agent, is a bad strategy. It depends heavily on a whole lot of complex things, adds substantial complexity to the file serving code, and won't work on all platforms in a sensible fashion. There seems to be considerable confusion, or at least imprecision, in the description of the issue here, in the discussion in the bug database, and in the survey. As I understand it, the issue is not with putting a symlink in a module but rather with recursively managing a directory tree that contains symlinks. Modules appear to have nothing to do with it -- it's all about the behavior of the File resource type. That is more or less true; modules are relatively unrelated to this, although part of the motivation is understanding how to make things more predictable so we have less headache getting reusable modules built up. It shouldn't require recursive file copying for this to take effect, I think, but the uncertainty is part of the motivation here. Thanks for the feedback; we did look that content over before we released it, but we will try and put more effort into pre-testing the explanation before we release it to the wild in future. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Yaml server facts, weird message: id00
On Wed, Feb 15, 2012 at 13:55, Marek Dohojda chro...@gmail.com wrote: :: sigh ::: Back to the ol' drawing board. LOL. Sorry. Well I guess that's what I get by assuming that it will remain text, and not use macros. Silly me. YAML isn't my preferred tool for this sort of problem, because of exactly this. Sadly, yeah, a change to the underlying implementation presumably led to this greater degree of sharing, which is fine - as long as everyone else uses a full YAML stack to read it. :) Thank you so much for your help! No worries. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cache for the local system while offline
On Wed, Feb 15, 2012 at 17:26, Khoury Brazil khoury.bra...@gmail.com wrote: On Thu, Feb 9, 2012 at 1:09 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Feb 9, 2012 at 06:12, mukulm smilemukul2...@gmail.com wrote: I want to cache the updates for the users system received from the server so that the users can get the updates from the local system cache while offline. Any idea how can server updates be stored on the users system while offline ? You likely want `--usecacheonfailure`, or the equivalent setting in `puppet.conf`: http://docs.puppetlabs.com/references/stable/configuration.html#usecacheonfailure Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. That should also apply when you can't communicate with the master. Unfortunately, at least in my case, when I run puppet on a client that is off of the network (in this particular case its a Macbook Pro) it seems that something is failing locally, causing a warning: not using cache on failed catalog. […] This is the output from an offline debug run: macbookproagent:/ admin$ sudo puppet agent -t --debug One of the features of the `-t` or `--test` flag is that it disables use of the cached catalog when you can't fetch it down. Does it work better if you don't specify `--test`? If not, please file a bug report. :) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Yaml server facts, weird message: id00
On Tue, Feb 14, 2012 at 15:52, chrobry chro...@gmail.com wrote: I looked on google, and here but can't seem to find a solution to my issue. You don't have an issue. ;) I just deployed puppet to few servers, rhel6.1, and my /var/lib/puppet/ yaml/facts are having some weird variables in them. For instance on one of my servers server.yaml here is what I see: puppetversion: *id001 selinux_mode: id003 targeted memorysize: *id002 Could someone please point me towards the direction of what I am doing wrong? You mistakenly thought that YAML was intended for human consumption, which is absolutely not the case. That is a secondary priority, following on from fully serialize a graph of objects. So, those are references to already defined values, and are emitted to allow shared object references and/or compress memory consumption. Your data contains multiple references to the same object, and YAML reflected that. Nothing to worry about here. Those should expand when loaded correctly. PS. I deleted the files, and recreated them with same results. In addition on mcollective facts.yaml the same (bad) information appears. That, though, could be a problem. Are you saying that when you use mcollective it sees `id001` as the value of that fact? Can you show how you are invoking mcollective, and a demonstration of the output around the problem? Also, which versions of Ruby, and MCollective, are you using? -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd hanging on some nodes
On Tue, Feb 14, 2012 at 16:28, Gonzalo Servat gser...@gmail.com wrote: On Wed, Feb 15, 2012 at 11:02 AM, Daniel Pittman dan...@puppetlabs.com wrote: Sorry for not getting back to this sooner. If you are running 2.7.10, can you try removing the file `puppet/util/instrumentation/listeners/process_name.rb` and see if that fixes the problem? No worries Daniel. Yes. It did fix the problem and I did actually raise a bug on this (to avoid doubling up work): http://projects.puppetlabs.com/issues/12588 Oh, awesome. This is why the bug system works better than just email - someone else noticed and fixed it up. :) That code will be gone in the next release, and won't return until better behaved. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Removing the ability to serve symlinks as symlinks from the master...
G'day. We recently found some issues with the `links = follow` setting in recursive file copying; the designed behaviour is that it should allow you to determine if the master serves a symlink in a module as a symlink, or as the content of the file that the symlink points to. The full details are here: https://projects.puppetlabs.com/issues/12418 The short version is that toggling that value doesn't work right - it won't notice changes from don't follow to follow. Our general feeling is that putting a symlink in a module, and expecting the same symlink to be created on the agent, is a bad strategy. It depends heavily on a whole lot of complex things, adds substantial complexity to the file serving code, and won't work on all platforms in a sensible fashion. That is a substantial feature to drop, though, so we wanted to gather some more information on how people use this capability and what y'all think about it. If folks would take a minute and fill in a brief survey about this, that would be great: https://docs.google.com/a/rimspace.net/spreadsheet/viewform?formkey=dGE2R09HZ2tIdFFSdDhHQ3dQOHVGZlE6MQ We will be using the data from that form as one of the most significant parts of our decision, so while we welcome feedback by email, or on the ticket, adding the raw data to the survey is pretty valuable. Feel free to get in touch with me if you have any further feedback on this process, the survey, or any other meta issue around how we are managing this. This is, obviously, a new way to try and figure out what we should do, and we want to make sure that we catch any problems with it early. Thanks. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cache for the local system while offline
On Thu, Feb 9, 2012 at 06:12, mukulm smilemukul2...@gmail.com wrote: I want to cache the updates for the users system received from the server so that the users can get the updates from the local system cache while offline. Any idea how can server updates be stored on the users system while offline ? You likely want `--usecacheonfailure`, or the equivalent setting in `puppet.conf`: http://docs.puppetlabs.com/references/stable/configuration.html#usecacheonfailure Whether to use the cached configuration when the remote configuration will not compile. This option is useful for testing new configurations, where you want to fix the broken configuration rather than reverting to a known-good one. That should also apply when you can't communicate with the master. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to add Node Description as extra column in table overview
On Thu, Feb 9, 2012 at 01:18, Dig Deeper deeepdig...@googlemail.com wrote: I have about 20+ nodes managed with Puppet, and they all have names like xyz-123. I added a description to each of them (e.g. like test build server, production DB 1, etc.). Now what I would like, is to have these description strings displayed in the dashboard tables (e.g. All, Unresponsive, etc.) as an extra column next to Node name. This would help in identifying much quicker whats going on, or whats wrong. Any way to enable that? No, not as part of the product. You could obviously patch Dashboard, which wouldn't be impossibly hard, but it isn't in by default. You could also file a feature request asking that it be added, which helps let the folks working on that product know what you care about. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Researching Puppet - Local host variations
On Tue, Feb 7, 2012 at 06:17, thinkwell thinkwelldesi...@gmail.com wrote:
First-time poster investigating Puppet for managing CentOS-based
firewall distros at various locations. I have approximately 130
machines to administrate so some type of config management is
certainly needed.
I've been working through Puppet tutorials and I'm wondering if Puppet
will do what I need; all machines are very similar. However each
machine will have small differences. For example,
1. SSH Ports: Machines have custom SSH ports so that's one variable
that would prevent me from just copying sshd_config.
[...]
3. Iptables: All machines have standardized Iptables rules in /etc/
rc.d/rc.firewall.local. But again each machine has rules on a per-host
basis.
Originally, what I thought I could do is have certain sections of the
config files managed by Puppet, with other sections managed by local
edits on a per-host basis. But I'm gathering that's not how Puppet
works - you manage the whole config file and apply various config
versions based on Facter facts, node types, etc. If that's my only
option, I'll have to maintain custom conf files on Puppetmaster for
every host!
If every host is unique, you already maintain custom files for every
host, right? The only difference in the Puppet model is that you can
*see* the them in one place, so you are aware of just how much work it
is making that work the way you want.
However, you can do other things. You can use facts to make decisions
based on the nature of the machine, as you would with the cache size
for Squid.
You can use a parameterized class or a template, and set the SSH
port on a per machine basis as data, then use the same configuration
template for every node. That moves from a whole file to the
specific data we need to be unique, which is much easier to reason
about in the long term.
Finally, you can use things like `file {
/etc/rc.d/rc.firewall.local: source =
puppet:///modules/firewall/rc.firewall.${fqdn} }` to use a per-host
fact to select which configuration file you want. File even supports
multiple sources, and selecting the first one, so you can have it
look for a per host, then per class, then default firewall
configuration.
Ultimately, though, you are *seeing* the problem you already had, just
laid out in a way that calls attention to it.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd hanging on some nodes
On Tue, Feb 7, 2012 at 23:56, Gonzalo Servat gser...@gmail.com wrote: On Wed, Feb 8, 2012 at 3:25 PM, Brian Gallew g...@gallew.org wrote: If you are like me, the problem is that the ruby for your platform sucks. The webstack ruby 1.8.7 for Solaris 10 has a nasty tendency to hang (for the daemons) and core dump for individual runs. Individual runs out of a crontab are the most reliable way I've found to make it all work. This is ruby-1.8.7.299-7.el6_1.1 and I am running Puppet out of crontab, but it's still frequently hanging. Right about now it has hanged again on several nodes. Any ideas? RedHat released some update kernels that reintroduced a bug from the 2.6.13 Linux kernel. You can run any of the code in this gist to check if your kernel suffers that: https://gist.github.com/441278 The C code is obviously a pretty good choice, as it excludes Ruby entirely from the problem space, and will confirm if that is your root cause. (The bug is that select on a file in /proc hangs for a long time, possibly forever, and Ruby will use select on a file if there are enough handles open. This happens in some daemon configurations.) - Gonzalo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd hanging on some nodes
On Wed, Feb 8, 2012 at 14:40, Gonzalo Servat gser...@gmail.com wrote:
On Thu, Feb 9, 2012 at 5:44 AM, Daniel Pittman dan...@puppetlabs.com wrote:
RedHat released some update kernels that reintroduced a bug from the
2.6.13 Linux kernel. You can run any of the code in this gist to
check if your kernel suffers that: https://gist.github.com/441278
The C code is obviously a pretty good choice, as it excludes Ruby
entirely from the problem space, and will confirm if that is your root
cause.
(The bug is that select on a file in /proc hangs for a long time,
possibly forever, and Ruby will use select on a file if there are
enough handles open. This happens in some daemon configurations.)
I tried the C code (with vda, instead of sda, as this is a VM using virtio)
and the result matched the good section of that url you pasted.
On stracing a hung puppetd run, I see infinite number of these:
select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout)
gettimeofday({1328740663, 962461}, NULL) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
Damn. Well, at least we eliminated one possible cause. Is there any
chance you can run with `--debug` enabled on one of the failed
machines, and see if that points to the right place? Otherwise we
have to start to get into some fairly heavy ways to figure out what is
going on.
We can't trivially reproduce this in-house, though we will keep trying.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On Wed, Feb 8, 2012 at 15:34, Aaron Grewell aaron.grew...@gmail.com wrote: I've got a bit of a head-scratcher here, though I'm sure it must be something small. I'm trying to enable a service for next boot without starting it. That usually just works but for some reason this time around it isn't. The node keeps trying to start the service which will always fail because it requires a reboot in order to enable the necessary kernel parameters. How do I make Puppet stop trying to start the service? You can't: if you tell Puppet to ensure the service is running, it will try to start it every time it finds it out of compliance. There is no standard way for the service to communicate that a reboot is required either. Your best bet might be one of: 1. Don't ensure that is running with Puppet, use something else that is more tolerant or silent. 2. Have an exec that checks those kernel parameters for kdump and automatically reboots. Obviously 2 has ... some risks. :) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On Wed, Feb 8, 2012 at 16:13, Aaron Grewell aaron.grew...@gmail.com wrote: On 02/08/2012 04:11 PM, Daniel Pittman wrote: You can't: if you tell Puppet to ensure the service is running, it will try to start it every time it finds it out of compliance. Look at the code. I didn't ensure = running. I set enable = true. AFAIK that doesn't mean 'start the service'. Ah. Sorry, I missed that one small - but critical - detail. My bad. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Exported resources and inventory service?
The fact data is the same, but copying it into the StoreConfigs database won't make any different to initial performance getting it populated. The catalog data is not duplicated between the two, and is only in StoreConfigs. That is the heavier part of the data, and you can't do anything other than let node catalog compilation fill that out. On Mon, Feb 6, 2012 at 15:58, George Heppner ge.hepp...@gmail.com wrote: I guess I'll find out on my own soon enough, but can I at least pre- populate the stored configs database using some of the tables within the inventory service? Do the host facts tables in the inventory database mimic what you end up creating with stored configs? It would be great if I could just dump the facts stuff out of the inventory db and bootstrap the stored configs database with it so I don't have the pain of initial population. On Feb 3, 11:42 am, Daniel Pittman dan...@puppetlabs.com wrote: On Fri, Feb 3, 2012 at 11:38, George ge.hepp...@gmail.com wrote: I'd like to start usingexportedresources, so I see I need to turn on stored configurations. I'm already running theinventoryservice, and it looks like there is a certain degree of overlap between what the inventorydb is storing and what stored configs is storing - at least as far as host facts goes. Is there some plan to unify these two services? It seems wasteful to store host facts in two places. We have plans, but nothing with a concrete release date yet. It is, as you observe, duplicating the data at the moment. Hopefully in the Telly timeframe we can have something better, but we don't have a concrete date on the roadmap yet. -- Daniel Pittman ⎋ Puppet Labs Developer –http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exported resources and inventory service?
On Fri, Feb 3, 2012 at 11:38, George ge.hepp...@gmail.com wrote: I'd like to start using exported resources, so I see I need to turn on stored configurations. I'm already running the inventory service, and it looks like there is a certain degree of overlap between what the inventory db is storing and what stored configs is storing - at least as far as host facts goes. Is there some plan to unify these two services? It seems wasteful to store host facts in two places. We have plans, but nothing with a concrete release date yet. It is, as you observe, duplicating the data at the moment. Hopefully in the Telly timeframe we can have something better, but we don't have a concrete date on the roadmap yet. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] pip and virtualenv
On Fri, Feb 3, 2012 at 04:18, lfrodrigues lfrodrig...@gmail.com wrote: I would like to use pip to install some python modules. The problem is that I want to keep all my stuff isolated. I saw this https://projects.puppetlabs.com/issues/7286 about virtualenv support. Anyone knows at what stage that is? Any other solution for virtualenv and pip? We don't have any virtualenv support, and we have recently rejected similar changes to the yum provider to install to an alternate root. My strong inclination is to think that, like the rvm/gems, and yum or rpm / installroot options we don't have a good model for this yet. Moving forward would require someone proposing a good change to the model - the package type - that would cleanly map to the required semantics of each of the various implementations of these things. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Catalog Service
On Wed, Feb 1, 2012 at 17:01, Nigel Kersten ni...@puppetlabs.com wrote: On Tue, Jan 31, 2012 at 10:53 AM, blomquisg blomqu...@gmail.com wrote: A while back I stumbled on http://projects.puppetlabs.com/projects/puppet/wiki/CatalogServiceArchitecture. What's the status of the Catalog Service Architecture? I couldn't find references to it on this list It's rather out of date, and we're going to update/delete that doc to make it clear. I had a look over it, and while it lives on in the history of the wiki, it is far enough from current thoughts that removing it was the better option. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
https://github.com/puppetlabs/puppet-module-tool We are working to integrate that better with the rest of the product, so it ships by default, but the external version will work for now. On Tue, Jan 31, 2012 at 04:58, sateesh bbalasate...@gmail.com wrote: Is there anything like chef knife in puppet. I want to install the specific module on the plain ubuntu machine using puppet scripts. Thanks in advance, Sateesh B. On Dec 9 2011, 10:22 am, Brian Gupta brian.gu...@brandorr.com wrote: I would consider the following a small list of pros and cons for the three tools: Pros: Cfengine: Not written in Ruby, so currently is more efficient with system resources. Puppet: IMHO has the most approachable syntax of the three (for sysadmins), and the strongest community. It also has the widest platform support, with a lot of preexisting code and code examples out there. Chef: Configs are written in Ruby, and somewhat modeled on Rails development patterns, so it is relatively easy for Ruby/Rails devs to pick up. Also, Chef was designed from the ground up for the cloud, so is focused on things like dynamically spinning up cloud instances. (Check out knife and databags) If you don't want to manage your own Chef server you can get it as a preconfigured service. Cons: Cfengine: Can be a bit challenging to learn, especially the promise theory. Puppet: Particularly with older versions of Ruby can have memory usage issues. Variable scoping is not ideal. These issues are manageable though. Chef: No true dependency graphing, (implicit execution order) Setting up a chef server is a bit on the challenging side, since it has a number of requirements that don't fall into very common use. (Erlang based CouchDB, and Solr). Learning Ruby is mandatory. None of these tools are perfect and each have their warts, but any one of them would make your life a lot easier. I'd say though that I prefer Puppet over cfengine in almost all cases (except maybe a case where I am managing only machines that have very tight resource constraints). Chef vs Puppet it depends. If I was working entirely in the cloud and I had a very dynamic environment, or was a Ruby shop, Chef would probably be my choice. In almost all other cases I would go with Puppet. That said, the Puppet community is working to address the Cloud deployment differences, so if the cloud is in the future but not a now thing, I wouldn't let that effect your decision. (And puppet does work in the cloud today, just the support is relatively new and not yet as robust as Chef's) All in all, for the reason of community and ecosystem alone, I'd say go with Puppet. Here are some random syntax examples: cfengine:http://www.sysadmin.hep.ac.uk/wiki/Cfengine:_Installing_Xrootd_with_c... puppet:http://people.redhat.com/dlutter/puppet-app.html chef:https://github.com/opscode/cookbooks/blob/master/apache2/recipes/defa... Cheers, Brian P.S. - Another tool to look at, that I have *heard* good things about is bcfg2, but it isn't nearly as popular as the others. -- http://aws.amazon.com/solutions/solution-providers/brandorr/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Conditionally replace in file type
2012/1/26 Juan José Presa Rodal juan...@gmail.com:
(I noted that; since this topic was followed up elsewhere I figured to
repeat myself. :)
Ok Daniel, thanks for your reply, but I have not control about these
individual noreplace files because are $hostname dependent.
Generally, what we would encourage is then that you define them on a
per-hostname basis. You can do that at the node level, or you can
push that down through a define or parameterized class, but the key is
to model that - on a per host basis.
I assume you meant they are different on every host, rather than
literally being a file with the hostname in it; for that you could
just go with `file { /path/to/${hostname}.cfg: ... }` to define the
files. :)
hostname1/home/user/foo/bar/johndoe05/file1.cfg
hostname2/home/user/foo/bar/maryjoe02/file1.cfg
That was the reason for I need something recursive, similar to ignore
parameter. (Or a workaround)
Define them per-node. :)
node hostname1 {
# define it in the node
include common::stuff
file { /home/user/foo/bar/johndoe05/file1.cfg: ... }
# use a parameterized class
class { something::else: configpath = /home/user/foo/bar/johndoe05 }
# ...or a define.
some::define { whatever: configpath = /home/user/foo/bar/johndoe05 }
}
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is it possible to conditionally replace a file ?
2012/1/25 Juan José Presa Rodal juan...@gmail.com:
Hi, I would like to achieve a conditional file replacement but lightly
different. I deploy recusively a directory with a lot of config files. This
is my resource:
file {/foo:
ensure = directory,
recurse = remote,
source = puppet:///modules/module_name/configs/${hostname}/foo,
ignore = [no_replace1.cfg,no_replace2.cfg],
}
I need to ignore these two files because they will not be puppet managed but
initializated by puppet.
A recursive file resource is less specific than a file resource
managing an individual file.
If you install those two configuration files with `file {
.../no_replace1.cfg: ensure = present, ... }`, Puppet will put them
in place if they are missing, but otherwise ignore their content. It
will also prevent the recurse from overwriting them.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Now that we have puppet node install....
On Thu, Jan 26, 2012 at 11:06, Juri Rischel Jensen juri.risc...@gmail.com wrote: I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? Gems are generally a pretty bad user experience for install - we have lots of feedback here to indicate that they cause lots of headaches. I would suggest, instead, that you either use the OS packages we produce, or roll your own deb or RPM package that you can easily enough track trunk with. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?
On Thu, Jan 26, 2012 at 10:39, Steve Traylen steve.tray...@cern.ch wrote: On 26 Jan 2012, at 19:29, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Jan 26, 2012 at 03:57:08PM +, Steve Traylen wrote: After upgrading a server and client from 2.6.13 to 2.7.10 my configuration with array attributes are behaving differently. 3 examples: […] Can you please tell me the ruby version you are using? So we can rule 1.8.5 incompabilities out? Hi, Stefan, other than puppet and facter which are from the puppetlabs repo everything is rhel6 defaults so ruby 1.8.7 and facter 1.6.5 Hrm. Looks like that might be a bug. Can you file tickets reflecting the different issues you are hitting? -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64
On Thu, Jan 12, 2012 at 10:05, Ramesh Kumar rameshkumar...@gmail.com wrote: Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64. You are likely to get better responses over on the PE users mailing list: https://groups.google.com/forum/#!forum/puppet-users -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with not installing package, exec do an error
On Fri, Jan 13, 2012 at 11:04, coralie ve coralie...@gmail.com wrote:
I have a list of successive package, and it occured that some package
are not installed.
[…]
So i try something desperate :
exec { 'sudo apt-get install libmemcached-dev':
path = ['/usr/bin'],
alias = memDev,
require = Exec[updateGem],
}
Unfortunatly it doesn't work either : err: /Stage[main]//Exec[sudo apt-
get install libmemcached-dev]/returns: change from notrun to 0 failed:
sudo apt-get install libmemcached-dev returned 1 instead of one of [0]
at /mnt/hgfs/puppet/install.pp:10
I would prefer to do it with package, so if someone have an idea.
It looks to me like your problem is with `apt-get` itself, rather than
Puppet - we can't install a package if the underlying tool refuses to
do so.
At a guess, the `sudo` in the exec is not going to help, but since the
agent runs as root you shouldn't have a problem.
So, can you try running the `apt-get install libmemcached-dev` package
by hand and see what the output is? Paste it into this thread if you
can't figure it out directly from that.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Password not changing during polling event but does using puppetd -vt
On Thu, Jan 12, 2012 at 14:08, Andre an...@andaff.com wrote: I have created a class for the root user that uses the User resource to manages the root password. All seems to work well and as expected when I use puppetd -vt on a machine (or if I restart the service on the client) but during a regular polling event the password is not changed and when I go into the dashboard I can see that the event for running my class is run. Just to make sure the clients are working properly, I added a line to a managed file and got the expected results of the file being replaced. Is this expected behaviour that I don't know about? Nope. Is there a way to put a client puppetd process into debug and trace so I can see the results? If you run it with `--debug` and `--trace` as a daemon, those log messages will go to syslog like everything else. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Set hourly of execution with service puppet
On Fri, Jan 20, 2012 at 10:22, Douglas Brancaglion douglas.rea...@gmail.com wrote: I'm from Brazil, and i'm learning puppet. I need set interval in puppet client for sync with puppetmaster... How i do it? The documentation on all the settings is here: http://docs.puppetlabs.com/references/stable/configuration.html You can find the appropriate setting, and the rest of our configuration, documented in there. (You want the `runinterval` setting this time. :) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone know a good tool for 'watching' configurations?
On Tue, Jan 24, 2012 at 08:02, NixFU nixfu.ni...@gmail.com wrote: Now that we have configuration management for our OS and we are actively managing our operating systems nearly hands off we want to now start doing some configuration mgmt of our applications. We don't frankly see having all our application teams use puppet or anything else to actively manage their applications. What we would like to do is watch the applications and know when things change. Basically, watch the directories that the developers put their applications into and keep a history of what changes and when. Does anyone have any idea on if there are any tools that can provide the ability to watch directories for changes like that. The Puppet Enterprise suite includes some compliance tools that use the Puppet model to watch the system and note changes - at the level of resources, rather than just files, so you can monitor, eg, user and service resources. Beyond that, I don't know of anything that works at a higher level that this file changed - but I have never really invested much effort in looking. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Moving to RVM Ruby 1.9 and Puppet
On Thu, Jan 26, 2012 at 07:52, Matt mjbl...@gmail.com wrote: Has anyone had any experience with using RVM with Puppet? Many, probably most, of the developers here use RVM around Puppet development. I know with puppet 2.6 it directly invokes /usr/bin/ruby on RHEL based OSes but in 2.7 I see that its using env to invoke ruby. It should just work™ the same way anything else Ruby-ish does. Is there a noticable performance increase with ruby 1.9 over 1.8? Not that you are likely to see; most of the performance issues people hit with Puppet are caused by things other than MRI or 1.8.7 being slow. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Conditionally replace in file type
On Thu, Jan 26, 2012 at 13:35, krish das.srikris...@gmail.com wrote:
I am ignoring these two files (file1.cfg,file2.cfg), cause they are
dynamically modified by the application. So, not puppet managed.
And here's my problem. Because on the other hand I have to initialize both
files in the first run.
first application run?
How would you generally initialize them manually?
The right answer to these problems is almost always that you have a
`file { .../foo: ensure = present }` resource in Puppet: that will
put it in place if the file is not present, using whatever source you
give, but will not touch the content of an existing file.
If you are using a recursive file resource to put the rest of the
content in place around this, no problem, because the more specific
file resource will override the recursive one, and you won't
overwrite. :)
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] My ENC won't work, YAML is valid AFAIK
On Wed, Jan 25, 2012 at 15:15, jblaine cjbla...@gmail.com wrote:
If anyone has any ideas, please share. I'm at a loss.
YAML from Puppet Enterprise 2.0.0 default ENC:
---
name: rcf-cm-master.our.org
parameters: {}
classes:
- core-permissions
YAML from my Python ENC using PyYAML. This results in 'cannot find node'.
---
classes:
- core-permissions
name: rcf-cm-master.our.org
parameters: {}
Note that putting the YAML output above in a file and loading it with Ruby's
YAML::load does not throw an exception.
I'm stumped :|
Both of those produce exactly the same content when loaded with the
default Ruby YAML parser, which should be how we load that stuff, and
everything works from my local testing too. :/
Can you dig deeper into what is going on inside your script? Perhaps
something else is going wrong?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/VChRtFes9wEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] My ENC won't work, YAML is valid AFAIK
On Wed, Jan 25, 2012 at 17:19, jblaine cjbla...@gmail.com wrote: IDEA: Allow for a special YAML document to be spit out by custom ENCs when error conditions in the ENC are hit. It would contain information that can be shown in the console/reports ? Sounds good. I am happy to look at extending the exec ENC protocol to support that. I would take a patch, but if you just want to file a feature request we will look to this when we next touch that protocol. (Which is probably not that far off, for unrelated reasons.) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scaling projections for dashboard database?
On Tue, Jan 24, 2012 at 14:55, Jo Rhett jrh...@netconsonance.com wrote: Sorry for the long delay, had my head down on some other issues. Reply below. On Jan 10, 2012, at 10:55 AM, Daniel Pittman wrote: Yes. It sounds like the current storage of reports isn't going to work well for you, at least if you want to retain history. This is absolutely unfortunate, and is one of the serious shortfalls we are aware of around the Dashboard and StoreConfigs databases. We are working on improving these, but there isn't anything presently public available. My main concern here is that we're keeping a large amount of data twice. We have the report file, and then we have all of the same content in the database. I think that it should be documented: 1. What does keeping the reports around give you? 2. What does keeping the database reports around give you? If I am right, we could stop storing the reports for as long if we can browse them in the dashboard interface, right? Or is there some loss of functionality by discarding reports after just a few days? Yeah, you can ditch the files on disk in favour of the database with no real loss of anything. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] more fun and games...(exported resources)
Yes. Also, in earlier versions of Puppet - including most of 2.7 - the local part in that message is a ... well, lie isn't quite the word, but it is misleading. It can also be a resource exported by another machine. :) On Wed, Jan 18, 2012 at 09:25, Peter Berghold salty.cowd...@gmail.com wrote: So I should logic in to export it just one time... On Jan 18, 2012 12:07 PM, Nan Liu n...@puppetlabs.com wrote: You probably have multiple server exporting the same resource when you only intend to export this particular resource only once. Nan On Jan 18, 2012, at 7:59, Peter Berghold salty.cowd...@gmail.com wrote: I guess my kludge didn... -- You received this message because you are subscribed to the Google Groups Puppet Users group -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ignoring a service that doesn't exist
On Tue, Jan 17, 2012 at 13:09, Christopher Wood
christopher_w...@pobox.com wrote:
I definitely need some assistance in conceptualizing something.
If I want to configure syslog-ng instead of rsyslog, or configure rsyslog
instead of sysklogd, the previous syslog daemon has to be stopped (and
disabled) before the new one starts. De-configuring the previous one works
just fine when the service (init script) exists on the system:
$disable = ['rsyslog', 'syslog']
service { $disable:
enable = false,
ensure = stopped,
}
But when the init script doesn't exist, I get something like this:
Jan 17 15:05:44 dpuppet-01 puppet-agent[4011]:
(/Stage[main]/Sysklogd::Disable/Service[syslog]/ensure) change from running
to stopped failed: Could not find init script for 'syslog'
How would I say if it's there, disable it, if not, ignore it in puppet DSL?
exec { damn!: … }
Sadly, there isn't any way to express this in the DSL. I suspect
there might be a feature request already, but I can't find one, so can
you file one? This seems like a useful thing to do, without thinking
too deeply about it.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Stupid Exec
In a recent version of Puppet - one that provides the `shell` and
`exec` providers for exec - none of this should be necessary.
If you give the `shell` provider, you will get your command run with
the default shell, which should do the right thing. (Obviously, if
the Solaris `/bin/sh` doesn't like your code, it won't work ;)
Daniel
On Wed, Jan 11, 2012 at 03:12, Andrew Hendry andrew.hen...@gmail.com wrote:
Did you sort this one out? I also found out puppet on some solaris
systems doesn't like [ or ( as first character.
A hack to get past it was to change the first character
$command = true ( /apps/path/scripts/install.sh || true ) touch /etc/
On Fri, Jan 6, 2012 at 7:52 AM, Jo Rhett jrh...@netconsonance.com wrote:
On Jan 5, 2012, at 7:42 AM, ollies...@googlemail.com wrote:
$command = ( /apps/path/scripts/install.sh || true ) touch /etc/
puppet/puppet.script.done
exec { install:
command = $command,
Remember that putting something in double quotes is a request to have the
value (re)evaluated for metacharacters. I doubt you want this. I would put
the command itself in single quotes, and then just use
command = $command,
...since what you want is for the shell, and not puppet, to be evaluating
those metacharacters.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and
other randomness
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Daniel Pittman
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet capacity with apache+passenger, server saturated
On Wed, Jan 11, 2012 at 02:09, Antonio Xanxess antonio.sanchez.agui...@gmail.com wrote: Ramin and Gabriel Thanks for the answer and feel the delay in replying. Solve the problem of abusive use of memory by modifying some parameters of passenger, shortening the lifetime of instances of puppetmaster and performing a triple nodes dispersion: Dispersion time (the nodes spend their settings every 2 hours), dispersion in minutes (establishing a random minute from a seed file) and dispersion in seconds (by performing a random sleep before calling puppetd), so I get the machine down their consumption noticeably. FWIW, the `puppetcommander` feature that MCollective supports is an awesome way to do this - it gives you a central point responsible for making sure that load is spread about your network as efficiently as possible. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Triage-A-Thon
Those are high priority for the platform team anyhow, but if there is something you feel we have missed shoot me an email with the ticket number and I will try and get it bumped up in priority. Daniel On Tue, Jan 10, 2012 at 10:06, Brian Gallew g...@gallew.org wrote: Does this mean that the tickets which are just awaiting merge (including all the relevant unit tests) will get done some day soon? On Jan 9, 2012, at 11:36 PM, James Turnbull wrote: Love Puppet? Hate the backlog of tickets? Want to help us out? The Puppet community has grown really fast and a lot of you have logged tickets and issues. We’ve tried to give those tickets as much love as we could but some slip through the cracks and sometimes we get overwhelmed. We’ve recognized this and want to try to get a handle on the backlog of tickets. But we need your help to do this. What we’re going to do is hold a Triage-a-thon hosted locally in our offices, virtually on IRC (Freenode #puppethack) and the Web. http://puppetlabs.com/events/triagepuppet/ We’re going to review all the open tickets in the Puppet project with a view to: * Update and confirm that issues are still relevant * Ensure tickets are in the right status and all the right information is present to help us resolve it * Close any invalid or no longer relevant tickets We’ll assign blocks of tickets to every participant, have documentation explaining what you need to do and provide people on the ground to help you make decisions and answer questions. Triaging starts Saturday January 21st from 7am and last until 4pm (-8 GMT). We’ll also provide pizza, snacks (and beer!) and a venue locally in our Portland, OR offices. Virtually we’ll provide an IRC channel, IM and rewards (t-shirts, patches, stickers, badges, and books) for people who triage tickets and get involved. We’ll also offer Amazon Gift Cards to our top 3 participants! You can register for the event here: http://triagepuppet.eventbrite.com/?ref=ebtn. We hope you'll be interested in attending and helping us make Puppet better. Thanks James -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] hiera-puppet in template
On Tue, Jan 10, 2012 at 08:56, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 10, 2012 at 8:53 AM, Markus Falb markus.f...@fasel.at wrote: hiera is working in my manifest but not within a template. x=%= scope.function_hiera(x) % err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template bla/blubb.conf.erb: undefined method `function_hiera' ... Is it supposed to used in a template and how? You may need to explicitly load the function: Try adding the following Ruby code to your template: Puppet::Parser::Functions.function(:hiera) That shouldn't be the problem in 2.7.4 or later, so if you are running that version and see the same issue please file a bug report about this. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scaling projections for dashboard database?
On Mon, Jan 9, 2012 at 14:47, Jo Rhett jrh...@netconsonance.com wrote: On Jan 9, 2012, at 2:16 PM, Stefan Heijmans wrote: Op maandag 9 januari 2012 19:40:00 UTC+1 schreef Jo het volgende: 2. Are there some database cleanup scripts which I have managed to overlook that need to be run? have you tried this? Cleaning old reports http://docs.puppetlabs.com/dashboard/manual/1.2/maintaining.html perhaps also give the 'optimize the database' as try. Yeah I saw these. We had a whopping 3 days of collected reports. I think we want a bit more than that available for browsing ;-) I was wondering if there was some hourly cleanup or something which needed to be done? Is there any reasonable estimate for what amount of space you expect one system to use? I realize this likely varies with the report size, but the rate of growth seems high enough that I'm surprised it wasn't mentioned in the installation docs. I mean, it's grown half a gigabyte in the last 6 hours. With that kind of growth rate, you'd expect a warning to provide enough space for it and how to estimate your needs. That growth rate seems ... excessive. Ultimately, the size of the stored data is pretty directly related to the size of your YAML reports; can you capture one of those and see how big it is on disk? Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard: db:migrate failure (1.2.2 to 1.2.4)
On Tue, Jan 3, 2012 at 18:31, Russell Van Tassell russel...@gmail.com wrote: On Tue, Jan 3, 2012 at 4:30 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Tue, Jan 3, 2012 at 16:01, Russell Van Tassell russel...@gmail.com wrote: For completeness sake, the subsequent error (with trace) is thus... I think at this point, I'm likely stuck -- at least short of wiping the DB and starting over, fresh (which I'd prefer to not do). Both of those look like MySQL level errors - not specifically about this database; the first should be resolvable by rebuilding the table to reduce the number of locks required, according to the MySQL people. ...I just bumped the innodb_buffer_pool_size as recommended by an old bug. That seemed to make that go away... 8M is a little silly, anyway... Great. :) Okay... looks like I'm in an iterative process, now... this has allowed me to get past the reports table.. Mysql::Error: The table '#sql-5675_a' is full: ALTER TABLE resource_statuses ADD CONSTRAINT fk_resource_statuses_report_id FOREIGN KEY (report_id) REFERENCES reports(id) ON DELETE CASCADE; That error is documented here: http://dev.mysql.com/doc/refman/5.0/en/full-table.html According to that, either your disk is full, or you have hit the OS dictated size limit for the file storing that data. (Unless you are running it on FAT32 or something, presumably the former. :) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External nodes in different dirs.
On Sat, Dec 31, 2011 at 00:01, Douglas Garstang doug.garst...@gmail.com wrote: On Fri, Dec 30, 2011 at 1:58 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Well isn't that handy! Yeah that's great except that these YAML files are littered with Ruby objects which makes them pretty much impossible to reach with any other programming langauge, like python. Other than the object tags, and the Ruby symbol tags, none of the content is difficult to represent in another language. We generally advise you disable the object mapping part of the YAML parser, and things should more or less just work™. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet symlink
On Fri, Dec 30, 2011 at 08:32, Len Rugen lenru...@gmail.com wrote: We have a case where we've been requested to create an extra symlink. The system provides libsomething.so.0.vv.rr and a symlink of libsomething.so.0. We need create a symlink libsomething.so (without the .0). I'm afraid maintenance may change the base file and break the puppeted symlink. Can we do something like subscribe to the RPM provided libsomething.so.0 link, then fire an script to find it's new target and recreate our symlink? Yes. Have the `package` resource notify an `exec` resource, or the `exec` subscribe to the `package`. Mark the `exec` resource `refreshonly = true`, and it will only run when notified. Then, have that run the script to find the target and make the symlink appropriately. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Changing of the guard: Puppet Labs Open Source team changes...
G'day. A little over six months ago Jacob Helwig posted about the formation of the Puppet Labs open source team, focused on the needs of the community and on making the FOSS version of Puppet completely awesome. Since then he has led that team to great success, and significantly improved our process and generally done an awesome job of working with the community to lead FOSS Puppet forwards. Sadly, he has also recently moved on from the company to spend more time perfecting his serve in the most dangerous game[1], or something like that. Gone, anyhow, from the role. I will now be working hard to fill those boots, and keep things as awesome as they were during his reign. The one other administrivia part of this is that we all thought hard about the name of the team - because, while the Open Source team is true, it doesn't really cover the goals of the team as well as it could. Instead, the Puppet Platform team is the name we will be carrying forward. The specific goal of the team is to make Puppet as awesome as possible for users of our free software; the same things that were previously done are going to carry forward because they are important parts of achieving that. If you have any questions, concerns, or death threats, feel free to send them to me privately, or right out here in public. Daniel [1] I think that is what he said he was doing now: http://smbc.myshopify.com/collections/frontpage/products/the-most-dangerous-game-an-smbc-collection-book-2 -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard: db:migrate failure (1.2.2 to 1.2.4)
On Tue, Jan 3, 2012 at 14:52, Russell Van Tassell russel...@gmail.com wrote: An error I managed to hit today, trying to migrate puppet dashboard from 1.2.2 to 1.2.4 (after upgrading the master to puppet 2.7.9 seemed to prevent the dashboard from importing new reports). I'm trying to re-run it now, but as you might guess, the DB is pretty huge and the process takes a while to execute. Mysql::Error: The total number of locks exceeds the lock table size: ALTER TABLE resource_events ADD CONSTRAINT fk_resource_events_resource_status_id FOREIGN KEY (resource_status_id) REFERENCES resource_statuses(id) ON DELETE CASCADE; Wow. I don't think I have seen a total number of locks too big error before. You need to tune MySQL to have a bigger lock table size for this to work. On the plus side, once you do that, run the migration thing again and it should pick up from where it left off. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard: db:migrate failure (1.2.2 to 1.2.4)
On Tue, Jan 3, 2012 at 16:01, Russell Van Tassell russel...@gmail.com wrote: For completeness sake, the subsequent error (with trace) is thus... I think at this point, I'm likely stuck -- at least short of wiping the DB and starting over, fresh (which I'd prefer to not do). Both of those look like MySQL level errors - not specifically about this database; the first should be resolvable by rebuilding the table to reduce the number of locks required, according to the MySQL people. For the second, you might need to drop the foreign key constraints by hand, because table changes are not transactional in MySQL. :( I keep forgetting that, being used to a competent ^W fully transactional DBMS. You should be able to hand-write the appropriate delete constraint SQL, though, if you want. It isn't that hard. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Might someone out there repair some busted links ?
On Thu, Dec 29, 2011 at 11:14, Dan White y...@comcast.net wrote: Lots of the links on this page: http://projects.puppetlabs.com/projects/1/wiki/Patterns are busted. one specific example: http://projects.puppetlabs.com/trac/puppet/wiki/Recipes/Tripwire The page you were trying to access doesn't exist or has been removed. Would it be possible to either fix them or remove them ? I have asked the folks who maintain our web stuff to look into that; thanks for letting us know. :) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] user provider for AIX run error
Hi. Can you file this as a bug at http://projects.puppetlabs.com/projects/puppet/issues/new please? Daniel On Thu, Dec 29, 2011 at 06:48, Alpha huhon...@gmail.com wrote: run “puppet resource user” got the error blew, I tested at AIX 5.3 and AIX 6.1 ruby 1.8.7 puppet 2.7.9 /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/provider/aixobject.rb:291:in `instances': undefined method `list_all' for Puppet::Type::Group::ProviderAix:Class (NoMethodError) from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/type.rb:880:in `instances' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/type.rb:873:in `collect' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/type.rb:873:in `instances' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/indirector/resource/ral.rb:14:in `search' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/indirector/indirection.rb:249:in `search' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application/resource.rb:234:in `find_or_save_resources' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application/resource.rb:144:in `main' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:314:in `run_command' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:306:in `run' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:410:in `hook' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:306:in `run' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:401:in `exit_on_fail' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/application.rb:306:in `run' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/lib/puppet/util/command_line.rb:69:in `execute' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.7.9/bin/puppet:4 from /usr/local/bin/puppet:18:in `load' from /usr/local/bin/puppet:18 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can Puppet be configured to one-time deployment for modules?
On Tue, Dec 20, 2011 at 08:49, Swampcritter mawors...@gmail.com wrote: We are developing in-house RHEL VM provisioning (similar to Satellite/ Spacewalk) along with a customized kickstart template, but also including Puppet to handle the actual configuration of the environment. One thing we need to see is does Puppet have a variable that will deploy one module only once and not check against it just in case the configuration file it has created has been altered or not and try to revert back. [...] Anyone know if module exclusion is possible for a deploy once, don't touch again scenario? Not as stated, but the problem can be solved several ways: 1. You can use `puppet apply` This will happily apply any modules you want, stand-alone, without doing anything long term. 2. You can just run Puppet master/agent when you want to enforce, which you can only do one if you want. I don't know there is anything more to say, but as a hint, putting `noop = true` in the configuration file helps make it hard to mess this up. 3. You can use environments, which select the set of code applied to a machine. Put your do once stuff in a do once environment, and manually run Puppet in that environment when you want it to do things. 4. Use a separate Puppet master. This is like the environments, but harder to accidentally mess up, because you have two separate masters with separate content. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dependencies across different nodes - possible?
On Thu, Dec 15, 2011 at 07:22, Malte Janduda malte.jand...@googlemail.com wrote: is there a possibility to define dependencies across multiple nodes? Not at this point in time, no, although Luke had a prototype of a stop and wait resource ages ago that handled this. We have it on our roadmap, but the problem is surprisingly complicated once you scratch the surface, so we can't make any promises about timeline or anything. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet with Ruby1.9 issue
On Thu, Dec 15, 2011 at 02:33, linuxbsdfreak linuxbsdfr...@gmail.com wrote: Hey there. I have a running puppetmaster with nginx and passenger and ruby 1.9.2. I see something odd here - 1.9.2 in the line above, and ... When i do puppet cert --trace --list . i get the following error. /usr/lib64/ruby/gems/1.9.1/gems/puppet-2.7.9/lib/puppet/application/ cert.rb:43:in `block (2 levels) in class:Cert' ... 1.9.1 here. Which we don't actually support. My guess is you are running with 1.9.1 accidentally, and that is breaking. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Puppet integration with SecretServer (Thycotic)
On Mon, Dec 12, 2011 at 18:47, Steve Shipway s.ship...@auckland.ac.nz wrote:
G'day Steve.
I've done some more development on my Puppet module that handles password
integration with Secret Server from Thycotic, and now it handles
certificates as well.
That is pretty darn awesome - lots of people out there want some sort
of solution to this, and when I looked the Thycotic solution seemed
pretty solid. Does this work with the hosted service as well as the
in-house service?
(Not that I can imagine ever using the hosted service, but it might
make sense in some folks threat models. ;)
This allows you to have a 'password' define that ensures the password is
stored in SecretServer, and changes it on a regular basis:
password { 'root': maxage=60; }
password { 'oracle': }
Also now you can manage certificates, and it will install and update them:
ssl::cert { $fqdn: }
ssl::cert { 'foo.company.com': key='/usr/local/ssl/foo.key',
crt='/usr/local/ssl/foo.crt'; }
The module will retrieve the certificate and key from SecretServer, then
optionally restart Apache after installing them. You can override this
behaviour, or specify a different location for the files than the default of
/etc/httpd/conf.
It can also work from files instead of secretserver if necessary.
That looks pretty reasonable, but there are a couple of points that I
wondered at - and so, I wanted to take a look at the code and help
this be absolutely awesome!
If anyone would like a copy, let me know.
Do you have the code in GitHub or somewhere like that, where I can have a look?
Is this the best email address to send any suggestions about improvements?
Would you accept pull requests or whatever?
Again, this looks absolutely awesome, and I would love to make it
something that everyone wanted to use.
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] time issue with puppet
On Wed, Dec 14, 2011 at 16:00, Corey Osman co...@logicminds.biz wrote: I have the following manifest that basically syncs the time for nodes really out of sync and ntpd can't drift the time back fast enough. The problem is that when puppet executes the catalog, and puppet changes the time, puppet never finishes because it can't calculate the run time since puppet changed the time during the puppet run. Is this a bug? Should I do something different? Wow. Personally, I used custom logic from cron, and at boot, so that having Puppet broken because SSL is time sensitive and can have ... headaches if it is too far out of sync, but there is no theoretical reason that can't work. You might want to consider using an exec with an `unless` or `onlyif` clause so that the check and sync are both local to the client instead of using a fact that requires the server to sign-off. That means that the default of using the cached catalog on failure will fix time sync that breaks SSL. Fundamentally, though, changing time like that should not break a Puppet run, full stop. We should cope, and carry on, regardless of what happens to the clock. (Reporting bogus timing data? Don't really mind that so much. :) So, yeah, please turn this into a bug report. We should totally fix that up some time. (haha) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is there a way to push/copy a file from client to master ?
On Tue, Dec 13, 2011 at 05:11, Dan White y...@comcast.net wrote: I am dealing with SSL certificates for secure rsyslog that need to be created on each machine and then collected onto the logging server. Getting a file from puppetmaster to client is trivial, but how do I reverse the process ? Use a custom fact to contain the content, or use something out-of-band. Generally, Puppet expects a push out model and doesn't have a generate content on the client, pull it back to the master model built in. Can you reverse that, generate the certificates on the master, and push them out? There are plenty of tools to hook in on the master side to let you do that effectively. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: explicit class dependencies
On Tue, Dec 13, 2011 at 04:29, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 12/08/2011 04:44 PM, jcbollinger wrote: I would suggest, however, that you consider filing issue tickets against the documentation for some or all of your complaints. The sqeaky wheel gets the grease, and formal issue tickets squeak far louder than complaints in this forum. +1 We love tickets. They mean we actually pay attention, and that we can't forget. ;) Better yet, fork the puppetdoc github repo and fix any obvious issues yourself, and if uncertain, ask via issue tracker what the correct wording/description should be. I've found that the puppetlabs team likes pull requests ;-) Totally. You are absolutely encouraged to fix things up. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: how to link items together -- all happen together?
On Fri, Dec 9, 2011 at 22:20, Jo Rhett jrh...@netconsonance.com wrote: On Dec 8, 1:07 pm, Jo Rhett jrh...@netconsonance.com wrote: I've found some problems due to the extremely random ordering puppet does. It is necessary for some of these items to all happen together, with no other random resources executed in between. On Dec 8, 2011, at 1:55 PM, jcbollinger wrote: That's rather unusual. I'll discuss in a minute how you might address this requirement, but are you sure you really need to do so? Would you care to satisfy my curiosity as to why? Are you also going to have a problem if some other process (that is, not the Puppet agent) does any work between? I'm not worried about normal multitasking. I'm just seeing problems where puppet does step 1 (which causes a small but acceptable outage with a service) then steps aside and does dozens of other operations from other modules, like package security checks, log handling, etc. Then it comes back to finish the changes to the service. What should have been a minute outage (5-10 seconds when they occur in order) to happen with 12-15 minutes in between. So, I want to be clear up front: this is the absolute opposite of a promise. I want to understand what people expect here, and there is *nothing* resembling a hint that we are changing the model of Puppet. So, Jo, if we wanted to solve this, would it work for you if we strongly prefer to process resources in the same class at the same time, rather than separating them over time? Would you need that to work between multiple classes? How would you like that to be specified, or just do it in the general case? Would it work for you if we treated the relationship arrow as something that tried to bind as close as possible? Is there a situation where that wouldn't work? Other folks, what do you think, in your environments? Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet 2.7.9 not working at CentOS 6 with Passenger
G'day. I can't be sure this is your problem, but one difference between the 2.6 series and the 2.7 series is that we changed the master/agent interaction to use POST rather than GET for facts. Specifically, we changed that because once you get too many bytes of facts we would get a message that looks very, very much like that one out of the web server - which rejected the long GET request line. The limit varies by server, too, which is a pain - and because this happens before Puppet got hold of the content we couldn't do much more about it. You might want to try upgrading to the 2.7 series and see if that improves the situation for you. Daniel On Mon, Dec 12, 2011 at 13:27, Ganesh Sharma worldiswelc...@gmail.com wrote: Just to re-iterate, it's working fine when I run puppetmaster from the /etc/init.d/puppetmaster. On Dec 13, 2:24 am, Ganesh Sharma worldiswelc...@gmail.com wrote: Hi In puppet 2.6.9, I'm trying to run it with passenger. Details are as below: 1. Puppet: 2.6.9 2. Rack: 1.2.2 3. Passenger: 3.0.7 4. OS: CentOS 6 Error encountered at client: - err: Could not retrieve catalog; skipping run err: Could not retrieve catalog from remote server: excessive message size - I've followed:https://github.com/puppetlabs/puppet/tree/master/ext/rackhttp://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger Can someone help me move in right direction? --- Thanks Ganesh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, Dec 8, 2011 at 10:36, Luke lutay...@gmail.com wrote: I am having difficulty choosing between CFengine, Chef and puppet. Which one would suit us the best as a small web app startup with heavy reliance on mysql/tomcat/nagios.We are entirely virtualized with ESX, want to be scalable and want a product that would work well in the cloud if we ended up making the transition. I mean would we fit into the typical user base of puppet as opposed to those of CFengine/Chef. Would you fit into the typical user base of Puppet, CFEngine, or Chef? Yes - for all of them. None of those products are inappropriate at your scale, or for the purposes you have named. Can you tell me what features of Puppet out do those in CFengine/Puppet? If you are looking for the one killer feature you probably have the wrong approach to the problem: what you are describing as your problem space is a pretty simple deployment scenario, and any of the three tools should do a fine job managing it. Unless there is some unique point in your environment, or in your needs, that you can articulate then you can't find a single feature check-box to let you decide between the three. Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
On Thu, Dec 8, 2011 at 12:59, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. On that front, CFEngine or Puppet are probably nicer than Chef, since they have a less demanding new language to learn. OTOH, if you want to pick up Ruby skills Chef will force you to deal with that more directly. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? The server is between 80 and 100MB for each concurrent compiler instance; you can work out the system load based on the degree of concurrency you want. (eg: 24 agents, each checking in once a day, you need one concurrent instance, and ~ 100MB. It scales from there the obvious, and linear, way.) I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. That is a very, very hard question to answer, because it depends on your team. Would you get started quicker with something that gave you very few tools, or lots of them? With a simple language, or a full blown programming language? With a declarative, procedural, or dependency-driven input language? With high or low levels of abstraction? I would certainly say that community, published books, and Internet posts talking about the tool significantly influence the ease of getting started. Everyone gets stuck, and being able to get answers makes a huge difference there. If you have a local expert, whatever they know is totally the best choice - you get much higher bandwidth on answers, and can learn from the mistakes someone else made. ;) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is puppet right for us?
I would totally recommend Puppet Commander in place of that, if you have the time to get it running: http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander It uses mcollective and is pretty much awesome. Daniel On Thu, Dec 8, 2011 at 21:22, Brian Gallew g...@gallew.org wrote: Let me emphasize the beauty of running Puppet out of cron. Not only do you not end up with resource leaks (or just simple consumption when you don't need it), but you also get much more reliable load on your puppet masters. Further, if you are wiling to make a trivial effort to write a site-specific fqdn_rand() work-alike function, you can even arrange to be sure that updates roll across related servers in a reliable way. On Thu, Dec 8, 2011 at 6:08 PM, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I've found Puppet to be unreliable running as a daemon - I suspect due to older versions of ruby floating around. So I switched to running it from cron, and it works a lot better. Memory usage doesn't seem to be an issue, and the agent only runs for a few seconds. Use Puppet Dasboard (or something like it) and/or use Nagios to make sure those cron jobs run. I use both. The main thing is to have Puppet managing itself and the cron job. I have ours set up to run the cron job twice an hour, using the concatenated IP address modulo 30 and modulo 30 + 30 as the times (to keep the clients from hammering the Puppetmaster all at once). Let me know if you go with Puppet and I'll show you how I did it. Part of the reason we chose Puppet was the quantity of documentation and working examples and the helpfulness of the community. I support (and implement) our Puppet environment here at my job. I would highly recommend Mr Turnbull's Pro Puppet book. It is VERY sysadmin focused and will save you a lot of time. The sections on environments, modules, and Dashboard were really helpful. Jeffrey Sent from my iPad On Dec 8, 2011, at 2:59 PM, Luke lutay...@gmail.com wrote: This tool will be used by primarily system admins to automate server builds app installs, configurations etc. The devs will use it in their own environment to help automate some of their tasks. I don't think we have too much Ruby expertise since we are mostly a Java shop. In terms of performance I have read that CFengine uses much less memory and can be faster than puppet. Can anyone comment on the agent and server memory usage? I have read that the puppet agent can use 85mb and the server upwards to 1GB after 20-30agents. Is that accurate? I guess which tool would you consider to be the quickest, easy to implement etc? From what I am seeing the community here seems to be much more active than the others. I have yet to get a response on the other forums. On Dec 8, 4:39 pm, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: I should also add that a very important consideration is to take in mind _who_ will be working with this. Are they developers, sysadmins, QA? Will the people working on it be spending a lot of time with Puppet/Chef/CFengine, or just a little? Are you planning on writing a bunch of custom modules, or relying on the community? What languages does your team work on primarily? For example, folks that work with Ruby a lot would probably do better with Puppet and Chef. As a sysadmin, I often see developers get distracted by arguments about what's best or the most technically advanced. Often they forget that in the end the real answer is often which tool gets the job done the quickest, with the least amount of labor, and is the most supportable. Jeffrey. On Thu, Dec 8, 2011 at 12:44 PM, Daniel Pittman dan...@puppetlabs.comwrote: Instead, I suggest you focus on your ability to learn the concrete use of the tool, and on how effectively you can solve problems with them; doing a small trial of each - solve the same mid-sized problem three times, giving each a day or two - and see what you think works best for your company and culture. There is no silver bullet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send
Re: [Puppet Users] Is it possible to conditionally replace a file ?
On Tue, Nov 29, 2011 at 04:07, Martin Alfke tux...@gmail.com wrote: On 28.11.2011, at 19:18, Stefan Schulte wrote: [...] Thanks for responding. I agree, globally customizing the defaults is one way to go, but I am shooting for the second option. If you do not want the gobal defaults copied why are you using managehome = true? If you really have to go this awkward path you can create a conditional exec resoure that removes the dotfiles if they are equal to the skel files so puppet will copy the correct files again. (fileresources with replace = false) A second solution is to create a custom fact that tells you if puppet should manage the dotfiles and wrap your fileresources in an if-clause (fileresources with replace = true) -Stefan We have another usecase for conditional file replacement: if a developer would like to forbid any puppet changes on a certain file he creates a flagfile $name.nopuppet instead of normal file resource we use a parameterized define: This path is going to cause you nothing but pain. Instead of allowing conditional opt-out based on the machine, you should rather prefer to have the central authority own that - if the developer needs their machine to have a custom HTTP setup, don't try and manage it on that machine. Record that fact in your central configuration system. If you really need that control to be allowed on a per-user or per-machine basis, invest in an ENC and provide an interface to that which allows the developers to exclude their machine from this management. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Incorrect architecture fact value during catalog run
You can see results like this if you have the same fact in multiple places; one thing to check would be what `facter --puppet` returns, since that includes any facts that were sent to the client through pluginsync. Daniel On Fri, Nov 4, 2011 at 12:34, Adrien Thebo adr...@puppetlabs.com wrote: Okay, that's seriously weird. The only thing that comes to mind is that running facter on the command line is using one version of facter, and puppet's using another. Could you post the output of facter and puppet with the architecture, operatingsystem, and facterversion facts? On Thu, Nov 3, 2011 at 10:25 PM, Alexander Azarov alaz...@gmail.com wrote: On Thursday, November 3, 2011 8:27:01 PM UTC+4, Adrien Thebo wrote: Could you post the operatingsystem fact alongside the architecture fact for facter by itself, and then the facts as presented by puppet? r3:/var/log# facter | grep -e '\(operatingsys\|architec\)' architecture = amd64 operatingsystem = Debian operatingsystemrelease = 6.0.3 r3:/var/log# puppet agent --test notice: operatingsystem='Debian' architecture='x86_64' notice: /Stage[main]/Nginx/Notify[operatingsystem='Debian' architecture='x86_64']/message: defined 'message' as 'operatingsystem='Debian' architecture='x86_64'' On Mon, Oct 31, 2011 at 11:33 AM, Alexander Azarov ala...@gmail.com wrote: The simplest default, that is WEBrick I guess. On Monday, October 31, 2011 10:28:12 PM UTC+4, Adrien Thebo wrote: Just as a curiosity, what web server are you using for your puppet master? On Mon, Oct 31, 2011 at 10:55 AM, Alexander Azarov ala...@gmail.com wrote: This is Debian 6.0.3 On Monday, October 31, 2011 8:43:50 PM UTC+4, Adrien Thebo wrote: What operating system is this? I'm looking at the documentation for the architecture fact, and theres this: # Resolution: # On OpenBSD, Linux and Debian's kfreebsd, use the hardwaremodel fact. # Gentoo and Debian call x86_86 amd64. # Gentoo also calls i386 x86. On Mon, Oct 31, 2011 at 9:25 AM, Alexander Azarov ala...@gmail.com wrote: Hi all, Can you help me diagnose a problem please? I have Facter 1.6.2 and Puppet 2.7.6 installed and what happens is that I rely on architecture fact in my manifests and this fact looks correct when I run Facter and it is set to incorrect value during catalog run: r4:/var/log# facter -p | grep architecture architecture = amd64 r4:/var/log# puppet facts find r4.osinka.int ,architecture:amd64,... r4:/var/log# puppet agent --test --noop info: Retrieving plugin info: Loading facts in ec2_facts info: Loading facts in ec2_facts info: Caching catalog for r4.osinka.int info: Applying configuration version '1320071507' notice: /Stage[main]/Nginx/Notify[Architecture x86_64]/message: current_value absent, should be Architecture x86_64 (noop) Any ideas? Where to dig? Regards, Alexander Azarov -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cUN13TbZXaMJ. To post to this group, send email to pup...@googlegroups.com. To unsubscribe from this group, send email to puppe...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Y16JfpyutBUJ. To post to this group, send email to pupp...@googlegroups.com. To unsubscribe from this group, send email to puppet-...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/p4LKkKnYaJcJ. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/dXELg-ThY_AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to
Re: [Puppet Users] Important Security Announcement: AltNames Vulnerability [new version of puppet]
On Tue, Oct 25, 2011 at 07:07, Doug Warner d...@warner.fm wrote: On 10/24/2011 04:02 PM, Michael Stahnke wrote: We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Puppet-managed node within the same infrastructure. All Puppet Enterprise deployments are vulnerable, and Puppet open source deployments may be, depending upon their site configuration. As far as my understanding goes, I *should* be affected by this CVE, but don't appear to be. I'm: * running puppet 0.25.5 (nginx/mongrel) * I use certdnsnames to specify alternative names in my [puppetmaster] section of my puppet.conf * all my nodes connect to one of the alternative names in their [puppet] section's server line I only write the [puppetmaster] section in the puppet.conf file on my puppet master server; are the subjectAltNames only added to the certificate request if the config is present on the client nodes? Before the patch the subjectAltName field was never added to the certificate *request*; we added it on the master, based on the `certdnsnames` setting in the configuration file there. After the change the names will be added to the CSR. So, you need to check the actual signed certificates to find out if you are vulnerable or not. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problems with exported resources after upgrade to 2.7.5
On Thu, Oct 6, 2011 at 16:01, Nigel Kersten ni...@puppetlabs.com wrote: On Thu, Oct 6, 2011 at 11:50 AM, Rob Walsh rob.wa...@gmail.com wrote: This is definitely busted for me too. I think it's just broken when custom defines are exported, as exported classes seem to be working OK (witness nagios::service for example). Any word on a fix? Anecdotes have piled up to become data, and we're looking at it now. It would be helpful if folks hit by this could let me know: * what DBMS are you using? * what version of ActiveRecord is in use? Also, if possible, a query that tries to collect something that is being missed would be useful. That should be selecting from resources where type = 'File' and a few other criteria. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Being able to exclude resources from reporting.
So, my essential point is that if that file did change – and it genuinely did – we should report that back, and provide better tools to filter it on the server side. The advantage of filtering on the client rather than the server is minimal, given we compress the data transmitted, so you are talking about a few bytes of network traffic, total. Would you be equally satisfied if we allowed you to annotate that the resource was expected to change every time, and then alerted you only if it *didn't* change on a given run? (...or just never displayed that change to you?) Daniel On Tue, Oct 4, 2011 at 23:28, Matthew Black mjbl...@gmail.com wrote: I could see a use case for it. When generating the facts.yaml for use with mcollective, the reports are showing always at 1 change because of that even if I set the log level to debug. That file will always change every run because the information stored in facter is changes with each run. I can't think of another use case but I'm sure there might be others. On Oct 4, 2011, at 1:30 PM, Daniel Pittman wrote: On Tue, Oct 4, 2011 at 10:16, Nigel Kersten ni...@puppetlabs.com wrote: As per: https://projects.puppetlabs.com/issues/7555 it looks like we've got some use cases around excluding some resources from being reported on to reduce noise. This feels like solving the problem on the wrong side to me. Should we implement a metaparameter like this? Do the use cases justify breaking the consistency of the model (report on everything) ? This is worse than that: it bakes in the assumption that the reports are *not* a graph, or that we can just discard structural elements in that graph, by allowing us to ditch what would otherwise be a vertex. One of the proposed enhancements to the report - which I think is hugely valuable - is that we return the augmented graph from the client side, where things like file recursion, or autorequires, can change the catalog we sent down. Excluding something from that may be a huge structural change, and it is certainly going to make correlation between that graph and the original catalog extremely difficult to discover. So, no, I do not believe we should support this. Better, I think, to support that feature in our reporting tools, or make it easier for people to build that in their tools. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Being able to exclude resources from reporting.
On Tue, Oct 4, 2011 at 10:16, Nigel Kersten ni...@puppetlabs.com wrote: As per: https://projects.puppetlabs.com/issues/7555 it looks like we've got some use cases around excluding some resources from being reported on to reduce noise. This feels like solving the problem on the wrong side to me. Should we implement a metaparameter like this? Do the use cases justify breaking the consistency of the model (report on everything) ? This is worse than that: it bakes in the assumption that the reports are *not* a graph, or that we can just discard structural elements in that graph, by allowing us to ditch what would otherwise be a vertex. One of the proposed enhancements to the report - which I think is hugely valuable - is that we return the augmented graph from the client side, where things like file recursion, or autorequires, can change the catalog we sent down. Excluding something from that may be a huge structural change, and it is certainly going to make correlation between that graph and the original catalog extremely difficult to discover. So, no, I do not believe we should support this. Better, I think, to support that feature in our reporting tools, or make it easier for people to build that in their tools. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat::Fragment collection broken in 2.7.5
That looks like a custom type that isn't being loaded on the client,
rather than a StoreConfig error to me. The effect of the PostgreSQL
bug should only have been to miss resources when collecting, not to
generate a catalog that didn't do the right thing.
Daniel
On Tue, Oct 4, 2011 at 15:32, Nigel Kersten ni...@puppetlabs.com wrote:
Are you exporting resources with a postgresql backend Bruno?
On Tue, Oct 4, 2011 at 2:36 PM, Bruno Leon nonolem...@gmail.com wrote:
I don't if anybody is using the concat modules from ripienaar,
but since an upgrade to 2.7.5 I keep getting an error on fragment
collection.
The code is like below:
@@concat::fragment{ ${name} :
target = /etc/bind/named.conf.keys,
content = template(dns/named.conf.keys.erb),
order = 10,
tag = 'dnskey'
}
Concat::Fragment | tag == 'dnskey' |
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find type Concat::Fragment on node
Is anybody facing the same kind of issue ?
--
Bruno
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Nigel Kersten
Product Manager, Puppet Labs
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat::Fragment collection broken in 2.7.5
On Tue, Oct 4, 2011 at 16:55, Bruno Leon nonolem...@gmail.com wrote: This is not a custom type, but a define. I guess you know it already but it is here https://github.com/ripienaar/puppet-concat/manifest/fragment.pp The declaration of concat::fragment works fine, only the collection breaks, which means the define is available to puppet. To be more generic it seems to me that the collection of an exported define does not work properly in 2.7.5 ( did not test other case though). Hrm. I have a suspicion about this; is Nigel right? Do you have PostgreSQL for StoreConfigs? If so, can you turn on query logging (in the database, most easily), and check if we are searching for a resource with type `Concat::fragment`, but storing with type `Concat::Fragment`? Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Sudden failure with storeconfigs in 2.7.4
On Sat, Oct 1, 2011 at 08:29, Nigel Kersten ni...@puppetlabs.com wrote: On Fri, Sep 30, 2011 at 9:31 AM, Ashley Penney apen...@gmail.com wrote: I export a @@host for each box (for horrible reasons) and do various things with that including building a /etc/hosts on each server. Sometime today after upgrading to 2.7.4 I realized that all my exported entries are failing and are being stripped from the /etc/hosts which is causing me significant issues. Has anyone else seen any kind of problems with storeconfigs? I'm going to put together a bug report for it but I thought I'd see if anyone else had seen anything weird since the release. Are you using postgres ? I saw some chatter that there was a postgres bug we introduced I think? That sounds exactly like the PostgreSQL bug, which was missed because of case insensitivity in comparisons for other DBMS'. The attached patch should fix that, but the 2.7.5 security release should also contain it. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. 0001-9832-2.7.4-StoreConfigs-regression-with-PostgreSQL.patch Description: Binary data
Re: [Puppet Users] SU on client servers
On Tue, Sep 27, 2011 at 10:55, Damien Bridges damien3...@gmail.com wrote: G'day Damien. How do you configure puppet nodes on the puppet master to allow SUing to root? I want to be able to ssh as a regular user then SU to root on client puppet servers. How do you configure the puppetmaster for this? I can't quite tell what you mean: Do you mean, how do I let regular users who ssh in to my systems su to root, so that Joe can become root to manage the system? (...and, then, how do you get Puppet to configure that for you on those machines.) Alternately, are you asking about how to get Puppet to connect via ssh and use su? I assume the former, and the answer is distribution specific: you need to tell us what OS you are using for us to be any help. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Increment variable each time a definition is called.
On Tue, Sep 27, 2011 at 15:20, Dan Bode d...@puppetlabs.com wrote:
I can think of something really hacky that I don't recommend for production,
it could be ok for debugging purposes.
Yeah, this is *totally* not a sane thing to do. Really not sane.
Find a better way to solve your problem.
That said, you can also use defined types recursively in Puppet:
define foo() {
if ($name == 0) {
notice(done)
}
else
{
notice(bar is $name)
$bar = $name - 1
foo { $bar: }
}
}
foo { 4: }
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
