You can't do exactly what you have below, but there is similar
functionality built into the module architecture. See:
https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html#example
So your .pp file would be named
modules/configuration/manifests/git.pp
And the module na
This is expected behaviour. SSL certificate fingerprints are just the
cryptographic hash of the entire cert, including the signing info if
present.The hash of an unsigned cert is necessarily different than
the hash of a signed cert, because they contain different information.
On 2/20/201
I can't see how this would work at all, given that templates are filled
out by the Puppet master and sent to the client. Even if you used "pure
Ruby" inside the ERB to process another ERB file, the Puppet master
would have no way to know that it's supposed to pick up that other file
and includ
Did you install the deep_merge gem when using the deeper merge option?
The gem is required when using deep or deeper merging.
On 2016-06-03 02:38 PM, Leonard Smith wrote:
I've been trying to track down a problem with hiera_hash not merging.
puppet-3.8.6-1.el7
hiera-1.3.4-1.el7
## hiera.yaml
You can write custom functions[1], but I don't think they can return a
hash -- only a single value. This functionality is designed for things
like calculating password hashes, etc, not generalized data lookup.
This is probably also completely the wrong approach, in the Puppet
model, if your g
I suspect your hiera install is confused because you have both the
puppet-agent and hiera packages installed. Hiera now ships as part of
the puppet-agent package and gets installed as
/opt/puppetlabs/bin/hiera; there is no separate hiera package. Hiera
1.3.4 is also quite old -- on a box with
d -- the keys I'm querying for are defined, at a
minimum, in
/etc/puppetlabs/code/environments/production/hieradata/common.yaml.
On Monday, June 13, 2016 at 12:06:56 PM UTC-4, Peter Kristolaitis
wrote:
I suspect your hiera install is confused because you have both
Assuming you're trying to solve the problem I think you're trying to
solve (i.e. to have Apache with the correct process model installed
before any additional modules), it's important to note that reordering
the array doesn't guarantee that. The order in which Puppet applies
resources is non-d
On 2016-06-20 01:16 PM, Helmut Schneider wrote:
Peter Kristolaitis wrote:
How can I ensure that mpm_* is always the first element in the
array?
Assuming you're trying to solve the problem I think you're trying to
solve (i.e. to have Apache with the correct process model installed
It's important to keep in mind that Hiera is "just data". You still
need to actually create the resources somehow in your manifest based on
that data.
Thus, creating a data element called "classes" in Hiera isn't enough to
actually get those classes applied to the node. You need to add
hier
see the text message !
On 27 June 2016 at 13:14, Peter Kristolaitis wrote:
It's important to keep in mind that Hiera is "just data". You still need to
actually create the resources somehow in your manifest based on that data.
Thus, creating a data element called "classe
On 2016-06-27 11:54 AM, Pearl Raj wrote:
Hi, While setting up persistant load balancer configuration in linux
virtul server, I ended up with following two templates.
On the load balancer: In lvs/manifests/ifcfg-lo_lb.erb
DEVICE=eth1:lb
IPADDR=
NETMASK=255.255.255.0
ONBOOT=yes
NM_CONTROLLED=no
First of all, I will say that this is probably a sledgehammer approach
to accomplishing your goal. Many modern platforms have, in their
default /etc/profile, support for /etc/profile.d/ that works like a
run-parts for building the environment. The Puppet Agent package
installs its own $PATH e
We're in the midst of upgrading from Puppet 3.8 to the latest PC1
release, and I've found what seems to be inconsistent package behavior
with MCollective plugins.
Background: We have historically used 'mco puppet' and 'mco rpc puppet'
to orchestrate multi-node application deployments. We do
There is an attribute on the 'user' type called 'purge_ssh_keys'. If you
set it to 'true', Puppet will remove all SSH keys from
~/.ssh/authorized_keys if they are not explicitly managed by Puppet.
So if you have something like:
user { 'appadmin':
purge_ssh_keys: true,
}
ssh
This is probably a case of trying to use Hiera for stuff you shouldn't
be using it for. It's important to keep in mind that Hiera is not
really a replacement for manifest files -- or even better, modules that
follow a role & profile architecture. You can hack Hiera to do that,
but you're goin
with port 5601 as a parameter
within the ELK profile.
Or something similar. Or something different. But I think I got your
point :)
The good news is, I have very much work ahead of me so I don't mind to
start creating new modules, and re-doing the existing ones in this
philosophy.
Thanks; a
There is a package_name parameter in the Forge module. It's designed to
allow you to install e.g. MariaDB instead of MySQL, but it would work
fine for your use case as well.
On 2016-08-29 02:00 PM, Suresh Rajagopal wrote:
Hi Lowe,
My concern is with package name. MySQL package name differs
Serial numbers on SSL certificates are important, and your setup will
generate many duplicate serial numbers. Ergo, this is bad.
Related problem: Did you test revoking a client certificate? I suspect
not, because the above issue will bite you.
On 2016-09-12 12:48 AM, Ivan Arjune wrote:
Di
Since HKCU is contextualized to the current user, and the Puppet agent
generally runs as SYSTEM, this is almost guaranteed not to do what you
want if you can even get it to work. You will likely have to write
PowerShell that knows how to change context to another user to
accomplish useful thin
If you can't find a prebuilt module to do this, it would be super easy
for you to write your own. Report processors are pretty straight-forward.
If you started by copying the tagmail module, then ripped out the SMTP
bits and added in write-to-file bits, you'd have to write... probably
less th
You can create arrays of identical resources:
file { [ '/etc/motd',
'/etc/issue',
'/etc/issue.net',
]:
ensure => file,
owner=> 0,
group=> 0,
content => template('manage_banners/some_banner_text.erb'),
}
Under the hood, when the catalog is compiled, it
ks.
On 9/16/2016 3:25 PM, Peter Kristolaitis wrote:
You can create arrays of identical resources:
file { [ '/etc/motd',
'/etc/issue',
'/etc/issue.net',
]:
ensure => file,
owner=> 0,
group=> 0,
content => temp
You need to install the puppetserver package, not puppetmaster.
On 2016-10-14 10:08 AM, Ilia Ternovich wrote:
Hi,
Is there any way of installing puppetmaster 4 into Ubuntu 16.04?
I have read numerous articles in internet regarding
importing https://apt.puppetlabs.com/puppetlabs-release-pc1-x
Puppet 4 *only* uses the Java-based puppetserver. puppetmaster is was
deprecated and is not supported in the current version.
On 2016-10-18 01:18 PM, Ilia Ternovich wrote:
Servus,
Thank you very much for the answer. As I said originally -- I need
puppet*_master_* 4 (not puppet*_server_*).
There is no magic involved in roles and profiles -- they're just classes
that get assigned to nodes based on the node's definition.
Thus, if you want a default role assigned to the default node
definition... then assign that default role to the default node definition.
On 2016-10-18 01:58 P
Have you gone through the material in the Puppet Learning VM
(https://puppet.com/download-learning-vm)?
On 11/24/2016 2:53 PM, shakeel pasha wrote:
Can someone please provide lab manuals or lab scenarios to practise
puppet
That would be a great help
--
You received this message because you
Just use the builtin 'user' type.
On 12/13/2016 8:41 AM, Mariusz Gibki wrote:
How to check if user exist in windows OS.
If exist do nothing
if not exist add user
???
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this g
Puppet 4 brought with it some naming and versioning changes. The agent
package is now called "puppet-agent", and the latest version is 1.8.2.
The MSI packages are available at the link you provided, way down at the
bottom.
On 12/15/2016 7:49 AM, lzerw wrote:
Good Morning together,
we chan
We use something that's halfway between the second and third options.
We use standardized namespaces in Hiera that group together logical sets
of data (we use it mostly for distributed app configuration, but you
could easily apply this to system configuration), then we pull that into
our profi
Puppet 4 uses a Java-based server (puppetserver) that is
self-contained. The Ruby-based server (puppetmaster) is not supported
in the 4.x and later series.
On 2/3/2017 11:13 AM, gr...@techforsmbiz.com wrote:
Hey all
I am new to puppet and interested in installing puppet 4 for my
company.
A subscribed / notified resource will only trigger once. Puppet's basic
execution model only allows each resource to run once during a catalog
run, and you can think of notify/subscribe as a special case of using
'require' to determine execution order.
On 3/3/2017 12:14 PM, Joshua Schaeffer
You need to use 'require' instead of 'import'.
On 5/24/2017 11:57 AM, Harish Kothuri wrote:
Hi,
I have 3 classes and i need to execute class 3 only when class 1 and
class 2 completes. All of these classes must be attached to a host.
class1($version='1.1.1'){
.
.
.
}
class2($version
If you're trying to use data binding, then it would be:
ssh::server::subsystem::system: '/usr/libexec/sftp-server'
That does, however, have problems if you have multiple instantiations of
ssh::server::subsystem on a single node with different values, and you'd
need to define your own hierarchy
https://github.com/puppetlabs/puppetdb
On 2017-06-29 12:12 PM, Peter Krawetzky wrote:
I did a little searching on github but couldn't find it. Does anyone
know where the source code is for the PuppetDB server? I'm really
looking for the source code that contains the DML (insert, select,
upd
From this example:
package { 'foo':
ensure => '1.0.0',
}
package { 'foo':
ensure => '1.0.1',
}
package { 'foo':
ensure => 'latest',
}
Which one wins? Since resources can be evaluated and applied in any
order (barring dependencies), you could end up in a situation where a
package
On 04/09/2015 03:12 PM, Gabriel Filion wrote:
Puppet is really good at managing steady states. Why not have puppet manage
cron entries responsible for starting and stopping the daemon? A custom fact
could be used to return the current on/off state (accurate as of the last
puppet run, or cours
Based solely on the error message -- it's always helpful if you include
a snippet of your manifest to debug -- and assuming you're using the
elasticsearch-elasticsearch module from the Forge, I'd say that you
haven't provided one of "manage_repo => true" or "package_url => ..." in
your manifest
On 05/01/2015 12:31 PM, Tim Dunphy wrote:
That produces the following crons in my crontab:
# Puppet Name: chmod-files
* 0 * * * /bin/find /var/www -type f -exec chmod -v 664 {} \;
# Puppet Name: apache-chown
* 0 * * * /bin/chown -R apache:ftpgroup /var/www
# Puppet Name: chmod-directories
* 0
The option you're looking for is --show_diff
However, you should just use "puppet agent runonce --test" when testing
stuff; the --test flag sets all of the flags that you normally use for
debugging, including --no-daemonize, --verbose, and --show_diff (plus a
few others -- see the man page).
You're misunderstanding the nature of "server" and "client" in the
mcollective architecture. ;)
Every node you want to manage in the cluster is a server (i.e. has a
valid server.cfg and is running the daemon), and the node(s) that you
are issuing commands from is a client (i.e. has a valid cl
If all your batch script does is tweak some registry settings, I would
suggest ditching batch files entirely and use the puppetlabs-registry
module instead.
That said, it is likely that your script is not being executed at all
because you need to escape backslashes in paths, e.g.
c
One possible solution is to have your ENC do a discovery for the
slaves/masters and build the list dynamically. There are a few
possible ways that you could do that; the 2 approaches I would look at
first would be:
- Use 'mco find' to list all the currently-online nodes, or
- Examine the li
We solve this issue by doing (kind of ugly) stuff like this in our modules:
unless => 'if ( ! ( Get-Service mcollectived ) ) { exit 1 }',
If you don't like that syntax, you may be able to use the $? or
$LastExitCode variables that get set by PowerShell (I haven't tested
this, however). Both
eed
to use the hostname of the machine as a parameter for another command.
At the minute I'm using hard-coding which is obviously a cardinal sin.
On Thursday, 27 August 2015 15:27:04 UTC+1, Peter Kristolaitis wrote:
We solve this issue by doing (kind of ugly) stuff like thi
I don't use user/group/mode in any of my File resources on Windows
boxes. Definitely not a required parameter.
If you need to tweak permissions, you should be using the puppetlabs-acl
module instead.
- Peter
On 09/23/2015 02:43 PM, jmp242 wrote:
I cannot test this easily as it seems to onl
You have an extra octet in the regex.
That regex would match "10.0.167.xx.yyy". Take out the "0\." after the
"10\.".
On 11/23/2015 05:08 PM, sahara...@gmail.com wrote:
if $::ipaddress =~ /^10\.0\.167\.\d{1,2}\.\d{1,3}$/ {
include user::groups
include user::sysadmin
--
<% range = [*'0'..'9',*'A'..'Z',*'a'..'z'] -%>
<%= Array.new(7){range.sample}.join + "-" +
Array.new(3){range.sample}.join %>
The "<% range ... -%>" can be anywhere in your template as long as it's
before where you generate the random value. I usually put stuff like
that near the top of the
Just realized my code is slightly wrong for you since you wanted hex
values rather than alphanumeric string.
The first line should be:
<% range = [*'0'..'9',*'a'..'f'] -%>
On 11/25/2015 10:36 AM, Peter Kristolaitis wrote:
<% range = [*
'puppet cert list' only shows unsigned certs.
'puppet cert list --all' will show all certs.
On 1/7/2016 6:17 PM, Matt Zagrabelny wrote:
Greetings,
I am attempting to get a puppet 3.7 install off the ground. Please
don't ask me to upgrade to 4.X series. :)
On the puppet master (puppet-3-7.exa
On 1/7/2016 6:28 PM, Peter Kristolaitis wrote:
'puppet cert list' only shows unsigned certs.
'puppet cert list --all' will show all certs.
On 1/7/2016 6:17 PM, Matt Zagrabelny wrote:
Greetings,
I am attempting to get a puppet 3.7 install off the ground. Please
don'
Why not just use arrays for the parent attribute?
|project {'Z':
ensure=>present,
parent =>[ 'B', 'C' ],
inherit =>false,
}
|
On 01/12/2016 12:17 PM, Quaternaire wrote:
Hi,
I am creating a Module for Mantis Bug Tracker (an issue tracker,
https://www.mantisbt.org/), and I need to create ne
Puppet is not a monitoring tool, it's a configuration tool.
It can do some things that might, at first glance, look like monitoring
(i.e. check current system state), but this is only as a side effect of
that information being necessary to confirm that the configuration is
correct.
On 02/1
This is exactly what an ENC is for:
https://docs.puppetlabs.com/guides/external_nodes.html
On 3/2/2016 4:56 PM, Martin Rodriguez wrote:
Hi,
I'm new to puppet and a java developer.
I'm looking for a way to force the puppet server to connect to my java
app to get the configuration of a node ?
54 matches
Mail list logo