subject:"\[Puppet Users\] puppet client"

[Puppet Users] Puppet client is not applying changes

2019-09-26 Thread Dan Crisp

Hello all,

Been at this problem I have for nearly a week now and it's driving 
crazy!!!  I hope it's simply a case of someone with some fresh eyes taking 
a look and showing me the error of my ways.  

Before I continue with the Puppet deployment, for testing purposes, I just 
want to create a single user namely djc72uk on a single server.  The server 
hostname is lhcadvdeveye05 and you can see below that it has successfully 
generated a certificate:

# puppetserver ca list --all
Signed Certificates:
lhcadvdeveye05.x.com   (SHA256)  
F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D
puppet.xx.com   (SHA256)  
7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81
  
 alt names: ["DNS:puppet", "DNS:puppet.xx.com"]

I'm seeing the following output from the server when I run the agent:

# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.24 seconds

Looks all good here other than it's not applying the module I created 
namely accounts (see below within the puppet environment).

*Puppet Server Environment:*

# puppet config print confdir
/etc/puppetlabs/puppet

# ll /etc/puppetlabs/puppet
total 48
drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./
drwxr-xr-x. 1 root   root   4096 Sep 24 12:16 ../
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet  161 Sep 23 22:22 hiera.yaml
-rw-r--r--. 1 puppet puppet  697 Sep 25 22:34 puppet.conf

# more /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = $codedir/environments
autosign = true

# puppet config print codedir
/etc/puppetlabs/code

# puppet config print environmentpath
/etc/puppetlabs/code/environments

# puppet config print modulepath
/etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules

# puppet module list --tree
/etc/puppetlabs/code/environments/production/modules
└── accounts (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)

# puppet config print manifest
/etc/puppetlabs/code/environments/production/manifests

# ls -lR /etc/puppetlabs/code
/etc/puppetlabs/code:
total 8
drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments
drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules

/etc/puppetlabs/code/environments:
total 4
drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production

/etc/puppetlabs/code/environments/production:
total 20
-rw-r--r--. 1 root root  808 Sep 25 20:47 environment.conf
-rw-r--r--. 1 root root  518 Sep 17 22:22 hiera.yaml
drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests
drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules


/etc/puppetlabs/code/environments/production/manifests:
total 4
-rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp

/etc/puppetlabs/code/environments/production/modules:
total 4
drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts

/etc/puppetlabs/code/environments/production/modules/accounts:
total 12
drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests

/etc/puppetlabs/code/environments/production/modules/accounts/manifests:
total 8
-rw-r-. 1 root root  77 Sep 24 20:38 groups.pp
-rw-r-. 1 root root 224 Sep 24 20:01 init.pp

/etc/puppetlabs/code/modules:
total 0

# more /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'default' {
  include accounts
}

# more 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
class accounts {

  include accounts::groups

  user { 'djc72uk':
ensure  => present,
home=> '/home/djc72uk',
shell   => '/bin/bash',
managehome  => true,
gid => 'djc72uk',
  }

}

# more 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
class accounts::groups {

  group { 'djc72uk':
ensure  => present,
  }
}

Nothing complaining here:

# puppet parser validate 
/etc/puppetlabs/code/environments/production/manifests/site.pp
# puppet parser validate 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
# puppet parser validate 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp

My gut feel is that the site.pp file is in the wrong place and therefore 
not being read however, based on the above environment details, I'm 
struggling to see how that's possible.

Any help will be appreciated here.

Many Thanks,
Dan.

-- 
You received this message because you are subscribed to the Google Groups

[Puppet Users] Puppet client is not applying changes

2019-09-26 Thread Dan Crisp

Hello all,

Been at this problem I have for nearly a week now and it's driving 
crazy!!!  I hope it's simply a case of someone with some fresh eyes taking 
a look and showing me the error of my ways.  

Before I continue with the Puppet deployment, for testing purposes, I just 
want to create a single user namely djc72uk on a single server.  The server 
hostname is lhcadvdeveye05 and you can see below that it has successfully 
generated a certificate:

# puppetserver ca list --all
Signed Certificates:
lhcadvdeveye05.x.com   (SHA256)  
F1:07:CD:17:8F:0B:B5:AF:79:8A:13:F3:BA:CA:90:1A:1D:67:2C:74:C2:7F:25:3B:88:E9:34:C5:FB:50:CD:7D
puppet.xx.com   (SHA256)  
7D:2E:79:6D:DE:97:A7:B0:5D:EB:48:37:3D:B1:0F:B2:C3:E1:7F:ED:70:D9:EC:2D:71:BE:53:4A:7C:9B:B6:81
  
 alt names: ["DNS:puppet", "DNS:puppet.xx.com"]

I'm seeing the following output from the servers when I run the agent:

# puppet agent --no-daemonize --verbose --onetime
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for lhcadvdeveye05.xx.com
Info: Applying configuration version '1569503223'
Notice: Applied catalog in 0.24 seconds

Looks all good here other than it's not applying the module I created 
namely accounts (see below within the puppet environment).

Puppet Server Environment:

# puppet config print confdir
/etc/puppetlabs/puppet

# ll /etc/puppetlabs/puppet
total 48
drwxr-xr-x. 1 puppet puppet 4096 Sep 25 22:34 ./
drwxr-xr-x. 1 root   root   4096 Sep 24 12:16 ../
-rw-r--r--. 1 puppet puppet 5487 Sep 23 22:22 auth.conf
-rw-r--r--. 1 puppet puppet  161 Sep 23 22:22 hiera.yaml
-rw-r--r--. 1 puppet puppet  697 Sep 25 22:34 puppet.conf

# more /etc/puppetlabs/puppet/puppet.conf
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = $codedir/environments
autosign = true

# puppet config print codedir
/etc/puppetlabs/code

# puppet config print environmentpath
/etc/puppetlabs/code/environments

# puppet config print modulepath
/etc/puppetlabs/code/environments/production/modules:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules

# puppet module list --tree
/etc/puppetlabs/code/environments/production/modules
└── accounts (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)

# puppet config print manifest
/etc/puppetlabs/code/environments/production/manifests

# ls -lR /etc/puppetlabs/code
/etc/puppetlabs/code:
total 8
drwxr-xr-x. 3 root root 4096 Sep 25 21:02 environments
drwxr-xr-x. 2 root root 4096 Sep 25 21:02 modules

/etc/puppetlabs/code/environments:
total 4
drwxr-xr-x. 5 root root 4096 Sep 25 20:47 production

/etc/puppetlabs/code/environments/production:
total 20
-rw-r--r--. 1 root root  808 Sep 25 20:47 environment.conf
-rw-r--r--. 1 root root  518 Sep 17 22:22 hiera.yaml
drwxr-xr-x. 2 root root 4096 Sep 24 20:34 manifests
drwxr-xr-x. 3 root root 4096 Sep 24 19:57 modules


/etc/puppetlabs/code/environments/production/manifests:
total 4
-rw-r--r--. 1 root root 40 Sep 24 20:34 site.pp

/etc/puppetlabs/code/environments/production/modules:
total 4
drwxr-x---. 5 root root 4096 Sep 25 21:18 accounts

/etc/puppetlabs/code/environments/production/modules/accounts:
total 12
drwxr-x---. 2 root root 4096 Sep 24 20:38 manifests

/etc/puppetlabs/code/environments/production/modules/accounts/manifests:
total 8
-rw-r-. 1 root root  77 Sep 24 20:38 groups.pp
-rw-r-. 1 root root 224 Sep 24 20:01 init.pp

/etc/puppetlabs/code/modules:
total 0

# more /etc/puppetlabs/code/environments/production/manifests/site.pp
node 'default' {
  include accounts
}

# more 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
class accounts {

  include accounts::groups

  user { 'djc72uk':
ensure  => present,
home=> '/home/djc72uk',
shell   => '/bin/bash',
managehome  => true,
gid => 'djc72uk',
  }

}

# more 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp
class accounts::groups {

  group { 'djc72uk':
ensure  => present,
  }
}

Nothing complaining here:

# puppet parser validate 
/etc/puppetlabs/code/environments/production/manifests/site.pp
# puppet parser validate 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/init.pp
# puppet parser validate 
/etc/puppetlabs/code/environments/production/modules/accounts/manifests/groups.pp

My gut feel is that the site.pp file is in the wrong place and therefore 
not being read however, based on the above environment details, I'm 
struggling to see how that's possible.

Any help will be appreciated here.

Many Thanks,
Dan.Hello all,

Been at this problem I have for nearly a week now and it's driving

[Puppet Users] puppet client certificates being revoked without human intervention

2017-11-21 Thread Dustin Cannon

Hi,

I've googled this and found a couple of people asking questions about what
seems to be a similar issue a few years ago but no solutions.

The problem:
Some puppet clients will check in with the master and get: "SSL_connect
returned=1 errno=0 state=unknown state: sslv3 alert certificate revoked"

No human being as explicitly revoked the cert as far as we know. Bash
history doesn't show any revocation.

The cert is not expired. Private key modulus of and certificate modulus
match.

This started happening a couple of weeks ago and only to some clients.

Context:
We have a janky dual-master setup and are running puppet version 3.4.3 on
the masters. It's janky because what's being done is that one master runs
haproxy to redirect 60% of requests to another machine. That machine rsyncs
/var/lib/puppet (and uses the same certificate as the other). The clients
that are apparently revoked are running version 3.7.2, but we have other
clients running 3.7.2 that haven't had this issue. "puppet cert list --all"
shows the certs as revoked (with the correct fingerprint) but those certs
serial numbers do not appear in the certificate revocation list on the
masters.

I'd appreciate any ideas or help in getting to the bottom of this. The
problem is easy enough to fix by regenerating the certs but that doesn't
tell us why this is happening in the first place and won't prevent it from
happening in the future.

Happy to give more detail as needed. Thanks in advance!

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b8163293-303b-4dc8-8353-1fb4383373e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Client on German Windows, Service fail and manual run OK

2015-06-05 Thread Rico Steinitz

Hello,
i search very long for a solution and now i have a solution for this
problem.
The installed puppet agent not run on german Windows systems as Windows
service.
I found a solution for the timezone value. If i fix this, i can call puppet
manualy and it is successful. The service fail.
After many tests i found the problem and i write this here if other user
have the same problem and search for a solution.

OS: Windows 7/8/2003/2008/2012 GERMAN
Puppet-Client 3.7.1 / 3.7.2 / 3.7.3 / 3.7.4 / 3.7.5
Puppet-Server: 3.7.5 with Foreman 1.5/1.6/1.7

Here is the errormessage from the Puppet-Server and Puppet-Client:
Could not retrieve catalog from remote server: Error 400 on SERVER: Failed
when searching for node r1000-pc: Failed to find DOMAIN\PC-NAME via exec:
Execution of '/etc/puppet/node.rb DOMAIN\PC-NAME' returned 1:

The Solution:
remove all umlauts from Puppet Facts
1. problematic fact: C:\Program Files\Puppet
Labs\Puppet\facter\lib\facter\Timezone.rb
Value=Mitteleurop*ä*ische Zeit
NEW Code:
Facter.add(timezone) do
setcode do
Mitteleuropaeische Zeit
end

2. problematic fact: C:\Program Files\Puppet
Labs\Puppet\facter\lib\facter\id.rb
Value=nt-autorit*ä*t\system (if you run the Service as SYSTEM-User)
You can run the service as a other User without umlauts in the name or
rename the variable in the rb-file or delete the file if you not use the
fact.

Check the facts from the SYSTEM-USER:
Download the PsExec-Tolls from systernals
Open CMD and navigate to the PSEXEC file.
Start a CMD as SYSTEM-USER with this command: PSEXEC -i -s -d CMD
in this SYSTEM-CMD window you can enter facter and look at the values. If
you see a value with umlauts you must do something with this.
end

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ff9c4b75-7928-496a-aba3-a47b6e191220%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet client server - couldnt able to verify certificate

2014-05-05 Thread Ramkumar Nagaraj



We tried to setup puppet client-server architecture setup by installing 
puppet-server (through Yum repository) in puppet master and puppet (through 
Yum repository) in another server (client) machine. During this client is 
trying to receive the signed certificate from puppet-master server it 
failed with following error:

Puppet master: [root@puppet-master ~]# puppetca --list 

puppet-client1 (BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD) 

[root@puppet-master ~]# puppetca --sign puppet-client1 

notice: Signed certificate request for puppet-client1 

notice: Removing file Puppet::SSL::CertificateRequest puppet-client1 at 
'/var/lib/puppet/ssl/ca/requests/puppet-client1.pem'

Puppet Client: [root@puppet-client1 ~]# puppet agent --verbose --logdest 
console --no-daemonize --server=puppet-master 

info: Creating a new SSL key for puppet-client1 

info: Caching certificate for ca 

info: Creating a new SSL certificate request for puppet-client1 

info: Certificate Request fingerprint (md5): 
BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD 

notice: Did not receive certificate 

info: Caching certificate for puppet-client1 

notice: Starting Puppet client version 2.7.23 

err: Could not retrieve catalog from remote server: SSL*connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed: 
[certificate signature failure for /CN=puppet-master] *

*notice: Using cached catalog *

*err: Could not retrieve catalog; skipping run err: Could not send report: 
SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B: 
certificate verify failed: [certificate signature failure for 
/CN=puppet-master]

Rgrds, Ram.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet client server - couldnt able to verify certificate

2014-05-05 Thread José Luis Ledesma

I think there is some misunderstood here.

First launch the agent, it will generate a certificate for it.

Then you should sign it in the master.

It seems that you did generate one in the master and sign it, and expected
to be received by the client, but the certificate should be generated in
the client and be signed by then master.

Regards,
El 05/05/2014 14:59, Ramkumar Nagaraj ram2va...@gmail.com escribió:

 We tried to setup puppet client-server architecture setup by installing
 puppet-server (through Yum repository) in puppet master and puppet (through
 Yum repository) in another server (client) machine. During this client is
 trying to receive the signed certificate from puppet-master server it
 failed with following error:

 Puppet master: [root@puppet-master ~]# puppetca --list

 puppet-client1 (BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD)

 [root@puppet-master ~]# puppetca --sign puppet-client1

 notice: Signed certificate request for puppet-client1

 notice: Removing file Puppet::SSL::CertificateRequest puppet-client1 at
 '/var/lib/puppet/ssl/ca/requests/puppet-client1.pem'

 Puppet Client: [root@puppet-client1 ~]# puppet agent --verbose --logdest
 console --no-daemonize --server=puppet-master

 info: Creating a new SSL key for puppet-client1

 info: Caching certificate for ca

 info: Creating a new SSL certificate request for puppet-client1

 info: Certificate Request fingerprint (md5):
 BF:56:F7:B3:FB:CA:6A:9A:44:9B:9E:0C:BE:F3:5D:FD

 notice: Did not receive certificate

 info: Caching certificate for puppet-client1

 notice: Starting Puppet client version 2.7.23

 err: Could not retrieve catalog from remote server: SSL*connect
 returned=1 errno=0 state=SSLv3 read server certificate B: certificate
 verify failed: [certificate signature failure for /CN=puppet-master] *

 *notice: Using cached catalog *

 *err: Could not retrieve catalog; skipping run err: Could not send report:
 SSL*connect returned=1 errno=0 state=SSLv3 read server certificate B:
 certificate verify failed: [certificate signature failure for
 /CN=puppet-master]

 Rgrds, Ram.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/726017a6-1cda-4cd8-ac4a-d06a16cb60f2%40googlegroups.com?utm_medium=emailutm_source=footer
 .
 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3df%2BP6wZFZVt8wyDz8t0oYAevJzx_OccAEqsGfjQ87Se0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Client Reports file not found on Server

2014-05-01 Thread Rance Hall

Ive had a series of issues with a specfic node.

Node is running puppet 3.0.2.

During a puppet run the client reports:

Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: Error 400 on SERVER: No such file or directory - 
/var/lib/puppet/yaml/node/{nodename}.yaml20140501-4910-10zh5o0.lock

I check the server and this servers node.pp went missing so I recreated it.

client still shows that this lock file is missing.  I confirmed that the 
lock file is indeed missing.

Unsure why the configuration for this node went AWOL from server.

How should I fix this?

Need to get node back under management.

Rance

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0f9e6833-54f8-4bdd-a812-6ebf97470fe6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet client removing yum / rpm cache?

2014-02-20 Thread Christopher Opena

Howdy folks,

I've got some weird behavior from one of my puppet clients (actually the 
client running on the puppet master), where running the agent somehow 
destroys either the yum cache or the rpm db.  Directly after running the 
agent I get the following message from yum (without modifying yum.conf or 
any of the .repo files in /etc/yum.repos.d/):

# yum list installed
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. $releasever is not a valid release or hasnt been released yet/
removing mirrorlist with no valid mirrors: 
/var/cache/yum/x86_64/$releasever/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base

Prior to running the puppet agent, yum was working perfectly.  I was able 
to fix the above problem by reinstalling the centos-release package, but 
even after doing so a 'yum list installed' and 'rpm -qa' listed the 
centos-release package as *the only package installed* (clearly others were 
installed but the db probably got corrupted).

Restart the puppet agent, and the error with $releasever resumed, and 
centos-release was shown as not installed by both yum and rpm.

Looking through the puppet agent log (/var/log/puppet/puppet.log), I only 
found this in the startup procedure:

Thu Feb 20 14:26:50 -0800 2014 Puppet (notice): Caught TERM; calling stop
Thu Feb 20 14:26:51 -0800 2014 Puppet (notice): Reopening log files
Thu Feb 20 14:26:51 -0800 2014 Puppet (notice): Starting Puppet client 
version 3.4.2
Thu Feb 20 14:26:52 -0800 2014 /File[/var/lib/rpm]/ensure (notice): removed
Thu Feb 20 14:26:52 -0800 2014 /File[/var/lib/yum]/ensure (notice): removed
Thu Feb 20 14:26:55 -0800 2014 Puppet (err): Could not prefetch package 
provider 'yum': Execution of '/usr/bin/python 
/usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py' returned 
1: Loaded plugins: fastestmirror

So it looks like directly after the client starts, it removes(?) 
/var/lib/rpm and /var/lib/yum and then yum stops working again (with the 
same $releasever) error.  The odd thing is that we have several other nodes 
that are having the exact same modules applied and experiencing zero 
issues, so something odd is going on with this particular node (which is 
also the master).

Anyone experience anything like this or have any ideas what could be 
causing the puppet runs to basically destroy the yumdb?

TIA,
Chris


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bf8612f3-7c80-4587-b5dc-d4321a3f9840%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-29 Thread Josh D



On Wednesday, January 29, 2014 12:41:06 AM UTC-7, Rob Reynolds wrote:

 Josh,
  I'm glad we were able to get you going. However it is slightly troubling 
 to see that the service flips to automatic after running puppet agent. 

 Also are you overriding the user the agent installed as to a 
 non-administrative user?


No, we left the default settings when installing (local system account).  
We were going to attempt setting the username as a last resort, but 
couldn't find any documentation on how to change the password post 
installation. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/69339996-a428-41cb-bbfd-ebb1360fd680%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-29 Thread Rob Reynolds

Post installation you would change it like with other services on windows
(services.msc, find the service, open properties and change user/password).

On Wed, Jan 29, 2014 at 11:21 AM, Josh D joshuadavid...@gmail.com wrote:

On Wednesday, January 29, 2014 12:41:06 AM UTC-7, Rob Reynolds wrote:

Josh,
I'm glad we were able to get you going. However it is slightly troubling
to see that the service flips to automatic after running puppet agent.

Also are you overriding the user the agent installed as to a
non-administrative user?

No, we left the default settings when installing (local system account).
We were going to attempt setting the username as a last resort, but
couldn't find any documentation on how to change the password post
installation.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/69339996-a428-41cb-bbfd-ebb1360fd680%40googlegroups.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4RYP3qKuWtTnmku7H2dkpYE2iqBVJ31Vb-Jgkk-FSkUA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-28 Thread Josh D

On Monday, January 27, 2014 4:15:12 PM UTC-7, Rob Reynolds wrote:

You should be able to take ownership of the directory you cannot delete as
an administrator. Once you have done that you should be able to move
forward with deleting those. I think the prior install attempts might have
botched something and that directory is not removed.

Ok, have some good news to report. First, uninstalling and blowing away
C:\ProgramData\PuppetLabs resulted in the original error when performing a
clean uninstall. However, we did find one combination that worked.

#1. Uninstall and ensure C:\ProgramData is absent
#2. Install with PUPPET_AGENT_STARTUP_MODE=Manual
#3. Following installation and *BEFORE* attempting to run puppet agent
service, run puppet agent as admin.

By running puppet agent not only did it run to completion unlike past
attempts following a failed start of the service, it also mysteriously
changed the puppet agent startup mode to automatic and now the puppet
service works.

In the past when we followed steps #1 and #2 and attempted to start the
service following installation, the service failed to start and broke the
client due to permissions. By running the client before the service,
everything is fine and dandy.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bafcdc5d-68b3-4bd1-9236-3d51398fda94%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-28 Thread Rob Reynolds

Josh,
I'm glad we were able to get you going. However it is slightly troubling
to see that the service flips to automatic after running puppet agent.

Also are you overriding the user the agent installed as to a
non-administrative user?

On Tue, Jan 28, 2014 at 3:24 PM, Josh D joshuadavid...@gmail.com wrote:

On Monday, January 27, 2014 4:15:12 PM UTC-7, Rob Reynolds wrote:

You should be able to take ownership of the directory you cannot delete
as an administrator. Once you have done that you should be able to move
forward with deleting those. I think the prior install attempts might have
botched something and that directory is not removed.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bafcdc5d-68b3-4bd1-9236-3d51398fda94%40googlegroups.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4g-%2BdWbtYk9j%2BPDZWyDvhb%3DYxKLk8cgi%3DQwLaGyCnUTA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-27 Thread Josh D

On Friday, January 24, 2014 1:02:59 PM UTC-7, Rob Reynolds wrote:

 The supported way of making it work is to update to at least 3.3.1.


Just tried installing the 3.4.2 client and had the same problem; service 
fails to start and the installation is rolled back.  The log is *slightly* 
different.

StartServices: Service: Puppet Agent
Error 1920. Service 'Puppet Agent' (puppet) failed to start.  Verify that 
you have sufficient privileges to start system services.
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37672 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37536 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 29532 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37384 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 38872 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 34136 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33292 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 1136 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33376 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 32688 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31448 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31128 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33536 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30684 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 27924 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 11324 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37092 could not be cancelled. 
Error: 1168
MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30248 could not be cancelled. 
Error: 1168
MSI (s) (94:D8) [09:41:44:708]: Product: Puppet -- Error 1920. Service 
'Puppet Agent' (puppet) failed to start.  Verify that you have sufficient 
privileges to start system services.
Are you sure you want to cancel?
Action ended 9:41:50: InstallFinalize. Return value 3.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/17b9a371-7aa5-4894-bf23-0e1fc5be7b9c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-27 Thread Rob Reynolds

Josh,
 Can you try something for me? With the install, can you add the following
to it?

msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual

And tell me if it installs okay?


Then we'll move onto trying to start the service and see what errors crop
up.


On Mon, Jan 27, 2014 at 10:57 AM, Josh D joshuadavid...@gmail.com wrote:

 On Friday, January 24, 2014 1:02:59 PM UTC-7, Rob Reynolds wrote:

 The supported way of making it work is to update to at least 3.3.1.


 Just tried installing the 3.4.2 client and had the same problem; service
 fails to start and the installation is rolled back.  The log is *slightly*
 different.

 StartServices: Service: Puppet Agent

 Error 1920. Service 'Puppet Agent' (puppet) failed to start.  Verify that
 you have sufficient privileges to start system services.
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37672 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37536 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 29532 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37384 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 38872 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 34136 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33292 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 1136 could not be cancelled.
 Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33376 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 32688 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31448 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 31128 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 33536 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30684 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 27924 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 11324 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 37092 could not be
 cancelled. Error: 1168
 MSI (s) (94:8C) [09:41:44:708]: I/O on thread 30248 could not be
 cancelled. Error: 1168
 MSI (s) (94:D8) [09:41:44:708]: Product: Puppet -- Error 1920. Service
 'Puppet Agent' (puppet) failed to start.  Verify that you have sufficient
 privileges to start system services.
 Are you sure you want to cancel?
 Action ended 9:41:50: InstallFinalize. Return value 3.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/17b9a371-7aa5-4894-bf23-0e1fc5be7b9c%40googlegroups.com
 .

 For more options, visit https://groups.google.com/groups/opt_out.




-- 
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4sm3Kuc8TjdF3kTKBiLB7o7NvS2CdxnULfz4fcx_cvww%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-27 Thread Josh D

On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote:

Josh,
Can you try something for me? With the install, can you add the following
to it?

msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual

And tell me if it installs okay?

Yep, one step ahead of you. We were able to install by changing the
startup mode to manual. Attempting to start the service post install,
resulted in: Error 1053: The service did not respond to the start or
control request in a timely fashion.

There wasn't anything helpful in event viewer so we moved on to starting
the agent manually. The pertinent portion of the output from puppet agent
--test --debug --verbose is below:

Error: Could not set 'directory' on ensure: Permission denied -
C:/ProgramData/P
uppetLabs/puppet/var/state/graphs
Error: Could not set 'directory' on ensure: Permission denied -
C:/ProgramData/P
uppetLabs/puppet/var/state/graphs
Wrapped exception:
Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs
Error: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]/ensure:
change f
rom absent to directory failed: Could not set 'directory' on ensure:
Permission
denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs
[0;36mDebug: /File
[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Nothing to manage: no
ensure and the resource doesn't exist [0m
[0;36mDebug: Finishing transaction 38297820 [0m
Error: Could not prepare for execution: Got 3 failure(s) while
initializing: Cou
ld not set 'directory' on ensure: Permission denied -
C:/ProgramData/PuppetLabs/
puppet/var/state/graphs; Could not set 'directory' on ensure: Permission
denied
- C:/ProgramData/PuppetLabs/puppet/var/state/graphs
Wrapped exception:
Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs;
change fr
om absent to directory failed: Could not set 'directory' on ensure:
Permission d
enied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs

So I hopped into the PuppetLabs directory and started looking at
permissions. Everything is good up to
C:/ProgramData/PuppetLabs/puppet/var. Meaning the Administrators group has
full control and can make modifications. That is required for running
puppet agent manually outside of the service. Every directory under
C:/ProgramData/PuppetLabs/puppet/var is good *except* for
C:/ProgramData/PuppetLabs/puppet/var/state. That directory appears to have
been created by the service (system account) and does not have any
permissions for Administrators set. I attempted to alter the
permissions, but I just get access denied even with an admin account.

So in summary, the service times out for reasons unknown. Running puppet
agent manually fails because Administrators cannot modify anything under
C:/ProgramData/PuppetLabs/puppet/var/state

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-27 Thread Rob Reynolds

Can you blow away the C:/ProgramData/PuppetLabs directory and try the
install again?

On Mon, Jan 27, 2014 at 12:01 PM, Josh D joshuadavid...@gmail.com wrote:

On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote:

Josh,
Can you try something for me? With the install, can you add the
following to it?

msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual

And tell me if it installs okay?

There wasn't anything helpful in event viewer so we moved on to starting
the agent manually. The pertinent portion of the output from puppet agent
--test --debug --verbose is below:

So in summary, the service times out for reasons unknown. Running puppet
agent manually fails because Administrators cannot modify anything under
C:/ProgramData/PuppetLabs/puppet/var/state

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK74a%3DxTm384UDrTRFHamnFCg%2B3qThKEjM5Bm4K_PBBH-A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-27 Thread Rob Reynolds

On Mon, Jan 27, 2014 at 5:13 PM, Rob Reynolds r...@puppetlabs.com wrote:

Can you blow away the C:/ProgramData/PuppetLabs directory and try the
install again?

On Mon, Jan 27, 2014 at 12:01 PM, Josh D joshuadavid...@gmail.com wrote:

On Monday, January 27, 2014 10:34:36 AM UTC-7, Rob Reynolds wrote:

Josh,
Can you try something for me? With the install, can you add the
following to it?

msiexec /qn /i themsilocation.msi PUPPET_AGENT_STARTUP_MODE=Manual

And tell me if it installs okay?

There wasn't anything helpful in event viewer so we moved on to starting
the agent manually. The pertinent portion of the output from puppet agent
--test --debug --verbose is below:

Error: Could not set 'directory' on ensure: Permission denied -
C:/ProgramData/P
uppetLabs/puppet/var/state/graphs
Error: Could not set 'directory' on ensure: Permission denied -
C:/ProgramData/P
uppetLabs/puppet/var/state/graphs
Wrapped exception:
Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs
Error: /File[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]/ensure:
change f
rom absent to directory failed: Could not set 'directory' on ensure:
Permission
denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs
[0;36mDebug: /File
[C:/ProgramData/PuppetLabs/puppet/var/state/graphs]: Nothing to manage:
no ensure and the resource doesn't exist [0m
[0;36mDebug: Finishing transaction 38297820 [0m
Error: Could not prepare for execution: Got 3 failure(s) while
initializing: Cou
ld not set 'directory' on ensure: Permission denied -
C:/ProgramData/PuppetLabs/
puppet/var/state/graphs; Could not set 'directory' on ensure: Permission
denied
- C:/ProgramData/PuppetLabs/puppet/var/state/graphs
Wrapped exception:
Permission denied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs;
change fr
om absent to directory failed: Could not set 'directory' on ensure:
Permission d
enied - C:/ProgramData/PuppetLabs/puppet/var/state/graphs

So in summary, the service times out for reasons unknown. Running puppet
agent manually fails because Administrators cannot modify anything under
C:/ProgramData/PuppetLabs/puppet/var/state

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/73b52441-e66d-4661-bf1b-fc3737ec4912%40googlegroups.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

--
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMJiBK7qeRGug2DYoDvTZ%2Bi_K6mnVHryj0Z_2eRTn2bRc2Ra_A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-24 Thread Josh D

Some of my users are having difficulty installing the Puppet client on 
their 64-bit Widows machines.  The installation will get get to the point 
where everything is installed and it attempts to start the service.  The 
service fails (see relevant information from install log from /l*v below) 
and then the installer rolls back.  I've tried various ways of launching 
the installer, had different users attempt to install on the problem 
machines, etc but always wind up with the same error.  The accounts in 
question have permission to start/stop services.  Any ideas?

StartServices: Service: Puppet Agent
MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2205 2:  3: Error 
MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2228 2:  3: Error 4: SELECT 
`Message` FROM `Error` WHERE `Error` = 1920 
Error 1920. Service 'Puppet Agent' (puppet) failed to start.  Verify that 
you have sufficient privileges to start system services.
MSI (s) (88:20) [09:29:57:739]: I/O on thread 7856 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 8588 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 7504 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 9268 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 6048 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 4460 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 7356 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 8800 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 8316 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 8436 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:739]: I/O on thread 4716 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 6840 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 10224 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 8248 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 4944 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 2860 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 9484 could not be cancelled. 
Error: 1168
MSI (s) (88:20) [09:29:57:740]: I/O on thread 8116 could not be cancelled. 
Error: 1168
MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2205 2:  3: Error 
MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2228 2:  3: Error 4: SELECT 
`Message` FROM `Error` WHERE `Error` = 1709 
MSI (s) (88:6C) [09:29:57:740]: Product: Puppet -- Error 1920. Service 
'Puppet Agent' (puppet) failed to start.  Verify that you have sufficient 
privileges to start system services.

MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2205 2:  3: Error 
MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2228 2:  3: Error 4: SELECT 
`Message` FROM `Error` WHERE `Error` = 1602 
Are you sure you want to cancel?
Action ended 9:29:59: InstallFinalize. Return value 3.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/90b581a2-53f0-4c98-a463-dbe296345161%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client 3.2.X fails to install on Windows 7 x64

2014-01-24 Thread Rob Reynolds

On Fri, Jan 24, 2014 at 11:11 AM, Josh D joshuadavid...@gmail.com wrote:

 Some of my users are having difficulty installing the Puppet client on
 their 64-bit Widows machines.  The installation will get get to the point
 where everything is installed and it attempts to start the service.  The
 service fails (see relevant information from install log from /l*v below)
 and then the installer rolls back.  I've tried various ways of launching
 the installer, had different users attempt to install on the problem
 machines, etc but always wind up with the same error.  The accounts in
 question have permission to start/stop services.  Any ideas?

 StartServices: Service: Puppet Agent
 MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2205 2:  3: Error
 MSI (s) (88:6C) [09:29:47:321]: Note: 1: 2228 2:  3: Error 4: SELECT
 `Message` FROM `Error` WHERE `Error` = 1920
 Error 1920. Service 'Puppet Agent' (puppet) failed to start.  Verify that
 you have sufficient privileges to start system services.
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7856 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8588 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7504 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 9268 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 6048 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4460 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 7356 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8800 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8316 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 8436 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:739]: I/O on thread 4716 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 6840 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 10224 could not be
 cancelled. Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8248 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 4944 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 2860 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 9484 could not be cancelled.
 Error: 1168
 MSI (s) (88:20) [09:29:57:740]: I/O on thread 8116 could not be cancelled.
 Error: 1168
 MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2205 2:  3: Error
 MSI (s) (88:6C) [09:29:57:740]: Note: 1: 2228 2:  3: Error 4: SELECT
 `Message` FROM `Error` WHERE `Error` = 1709
 MSI (s) (88:6C) [09:29:57:740]: Product: Puppet -- Error 1920. Service
 'Puppet Agent' (puppet) failed to start.  Verify that you have sufficient
 privileges to start system services.


This error is a lie. :)

The true issue [1][2][3] had to an encoding bug in a gem that Puppet
depends on that was fixed in 3.3.1. We didn't add the
PUPPET_AGENT_STARTUP_MODE [4] until 3.4.0 so there isn't a way to tell it
not to try to start the service.

The supported way of making it work is to update to at least 3.3.1.


1: http://projects.puppetlabs.com/issues/22493
2: http://projects.puppetlabs.com/issues/22613
3: https://tickets.puppetlabs.com/browse/PUP-316 with a nice video showing
repro and fix.
4: http://docs.puppetlabs.com/windows/installing.html#automated-installation




 MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2205 2:  3: Error
 MSI (s) (88:6C) [09:29:57:742]: Note: 1: 2228 2:  3: Error 4: SELECT
 `Message` FROM `Error` WHERE `Error` = 1602
 Are you sure you want to cancel?
 Action ended 9:29:59: InstallFinalize. Return value 3.

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/90b581a2-53f0-4c98-a463-dbe296345161%40googlegroups.com
 .
 For more options, visit https://groups.google.com/groups/opt_out.




-- 
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco -
http://bit.ly/pupconf14
Register now and save 40%! Offer expires January 31st.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK7reQ_JJRvmg7Y9i6gK-FokpVHMH6a0bd3f-DzkmVWM2g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet client automatic self enrollment to puppet enterprise

2013-11-27 Thread Martin Knott

Hi 

I'm  developing templates for vm cloud provisioning and would like to 
include puppet client in the template
has anybody have knowledge or experience to assist with my objective of 
puppet client automatic self enrollment to puppet enterprise
e.g. as a new vm is built

Any help appreciated

Regards Martin

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet client automatic self enrollment to puppet enterprise

2013-11-27 Thread Jo Rhett

There's nothing special. The only thing you'll need is either auto sign or
automation on your side to pre-sign certs and deliver them to the VM.

On Nov 27, 2013, at 6:30 AM, Martin Knott mkn...@novemgroup.co.uk wrote:
I'm developing templates for vm cloud provisioning and would like to include
puppet client in the template
has anybody have knowledge or experience to assist with my objective of
puppet client automatic self enrollment to puppet enterprise
e.g. as a new vm is built

Any help appreciated

Regards Martin

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a22ee4b3-375a-44fc-b891-731501057d33%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

Author of Instant Puppet 3 Starter:
http://www.netconsonance.com/instant-puppet-3-starter-book/

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8545EBD4-FDD4-45E2-823C-9556EB227732%40netconsonance.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet client

2013-11-15 Thread Stuart Cracraft

 
I have a box with this uname -a output:
 
  Linux myhost 2.6.32-300.11.1.el5uek #1 SMP Wed Mar 7 09:55:50 EST 2012 
x86_64 x86_64 x86_64 GNU/Linux
 
For various reasons, I cannot use Yum to download.
 
Anyone know the specific URL's/rpm's I can download to get puppet client up
for the above to work with a Puppet 3.2.1 master?
 
Stuart
 
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ad707d21-7c8d-4e5e-a9c6-bd871a74e8ac%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet client

2013-11-15 Thread Stuart Cracraft

Took care of this. 

Messy. 

Made a company repo. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2A778359-C514-433A-A5A0-183440B0F342%40me.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master

2013-09-26 Thread Dilip Varma

Hi

*puppetmaster#vim /etc/puppet/puppet.conf*

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

puppetmaster#vim /etc/puppet/auth.conf
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

*puppetmaster#vim /etc/puppet/auth.conf*


# This is an example auth.conf file, it mimics the puppetmasterd defaults
#
# The ACL are checked in order of appearance in this file.
#
# Supported syntax:
# This file supports two different syntax depending on how
# you want to express the ACL.
#
# Path syntax (the one used below):
# -
# path /path/to/resource
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The path is matched as a prefix. That is /file match at
# the same time /file_metadat and /file_content.
#
# Regex syntax:
# -
# This one is differenciated from the path one by a '~'
#
# path ~ regex
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The regex syntax is the same as ruby ones.
#
# Ex:
# path ~ .pp$
# will match every resource ending in .pp (manifests files for instance)
#
# path ~ ^/path/to/resource
# is essentially equivalent to path /path/to/resource
#
# environment:: restrict an ACL to a specific set of environments
# method:: restrict an ACL to a specific set of methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated
requests
# (ie exactly as if auth yes was present).
#

### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow nodes to retrieve their own node definition
path ~ ^/node/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their own reports
path ~ ^/report/([^/]+)$
method save
allow $1

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file




Thanks,
Dilip
allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate; we allow authenticated users, too, because
### there isn't a great harm in letting that request through.

# allow access to the master CA
path /certificate/ca
auth any
method find
allow *

path /certificate/
auth any
method find
allow *

path /certificate_request
auth any
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
#path /
path /run
auth any

These are my puppet.conf and auth.conf of puppet master...

Please find the solution..

On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote:


 Hi,

 I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e

 class toolbox {

 file { '/usr/local/sbin/puppetsimple.sh':
 owner = root,group = root,mode = 0755,content = #!/bin/bash
 apt-get install zip\n
  }
 }
 node 'admin.local' {
  include toolbox

}

 Here admin.local is my PUPPET AGENT..

 my job is to kick this job to puppet agent from puppet master.for this i
 have ran

 *r...@puppetmaster.example.org#puppet kick admin.local*
 *Triggering admin.local
 Host admin.local failed: Connection refused - connect(2)
 admin.local finished with exit code 2
 Failed: admin.local*

 i got this error.
 *Additional Info*:puppet master and agent are in the same network,pinging
 each other and configured password less logins also..

 Please find the attachment regarding the puppet error mentioned above.

 Thanks in advance
 Dilip


  --
 You received this message because you are subscribed to a topic in the
 Google Groups Puppet Users group.
 To unsubscribe from this topic, visit
 https://groups.google.com/d/topic/puppet-users/OMJFUxP4XgM/unsubscribe.
 To unsubscribe from this

Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master

2013-09-26 Thread Rahul Khengare

Have you try adding server parameter as i said in earlier post.




On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.com wrote:

 Hi

 *puppetmaster#vim /etc/puppet/puppet.conf*

 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 puppetmaster#vim /etc/puppet/auth.conf
 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 *puppetmaster#vim /etc/puppet/auth.conf*


 # This is an example auth.conf file, it mimics the puppetmasterd defaults
 #
 # The ACL are checked in order of appearance in this file.
 #
 # Supported syntax:
 # This file supports two different syntax depending on how
 # you want to express the ACL.
 #
 # Path syntax (the one used below):
 # -
 # path /path/to/resource
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The path is matched as a prefix. That is /file match at
 # the same time /file_metadat and /file_content.
 #
 # Regex syntax:
 # -
 # This one is differenciated from the path one by a '~'
 #
 # path ~ regex
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The regex syntax is the same as ruby ones.
 #
 # Ex:
 # path ~ .pp$
 # will match every resource ending in .pp (manifests files for instance)
 #
 # path ~ ^/path/to/resource
 # is essentially equivalent to path /path/to/resource
 #
 # environment:: restrict an ACL to a specific set of environments
 # method:: restrict an ACL to a specific set of methods
 # auth:: restrict an ACL to an authenticated or unauthenticated request
 # the default when unspecified is to restrict the ACL to authenticated
 requests
 # (ie exactly as if auth yes was present).
 #

 ### Authenticated ACL - those applies only when the client
 ### has a valid certificate and is thus authenticated

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 # allow nodes to retrieve their own node definition
 path ~ ^/node/([^/]+)$
 method find
 allow $1

 # allow all nodes to access the certificates services
 path /certificate_revocation_list/ca
 method find
 allow *

 # allow all nodes to store their own reports
 path ~ ^/report/([^/]+)$
 method save
 allow $1

 # inconditionnally allow access to all files services
 # which means in practice that fileserver.conf will
 # still be used
 path /file




  Thanks,
 Dilip
 allow *

 ### Unauthenticated ACL, for clients for which the current master doesn't
 ### have a valid certificate; we allow authenticated users, too, because
 ### there isn't a great harm in letting that request through.

 # allow access to the master CA
 path /certificate/ca
 auth any
 method find
 allow *

 path /certificate/
 auth any
 method find
 allow *

 path /certificate_request
 auth any
 method find, save
 allow *

 # this one is not stricly necessary, but it has the merit
 # to show the default policy which is deny everything else
 #path /
 path /run
 auth any

 These are my puppet.conf and auth.conf of puppet master...

 Please find the solution..

 On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote:


 Hi,

 I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e

 class toolbox {

 file { '/usr/local/sbin/puppetsimple.sh':
 owner = root,group = root,mode = 0755,content = #!/bin/bash
 apt-get install zip\n
  }
 }
 node 'admin.local' {
  include toolbox

}

 Here admin.local is my PUPPET AGENT..

 my job is to kick this job to puppet agent from puppet master.for this i
 have ran

 *r...@puppetmaster.example.org#puppet kick admin.local*
 *Triggering admin.local
 Host admin.local failed: Connection refused - connect(2)
 admin.local finished with exit code 2
 Failed: admin.local*

 i got this error.
 *Additional Info*:puppet master and agent are in the same
 network,pinging each other and configured password less logins also..

 Please find the attachment regarding the puppet error mentioned above.

Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master

2013-09-26 Thread Dilip Varma

Hi,

it is working fine,Thank you..

Thanks,
Dilip


On Thu, Sep 26, 2013 at 3:08 PM, Rahul Khengare rahulk1...@gmail.comwrote:

 Have you try adding server parameter as i said in earlier post.




 On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.comwrote:

 Hi

 *puppetmaster#vim /etc/puppet/puppet.conf*

 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 puppetmaster#vim /etc/puppet/auth.conf
 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 *puppetmaster#vim /etc/puppet/auth.conf*


 # This is an example auth.conf file, it mimics the puppetmasterd defaults
 #
 # The ACL are checked in order of appearance in this file.
 #
 # Supported syntax:
 # This file supports two different syntax depending on how
 # you want to express the ACL.
 #
 # Path syntax (the one used below):
 # -
 # path /path/to/resource
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The path is matched as a prefix. That is /file match at
 # the same time /file_metadat and /file_content.
 #
 # Regex syntax:
 # -
 # This one is differenciated from the path one by a '~'
 #
 # path ~ regex
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The regex syntax is the same as ruby ones.
 #
 # Ex:
 # path ~ .pp$
 # will match every resource ending in .pp (manifests files for instance)
 #
 # path ~ ^/path/to/resource
 # is essentially equivalent to path /path/to/resource
 #
 # environment:: restrict an ACL to a specific set of environments
 # method:: restrict an ACL to a specific set of methods
 # auth:: restrict an ACL to an authenticated or unauthenticated request
 # the default when unspecified is to restrict the ACL to authenticated
 requests
 # (ie exactly as if auth yes was present).
 #

 ### Authenticated ACL - those applies only when the client
 ### has a valid certificate and is thus authenticated

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 # allow nodes to retrieve their own node definition
 path ~ ^/node/([^/]+)$
 method find
 allow $1

 # allow all nodes to access the certificates services
 path /certificate_revocation_list/ca
 method find
 allow *

 # allow all nodes to store their own reports
 path ~ ^/report/([^/]+)$
 method save
 allow $1

 # inconditionnally allow access to all files services
 # which means in practice that fileserver.conf will
 # still be used
 path /file




  Thanks,
 Dilip
 allow *

 ### Unauthenticated ACL, for clients for which the current master doesn't
 ### have a valid certificate; we allow authenticated users, too, because
 ### there isn't a great harm in letting that request through.

 # allow access to the master CA
 path /certificate/ca
 auth any
 method find
 allow *

 path /certificate/
 auth any
 method find
 allow *

 path /certificate_request
 auth any
 method find, save
 allow *

 # this one is not stricly necessary, but it has the merit
 # to show the default policy which is deny everything else
 #path /
 path /run
 auth any

 These are my puppet.conf and auth.conf of puppet master...

 Please find the solution..

 On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote:


 Hi,

 I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e

 class toolbox {

 file { '/usr/local/sbin/puppetsimple.sh':
 owner = root,group = root,mode = 0755,content = #!/bin/bash
 apt-get install zip\n
  }
 }
 node 'admin.local' {
  include toolbox

}

 Here admin.local is my PUPPET AGENT..

 my job is to kick this job to puppet agent from puppet master.for this i
 have ran

 *r...@puppetmaster.example.org#puppet kick admin.local*
 *Triggering admin.local
 Host admin.local failed: Connection refused - connect(2)
 admin.local finished with exit code 2
 Failed: admin.local*

 i got this error.
 *Additional Info*:puppet master and agent are in the same
 network,pinging

Re: [Puppet Users] puppet client connection refused when I use puppet kick form puppet master

2013-09-26 Thread Dilip Varma

I've created auth.conf file in puppet agent and in auth.conf file i've
written

path /
  method find, search, save
  auth yes
  allow puppetmaster.example.org
path /run
auth any
allow *

finally i've restarted the puppet and puppet master then it's working well..

Thank you for supporting me..




Thanks,
Dilip


On Thu, Sep 26, 2013 at 4:54 PM, Dilip Varma dilippand...@gmail.com wrote:

 Hi,

 it is working fine,Thank you..

 Thanks,
 Dilip


 On Thu, Sep 26, 2013 at 3:08 PM, Rahul Khengare rahulk1...@gmail.comwrote:

 Have you try adding server parameter as i said in earlier post.




 On Thu, Sep 26, 2013 at 2:44 PM, Dilip Varma dilippand...@gmail.comwrote:

 Hi

 *puppetmaster#vim /etc/puppet/puppet.conf*

 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 puppetmaster#vim /etc/puppet/auth.conf
 [main]
 logdir=/var/log/puppet
 vardir=/var/lib/puppet
 ssldir=/var/lib/puppet/ssl
 rundir=/var/run/puppet
 factpath=$vardir/lib/facter
 templatedir=$confdir/templates
 prerun_command=/etc/puppet/etckeeper-commit-pre
 postrun_command=/etc/puppet/etckeeper-commit-post
 listen = true
 [master]
 # These are needed when the puppetmaster is run by passenger
 # and can safely be removed if webrick is used.
 ssl_client_header = SSL_CLIENT_S_DN
 ssl_client_verify_header = SSL_CLIENT_VERIFY

 *puppetmaster#vim /etc/puppet/auth.conf*


 # This is an example auth.conf file, it mimics the puppetmasterd defaults
 #
 # The ACL are checked in order of appearance in this file.
 #
 # Supported syntax:
 # This file supports two different syntax depending on how
 # you want to express the ACL.
 #
 # Path syntax (the one used below):
 # -
 # path /path/to/resource
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The path is matched as a prefix. That is /file match at
 # the same time /file_metadat and /file_content.
 #
 # Regex syntax:
 # -
 # This one is differenciated from the path one by a '~'
 #
 # path ~ regex
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The regex syntax is the same as ruby ones.
 #
 # Ex:
 # path ~ .pp$
 # will match every resource ending in .pp (manifests files for instance)
 #
 # path ~ ^/path/to/resource
 # is essentially equivalent to path /path/to/resource
 #
 # environment:: restrict an ACL to a specific set of environments
 # method:: restrict an ACL to a specific set of methods
 # auth:: restrict an ACL to an authenticated or unauthenticated request
 # the default when unspecified is to restrict the ACL to authenticated
 requests
 # (ie exactly as if auth yes was present).
 #

 ### Authenticated ACL - those applies only when the client
 ### has a valid certificate and is thus authenticated

 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1

 # allow nodes to retrieve their own node definition
 path ~ ^/node/([^/]+)$
 method find
 allow $1

 # allow all nodes to access the certificates services
 path /certificate_revocation_list/ca
 method find
 allow *

 # allow all nodes to store their own reports
 path ~ ^/report/([^/]+)$
 method save
 allow $1

 # inconditionnally allow access to all files services
 # which means in practice that fileserver.conf will
 # still be used
 path /file




  Thanks,
 Dilip
 allow *

 ### Unauthenticated ACL, for clients for which the current master doesn't
 ### have a valid certificate; we allow authenticated users, too, because
 ### there isn't a great harm in letting that request through.

 # allow access to the master CA
 path /certificate/ca
 auth any
 method find
 allow *

 path /certificate/
 auth any
 method find
 allow *

 path /certificate_request
 auth any
 method find, save
 allow *

 # this one is not stricly necessary, but it has the merit
 # to show the default policy which is deny everything else
 #path /
 path /run
 auth any

 These are my puppet.conf and auth.conf of puppet master...

 Please find the solution..

 On Thu, Sep 26, 2013 at 12:54 PM, Dilip Varma dilippand...@gmail.comwrote:


 Hi,

 I've done some cofiguration in /etc/puppet/manifests/site.pp file i.e

 class toolbox {

 file { '/usr/local/sbin/puppetsimple.sh':
 owner = root,group = root,mode = 0755,content =
 #!/bin/bash apt-get install zip\n
  }
 }
 node 'admin.local' {
  include toolbox

}

 Here admin.local is my

Re: [Puppet Users] puppet client

2013-08-29 Thread Stuart Cracraft


Good morning!

What are the relevant client rpms and
URL for puppet client install to Oracle UEK Linux?

I'm sitting at, in a browser:
 http://yum.puppetlabs.com/el/5Client/products/x86_64

Also,  can you speak more to:

 Some modules need to get slightly modified to recognize Oracle EL



Thankyou. 


On Aug 28, 2013, at 11:29 AM, Steven Nemetz snem...@hotmail.com wrote:

 Just use the RedHat packages
 We use the same packages for RedHat, CentOS, and Oracle EL
  
 Some modules need to get slightly modified to recognize Oracle EL
 
 Steven
 
  
  Subject: [Puppet Users] puppet client
  From: smcracr...@me.com
  Date: Wed, 28 Aug 2013 10:02:48 -0700
  To: puppet-users@googlegroups.com
  
  Hi,
  
  Looked but couldn't find information on Puppet client for Oracle 
  Unbreakable Enterprise Kernel Linux. 
  
  Could you point me to the methodology for the above on Open Source Puppet 
  which we have running (well) on and for regular Red Hat Linux which we used 
  Puppet Labs Yum repositories to install server and client effortlessly. 
  
  We use Oracle Unbreakable Enterprise Kernel on our vms which we want all 
  controlled by Puppet. 
  
  I was told by someone at Puppet Labs that it existed in some fashion...
  
  --Stuart
  RHCE/RHCSA/Oracle DBA/Sun/Mensa
  
  -- 
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To unsubscribe from this group and stop receiving emails from it, send an 
  email to puppet-users+unsubscr...@googlegroups.com.
  To post to this group, send email to puppet-users@googlegroups.com.
  Visit this group at http://groups.google.com/group/puppet-users.
  For more options, visit https://groups.google.com/groups/opt_out.
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet client

2013-08-29 Thread Stuart Cracraft

I assume it is just the version of puppet client  which matches the master's
own client and server which is 3.2.1. 

I.e.

puppet-3.2.1-1.el5.noarch.rpm

facter as well  

Any others for an Oracle UEK client?


--Stuart
RHCE/RHCSA/Oracle DBA/Sun/Mensa


On Aug 29, 2013, at 9:17 AM, Stuart Cracraft smcracr...@me.com wrote:

 
 Good morning!
 
 What are the relevant client rpms and
 URL for puppet client install to Oracle UEK Linux?
 
 I'm sitting at, in a browser:
  http://yum.puppetlabs.com/el/5Client/products/x86_64
 
 Also,  can you speak more to:
 
 Some modules need to get slightly modified to recognize Oracle EL
 
 
 
 Thankyou. 
 
 
 On Aug 28, 2013, at 11:29 AM, Steven Nemetz snem...@hotmail.com wrote:
 
 Just use the RedHat packages
 We use the same packages for RedHat, CentOS, and Oracle EL
  
 Some modules need to get slightly modified to recognize Oracle EL
 
 Steven
 
  
  Subject: [Puppet Users] puppet client
  From: smcracr...@me.com
  Date: Wed, 28 Aug 2013 10:02:48 -0700
  To: puppet-users@googlegroups.com
  
  Hi,
  
  Looked but couldn't find information on Puppet client for Oracle 
  Unbreakable Enterprise Kernel Linux. 
  
  Could you point me to the methodology for the above on Open Source Puppet 
  which we have running (well) on and for regular Red Hat Linux which we 
  used Puppet Labs Yum repositories to install server and client 
  effortlessly. 
  
  We use Oracle Unbreakable Enterprise Kernel on our vms which we want all 
  controlled by Puppet. 
  
  I was told by someone at Puppet Labs that it existed in some fashion...
  
  --Stuart
  RHCE/RHCSA/Oracle DBA/Sun/Mensa
  
  -- 
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To unsubscribe from this group and stop receiving emails from it, send an 
  email to puppet-users+unsubscr...@googlegroups.com.
  To post to this group, send email to puppet-users@googlegroups.com.
  Visit this group at http://groups.google.com/group/puppet-users.
  For more options, visit https://groups.google.com/groups/opt_out.
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet client

2013-08-28 Thread Stuart Cracraft

Hi,

Looked but couldn't find information on Puppet client for Oracle Unbreakable 
Enterprise Kernel Linux. 

Could you point me to the methodology for the above on Open Source Puppet which 
we have running (well) on and for regular Red Hat Linux which we used Puppet 
Labs Yum repositories to install server and client effortlessly. 

We use Oracle Unbreakable Enterprise Kernel on our vms which we want all 
controlled by Puppet. 

I was told by someone at Puppet Labs that it existed in some fashion...

--Stuart
RHCE/RHCSA/Oracle DBA/Sun/Mensa

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

RE: [Puppet Users] puppet client

2013-08-28 Thread Steven Nemetz

Just use the RedHat packages
We use the same packages for RedHat, CentOS, and Oracle EL
 
Some modules need to get slightly modified to recognize Oracle EL

Steven
 
 Subject: [Puppet Users] puppet client
 From: smcracr...@me.com
 Date: Wed, 28 Aug 2013 10:02:48 -0700
 To: puppet-users@googlegroups.com
 
 Hi,
 
 Looked but couldn't find information on Puppet client for Oracle Unbreakable 
 Enterprise Kernel Linux. 
 
 Could you point me to the methodology for the above on Open Source Puppet 
 which we have running (well) on and for regular Red Hat Linux which we used 
 Puppet Labs Yum repositories to install server and client effortlessly. 
 
 We use Oracle Unbreakable Enterprise Kernel on our vms which we want all 
 controlled by Puppet. 
 
 I was told by someone at Puppet Labs that it existed in some fashion...
 
 --Stuart
 RHCE/RHCSA/Oracle DBA/Sun/Mensa
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.
  

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet client not auto updating

2013-04-14 Thread Felix Frank

Hi,

there are agent options in puppet.conf that control how often the agent
runs etc.

Check whether the agent puts any messages into your syslog.

Find the agent process in the system's list of running processes.

You could try and run the agent in debug mode to see if anything goes
wrong. Stop the service, then run
puppet agent --no-daemonize --verbose --debug

HTH,
Felix

On 04/06/2013 12:38 AM, Sy Doveton wrote:
 I am new to puppet and am experimenting with some basic commands. I have
 a puppetmaster server and a couple or servers with puppet client. All
 servers are running ubuntu.
 
 I have set up the link between the master and the clients and their
 certs have been signed etc.
 
 The clients have had puppet started via 'service puppet start' and can
 confirm they are running with 'service puppet status'.
 
 When I make any changes on the master nothing happens on the servers. I
 have waited a couple of hours and e.g. the required package has not been
 installed on the client. As soon as I run on the client:-
 
 puppetd --test
 
 It will immediately install the package so I know my manifests / modules
 are correct as it does what I request when I manually ask it. I just
 need it to run periodically automatically and get the latest info from
 the master.
 
 Any ideas of things I can check?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet client not auto updating

2013-04-06 Thread Sy Doveton

I am new to puppet and am experimenting with some basic commands. I have a 
puppetmaster server and a couple or servers with puppet client. All servers 
are running ubuntu.

I have set up the link between the master and the clients and their certs 
have been signed etc.

The clients have had puppet started via 'service puppet start' and can 
confirm they are running with 'service puppet status'.

When I make any changes on the master nothing happens on the servers. I 
have waited a couple of hours and e.g. the required package has not been 
installed on the client. As soon as I run on the client:-

puppetd --test

It will immediately install the package so I know my manifests / modules 
are correct as it does what I request when I manually ask it. I just need 
it to run periodically automatically and get the latest info from the 
master.

Any ideas of things I can check?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet client not auto updating

2013-04-06 Thread Sy Doveton

Hi,

I am new to puppet and am experimenting with some basic commands. I have a 
puppetmaster server and a couple or servers with puppet client. All servers 
are running ubuntu.

I have set up the link between the master and the clients and their certs 
have been signed etc.

The clients have had puppet started via 'service puppet start' and can 
confirm they are running with 'service puppet status'.

When I make any changes on the master nothing happens on the servers. I 
have waited a couple of hours and e.g. the required package has not been 
installed on the client. As soon as I run on the client:-

puppetd --test

It will immediately install the package so I know my manifests / modules 
are correct as it does what I request when I manually ask it. I just need 
it to run periodically automatically and get the latest info from the 
master.

Any ideas of things I can check?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet client 0.22.1-1 unable to communicate with master on 3.0.2-1

2013-02-01 Thread Chux

Hi,

I have a client that I cannot upgrade from ubuntu 6.06 (due to application 
dependency issues) ... I have been able to get puppet/facter installed on 
it, but it seems unable to make certificate requests ..


#/usr/sbin/puppetd -d -t -v
err: No certificate; running with reduced functionality.
info: Creating a new certificate request for cofkedit.bodleian.ox.ac.uk
info: Requesting certificate
warning: peer certificate won't be verified in this SSL session
err: Could not call puppetca.getcert: #RuntimeError: HTTP-Error: 400 Bad 
Request
err: Could not request certificate: Certificate retrieval failed: 
HTTP-Error: 400 Bad Request
==

I have seem a few admonitions against using clients that are old, but I 
have no choice in this one if I hope to deploy puppet on it .. or are there 
work arounds I can attempt ?


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet client unable to sign puppet master certificate..

2013-01-15 Thread DreamBig

Hi ,

  Need this help desperately

1) Cleaned certificates from master
2) Cleaned ssl dir in agent
3) On agent - I run - puppet agent -t --waitforcert 60
4) On master - I sign the agent.
5) Again - I run puppet agent -t

I get the following error:
/opt/puppet/lib/ruby/site_ruby/1.8/puppet/defaults.rb:72: warning:
Insecure world writable dir /opt/perf in PATH, mode 040777
info: Retrieving plugin
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find class hosts for puppet.agent.com on node
puppet.agent.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Can someone help!!!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client runs outside of office hours

2012-12-12 Thread Stefan Goethals

We use this

  cron { puppet:
ensure  = present,
command = $ppt_cmd,
user= 'root',
hour= fqdn_rand(6),
minute  = fqdn_rand(60)
  }
so puppet runs happen 'randomly between midnight and 05:59

Regards,

Stefan - Zipkid - Goethals.


On Wed, Dec 12, 2012 at 6:23 AM, DenMat Gone tu2bg...@gmail.com wrote:

 Cron would be your best bet. You can manage cron jobs via puppet.


 kdo k...@hampels.com.au wrote:

 anyone have any smart ideas around scheduling puppet client runs during
 specific times ? such as outside of office hours ?

 any options that can be set in the puppet.conf for example ?

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ.

 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client runs outside of office hours

2012-12-11 Thread kdo

anyone have any smart ideas around scheduling puppet client runs during 
specific times ? such as outside of office hours ?

any options that can be set in the puppet.conf for example ?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client runs outside of office hours

2012-12-11 Thread DenMat Gone

Cron would be your best bet. You can manage cron jobs via puppet.

kdo k...@hampels.com.au wrote:

anyone have any smart ideas around scheduling puppet client runs during 
specific times ? such as outside of office hours ?


any options that can be set in the puppet.conf for example ?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-20 Thread Bret Wortman

Just to finish this one up, I had the service name wrong.

# puppet resource service puppetagent enable=yes ensure=running

Works just fine.


Bret

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/6GhA7riGZH4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-20 Thread Jakov Sosic


On 11/13/2012 03:46 PM, Darin Perusich wrote:

This is systemd weirdness. I've run into this error before on SuSE
with other init scripts and the fix was to reboot the machine. Then
you won't get the Loaded: error (Reason: No such file or directory)
anymore.


:-/

A little offtopic but I'm not looking forward to RHEL v7 and derivatives 
because of things like systemd... Don't fix it if ain't broken, and 
standard init served us well for quite some time...



--
Jakov Sosic
www.srce.unizg.hr

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client won't autostart

2012-11-13 Thread Bret Wortman

I'm getting this problem on all the puppet client's I've been setting up 
and it's got me both scratching my head (because I'm not seeing anything 
obvious in any system logs) and pausing in my rollout until I get it solved:

# puppet resource service puppet ensure=running enable=true
Error: Could not start Service[puppet]: Execution of '/sbin/service puppet 
start' returned 1:
Error: /Service[puppet]/ensure: change from stopped to running failed: 
Could not start Service[puppet]: Execution of '/sbin/service puppet start' 
returned 1:
service { 'puppet':
  ensure = 'stopped',
  enable = 'false',
}
# ps aux | grep 'puppet agent' | grep -v grep
# puppet agent 
# ps aux | grep 'puppet agent' | grep -v grep
root 55055 12.4  0.1 383924 45928 ?   Ssl   07:150:01 /usr/bin/ruby 
/bin/puppet agent
#

Where should I look first? I'm not sure why this will start for me 
interactively but not from the agent (this also fails if the agent is 
already running in exactly the same fashion).

Thanks!


Bret Wortman

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Martin Alfke

Hi Bret,

On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up and 
 it's got me both scratching my head (because I'm not seeing anything obvious 
 in any system logs) and pausing in my rollout until I get it solved:
 
 # puppet resource service puppet ensure=running enable=true

does the service script has a status option and does the status deliver proper 
results?

service puppet status

Some service scripts do not check properly for the status or they deliver wrong 
exit codes.
If this is the case you can set
hasstatus = false

hth,

Martin

 Error: Could not start Service[puppet]: Execution of '/sbin/service puppet 
 start' returned 1:
 Error: /Service[puppet]/ensure: change from stopped to running failed: Could 
 not start Service[puppet]: Execution of '/sbin/service puppet start' returned 
 1:
 service { 'puppet':
   ensure = 'stopped',
   enable = 'false',
 }
 # ps aux | grep 'puppet agent' | grep -v grep
 # puppet agent 
 # ps aux | grep 'puppet agent' | grep -v grep
 root 55055 12.4  0.1 383924 45928 ?   Ssl   07:150:01 /usr/bin/ruby 
 /bin/puppet agent
 #
 
 Where should I look first? I'm not sure why this will start for me 
 interactively but not from the agent (this also fails if the agent is already 
 running in exactly the same fashion).
 
 Thanks!
 
 
 Bret Wortman
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Bret Wortman

It does not (and this is odd since I'm using F17):

# service puppet status
Redirecting to /bin/systemctl  status puppet.service
puppet.service
 Loaded: error (Reason: No such file or directory)
 Active: inactive (dead)

and yet ps still shows it running.

But with your help, this at least starts it now, but I can't get the 
ensure bit working, and that's the really critical piece for us. Looks 
like Puppet is expecting to chkconfig this and that's not working. I also 
have no file in /etc/init.d at all, so there's apparently no start script 
on my system at all. I installed from the Puppetlabs repos.

# puppet resource service puppet hasstatus=false ensure=running enable=true
Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on' 
returned 1: error reading information on service puppet: No such file or 
directory
:
:
service { 'puppet':
  ensure = running,
  enable = false,
}
#

On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote:

 Hi Bret,

 On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up 
 and it's got me both scratching my head (because I'm not seeing anything 
 obvious in any system logs) and pausing in my rollout until I get it solved:

 # puppet resource service puppet ensure=running enable=true


 does the service script has a status option and does the status deliver 
 proper results?

 service puppet status

 Some service scripts do not check properly for the status or they deliver 
 wrong exit codes.
 If this is the case you can set
 hasstatus = false

 hth,

 Martin

 Error: Could not start Service[puppet]: Execution of '/sbin/service puppet 
 start' returned 1:
 Error: /Service[puppet]/ensure: change from stopped to running failed: 
 Could not start Service[puppet]: Execution of '/sbin/service puppet start' 
 returned 1:
 service { 'puppet':
   ensure = 'stopped',
   enable = 'false',
 }
 # ps aux | grep 'puppet agent' | grep -v grep
 # puppet agent 
 # ps aux | grep 'puppet agent' | grep -v grep
 root 55055 12.4  0.1 383924 45928 ?   Ssl   07:150:01 
 /usr/bin/ruby /bin/puppet agent
 #

 Where should I look first? I'm not sure why this will start for me 
 interactively but not from the agent (this also fails if the agent is 
 already running in exactly the same fashion).

 Thanks!


 Bret Wortman

 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ.
 To post to this group, send email to puppet...@googlegroups.comjavascript:
 .
 To unsubscribe from this group, send email to 
 puppet-users...@googlegroups.com javascript:.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Darin Perusich

This is systemd weirdness. I've run into this error before on SuSE
with other init scripts and the fix was to reboot the machine. Then
you won't get the Loaded: error (Reason: No such file or directory)
anymore.

--
Later,
Darin


On Tue, Nov 13, 2012 at 9:29 AM, Bret Wortman b...@thewortmans.org wrote:
 It does not (and this is odd since I'm using F17):

 # service puppet status
 Redirecting to /bin/systemctl  status puppet.service
 puppet.service
  Loaded: error (Reason: No such file or directory)
  Active: inactive (dead)

 and yet ps still shows it running.

 But with your help, this at least starts it now, but I can't get the
 ensure bit working, and that's the really critical piece for us. Looks
 like Puppet is expecting to chkconfig this and that's not working. I also
 have no file in /etc/init.d at all, so there's apparently no start script on
 my system at all. I installed from the Puppetlabs repos.

 # puppet resource service puppet hasstatus=false ensure=running enable=true
 Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on'
 returned 1: error reading information on service puppet: No such file or
 directory
 :
 :
 service { 'puppet':
   ensure = running,
   enable = false,
 }
 #

 On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote:

 Hi Bret,

 On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up
 and it's got me both scratching my head (because I'm not seeing anything
 obvious in any system logs) and pausing in my rollout until I get it solved:

 # puppet resource service puppet ensure=running enable=true


 does the service script has a status option and does the status deliver
 proper results?

 service puppet status

 Some service scripts do not check properly for the status or they deliver
 wrong exit codes.
 If this is the case you can set
 hasstatus = false

 hth,

 Martin

 Error: Could not start Service[puppet]: Execution of '/sbin/service puppet
 start' returned 1:
 Error: /Service[puppet]/ensure: change from stopped to running failed:
 Could not start Service[puppet]: Execution of '/sbin/service puppet start'
 returned 1:
 service { 'puppet':
   ensure = 'stopped',
   enable = 'false',
 }
 # ps aux | grep 'puppet agent' | grep -v grep
 # puppet agent
 # ps aux | grep 'puppet agent' | grep -v grep
 root 55055 12.4  0.1 383924 45928 ?   Ssl   07:150:01
 /usr/bin/ruby /bin/puppet agent
 #

 Where should I look first? I'm not sure why this will start for me
 interactively but not from the agent (this also fails if the agent is
 already running in exactly the same fashion).

 Thanks!


 Bret Wortman

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ.
 To post to this group, send email to puppet...@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread jcbollinger



On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote:

 Hi Bret,

 On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up 
 and it's got me both scratching my head (because I'm not seeing anything 
 obvious in any system logs) and pausing in my rollout until I get it solved:

 # puppet resource service puppet ensure=running enable=true


 does the service script has a status option and does the status deliver 
 proper results?

 service puppet status

 Some service scripts do not check properly for the status or they deliver 
 wrong exit codes.
 If this is the case you can set
 hasstatus = false


Or, better, fix the service script.  Note that Puppet cares only about the 
exit code; it ignores the output and error streams.  Be sure to check / fix 
the exit codes of *all* initscript actions, but especially start, stop, 
status, and restart actions.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/s3DERbSNhD4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Bret Wortman

This problem has continued through multiple reboots across multiple systems.

On Tuesday, November 13, 2012 9:47:03 AM UTC-5, Darin Perusich wrote:

 This is systemd weirdness. I've run into this error before on SuSE 
 with other init scripts and the fix was to reboot the machine. Then 
 you won't get the Loaded: error (Reason: No such file or directory) 
 anymore. 

 -- 
 Later, 
 Darin 


 On Tue, Nov 13, 2012 at 9:29 AM, Bret Wortman 
 br...@thewortmans.orgjavascript: 
 wrote: 
  It does not (and this is odd since I'm using F17): 
  
  # service puppet status 
  Redirecting to /bin/systemctl  status puppet.service 
  puppet.service 
   Loaded: error (Reason: No such file or directory) 
   Active: inactive (dead) 
  
  and yet ps still shows it running. 
  
  But with your help, this at least starts it now, but I can't get the 
  ensure bit working, and that's the really critical piece for us. Looks 
  like Puppet is expecting to chkconfig this and that's not working. I 
 also 
  have no file in /etc/init.d at all, so there's apparently no start 
 script on 
  my system at all. I installed from the Puppetlabs repos. 
  
  # puppet resource service puppet hasstatus=false ensure=running 
 enable=true 
  Error: Could not enable puppet: Execution of '/sbin/chkconfig puppet on' 
  returned 1: error reading information on service puppet: No such file or 
  directory 
  : 
  : 
  service { 'puppet': 
ensure = running, 
enable = false, 
  } 
  # 
  
  On Tuesday, November 13, 2012 8:40:08 AM UTC-5, Martin Alfke wrote: 
  
  Hi Bret, 
  
  On 13.11.2012, at 13:18, Bret Wortman wrote: 
  
  I'm getting this problem on all the puppet client's I've been setting 
 up 
  and it's got me both scratching my head (because I'm not seeing 
 anything 
  obvious in any system logs) and pausing in my rollout until I get it 
 solved: 
  
  # puppet resource service puppet ensure=running enable=true 
  
  
  does the service script has a status option and does the status deliver 
  proper results? 
  
  service puppet status 
  
  Some service scripts do not check properly for the status or they 
 deliver 
  wrong exit codes. 
  If this is the case you can set 
  hasstatus = false 
  
  hth, 
  
  Martin 
  
  Error: Could not start Service[puppet]: Execution of '/sbin/service 
 puppet 
  start' returned 1: 
  Error: /Service[puppet]/ensure: change from stopped to running failed: 
  Could not start Service[puppet]: Execution of '/sbin/service puppet 
 start' 
  returned 1: 
  service { 'puppet': 
ensure = 'stopped', 
enable = 'false', 
  } 
  # ps aux | grep 'puppet agent' | grep -v grep 
  # puppet agent 
  # ps aux | grep 'puppet agent' | grep -v grep 
  root 55055 12.4  0.1 383924 45928 ?   Ssl   07:150:01 
  /usr/bin/ruby /bin/puppet agent 
  # 
  
  Where should I look first? I'm not sure why this will start for me 
  interactively but not from the agent (this also fails if the agent is 
  already running in exactly the same fashion). 
  
  Thanks! 
  
  
  Bret Wortman 
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups 
  Puppet Users group. 
  To view this discussion on the web visit 
  https://groups.google.com/d/msg/puppet-users/-/Craxa7MPMXUJ. 
  To post to this group, send email to puppet...@googlegroups.com. 
  To unsubscribe from this group, send email to 
  puppet-users...@googlegroups.com. 
  For more options, visit this group at 
  http://groups.google.com/group/puppet-users?hl=en. 
  
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups 
  Puppet Users group. 
  To view this discussion on the web visit 
  https://groups.google.com/d/msg/puppet-users/-/62Ns4IuyUJgJ. 
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:. 

  To unsubscribe from this group, send email to 
  puppet-users...@googlegroups.com javascript:. 
  For more options, visit this group at 
  http://groups.google.com/group/puppet-users?hl=en. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/OXgaS9wEIQ0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Bret Wortman

It is kind of funny that we're talking about using puppet's tricks for 
working around bad start scripts for puppet's own software


On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote:



 On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote:

 Hi Bret,

 On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up 
 and it's got me both scratching my head (because I'm not seeing anything 
 obvious in any system logs) and pausing in my rollout until I get it solved:

 # puppet resource service puppet ensure=running enable=true


 does the service script has a status option and does the status deliver 
 proper results?

 service puppet status

 Some service scripts do not check properly for the status or they deliver 
 wrong exit codes.
 If this is the case you can set
 hasstatus = false


 Or, better, fix the service script.  Note that Puppet cares only about the 
 exit code; it ignores the output and error streams.  Be sure to check / fix 
 the exit codes of *all* initscript actions, but especially start, 
 stop, status, and restart actions.


 John



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Michael Stahnke

On Tue, Nov 13, 2012 at 8:31 AM, Bret Wortman b...@thewortmans.org wrote:
 It is kind of funny that we're talking about using puppet's tricks for
 working around bad start scripts for puppet's own software


 On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote:



 On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote:

 Hi Bret,

 On 13.11.2012, at 13:18, Bret Wortman wrote:

 I'm getting this problem on all the puppet client's I've been setting up
 and it's got me both scratching my head (because I'm not seeing anything
 obvious in any system logs) and pausing in my rollout until I get it solved:

 # puppet resource service puppet ensure=running enable=true


 does the service script has a status option and does the status deliver
 proper results?

 service puppet status

 Some service scripts do not check properly for the status or they deliver
 wrong exit codes.
 If this is the case you can set
 hasstatus = false


 Or, better, fix the service script.  Note that Puppet cares only about the
 exit code; it ignores the output and error streams.  Be sure to check / fix
 the exit codes of all initscript actions, but especially start, stop,
 status, and restart actions.


 John

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ.

 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

Please try not to top post.  It makes following the conversation very difficult.


This is probably something to do with either

1.  Puppet init script with systemd
2.  Puppet's interaction with systemd.

Both are really new and honestly, I'm certain they're not bug free
yet.  If you could file a bug we'll look into this.  I've noticed the
issue too on one of my home systems and just haven't looked into it
yet.

http://projects.puppetlabs.com/projects/puppet-community-pkg-repo/issues/new

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client won't autostart

2012-11-13 Thread Bret Wortman

On Tuesday, November 13, 2012 12:03:36 PM UTC-5, Michael Stanhke wrote:

 On Tue, Nov 13, 2012 at 8:31 AM, Bret Wortman 
 br...@thewortmans.orgjavascript: 
 wrote: 
  It is kind of funny that we're talking about using puppet's tricks for 
  working around bad start scripts for puppet's own software 
  
  
  On Tuesday, November 13, 2012 9:58:57 AM UTC-5, jcbollinger wrote: 
  
  
  
  On Tuesday, November 13, 2012 7:40:08 AM UTC-6, Martin Alfke wrote: 
  
  Hi Bret, 
  
  On 13.11.2012, at 13:18, Bret Wortman wrote: 
  
  I'm getting this problem on all the puppet client's I've been setting 
 up 
  and it's got me both scratching my head (because I'm not seeing 
 anything 
  obvious in any system logs) and pausing in my rollout until I get it 
 solved: 
  
  # puppet resource service puppet ensure=running enable=true 
  
  
  does the service script has a status option and does the status 
 deliver 
  proper results? 
  
  service puppet status 
  
  Some service scripts do not check properly for the status or they 
 deliver 
  wrong exit codes. 
  If this is the case you can set 
  hasstatus = false 
  
  
  Or, better, fix the service script.  Note that Puppet cares only about 
 the 
  exit code; it ignores the output and error streams.  Be sure to check / 
 fix 
  the exit codes of all initscript actions, but especially start, 
 stop, 
  status, and restart actions. 
  
  
  John 
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups 
  Puppet Users group. 
  To view this discussion on the web visit 
  https://groups.google.com/d/msg/puppet-users/-/4vZduFoHCrYJ. 
  
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:. 

  To unsubscribe from this group, send email to 
  puppet-users...@googlegroups.com javascript:. 
  For more options, visit this group at 
  http://groups.google.com/group/puppet-users?hl=en. 

 Please try not to top post.  It makes following the conversation very 
 difficult. 

 For you, maybe. For old school guys like me, it's quite natural. But I'll 
try to force Google Groups to comply. ;-) 


 This is probably something to do with either 

 1.  Puppet init script with systemd 
 2.  Puppet's interaction with systemd. 

 Both are really new and honestly, I'm certain they're not bug free 
 yet.  If you could file a bug we'll look into this.  I've noticed the 
 issue too on one of my home systems and just haven't looked into it 
 yet. 


Will do, and I'm happy to help out in any way I can. I love the tool and 
appreciate your commitment to open source and community-supported versions. 
Thanks for your help!



 http://projects.puppetlabs.com/projects/puppet-community-pkg-repo/issues/new 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/KP-SmJ1aW9MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-11 Thread Josh Cooper

Hi,

On Oct 10, 2012, at 6:58 PM, Pondy m.p...@griffith.edu.au wrote:

 Hi Gabrielle,
 
 Yes, I have listen = true and I cannot see that port open with netstat... I 
 am truly confused, theres not much showing in the logs either.
 
 Thanks!
 
 
 On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote:
 
 On 2012-10-10 18:37, Pondy wrote: 
  Hi All, thanks for your input. So, I am talking about the puppet client. 
 
 ah oops sorry, I'm not used to dealing with this option :\ my bad 
 
  The puppet master server and all other clients seem to be working ok. I 
  am also unable to telnet locally to port 8139 or 8140. 
 
 hmm this is weird. in your original post you showed us that there were 
 no iptables rules, and you do have listen = true in your puppet.conf. 
 
 do you see the port as open and listening with netstat? 
 
 -- 
 Gabriel Filion
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

Try running with --debug. Note you'll need to provide an auth.conf on the 
client otherwise no one will be allowed to connect, and puppet will ignore the 
listen setting.

Josh

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Pondy

Hi everyone,

Please help, I have built a new server and installed puppet (2.6.17) 
running on RHEL 6.3. It seems that it is not listening on port 8139.

iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source   destination 

Chain FORWARD (policy ACCEPT)
target prot opt source   destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination 

/etc/puppet/puppet.conf:
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion.  Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt

# Where puppetd caches the local configuration.  An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
listen = true
server = mypuppet server.fqdn

/etc/puppet/namespaceauth.conf:
[puppetmaster]
allow mypuppet server.fqdn

/etc/puppet/auth.conf:
# This is an example auth.conf file, it mimics the puppetmasterd defaults
#
# The ACL are checked in order of appearance in this file.
#
# Supported syntax:
# This file supports two different syntax depending on how
# you want to express the ACL.
#
# Path syntax (the one used below):
# -
# path /path/to/resource
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The path is matched as a prefix. That is /file match at
# the same time /file_metadat and /file_content.
#
# Regex syntax:
# -
# This one is differenciated from the path one by a '~'
#
# path ~ regex
# [environment envlist]
# [method methodlist]
# [auth[enthicated] {yes|no|on|off|any}]
# allow [host|ip|*]
# deny [host|ip]
#
# The regex syntax is the same as ruby ones.
#
# Ex:
# path ~ .pp$
# will match every resource ending in .pp (manifests files for instance)
#
# path ~ ^/path/to/resource
# is essentially equivalent to path /path/to/resource
#
# environment:: restrict an ACL to a specific set of environments
# method:: restrict an ACL to a specific set of methods
# auth:: restrict an ACL to an authenticated or unauthenticated request
# the default when unspecified is to restrict the ACL to authenticated 
requests
# (ie exactly as if auth yes was present).
#

### Authenticated ACL - those applies only when the client
### has a valid certificate and is thus authenticated

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

# allow all nodes to access the certificates services
path /certificate_revocation_list/ca
method find
allow *

# allow all nodes to store their reports
path /report
method save
allow *

# Puppetrun settings
path /run
allow mypuppet server fqdn

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

### Unauthenticated ACL, for clients for which the current master doesn't
### have a valid certificate

# allow access to the master CA
path /certificate/ca
auth no
method find
allow *

path /certificate/
auth no
method find
allow *

path /certificate_request
auth no
method find, save
allow *

# this one is not stricly necessary, but it has the merit
# to show the default policy which is deny everything else
path /
auth any

It seems as though the puppet is running:
 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd 
--server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log

But I cant even telnet to port 8139 on the localhost to test that the port 
is open.

Can any one please help?

Any suggestions welcome, I have copied the /etc/puppet/*.conf files from 
another working server.

Please Help!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7kFNpVNAyd4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Gabriel Filion

On 2012-10-10 02:35, Pondy wrote:
 Hi everyone,
 
 Please help, I have built a new server and installed puppet (2.6.17)
 running on RHEL 6.3. It seems that it is not listening on port 8139.

By default, puppet listens on 8140, not 8139. And your configuration
doesn't seem to be specifying an alternative port.

maybe that's what you ought to looking for?

tcp0  0 0.0.0.0:81400.0.0.0:*
LISTEN  18794/ruby1.8


 iptables -L:
 Chain INPUT (policy ACCEPT)
 target prot opt source   destination 
 
 Chain FORWARD (policy ACCEPT)
 target prot opt source   destination 
 
 Chain OUTPUT (policy ACCEPT)
 target prot opt source   destination 
 
 /etc/puppet/puppet.conf:
 [main]
 # The Puppet log directory.
 # The default value is '$vardir/log'.
 logdir = /var/log/puppet
 
 # Where Puppet PID files are kept.
 # The default value is '$vardir/run'.
 rundir = /var/run/puppet
 
 # Where SSL certificates are kept.
 # The default value is '$confdir/ssl'.
 ssldir = $vardir/ssl
 
 [agent]
 # The file in which puppetd stores a list of the classes
 # associated with the retrieved configuratiion.  Can be loaded in
 # the separate ``puppet`` executable using the ``--loadclasses``
 # option.
 # The default value is '$confdir/classes.txt'.
 classfile = $vardir/classes.txt
 
 # Where puppetd caches the local configuration.  An
 # extension indicating the cache format is added automatically.
 # The default value is '$confdir/localconfig'.
 localconfig = $vardir/localconfig
 listen = true
 server = mypuppet server.fqdn
 
 /etc/puppet/namespaceauth.conf:
 [puppetmaster]
 allow mypuppet server.fqdn
 
 /etc/puppet/auth.conf:
 # This is an example auth.conf file, it mimics the puppetmasterd defaults
 #
 # The ACL are checked in order of appearance in this file.
 #
 # Supported syntax:
 # This file supports two different syntax depending on how
 # you want to express the ACL.
 #
 # Path syntax (the one used below):
 # -
 # path /path/to/resource
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The path is matched as a prefix. That is /file match at
 # the same time /file_metadat and /file_content.
 #
 # Regex syntax:
 # -
 # This one is differenciated from the path one by a '~'
 #
 # path ~ regex
 # [environment envlist]
 # [method methodlist]
 # [auth[enthicated] {yes|no|on|off|any}]
 # allow [host|ip|*]
 # deny [host|ip]
 #
 # The regex syntax is the same as ruby ones.
 #
 # Ex:
 # path ~ .pp$
 # will match every resource ending in .pp (manifests files for instance)
 #
 # path ~ ^/path/to/resource
 # is essentially equivalent to path /path/to/resource
 #
 # environment:: restrict an ACL to a specific set of environments
 # method:: restrict an ACL to a specific set of methods
 # auth:: restrict an ACL to an authenticated or unauthenticated request
 # the default when unspecified is to restrict the ACL to authenticated
 requests
 # (ie exactly as if auth yes was present).
 #
 
 ### Authenticated ACL - those applies only when the client
 ### has a valid certificate and is thus authenticated
 
 # allow nodes to retrieve their own catalog (ie their configuration)
 path ~ ^/catalog/([^/]+)$
 method find
 allow $1
 
 # allow all nodes to access the certificates services
 path /certificate_revocation_list/ca
 method find
 allow *
 
 # allow all nodes to store their reports
 path /report
 method save
 allow *
 
 # Puppetrun settings
 path /run
 allow mypuppet server fqdn
 
 # inconditionnally allow access to all files services
 # which means in practice that fileserver.conf will
 # still be used
 path /file
 allow *
 
 ### Unauthenticated ACL, for clients for which the current master doesn't
 ### have a valid certificate
 
 # allow access to the master CA
 path /certificate/ca
 auth no
 method find
 allow *
 
 path /certificate/
 auth no
 method find
 allow *
 
 path /certificate_request
 auth no
 method find, save
 allow *
 
 # this one is not stricly necessary, but it has the merit
 # to show the default policy which is deny everything else
 path /
 auth any
 
 It seems as though the puppet is running:
  4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
 --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
 
 But I cant even telnet to port 8139 on the localhost to test that the
 port is open.
 
 Can any one please help?
 
 Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
 another working server.
 
 Please Help!


-- 
Gabriel Filion



signature.asc
Description: OpenPGP digital signature

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Jo Rhett


On Oct 9, 2012, at 11:35 PM, Pondy wrote:
 Please help, I have built a new server and installed puppet (2.6.17) running 
 on RHEL 6.3. It seems that it is not listening on port 8139.
...
 It seems as though the puppet is running:
  4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd 
 --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log

That's the puppet client. You want to start the puppetmaster with service 
puppetmaster start to get the server. 

As per the other replier, default port is 8140 unless you've changed it in the 
config.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Pondy

Hi All, thanks for your input. So, I am talking about the puppet client. 
The puppet master server and all other clients seem to be working ok. I am 
also unable to telnet locally to port 8139 or 8140.

On Thursday, 11 October 2012 04:30:21 UTC+10, Jo wrote:


 On Oct 9, 2012, at 11:35 PM, Pondy wrote:

 Please help, I have built a new server and installed puppet (2.6.17) 
 running on RHEL 6.3. It seems that it is not listening on port 8139.

 ...

 It seems as though the puppet is running:
  4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd 
 --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log


 That's the puppet client. You want to start the puppetmaster with service 
 puppetmaster start to get the server. 

 As per the other replier, default port is 8140 unless you've changed it in 
 the config.

 -- 
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet 
 projects.


  


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/skdRN9Ej2uwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Gabriel Filion

On 2012-10-10 18:37, Pondy wrote:
 Hi All, thanks for your input. So, I am talking about the puppet client.

ah oops sorry, I'm not used to dealing with this option :\ my bad

 The puppet master server and all other clients seem to be working ok. I
 am also unable to telnet locally to port 8139 or 8140.

hmm this is weird. in your original post you showed us that there were
no iptables rules, and you do have listen = true in your puppet.conf.

do you see the port as open and listening with netstat?

-- 
Gabriel Filion



signature.asc
Description: OpenPGP digital signature

Re: [Puppet Users] Puppet client not listening on port 8139

2012-10-10 Thread Pondy

Hi Gabrielle,

Yes, I have listen = true and I cannot see that port open with netstat... I 
am truly confused, theres not much showing in the logs either.

Thanks!


On Thursday, 11 October 2012 09:46:31 UTC+10, Lelutin wrote:

 On 2012-10-10 18:37, Pondy wrote: 
  Hi All, thanks for your input. So, I am talking about the puppet client. 

 ah oops sorry, I'm not used to dealing with this option :\ my bad 

  The puppet master server and all other clients seem to be working ok. I 
  am also unable to telnet locally to port 8139 or 8140. 

 hmm this is weird. in your original post you showed us that there were 
 no iptables rules, and you do have listen = true in your puppet.conf. 

 do you see the port as open and listening with netstat? 

 -- 
 Gabriel Filion 



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/idS-uhlhCSMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client can't get certificate

2012-10-04 Thread mike sonero


Hi All,

I apologize for what I'm sure is a very boneheaded question, but I'm 
stuck.  I have a number of puppet agents all talking to the same master.  
Things worked great until at some point one of the agents stopped talking 
to the master - I'm not sure why that happened.  I decided to wipe its key 
from the master and start fresh.  Unfortunately I haven't had any luck 
getting them to play nicely.

The agent is running 2.7.11.  The master is running 2.7.1.  They can ping, 
do hostname lookups, etc to each other.

When I attempt a manual update from the agent I see:
  ubuntu@agent:~$ sudo puppet agent --onetime --no-daemonize --verbose
  warning: peer certificate won't be verified in this SSL session
  warning: peer certificate won't be verified in this SSL session
  warning: peer certificate won't be verified in this SSL session
  Exiting; no certificate found and waitforcert is disabled

Doing a sudo puppet cert list on the master shows nothing pending.  
Running the server with debugging turned on shows the following:
  ubuntu@puppet:/var/lib$ sudo puppetmasterd --no-daemonize --debug 
--verbose
   ...startup...
  info: access[^/catalog/([^/]+)$]: allowing 'method' find
  info: access[^/catalog/([^/]+)$]: allowing $1 access
  info: access[^/node/([^/]+)$]: allowing 'method' find
  info: access[^/node/([^/]+)$]: allowing $1 access
  info: access[/certificate_revocation_list/ca]: allowing 'method' find
  info: access[/certificate_revocation_list/ca]: allowing * access
  info: access[/report]: allowing 'method' save
  info: access[/report]: allowing * access
  info: access[/file]: allowing * access
  info: access[/certificate/ca]: adding authentication no
  info: access[/certificate/ca]: allowing 'method' find
  info: access[/certificate/ca]: allowing * access
  info: access[/certificate/]: adding authentication no
  info: access[/certificate/]: allowing 'method' find
  info: access[/certificate/]: allowing * access
  info: access[/certificate_request]: adding authentication no
  info: access[/certificate_request]: allowing 'method' find
  info: access[/certificate_request]: allowing 'method' save
  info: access[/certificate_request]: allowing * access
  info: access[/]: adding authentication any
  info: Inserting default '/status'(auth) ACL because none were found in 
'/etc/puppet/auth.conf'
  info: Could not find certificate for 'agent.foo.com'
  info: Could not find certificate for 'agent.foo.com'
  info: Could not find certificate for 'agent.foo.com'

I tried generating a key on the server (even though it said there was no 
pending request) with:
  cert generate agent.foo.com

However, the client then reported:
  ubuntu@agent:~$ sudo puppet agent --onetime --no-daemonize --verbose 
--waitforcert 120
  err: Could not request certificate: The certificate retrieved from the 
master does not match the agent's private key.
  Certificate fingerprint: 51:E2:EC:3B:28:39:FB:24:95:38:AD:FE:D0:89:8C:93
  To fix this, remove the certificate from both the master and the agent 
and then start a puppet run, which will automatically regenerate a 
certficate.
  On the master:
puppet cert clean agent.foo.com
  On the agent:
rm -f /var/lib/puppet/ssl/certs/agent.foo.com.pem
puppet agent -t

I followed those instructions, but now am back at the beginning...

If anybody has ideas on things I might try I'd really appreciate it!  Sorry 
if I didn't include the right info.  /var/log/syslog seemed pretty empty.

Thanks,
- mike


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/4P4Iu7xlZIwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER

2012-08-20 Thread Jo Rhett

You should spend some time and determine how and why that is happening. I can 
assure you that it's not normal, so this is something specific to some custom 
code on your site.

On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote:
 I am seriously thinking of putting those recursive chown's in root crontab on 
 puppet masters and puppet agents for /etc/puppet* and 
 /var/lib/puppet*
 
 I shouldn't have to do this but have 
 seen cases of ownership reversion. 
 
 
 --Stuart
 
 Via Apple iPhone 4S on the ATT Wireless Network
 
 
 On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote:
 
 For the people still looking for an answer:
 chown -R puppet:puppet /var/lib/puppet/reports
 
 Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende:
 Thank. I am pasting the entire message here: 
 
 Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request 
 certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD 
 HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html 
 head meta http-equiv=Content-Type content=text/html; 
 charset=UTF-8 meta name=generator content=Phusion 
 Passenger titleRuby (Rack) application could not be started/ 
 title style type=text/css body {  font- 
 family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif; 
 font-size: 10pt;background: white;  color: 
 #22; margin: 0;  padding-top: 3em;   padding- 
 bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; }  h1 
 {   font-size: 17pt;font-weight: medium;color: 
 #533e72; border-bottom: 1px solid #533e72; }  h1.title 
 { margin-top: 0; }  h1.error_title {  color: red; 
 border-bottom: 1px solid red; }  a {text-decoration: none; } 
 a:hover { text-decoration: underline; }  dt { font-weight: 
 bold;  color: #280050; }  dd { margin-top: 0.5em; 
 margin-bottom: 1em; }  .commands {  border: 1px 
 
 Somehow I am able to get the certificate for the client. Since above 
 error message says Ruby (Rack) application could not be started, I 
 did 
 #rackup /usr/share/puppet/rack/puppetmasterd/config.ru 
 Then I see the rack process on puppet server 
 #ps -ef|grep rack 
 puppet   27140 1  0 14:21 ?00:00:00 Rack: /usr/share/ 
 puppet/rack/puppetmasterd 
 
 From then on the server is able to receive the client certificate 
 request and sign it. 
 
 Do I have to start the rack manually in a manner like that? I thought 
 if I start httpd service, it would start rack automatically. 
 
 I am still not sure if I did everything right. 
 
 Thanks, 
 -Haiyan 
 
 
 
 
 
 
 On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch) 
 hugo.cisnei...@gmail.com wrote: 
  On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote: 
   Hi, I am new to puppet. 
  
   I have puppet server set up with passenger. But when I start puppetd 
   from client, I see following error in the syslog file: 
   Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request 
   certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD 
   HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html 
   head meta http-equiv=Content-Type content=text/html; 
   charset=UTF-8 meta name=generator content=Phusion 
   Passenger titleRuby (Rack) application could not be started/ 
   title  
  
  You didn't paste the most important part of the error. Thie page ruby/rack 
  generates usually have some pretty useful information in an error field. 
  Like a module missing on an import/require, permission problems, and so 
  on. 
  Please identify and post the error so we can be helpful :) 
  
  -- 
  []'s 
  Hugowww.devin.com.br
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER

2012-08-20 Thread Mark Christian

Have you confirmed that puppet master is running as user = puppet?

On the master check: puppet --genconfig|grep user

Mark

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of Jo Rhett
Sent: Monday, August 20, 2012 1:03 PM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] puppet client could not request certificate: Error 
500 on SERVER

You should spend some time and determine how and why that is happening. I can 
assure you that it's not normal, so this is something specific to some custom 
code on your site.

On Aug 19, 2012, at 10:56 AM, Stuart Cracraft wrote:
I am seriously thinking of putting those recursive chown's in root crontab on 
puppet masters and puppet agents for /etc/puppet* and
/var/lib/puppet*

I shouldn't have to do this but have
seen cases of ownership reversion.

--Stuart

Via Apple iPhone 4S on the ATT Wireless Network

On Aug 13, 2012, at 3:04 AM, Frederik Vos inktvi...@gmail.com wrote:
For the people still looking for an answer:
chown -R puppet:puppet /var/lib/puppet/reports

Op woensdag 30 maart 2011 21:02:43 UTC+2 schreef hyzhang het volgende:
Thank. I am pasting the entire message here:

Mar 30 14:01:04 puppetclient1 puppet-agent[28571]: Could not request
certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
head meta http-equiv=Content-Type content=text/html;
charset=UTF-8 meta name=generator content=Phusion
Passenger titleRuby (Rack) application could not be started/
title style type=text/css body {  font-
family: Verdana, 'Bitstream Vera Sans', Arial, Sans-Serif;
font-size: 10pt;background: white;  color:
#22; margin: 0;  padding-top: 3em;   padding-
bottom: 3em;padding-left: 4.5em;padding-right: 4.5em; }  h1
{   font-size: 17pt;font-weight: medium;color:
#533e72; border-bottom: 1px solid #533e72; }  h1.title
{ margin-top: 0; }  h1.error_title {  color: red;
border-bottom: 1px solid red; }  a {text-decoration: none; }
a:hover { text-decoration: underline; }  dt { font-weight:
bold;  color: #280050; }  dd { margin-top: 0.5em;
margin-bottom: 1em; }  .commands {  border: 1px

Somehow I am able to get the certificate for the client. Since above
error message says Ruby (Rack) application could not be started, I
did
#rackup /usr/share/puppet/rack/puppetmasterd/config.ru
Then I see the rack process on puppet server
#ps -ef|grep rack
puppet   27140 1  0 14:21 ?00:00:00 Rack: /usr/share/
puppet/rack/puppetmasterd

From then on the server is able to receive the client certificate
request and sign it.

Do I have to start the rack manually in a manner like that? I thought
if I start httpd service, it would start rack automatically.

I am still not sure if I did everything right.

Thanks,
-Haiyan

On Mar 30, 2:38 pm, Hugo Cisneiros (Eitch)
hugo.cisnei...@gmail.com wrote:
 On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote:
  Hi, I am new to puppet.

  I have puppet server set up with passenger. But when I start puppetd
  from client, I see following error in the syslog file:
  Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request
  certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
  HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
  head meta http-equiv=Content-Type content=text/html;
  charset=UTF-8 meta name=generator content=Phusion
  Passenger titleRuby (Rack) application could not be started/
  title 

 You didn't paste the most important part of the error. Thie page ruby/rack
 generates usually have some pretty useful information in an error field.
 Like a module missing on an import/require, permission problems, and so on.
 Please identify and post the error so we can be helpful :)

 --
 []'s
 Hugowww.devin.com.br

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ltKL6JvCWQEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users

[Puppet Users] puppet client environment is being ignored from foreman settings

2012-08-16 Thread Yaniv Fine

Hi experts .
i am runnig foreman 1 
puppetmaster 2.7.18
i have setup a test client machine .
on foreman i have configured the new client to be part of the development 
environment .
on the client i have setup that it will run the following from site.pp to 
debug information .
notify { environment:
message = $environment


when i run on the client .
puppet agent--test --debug --verbose

i get Notify[environment]/message: defined 'message' as 'production'
allthought on foreman this client is setup as development
when i add the 
environment  = development on the client /etc/puppet.puppet.conf 
the client get Notify[environment]/message: defined 'message' as 
'development'   which is ok .

BTW in foreman = settings 
i have default_puppet_environment = testing 
which is beeing ignored via the client .


is this normal that i need to override the foreman client setting . with a 
environment  = development on the client /etc/puppet.puppet.conf 



thank you 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client environment is being ignored from foreman settings

2012-08-16 Thread Sam Kottler

Hi Yaniv,

Do you have the environment defined in puppet.conf on the agent and use
Foreman as an ENC? If so, you're probably seeing
http://projects.puppetlabs.com/issues/3910.

Some users are getting around this bug by adding functionality to the ENC
script that validates the environment defined in Foreman against the one in
the host's puppet.conf. Someone who has done this might be able to help you
on the foreman-users list.

-Sam

On Thu, Aug 16, 2012 at 11:05 AM, Yaniv Fine yanivf...@gmail.com wrote:

 Hi experts .
 i am runnig foreman 1
 puppetmaster 2.7.18
 i have setup a test client machine .
 on foreman i have configured the new client to be part of the development
 environment .
 on the client i have setup that it will run the following from site.pp to
 debug information .
 notify { environment:
 message = $environment


 when i run on the client .
 puppet agent--test --debug --verbose

 i get Notify[environment]/message: defined 'message' as 'production'
 allthought on foreman this client is setup as development
 when i add the
 environment  = development on the client /etc/puppet.puppet.conf
 the client get Notify[environment]/message: defined 'message' as
 'development'   which is ok .

 BTW in foreman = settings
 i have default_puppet_environment = testing
 which is beeing ignored via the client .


 is this normal that i need to override the foreman client setting . with a
 environment  = development on the client /etc/puppet.puppet.conf 
 


 thank you

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client environment is being ignored from foreman settings

2012-08-16 Thread Sam Kottler

Yaniv,

I was asking if you happen to have an environment defined on your agent in
puppet.conf. Anyhow, we can handle this over on foreman-users :)

-Sam

On Thu, Aug 16, 2012 at 1:01 PM, Yaniv Fine yanivf...@gmail.com wrote:

 Why do i have to define environment in puppet.conf on the agent . Isnt
 defining the host in a group on foreman good enugh ? .in general there
 could be a conflict . Btw when i configure env in puppet.conf it does work
 like expected but it ignored the setting related to env .in foreman
 On Aug 16, 2012 7:19 PM, Sam Kottler s...@kottlerdevelopment.com wrote:

 Hi Yaniv,

 Do you have the environment defined in puppet.conf on the agent and use
 Foreman as an ENC? If so, you're probably seeing
 http://projects.puppetlabs.com/issues/3910.

 Some users are getting around this bug by adding functionality to the ENC
 script that validates the environment defined in Foreman against the one in
 the host's puppet.conf. Someone who has done this might be able to help you
 on the foreman-users list.

 -Sam

 On Thu, Aug 16, 2012 at 11:05 AM, Yaniv Fine yanivf...@gmail.com wrote:

 Hi experts .
 i am runnig foreman 1
 puppetmaster 2.7.18
 i have setup a test client machine .
 on foreman i have configured the new client to be part of the
 development environment .
 on the client i have setup that it will run the following from site.pp
 to debug information .
 notify { environment:
 message = $environment


 when i run on the client .
 puppet agent--test --debug --verbose

 i get Notify[environment]/message: defined 'message' as 'production'
 allthought on foreman this client is setup as development
 when i add the
 environment  = development on the client /etc/puppet.puppet.conf
 the client get Notify[environment]/message: defined 'message' as
 'development'   which is ok .

 BTW in foreman = settings
 i have default_puppet_environment = testing
 which is beeing ignored via the client .


 is this normal that i need to override the foreman client setting . with
 a environment  = development on the client /etc/puppet.puppet.conf 
 


 thank you

  --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/JF3PZ63IdjAJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client only install on Gentoo

2012-01-26 Thread psychobyte

Hi,

 I'm using Gentoo and puppet-2.6.12.  The puppet master and client are
wrapped up in the same package, app-admin/puppet.  Can someone suggest
a simple way of installing only the puppet client (I'm new to Gentoo)?

Thanks,

P.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client server connection refused when I use puppet kick

2012-01-26 Thread tomkap12

I have very strange problem. I set up puppet client on serveral
servers but have problem with one of them.
When I invoke:

root@www ~ # puppet agent --server puppetmaster.domain.ltd --test
notice: Ignoring --listen on onetime run
info: Caching catalog for puppetclient.domain.ltd
info: Applying configuration version '132631'
notice: Finished catalog run in 3.15 seconds

everything works ok.
New changes are applied to system.

When I try to pull changes to client from server:

root@www ~ # puppet kick puppetclient.domain.ltd
I got errors on client's syslog:

Jan 15 14:01:23 www puppet-agent[20903]: triggered run
Jan 15 14:01:24 www puppet-agent[20903]: Could not retrieve
catalog from remote server: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: Using cached catalog
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Cronapt/
File[/etc/cron.daily/cronapt]) Could not evaluate: Connection refused
- connect(2) Could not retrieve file metadata for puppet:///cronapt/cronapt:
Connection refused - connect(2) at /etc/puppet/modules/cronapt/
manifests/init.pp:7
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
File[/usr/lib/nagios/plugins/]) Failed to generate additional
resources using 'eval_generate: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
File[/usr/lib/nagios/plugins/]) Could not evaluate: Connection refused
- connect(2) Could not retrieve file metadata for 
puppet:///nagios/usr/lib/nagios/plugins:
Connection refused - connect(2) at /etc/puppet/modules/nagios/
manifests/init.pp:27
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
File[/etc/nagios/nrpe.cfg]) Could not evaluate: Connection refused -
connect(2) Could not retrieve file metadata for 
puppet:///nagios/etc/nagios/nrpe.cfg:
Connection refused - connect(2) at /etc/puppet/modules/nagios/
manifests/init.pp:18
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
Exec[/etc/init.d/nagios-nrpe-server reload]) Dependency File[/etc/
nagios/nrpe.cfg] has failures: true
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
Exec[/etc/init.d/nagios-nrpe-server reload]) Skipping because of
failed dependencies
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/
File[/etc/apache2/conf.d/deny.conf]) Could not evaluate: Connection
refused - connect(2) Could not retrieve file metadata for
puppet:///apache2/etc/apache2/conf.d/deny.conf: Connection refused -
connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:7
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/
Service[apache2]) Dependency File[/etc/apache2/conf.d/deny.conf] has
failures: true
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/
Service[apache2]) Skipping because of failed dependencies
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
File[/etc/nagios/cfg.d/]) Failed to generate additional resources
using 'eval_generate: Connection refused - connect(2)
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/
File[/etc/nagios/cfg.d/]) Could not evaluate: Connection refused -
connect(2) Could not retrieve file metadata for 
puppet:///nagios/etc/nagios/cfg.d:
Connection refused - connect(2) at /etc/puppet/modules/nagios/
manifests/init.pp:37
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/
File[/etc/apache2/.htpasswd]) Could not evaluate: Connection refused -
connect(2) Could not retrieve file metadata for 
puppet:///apache2/etc/apache2/.htpasswd:
Connection refused - connect(2) at /etc/puppet/modules/apache2/
manifests/init.pp:31
Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/
File[/usr/share/phpmyadmin/.htaccess]) Could not evaluate: Connection
refused - connect(2) Could not retrieve file metadata for
puppet:///apache2/usr/share/phpmyadmin/.htaccess: Connection refused -
connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:23
Jan 15 14:01:24 www puppet-agent[20903]: Finished catalog run in
0.33 seconds
Jan 15 14:01:24 www puppet-agent[20903]: Could not send report:
Connection refused - connect(2)

Here are configuration files at puppetclient.domain.ltd

puppet.conf

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
listen = true

runinterval=1800
splay=true
summarize = true

auth.conf:

path /
method find, search, save
auth yes
allow puppetmaster.domain.ltd

namespaceauth.conf

[fileserver]
allow *
[puppetmaster]
allow *
[puppetrunner]
allow *
[puppetbucket]
allow *
[puppetreports]
allow *
[resource]
allow *


Puppet master version 2.7.9

Puppet client version 2.7.6

[Puppet Users] Puppet client port to be open

2011-11-29 Thread Namrata

Hi,

Just a quick question. In order for puppet run to execute successfully
on puppet client (ubuntu 10.04), the port 8139 on puppet client should
be open and listening correct? Do we also require that port 8140 be
open and running on puppet client?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

AW: [Puppet Users] puppet client can not pull configuration from puppetmaster

2011-11-10 Thread Bernd Adamowicz

Can you be a little bit more precise please? What are you doing exactly, which 
commands? What is not working? Any error messages in syslog?

Bernd

 -Ursprüngliche Nachricht-
 Von: puppet-users@googlegroups.com [mailto:puppet-
 us...@googlegroups.com] Im Auftrag von Javid Mehraban
 Gesendet: Mittwoch, 9. November 2011 15:21
 An: Puppet Users
 Betreff: [Puppet Users] puppet client can not pull configuration from
 puppetmaster
 
 hello everybody,
 
 
 
 I am new to puppet world. I have a problem. I can push the
 configuration toward the puppet agent. but in returen the puppet agent
 can pull the configuration from the puppetmaster.
 
 If anybody wil help me I will be thankful in advance
 
 
 
 
 
 Best Regards,
 
 --
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to puppet-
 users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client can not pull configuration from puppetmaster

2011-11-09 Thread Javid Mehraban

hello everybody,



I am new to puppet world. I have a problem. I can push the
configuration toward the puppet agent. but in returen the puppet agent
can pull the configuration from the puppetmaster.

If anybody wil help me I will be thankful in advance





Best Regards,

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client starting problem !!

2011-11-01 Thread Felix Frank

Hi,

On 10/31/2011 07:47 AM, Swati Longia wrote:
 I don't even have normal linux commands like useradd or groupadd in this
 OS.

is this a requirement? Because:

 /err: Could not create resources for managing Puppet's files and
 directories in sections [:main, :agent, :ssl]: Could not find a default
 provider for user/

Puppet doesn't seem to be able to work in this environment.

Your basic installation should really comprise the most basic toolchain,
including useradd.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client starting problem !!

2011-10-31 Thread Swati Longia

Hi,

I have installed puppet 2.7.5 from tar on open suse 10.1. My ruby version
is 1.8.5 and facter version is 1.6.2. The opensuse OS is pretty
minimalistic.
I don't even have normal linux commands like useradd or groupadd in this OS.

When I run the master it runs completely fine.

*puppetmasterd  --server puppetmaster.mydomain.com --verbose --no-daemon*
*notice: Starting Puppet master version 2.7.5*


But when I try running the puppet client, the hostname for that client is *
Proc_m0_s2*, it gives me error.

*puppetd --server puppetmaster.mydomain.com  --verbose --no-daemon*
*warning: iconv doesn't seem to support UTF-8/UTF-16 conversions*
*err: Could not create resources for managing Puppet's files and
directories in sections [:main, :agent, :ssl]: Could not find a default
provider for user*
*err: Could not create resources for managing Puppet's files and
directories in sections [:main, :ssl]: Could not find a default provider
for user*
*info: Creating a new SSL key for proc_m0_s2.tspinternal*
*err: Could not request certificate: Could not write
/etc/puppet/ssl/private_keys/proc_m0_s2.tspinternal.pem to privatekeydir:
Could not find a default provider for user*
*info: Creating a new SSL key for proc_m0_s2.tspinternal*
*err: Could not request certificate: Could not write
/etc/puppet/ssl/private_keys/proc_m0_s2.tspinternal.pem to privatekeydir:
Could not find a default provider for user*

I tried googling for this error but without any result. Please someone help
!! I have a deadline before which I need to get the master and client
configuration done correctly.

Thanks !!


Regards,
Swati

Nothing is too small to know, and nothing too big to attempt.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client dying without errors

2011-09-22 Thread Basil Baby

From the debug mode logs, ruby was having trouble with LDAP.
Debug Error message:
ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result:
Assertion `r != ((void *)0)' failed

Is there way I can exclude puppet not to look up LDAP to avoid this
situation? I did try adding following entry in /etc/ldap.conf but
didn't help.
nss_initgroups_ignoreusers root

-Basil

On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood 
christopher_w...@pobox.com wrote:

 On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote:
 Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2)
 are
 dying with out any error messages on on syslog.� I cannot see much
 system
 resource usage on these nodes.
 
 What is the best way to troubleshoot the root cause of the problem?

 Without having huge scads of puppet knowledge, if they die frequently
 enough perhaps running one of these in the foreground with debug/tee to see
 if they spit out any interesting messages?

 See puppet agent -h for your exact command line parameters, but something
 like:

 puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log


 -Basil
 
 --
 You received this message because you are subscribed to the Google
 Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client dying without errors

2011-09-22 Thread Iain Sutton

This looks much like the error we had, which was:

ruby: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld !=
((void *)0)' failed.

Under CentOS/RHEL, you need to upgrade the version of nss_ldap to
253-37.el5_6.1 (or later)
Bug details: https://bugzilla.redhat.com/show_bug.cgi?id=684889 and
https://bugzilla.redhat.com/show_bug.cgi?id=703831

Bug fix advisory:
http://rhn.redhat.com/errata/RHBA-2011-0514.html
Note that things other than puppet will be affected by this problem, such as
ssh connections!

BTW, your nss_initgroups_ignoreusers addition looks correct.
On 23 September 2011 07:53, Basil Baby basilb...@gmail.com wrote:

 From the debug mode logs, ruby was having trouble with LDAP.
 Debug Error message:
 ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion `r 
 != ((void *)0)' failed


 Is there way I can exclude puppet not to look up LDAP to avoid this 
 situation? I did try adding following entry in /etc/ldap.conf but didn't help.
 nss_initgroups_ignoreusers root

 -Basil

 On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood 
 christopher_w...@pobox.com wrote:

  On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote:
 Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2)
 are
 dying with out any error messages on on syslog.� I cannot see much
 system
 resource usage on these nodes.
 
 What is the best way to troubleshoot the root cause of the problem?

 Without having huge scads of puppet knowledge, if they die frequently
 enough perhaps running one of these in the foreground with debug/tee to see
 if they spit out any interesting messages?

 See puppet agent -h for your exact command line parameters, but
 something like:

 puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log


 -Basil
 
 --
 You received this message because you are subscribed to the Google
 Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client dying without errors

2011-09-22 Thread Basil Baby

Thanks for the help! As per RedHat release note, the updates on the package
is promising.
Updated nss_ldap on couple hosts to see whether it fixes the problem or not.

-Basil


On Thu, Sep 22, 2011 at 7:08 PM, Iain Sutton iainsut...@gmail.com wrote:

 This looks much like the error we had, which was:

 ruby: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld
 != ((void *)0)' failed.

 Under CentOS/RHEL, you need to upgrade the version of nss_ldap to
 253-37.el5_6.1 (or later)
 Bug details: https://bugzilla.redhat.com/show_bug.cgi?id=684889 and
 https://bugzilla.redhat.com/show_bug.cgi?id=703831

 Bug fix advisory:
 http://rhn.redhat.com/errata/RHBA-2011-0514.html
 Note that things other than puppet will be affected by this problem, such
 as ssh connections!

 BTW, your nss_initgroups_ignoreusers addition looks correct.
 On 23 September 2011 07:53, Basil Baby basilb...@gmail.com wrote:

 From the debug mode logs, ruby was having trouble with LDAP.


 Debug Error message:
 ruby: ../../../libraries/libldap/error.c:273: ldap_parse_result: Assertion 
 `r != ((void *)0)' failed


 Is there way I can exclude puppet not to look up LDAP to avoid this 
 situation? I did try adding following entry in /etc/ldap.conf but didn't 
 help.
 nss_initgroups_ignoreusers root



 -Basil

 On Fri, Sep 2, 2011 at 11:41 AM, Christopher Wood 
 christopher_w...@pobox.com wrote:

  On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote:
 Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2)
 are
 dying with out any error messages on on syslog.� I cannot see much
 system
 resource usage on these nodes.
 
 What is the best way to troubleshoot the root cause of the problem?

 Without having huge scads of puppet knowledge, if they die frequently
 enough perhaps running one of these in the foreground with debug/tee to see
 if they spit out any interesting messages?

 See puppet agent -h for your exact command line parameters, but
 something like:

 puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log


 -Basil
 
 --
 You received this message because you are subscribed to the Google
 Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client dying without errors

2011-09-02 Thread Basil Baby

Few of my puppet clients (puppet 0.24.8,  ruby 1.8.5, facter 1.5.2) are
dying with out any error messages on on syslog.  I cannot see much system
resource usage on these nodes.

What is the best way to troubleshoot the root cause of the problem?

-Basil

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client dying without errors

2011-09-02 Thread Christopher Wood

On Thu, Sep 01, 2011 at 08:31:55PM -0400, Basil Baby wrote:
Few of my puppet clients (puppet 0.24.8,� ruby 1.8.5, facter 1.5.2) are
dying with out any error messages on on syslog.� I cannot see much system
resource usage on these nodes.
 
What is the best way to troubleshoot the root cause of the problem?

Without having huge scads of puppet knowledge, if they die frequently enough 
perhaps running one of these in the foreground with debug/tee to see if they 
spit out any interesting messages?

See puppet agent -h for your exact command line parameters, but something 
like:

puppet agent --no-daemonize --debug 21 | tee /var/tmp/p1.log

 
-Basil
 
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client do-overs

2011-07-01 Thread Craig White


On Jun 30, 2011, at 8:21 PM, Nathan Clemons wrote:

 What problem do you have with puppetstoreconfigclean.rb? The problem I 
 usually have is that I forget it has to be run as root on the puppetmaster, I 
 keep thinking I need to run it on the client machine.

The other issue I fixed... PEBKAC naturally

# ruby puppetstoredconfigclean.rb ubuntu.ttinet
puppetstoredconfigclean.rb:54:in `require': no such file to load -- 
puppet/rails (LoadError)
from puppetstoredconfigclean.rb:54

root@ubuntu:/etc/puppet# which ruby
/usr/local/bin/ruby

root@ubuntu:/etc/puppet# gem list --local

*** LOCAL GEMS ***

abstract (1.0.0)
actionmailer (3.0.4)
actionpack (3.0.4)
activeldap (1.2.4)
activemodel (3.0.4)
activerecord (3.0.4, 2.3.12)
activeresource (3.0.4)
activesupport (3.0.4, 2.3.12)
arel (2.0.8)
builder (2.1.2)
bundler (1.0.10)
daemon_controller (0.2.6)
erubis (2.6.6)
facter (1.5.9)
fast_gettext (0.5.8)
fastthread (1.0.7)
file-tail (1.0.5)
gettext_i18n_rails (0.2.2)
i18n (0.5.0)
json (1.5.2)
locale (2.0.5)
mail (2.2.15)
mime-types (1.16)
mysql (2.8.1)
passenger (3.0.7)
polyglot (0.3.1)
puppet (2.6.8)
rack (1.2.1)
rack-mount (0.6.13)
rack-test (0.5.7)
rails (3.0.4)
railties (3.0.4)
rake (0.8.7)
ruby-ldap (0.9.11)
spruz (0.2.5)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.24)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client do-overs

2011-06-30 Thread Craig White

I am pulling in the 'client' intended version of puppet.conf on my puppetmaster 
system - probably because I had a package that required a class it shouldn't 
have and I have fixed that (I think - hard to test) but even after killing off 
all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and 
/var/lib/puppet/state/* and restarting puppetd they just seem to reload the 
specific mod_puppet classes that it shouldn't. Perhaps it is a stored config 
and I've tried running puppetstoredconfigclean.rb without any success (user 
stupidity for not knowing what this host file is supposed to look like).

How can I get a fresh start with a client so it operates only on the classes it 
is configured to use?

Craig

-- 
Craig White ~~  craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client do-overs

2011-06-30 Thread Nathan Clemons

What problem do you have with puppetstoreconfigclean.rb? The problem I
usually have is that I forget it has to be run as root on the puppetmaster,
I keep thinking I need to run it on the client machine.

--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Thu, Jun 30, 2011 at 9:59 AM, Craig White craig.wh...@ttiltd.com wrote:

 I am pulling in the 'client' intended version of puppet.conf on my
 puppetmaster system - probably because I had a package that required a class
 it shouldn't have and I have fixed that (I think - hard to test) but even
 after killing off all puppetd processes, clearing out
 /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting
 puppetd they just seem to reload the specific mod_puppet classes that it
 shouldn't. Perhaps it is a stored config and I've tried running
 puppetstoredconfigclean.rb without any success (user stupidity for not
 knowing what this host file is supposed to look like).

 How can I get a fresh start with a client so it operates only on the
 classes it is configured to use?

 Craig

 --
 Craig White ~~  craig.wh...@ttiltd.com
 1.800.869.6908 ~~~ www.ttiassessments.com

 Need help communicating between generations at work to achieve your desired
 success? Let us help!

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client not receiving cert

2011-05-12 Thread Tim Dunphy

hello list!!

I'm having an issue where a client is not receiving it's cert




[root@ec2-50-16-98-245 ~]# puppetd -t --waitforcert 15 --server
puppet.example.net
info: Creating a new SSL key for ec2-xx-xx-xx-xxx.compute-1.amazonaws.com
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for
ec2-xx-xx-xx-xxx.compute-1.amazonaws.com
info: Certificate Request fingerprint (md5):
93:17:4C:99:18:B9:8C:68:4E:2A:89:76:A4:28:04:81
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
notice: Did not receive certificate




although the server is running and listening on 8140


[root@puppet ~]# lsof -i :8140
COMMANDPID   USER   FD   TYPE DEVICE SIZE NODE NAME
puppetmas 1694 puppet7u  IPv4   7222   TCP *:8140 (LISTEN)


and nmap confirms port is open


Starting Nmap 5.21 ( http://nmap.org ) at 2011-05-12 14:50 EDT
Nmap scan report for puppet.example.net (xx.xx.xxx.xxx)
Host is up (0.014s latency).
rDNS record for xx.xx.xxx.xxx: ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com
PORT STATE SERVICE
8140/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds


http is running

[root@puppet puppet]# service httpd status
httpd (pid  3606) is running...



but the only errors I see are 404's the only logs in the
/var/log/masterhttp.log


[2011-05-12 15:35:54] - - /production/certificate/portero-fs.ec2.internal
[2011-05-12 15:35:55] ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com - -
[12/May/2011:15:35:55 EDT] GET
/production/certificate/ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com
HTTP/1.1 404


but the puppet client runs well on the puppet server itself...


[root@puppet puppet]# puppetd -t
info: Loading facts in mysql
info: Loading facts in configured_ntp_servers
info: Loading facts in mysql
info: Loading facts in configured_ntp_servers
info: Caching catalog for puppet.acadaca.net
info: /Stage[main]/Centos/Tidy[/var/lib/amanda]: File does not exist
info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/c5-media.repo]: File
does not exist
info: /Stage[main]/Centos/Tidy[/etc/yum.repos.d/CentOS.repo]: File
does not exist
info: /Stage[main]/Apache/Tidy[/etc/httpd/conf.d/ssl.conf]: File does not exist
info: Applying configuration version '1305227995'
notice: /Stage[main]/Centos/Exec[import dag key]/returns: executed successfully
notice: /Stage[main]/Centos/Exec[import webtatic key]/returns:
executed successfully
notice: /Stage[main]/Centos/Exec[import remi key]/returns: executed successfully
notice: Finished catalog run in 4.84 seconds

I would appreciate any advice you may have...

thanks!

tim
-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client 'certificate verify failed'

2011-04-15 Thread Felix Frank

On 04/13/2011 05:11 AM, Martin Orda wrote:
 Hi,
 
 I've looked in the archives and elsewhere but couldn't find a solution
 to the issue I'm having. I'm running puppet with an external CA that I
 manage myself (ca=false for puppetmasterd) puppetmasterd is behind
 nginx reverse proxy. On the client I'm getting:
 
 root@web01:~# puppet agent  --verbose --no-daemonize --onetime
 err: Could not retrieve catalog from remote server: SSL_connect
 returned=1 errno=0 state=SSLv3 read server certificate B: certificate
 verify failed
 notice: Using cached catalog
 err: Could not retrieve catalog; skipping run
 
 The puppetmaster's fqdn is excel.example.com and the SSL settings on
 the master shouldn't really matter since nginx is the SSL endpoint in
 this scenario. Could you have a look at the below (also available as
 http://pastie.org/1789339) and let me know if my config is sensible or
 if you can spot anything incorrect?

Hi,

as a matter of fact, I don't see where you're telling the client to talk
to excel.example.com (puppet agent's server parameter).
As is, the agent probably just talks to puppet. If your master cert is
for excel and not puppet, you're bound to get errors.

If setting this doesn't help, you should use openssl s_client to query
your master's certificate and find out why a client would fail its
verification.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client 'certificate verify failed'

2011-04-12 Thread Martin Orda

Hi,

I've looked in the archives and elsewhere but couldn't find a solution
to the issue I'm having. I'm running puppet with an external CA that I
manage myself (ca=false for puppetmasterd) puppetmasterd is behind
nginx reverse proxy. On the client I'm getting:

root@web01:~# puppet agent  --verbose --no-daemonize --onetime
err: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed
notice: Using cached catalog
err: Could not retrieve catalog; skipping run

The puppetmaster's fqdn is excel.example.com and the SSL settings on
the master shouldn't really matter since nginx is the SSL endpoint in
this scenario. Could you have a look at the below (also available as
http://pastie.org/1789339) and let me know if my config is sensible or
if you can spot anything incorrect?

Upon puppet agent's invocation, no private keys or CSRs are created
which was my goal yet the verification fails. Below I've shown that
the checksums for the certificates used by both the client and master
are the same. Could you tell me (or point to a relevant explanation)
what is being verified in this process?

*** puppetmaster (excel):

/etc/puppet/puppet.conf:

 [main]
 ca=false
 ssldir=/etc/ssl
 cadir=$ssldir
 publickeydir=$ssldir/public
 privatekeydir=$ssldir/private

 certdir=$ssldir/certs
 vardir=/var/lib/puppet

 localcacert = $certdir/ca-example.pem

 [agent]
 vardir = /var/lib/puppet
 logdir = /var/log/puppet
 templatedir = /var/lib/puppet/templates
 factpath = $vardir/lib/facter

 hostcert = $certdir/$certname.pem
 hostprivkey = $privatedir/$certname.pem
 hostpubkey = $publickeydir/$certname.pem

 [master]
 certname = puppet.example.com
 servertype = mongrel



Relevant parts of /etc/nginx/sites-enabled/default:

 server {
   listen 8140;

   ssl on;
   ssl_verify_client   on;
   ssl_session_timeout 5m;
   ssl_certificate /etc/ssl/certs/puppet.example.com.crt;
   ssl_certificate_key /etc/ssl/private/puppet.example.com.pem;
   ssl_client_certificate  /etc/ssl/certs/ca-example.crt;
   #ssl_crl /etc/ssl/crl.pem;

 }

 SSL certs:

 excel:/etc# for i in `find /etc/ssl/ -name '*.pem'`; do md5sum $i; done
 295340125c63ae9d64a87efc17135fec  /etc/ssl/certs/ca-example.pem
 7dbfce2a18002180a89df1853885273c  /etc/ssl/certs/puppet.example.com.pem
 6e33bd09dde9df47274a2ff1e06c1727  /etc/ssl/certs/web01.example.com.pem
 ce15583b70c297f1be3c07b6c2f9828a  /etc/ssl/private/ca-example.pem
 f724911baa98c21291fe4eba4082266a  /etc/ssl/private/puppet.example.com.pem
 a38699481a609f32fab4374b5e51f4b0  /etc/ssl/private/web01.example.com.pem
 5c269566c26c1f268df08b8162e388aa  /etc/ssl/crl.pem
 39571a88f872fa33256692f7e97d266f  /etc/ssl/public/ca-example.pem
 2bf6ed6843c4e523c0e0c6f387fd792b  /etc/ssl/public/puppet.example.com.pem
 94ab66cac55b88c5e8bf02b8a774187d  /etc/ssl/public/web01.example.com.pem




*** puppet client (web01):

/etc/puppet/puppet.conf:

 [main]
 ca=false
 ssldir=/etc/ssl
 cadir=$ssldir
 publickeydir=$ssldir/public
 #privatedir=$ssldir/private
 privatekeydir=$ssldir/private
 certdir=$ssldir/certs

 [agent]
 vardir = /var/lib/puppet
 logdir = /var/log/puppet
 templatedir = /var/lib/puppet/templates
 factpath = $vardir/lib/facter

 localcacert = $certdir/ca-example.pem
 hostprivkey = /etc/ssl/private/web01.example.com.pem
 hostpubkey = $publickeydir/$certname.pem

SSL certs:

 root@web01:~# for i in `find /etc/ssl -name '*.pem'`; do md5sum $i; done
 a38699481a609f32fab4374b5e51f4b0  /etc/ssl/private/web01.example.com.pem
 6e33bd09dde9df47274a2ff1e06c1727  /etc/ssl/certs/web01.example.com.pem
 295340125c63ae9d64a87efc17135fec  /etc/ssl/certs/ca-example.pem
 94ab66cac55b88c5e8bf02b8a774187d  /etc/ssl/public/web01.example.com.pem
 39571a88f872fa33256692f7e97d266f  /etc/ssl/public/ca-example.pem
 5c269566c26c1f268df08b8162e388aa  /etc/ssl/crl.pem

excel:~# date; ssh 172.19.80.212 date
Wed Apr 13 02:36:23 BST 2011
Wed Apr 13 02:36:23 BST 2011

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client certs dns

2011-04-04 Thread Felix Frank

On 04/01/2011 08:23 PM, FRLinux wrote:
 Hello,
 
 First off, forgive me if that has been discussed before.
 
 Has there been any thought given to using dns records queried from the
 IP of a host where puppet is installed? Reason I'm asking is we had an
 issue in which our fqdn got screwed up in /etc/hosts in the form of
 node.example instead of host.example.com and that led to the server
 signing the cert for the host (yeah bad, we use auto signing) as
 node.example which of course was not a valid host declared in sites.
 
 This is not a rant, just a question. Thanks for anyone who can shed
 any light on this.

Hi,

certification can be painful at times, but I don't see the real problem
you had with requesting a signature on a badly named cert?

You can always just revoke it on the master and have your client issue a
new CSR.

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client certs dns

2011-04-04 Thread FRLinux

On Mon, Apr 4, 2011 at 9:50 AM, Felix Frank
felix.fr...@alumni.tu-berlin.de wrote:
 certification can be painful at times, but I don't see the real problem
 you had with requesting a signature on a badly named cert?

 You can always just revoke it on the master and have your client issue a
 new CSR.

Hello,

Thanks for your response, my point was more that if puppet relied on
querying the FQDN for the box, it would request the right cert all the
time.

Cheers,
Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client certs dns

2011-04-01 Thread FRLinux

Hello,

First off, forgive me if that has been discussed before.

Has there been any thought given to using dns records queried from the
IP of a host where puppet is installed? Reason I'm asking is we had an
issue in which our fqdn got screwed up in /etc/hosts in the form of
node.example instead of host.example.com and that led to the server
signing the cert for the host (yeah bad, we use auto signing) as
node.example which of course was not a valid host declared in sites.

This is not a rant, just a question. Thanks for anyone who can shed
any light on this.

Cheers,
Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client could not request certificate: Error 500 on SERVER

2011-03-30 Thread hyzhang

Hi, I am new to puppet.

I have puppet server set up with passenger. But when I start puppetd
from client, I see following error in the syslog file:
Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request
certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
head meta http-equiv=Content-Type content=text/html;
charset=UTF-8 meta name=generator content=Phusion
Passenger titleRuby (Rack) application could not be started/
title 

I see puppetd process from the client
#ps -ef|grep puppet
root 28571 1  0 Mar29 ?00:00:07 /usr/bin/ruby /usr/
sbin/puppetd --server=puppet-dev.jcvi.org --logdest=syslog

Can anyone tell me what the problem is here?

Thanks,
-Haiyan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client could not request certificate: Error 500 on SERVER

2011-03-30 Thread Hugo Cisneiros (Eitch)

On Wed, Mar 30, 2011 at 3:00 PM, hyzhang hyzh...@jcvi.org wrote:

 Hi, I am new to puppet.

 I have puppet server set up with passenger. But when I start puppetd
 from client, I see following error in the syslog file:
 Mar 30 13:52:03 puppetclient1 puppet-agent[29732]: Could not request
 certificate: Error 500 on SERVER: !DOCTYPE HTML PUBLIC -//W3C//DTD
 HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html
 head meta http-equiv=Content-Type content=text/html;
 charset=UTF-8 meta name=generator content=Phusion
 Passenger titleRuby (Rack) application could not be started/
 title 


You didn't paste the most important part of the error. Thie page ruby/rack
generates usually have some pretty useful information in an error field.
Like a module missing on an import/require, permission problems, and so on.
Please identify and post the error so we can be helpful :)

-- 
[]'s
Hugo
www.devin.com.br

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client log events, centralized?

2010-10-13 Thread Forrie

I've noticed that events for puppet client are logged locally (I'm
just starting out with puppet).   Is there a way to have these events
sent to a central parser so they might be easily parsed/sorted/acted-
upon?

I probably missed a configuration directive.


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client log events, centralized?

2010-10-13 Thread Scott Smith

Syslog server

On Wed, Oct 13, 2010 at 4:09 PM, Forrie for...@gmail.com wrote:

 I've noticed that events for puppet client are logged locally (I'm
 just starting out with puppet).   Is there a way to have these events
 sent to a central parser so they might be easily parsed/sorted/acted-
 upon?

 I probably missed a configuration directive.


 Thanks.

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-us...@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
http://about.me/scoot
http://twitter.com/ohlol

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client log events, centralized?

2010-10-13 Thread Bruce Richardson

On Wed, Oct 13, 2010 at 04:09:34PM -0700, Forrie wrote:
 I've noticed that events for puppet client are logged locally (I'm
 just starting out with puppet).   Is there a way to have these events
 sent to a central parser so they might be easily parsed/sorted/acted-
 upon?
 
 I probably missed a configuration directive.

http://projects.puppetlabs.com/projects/1/wiki/Reports_And_Reporting

-- 
Bruce

Get thee behind me, Stan: for it is written, thou hast gotten me into
another fine mess.  -- Oliver 4:8


signature.asc
Description: Digital signature

Re: [Puppet Users] Puppet Client using wrong environment.

2010-03-18 Thread Tony G.

When no environment is defined it uses production, per my notes:

environments = production,testing,development
manifest = /opt/puppet/production/site.pp
modulepath = /opt/puppet/production/modules

This is part of [main].


On Wed, Mar 17, 2010 at 5:00 PM, Rob McBroom mailingli...@skurfer.comwrote:

 How is the environment determined when you don’t specify one? On my
 systems, it seems that the `--environment` option is completely ignored. I
 imagine this is because the external information (from LDAP in my case)
 always takes precedence.

 --
 Rob McBroom
 http://www.skurfer.com/

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-us...@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
Tony

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Client using wrong environment.

2010-03-18 Thread Tony G.

Finally found the issue

I never looked into the /etc/puppet directory(my bad), there was the issue,
a strange one although but here is what happened, in there were two
files(wish I knew why there were that second if we use puppet 0.24.8):

puppet.conf
puppetd.conf

Same content, nothing different, I don't declare the environment in there as
I use it in /etc/sysconfig/puppet

[app02 ~]$ grep environment /etc/puppet/puppet.conf /etc/puppet/puppetd.conf

[app02 ~]$ diff /etc/puppet/puppet.conf /etc/puppet/puppetd.conf
[app02 ~]# /usr/sbin/puppetd -t --environment=*development*
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
info: Retrieving plugins
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
info: mount[localhost]: Mounted /
info: mount[modules]: Mounted
info: mount[plugins]: Mounted
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
info: Sent transaction report in 1.47 seconds
notice: Finished catalog run in 16.85 seconds
[app02 ~]# grep -m2 -P development|production
/var/lib/puppet/localconfig.yaml
file: /opt/puppet/*production*/classes/yumrepos.pp
file: /opt/puppet/*production*/classes/yumrepos.pp

Fixing:
*[app02 ~]# rm /etc/puppet/puppetd.conf*
*rm: remove regular file `/etc/puppet/puppetd.conf'? y*

[app02 ~]# /usr/sbin/puppetd -t --environment=*development*
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
info: Retrieving plugins
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
info: mount[localhost]: Mounted /
info: mount[modules]: Mounted
info: mount[plugins]: Mounted
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
info: Loading fact drac
info: Loading fact rhelver
info: Loading fact sserial
notice: 
//Node[app02.example.com]/common::ldap/Sudo::Config[standard]/Package[sudo-ldap]/ensure:
removed
notice: 
//Node[app02.example.com]/common::ldap/Sudo::Config[standard]/Package[sudo]/ensure:
created
info: Sent transaction report in 0.37 seconds
notice: Finished catalog run in 18.09 seconds
[app02 ~]# grep -m2 -P development|production
/var/lib/puppet/localconfig.yaml
  file: /opt/puppet/*development*/site.pp
file: /opt/puppet/*development*/classes/common.pp

So what is doing puppetd is reading both files and for some reason ignoring
the --environment flag via command line or the flag in the
/etc/sysconfig/puppet when bringing up the daemon with the
/etc/init.d/puppet script.

Doing a strace I see both files are being opened with puppetd:
open(/etc/puppet/puppetd.conf, O_RDONLY) = 3
open(/etc/puppet/puppet.conf, O_RDONLY) = 4

I assume it attempts to read puppetd.conf as it was the old config file, but
should it ignore the environment flag as it's doing it?

Thanks


On Thu, Mar 18, 2010 at 10:24 AM, Tony G. tony...@gmail.com wrote:

 When no environment is defined it uses production, per my notes:


 environments = production,testing,development
 manifest = /opt/puppet/production/site.pp
 modulepath = /opt/puppet/production/modules

 This is part of [main].



 On Wed, Mar 17, 2010 at 5:00 PM, Rob McBroom mailingli...@skurfer.comwrote:

 How is the environment determined when you don’t specify one? On my
 systems, it seems that the `--environment` option is completely ignored. I
 imagine this is because the external information (from LDAP in my case)
 always takes precedence.

 --
 Rob McBroom
 http://www.skurfer.com/

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-us...@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
 .
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




 --
 Tony




-- 
Tony

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Client using wrong environment.

2010-03-17 Thread Rob McBroom

How is the environment determined when you don’t specify one? On my systems, it 
seems that the `--environment` option is completely ignored. I imagine this is 
because the external information (from LDAP in my case) always takes precedence.

-- 
Rob McBroom
http://www.skurfer.com/

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet client - could not parse YAML data

2010-02-01 Thread Jason Amato

Any ideas?

Getting this error below from only 2 out of a total of 200 clients...

puppetd[26557]: Could not retrieve catalog from remote server: Error
400 on SERVER: Could not parse YAML data for node servername here:
syntax error on line 89, col 7: `'

Client and Master Puppet versions are .25.1

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet client error

2009-11-16 Thread Cory mckee

I was wondering if I could get help.

on client


[r...@linux ~]# puppetd --test --verbose
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
err: //Node[basenode]/motd/Package[motd]/ensure: change from absent to
latest failed: Could not update: Could not find package motd at
/etc/puppet/modules/motd/manifests/init.pp:5
notice: //Node[basenode]/motd/File[/etc/motd]: Dependency package[motd] has
1 failures
notice: Finished catalog run in 9.68 seconds

on puppetmaster

# /etc/puppet/modules/motd/manifests/init.pp

class motd {

package { motd: ensure = latest }

file { /etc/motd:
owner   = root,
group   = root,
mode= 440,
source  = puppet:///motd/motd,
require = Package[motd],
}
}



Thanks
Cory McKee

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet client running into an error but not reporting it.

2009-09-24 Thread Tim Uckun


I have a situation where there is a problem with one of my manifests.
The puppet client throws up an error but does not report. I don't get
an email notification of the problem even though I have all: setting
on the tagmail and I don't see any trace of a report on the syslog
either.

This is the output from the client

puppetd --verbose --no-daemon
notice: Starting Puppet client version 0.25.0
info: Retrieving plugin
info: Caching catalog for ubuntu.panztel.local
err: Could not run Puppet configuration client: Parameter unless
failed: 'grep -qFx '#include /etc/asterisk/manager.conf.d/*.conf'
'/etc/asterisk/manager.conf'' is both unqualifed and specified no
search path at /etc/puppet/modules/common/manifests/defines/line.pp:32


I think I know what is causing the problem but at this time I am not
concerned about that at all. I don't care what the problem is. I want
to make sure I get notified everytime there is a problem.

Here is the log on the server.

Sep 25 11:27:04 nzvoip1 puppetmasterd[11320]: Reopening log files
Sep 25 11:27:04 nzvoip1 puppetmasterd[11320]: Starting Puppet server
version 0.25.0
Sep 25 11:27:31 nzvoip1 puppetmasterd[11320]: (Module
common(/etc/puppet/modules/common)) using the deprecated 'plugins'
directory for ruby extensions; please move to 'lib'
Sep 25 11:27:31 nzvoip1 puppetmasterd[11320]: (Module
common(/etc/puppet/modules/common)) using the deprecated 'plugins'
directory for ruby extensions; please move to 'lib'
Sep 25 11:27:35 nzvoip1 puppetmasterd[11320]:
(/File[/var/puppet/storeconfigs.sqlite]/owner) Cannot manage ownership
unless running as root
Sep 25 11:27:35 nzvoip1 puppetmasterd[11320]:
(/File[/var/puppet/log/rails.log]/owner) Cannot manage ownership
unless running as root
Sep 25 11:27:37 nzvoip1 puppetmasterd[11320]: Compiled catalog for
ubuntu.panztel.local in 1.35 seconds
Sep 25 11:30:01 nzvoip1 /USR/SBIN/CRON[13961]: (root) CMD ([ -x
/usr/sbin/update-motd ]  /usr/sbin/update-motd 2/dev/null)


No report, nothing in the log file. No indication that anything went wrong.

If this was in production I would never know there was a problem. The
only reason I know there is a problem is because I am running the
client manually with the --no-daemon option.


What can I do to make sure I always get notified when something goes wrong?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] puppet client on centos5 / apt-rpm

2009-06-18 Thread hyde


I have puppet client on centos5, but we don't use yum to install
packages, we use apt-rpm to install packages, so it would be 'apt-get
install packagename' instead of 'yum install packagename'.

How can I customize puppet for the above?

Thanks,
Hai

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] puppet client looking for server puppet

2009-06-10 Thread Asif Iqbal


In my puppet client I have
puppet.conf defined puppet server as mypuppet

server = mypuppet.example.net

Not sure why the puppet client puppet-test is still sending these
noises to the syslog

Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error]
Could not find server : getaddrinfo: node name or service name not
known
Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error]
Could not request certificate: Certificate retrieval failed: Could not
find server puppet
Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice]
Starting catalog run
Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice]
Finished catalog run in 0.03 seconds

Am I hitting a but?

Here is the detail of the  `  puppetd --genconfig  '  output without
the comments from puppet client puppet-test

[puppetd]
manifest = /etc//opt/csw/puppet/manifests/site.pp
bucketdir = /var//opt/csw/puppet/bucket
yamldir = /var//opt/csw/puppet/yaml
modulepath = /etc//opt/csw/puppet/modules:/usr/share/puppet/modules
masterlog = /var//opt/csw/puppet/log/puppetmaster.log
clientyamldir = /var//opt/csw/puppet/client_yaml
masterhttplog = /var//opt/csw/puppet/log/masterhttp.log
manifestdir = /etc//opt/csw/puppet/manifests
pluginpath = /var//opt/csw/puppet/plugins
factdest = /var//opt/csw/puppet/facts
authconfig = /etc//opt/csw/puppet/namespaceauth.conf
logdir = /var//opt/csw/puppet/log
ssldir = /etc//opt/csw/puppet/ssl
plugindest = /var//opt/csw/puppet/lib
factsource = puppet://mypuppet.example.net/facts
rundir = /var//opt/csw/puppet/run
genconfig = true
pluginsource = puppet://mypuppet.example.net/plugins
factpath = /var//opt/csw/puppet/facts
libdir = /var//opt/csw/puppet/lib
statedir = /var//opt/csw/puppet/state
railslog = /var//opt/csw/puppet/log/rails.log
dblocation = /var//opt/csw/puppet/state/clientconfigs.sqlite3
runinterval = 60
localconfig = /var//opt/csw/puppet/state/localconfig
puppetdlog = /var//opt/csw/puppet/log/puppetd.log
ca_server = mypuppet.example.net
statefile = /var//opt/csw/puppet/state/state.yaml
server = mypuppet.example.net
httplog = /var//opt/csw/puppet/log/http.log
splaylimit = 60
config = /etc//opt/csw/puppet/puppet.conf
reportserver = mypuppet.example.net
ca_port = 8140
puppetdlockfile = /var//opt/csw/puppet/state/puppetdlock
classfile = /var//opt/csw/puppet/state/classes.txt
signeddir = /etc//opt/csw/puppet/ssl/ca/signed
autosign = /etc//opt/csw/puppet/autosign.conf
cert_inventory = /etc//opt/csw/puppet/ssl/ca/inventory.txt
cacert = /etc//opt/csw/puppet/ssl/ca/ca_crt.pem
caprivatedir = /etc//opt/csw/puppet/ssl/ca/private
capass = /etc//opt/csw/puppet/ssl/ca/private/ca.pass
cakey = /etc//opt/csw/puppet/ssl/ca/ca_key.pem
csrdir = /etc//opt/csw/puppet/ssl/ca/requests
serial = /etc//opt/csw/puppet/ssl/ca/serial
cacrl = /etc//opt/csw/puppet/ssl/ca/ca_crl.pem
cadir = /etc//opt/csw/puppet/ssl/ca
capub = /etc//opt/csw/puppet/ssl/ca/ca_pub.pem
certdir = /etc//opt/csw/puppet/ssl/certs
privatedir = /etc//opt/csw/puppet/ssl/private
hostcert = /etc//opt/csw/puppet/ssl/certs/puppet-test.example.net.pem
localcacert = /etc//opt/csw/puppet/ssl/certs/ca.pem
publickeydir = /etc//opt/csw/puppet/ssl/public_keys
passfile = /etc//opt/csw/puppet/ssl/private/password
hostprivkey = /etc//opt/csw/puppet/ssl/private_keys/puppet-test.example.net.pem
privatekeydir = /etc//opt/csw/puppet/ssl/private_keys
hostcsr = /etc//opt/csw/puppet/ssl/csr_puppet-test.example.net.pem
hostpubkey = /etc//opt/csw/puppet/ssl/public_keys/puppet-test.example.net.pem
reportdir = /var//opt/csw/puppet/reports
templatedir = /var//opt/csw/puppet/templates
tagmap = /etc//opt/csw/puppet/tagmail.conf
rrdinterval = 60
rrddir = /var//opt/csw/puppet/rrd
fileserverconfig = /etc//opt/csw/puppet/fileserver.conf
graphdir = /var//opt/csw/puppet/state/graphs
clientbucketdir = /var//opt/csw/puppet/clientbucket


-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet Client Isolated from Network

2008-12-10 Thread jflo


I am reviewing puppet for suitability on a project that I'm working
on.  In many regards, it looks perfect and I'm very pleased with the
overall feel thus far.  For a proof-of-concept example, I've created a
manifest that ensures that the ntp package is installed on the client,
that it has the correct ntp.conf and that the services is running with
that config.  So far so good.

The clients are going to be PC/104 systems running the Fedora
appliance OS from CompactFlash more or less as if it were a live CD
(think compressed and read-only).  The goal is to have this OS be just
the bare bones plus the puppet client.  On boot, the puppet client
would install the required packages, configure them and start services
and custom applications as
necessary.  This means that any disk updates occurring after boot will
not persist through a reboot.  Boot times are longer this way, but the
systems remain very flexible and can be deployed for a variety of
purposes, which would ultimately be dictated by the puppet master.

If there is a network loss for whatever reason, it is required that
system remain operational in all other regards.  If the network outage
occurs after boot up this is rather trivial to handle.  However, if
the system is rebooted after loss of network, it must proceed under
the last known state of configuration.  I've been partly successful in
this regard by creating a 2nd file system on the CompactFlash to
which /var/cache/yum is sym-linked.  This in effect makes the yum
cache persistent through reboots.

With the network disconnected, I can remove the ntp package and its
configuration file from the client, reboot and puppet will dutifully
reinstall the ntp package.  However it is unable to retrieve the
configuration file from the puppet master and thus far I have not
found any way to configure puppetd to maintain a locally cached
version to use as a fail safe.  I have experimented with ignorecache
and usecacheonfailure but without success.  Do I need to make each
puppet client its own file server somehow with a synchronized copy of
the master?  Is there some better route I've missed?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet Client Isolated from Network

2008-12-10 Thread John Florian


I am reviewing puppet for suitability on a project that I'm working
on.  In many regards, it looks perfect and I'm very pleased with the
overall feel thus far.  For a proof-of-concept example, I've created a
manifest that ensures that the ntp package is installed on the client,
that it has the correct ntp.conf and that the services is running with
that config.  So far so good.

The clients are going to be PC/104 systems running the Fedora
appliance OS from CompactFlash more or less as if it were a live CD
(think compressed and read-only).  The goal is to have this OS be just
the bare bones plus the puppet client.  On boot, the puppet client
would install the required packages, configure them and start services
and custom applications as
necessary.  This means that any disk updates occurring after boot will
not persist through a reboot.  Boot times are longer this way, but the
systems remain very flexible and can be deployed for a variety of
purposes, which would ultimately be dictated by the puppet master.

If there is a network loss for whatever reason, it is required that
system remain operational in all other regards.  If the network outage
occurs after boot up this is rather trivial to handle.  However, if
the system is rebooted after loss of network, it must proceed under
the last known state of configuration.  I've been partly successful in
this regard by creating a 2nd file system on the CompactFlash to
which /var/cache/yum is sym-linked.  This in effect makes the yum
cache persistent through reboots.

With the network disconnected, I can remove the ntp package and its
configuration file from the client, reboot and puppet will dutifully
reinstall the ntp package.  However it is unable to retrieve the
configuration file from the puppet master and thus far I have not
found any way to configure puppetd to maintain a locally cached
version to use as a fail safe.  I have experimented with ignorecache
and usecacheonfailure but without success.  Do I need to make each
puppet client its own file server somehow with a synchronized copy of
the master?  Is there some other route I've missed?

I've also noted that the ntp daemon does not start in this case, but
I'm pretty sure that's simply because puppetd knows a dependency
hasn't yet been met.  If I can just convince puppetd to somehow
persist/cache (similar to what I did with yum) the config file and use
that if all else fails, I'll be ready to roll on this project.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

99 matches

Mail list logo