Thanks Ken.....I think I'm getting it....slowly :) > "...Start developing _something_ and see how your organisation works for > you.." Right....I've started with the most basic setup to test CA keys by simply implementing file perms for /etc/sudoers
I think my initial confusion was that I didn't realize that when deploying "modules" ... you still need a "/etc/puppet/manifest/ site.pp" etc > "How do you identify these hosts now?" Some of the prod systems have "prod" in their hostname....but there are a lot that don't confirm, thanks for the examples for "grouping" will give them a go. Getting back to my ultra simple setup, I'm finding that I can't run "puppetd --test": [root@msukpuppet02 puppet]# puppetd --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run [root@msukpuppet02 puppet]# HOWEVER...this works perfectly: [root@msukpuppet02 puppet]# puppetd --test -- server=msukpuppet01.mserv.local info: Caching catalog for msukpuppet02.mserv.local info: Applying configuration version '1308583986' notice: Finished catalog run in 0.02 seconds [root@msukpuppet02 puppet]# My puppet config file sits in "/etc/sysconfig/puppet" [root@msukpuppet02 puppet]# cat /etc/sysconfig/puppet # The puppetmaster server PUPPET_SERVER=msukpuppet01.mserv.local # If you wish to specify the port to connect to do so here PUPPET_PORT=8140 # Where to log to. Specify syslog to send log messages to the system log. PUPPET_LOG=/var/log/puppet/puppet.log # You may specify other parameters to the puppet client here PUPPET_EXTRA_OPTS=--waitforcert=500 [root@msukpuppet02 puppet]# I have checked both systems time is correct perfect and both system resolve in the dns correctly for both A and PTR records. I'm using RHEL 6.1 (puppet-0.25.5-1.el6.noarch) Thanks again for the help!!!! Bruce On Jun 20, 1:12 pm, Ken Barber <k...@puppetlabs.com> wrote: > Augeas is a resource - I don't see how it fits in as a module. You may > _use_ it in your modules if you like. > > > > > > > > On Mon, Jun 20, 2011 at 12:09 PM, Bruce Bushby <bruce.bus...@gmail.com> wrote: > > One last question: > > > Would the list suggest implementing "augeas" where possible? and would > > "augeas" fit into the "module layout" > > > Thanks > > Bruce > > > On Jun 18, 9:29 am, Bruce Bushby <bruce.bus...@gmail.com> wrote: > >> Hello > > >> I'm new to large scale puppet deployment and was hoping the list could > >> offer some pointers on "module layout" > > >> My initial "layout" was motivated by a need to "harden" our Linux > >> systems. I grouped the various hardening configs into: > > >> Kernel > >> OS > >> Network > >> Shell > >> Files > >> Application > > >> I'm hoping I can create the same module structure within puppet. > > >> Using "sudo" as the first example, I want puppet to ensure "/usr/bin/ > >> sudo" has "4111" file perms and "root:root" ownership. > > >> Directory layout: > >> I used this handy script from > >> "ProfFalken"http://www.threedrunkensysadsonthe.net/2010/04/quick-creation-of-pupp... > > >> BUT...this is where things are getting a little grey. I currently > >> have: > > >> [root@laptop manifests]# pwd > >> /etc/puppet/manifests > >> [root@laptop manifests]# > >> [root@laptop manifests]# tree os > >> os > >> |-- files > >> |-- lib > >> | |-- facter > >> | `-- puppet > >> | |-- parser > >> | |-- provider > >> | `-- type > >> |-- manifests > >> | |-- init.pp > >> | `-- sudo.pp > >> `-- templates > > >> 9 directories, 2 files > >> [root@laptop manifests]# > >> [root@laptop manifests]# cat os/manifests/sudo.pp > >> # /etc/puppet/manifests/classes/sudo.pp > > >> class sudo { > >> file { "/etc/sudoers": > >> owner => "root", > >> group => "root", > >> mode => 4111, > >> }} > > >> [root@laptop manifests]# > > >> Am I on the correct track? > > >> I'm guessing I should break the classes down into: > >> sudo::perms > >> sudo::ownership > >> sudo::file (have puppet serve the sudo template) > > >> then in "os/manifests/site.pp" ..... would I import sudo? > > >> and the second question: How would I create hosts groups? I would like > >> to group my hosts in "dev", "uat", "staging" and "prod" etc? > > >> ThanksBruce > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
