[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
Hi David, Not sure if you looked at it, but I'm one of the developers of Chef; an alternate ruby-based configuration management / systems integration framework. What work is involved in getting a functional Augeas resource? I'm not sure we want to expose the level of functionality of Augeas entirely, but perhaps expose it through limited resources, that is unless we can lock it down a little. There are ruby bindings, yes? Regards, AJ On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: >> Hi David, >> >> David Lutterkort wrote: >>> Yeah, that's what that means. Here's a dirty trick to check multiple >>> conditions: >> >> Your assistance so far has been awesome. If I had more time to >> play, I'm >> sure I could solve this in time, but I'm being hammered by the >> security >> teams and I need to get a solution onto our servers as soon as >> possible. >> >> I'm trying to check/change /etc/pam.d/system-auth >> >> The initial (default set) lines look like this: >> >> passwordrequisite pam_cracklib.so try_first_pass retry=3 >> passwordsufficientpam_unix.so md5 shadow nullok >> try_first_pass >> use_authtok >> >> I want to change them to this (result set): >> >> passwordrequisite pam_cracklib.so retry=3 lcredit=1 ucredit=1 >> dcredit=1 ocredit=1 >> passwordsufficientpam_unix.so md5 shadow try_first_pass >> use_authtok remember=7 >> >> Essentially, I need to check if the lines match the result set and if >> not, to make the change. I'm happily able to make the proper changes, >> using the following (using the first line as an example): >> >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ >> argument", >> "set *[module='pam_cracklib.so'][type='password']/argument[1] >> retry=3", >> "set *[module='pam_cracklib.so'][type='password']/argument[2] >> lcredit=1", >> "set *[module='pam_cracklib.so'][type='password']/argument[3] >> ucredit=1", >> "set *[module='pam_cracklib.so'][type='password']/argument[4] >> dcredit=1", >> "set *[module='pam_cracklib.so'][type='password']/argument[5] >> ocredit=1"], >> >> But I'm really struggling with the onlyif line to check that all the >> arguments are in place, the correct value and there are no extras. >> I'm >> able to test individual argument values and the overall count, but I >> seem unable to build a full match that checks everything at once, >> i.e. >> checks each of the first five argument values and ensures that >> there are >> only 5 arguments total. > > If you don't mind an unnecessary change the first time you run your > Augeas resource on a system, you don't need the onlyif - unnecessary > here means that system-auth might be changed simply because there's > different amounts of spaces between the current file and what Augeas > would generate based on your tree changes. > > Augeas will not actually change the file if it stays byte-for-byte > identical, even if you made changes to the tree (e.g. change the value > of a node to something new, then back to the old thing) > > Depending on the version of the Augeas plugin you have, puppet _might_ > report changes even though none were necessary (or made) - Bryan might > be able to shed some light on the state of reporting in the Augeas > type > in 0.24.7 vs the latest in git. > > David > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: port 8140 issue in ubuntu
As you've already found out, this seems to be a problems with the
client creating a TCP-connection to the server.
- Check that there are anything listing on the server on port 8140
("netstat -tpln | egrep 8140")
- Try to connect to the server from the client with telnet ("telnet
vm-devserver-18.dev.s.vonagenetworks.net 8140")
- If there is something listing, but you can't reach the server,
check your routing ("netstat -rn")
- Verify your routing with ping from the client ("ping vm-
devserver-18.dev.s.vonagenetworks.net") (assumes that ICMP are allowed
on the server)
If all else fails, tcpdump is your friend. Run it on both your client
and server to see the traffic from both's point of view.
BR.
Rune
On 3 Mar, 19:52, Sam wrote:
> I installed all required pkgs for Puppet & other configurations are
> done.
> I have issues getting certificates from server.
> vm1 is server & vm2 is client.
>
> In client I run,
>
> r...@vm2# puppetd --server vm-devserver-18.dev.s.vonagenetworks.net --
> waitforcert 60 --test
>
> and I see,
>
> /usr/lib/ruby/1.8/puppet/network/client/ca.rb:31:in `request_cert':
> Certificate retrieval failed: Could not connect to vm1 on port 8140
> (Puppet::Error)
> from /usr/sbin/puppetd:356
>
> In server I run,
>
> r...@vm1:/var/home/gsivaraj# puppetca --list
>
> And I get
>
> No certificates to sign
>
> As this is related to opening up the ports so, I did the following
> thing on server but of no use. Can you please help?
>
> 1) /etc/init.d/apparmor stop
> 2) iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 8140 -j ACCEPT
>
> Thanks in advance
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Python release?
On Mar 4, 3:56 am, Luke Kanies wrote: > > Not to nit-pick, but it's more that I just couldn't write in the > language. I did try pretty hard, and have since successfully written > a bit in it (in Jython, actually), but I just could never turn my > ideas into code in Python. And no, it wasn't the white space. > Without preusing the code base, how much of Puppet is RESTful these days? I thought work was done in this area already. Wouldn't that imply we could interface to those parts in any language? /usr/bin/curl FTW! -- Matthew Flanagan http://wadofstuff.blogspot.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
I could be out of line in saying this but rather than developing an alternate to Puppet, would your efforts not be better served producing something that is complementary. The puppet equivalent of http://nagiosexchange.org, springs to mind. As I understand it there is a need for a repository for modules for parts of puppet which are non-core. Nagiosexchange is a viable venture in its own right and the two co-exist as mutually beneficial partners. At least I think that's the case. Gaining knowledge from this group, to work on something which can only be considered as a rival, seems somehow not quite right Paul 2009/3/4 AJ Christensen > > Hi David, > > Not sure if you looked at it, but I'm one of the developers of Chef; > an alternate ruby-based configuration management / systems integration > framework. > > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? > > Regards, > > AJ > > On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > > > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > >> Hi David, > >> > >> David Lutterkort wrote: > >>> Yeah, that's what that means. Here's a dirty trick to check multiple > >>> conditions: > >> > >> Your assistance so far has been awesome. If I had more time to > >> play, I'm > >> sure I could solve this in time, but I'm being hammered by the > >> security > >> teams and I need to get a solution onto our servers as soon as > >> possible. > >> > >> I'm trying to check/change /etc/pam.d/system-auth > >> > >> The initial (default set) lines look like this: > >> > >> passwordrequisite pam_cracklib.so try_first_pass retry=3 > >> passwordsufficientpam_unix.so md5 shadow nullok > >> try_first_pass > >> use_authtok > >> > >> I want to change them to this (result set): > >> > >> passwordrequisite pam_cracklib.so retry=3 lcredit=1 ucredit=1 > >> dcredit=1 ocredit=1 > >> passwordsufficientpam_unix.so md5 shadow try_first_pass > >> use_authtok remember=7 > >> > >> Essentially, I need to check if the lines match the result set and if > >> not, to make the change. I'm happily able to make the proper changes, > >> using the following (using the first line as an example): > >> > >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ > >> argument", > >> "set *[module='pam_cracklib.so'][type='password']/argument[1] > >> retry=3", > >> "set *[module='pam_cracklib.so'][type='password']/argument[2] > >> lcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[3] > >> ucredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[4] > >> dcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[5] > >> ocredit=1"], > >> > >> But I'm really struggling with the onlyif line to check that all the > >> arguments are in place, the correct value and there are no extras. > >> I'm > >> able to test individual argument values and the overall count, but I > >> seem unable to build a full match that checks everything at once, > >> i.e. > >> checks each of the first five argument values and ensures that > >> there are > >> only 5 arguments total. > > > > If you don't mind an unnecessary change the first time you run your > > Augeas resource on a system, you don't need the onlyif - unnecessary > > here means that system-auth might be changed simply because there's > > different amounts of spaces between the current file and what Augeas > > would generate based on your tree changes. > > > > Augeas will not actually change the file if it stays byte-for-byte > > identical, even if you made changes to the tree (e.g. change the value > > of a node to something new, then back to the old thing) > > > > Depending on the version of the Augeas plugin you have, puppet _might_ > > report changes even though none were necessary (or made) - Bryan might > > be able to shed some light on the state of reporting in the Augeas > > type > > in 0.24.7 vs the latest in git. > > > > David > > > > > > > > > > > > > > -- Paul Matthews -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
No. Regards, AJ On 5/03/2009, at 12:18 AM, paul matthews wrote: > I could be out of line in saying this but rather than developing an > alternate to Puppet, would your efforts not be better served > producing something that is complementary. The puppet equivalent of > http://nagiosexchange.org > , springs to mind. As I understand it there is a need for a > repository for modules for parts of puppet which are non-core. > Nagiosexchange is a viable venture in its own right and the two co- > exist as mutually beneficial partners. At least I think that's the > case. > > Gaining knowledge from this group, to work on something which can > only be considered as a rival, seems somehow not quite right > > Paul > > 2009/3/4 AJ Christensen > > Hi David, > > Not sure if you looked at it, but I'm one of the developers of Chef; > an alternate ruby-based configuration management / systems integration > framework. > > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? > > Regards, > > AJ > > On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > > > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > >> Hi David, > >> > >> David Lutterkort wrote: > >>> Yeah, that's what that means. Here's a dirty trick to check > multiple > >>> conditions: > >> > >> Your assistance so far has been awesome. If I had more time to > >> play, I'm > >> sure I could solve this in time, but I'm being hammered by the > >> security > >> teams and I need to get a solution onto our servers as soon as > >> possible. > >> > >> I'm trying to check/change /etc/pam.d/system-auth > >> > >> The initial (default set) lines look like this: > >> > >> passwordrequisite pam_cracklib.so try_first_pass retry=3 > >> passwordsufficientpam_unix.so md5 shadow nullok > >> try_first_pass > >> use_authtok > >> > >> I want to change them to this (result set): > >> > >> passwordrequisite pam_cracklib.so retry=3 lcredit=1 > ucredit=1 > >> dcredit=1 ocredit=1 > >> passwordsufficientpam_unix.so md5 shadow try_first_pass > >> use_authtok remember=7 > >> > >> Essentially, I need to check if the lines match the result set > and if > >> not, to make the change. I'm happily able to make the proper > changes, > >> using the following (using the first line as an example): > >> > >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ > >> argument", > >> "set *[module='pam_cracklib.so'][type='password']/argument[1] > >> retry=3", > >> "set *[module='pam_cracklib.so'][type='password']/argument[2] > >> lcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[3] > >> ucredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[4] > >> dcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[5] > >> ocredit=1"], > >> > >> But I'm really struggling with the onlyif line to check that all > the > >> arguments are in place, the correct value and there are no extras. > >> I'm > >> able to test individual argument values and the overall count, > but I > >> seem unable to build a full match that checks everything at once, > >> i.e. > >> checks each of the first five argument values and ensures that > >> there are > >> only 5 arguments total. > > > > If you don't mind an unnecessary change the first time you run your > > Augeas resource on a system, you don't need the onlyif - unnecessary > > here means that system-auth might be changed simply because there's > > different amounts of spaces between the current file and what Augeas > > would generate based on your tree changes. > > > > Augeas will not actually change the file if it stays byte-for-byte > > identical, even if you made changes to the tree (e.g. change the > value > > of a node to something new, then back to the old thing) > > > > Depending on the version of the Augeas plugin you have, puppet > _might_ > > report changes even though none were necessary (or made) - Bryan > might > > be able to shed some light on the state of reporting in the Augeas > > type > > in 0.24.7 vs the latest in git. > > > > David > > > > > > > > > > > > > > > > -- > Paul Matthews > -- > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
To clarify; if you're upset by my behavior - this was meant to be an off-list reply. I apologies if I've offended anyones sensibilities. Puppet tends to gather some of the smartest minds around architecture. Regards, AJ On 5/03/2009, at 12:18 AM, paul matthews wrote: > I could be out of line in saying this but rather than developing an > alternate to Puppet, would your efforts not be better served > producing something that is complementary. The puppet equivalent of > http://nagiosexchange.org > , springs to mind. As I understand it there is a need for a > repository for modules for parts of puppet which are non-core. > Nagiosexchange is a viable venture in its own right and the two co- > exist as mutually beneficial partners. At least I think that's the > case. > > Gaining knowledge from this group, to work on something which can > only be considered as a rival, seems somehow not quite right > > Paul > > 2009/3/4 AJ Christensen > > Hi David, > > Not sure if you looked at it, but I'm one of the developers of Chef; > an alternate ruby-based configuration management / systems integration > framework. > > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? > > Regards, > > AJ > > On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > > > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > >> Hi David, > >> > >> David Lutterkort wrote: > >>> Yeah, that's what that means. Here's a dirty trick to check > multiple > >>> conditions: > >> > >> Your assistance so far has been awesome. If I had more time to > >> play, I'm > >> sure I could solve this in time, but I'm being hammered by the > >> security > >> teams and I need to get a solution onto our servers as soon as > >> possible. > >> > >> I'm trying to check/change /etc/pam.d/system-auth > >> > >> The initial (default set) lines look like this: > >> > >> passwordrequisite pam_cracklib.so try_first_pass retry=3 > >> passwordsufficientpam_unix.so md5 shadow nullok > >> try_first_pass > >> use_authtok > >> > >> I want to change them to this (result set): > >> > >> passwordrequisite pam_cracklib.so retry=3 lcredit=1 > ucredit=1 > >> dcredit=1 ocredit=1 > >> passwordsufficientpam_unix.so md5 shadow try_first_pass > >> use_authtok remember=7 > >> > >> Essentially, I need to check if the lines match the result set > and if > >> not, to make the change. I'm happily able to make the proper > changes, > >> using the following (using the first line as an example): > >> > >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ > >> argument", > >> "set *[module='pam_cracklib.so'][type='password']/argument[1] > >> retry=3", > >> "set *[module='pam_cracklib.so'][type='password']/argument[2] > >> lcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[3] > >> ucredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[4] > >> dcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[5] > >> ocredit=1"], > >> > >> But I'm really struggling with the onlyif line to check that all > the > >> arguments are in place, the correct value and there are no extras. > >> I'm > >> able to test individual argument values and the overall count, > but I > >> seem unable to build a full match that checks everything at once, > >> i.e. > >> checks each of the first five argument values and ensures that > >> there are > >> only 5 arguments total. > > > > If you don't mind an unnecessary change the first time you run your > > Augeas resource on a system, you don't need the onlyif - unnecessary > > here means that system-auth might be changed simply because there's > > different amounts of spaces between the current file and what Augeas > > would generate based on your tree changes. > > > > Augeas will not actually change the file if it stays byte-for-byte > > identical, even if you made changes to the tree (e.g. change the > value > > of a node to something new, then back to the old thing) > > > > Depending on the version of the Augeas plugin you have, puppet > _might_ > > report changes even though none were necessary (or made) - Bryan > might > > be able to shed some light on the state of reporting in the Augeas > > type > > in 0.24.7 vs the latest in git. > > > > David > > > > > > > > > > > > > > > > -- > Paul Matthews > -- > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at htt
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
On Mar 4, 11:24 pm, AJ Christensen wrote: > To clarify; if you're upset by my behavior - this was meant to be an > off-list reply. I apologies if I've offended anyones sensibilities. > > Puppet tends to gather some of the smartest minds around architecture. > > Regards, > Hi all At AJ's request - as he had intended to post off-list - I'm killing this thread. Please do not reply. Thanks James Turnbull --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Get uncaught exception when using LDAP users in multiple groups
Hi all
I am using puppet 0.24.7 on Centos 5.2 and am attempting to set up users
in LDAP via puppet. I am getting an error msg that says
err: Got an uncaught exception of type NoMethodError: undefined method
`join' for :absent:Symbol
on the second run of puppetd. First time through I run
puppetd --test --tags users
and it works and sets up the users "opt-query" and "opt-arch" in my LDAP
directory. If I then run the exact same command again then it fails with
the error above. Here's a simplified test case of what I have set up and
it fails for me using this. It appears to be something to do with the
multiple groups specified for the opt-arch user - do I have a mistake in
the way I have this set up in the define?
define ldapuser
(
$uid,
$groups,
$home,
$shell
)
{
group {"$title":
gid => $uid,
provider => "ldap",
ensure => present
}
user {"$title":
comment => "$title",
ensure => present,
groups => [ "$groups" ],
gid => "$uid",
home => "$home",
managehome => "false",
provider => "ldap",
shell => "$shell",
uid => "$uid",
require => Group["$title"]
}
}
class users
{
ldapuser {"opt-query":
home => "/some/dir/here",
shell => "/sbin/nologin",
uid => "506",
groups => ["opt-query"]
}
ldapuser {"opt-arch":
home => "/some/dir/here",
shell => "/sbin/nologin",
uid => "507",
groups => [ "opt-query","opt-arch" ],
require => [ Ldapuser["opt-query"] ]
}
}
--
Trevor Hemsley
Infrastructure Engineer
.
* C A L Y P S O
* 4th Floor, Tower Point,
44 North Road,
Brighton, BN1 1YR, UK
OFFICE +44 (0) 1273 666 350
FAX +44 (0) 1273 666 351
.
www.calypso.com
This electronic-mail might contain confidential information intended
only for the use by the entity named. If the reader of this message is
not the intended recipient, the reader is hereby notified that any
dissemination, distribution or copying is strictly prohibited.
* P * /*/ Please consider the environment before printing this e-mail /*/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
Avi Miller wrote: > > > David Lutterkort wrote: >> Ouch .. you are right. There's a bug that makes '>' mean'>=' and '>=' >> mean '>'. I'll commit a fix. > > Well, on the plus side, it means I'm not actually going insane. :) > > Quick question: I'm trying to have multiple onlyif matches using > standard Puppet syntax, i.e. > > onlyif => [ "match ..", "match .." ] > > I'm getting this error from Puppet: > > err: //Node[testnode]/pam/Augeas[pam_set_cracklib]: Failed to retrieve > current state of resource: private method `split' called for > # Yeah... match does not support arrays. I will add a feature request for that. -- bk --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
Avi Miller wrote: > > > David Lutterkort wrote: >> Ouch .. you are right. There's a bug that makes '>' mean'>=' and '>=' >> mean '>'. I'll commit a fix. > > Well, on the plus side, it means I'm not actually going insane. :) > > Quick question: I'm trying to have multiple onlyif matches using > standard Puppet syntax, i.e. > > onlyif => [ "match ..", "match .." ] > > I'm getting this error from Puppet: > > err: //Node[testnode]/pam/Augeas[pam_set_cracklib]: Failed to retrieve > current state of resource: private method `split' called for > # http://projects.reductivelabs.com/issues/2048 -- bk --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
David Lutterkort wrote:
> On Wed, 2009-03-04 at 10:48 +1100, Avi Miller wrote:
>> Hi David,
>>
>> David Lutterkort wrote:
>>> You definitely should read up on path expressions[1] for that, and maybe
>>> even have a look at the test cases for them[2], since they show some
>>> more esoteric uses.
>> I'm still having a bit of a brain disconnect on converting Augeas' XPath
>> stuff into Puppet types.
>>
>> Here is my test Puppet entry:
>>
>> augeas { "pam_set_cracklib":
>> context => "/files/etc/pam.d/system-auth",
>> changes => "rm *[module='pam_cracklib.so']/argument",
>> onlyif => "match *[module='pam_cracklib.so'][count(argument)>5]",
>> }
>>
>> Which, theoretically, should remove all the arguments if the entry that
>> contains the pam_cracklib.so module has more than 5 arguments.
>>
>> If I run the match (in the onlyif line) in augtool, I get:
>>
>> augtool> match
>> /files/etc/pam.d/system-auth/*[module='pam_cracklib.so'][count(argument)>5]
>> /files/etc/pam.d/system-auth/8 = (none)
>>
>> Which suggests that line 8 in that file matches.
>>
>> However, when I run this entry in Puppet, I get:
>>
>> err: //Node[testnode]/pam/Augeas[pam_set_cracklib]: Failed to retrieve
>> current state of resource: Error sending command 'match' with params
>> ["/files/etc/pam.d/system-auth/*[module='pam_cracklib.so'][count(argument)>5]"]/Invalid
>>
>> command: match
>> /files/etc/pam.d/system-auth/*[module='pam_cracklib.so'][count(argument)>5]
>>
>> Any ideas?
>>
>> Essentially, what I'm trying to achieve is the capability to change
>> pam.d file entries if they don't match what they're supposed to.
>
> If you have Augeas 0.4.1 on both the puppet client and master (count was
> only added in 0.4.1) this should work. Bryan, any ideas what could be
> wrong ?
For this one, the puppet match is slight different then the augeas
match. Puppet match is
match [AUGEAS_PATH] [size = [int]| include [string]| == [an array]]
So.. you need to add one of the testers on to the end for that.
-- bk
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Special file types
On Mar 3, 12:11 pm, Luke Kanies wrote: > Yes I'm amenable to it being added but it's pretty low on the priority > list for the general community, so you get both. :) Works for me :) Thanks for being open minded about it, and keep up the good work. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Mac OSX Package install
Nigel, thanks for the quick response.
Avoiding the 'define':
I am not seeing a marker file being installed in /var/db. I have tried
to install the package with the standard package install using
puppet... no go. I get errors regarding the package path: ...Execution
of '/usr/sbin/installer -pkg http://server/packages/firefox.3.0.6-1.dmg
-target /' returned 1: installer: Error the package path specified was
invalid: '.
The file is there and the path is correct.
Using the 'define':
I have actually made a little progress on this one. I am now getting
an hdutil error about no mountable filesystems in /tmp or /tmp/
Firefox3.0.6-1.dmg. I am seeing the puppet client doing a 'GET' from
the the web server but I am not seeing the file anywhere on the client
system. Could this be a permissions issue on the client?
Also, in all my errors, I get: 'err: //Node[default]/mac-firefox/
Pkg_deploy[Firefox3.0.6-1.dmg]/Package[Firefox3.0.6-1.dmg]/ensure:
change from absent to present failed:
Thanks again for your help.
-kurt
On Mar 3, 3:51 pm, Nigel Kersten wrote:
> engle, does it work when you avoid the define and just do a standard
> package install?
>
> Note that the pkgdmg provider relies upon marker files for packages in
> /var/db/.puppet_installed_* so if that marker already exists, it won't
> reinstall it. (There's no necessary link between the dmg name and the
> packages that are contained within it)
>
> That may be your problem.
>
>
>
> On Tue, Mar 3, 2009 at 3:29 PM, engle wrote:
>
> > I am trying to setup a simple puppet config to pull a .dmg file off an
> > http server and install that package on to a mac laptop. I seem to
> > have the configuration working somewhat, but the package does not get
> > installed on the laptop.
>
> > I am trying to do a simple install of Firefox and have obtained the
> > latest .dmg file from the Firefox website. I am then placing the file
> > on a local web server.
>
> > Here is my init.pp file :
>
> > define pkg_deploy($sourcedir = false) {
> >$sourcedir_real = $sourcedir ? {
> >false => "http://webserver.foo/packages";,
> >default => $sourcedir
> >}
> >package { $name:
> >ensure => installed,
> >provider => pkgdmg,
> >source => "$sourcedir_real/$name"
> >}
> > }
>
> > class mac-firefox {
> >pkg_deploy { "Firefox3.0.6.dmg": }
> > }
>
> > I can see the laptop put out a "GET" for the file and it seems that
> > the file is being transfered to the mac. However, that is as far as I
> > can trace. I do not see the dmg get 'mounted' on the laptop nor does
> > the package get installed.
>
> > Any help would be appreciated. More information gladly provided if
> > needed.
>
> > Thanks,
> > -kurt
>
> --
> Nigel Kersten
> Systems Administrator
> Tech Lead - MacOps
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Mac OSX Package install
On Wed, Mar 4, 2009 at 8:31 AM, engle wrote:
>
> Nigel, thanks for the quick response.
>
> Avoiding the 'define':
> I am not seeing a marker file being installed in /var/db. I have tried
> to install the package with the standard package install using
> puppet... no go. I get errors regarding the package path: ...Execution
> of '/usr/sbin/installer -pkg http://server/packages/firefox.3.0.6-1.dmg
> -target /' returned 1: installer: Error the package path specified was
> invalid: '.
>
> The file is there and the path is correct.
Something is wrong there. Installer is trying to install the dmg, not
the package inside it.
What if you manually specify the package provider to be "pkgdmg" ?
Does that change behavior?
>
> Using the 'define':
> I have actually made a little progress on this one. I am now getting
> an hdutil error about no mountable filesystems in /tmp or /tmp/
> Firefox3.0.6-1.dmg. I am seeing the puppet client doing a 'GET' from
> the the web server but I am not seeing the file anywhere on the client
> system. Could this be a permissions issue on the client?
>
> Also, in all my errors, I get: 'err: //Node[default]/mac-firefox/
> Pkg_deploy[Firefox3.0.6-1.dmg]/Package[Firefox3.0.6-1.dmg]/ensure:
> change from absent to present failed:
>
> Thanks again for your help.
>
> -kurt
>
>
> On Mar 3, 3:51 pm, Nigel Kersten wrote:
>> engle, does it work when you avoid the define and just do a standard
>> package install?
>>
>> Note that the pkgdmg provider relies upon marker files for packages in
>> /var/db/.puppet_installed_* so if that marker already exists, it won't
>> reinstall it. (There's no necessary link between the dmg name and the
>> packages that are contained within it)
>>
>> That may be your problem.
>>
>>
>>
>> On Tue, Mar 3, 2009 at 3:29 PM, engle wrote:
>>
>> > I am trying to setup a simple puppet config to pull a .dmg file off an
>> > http server and install that package on to a mac laptop. I seem to
>> > have the configuration working somewhat, but the package does not get
>> > installed on the laptop.
>>
>> > I am trying to do a simple install of Firefox and have obtained the
>> > latest .dmg file from the Firefox website. I am then placing the file
>> > on a local web server.
>>
>> > Here is my init.pp file :
>>
>> > define pkg_deploy($sourcedir = false) {
>> > $sourcedir_real = $sourcedir ? {
>> > false => "http://webserver.foo/packages";,
>> > default => $sourcedir
>> > }
>> > package { $name:
>> > ensure => installed,
>> > provider => pkgdmg,
>> > source => "$sourcedir_real/$name"
>> > }
>> > }
>>
>> > class mac-firefox {
>> > pkg_deploy { "Firefox3.0.6.dmg": }
>> > }
>>
>> > I can see the laptop put out a "GET" for the file and it seems that
>> > the file is being transfered to the mac. However, that is as far as I
>> > can trace. I do not see the dmg get 'mounted' on the laptop nor does
>> > the package get installed.
>>
>> > Any help would be appreciated. More information gladly provided if
>> > needed.
>>
>> > Thanks,
>> > -kurt
>>
>> --
>> Nigel Kersten
>> Systems Administrator
>> Tech Lead - MacOps
> >
>
--
Nigel Kersten
Systems Administrator
Tech Lead - MacOps
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Mac OSX Package install
Here is my manifest file:
class mac-firefox {
$firefox_pkg = "firefox3.0.6.dmg"
package { $firefox_pkg:
provider => pkgdmg,
source => "http://nicola6.lane.edu/packages/
$firefox_pkg",
ensure => installed,
}
}
Here is the error:
notice: Starting catalog run
debug: Loaded state in 0.01 seconds
debug: Prefetching pkgdmg resources for package
debug: //Node[default]/mac-firefox/Package[firefox3.0.6.dmg]: Changing
ensure
debug: //Node[default]/mac-firefox/Package[firefox3.0.6.dmg]: 1 change
(s)
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl
-o /tmp/firefox3.0.6.dmg -C - -k -s --url
http://nicola6.lane.edu/packages/firefox3.0.6.dmg'
debug: Success: curl transfered [firefox3.0.6.dmg]
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/
hdiutil mount -plist -nobrowse -readonly -noidme -mountrandom /tmp /
tmp/firefox3.0.6.dmg'
err: //Node[default]/mac-firefox/Package[firefox3.0.6.dmg]/ensure:
change from absent to present failed: Execution of '/usr/bin/hdiutil
mount -plist -nobrowse -readonly -noidme -mountrandom /tmp /tmp/
firefox3.0.6.dmg' returned 1: hdiutil: mount failed - not recognized
debug: Finishing transaction 9556694 with 1 changes
debug: Storing state
debug: Stored state in 0.12 seconds
notice: Finished catalog run in 1.14 seconds
The weird thing is that if I use the pkg_deploy define the manifest
seems to run without errors, but the package does not get installed.
define pkg_deploy($sourcedir = false)
{
$sourcedir_real = $sourcedir ? {
false => "http://nicola6.lane.edu/packages";,
default => $sourcedir
}
package { $name:
ensure => installed,
provider => pkgdmg,
source => "$sourcedir_real/$name"
}
}
class mac-firefox {
pkg_deploy { "Firefox3.0.6.dmg": }
}
Output:
notice: Starting catalog run
debug: Loaded state in 0.03 seconds
debug: Prefetching pkgdmg resources for package
debug: //Node[default]/mac-firefox/Pkg_deploy[Firefox3.0.6.dmg]/Package
[Firefox3.0.6.dmg]: Changing ensure
debug: //Node[default]/mac-firefox/Pkg_deploy[Firefox3.0.6.dmg]/Package
[Firefox3.0.6.dmg]: 1 change(s)
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl
-o /tmp/Firefox3.0.6.dmg -C - -k -s --url
http://nicola6.lane.edu/packages/Firefox3.0.6.dmg'
debug: Success: curl transfered [Firefox3.0.6.dmg]
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/
hdiutil mount -plist -nobrowse -readonly -noidme -mountrandom /tmp /
tmp/Firefox3.0.6.dmg'
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/
hdiutil eject /tmp/dmg.R54j5J'
notice: //Node[default]/mac-firefox/Pkg_deploy[Firefox3.0.6.dmg]/
Package[Firefox3.0.6.dmg]/ensure: created
I can look in the /tmp dir and see the dmg file come down, I can see
the dmg.R54j5J file get created and then go away on the eject
command.
It seems that I am damn close. Is it a problem with the dmg file? At
this point, I am using the dmg file off the Firefox web site.
Thanks for your help, it is very much appreciated.
-kurt
On Mar 4, 8:36 am, Nigel Kersten wrote:
> On Wed, Mar 4, 2009 at 8:31 AM, engle wrote:
>
> > Nigel, thanks for the quick response.
>
> > Avoiding the 'define':
> > I am not seeing a marker file being installed in /var/db. I have tried
> > to install the package with the standard package install using
> > puppet... no go. I get errors regarding the package path: ...Execution
> > of '/usr/sbin/installer -pkghttp://server/packages/firefox.3.0.6-1.dmg
> > -target /' returned 1: installer: Error the package path specified was
> > invalid: '.
>
> > The file is there and the path is correct.
>
> Something is wrong there. Installer is trying to install the dmg, not
> the package inside it.
>
> What if you manually specify the package provider to be "pkgdmg" ?
> Does that change behavior?
>
>
>
>
>
> > Using the 'define':
> > I have actually made a little progress on this one. I am now getting
> > an hdutil error about no mountable filesystems in /tmp or /tmp/
> > Firefox3.0.6-1.dmg. I am seeing the puppet client doing a 'GET' from
> > the the web server but I am not seeing the file anywhere on the client
> > system. Could this be a permissions issue on the client?
>
> > Also, in all my errors, I get: 'err: //Node[default]/mac-firefox/
> > Pkg_deploy[Firefox3.0.6-1.dmg]/Package[Firefox3.0.6-1.dmg]/ensure:
> > change from absent to present failed:
>
> > Thanks again for your help.
>
> > -kurt
>
> > On Mar 3, 3:51 pm, Nigel Kersten wrote:
> >> engle, does it work when you avoid the define and just do a standard
> >> package install?
>
> >> Note that the pkgdmg provider relies upon marker files for packages in
> >> /var/db/.puppet_installed_* so if that marker already exists, it won't
> >> reinstall it. (There's no necessary link between the dmg name and the
> >> packages that are contained within it)
>
>
[Puppet Users] Re: Mac OSX Package install
On Wed, Mar 4, 2009 at 9:34 AM, engle wrote: > It seems that I am damn close. Is it a problem with the dmg file? At > this point, I am using the dmg file off the Firefox web site. ahah. That's your problem. The dmg from the Firefox site contains an app, not a pkg, so it can't be installed... I haven't used it much, but I believe there is an appdmg provider as well ? That might be more appropriate? I tend to believe in using pkgs for deployment with puppet, and haven't experimented with the appdmg provider. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
On Wed, 2009-03-04 at 21:38 +1300, AJ Christensen wrote: > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? Yes, there are ruby bindings[1] The existing Augeas type should give you a good idea of what's involved in making Augeas functionality available. David [1] http://augeas.net/download.html --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Mac OSX Package install
Nigel, that did the trick. I changed my provider to appdmg and the dmg from Firefox installed properly. I will have to look into what we are using to build these packages. I am somewhat new to Mac's and the concept of packages, hence, the source of my confusion. What is the recommended process of creating a package for use with puppet? Thanks again for all your help, -kurt On Mar 4, 9:37 am, Nigel Kersten wrote: > On Wed, Mar 4, 2009 at 9:34 AM, engle wrote: > > It seems that I am damn close. Is it a problem with the dmg file? At > > this point, I am using the dmg file off the Firefox web site. > > ahah. That's your problem. > > The dmg from the Firefox site contains an app, not a pkg, so it can't > be installed... > > I haven't used it much, but I believe there is an appdmg provider as > well ? That might be more appropriate? > > I tend to believe in using pkgs for deployment with puppet, and > haven't experimented with the appdmg provider. > > -- > Nigel Kersten > Systems Administrator > Tech Lead - MacOps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Mac OSX Package install
On Wed, Mar 4, 2009 at 9:50 AM, engle wrote: > > Nigel, that did the trick. I changed my provider to appdmg and the dmg > from Firefox installed properly. > > I will have to look into what we are using to build these packages. I > am somewhat new to Mac's and the concept of packages, hence, the > source of my confusion. > > What is the recommended process of creating a package for use with > puppet? Apple's tool is PackageMaker which you get with the free developer tools. A third party tool that is somewhat more reliable is Iceberg. http://s.sudre.free.fr/Software/Iceberg.html We actually have a Makefile based system here that we're looking at possibly open sourcing in the next few months. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet and LDAP users (SOLVED)
On Mar 3, 2009, at 1:42 PM, Larry Ludwig wrote: > > > On Mar 3, 2009, at 12:09 PM, Luke Kanies wrote: > >> >> On Mar 1, 2009, at 9:27 PM, Larry Ludwig wrote: >> >>> >>> >>> On Mar 1, 2009, at 9:04 PM, Trevor Hemsley wrote: >>> [puppetd] ldapserver=ldap.myorg.company.com ldapbase=dc=myorg,dc=org ldapuser=cn=admin,dc=myorg,dc=org ldappassword=mysecret >>> >>> >>> In my case it's in [puppetmasterd] but glad it works for you. >> >> >> Heh, both of you should probably put it in main. :) >> >> You need to either put it in main, the section named after the >> environment, or the section named after the executable, and (here's >> the key) you want it in the most general block possible. >> >> If there's no harm in putting it in main, you should *always* do so. >> >> Otherwise, only the named executable will have access to those >> settings. >> > > What other app in puppet uses LDAP? puppetmasterd looks in ldap for node information, and puppetd can manage users and groups in ldap. -- A lot of people mistake a short memory for a clear conscience. -- Doug Larson - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: other end went away - ONLY on HP-UX
On Mar 3, 2009, at 6:00 PM, Jewels wrote: > > I have spent the last week researching and trying to figure out this > problem. I know there are a lot of issues with "other end went away" > but I can find any relation to how I am seeing it. Only coming from > clients with HP-UX. No other system (Linux, Solaris) has this issue. > > All my other software works fine - nagios/nrpe, ocs-ng and others, but > Puppet has the error. > > Of course, like many others, everything works fine. It just fills up > log files with thousands of these messages (30+ HP-UX systems) > > Is there any other place I can look to possibly resolve this? > > puppetd[5092]: Other end went away; restarting connection and retrying This should be fixed in 0.24.x; search for that string in the ticket db and you'll see the ticket and its dupes. -- Measure with a micrometer. Mark with chalk. Cut with an axe. - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Python release?
On Mar 4, 2009, at 4:44 AM, mattimust...@gmail.com wrote: > > > > On Mar 4, 3:56 am, Luke Kanies wrote: >> >> Not to nit-pick, but it's more that I just couldn't write in the >> language. I did try pretty hard, and have since successfully written >> a bit in it (in Jython, actually), but I just could never turn my >> ideas into code in Python. And no, it wasn't the white space. >> > > Without preusing the code base, how much of Puppet is RESTful these > days? I thought work was done in this area already. Wouldn't that > imply we could interface to those parts in any language? > > /usr/bin/curl FTW! Much of Puppet's internals use the plugin interface that provides RESTful behaviour (the mythical Indirector), but 0.25 will be the first release where we actually use RESTful connections. And yes, you can kind of use curl, as long as you can get it to speak ssl, but at least initially, you'll mostly get yaml- or marshal-dumped Ruby objects, not language-agnostic information. It'll ship with support for adding things like json, but I don't want to delay the release further trying to squeeze those in. -- In theory, there is no difference between theory and practice; in practice, there is. -- Chuck Reid - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Community: How to deal with attempts at sabotage
Hi all, The underlying assumption of membership in any community is that your participation is at worst neutral, and if possible positive. Communities, online or off, generally do what they can to protect themselves from detrimental influences, which is where policies, politeness, moderators, and all that come into play. Puppet's community has been both fortunate and awesome, in that it requires almost no moderation or control; we've only had to kick a couple of people out of our IRC channel and they were clearly just insane or spammers, and we've never had to remove anyone from our mailing list other than spammers. We've recently had some problems where one or two people are maintaining their presence in the Puppet community solely as a way to recruit people out of Puppet and into their community, at the expense of ours, and I think we need a straightforward community policy on this. Overlapping communities are awesome, and I'm all for your encouraging Puppet community members to join other communities *in addition to ours*, but it seems a bit insane for us to support people coming into our community just to evangelize competing products and communities. My take is that if your participation in our community is *solely* for purposes of shrinking it by drawing people into your community at the expense of ours, then you should be kicked from our community. What do others think? Should it be acceptable to privately contact members of our community, encouraging them to leave? -- Love is the triumph of imagination over intelligence. -- H. L. Mencken - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: other end went away - ONLY on HP-UX
Hmmm - been running 24.7 for sometime now. Still there. > > This should be fixed in 0.24.x; search for that string in the ticket > db and you'll see the ticket and its dupes. > > -- > Measure with a micrometer. Mark with chalk. Cut with an axe. > - > Luke Kanies |http://reductivelabs.com|http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] using portsnap
Hi, I'm using FreeBSD and puppet-0.24.7
I want to update several ports. This, for instance, works fine:
class package_joe3{
$packagelist_joe3 = ["joe-3.*"]
package{
$packagelist_joe3:
ensure => latest,
provider => ports
}
}
problem is, that we're changing to portsnap and with portsnap
configured, the class shown above doesn't automatically install the
latest port. Does anybody know how to do that?
I know
http://reductivelabs.com/trac/puppet/wiki/PuppetFreeBSD
but that's only for updating and fetching the portsnap ports, right?
Is there anyting like
provider => portsnap
?
regards,
Bernd
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: using portsnap
Hi again,
just wanted to correct something:
If I uninstall a port, the most current one is installed. But if for
instance joe-3.5 is already installed, puppet doesn't upgrade to 3.7
(which is the current at the moment).
On Mar 4, 10:44 pm, "kuh...@gmx.net" wrote:
> Hi, I'm using FreeBSD and puppet-0.24.7
>
> I want to update several ports. This, for instance, works fine:
>
> class package_joe3{
> $packagelist_joe3 = ["joe-3.*"]
> package{
> $packagelist_joe3:
> ensure => latest,
> provider => ports
> }
>
> }
>
> problem is, that we're changing to portsnap and with portsnap
> configured, the class shown above doesn't automatically install the
> latest port. Does anybody know how to do that?
>
> I know
> http://reductivelabs.com/trac/puppet/wiki/PuppetFreeBSD
>
> but that's only for updating and fetching the portsnap ports, right?
> Is there anyting like
> provider => portsnap
> ?
>
> regards,
> Bernd
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
> What do others think? Should it be acceptable to privately contact > members of our community, encouraging them to leave? It may be rude, but as long as they're not being threatening or interfering with the communication flow, it seems it would be silly to ban them. To do so would seem to be saying that either: 1) the community members are too stupid to make their own decisions and must be protected from the dangerous teachings of the dissidents, or 2) the other community is, in fact, superior and you need to block communications in order to retain your own community. We're grown ups. If someone is bugging us out-of-band, we can tell them to go away, block their email, or decide to accompany them to their fabulous World of Wonder and Excitement. Out of curiosity, which other group is trying to snipe people away? Chef? -Ben --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
On Wed, Mar 4, 2009 at 2:32 PM, Luke Kanies wrote: > > Hi all, > > The underlying assumption of membership in any community is that your > participation is at worst neutral, and if possible positive. > Communities, online or off, generally do what they can to protect > themselves from detrimental influences, which is where policies, > politeness, moderators, and all that come into play. > > Puppet's community has been both fortunate and awesome, in that it > requires almost no moderation or control; we've only had to kick a > couple of people out of our IRC channel and they were clearly just > insane or spammers, and we've never had to remove anyone from our > mailing list other than spammers. > > We've recently had some problems where one or two people are > maintaining their presence in the Puppet community solely as a way to > recruit people out of Puppet and into their community, at the expense > of ours, and I think we need a straightforward community policy on this. > > Overlapping communities are awesome, and I'm all for your encouraging > Puppet community members to join other communities *in addition to > ours*, but it seems a bit insane for us to support people coming into > our community just to evangelize competing products and communities. > > My take is that if your participation in our community is *solely* for > purposes of shrinking it by drawing people into your community at the > expense of ours, then you should be kicked from our community. > > What do others think? Should it be acceptable to privately contact > members of our community, encouraging them to leave? > The free speech side of things could say that it is a basic right because its up to the person being contacted to choose to leave or not. Throwing people out without solid evidence is too prone to lawsuits, bad publicity for the people throwing, and can easily be made into a "They just don't want competitors on their lists" kind of game.. Also who decides, what evidence is it based off? Hearsay, emails that could have been forged [been done before].. it can devolve quickly into High School cliques of who's in and not. And that worst of all drives away potential customers who are looking for professionalism before they would want to use or be part of the community. Calling people on their behavior seems to be much more effective in that it inoculates the community that they will be aware of it. In the end it is still up to the individuals to leave/stay in a community. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
On Wed, 4 Mar 2009, Ben Beuchler wrote: > It may be rude, but as long as they're not being threatening or > interfering with the communication flow, it seems it would be silly to > ban them. To do so would seem to be saying that either: > > 1) the community members are too stupid to make their own decisions > and must be protected from the dangerous teachings of the dissidents, > or > 2) the other community is, in fact, superior and you need to block > communications in order to retain your own community. > > We're grown ups. If someone is bugging us out-of-band, we can tell > them to go away, block their email, or decide to accompany them to > their fabulous World of Wonder and Excitement. > > Out of curiosity, which other group is trying to snipe people away? Chef? At the risk of naming names, I would guess it's chef amd fujin in particular he's talking about. I'll say, that as someone who has been new at this and has had trouble, noone attempted to steer me towards them. I actually had to specifically msg him and ask him what it was he was speaking of to get it out of him. And after all that, and complaining in channel and on list that puppet was driving me crazy because it's anti-programmy, I stuck with it and didn't go to chef. As you said, we're all grown ups. I looked at the availability of examples and the userbase and decided even with it's shortcomings (and you're blind to think there aren't any), puppet was the way for me right now. Anyone who it doesn't work for will eventually find chef anyways. There is a class of people it clearly works for. To me Ruby is a language I don't want to learn enough of to utilize Chef to it's fullest, but that I may be willing to learn enough to work around some of the puppet quirks that bother me. Just my 2c. Jason -- Jason Slagle - RHCE /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail . --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: other end went away - ONLY on HP-UX
Sorry, I meant 0.24.8. We'll be putting it into rc1 Friday, hopefully. On Mar 4, 2009, at 3:41 PM, Jewels wrote: > > Hmmm - been running 24.7 for sometime now. Still there. > >> >> This should be fixed in 0.24.x; search for that string in the ticket >> db and you'll see the ticket and its dupes. >> >> -- >> Measure with a micrometer. Mark with chalk. Cut with an axe. >> - >> Luke Kanies |http://reductivelabs.com|http://madstop.com > > -- You will notice that BeOS has taken the best parts from all the major operating systems and made them its own. We've got the power of the Unix command line, the ease of use of the Macintosh interface, and Minesweeper from Windows. -- Tyler Riti - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
I do not think rights of free speech matter in this context. What matters is the type of community you want to foster and develop. I think open source communities should strive for openness and transparency. I will not use or ever recommend SugarCRM because of the posts over the vTiger fork of mine and others that were "moderated". PBX-in-a-Flash "moderated" my questions concerning the use of GPL code and their shareware install scripts. In neither case was I trying to damage the communities, but someone thought that my questions would damage their community "market share". I think the two example communities are damaged far more by the "moderation" than by the content of my post. If principles like freedom and openness are good, then I say they are always good - even when used for things we do not like. In the spirit of transparency, I see not problem with a wiki posting of community "members" that have/had practiced "bad form", but I am still slow to recommend the evaluation of individual members. -Tom On Wed, Mar 4, 2009 at 15:03, Stephen John Smoogen wrote: > > On Wed, Mar 4, 2009 at 2:32 PM, Luke Kanies wrote: > > > > Hi all, > > > > The underlying assumption of membership in any community is that your > > participation is at worst neutral, and if possible positive. > > Communities, online or off, generally do what they can to protect > > themselves from detrimental influences, which is where policies, > > politeness, moderators, and all that come into play. > > > > Puppet's community has been both fortunate and awesome, in that it > > requires almost no moderation or control; we've only had to kick a > > couple of people out of our IRC channel and they were clearly just > > insane or spammers, and we've never had to remove anyone from our > > mailing list other than spammers. > > > > We've recently had some problems where one or two people are > > maintaining their presence in the Puppet community solely as a way to > > recruit people out of Puppet and into their community, at the expense > > of ours, and I think we need a straightforward community policy on this. > > > > Overlapping communities are awesome, and I'm all for your encouraging > > Puppet community members to join other communities *in addition to > > ours*, but it seems a bit insane for us to support people coming into > > our community just to evangelize competing products and communities. > > > > My take is that if your participation in our community is *solely* for > > purposes of shrinking it by drawing people into your community at the > > expense of ours, then you should be kicked from our community. > > > > What do others think? Should it be acceptable to privately contact > > members of our community, encouraging them to leave? > > > > The free speech side of things could say that it is a basic right > because its up to the person being contacted to choose to leave or > not. Throwing people out without solid evidence is too prone to > lawsuits, bad publicity for the people throwing, and can easily be > made into a "They just don't want competitors on their lists" kind of > game.. Also who decides, what evidence is it based off? Hearsay, > emails that could have been forged [been done before].. it can devolve > quickly into High School cliques of who's in and not. And that worst > of all drives away potential customers who are looking for > professionalism before they would want to use or be part of the > community. > > Calling people on their behavior seems to be much more effective in > that it inoculates the community that they will be aware of it. In the > end it is still up to the individuals to leave/stay in a community. > > > > -- > Stephen J Smoogen. -- BSD/GNU/Linux > How far that little candle throws his beams! So shines a good deed > in a naughty world. = Shakespeare. "The Merchant of Venice" > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
On Mar 4, 2009, at 3:57 PM, Ben Beuchler wrote: > >> What do others think? Should it be acceptable to privately contact >> members of our community, encouraging them to leave? > > It may be rude, but as long as they're not being threatening or > interfering with the communication flow, it seems it would be silly to > ban them. To do so would seem to be saying that either: > > 1) the community members are too stupid to make their own decisions > and must be protected from the dangerous teachings of the dissidents, > or > 2) the other community is, in fact, superior and you need to block > communications in order to retain your own community. While I can't disagree with what you're saying, it seems to me that there's something qualitively different between discussions on the list about other projects and using the list as a marketing resource for competing projects, which is essentially what's going on here. I actually have no problem at all with people talking about Chef or Cfengine or Quattor or whatever (including commercial tools like BladeLogic or OpsWare) on the list, and in many ways I encourage it - I think our product and community can and should stand against any of them, and if it starts to fall down there I want to know so I can fix it. It's when people trawl the list looking for conversion targets whom they then contact privately that I start to get a bit put out. > > We're grown ups. If someone is bugging us out-of-band, we can tell > them to go away, block their email, or decide to accompany them to > their fabulous World of Wonder and Excitement. I expect this will be the general consensus. I hate having to behave like an adult, rather than a petulant, jealous 9 year old. :) > > Out of curiosity, which other group is trying to snipe people away? > Chef? Importantly, it's not a group, it's an individual member of the Chef community, AJ/fujin. -- God loved the birds and invented trees. Man loved the birds and invented cages. -- Jacques Deval - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Get uncaught exception when using LDAP users in multiple groups
More on this problem, I found the --trace option and enabled it and get this out of a puppetd run with the setup I listed earlier. [r...@myhost manifests]# puppetd --test --noop --tags users --trace info: Loading fact drbd info: Retrieving facts info: Loading fact drbd warning: Found multiple default providers for group: ldap, groupadd; using ldap warning: Found multiple default providers for user: ldap, useradd; using ldap info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run notice: //Node[basicnode]/users/Sysusersetup[apache]/Usersetup[apache]/User[apache]/groups: is upload, should be upload,opt-query (noop) notice: //Node[basicnode]/users/Ldapuser[opt-query]/User[opt-query]/gid: is 504, should be 504 (noop) notice: //Node[basicnode]/users/Ldapuser[opt-arch]/User[opt-arch]/gid: is 503, should be 503 (noop) /usr/lib/ruby/site_ruby/1.8/puppet/property/list.rb:13:in `is_to_s' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:49:in `go' /usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:72:in `forward' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:118:in `apply_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `apply_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:256:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:180:in `benchmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:255:in `run' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:237:in `run' /usr/sbin/puppetd:417 /usr/lib/ruby/site_ruby/1.8/puppet/property/list.rb:13:in `is_to_s' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:124:in `apply_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `apply_changes' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in `eval_resource' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect' /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate' /usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:256:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:180:in `benchmark' /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:255:in `run' /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:237:in `run' /usr/sbin/puppetd:417 err: Got an uncaught exception of type NoMethodError: undefined method `join' for :absent:Symbol notice: Finished catalog run in 4.96 seconds Trevor Hemsley wrote: > Hi all > > I am using puppet 0.24.7 on Centos 5.2 and am attempting to set up users > in LDAP via puppet. I am getting an error msg that says > > err: Got an uncaught exception of type NoMethodError: undefined method > `join' for :absent:Symbol > > on the second run of puppetd. First
[Puppet Users] Re: Community: How to deal with attempts at sabotage
On Wed, 2009-03-04 at 16:59 -0600, Luke Kanies wrote: > > > > We're grown ups. If someone is bugging us out-of-band, we can tell > > them to go away, block their email, or decide to accompany them to > > their fabulous World of Wonder and Excitement. > > I expect this will be the general consensus. I think the only workable solution is to ignore it - not because it's a good solution, but because all the others are even less palatable. And if you are at the receiving end of what feels like an improper recruitment attempt, send your reply to the list. Ultimately, such attempts are much more damaging to the other community than to puppet's. > I hate having to behave like an adult, rather than a petulant, jealous > 9 year old. :) Don't we all ? And yet, nothing drives my 2.5 year old madder than being ignored. > > Out of curiosity, which other group is trying to snipe people away? > > Chef? > > Importantly, it's not a group, it's an individual member of the Chef > community, AJ/fujin. I can't speak to anything he may or may not have done (certainly not from first-hand experience) - one thing that has been sorely missing though is more discussion around the technical merits of one over the other (polite, reasoned discussion !). I certainly don't know enough about the two why they have to be entirely separate projects, instead of having another frontend for Puppet; looking at the bigger picture, I don't understand why Chef can't be another frontend for Puppet, nor do I think that this split is in the best interest of either community or OSS config mgmt in general. David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
On Mar 4, 2009, at 5:45 PM, David Lutterkort wrote: > > On Wed, 2009-03-04 at 16:59 -0600, Luke Kanies wrote: >>> >>> We're grown ups. If someone is bugging us out-of-band, we can tell >>> them to go away, block their email, or decide to accompany them to >>> their fabulous World of Wonder and Excitement. >> >> I expect this will be the general consensus. > > I think the only workable solution is to ignore it - not because > it's a > good solution, but because all the others are even less palatable. And > if you are at the receiving end of what feels like an improper > recruitment attempt, send your reply to the list. Ultimately, such > attempts are much more damaging to the other community than to > puppet's. That's a great idea - just replying publicly to those private emails. > >> I hate having to behave like an adult, rather than a petulant, >> jealous >> 9 year old. :) > > Don't we all ? And yet, nothing drives my 2.5 year old madder than > being > ignored. Heh. My kids seem to get maddest when being locked in the basement, but YMMV. :) > >>> Out of curiosity, which other group is trying to snipe people away? >>> Chef? >> >> Importantly, it's not a group, it's an individual member of the Chef >> community, AJ/fujin. > > I can't speak to anything he may or may not have done (certainly not > from first-hand experience) - one thing that has been sorely missing > though is more discussion around the technical merits of one over the > other (polite, reasoned discussion !). > > I certainly don't know enough about the two why they have to be > entirely > separate projects, instead of having another frontend for Puppet; > looking at the bigger picture, I don't understand why Chef can't be > another frontend for Puppet, nor do I think that this split is in the > best interest of either community or OSS config mgmt in general. I have the same confusion, but the initial publication of Chef was made with many claims that it was just easier for them to start again than to try to understand Puppet's code base or to try to participate as developers. Of course, this is a development truism: It's *always* easier to start from scratch, it's just not not always better. -- It is well to remember that the entire universe, with one trifling exception, is composed of others. --John Andrew Holmes - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Community: How to deal with attempts at sabotage
Luke Kanies wrote: > I have the same confusion, but the initial publication of Chef was > made with many claims that it was just easier for them to start again > than to try to understand Puppet's code base or to try to participate > as developers. Of course, this is a development truism: It's *always* > easier to start from scratch, it's just not not always better. Starting is easy; finishing is harder. -- Frank Sweetser fs at wpi.edu | For every problem, there is a solution that WPI Senior Network Engineer | is simple, elegant, and wrong. - HL Mencken GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] visualizations
Hello! My puppet scripts have gotten complicated, and I'd like to visualize what's going on. I've seen http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#how-do-i-use-puppet-s-graphing-support , but I find that the graph is pretty unwieldy, and graphviz renders it illegibly. Has anyone had much success getting complicated puppet configurations to graph nicely? I'd also love to get the graph before running on real machines: presumably, given the manifest files, the DAG is consistent? On a somewhat related note, does anyone have puppet manifests for installing puppetshow to share? Thanks, -- Philip --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: visualizations
On Mar 4, 2009, at 6:01 PM, Philip Zeyliger wrote: > > Hello! > > My puppet scripts have gotten complicated, and I'd like to visualize > what's going on. I've seen > http://reductivelabs.com/trac/puppet/wiki/FrequentlyAskedQuestions#how-do-i-use-puppet-s-graphing-support > , but I find that the graph is pretty unwieldy, and graphviz renders > it illegibly. Has anyone had much success getting complicated puppet > configurations to graph nicely? I'd also love to get the graph before > running on real machines: presumably, given the manifest files, the > DAG is consistent? The DAG is per-machine, so it's not consistent for manifests, but it should be consistent for a set of manifests and node facts. > > On a somewhat related note, does anyone have puppet manifests for > installing puppetshow to share? Should, but don't. :/ -- The trouble with the rat race is that even if you win, you're still a rat. -- Lily Tomlin - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Get uncaught exception when using LDAP users in multiple groups
Definitely a bug; can you file it with the stack trace? On Mar 4, 2009, at 5:10 PM, Trevor Hemsley wrote: > > More on this problem, I found the --trace option and enabled it and > get > this out of a puppetd run with the setup I listed earlier. > > [r...@myhost manifests]# puppetd --test --noop --tags users --trace > info: Loading fact drbd > info: Retrieving facts > info: Loading fact drbd > warning: Found multiple default providers for group: ldap, groupadd; > using ldap > warning: Found multiple default providers for user: ldap, useradd; > using > ldap > info: Caching catalog at /var/lib/puppet/localconfig.yaml > notice: Starting catalog run > notice: > //Node[basicnode]/users/Sysusersetup[apache]/Usersetup[apache]/ > User[apache]/groups: > is upload, should be upload,opt-query (noop) > notice: //Node[basicnode]/users/Ldapuser[opt-query]/User[opt-query]/ > gid: > is 504, should be 504 (noop) > notice: //Node[basicnode]/users/Ldapuser[opt-arch]/User[opt-arch]/gid: > is 503, should be 503 (noop) > /usr/lib/ruby/site_ruby/1.8/puppet/property/list.rb:13:in `is_to_s' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:49:in `go' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction/change.rb:72:in > `forward' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:118:in > `apply_changes' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in > `apply_changes' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in > `eval_resource' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in > `eval_resource' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:256:in > `run' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:180:in `benchmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:255:in > `run' > /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:237:in > `run' > /usr/sbin/puppetd:417 > /usr/lib/ruby/site_ruby/1.8/puppet/property/list.rb:13:in `is_to_s' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:124:in > `apply_changes' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in `collect' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:111:in > `apply_changes' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:83:in `apply' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:239:in > `eval_resource' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:238:in > `eval_resource' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:310:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:425:in `thinmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:424:in `thinmark' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:309:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `collect' > /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:303:in `evaluate' > /usr/lib/ruby/site_ruby/1.8/puppet/node/catalog.rb:124:in `apply' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:256:in > `run' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:180:in `benchmark' > /usr/lib/ruby/1.8/benchmark.rb:293:in `measure' > /usr/lib/ruby/1.8/benchmark.rb:307:in `realtime' > /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:179:in `benchmark' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:255:in > `run' > /usr/lib/ruby/1.8/sync.rb:229:in `synchronize' > /usr/lib/ruby/site_ruby/1.8/puppet/network/client/master.rb:237:in > `run' > /usr/sbin/puppetd:417 > err: Got an uncaught exception of type NoMethodError: undefined method > `join' for :absent:Symbol > noti
[Puppet Users] Re: Get uncaught exception when using LDAP users in multiple groups
Luke Kanies wrote: > Definitely a bug; can you file it with the stack trace? > Bug #2050. I'm willing to work with anyone to help debug this as it has crippled my development of a new grid that I have to roll out very soon. Thanks. -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * 4th Floor, Tower Point, 44 North Road, Brighton, BN1 1YR, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 . www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups
Hey guys,
David Lutterkort wrote:
> If you have Augeas 0.4.1 on both the puppet client and master (count was
> only added in 0.4.1) this should work. Bryan, any ideas what could be
> wrong ?
Just a follow-up and warning: if you try this on an older version of
augeas (0.3.5 in my case), it tends to erase the contents of all the files.
Here is my pam class:
#
# Module: pam
#
class pam {
augeas { "pam_set_cracklib":
context => "/files/etc/pam.d/system-auth",
changes => [ "rm
*[module='pam_cracklib.so'][type='password']/argument",
"set
*[module='pam_cracklib.so'][type='password']/argument[1]
retry=3",
"set
*[module='pam_cracklib.so'][type='password']/argument[2]
lcredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[3]
ucredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[4]
dcredit=1",
"set
*[module='pam_cracklib.so'][type='password']/argument[5]
ocredit=1"],
onlyif => "get
*[module='pam_cracklib.so'][type='password']/argument[1] != retry=3",
}
augeas { "pam_set_unix":
context => "/files/etc/pam.d/system-auth",
changes => [ "rm *[module='pam_unix.so'][type='password']/argument",
"set
*[module='pam_unix.so'][type='password']/argument[1] md5",
"set
*[module='pam_unix.so'][type='password']/argument[2] shadow",
"set
*[module='pam_unix.so'][type='password']/argument[3] try_first_pass",
"set
*[module='pam_unix.so'][type='password']/argument[4] use_authtok",
"set
*[module='pam_unix.so'][type='password']/argument[5] remember=7", ],
onlyif => "get
*[module='pam_unix.so'][type='password']/argument[1] != md5",
}
# augeas { "pam_set_su_wheel":
# context => "/files/etc/pam.d/su",
# changes => [ "ins 1000 after
*[type='auth'][module='pam_rootok.so']",
#"set 1000/type auth",
#"set 1000/control required",
#"set 1000/module pam_wheel.so" ],
# onlyif => "match
*[type='auth'][control='required'][module='pam_wheel.so'] size == 0",
# }
augeas { "pam_remove_console":
context => "/files/etc/pam.d/",
changes => "rm */*[module='pam_console.so']",
onlyif => "match */*[module='pam_console.so'] size > 0",
}
augeas { "pam_remove_rhosts_auth":
context => "/files/etc/pam.d",
changes => "rm */*[module='pam_rhosts_auth.so']",
onlyif => "match */*[module='pam_rhosts_auth.so'] size > 0",
}
}
When this ran on a machine that had augeas-libs 0.3.5, it erased the
contents of all the files in /etc/pam.d. That was fun to fix, especially
as this happened to the puppet master itself.
I'm not sure exactly which one of these caused the problem. I wasn't
about to do detailed troubleshooting, because I needed to get my puppet
master allowing logins. :)
Anyway, just thought I'd let you all know.
cYa,
Avi
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
