Re: [Puppet Users] Proper DNS configuration with Puppet
On 18.01.2010 23:33, Scott Smith wrote: On 1/18/10 1:11 PM, Forrie wrote: Puppet docs require a PUPPET server name -- which I presumed a CNAME would suffice. However, I'm finding that's not the case - as the SSL cert generated is for the actual system name pupptmasterd runs on (makes sense). The server that puppetmasterd is running on services other purposes, and I don't want to call it puppet. I'm wondering if this is simply for cosmetic needs say, for new clients. Use a DNS alias with no PTR or a CNAME. Also look at the certdnsnames parameter. -scott CNAME dns entries work with puppet. You must realize that they might not be as reliable, but they work. Make sure the value of server config parameter on the client is either equal to certname or in certdnsnames on the server. This also goes for the client on the server. Check http://docs.reductivelabs.com/references/stable/configuration.html for further details ;) Silviu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Proper DNS configuration with Puppet
Your forward DNS name can be anything. Your reverse DNS name *must* be one of the DNS entries in your cert, the primary hostname by default. Trevor On Mon, Jan 18, 2010 at 4:11 PM, Forrie wrote: > Puppet docs require a PUPPET server name -- which I presumed a CNAME > would suffice. However, I'm finding that's not the case - as the SSL > cert generated is for the actual system name pupptmasterd runs on > (makes sense). > > The server that puppetmasterd is running on services other purposes, > and I don't want to call it puppet. I'm wondering if this is simply > for cosmetic needs say, for new clients. > > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Proper DNS configuration with Puppet
On Jan 18, 3:11 pm, Forrie wrote: > Puppet docs require a PUPPET server name -- which I presumed a CNAME > would suffice. However, I'm finding that's not the case - as the SSL > cert generated is for the actual system name pupptmasterd runs on > (makes sense). > > The server that puppetmasterd is running on services other purposes, > and I don't want to call it puppet. I'm wondering if this is simply > for cosmetic needs say, for new clients. Puppetd is configured to use the server name "puppet" by default, but you can easily point it to any other name. The startup option -- server= does this. If you have installed Puppet via the RPM then you have a file /etc/sysconfig/puppet wherein you can record the appropriate server name; the init script thereafter will automatically add that option when it starts puppetd. Using the default name can be somewhat advantageous when bringing up new clients from scratch (one less thing to manually configure), but otherwise I don't think it gains you anything. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Proper DNS configuration with Puppet
hey, - "jcbollinger" wrote: > On Jan 18, 3:11 pm, Forrie wrote: > > Puppet docs require a PUPPET server name -- which I presumed a > CNAME > > would suffice. However, I'm finding that's not the case - as the > SSL > > cert generated is for the actual system name pupptmasterd runs on > > (makes sense). > > > > The server that puppetmasterd is running on services other > purposes, > > and I don't want to call it puppet. I'm wondering if this is > simply > > for cosmetic needs say, for new clients. > > Puppetd is configured to use the server name "puppet" by default, but > you can easily point it to any other name. The startup option -- > server= does this. If you have installed Puppet > via the RPM then you have a file /etc/sysconfig/puppet wherein you can > record the appropriate server name; the init script thereafter will > automatically add that option when it starts puppetd. I'd avoid editing the sysconfig file for this purpose, it just makes running commands like puppetd --test a pain. Editing the puppet.conf is best. Changing the hostname also has implications on the server thought to keep in mind. > > Using the default name can be somewhat advantageous when bringing up > new clients from scratch (one less thing to manually configure), but > otherwise I don't think it gains you anything. It also takes away, say you manage laptops and you use 'puppet' you can have quite big problems if you move that laptop to another environment that also use puppet. For servers on a lan though it helps a lot. CNAMEs work perfectly. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Proper DNS configuration with Puppet
R.I.Pienaar wrote: > I'd avoid editing the sysconfig file for this purpose, it just makes > running commands like puppetd --test a pain. Editing the > puppet.conf is best. That's good advice. As David Lutterkort noted in #2699¹: "... the sysconfig files were created before puppet had its own config files; nowadays, they are not needed anymore, and we should figure out ways to remove them completely (maybe start with including a comment at the top "Legacy cruft - set these up in the puppet config files instead")" We didn't go that far because things like PUPPETMASTER_PORTS=( 18140 18141 18142 18143 ) aren't something that can be handled in the puppet.conf. But most of the other settings in the sysconfig files are better placed in puppet.conf. Does adding something like this to the top of the sysconfig files sound good? # # NOTE: Most of these options are better set in /etc/puppet/puppet.conf # ¹ http://projects.reductivelabs.com/issues/2699#note-6 -- ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ All I really want for Christmas is Santa's list of Naughty Girls. pgpRPijJrNKBs.pgp Description: PGP signature
Re: [Puppet Users] Partitioning disk with Puppet
On Mon, Jan 18, 2010 at 9:17 PM, Ohad Levy wrote: > Yeah, that's true, but in my opinion cobbler support in Puppet is lacking, > that was one of the reason I've started Foreman. > > cheers, > Ohad You may also want to look at Symbolic, which integrates Puppet, Func, and Cobbler all together in a common UI. ( http://www.opensymbolic.org/ ) You still create profiles in Cobber (it does not duplicate the Cobbler UI) but it lets you provision them from there after picking them from dropdowns. --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best way to make puppet temporarily ignore a file?
I'd like others to have the option to temporarily disable puppet from modify a file or directory...something along the lines of: ./something.conf.lock causes ./something.conf to NOT be modified by puppet for as long the lock file exists it'd also be nice to be able to disable an entire directory from being modified if the file: ./PUPPET-DISABLE is present. basically the 'unless' parameter as is present in the Exec type... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
2010/1/19 jb : > I'd like others to have the option to temporarily disable puppet from > modify a file or directory...something along the lines of: > > ./something.conf.lock > > causes > > ./something.conf > > to NOT be modified by puppet for as long the lock file exists We discussed the concept of a maintenance mode during PuppetCamp, which would serve that purpose. I don't recall if there is a feature request in redmine for it already but you might want to check. It's quite a complex feature to implement but it's worth thinking about the requirements and impact. What is the underlying thing you are trying to achieve with this mechanism? Paul -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
As this would generally be a manual change, I would use 'chattr +i' on Linux systems. Trevor On Tue, Jan 19, 2010 at 3:14 PM, jb wrote: > I'd like others to have the option to temporarily disable puppet from > modify a file or directory...something along the lines of: > > ./something.conf.lock > > causes > > ./something.conf > > to NOT be modified by puppet for as long the lock file exists > > it'd also be nice to be able to disable an entire directory from being > modified if the file: > > ./PUPPET-DISABLE > > is present. basically the 'unless' parameter as is present in the Exec > type... > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
Trevor Vaughan wrote: As this would generally be a manual change, I would use 'chattr +i' on Linux systems. I haven't tried, but won't this cause the client to throw an error? -scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
Yes. But, in theory, this is a temporary measure. If it's not, then why are you managing that file in the first place? Trevor On Tue, Jan 19, 2010 at 3:54 PM, Scott Smith wrote: > Trevor Vaughan wrote: >> >> As this would generally be a manual change, I would use 'chattr +i' on >> Linux systems. >> > > I haven't tried, but won't this cause the client to throw an error? > > -scott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] up2date + arch
I'm having an issue using package resources on RHEL 4 systems using up2date with RHN. I need to ensure that libacl.i386 is installed on a x86_64 system, however the up2date provider does not seem to like the yum syntax for specifying arch, and there doesn't seem to be any other method for doing so. I found this thread, http://projects.reductivelabs.com/issues/2043, that is the same issue, but apparently no progress has been made on it in 10 months. Considering there are a large number of RHEL4 / Centos4 boxes around, I am surprised that a solution for this has not been implemented yet. Does anyone have a solution for this? Can I extend the package resource somehow to allow up2date to handle the arch properly? Thanks, James C. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
Trevor Vaughan wrote: Yes. But, in theory, this is a temporary measure. If it's not, then why are you managing that file in the first place? I monitor puppetd errors with splunk, so this could cause someone to get paged =( Good idea for those of us who don't, though :) (If I see a feature request for this, I'll definitely upvote it.) -scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
On Tue, Jan 19, 2010 at 1:21 PM, Scott Smith wrote: > Trevor Vaughan wrote: > >> Yes. But, in theory, this is a temporary measure. >> >> If it's not, then why are you managing that file in the first place? >> >> > I monitor puppetd errors with splunk, so this could cause someone to get > paged =( > > Good idea for those of us who don't, though :) > > (If I see a feature request for this, I'll definitely upvote it.) > It would be reasonably trivial to subclass the File type to not apply changes if /path/to/file.notouch exists I think. I'm really torn about this though. Do you really want puppet thinking a resource has been applied when it hasn't been? This complicates dependencies an awful lot We've been considering it as a short-term band-aid for some situations, where the notouch file only works for a given period of time. > > -scott > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: best way to make puppet temporarily ignore a file?
The scenario is this: developer needs, in an emergency situation, to edit a file that is normally under puppet control (it's a conf file for our java servlet engine). I'm not around to help out, he may not have root. I'd fully want/expect this to generate a puppet error, at least in my case, though this should be an option I'd imagine. Again, basically like 'unless' on the exec type...or 'onlyif' but with a negative check.. On Jan 19, 1:37 pm, Nigel Kersten wrote: > On Tue, Jan 19, 2010 at 1:21 PM, Scott Smith wrote: > > Trevor Vaughan wrote: > > >> Yes. But, in theory, this is a temporary measure. > > >> If it's not, then why are you managing that file in the first place? > > > I monitor puppetd errors with splunk, so this could cause someone to get > > paged =( > > > Good idea for those of us who don't, though :) > > > (If I see a feature request for this, I'll definitely upvote it.) > > It would be reasonably trivial to subclass the File type to not apply > changes if /path/to/file.notouch exists I think. > > I'm really torn about this though. Do you really want puppet thinking a > resource has been applied when it hasn't been? This complicates dependencies > an awful lot > > We've been considering it as a short-term band-aid for some situations, > where the notouch file only works for a given period of time. > > > > > > > > > -scott > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > groups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. > > -- > nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: best way to make puppet temporarily ignore a file?
In my case the developer may not have root access On Jan 19, 12:39 pm, Trevor Vaughan wrote: > As this would generally be a manual change, I would use 'chattr +i' on > Linux systems. > > Trevor > > > > > > On Tue, Jan 19, 2010 at 3:14 PM, jb wrote: > > I'd like others to have the option to temporarily disable puppet from > > modify a file or directory...something along the lines of: > > > ./something.conf.lock > > > causes > > > ./something.conf > > > to NOT be modified by puppet for as long the lock file exists > > > it'd also be nice to be able to disable an entire directory from being > > modified if the file: > > > ./PUPPET-DISABLE > > > is present. basically the 'unless' parameter as is present in the Exec > > type... > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/puppet-users?hl=en. > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > tvaug...@onyxpoint.com > > -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using ruby-1.9.x with Puppet 0.25.x
I read somewhere recently about problems with Puppet and Ruby 1.9. I'm wondering if this is still an issue? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Why not use the 'noop' metaparam? Instead of a notouch file, how about .file.noop which would simply set noop => 'true' for that run perhaps with an extended message about using a noop file. Trevor On 01/19/2010 04:37 PM, Nigel Kersten wrote: > On Tue, Jan 19, 2010 at 1:21 PM, Scott Smith wrote: > >> Trevor Vaughan wrote: >> >>> Yes. But, in theory, this is a temporary measure. >>> >>> If it's not, then why are you managing that file in the first place? >>> >>> >> I monitor puppetd errors with splunk, so this could cause someone to get >> paged =( >> >> Good idea for those of us who don't, though :) >> >> (If I see a feature request for this, I'll definitely upvote it.) >> > > It would be reasonably trivial to subclass the File type to not apply > changes if /path/to/file.notouch exists I think. > > I'm really torn about this though. Do you really want puppet thinking a > resource has been applied when it hasn't been? This complicates dependencies > an awful lot > > We've been considering it as a short-term band-aid for some situations, > where the notouch file only works for a given period of time. > > >> >> -scott >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> >> >> > > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktWThYACgkQyWMIJmxwHpTJrACfT+6fZ/FFZhIEus6qHwWNyPSL SYsAmwQEp93lG1sH0QO6M8C9W+ymcevF =3SC5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] multiple packages by the same name
I'm running into a problem with trying to get both an rpm and a gem
installed that have the same name. Predictably, this is the mysql
package.
Currently my mysql class's look like:
class mysql {
service { 'mysql':
ensure => 'running',
enable => true
}
user { 'mysql':
shell => '/bin/bash',
home => '/var/lib/mysql',
ensure => 'present',
comment => 'MySQL database admin'
}
group { 'mysql':
ensure => 'present'
}
$dependencies = $operatingsystem ? {
sles=> [ "mysql", ],
}
package { "MySQLServer":
ensure => present,
name => $dependencies,
}
}
class mysql::gem {
include rubygems
$gems_needed = ['mysql',]
package { "MySQLGems":
name => $gems_needed,
ensure => present,
provider => gem,
}
}
—
That is an attempt to get both the package and the gem included
correctly.
The error that puppet gives me is:
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
Cannot alias Package[MySQLGems] to mysql; resource Package[mysql]
already exists at /etc/puppet/modules/mysql/manifests/init.pp:59 on node
bob.test.local
Any help in figuring out a way to achieve the installation (and
management) of both the rpm package and the ruby gem would be greatly
appreciated.
Thanks,
Matt Delves
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Partitioning disk with Puppet
Hi Michael, Happy to see you around puppet :) Thanks, I did see it before, I still chose to implement foreman, a few of the reasons were: 1. I need to support non RH servers (e.g. Debian and Solaris where func and friends don't play ball) 2. I wanted to have one single interface regardless on the os used - e.g. creation of machine is the same processes. 3. I wanted to have a centralized solution - where you can manage many subnets (and datacenters) from one console. 4. Inventory, and Puppet reporting. I know that the Foreman is still lacking some of the features I've mentioned, but its on the right track :) Cheers, Ohad On Wed, Jan 20, 2010 at 12:50 AM, Michael DeHaan wrote: > On Mon, Jan 18, 2010 at 9:17 PM, Ohad Levy wrote: > > Yeah, that's true, but in my opinion cobbler support in Puppet is > lacking, > > that was one of the reason I've started Foreman. > > > > cheers, > > Ohad > > You may also want to look at Symbolic, which integrates Puppet, Func, > and Cobbler all together in a common UI. > ( http://www.opensymbolic.org/ ) > > You still create profiles in Cobber (it does not duplicate the Cobbler > UI) but it lets you provision them from there after picking them from > dropdowns. > > --Michael > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] best way to make puppet temporarily ignore a file?
what about allowing the users to modify the tag lists? Ideally, you would need a black list tag, which a script could read and feed into puppetd command line arguments. cheers, Ohad On Wed, Jan 20, 2010 at 4:14 AM, jb wrote: > I'd like others to have the option to temporarily disable puppet from > modify a file or directory...something along the lines of: > > ./something.conf.lock > > causes > > ./something.conf > > to NOT be modified by puppet for as long the lock file exists > > it'd also be nice to be able to disable an entire directory from being > modified if the file: > > ./PUPPET-DISABLE > > is present. basically the 'unless' parameter as is present in the Exec > type... > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ANNOUNCE: Puppet 0.25.4 - Release Candidate 2 available!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You wanted "release early, release often" and the Puppet team has delivered! The 0.25.4 release is a maintenance release (with one important feature - pre/post transaction hooks - discussed below) in the 0.25.x branch. The release addresses a regression introduced in 0.25.3 that caused issues with creating cron jobs. We apologise for the brief interval between releases and the failure to identify this new regression sooner. The Reductive Labs team is working to further extend the testing infrastructure used for new releases to better help us better test across multiple platforms and versions. The release candidate is available at: http://reductivelabs.com/downloads/puppet/puppet-0.25.4rc2.tar.gz Please note that all final releases of Puppet are signed with the Reductive Labs key. http://reductivelabs.com/trac/puppet/wiki/DownloadingPuppet#verifying-puppet-downloads Please test this release candidate and report feedback via the Reductive Labs Redmine site: http://projects.reductivelabs.com Please select an affected version of 0.25.4rc2. RELEASE NOTES Pre/Post Transaction hooks - -- There is a new feature in this release: pre and post transaction hooks. These hooks allow you to specify commands that should be run pre and post a Puppet configuration transaction. They are set with the prerun_command and postrun_command settings in the puppet.conf configuration file. prerun_command = /bin/runbeforetransaction postrun_command = /bin/runaftertransaction The command must exit with 0, i.e. succeed, otherwise the transaction will fail - if the pre command fails before the transaction is run and if the post command fails at the end of the transaction. CHANGELOG * Bug #2845: Cron entries using "special" parameter lose their title when changed * Bug #3001: Can't manage broken links * Bug #3039: 0.25.3 gem spec specifies the executables incorrectly * Bug #3075: sshkey host aliases broken by fix for #2813 * Feature #2914: Transactions should have before and after hooks Regards James Turnbull - -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS1ZyVyFa/lDkFHAyAQJOvAgA4MQIYhesHGYKRpqo4/5KgSfc9GaA/Gcm GWU6z7Dgk5HjyXFJoxHVoe0wovVmvnZIg//0ygtkkCwXd9+UKPIuLjNJ8RwF6ox2 TdfwmZWpBmSR2z56z7UGHid5lam4Mn5+9FmH7Ho0hIBdc6kN/wH0pClJpu02zCKs k0PQCzBlkiBKTTgyRyh9AFo1UhzrFjMdNjdUbkDiU0VHGZjYkdl4f9FbmzI/k703 d2VcAY6xag6svKPCWk73DTZGS+T2rhnseHxctbsgux61p0MV9Frof2w5wBxL8r7u kmL+biceFJs+lyvaqlsjk7vHOg1DAFRaZ6o+y10UK+FBjmjSatyPXA== =8f7d -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: port 8139 not opening up
my server being on 0.24.8 and this machine on which port is not opening is on 0.25.1 The other client machines on which i have been able to open up the port are on 0.24.8. Is it because of this that port isn't opening up?Please revert.If thats the case will try with version 0.24.8 on client. On Jan 18, 9:03 pm, Dan Bode wrote: > what version of puppet are you using? > > On Mon, Jan 18, 2010 at 4:20 AM, lovewadhwa wrote: > > Hi > > > I have n't been able to figure out.If puppet developers could help me > > out on dis. > > > On Jan 13, 9:34 am, lovewadhwa wrote: > > > Hi all > > > > Please help concerning the problem.Is there any other thing besides " > > > listen=true" directive which refrains from the port being opened? > > > please help. > > > > On Jan 12, 6:00 pm, Ohad Levy wrote: > > > > > i think that you need the host fqdn in there, but thats another story > > :) > > > > > On Tue, Jan 12, 2010 at 8:58 PM, lovewadhwa > > wrote: > > > > > Yes in /etc/puppet, i have namespaceauth.conf which contains > > allownace > > > > > to all.The entry in namespaceauth.conf file is > > > > > > [puppetrunner] > > > > > allow * > > > > > > On Jan 12, 5:43 pm, Ohad Levy wrote: > > > > > > did you setup a namespaceauth file? > > > > > > > Ohad > > > > > > > On Tue, Jan 12, 2010 at 7:56 PM, lovewadhwa > > > > > wrote: > > > > > > > Hi all > > > > > > > > If anyone please could help me out.I tried everything but amn't > > > > > > > getting where's the problem. > > > > > > > > On Jan 11, 4:03 pm, lovewadhwa wrote: > > > > > > > > I had following parameters set in my conf file.When i run > > puppetd, it > > > > > > > > isn't opening the desired port.I have specified "listen=true" > > in my > > > > > > > > conf file but still the port is n't opening.This is what my > > conf file > > > > > > > > contains: > > > > > > > > > [main] > > > > > > > > server = puppet.resdex.com > > > > > > > > vardir = /var/lib/puppet > > > > > > > > logdir = /var/log/puppet > > > > > > > > rundir = /var/run/puppet > > > > > > > > ssldir = $vardir/ssl > > > > > > > > [puppetd] > > > > > > > > classfile = $vardir/classes.txt > > > > > > > > localconfig = $vardir/localconfig > > > > > > > > listen=true > > > > > > > > user = puppet > > > > > > > > bindaddress=10.X.X.X > > > > > > > > certname=10.X.X.X > > > > > > > > > When i start the puppetd with the following command: > > > > > > > > > puppetd --no-daemonize --debug --verbose > > > > > > > > > it provides me this output > > > > > > > > > debug: Failed to load library 'shadow' for feature 'libshadow' > > > > > > > > debug: Puppet::Type::User::ProviderDirectoryservice: file > > /usr/bin/ > > > > > > > > dscl does not exist > > > > > > > > debug: Puppet::Type::User::ProviderPw: file pw does not exist > > > > > > > > debug: Puppet::Type::User::ProviderUser_role_add: file roledel > > does > > > > > > > > not exist > > > > > > > > debug: Failed to load library 'ldap' for feature 'ldap' > > > > > > > > debug: Puppet::Type::User::ProviderLdap: feature ldap is > > missing > > > > > > > > > I don't see if port not opening has to do anything with above > > output. > > > > > > > > The command runs but the port is not opening.Please help. > > > > > > > > -- > > > > > > > You received this message because you are subscribed to the > > Google > > > > > Groups > > > > > > > "Puppet Users" group. > > > > > > > To post to this group, send email to > > puppet-us...@googlegroups.com. > > > > > > > To unsubscribe from this group, send email to > > > > > > > puppet-users+unsubscr...@googlegroups.com > > > > > > > > > > > > > > > > > > . > > > > > > > For more options, visit this group at > > > > > > >http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > Groups > > > > > "Puppet Users" group. > > > > > To post to this group, send email to puppet-us...@googlegroups.com. > > > > > To unsubscribe from this group, send email to > > > > > puppet-users+unsubscr...@googlegroups.com > > > > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/puppet-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: port 8139 not opening up
clients must be equal or older then the server... are you sure your setup is working? On Wed, Jan 20, 2010 at 1:39 PM, lovewadhwa wrote: > my server being on 0.24.8 and this machine on which port is not > opening is on 0.25.1 > > The other client machines on which i have been able to open up the > port are on 0.24.8. > Is it because of this that port isn't opening up?Please revert.If > thats the case will try with version 0.24.8 on client. > > > > On Jan 18, 9:03 pm, Dan Bode wrote: > > what version of puppet are you using? > > > > On Mon, Jan 18, 2010 at 4:20 AM, lovewadhwa > wrote: > > > Hi > > > > > I have n't been able to figure out.If puppet developers could help me > > > out on dis. > > > > > On Jan 13, 9:34 am, lovewadhwa wrote: > > > > Hi all > > > > > > Please help concerning the problem.Is there any other thing besides " > > > > listen=true" directive which refrains from the port being opened? > > > > please help. > > > > > > On Jan 12, 6:00 pm, Ohad Levy wrote: > > > > > > > i think that you need the host fqdn in there, but thats another > story > > > :) > > > > > > > On Tue, Jan 12, 2010 at 8:58 PM, lovewadhwa > > > wrote: > > > > > > Yes in /etc/puppet, i have namespaceauth.conf which contains > > > allownace > > > > > > to all.The entry in namespaceauth.conf file is > > > > > > > > [puppetrunner] > > > > > > allow * > > > > > > > > On Jan 12, 5:43 pm, Ohad Levy wrote: > > > > > > > did you setup a namespaceauth file? > > > > > > > > > Ohad > > > > > > > > > On Tue, Jan 12, 2010 at 7:56 PM, lovewadhwa < > lovewad...@gmail.com> > > > > > > wrote: > > > > > > > > Hi all > > > > > > > > > > If anyone please could help me out.I tried everything but > amn't > > > > > > > > getting where's the problem. > > > > > > > > > > On Jan 11, 4:03 pm, lovewadhwa wrote: > > > > > > > > > I had following parameters set in my conf file.When i run > > > puppetd, it > > > > > > > > > isn't opening the desired port.I have specified > "listen=true" > > > in my > > > > > > > > > conf file but still the port is n't opening.This is what my > > > conf file > > > > > > > > > contains: > > > > > > > > > > > [main] > > > > > > > > > server = puppet.resdex.com > > > > > > > > > vardir = /var/lib/puppet > > > > > > > > > logdir = /var/log/puppet > > > > > > > > > rundir = /var/run/puppet > > > > > > > > > ssldir = $vardir/ssl > > > > > > > > > [puppetd] > > > > > > > > > classfile = $vardir/classes.txt > > > > > > > > > localconfig = $vardir/localconfig > > > > > > > > > listen=true > > > > > > > > > user = puppet > > > > > > > > > bindaddress=10.X.X.X > > > > > > > > > certname=10.X.X.X > > > > > > > > > > > When i start the puppetd with the following command: > > > > > > > > > > > puppetd --no-daemonize --debug --verbose > > > > > > > > > > > it provides me this output > > > > > > > > > > > debug: Failed to load library 'shadow' for feature > 'libshadow' > > > > > > > > > debug: Puppet::Type::User::ProviderDirectoryservice: file > > > /usr/bin/ > > > > > > > > > dscl does not exist > > > > > > > > > debug: Puppet::Type::User::ProviderPw: file pw does not > exist > > > > > > > > > debug: Puppet::Type::User::ProviderUser_role_add: file > roledel > > > does > > > > > > > > > not exist > > > > > > > > > debug: Failed to load library 'ldap' for feature 'ldap' > > > > > > > > > debug: Puppet::Type::User::ProviderLdap: feature ldap is > > > missing > > > > > > > > > > > I don't see if port not opening has to do anything with > above > > > output. > > > > > > > > > The command runs but the port is not opening.Please help. > > > > > > > > > > -- > > > > > > > > You received this message because you are subscribed to the > > > Google > > > > > > Groups > > > > > > > > "Puppet Users" group. > > > > > > > > To post to this group, send email to > > > puppet-us...@googlegroups.com. > > > > > > > > To unsubscribe from this group, send email to > > > > > > > > puppet-users+unsubscr...@googlegroups.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > . > > > > > > > > For more options, visit this group at > > > > > > > >http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > -- > > > > > > You received this message because you are subscribed to the > Google > > > Groups > > > > > > "Puppet Users" group. > > > > > > To post to this group, send email to > puppet-us...@googlegroups.com. > > > > > > To unsubscribe from this group, send email to > > > > > > puppet-users+unsubscr...@googlegroups.com > > > > > > > > > > > > > > > > > . > > > > > > For more options, visit this group at > > > > > >http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com > > > > > > . > > > For more options, visit
