[Puppet Users] ssh_authorized_key loops when options is defined
Hi all,
I have no problem with creating ssh keys for users, but as soon as I
specify 'options', puppet keeps repeating and replacing the key with
an identical key.
I have written the various options in various formats, like one big
strings, as an array, with double quotes or single quotes, etc, etc
(see examples below), but the issue stays
as a string ...
@authorizedkey {
"userx_dss":
user => "userx",
type => "ssh-dss",
key => "...=",
options => 'from="server1.mydomain,server1,192.168.1.2",no-
port-forwarding,no-agent-forwarding',
}
as an array ...
@authorizedkey {
"userx_dss":
user => "userx",
type => "ssh-dss",
key => "...=",
options => [
"from=\"server1.mydomain,server1,192.168.1.2\"",
",no-port-forwarding",
",no-agent-forwarding",
];
}
When I run puppet (puppetd --test --noop), it reports the value has to
be changed from x to y. The problem is that x and y are identical and
even if I let puppet correct it, the next run it will report it again
notice: /Stage[init]/Authorizedkey::Userx/Authorizedkey[userx_dss]/
Ssh_authorized_key[userx_dss]/options: current_value
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding, should be
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding (noop)
The acual key (.ssh/authorized_keys) for userx works fine and looks
like this
from="server1.mydomain,server1,192.168.1.2",no-port-forwarding,no-
agent-forwarding ssh-dss ...= userx_dss
This looks to me like a bug where puppet does something weird as soon
as a comma is somewhere down the options line. If I put a single
option in there, puppet runs fine (and only once)
This works fine
options => "no-port-forwarding",
and this doesn't
options => "no-port-forwarding,no-agent-forwarding",
please advice
Regards,
Rene
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
BTW, the puppet version I use is 2.6.8 on Red Hat 5.6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key loops when options is defined
Hi,
On 05/13/2011 01:20 PM, rvlinden wrote:
> as an array ...
>
> @authorizedkey {
>"userx_dss":
> user => "userx",
> type => "ssh-dss",
> key => "...=",
> options => [
>"from=\"server1.mydomain,server1,192.168.1.2\"",
>",no-port-forwarding",
>",no-agent-forwarding",
> ];
> }
this is right, but you made a doo-doo: There is commas *in* your array
elements.
Works for me (but the commas need to go).
HTH,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable scoping / best practice
On 05/12/2011 05:59 PM, Luke Baker wrote:
> Hey there,
>
> I have the following class that defines an array:
>
> class iptables::hyperion {
> system_ips [
> 'ip',
> 'ip',
> 'ip',
> ...
> ]
> }
>
> To use this variable in a template, I'm setting it to a 'local'
> variable in the node definition:
>
> node 'mynode' inherits basenode {
> include iptables::hyperion
> $system_ips = $iptables::hyperion::system_ips
>
> class { iptables:
> fragments => [ 'hyperion.erb']
> }
> }
>
> I can then access and use $system_ips in a template for that node (in
> this case, 'hyperion.erb'). Does this fit a common pattern? I know
> that in a template you can use 'scope.lookupvar('var')'. Should I be
> using said function in the template to access
> $iptables::hyperion::system_ips, instead of reassigning it in the node
> definition?
>
Hi,
I try and wrap almost all templates in defines and make all variables
used by the template parameteres of those defines.
I don't need to care about scoping, I can sanely define default values
outside the template and I can document the set of required variables
( = mandatory parameters) easily.
Cheers,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix,
If I remove the comma's from the no-port and no-agent, like this
options => [
"from=\"server1.mydomain,server1,192.168.1.2\"",
"no-port-forwarding",
"no-agent-forwarding",
];
I get one big blob in my authorized_keys file
from="server1.mydomain,server1,192.168.1.2"no-port-forwardingno-agent-
forwarding ssh-dss ...= userx_dss
and it still loops due the comma's in the from="" to separate the
servernames and ip-addresses.
I don't see how I can remove the comma's without destroying the syntax
of the authorized_keys file
Regards,
Rene
On May 13, 1:29 pm, Felix Frank
wrote:
> Hi,
>
> On 05/13/2011 01:20 PM, rvlinden wrote:
>
> > as an array ...
>
> > @authorizedkey {
> > "userx_dss":
> > user => "userx",
> > type => "ssh-dss",
> > key => "...=",
> > options => [
> > "from=\"server1.mydomain,server1,192.168.1.2\"",
> > ",no-port-forwarding",
> > ",no-agent-forwarding",
> > ];
> > }
>
> this is right, but you made a doo-doo: There is commas *in* your array
> elements.
>
> Works for me (but the commas need to go).
>
> HTH,
> Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster and Passenger3
Hi All, Just had a question if Puppet2.6 works with the latest version of Phusion Passenger (3.0.7). My setup is running with version 2.2.11 of passenger. If yes, then are there any changes in Puppetmaster configuration to be done. Thanks, Kevin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: ssh_authorized_key loops when options is defined
On 05/13/2011 01:49 PM, rvlinden wrote:
> If I remove the comma's from the no-port and no-agent, like this
>
> options => [
>"from=\"server1.mydomain,server1,192.168.1.2\"",
>"no-port-forwarding",
>"no-agent-forwarding",
> ];
>
> I get one big blob in my authorized_keys file
Can you post your manifest (i.e. the resource in question) verbatim?
I just pasted this into a test manifest and it works perfectly fine with
2.6.8:
ssh_authorized_key {
"foobar":
user => "ffrank",
key => "abcdef",
options => [
"from=\"server1.mydomain,server1,192.168.1.2\"",
"no-port-forwarding",
"no-agent-forwarding",
],
type => "ssh-dss",
}
The entry is in my authorized_keys and puppet recognizes it. The commas
are present.
Regards,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key loops when options is defined
Felix,
I just found the problem. It was in the 'define' I had created.
Initially I just used a single string instead of an array and in the
define I had this
options => "${options}",
I just changed it into this
options => $options,
and now the various array elements are handled correctly.
The loop is gone and the authorized_keys file is perfect
Thanks for the eye-opener
This is my 'new' define for authorizedkey
define authorizedkey (
$ensure = "present",
$tag = "",
$type = "ssh-dss",
$key = "",
$options = "",
$user ) {
#
# Load subclasses
include authorizedkey::params
include authorizedkey::virtual
#
# ssh_authorized_key
ssh_authorized_key { "${name}":
ensure => "${ensure}",
type=> "${type}",
key => "${key}",
user=> "${user}",
} # End ssh_authorized_key
#
# Additional settings
if $options != "" {
Ssh_authorized_key["${name}"] {
options => $options,
} # End options
} # End if
} # End define setup
On May 13, 2:15 pm, Felix Frank
wrote:
> On 05/13/2011 01:49 PM, rvlinden wrote:
>
> > If I remove the comma's from the no-port and no-agent, like this
>
> > options => [
> > "from=\"server1.mydomain,server1,192.168.1.2\"",
> > "no-port-forwarding",
> > "no-agent-forwarding",
> > ];
>
> > I get one big blob in my authorized_keys file
>
> Can you post your manifest (i.e. the resource in question) verbatim?
>
> I just pasted this into a test manifest and it works perfectly fine with
> 2.6.8:
>
> ssh_authorized_key {
> "foobar":
> user => "ffrank",
> key => "abcdef",
> options => [
>
> "from=\"server1.mydomain,server1,192.168.1.2\"",
> "no-port-forwarding",
> "no-agent-forwarding",
> ],
> type => "ssh-dss",
>
> }
>
> The entry is in my authorized_keys and puppet recognizes it. The commas
> are present.
>
> Regards,
> Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/
On May 13, 1:25 am, Simon J Mudd wrote: > Hi, > > I have been trying to improve the coding of some of > my puppet recipes and had some trouble so wrote > this:http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/ > > Comments on the web seem to indicate that extlookup() solves "all > problems" but I don't really see that and hence have proposed a possible > way to keep the data closer together and make the extlookup() > behaviour more explicit and thus IMO clearer. > > What do you think? > > Simon -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: array being concatenated
Thank you very much Nigel. Changing the one line to:
create_assoc_symlinks { $assocs: }
made it work just as I wanted.
Thom
On May 12, 8:10 pm, Nigel Kersten wrote:
> On Thu, May 12, 2011 at 6:21 PM, tjmaszc wrote:
> > Having issues trying to create the same symlink for multiple web
> > sites. This is my class:
>
> > class assoc_symlinks {
> > $assocs=[ "asecs", "mgsa", "athe" ]
>
> > define create_assoc_symlinks() {
> > file {"/www/domains/${name}.press.jhu.edu/cgi-bin/
> > membership_directory.cgi":
> > ensure => symlink,
> > target => "/www/shared/cgi-bin/membership_directory.cgi",
> > owner => apache, group => apache, mode => 2775,
> > }
> > }
> > create_assoc_symlinks { "$assocs" }
>
> Don't quote thearray.
>
> If you do quote it, Puppet sees it as a string "['one', 'two']" rather
> than thearray["one", "two"].
>
>
>
>
>
>
>
>
>
> > }
>
> > Then I call it in my nodes.pp file as "include assoc_symlinks"
>
> > When I run puppet, it gives me this error:
> > hu May 12 14:14:57 -0400 2011 //Node[adv01jh]/
> > Assoc_symlinks[asecsmgsaathe]/File[/www/domains/
> > asecsmgsaathe.press.jhu.edu/cgi-bin/membership_directory.cgi]/ensure
> > (err): change from absent to link failed: Could not set link on
> > ensure: No such file or directory - /www/domains/
> > asecsmgsaathe.press.jhu.edu/cgi-bin at /etc/puppet/manifests/classes/
> > assoc_symlinks.pp:8
>
> > As you can see, it is combining my $assocsarrayinto one string,
> > instead of iterating through it as anarray.
> > Any suggestions would be great as I am relatively new and only been
> > using puppet for a month or 2 now.
>
> > Thanks,
> > Thom
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group
> > athttp://groups.google.com/group/puppet-users?hl=en.
>
> --
> Nigel Kersten
> Product, Puppet Labs
> @nigelkersten
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster and Passenger3
On May 13, 2011, at 5:13 AM, linuxbsdfreak wrote: > Hi All, > > Just had a question if Puppet2.6 works with the latest version of > Phusion Passenger (3.0.7). My setup is running with version 2.2.11 > of passenger. If yes, then are there any changes in Puppetmaster > configuration to be done. Well, I can attest that this set of gems does NOT work with puppet 2.6.1. I haven't retried it with 2.6.8 yet: passenger (3.0.7) rack (1.2.2) rails (3.0.7) rake (0.8.7) I tested this by installing ruby-enterprise-1.8.7-2011.03 from source, and it installed those gems. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Facter with a gem
Hi, Created a facter that require a gem. The gem is installed on all the servers involved. But when I trigger puppet I get an error in the log: Could not run Puppet configuration client: Could not retrieve local facts: no such file to load -- Is there a way to make puppet use/find the gem? Using Puppet 2.6.1 Regard, Patrik -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to rescue a dependency failure and try another one?
I am very new to puppet.
exec {"apt-update": }
exec {"install-local": }
service { "apache2":
require => Exec["apt-update"]
}
when apt repository has network errors, I wanna puppet do "install-local"
instead,
and make service apache2 run as normal, how can i do that?
Thank you in advance.
--
孫より
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter with a gem
On May 13, 2011, at 7:05 AM, patant wrote: > Hi, > > Created a facter that require a gem. The gem is installed on all the servers > involved. > But when I trigger puppet I get an error in the log: > Could not run Puppet configuration client: Could not retrieve local facts: no > such file to load -- > > Is there a way to make puppet use/find the gem? > > Using Puppet 2.6.1 Facter is run on the clients. Does installing that gem on the clients fix the error? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/
On May 13, 8:07 am, jcbollinger wrote: My apologies for the empty post. I agree that it is silly to suppose that extlookup() is a universal solution, but personally, I don't take that impression from web comments in the first place. In fact, Puppet Labs's own recently updated style guide recommends against using extlookup(), though that position is controversial. I also agree that for some sites, a richer / more powerful lookup feature might be needed. On the other hand, extlookup() is easy to set up and use, and it is powerful enough for most needs. If you need a more powerful data lookup function then you would be lucky to find a canned one that meets all your needs. Moreover, I disagree with several of the opinions and conclusions in your post: 1) You write: "The extlookup() functionality only allows [... specifying implicitly ...] where to look for this value." That is false. Extlookup does provide for configuration of a standard set of CSV files to search (which can be parameterized by nodes' facts), but the function also has an optional parameter to specify a specific file to be searched first on any given invocation. 2) You would prefer looking up data via a compound key (config_item, lookup_value) rather than via a simple key (config_item). You rightly observe that this would sometimes allow fewer files to be used than are needed in the current implementation, because different values for the same item could be distinguished by the "lookup_value" instead of by the file in which they reside. The trade-off, however, is that every lookup is more expensive, because on average the function would need to read more lines, and to perform a more complex analysis on each one. In your blog you suggest a DB backend, but that's not really relevant because by that point you have a completely different function than extlookup(). And even a DB performs multi-key queries slower than single-key searches. 3) You argue that your suggested formulation of extlookup would be "clearer as the configuration is more explicit then the current extlookup() definition." I think you're missing the point. It would indeed be clearer from which file the data would come, but the objective of extlookup is to separate the *definition* of the data as much as possible from the *use* of the data. And I like that. I prefer that my manifests _not_ specify a bunch of details to every extlookup() call, because that would obscure the details that are important at the manifest level. 4) You seem to want to use an arbitrary-length list of values as your lookup key, but I don't see how that can work while retaining the apparent objective of reducing the number of data files that must be associated with your configuration and retaining the use of CSV. 5) You write "Using the current (puppet 2.6) mechanism would require me, if I understand it correctly, to configure different .csv files to be searched for each 'configuration parameter'." Perhaps, but I think that's a bit of a straw man in that you are supposing a usage mode for extlookup that isn't well attuned to its design. Although it can support them, extlookup is not designed for data domains that are parameterized along many different dimensions. More to the point, such extensive parameterization is rarely needed in practice. 6) You write "I may also need in several places to override the $extlookup_precedence. In any case this can’t be overridden several times within the same module which is what I would need if I want to lookup different variables." I don't follow. In the first place, you can always use extlookup's third parameter to specify a particular file to check first. In the second place, your data are not well- defined if it seems to make sense to alter the lookup precedence of files that are already in the search path. Let me not be taken as an extlookup() zealot. I do like the design as it is, but that doesn't mean it is ideal -- or even good -- for every purpose. One of the advantages of Puppet, however, is that it is fairly easy to modify and extend. If you would like an alternative lookup facility then by all means, write one. If you are community- minded then you could consider sharing it; the Puppet Forge (http:// forge.puppetlabs.com/) makes it easy to do that. You may also be interested in some of the extlookup() author's comments about it (http://www.devco.net/archives/2009/08/31/ complex_data_and_puppet.php). He hangs out here, so you may also hear from him directly. Best, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/
- Original Message - > > Let me not be taken as an extlookup() zealot. I do like the design > as it is, but that doesn't mean it is ideal -- or even good -- for every > purpose. One of the advantages of Puppet, however, is that it is > fairly easy to modify and extend. If you would like an alternative > lookup facility then by all means, write one. If you are community- > minded then you could consider sharing it; the Puppet Forge (http:// > forge.puppetlabs.com/) makes it easy to do that. > > You may also be interested in some of the extlookup() author's > comments about it (http://www.devco.net/archives/2009/08/31/ > complex_data_and_puppet.php). He hangs out here, so you may also > hear from him directly. > So extlookup wasnt written as a be-all and end-all of data sources. I recognized we want data and code separation and of course I could write an ENC but I also recognized that I could do something generic that would solve a large % of cases for people to push out the point at which they need an ENC a bit later or in many cases entirely. I hoped I could solve it in a way that adds some value like make it easier to write configurable modules and to do so in a way that people without programming backgrounds can grasp and use and make their manifests a bit better. With this in mind I wrote extlookup aiming to solve the most common problems. I am not against ENCs I think big/complex shops absolutely must have them and I think a lot of the extlookup bashers missed this point - if you are big enough or complex enough where extlookup doesnt work for you then you've probably reached a legitimate point where investing time in writing an ENC is time well spent. And you're also not any more the the target audience extlookup was created for. You should though just look at extlookups code, its extremely simple and easy to understand (especially since Jesse rewrote my ancient crappy code) and this should let you hack up solutions that solves your problems. Puppet is a framework, its very hackable, its easy to write functions and types, easy to copy them out to all your servers and make it work in new and interesting ways. So I totally encourage you to use extlookup as a example and solve the problem in your own way or even to evaluate writing your own ENC. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] report time determined by client not server?
Howdy, I've just built a VM where the system clock was 2 hours off. Part of the puppet manifest is to get NTP going, so the system itself takes care of itself OK. However I just noticed on Dashboard that the report listed for the build phase was also two hours off. As such I'm given to assume that the official report time is actually taken from the client and not the puppet master? To me, this makes no sense, and must surely be a bug. Why would you ever want to trust a time stamp from the client instead of just using your own time as you receive the report? Now the new VM has the correct time, the new reports are listed as older as the build phase ones etc... Thanks Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: multiple resources overrides
On May 12, 1:32 pm, Nick Fagerlund wrote: > On May 12, 11:32 am, Nick Fagerlund > wrote: > > > You can read more about the design here... > > Wow, self, way to not post that link. > > http://projects.puppetlabs.com/issues/6911 Thanks, Nick. What I take from that is that resources that do not otherwise have a relative order defined (directly or indirectly, explicitly or implicitly) will be ordered by an unpredictable but deterministic and consistent function of their titles. Does that about sum it up? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Facter with a gem
On 05/13/2011 07:55 AM, Patrick wrote: Facter is run on the clients. Does installing that gem on the clients fix the error? Also, "require 'rubygems'" on the top of the file where you define your facter. -- Pietro Monteiro Senior Developer DECK Monitoring 115 W 8th Ave. Eugene, Oregon 97401 Office: 541-343-0110 www.deckmonitoring.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Should this call generate an error?
I converted a set of classes from include/scope to use the parameterized
syntax yesterday, and I ran into an odd behavior that might be considered a
bug. I defined a class somewhat like this but more complex:
class vmware ( $pkg_list) {
package { $pkg_list:
ensure => "installed",
provider => "yum",
require => Yumrepo["vmtools","vmtools-updates"],
} # package
} # class vmware
And then called it like so:
class {'vmware':
pkg_list => ['vmware-tools'],
yumPatchDate => $yumPatchDate,
}
I ran this on the client and it did... nothing. I almost generated an
e-mail to this list about it but after pasting the example into the e-mail I
realized my obvious error. I removed the extra parameter from the call and
then it worked fine. My question is should this kind of mistake generate an
error? Given that no class 'vmware' is defined that accepts two parameters
I would expect so. Instead it just silently fails. I'm using Puppet 2.6.6
from EPEL so it's also possible that this has been fixed upstream somewhere
and I'm just not aware of it. It's also possible that there's some
syntactical reason why there's no error, some way this could be valid if I
was using a special feature or code pattern. Does this issue ring a bell
for anybody?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/
Are there some sample codes for ENC for complex environments? You mentioned before to code ENC would need a lot of efforts, it would be nice if there are some sample codes for reference .. On 5/13/11, R.I.Pienaar wrote: > > > - Original Message - > >> >> Let me not be taken as an extlookup() zealot. I do like the design >> as it is, but that doesn't mean it is ideal -- or even good -- for every >> purpose. One of the advantages of Puppet, however, is that it is >> fairly easy to modify and extend. If you would like an alternative >> lookup facility then by all means, write one. If you are community- >> minded then you could consider sharing it; the Puppet Forge (http:// >> forge.puppetlabs.com/) makes it easy to do that. >> >> You may also be interested in some of the extlookup() author's >> comments about it (http://www.devco.net/archives/2009/08/31/ >> complex_data_and_puppet.php). He hangs out here, so you may also >> hear from him directly. >> > > So extlookup wasnt written as a be-all and end-all of data sources. > > I recognized we want data and code separation and of course I could write > an ENC but I also recognized that I could do something generic that would > solve a large % of cases for people to push out the point at which they > need an ENC a bit later or in many cases entirely. I hoped I could solve > it in a way that adds some value like make it easier to write configurable > modules and to do so in a way that people without programming backgrounds > can grasp and use and make their manifests a bit better. > > With this in mind I wrote extlookup aiming to solve the most common > problems. > > I am not against ENCs I think big/complex shops absolutely must have them > and I > think a lot of the extlookup bashers missed this point - if you are big > enough or complex enough where extlookup doesnt work for you then you've > probably reached a legitimate point where investing time in writing an > ENC is time well spent. And you're also not any more the the target > audience > extlookup was created for. > > You should though just look at extlookups code, its extremely simple and > easy > to understand (especially since Jesse rewrote my ancient crappy code) and > this > should let you hack up solutions that solves your problems. > > Puppet is a framework, its very hackable, its easy to write functions and > types, > easy to copy them out to all your servers and make it work in new and > interesting > ways. So I totally encourage you to use extlookup as a example and solve > the > problem in your own way or even to evaluate writing your own ENC. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Sent from my mobile device -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Thoughts about extlookup: http://blog.wl0.org/2011/05/thoughts-about-extlookup-in-puppet/
- Original Message - > Are there some sample codes for ENC for complex environments? You > mentioned before to code ENC would need a lot of efforts, it would be > nice if there are some sample codes for reference .. writing an ENC isnt hard, writing one thats generic, has a nice UI and fits the need of a lot of people is really hard. Tools like Foreman and Puppet Dashboards are both good examples that have been under development for years and still progress is being made. Dan Bode has some good example of ones that are purely YAML based and there are a few other ones around if you search - but mostly people have special needs and write their own I think. > > On 5/13/11, R.I.Pienaar wrote: > > > > > > - Original Message - > > > >> > >> Let me not be taken as an extlookup() zealot. I do like the > >> design > >> as it is, but that doesn't mean it is ideal -- or even good -- for > >> every > >> purpose. One of the advantages of Puppet, however, is that it is > >> fairly easy to modify and extend. If you would like an > >> alternative > >> lookup facility then by all means, write one. If you are > >> community- > >> minded then you could consider sharing it; the Puppet Forge > >> (http:// > >> forge.puppetlabs.com/) makes it easy to do that. > >> > >> You may also be interested in some of the extlookup() author's > >> comments about it (http://www.devco.net/archives/2009/08/31/ > >> complex_data_and_puppet.php). He hangs out here, so you may also > >> hear from him directly. > >> > > > > So extlookup wasnt written as a be-all and end-all of data sources. > > > > I recognized we want data and code separation and of course I could > > write > > an ENC but I also recognized that I could do something generic that > > would > > solve a large % of cases for people to push out the point at which > > they > > need an ENC a bit later or in many cases entirely. I hoped I could > > solve > > it in a way that adds some value like make it easier to write > > configurable > > modules and to do so in a way that people without programming > > backgrounds > > can grasp and use and make their manifests a bit better. > > > > With this in mind I wrote extlookup aiming to solve the most common > > problems. > > > > I am not against ENCs I think big/complex shops absolutely must > > have them > > and I > > think a lot of the extlookup bashers missed this point - if you are > > big > > enough or complex enough where extlookup doesnt work for you then > > you've > > probably reached a legitimate point where investing time in writing > > an > > ENC is time well spent. And you're also not any more the the > > target > > audience > > extlookup was created for. > > > > You should though just look at extlookups code, its extremely > > simple and > > easy > > to understand (especially since Jesse rewrote my ancient crappy > > code) and > > this > > should let you hack up solutions that solves your problems. > > > > Puppet is a framework, its very hackable, its easy to write > > functions and > > types, > > easy to copy them out to all your servers and make it work in new > > and > > interesting > > ways. So I totally encourage you to use extlookup as a example and > > solve > > the > > problem in your own way or even to evaluate writing your own ENC. > > > > -- > > You received this message because you are subscribed to the Google > > Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > Sent from my mobile device > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] report time determined by client not server?
On May 13, 2011, at 8:36 AM, Chris Phillips wrote: > Why would you ever want to trust a time stamp from the client instead of just > using your own time as you receive the report? In my case, when I run the import rake task, it imports stored reports that might be old. This means that the time the report is imported into the server is wrong and the time inside the report is correct. I also hope that someday puppet will have a system that can automatically queue reports that can't be sent and automatically send them later, though I'll admit I haven't even cared enough to file a bug report. If this happens, you'd again want to trust the client's time instead of the server's time. If the system clock was wrong, I'm surprised SSL worked. If the timezone was different, I'd suggest filing a bug report related to puppet not using the timezone properly. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] report time determined by client not server?
On Fri, May 13, 2011 at 6:36 PM, Chris Phillips wrote: > Howdy, > > I've just built a VM where the system clock was 2 hours off. Part of the > puppet manifest is to get NTP going, so the system itself takes care of > itself OK. However I just noticed on Dashboard that the report listed for > the build phase was also two hours off. As such I'm given to assume that the > official report time is actually taken from the client and not the puppet > master? To me, this makes no sense, and must surely be a bug. Why would you > ever want to trust a time stamp from the client instead of just using your > own time as you receive the report? Now the new VM has the correct time, the > new reports are listed as older as the build phase ones etc... > yeah, I've noticed that in foreman too, and we keep both report creation time, and the client time, if they are off, we actually display a message telling the user that the time is not in sync. Ohad > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] any behavior difference about 8139 and 8140 remotely?
Hi all, I am new to Puppet. I only know that by default puppet master will listen on 8140. and puppet agent with --listen true will accept on 8139. But using openssl and send some http request, the result looks the same. For example, # openssl s_client -connect 192.168.218.184:8139 ... GET / HTTP/1.0 HTTP/1.1 400 The environment must be purely alphanumeric, not '' Connection: close Content-Type: text/plain Date: Fri, 13 May 2011 17:47:03 GMT Server: WEBrick/1.3.1 (Ruby/1.8.7/2010-06-23) OpenSSL/0.9.8o Content-Length: 51 same response will be returned for port 8140. My question is: is there any request I can send, then the response from it can tell me the target is a mater or agent? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] report time determined by client not server?
On 13 May 2011 18:46, Patrick wrote: > > On May 13, 2011, at 8:36 AM, Chris Phillips wrote: > > > Why would you ever want to trust a time stamp from the client instead of > just using your own time as you receive the report? > > In my case, when I run the import rake task, it imports stored reports that > might be old. This means that the time the report is imported into the > server is wrong and the time inside the report is correct. I also hope that > someday puppet will have a system that can automatically queue reports that > can't be sent and automatically send them later, though I'll admit I haven't > even cared enough to file a bug report. If this happens, you'd again want > to trust the client's time instead of the server's time. > > > If the system clock was wrong, I'm surprised SSL worked. > well the certs already existed, so there was no chance of a Valid Before issue. > > If the timezone was different, I'd suggest filing a bug report related to > puppet not using the timezone properly. The root cause... well... root reason... is timezone related, utc vs system clock on the ESX host, however whilst there is wonky stuff, this is not a scenario where it could be said that that should be fixed and Puppet shouldn't be blamed. I had a report on Dashboard dated "2011-05-13 18:05 BST" when it was actually run at 16:05 BST. Once NTP settles down it's a non issue. So Bug it is, just wanted a little feedback before I logged it. Thanks Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard on Freebsd 8.2
On 05/12/2011 07:37 PM, Panaman wrote: > Is anyone running the puppet dashboard on freebsd 8.2 > I am kinda a newb to freebsd but managed to get puppet installed with > apache and mysql. But I haven't actually figured out how to get the > dashboard to install. > I have it running on FreeBSD 8.x. Hint: don't use ports to install ruby dependencies for anything having to do with rails. Use gem to install all of them. -- Russell A Jackson Network Analyst California State University, Bakersfield -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster and Passenger3
What would your recommended versions be or what are the ones that you are presently successful with? Can you list your configured stack? I'm currently on Puppet 2.6.4 but could back down if necessary. I have not been successful with getting Passenger (3.0.7) working with Puppet. Thanks, John On May 13, 10:27 am, Patrick wrote: > On May 13, 2011, at 5:13 AM, linuxbsdfreak wrote: > > > Hi All, > > > Just had a question if Puppet2.6 works with the latest version of > > Phusion Passenger (3.0.7). My setup is running with version 2.2.11 > > of passenger. If yes, then are there any changes in Puppetmaster > > configuration to be done. > > Well, I can attest that this set of gems does NOT work with puppet 2.6.1. I > haven't retried it with 2.6.8 yet: > passenger (3.0.7) > rack (1.2.2) > rails (3.0.7) > rake (0.8.7) > > I tested this by installing ruby-enterprise-1.8.7-2011.03 from source, and it > installed those gems. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppetmaster and Passenger3
Here at Vanderbilt we use: passenger (2.2.11) rack (1.0.1) rails (2.3.5) rake (0.8.7) rubygems-update (1.7.2) Server version: Apache/2.2.3 ~Charles~ On Fri, May 13, 2011 at 3:30 PM, PBWebGuy wrote: > What would your recommended versions be or what are the ones that you > are presently successful with? Can you list your configured stack? > > I'm currently on Puppet 2.6.4 but could back down if necessary. I > have not been successful with getting Passenger (3.0.7) working with > Puppet. > > Thanks, > > John > > On May 13, 10:27 am, Patrick wrote: > > On May 13, 2011, at 5:13 AM, linuxbsdfreak wrote: > > > > > Hi All, > > > > > Just had a question if Puppet2.6 works with the latest version of > > > Phusion Passenger (3.0.7). My setup is running with version 2.2.11 > > > of passenger. If yes, then are there any changes in Puppetmaster > > > configuration to be done. > > > > Well, I can attest that this set of gems does NOT work with puppet 2.6.1. > I haven't retried it with 2.6.8 yet: > > passenger (3.0.7) > > rack (1.2.2) > > rails (3.0.7) > > rake (0.8.7) > > > > I tested this by installing ruby-enterprise-1.8.7-2011.03 from source, > and it installed those gems. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Security of Puppet ACLs..
It's from hostid command. How exactly is it generated I really don't know their info page is a bit vague. -- For example, here's what it prints on one system I use: $ hostid 1bac013d On that system, the 32-bit quantity happens to be closely related to the system's Internet address, but that isn't always the case. An exit status of zero indicates success, and a nonzero value indicates failure. - You could always generate your own md5 number from your own specifications for a custom facter variable. It won't be easy for you to reference the files though. Security via obscurity isn't the best way, but it's better than what's place now. Puppet assumes all hosts are 'friendly' -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ubuntu package installs
hello puppet list
My puppet server is now working quite wonderfully. Thanks go out to
all who have assisted in getting it to this point. At this point in
time my config is now correctly installing packages according to
arch,os and release. Centos is working quite well as of now, but I am
attempting to get the ubuntu side of things to work as well. I am
frankly more familiar with RHEL under puppet than ubuntu.
Anywho, I was wondering if I could get an opinion on the following
situation. Ultimately the challenge I currently face is in how to
install the _same_ version of the amanda backup client (3.1.2) across
the board for all centos and ubuntu machines. There are currently no
repositories (on either side) that I know of that install this
particular version. As such I must download the software from the
amanda site. rpm handles this quite well on the RHEL side of things,
however it appears that dpkg does not download from URLs.
Can I have an opinion on the best way to go about this? This is what
I have tried:
## puppet error ubuntu
root@chrome-fs:~# puppetd -t
info: Retrieving plugins
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: No specified source was found from puppet://puppet/plugins
info: Caching catalog at /var/lib/puppet/state/localconfig.yaml
notice: Starting catalog run
err: /Stage[main]/Ubuntu::Amanda/Package[amanda-backup_client]/ensure:
change from purged to present failed: Execution of '/usr/bin/dpkg
--force-confold -i
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb'
returned 1: dpkg: error processing
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb
(--install):
cannot access archive: No such file or directory
Errors were encountered while processing:
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb
notice: Finished catalog run in 0.46 seconds
## ubuntu class
class ubuntu {
class amanda {
case $architecture {
'x86_64': {
case $lsbdistcodename {
jaunty: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
lucid: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
hardy: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-8.04/amanda-backup-client_3.2.1-1Ubuntu804_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
}
}
'i386': {
case $lsbdistcodename {
jaunty: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
lucid: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
hardy: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-8.04/amanda-backup-client_3.2.1-1Ubuntu804_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
}
}
}
}
}
## base node template
node basenode {
case $operatingsystem {
centos: { include centos include centos::amanda }
ubuntu: { include ubuntu include ubuntu::amanda }
# debian: { include debian }
}
}
## node definition
node 'puppet.example.net' inherits default {
}
Thank you greatly in advance!
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google
Re: [Puppet Users] Re: Puppetmaster and Passenger3
On Fri, May 13, 2011 at 4:30 PM, PBWebGuy wrote: > What would your recommended versions be or what are the ones that you > are presently successful with? Can you list your configured stack? http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger#Dependency-versions -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppetmaster and Passenger3
This set came with ruby-enterprise-1.8.7-2010.02:
passenger (2.2.15)
rack (1.0.1)
rails (2.3.8)
rake (0.8.7)
This was worked for me with puppet 2.6.8 and 2.6.1.
Note: When I install puppet using pkg files and RubyEE from source, I needed to
add this to my config.ru:
$:.unshift('/usr/lib/ruby/1.8')
If you're using a debian based distro I can give more information aimed at that.
On May 13, 2011, at 1:30 PM, PBWebGuy wrote:
> What would your recommended versions be or what are the ones that you
> are presently successful with? Can you list your configured stack?
>
> I'm currently on Puppet 2.6.4 but could back down if necessary. I
> have not been successful with getting Passenger (3.0.7) working with
> Puppet.
>
> Thanks,
>
> John
>
> On May 13, 10:27 am, Patrick wrote:
>> On May 13, 2011, at 5:13 AM, linuxbsdfreak wrote:
>>
>>> Hi All,
>>
>>> Just had a question if Puppet2.6 works with the latest version of
>>> Phusion Passenger (3.0.7). My setup is running with version 2.2.11
>>> of passenger. If yes, then are there any changes in Puppetmaster
>>> configuration to be done.
>>
>> Well, I can attest that this set of gems does NOT work with puppet 2.6.1. I
>> haven't retried it with 2.6.8 yet:
>> passenger (3.0.7)
>> rack (1.2.2)
>> rails (3.0.7)
>> rake (0.8.7)
>>
>> I tested this by installing ruby-enterprise-1.8.7-2011.03 from source, and
>> it installed those gems.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet resource for group
Hi,
Why doesn't puppet resource group tell me who belongs to the group?
Given the group such as:
mg_team:x:501:smruph, cosman, msmith, mhankey
With the command:
puppet resource group mg_team
only returns:
group { 'mg_team':
gid => '501',
ensure => 'present'
}
I was expecting:
group { 'mg_team':
gid => '501',
ensure => 'present'
members => ['smruph', 'cosman', 'msmith', 'mhankey'],
}
Am I missing a parameter or something?
Corey
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ubuntu package installs
It would be convenient if you could download from a debian repository
that has the packages you want. The logical place to find that
is somewhere under the control of the Amanda people,
but they don't seem to have that set up. The debian backports
site doesn't have the version you are interested in, either.
Too bad.
Best thing you can do, then, is set up a local repository.
--
vagn
On 05/13/2011 04:50 PM, Tim Dunphy wrote:
hello puppet list
My puppet server is now working quite wonderfully. Thanks go out to
all who have assisted in getting it to this point. At this point in
time my config is now correctly installing packages according to
arch,os and release. Centos is working quite well as of now, but I am
attempting to get the ubuntu side of things to work as well. I am
frankly more familiar with RHEL under puppet than ubuntu.
Anywho, I was wondering if I could get an opinion on the following
situation. Ultimately the challenge I currently face is in how to
install the _same_ version of the amanda backup client (3.1.2) across
the board for all centos and ubuntu machines. There are currently no
repositories (on either side) that I know of that install this
particular version. As such I must download the software from the
amanda site. rpm handles this quite well on the RHEL side of things,
however it appears that dpkg does not download from URLs.
Can I have an opinion on the best way to go about this? This is what
I have tried:
## puppet error ubuntu
root@chrome-fs:~# puppetd -t
info: Retrieving plugins
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
resource: No specified source was found from puppet://puppet/plugins
info: Caching catalog at /var/lib/puppet/state/localconfig.yaml
notice: Starting catalog run
err: /Stage[main]/Ubuntu::Amanda/Package[amanda-backup_client]/ensure:
change from purged to present failed: Execution of '/usr/bin/dpkg
--force-confold -i
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb'
returned 1: dpkg: error processing
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb
(--install):
cannot access archive: No such file or directory
Errors were encountered while processing:
http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb
notice: Finished catalog run in 0.46 seconds
## ubuntu class
class ubuntu {
class amanda {
case $architecture {
'x86_64': {
case $lsbdistcodename {
jaunty: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
lucid: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
hardy: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-8.04/amanda-backup-client_3.2.1-1Ubuntu804_amd64.deb";,
provider => dpkg,
ensure => installed,
}
}
}
}
'i386': {
case $lsbdistcodename {
jaunty: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
lucid: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-9.04/amanda-backup-client_3.2.1-1Ubuntu904_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
hardy: {
package { "amanda-backup_client":
source =>
"http://www.zmanda.com/downloads/community/Amanda/3.2.1/Ubuntu-8.04/amanda-backup-client_3.2.1-1Ubuntu804_i386.deb";,
provider => dpkg,
ensure => installed,
}
}
}
}
}
}
}
## base node template
node basenode {
case $operatingsystem {
centos: { include centos include centos::amanda }
ubuntu: { include ubuntu include ubuntu::amanda }
# debian: { include debian }
}
Re: [Puppet Users] puppet resource for group
On Fri, May 13, 2011 at 4:20 PM, Corey Osman wrote:
> Hi,
> Why doesn't puppet resource group tell me who belongs to the group?
> Given the group such as:
> mg_team:x:501:smruph, cosman, msmith, mhankey
> With the command:
> puppet resource group mg_team
> only returns:
> group { 'mg_team':
> gid => '501',
> ensure => 'present'
> }
> I was expecting:
> group { 'mg_team':
> gid => '501',
> ensure => 'present'
> members => ['smruph', 'cosman', 'msmith', 'mhankey'],
> }
>
> Am I missing a parameter or something?
Manage member is limited to specific providers:
http://docs.puppetlabs.com/references/latest/type.html#group-2
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to rescue a dependency failure and try another one?
On Fri, May 13, 2011 at 3:59 AM, 孫 顥 wrote:
>
> I am very new to puppet.
> exec {"apt-update": }
> exec {"install-local": }
> service { "apache2":
> require => Exec["apt-update"]
> }
> when apt repository has network errors, I wanna puppet do "install-local"
> instead,
> and make service apache2 run as normal, how can i do that?
Puppet can't conditionally execute commands, but you can abuse ||:
exec { "apt_or_install"
command => "apt-update || install-local",
}
service { "apache2":
require => Exec["apt_or_install"],
}
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to rescue a dependency failure and try another one?
Hi, I love this idea.
Thank you.
2011/5/14 Nan Liu
> On Fri, May 13, 2011 at 3:59 AM, 孫 顥 wrote:
> >
> > I am very new to puppet.
> > exec {"apt-update": }
> > exec {"install-local": }
> > service { "apache2":
> > require => Exec["apt-update"]
> > }
> > when apt repository has network errors, I wanna puppet do "install-local"
> > instead,
> > and make service apache2 run as normal, how can i do that?
>
> Puppet can't conditionally execute commands, but you can abuse ||:
>
> exec { "apt_or_install"
> command => "apt-update || install-local",
> }
> service { "apache2":
> require => Exec["apt_or_install"],
> }
>
> Thanks,
>
> Nan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
孫より
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet resource for group
On Fri, May 13, 2011 at 11:41 PM, Nan Liu wrote:
> On Fri, May 13, 2011 at 4:20 PM, Corey Osman wrote:
>> Hi,
>> Why doesn't puppet resource group tell me who belongs to the group?
>> Given the group such as:
>> mg_team:x:501:smruph, cosman, msmith, mhankey
>> With the command:
>> puppet resource group mg_team
>> only returns:
>> group { 'mg_team':
>> gid => '501',
>> ensure => 'present'
>> }
>> I was expecting:
>> group { 'mg_team':
>> gid => '501',
>> ensure => 'present'
>> members => ['smruph', 'cosman', 'msmith', 'mhankey'],
>> }
>>
>> Am I missing a parameter or something?
>
> Manage member is limited to specific providers:
> http://docs.puppetlabs.com/references/latest/type.html#group-2
I feel we've produced inconsistencies here, and given I added the
group membership support for OS X, it's largely my fault :)
We've too closely modelled the tools for managing users/groups on
various platforms, and I actually feel like we should break group
membership out into a separate type, so it's easier to express
semantics like:
* ensure nigel is not a member of group admin, leave group alone otherwise
* ensure nigel is a member of group admin, leave group alone otherwise
without requiring that the user nigel or group admin are even managed by Puppet.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Should this call generate an error?
On Fri, May 13, 2011 at 11:01 AM, Aaron Grewell wrote:
> I converted a set of classes from include/scope to use the parameterized
> syntax yesterday, and I ran into an odd behavior that might be considered a
> bug. I defined a class somewhat like this but more complex:
>
> class vmware ( $pkg_list) {
> package { $pkg_list:
> ensure => "installed",
> provider => "yum",
> require => Yumrepo["vmtools","vmtools-updates"],
> } # package
> } # class vmware
>
> And then called it like so:
>
> class {'vmware':
> pkg_list => ['vmware-tools'],
> yumPatchDate => $yumPatchDate,
> }
>
> I ran this on the client and it did... nothing. I almost generated an
> e-mail to this list about it but after pasting the example into the e-mail I
> realized my obvious error. I removed the extra parameter from the call and
> then it worked fine. My question is should this kind of mistake generate an
> error? Given that no class 'vmware' is defined that accepts two parameters
> I would expect so. Instead it just silently fails. I'm using Puppet 2.6.6
> from EPEL so it's also possible that this has been fixed upstream somewhere
> and I'm just not aware of it. It's also possible that there's some
> syntactical reason why there's no error, some way this could be valid if I
> was using a special feature or code pattern. Does this issue ring a bell
> for anybody?
>
Nope, it should generate invalid parameter error. I was not able to
reproduce in 2.6.8 or 2.6.6, both generated the appropriate error:
Invalid parameter yumPatchDate at ...
You probably have another implementation of this define supporting
this parameter that's getting autoloaded,
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] So, clientconfigs.sqlite3 is pretty big
I only have like 15 hosts, and the only stuff I'm aware that I'm saving via <<| |>>/@@ is ssh keys. It's > 600 MiB. That seems really large? Should I just delete it every once in a while? -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Extra field in generated cron?
So on one of my hosts but not at least one other, I'm getting this:
[root@beta01 /]# sudo puppetd -tv
info: Caching catalog for beta01.c44031.blueboxgrid.com
info: /Stage[main]/Ruby/Tidy[/etc/profile.d/rvm.sh]: File does not exist
info: Applying configuration version '1305353595'
notice: /Stage[main]/Puppet/Cron[puppet run cron]/ensure: created
"-":6: bad hour
errors in crontab file, can't install.
Which is odd. They're both running centos packages for puppet 0.25.5-1.el5
I couldn't figure it out, so I ran strace, and found this:
[pid 1872] write(3, "# HEADER: This file was autogenerated at Fri May 13
22:50:02 -0700 2011 by puppet.\n# HEADER: While it can still be managed
manually, it is definitely not recommended.\n# HEADER: Note particularly that
the comments starting with 'Puppet Name' should\n# HEADER: not be deleted, as
doing so could cause duplicate cron jobs.\n# Puppet Name: puppet run cron\n* 1
1 * * * foo\n", 366) = 366
Which is equivalent to:
# HEADER: This file was autogenerated at Fri May 13 22:50:02 -0700 2011 by
puppet.
# HEADER: While it can still be managed manually, it is definitely not
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name' should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: puppet run cron
* 1 1 * * * foo
That's one too many fields.
Not that it should matter, but the cron was *very* simple by that
time:
cron { 'puppet run cron':
command => "foo",
user => root,
hour => 1,
minute => 1,
}
What's going on?
-Robin
--
http://singinst.org/ : Our last, best hope for a fantastic future.
Lojban (http://www.lojban.org/): The language in which "this parrot
is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
is "na nei". My personal page: http://www.digitalkingdom.org/rlp/
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
