[Puppet Users] Re: Dashboard rhel5 problems

2011-08-21 Thread Stefan Heijmans 
Which version of dashboard are you running, 1.2x?
I'm running puppet 2.6.6 (from EPEL5) and dashboard 1.1.1 with
passenger 3.0.8 on RHEL 5.6 with ruby 1.8.5.

You could try this ruby 1.8.7 package from 
http://rpm.aegisco.com/aegisco/rhel/5Server/x86_64/
They are Allowed Contributors to Chef


On Aug 15, 6:05 pm, Marek Dohojda  wrote:
> So I moved further.  The issue is ruby version.  Dashboard passenger ruby
> apparently wants to be above version 1.8.5, which is the default version for
> RHEL5.  This likely would not have been an issue if I haven't already
> upgrade puppet to 2.6.6 and thereby loaded new passenger.
> I will see if there is anything I can do without upgrading Ruby, since I
> prefer to stay consistent with the versions present due to further patching
> considerations.
>
>
>
>
>
>
>
> On Fri, Aug 12, 2011 at 3:07 PM, Craig White  wrote:
>
> > On Aug 12, 2011, at 1:13 PM, Marek Dohojda wrote:
>
> > > Hello
>
> > > I have a running puppet and passenger (2.6.8) running on RHEL5.  I
> > installed dashboard and configured it, and all that is working as well.
> >  However I don't want to run webrick I want to put dashboard under passenger
> > with apache.
>
> > > I have done the conf change to add virtual host, and changed it to run
> > under port 3000 (as default).
>
> > > Everything start correctly, but that's as far as I can get.  When I go to
> > the server port 3000 I get default apache web page (due to there not being
> > index.html nor any app running).  I followed another instructions which said
> > to add this for RHEL:
>
> > >     SetEnv RAILS_ENV production
> > >        RackBaseURI /
>
> > > This allowed me to get ruby error screen instead of default apache test
> > page.  However I go an error "file not found" config.ru.  I copied
> > config.ru to /usr/share/puppet-dashboard/ from (
> > > /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru)
> > which was only place I found config.ru within dashboard.
> > > Now I am getting following:
> > >  Exception NoMethodError in PhusionPassenger::Rack::ApplicationSpawner
> > (undefined method `requirement' for #)
> > (process 24074):
>
> > > And at this point I am stuck.  I bet I am missing something probably
> > simple but I can't figure out what.
>
> > > I am including my conf for passanger below:
> > > PassengerHighPerformance on
> > > PassengerMaxPoolSize 12
> > > PassengerPoolIdleTime 1500
> > > # PassengerMaxRequests 1000
> > > PassengerStatThrottleRate 120
> > > RailsAutoDetect On
> > 
> > I've got the above lines inside my  declaration
>
> > I also have
> > PassengerUseGlobalQueue on
> > 
> > > Listen 3000
> > > 
> > >         ServerName 
> > >         DocumentRoot /usr/share/puppet-dashboard/public/
> > >         SetEnv RAILS_ENV production
> > >         RackBaseURI /
> > >         
> > >                 Options None
> > >                 AllowOverride AuthConfig
> > >                 Order allow,deny
> > >                 allow from all
> > 
> > I have
> > Options -Multiviews
> > here inside the  declaration
> > 
> > >         
> > >   ErrorLog /var/log/httpd/dashboard_error.log
> > >   LogLevel warn
> > >   CustomLog /var/log/httpd/dashboard_access.log combined
> > >   ServerSignature On
> > > 
>
> > > I hope someone can point me in the right direction.
> > > Thank you!
> > 
> > not sure but this may help
>
> > Craig
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: how to create directory recursively (if parents not present)?

2011-08-21 Thread Matthias Saou 
Sans  wrote:

> Thanks Matthias! I noticed the semicolon typo.
> What does ${::hostname}-cert.pem implicate (as opposed to ${hostname}-
> cert.pem)?

It just makes explicit that it's a variable from the global scope (as
it's a fact) and not from the current local scope.

Check out recent puppet docs related to the changes going into 2.7 and
soon 2.8.

Matthias

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] dashboard 1.1.1 with filebucket doesn't show contents of the new file

2011-08-21 Thread Stefan Heijmans 
Am using dashboard 1.1.1 with the use_file_bucket_diffs option.

When clicking on the links within a report it will show the old md5
file (on the left) but not the new md5 file (on the right)
like;
content content changed '{md5}26a3112822d01f2ce6b3f052bf2809de' to
'{md5}dd97364ab0559344d73231f517951595'

26a3112822d01f2ce6b3f052bf2809de ==> is displayed normally
dd97364ab0559344d73231f517951595 ==> We're sorry, but something went
wrong.

puppet-dashboard log shows;
Processing FilesController#show (for 192.168.20.20 at 2011-08-21
17:37:49) [GET]
  Parameters: {"action"=>"show", "controller"=>"files",
"file"=>"26a3112822d01f2ce6b3f052bf2809de"}
Completed in 22ms (View: 0, DB: 0) | 200 OK [http://192.168.20.100/
files/show?file=26a3112822d01f2ce6b3f052bf2809de]


Processing FilesController#show (for 192.168.20.20 at 2011-08-21
17:37:52) [GET]
  Parameters: {"action"=>"show", "controller"=>"files",
"file"=>"dd97364ab0559344d73231f517951595"}

Net::HTTPServerException (404 "Not Found"):
  /usr/lib/ruby/1.8/net/http.rb:2097:in `error!'
  lib/puppet_https.rb:34:in `get'
  app/controllers/files_controller.rb:23:in `show'
  haml (3.0.13) [v] rails/./lib/sass/plugin/rack.rb:41:in `call'
  passenger (3.0.8) lib/phusion_passenger/rack/request_handler.rb:
96:in `process_request'
  passenger (3.0.8) lib/phusion_passenger/abstract_request_handler.rb:
513:in `accept_and_process_next_request'
  passenger (3.0.8) lib/phusion_passenger/abstract_request_handler.rb:
274:in `main_loop'
  passenger (3.0.8) lib/phusion_passenger/classic_rails/
application_spawner.rb:321:in `start_request_handler'
  passenger (3.0.8) lib/phusion_passenger/classic_rails/
application_spawner.rb:275:in `send'
  passenger (3.0.8) lib/phusion_passenger/classic_rails/
application_spawner.rb:275:in `handle_spawn_application'
  passenger (3.0.8) lib/phusion_passenger/utils.rb:479:in `safe_fork'
  passenger (3.0.8) lib/phusion_passenger/classic_rails/
application_spawner.rb:270:in `handle_spawn_application'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:357:in
`__send__'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:180:in
`start'
  passenger (3.0.8) lib/phusion_passenger/classic_rails/
application_spawner.rb:149:in `start'
  passenger (3.0.8) lib/phusion_passenger/spawn_manager.rb:219:in
`spawn_rails_application'
  passenger (3.0.8) lib/phusion_passenger/
abstract_server_collection.rb:132:in `lookup_or_add'
  passenger (3.0.8) lib/phusion_passenger/spawn_manager.rb:214:in
`spawn_rails_application'
  passenger (3.0.8) lib/phusion_passenger/
abstract_server_collection.rb:82:in `synchronize'
  passenger (3.0.8) lib/phusion_passenger/
abstract_server_collection.rb:79:in `synchronize'
  passenger (3.0.8) lib/phusion_passenger/spawn_manager.rb:213:in
`spawn_rails_application'
  passenger (3.0.8) lib/phusion_passenger/spawn_manager.rb:132:in
`spawn_application'
  passenger (3.0.8) lib/phusion_passenger/spawn_manager.rb:275:in
`handle_spawn_application'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:357:in
`__send__'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:357:in
`server_main_loop'
  passenger (3.0.8) lib/phusion_passenger/abstract_server.rb:206:in
`start_synchronously'
  passenger (3.0.8) helper-scripts/passenger-spawn-server:99


Rendering /usr/share/puppet-dashboard/public/500.html (500 Internal
Server Error)


Is this because the new file is not in the filebucket yet?
any ideas anyone?

Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fighting with private keys and puppet master on Debian Squeeze

2011-08-21 Thread Nicolai 
To make sure you have a clean client and master knows nothing about it, 
(ssl-wise) do the following:

on master:
puppetca --clean client.example.com

on client:
rm -r /var/lib/puppet/ssl
puppetd --test

back to master:
puppetca --list   (to check for the signing request from client)
puppetca --sign client.example.com

on client:
puppetd --test

and you shouldnt have any issues with ssl-connection. (if time/dns etc is 
correct).


Nicolai Mollerup

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Ssoxy6kT-f0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fighting with private keys and puppet master on Debian Squeeze

2011-08-21 Thread Brian Troutwine 
On Sat, Aug 20, 2011 at 7:40 PM, Denmat  wrote:

> Hi,
>
> The standard port is 8140, are you using a different port?
>

Didn't know that was standard, but yes.


> You will need to pass --server on the puppet agent. The command line is
> different from the daemon config.
>

In what way?


> With certnames, your --servername must match the DNS name of the master. So
> using openssl s_client --connect  you should see the
> certname in the response. If that is different from the dns name then you
> will have issues (which can be solved through the puppet.conf certname
> directive).
>

Ah. I'm already using the certname directive and using the fqdn of the
master corrects the issue.


> Lastly it always good to run the same versions on client and server I find.
> So it's all running now?
>

It is; looks to be a version incompatibility. In fact, I've heard so often
that I should be using the same versions together than I'm rather nonplussed
that it's not possible to put the client and master into strict mode, such
that they'll _only_ function together if they've got compatible versions.

Den
>
> On 21/08/2011, at 9:04, Brian Troutwine  wrote:
>
> On Sat, Aug 20, 2011 at 6:18 PM, Denmat < 
> tu2bg...@gmail.com> wrote:
>
>> Hi,
>>
>> Are you calling the puppet run with the '--server '
>> parameter?
>>
>
> Default is 'puppet', no? In any event, using --server or not has no effect.
>
>
>> With SSL you basically need the following:
>>  * working DNS
>>  * clocks in sync
>>
>
> Done.
>
>
>>  * correct certnames
>>
>
> Can you elaborate?
>
>
>> To help solve SSL issues also use 'openssl s_client' to test connections,
>> check certnames and other errors.
>>
>> This is a definitive reference on puppet and SSL.
>> 
>> http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/
>>
>> There is a newer doc than this on puppet docs site but can't find it at
>> the moment:
>> 
>> http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security
>>
>>
> The latter is all that turns up in a google search. Here's the fresh apt:
>
> # puppet agent --test --noop
> info: Creating a new SSL key for apt.example.com
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for ca
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for apt.example.com
> err: Could not request certificate: Retrieved certificate does not match
> private key; please remove certificate from server and regenerate it with
> the current key
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
>
> Then on the puppet master:
>
>  # puppet cert --clean apt.example.com
> notice: Revoked certificate with serial 4
> notice: Removing file Puppet::SSL::Certificate 
> apt.example.com at '/var/lib/puppet/ssl/ca/signed/apt.example.com.pem'
> notice: Removing file Puppet::SSL::Certificate 
> apt.example.com at '/var/lib/puppet/ssl/certs/apt.example.com.pem'
>
>
> back to apt:
>
> # puppet agent --test --noop
> err: Could not request certificate: Retrieved certificate does not match
> private key; please remove certificate from server and regenerate it with
> the current key
> Exiting; failed to retrieve certificate and waitforcert is disabled
> root@apt:~# openssl s_client -host puppet -port 8139 -cert
> /var/lib/puppet/ssl/certs/apt.example.com.pem -key
> /var/lib/puppet/ssl/private_keys/apt.example.com.pem -CAfile
> /var/lib/puppet/ssl/certs/ca.pem
> error setting private key
> 732:error:0B080074:x509 certificate routines:X509_check_private_key:key
> values mismatch:x509_cmp.c:406:
>
>
> Doesn't really tell me much. Then I noticed that puppet master's running
> 2.7.1 while my apt client machine is on 2.6.2--part of the catalog is an
> update of the puppet client to Debian backport's latest. I ran that update
> manually and:
>
> # openssl s_client -host puppet -port 8139 -cert
> /var/lib/puppet/ssl/certs/apt.example.com.pem -key
> /var/lib/puppet/ssl/private_keys/apt.example.com.pem -CAfile
> /var/lib/puppet/ssl/certs/ca.pem
> connect: Connection refused
> connect:errno=111
>
>
> while
>
> # puppet agent --server puppet.example.com--test
>
>
> ran to completion, with no errors. That leaves me even more confused than
> before, frankly. It's possible I'm not using openssl s_client correctly, but
> I think there's sufficient evidence that the puppet master is listening and
> will push down catalogs.
>
>
>> Den
>>
>> On 21/08/2011, at 5:53, Brian Troutwine < 
>> br...@troutwine.us> wrote:
>>
>> On Sat, Aug 20, 2011 at 2:47 PM, Brian Troutwine < 
>> 
>> br...@troutwine.us> wrote:
>>
>>> On Sat, Aug 20, 2011 at 12:18 PM, Brian Troutwine < 
>>> 
>>> br...@troutwine.us> wrote:
>>>
 On Sat, A

Re: [Puppet Users] Fighting with private keys and puppet master on Debian Squeeze

2011-08-21 Thread Brian Troutwine 
On Sun, Aug 21, 2011 at 8:31 AM, Nicolai  wrote:

> To make sure you have a clean client and master knows nothing about it,
> (ssl-wise) do the following:
>
> on master:
> puppetca --clean client.example.com
>
> on client:
> rm -r /var/lib/puppet/ssl
> puppetd --test
>

The puppetca and puppetd tools are deprecated, no? Also, my client machines
do not have the puppet master program installed. I also do not believe it
reasonable for me, the end user of puppet, to be forced to be so hands-on
with puppet's ssl certificates. I am led to understand that some individuals
run their own CA but, in my case, I let puppet generate everything and the
puppet tooling _should_ be clever enough to manage its certificates but,
given the volume of ssl questions and errors on this mailing list, is not.


> back to master:
> puppetca --list   (to check for the signing request from client)
> puppetca --sign client.example.com
>
> on client:
> puppetd --test
>
> and you shouldnt have any issues with ssl-connection. (if time/dns etc is
> correct).
>
>
> Nicolai Mollerup
>

Thank you very much; very helpful.


>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/Ssoxy6kT-f0J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Brian L. Troutwine

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Controlling order of execution

2011-08-21 Thread Brian Troutwine 
Hmm, in that specific situation, sure. I can see how some of these would be
an odd fit for the language as currently implemented, I sure would like:

  * transactional builds ( so an error does not leave a box in an
inconsistent, half configured state )
  * more of an ability to specify error states
  * some sort of standardized testing framework

On Sat, Aug 20, 2011 at 8:08 PM, Denmat  wrote:

> Well you can on some resources types, like an exec, but not on file
> resources - which is annoying sometimes. With file resources it's different
> but it would be great to have an 'onlyif' parameter.
>
> So, you can turn your package install definition into an exec that has a
> pre-condition.
> exec {aptpackage:
>   command => apt install thing,
>   onlyif => sometest cond
> }
>
> That may work better for you.
>
> Den
>
> On 21/08/2011, at 9:30, Brian Troutwine  wrote:
>
> I wouldn't wish Puppet to play guess the quantum cat but, rather, to have
> the agent's application of its catalog error in a predictable fashion. I'd
> like to express the pre-condition that if /etc/apt/apt.conf.d/01proxy exists
> in the filesystem then the installation of package apt-cacher should error.
>
> Puppet, I believe, does not have this capability, and so the catalog build
> fails in an obscure manner. Do you suggest that it be a poor idea to include
> such pre-conditions in the language?
>
> On Sat, Aug 20, 2011 at 7:23 PM, Denmat < 
> tu2bg...@gmail.com> wrote:
>
>> Hi,
>>
>> No, you can only declare the state of a resource once. It can't be present
>> and absent at the same time.
>>
>> Den
>>
>>
>> On 21/08/2011, at 8:50, Brian Troutwine < 
>> br...@troutwine.us> wrote:
>>
>> PEBKAC, all.
>>
>> My images were already tainted with 01proxy, so it existed before the
>> installation of the apt-cacher. Question: is it possible to set a
>> precondition on a resource, say to ensure that a file _doesn't_ exist before
>> installation of a package?
>>
>> On Sat, Aug 20, 2011 at 5:38 PM, Brian Troutwine < 
>> 
>> br...@troutwine.us> wrote:
>>
>>> I also note that the following fails to order as I expect:
>>>
>>> class base {
>>>
>>>   if $hostname == 'apt' {
>>> file { '/etc/apt/apt.conf.d/01proxy':
>>>   ...
>>>   require=> Package['apt-cacher'],
>>>   notify => Service['apt-cacher'],
>>> }
>>> ...
>>>}
>>> }
>>>
>>> node '  apt.example.com'
>>> {
>>>   include base, aptcacher
>>> }
>>>
>>>
>>> 01proxy is placed in the filesystem before the Package apt-cacher is
>>> installed or the Service apt-cacher started.
>>>
>>> On Sat, Aug 20, 2011 at 3:34 PM, Brian Troutwine < 
>>> 
>>> br...@troutwine.us> wrote:
>>>
 I meant to include more material and have inserted it inline below. My
 apologies.

 On Sat, Aug 20, 2011 at 3:31 PM, Brian Troutwine < 
 
 br...@troutwine.us> wrote:

> Hello, all.
>
> I have a module for apt-cacher and a node definition something like
> this:
>
>  class base {
> file { '/etc/apt/apt.conf.d/01proxy':
> ...
> }
> }
>
> node '  
> apt.example.com'  {
> include base, aptcacher
>
> Class['aptcacher'] -> File['/etc/apt/apt.conf.d/01proxy']
> }
>
>
> I'm attempting, on the apt server, to ensure that the apt proxy is
> installed _before_ the reference to it being a proxy is made, else I can't
> install the silly thing. However, this dependency forcing fails and the
> proxy reference file is _sometimes_ installed before the proxy itself.
>

 Moreover, if I rewrite the dependency as:

 Service['apt-cacher'] -> File['/etc/apt/apt.conf.d/01proxy']


 there is no change.


> Why?
>
> --
> Brian L. Troutwine
>
>


 --
 Brian L. Troutwine


>>>
>>>
>>> --
>>> Brian L. Troutwine
>>>
>>>
>>
>>
>> --
>> Brian L. Troutwine
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to 
>> puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to 
>> puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Brian L. Troutwine
>
>  --
> You received this message because you are subscribed to the Goog

[Puppet Users] Multiple swap spaces

2011-08-21 Thread Brian Troutwine 
Hello, all.

I have a box that I'd like to have striping swap spaces. I attempted:

  mount { 'swap':
alias   => 'swap0',
atboot => true,
device => '/dev/xvdo',
ensure => 'mounted',
options=> 'defaults',
fstype => 'swap',
  }
  mount { 'swap':
alias   => 'swap1',
atboot => true,
device => '/dev/xvdp',
ensure => 'mounted',
options=> 'defaults',
fstype => 'swap',
  }


and

  mount { 'swap0':
name  => 'swap',
atboot => true,
device => '/dev/xvdo',
ensure => 'mounted',
options=> 'defaults',
fstype => 'swap',
  }
  mount { 'swap1':
name  => 'swap',
atboot => true,
device => '/dev/xvdp',
ensure => 'mounted',
options=> 'defaults',
fstype => 'swap',
  }


to predictable result. Problem is that mount conflates the name of the
resource with it's mount path; I'm defining the same thing two ways each
time. I _could_ write out my own fstab as a file resource, but that somewhat
defeats the purpose of even having a mount type. Am I missing something? Is
it possible to have multiple swap spaces with puppet?

-- 
Brian L. Troutwine

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet on OS X run using launchd generating a new certificate request for 'localhost' instead of the actual hostname

2011-08-21 Thread Khoury Brazil 
Hi Everyone,

I have a weird issue where the puppet client running under launchd
generates a new certificate request for 'localhost' which I thought
was pretty odd (with the side effect of it failing to run and report).
Running puppetd manually never generates this behavior.

Details:

Client:
puppetd version: 2.6.7
OS X version: 10.6.8
Contents of the hosts file:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost

Puppet appears to be running correctly (at least it jives with the
launchd instructions):
root52   0.3  1.0  2480284  43212   ??  Ss1:37PM   0:46.66
/usr/bin/ruby /usr/sbin/puppetd --verbose --no-daemonize --logdest
console
Notes:
Added to launchd using the details here:
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_With_Launchd
The output of the hostname using the 'hostname' command is correct.
Possibly relevant: Client does not have a DNS entry that matches its
hostname (our desktop environment is not allowed to use dynamic DNS so
it uses a mangled system where DNS updates are taken care of by the
DHCP process after it gets the hostname from the client when it
requests a DHCP lease (and it can take several hours to update). I
don't know why, I hate it, it's not going to change and sometimes it
results in a mismatched DNS entry and hostname)

Console output (redundant logs removed):
8/21/11 1:38:03 PM  com.reductivelabs.puppet[52] [0;32minfo: Creating
a new SSL key for localhost [0m

8/21/11 1:38:04 PM  com.reductivelabs.puppet[52]warning: peer
certificate won't be verified in this SSL session

8/21/11 1:38:04 PM  com.reductivelabs.puppet[52] [0;32minfo: Creating
a new SSL certificate request for localhost [0m

8/21/11 1:38:04 PM  com.reductivelabs.puppet[52] [0;32minfo:
Certificate Request fingerprint (md5):  [0m

8/21/11 1:38:04 PM  com.reductivelabs.puppet[52]warning: peer
certificate won't be verified in this SSL session

8/21/11 1:40:05 PM  com.reductivelabs.puppet[52] [0;36mnotice: Did not
receive certificate [0m

Puppet Master:
puppetmasterd version: 2.7.1

puppetca output:
user@puppetmasterserver:~$ sudo puppetca --list
localhost

Thanks for any insight you may have. This one has me kind of stumped.


Thanks,
Khoury

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on OS X run using launchd generating a new certificate request for 'localhost' instead of the actual hostname

2011-08-21 Thread Khoury 
On Aug 21, 5:30 pm, Khoury Brazil  wrote:
> Hi Everyone,
>
> I have a weird issue where the puppet client running under launchd
> generates a new certificate request for 'localhost' which I thought
> was pretty odd (with the side effect of it failing to run and report).
> Running puppetd manually never generates this behavior.
>
> Details:
>
> Client:
> puppetd version: 2.6.7
> OS X version: 10.6.8
> Contents of the hosts file:
> ##
> # Host Database
> #
> # localhost is used to configure the loopback interface
> # when the system is booting.  Do not change this entry.
> ##
> 127.0.0.1       localhost
> 255.255.255.255 broadcasthost
> ::1             localhost
> fe80::1%lo0     localhost
>
> Puppet appears to be running correctly (at least it jives with the
> launchd instructions):
> root        52   0.3  1.0  2480284  43212   ??  Ss    1:37PM   0:46.66
> /usr/bin/ruby /usr/sbin/puppetd --verbose --no-daemonize --logdest
> console
> Notes:
> Added to launchd using the details 
> here:http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_With_Launchd
> The output of the hostname using the 'hostname' command is correct.
> Possibly relevant: Client does not have a DNS entry that matches its
> hostname (our desktop environment is not allowed to use dynamic DNS so
> it uses a mangled system where DNS updates are taken care of by the
> DHCP process after it gets the hostname from the client when it
> requests a DHCP lease (and it can take several hours to update). I
> don't know why, I hate it, it's not going to change and sometimes it
> results in a mismatched DNS entry and hostname)
>
> Console output (redundant logs removed):
> 8/21/11 1:38:03 PM      com.reductivelabs.puppet[52]     [0;32minfo: Creating
> a new SSL key for localhost [0m
>
> 8/21/11 1:38:04 PM      com.reductivelabs.puppet[52]    warning: peer
> certificate won't be verified in this SSL session
>
> 8/21/11 1:38:04 PM      com.reductivelabs.puppet[52]     [0;32minfo: Creating
> a new SSL certificate request for localhost [0m
>
> 8/21/11 1:38:04 PM      com.reductivelabs.puppet[52]     [0;32minfo:
> Certificate Request fingerprint (md5):  [0m
>
> 8/21/11 1:38:04 PM      com.reductivelabs.puppet[52]    warning: peer
> certificate won't be verified in this SSL session
>
> 8/21/11 1:40:05 PM      com.reductivelabs.puppet[52]     [0;36mnotice: Did not
> receive certificate [0m
>
> Puppet Master:
> puppetmasterd version: 2.7.1
>
> puppetca output:
> user@puppetmasterserver:~$ sudo puppetca --list
> localhost
>
> Thanks for any insight you may have. This one has me kind of stumped.
>
> Thanks,
> Khoury

Adding the entry "127.0.0.1   " solved the
problem. I suppose that means dns/reverse dns is one of the ways that
puppet determines what the node name is (although in my case it
appears to be inconsistently applied). I'm just going to make sure the
entry is in each host file using puppet. A bit annoying but
manageable. It would be nice if there were an option under [agent] to
set how it determined the node name though.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet on OS X run using launchd generating a new certificate request for 'localhost' instead of the actual hostname

2011-08-21 Thread Nan Liu 
On Sun, Aug 21, 2011 at 7:53 PM, Khoury  wrote:
> Adding the entry "127.0.0.1       " solved the
> problem. I suppose that means dns/reverse dns is one of the ways that
> puppet determines what the node name is (although in my case it
> appears to be inconsistently applied). I'm just going to make sure the
> entry is in each host file using puppet. A bit annoying but
> manageable. It would be nice if there were an option under [agent] to
> set how it determined the node name though.

Try setting the option certname in the options or add it to
puppet.conf [agent] or [puppetd] section (dependent on your version).

Thanks,

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.