Re: [Puppet Users] puppet rspec with hiera helper, fails with error when class is parameterized

2014-09-02 Thread Manish Sapariya 
Thanks Martin, I completely missed that.

Also, just for record, I was using hiera-puppet-herlper version 1.
When I build version 2 gem from github, it worked alright.

Regards,
Manish

On Sunday, August 31, 2014 4:27:25 PM UTC+5:30, Martin Alfke wrote:
>
> Hi Manish,
>
> On 29.08.2014, at 14:07, Manish Sapariya > 
> wrote:
>
> Hi,
> I have two classes as posted in this gist.
>
> https://gist.github.com/msapariya/eca9f77c9f560f8a0e57
>
> kp_ls derives from params and defines two variables.
>
> I am using hiera-puppet-helper in my specs to run hiera
> related tests.
>
>
> Do you know that rspec-puppet has direct hiera support?
> There is no need for the hiera-puppet-herlper anymore:
>
> https://github.com/rodjek/rspec-puppet/pull/125
> merged on Dec 4th 2013
>
> Documentation is available on the respec-puppet site
>
> https://github.com/rodjek/rspec-puppet/pull/134
> merged on Dec 9th 2013
>
> There is also a blog article on how to make use of rspec-puppet with hiera 
> automatic lookups.
> For overwriting hiera variables you only have to add the params hash into 
> your spec file.
>
> hth,
>
> Martin
>
>
>
> However the test is failing with 
>
>  1) kp_ls
>  Failure/Error: it { should compile }
>  Puppet::Error:
>Error from DataBinding 'hiera' while looking up 'kp_ls::somevar': 
> FileSystem implementation expected Pathname, got: 'Hash' on node 
> testhost.example.com
>  # ./spec/classes/init_spec.rb:17:in `block (2 levels) in  (required)>'
>
>
> If I disable the class parameters, the tests are running fine.
> I could not get any clue from code or even googling the issue.
>
> Thanks for any help.
> Regards,
> Manish
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/7bb2d34f-ec1f-4a9a-be3b-2b4ee1890e03%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ba9f1bcf-e4d2-4714-84af-f36d6a7237e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Subscribe a kickstarted server to groups in PE dashboard

2014-09-02 Thread Juan Jose Blanco 
Hello, 
 
We are provisioning servers with Spacewalk and kickstart profiles. Servers 
are installed with pe-agent included and, after reboot, puppet agent is run 
in the server, which is added to groups "default" and "mcollective" in 
puppet dashboard. 
 
Depending on their types, we would like to add servers to custom groups in 
dashboard (appserver, intranet_server, etc.) when installation takes place 
and no later. 
 
One alternative could be to include a post script in the kickstart profile 
that somehow invokes the proper commands "rake node:addgroup" in the puppet 
dashboard, but we are reluctant to use ssh or any other similar tool. 
 
Is there any other way to do this aggregation of groups using existing PE 
commands, configuration files or APIs? 
 
 
Thank you. 
 
Kind regards
Juan José Blanco

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1114d889-e3c2-47c4-900e-4ba4360d93c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Query with use of recurse

2014-09-02 Thread Balasubramaniam Natarajan 
Hi

I have a query regarding how recurse behaves when we call it with "ensure
=> file"[1] compared with "ensure => directory"[2] ?

Would it make any sense to call recurse with "ensure => file" ?

[1]
  file {'/home/bala':
ensure=> file,
source => "puppet:///files/home/bala/",
sourceselect => "all",
recurse => true,
  }

[2]
  file {'/home/bala':
ensure=> directory,
source => "puppet:///files/home/bala/",
sourceselect => "all",
recurse => true,
  }



-- 
Regards,
Balasubramaniam Natarajan
http://blog.etutorshop.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAFHFDA%3D%3DHjSUdCttzWBizMnaJrNgyR_wM4Ga8NEUZoVgTPE5DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] custom script execution and sending output back to master

2014-09-02 Thread kaustubh chaudhari 
Hey,

Thanks for the reply. I tried what you suggested.

Sorry i am not a programmer, trying to find my way through.

I am looking for a best way to achieve this.

run a script on nodes user.sh which will create a file user.out, all i am
looking for getting this user.out file back to the puppet master.

can you suggest any ideas thoughts on this ?
(i am running user.sh through my manifest)


With Warm Regards
Kaustubh.A.Chaudhari
(M)-09373102619


On Wed, Aug 27, 2014 at 8:41 AM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:

> On 08/27/2014 02:06 PM, kaustubh chaudhari wrote:
> > Thanks for the reply Felix,
> >
> > I was wondering if we can get the output of a executable custom fact to
> > a specific-seperate file instead of standard servername.yml file ?
> >
> >
> >
> > With Warm Regards
> > Kaustubh.A.Chaudhari
>
> Hi,
>
> I'm at a loss to what you are referring here, specifically. What is that
> servername.yml you speak of?
>
> If you want a custom fact to cache its value in some file, then modify
> it to store the value there.
>
> HTH,
> Felix
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/pJRuahaMpmM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/53FDD205.60206%40alumni.tu-berlin.de
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAGceKKqQ78xRus0k2rOHDty_CCrm7HJ%3DnwfpHUy-FGKdSWtcDw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Good PupptMaster/Passenger Guide w OSX 10 .9

2014-09-02 Thread Thomas Bendler 
Install C6, install EPEL and SCL repository, install Foreman repository and
foreman-installer. Execute foreman-installer and the system is ready to run
(http://theforeman.org/manuals/1.5/quickstart_guide.html).

Regards Thomas


2014-09-01 21:50 GMT+02:00 :

>
>
> On Tuesday, August 26, 2014 7:23:45 PM UTC-4, keith@gmail.com wrote:
>
>> HI guys;
>>
>>  after speaking with puppet labs and gettting the pricing for my site, I
>> thought it maybe cheaper ot go open spurce. so I am asking for a good guide
>> you guys have used the following:
>>
>> http://nullr0ute.com/2014/01/puppetmaster-on-apache-with-
>> passenger-in-5-mins/
>> http://www.6tech.org/2013/01/how-to-install-puppet-open-
>> source-on-centos-6-3/
>> http://darktraining.com/linux/105/
>> http://www.unixmen.com/install-puppet-server-centos-6-56-4/
>>
>> all have given my the dreaded  ruby error. I hav eupdated the agent nodes
>> to the latest version of puppet/factor/hiera, but still get the error, I
>> have installed via RVM ruby 2.0, 2.1.2, and have seen passenger not running
>> ( passenger-status) and still get the ruby message from the clients.
>>
>>
>> so I am asking for  a little help and any links you guys can recommend
>>
>> site info:
>> 800 OSX machines 300 Windows
>>
>> woud like puppetmaster to be CentOS with passenger and dashboard or forman
>>
>> Thanks in advance
>>
>> Keith
>>
>
>
>
>
>
>
> Still never go this working. I just switched over to Foreman on Fedora 19
> and everything works with minimal tweeks
>
> Keith
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/faf566a4-854d-4d40-9f94-d286d8273f54%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1O%2BVPCsnu_vXvsTWP9hm%3DamfdhvTpqr4V0908%2BonWhbgg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: creating custom facts - general usage

2014-09-02 Thread jcbollinger 


On Friday, August 29, 2014 5:05:01 PM UTC-5, Mike Reed wrote:
>
> Hello all,
>
> To start, I would like to thank you in advance for your responses.
>
> I'm attempting to create a custom fact that will determine the network 
> location of a node, based on it's hostname.  Ideally this would be run on a 
> node prior to the rest of the puppet modules because I will use the result 
> as a top scope variable to assign certain values to nodes, based on their 
> network location.  My node hostnames currently subscribe to this convention:
>
> network-hostname/role-number (ie. home-elastic-01/work-mysql-02)
>


I would like to suggest that you *not* do this via a fact.  More generally, 
I consider it a principle of a good design to avoid creating any fact that 
is strictly derivative of other facts.

You can get a top scope variable with the same value in several other ways, 
principal among them:

   1. Compute it directly at top scope in your site manifest
   2. Compute it in a class that manages no resources, 'include' that class 
   at top scope, and set the top-scope variable from the class variable
   
As a subset of (1), you could consider creating and using a custom 
function, which would be very clean as far as your manifests go.

Note, however, that for *most* purposes you don't actually need a top-scope 
variable; you could instead use a class variable directly.  Either way, you 
should be using a fully-qualified name everywhere you refer to the variable 
in your manifests, so the choice of namespace is mostly a personal 
preference in that context.  The only use I can think of where you actually 
need a top-scope variable is if you want to interpolate it into Hiera 
hierarchy definitions (which is indeed a perfectly reasonable thing to do).

Option 2 might look like this:

modules/site/manifests/hostname_info.pp:

class site::hostname_info {
  $hostname_parts = split($::hostname, '-')
  $network = $hostname_parts[0]
  $role = $hostname_parts[1]
  $number = $hostname_parts[2]
}


manifests/site.pp (or any other manifest where you need the info):

# ...
include 'site::hostname_info'
$host_network = $site::hostname_info::network
# ...


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8776edc6-7284-4410-b741-af1a8d6b7299%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Using puppet with Apache mod_disk_cache and passenger over SSL

2014-09-02 Thread Brian Wilkins 
I turned off high performance, but every request still hits the 
puppetmaster. Any more ideas?

On Friday, August 29, 2014 5:57:30 PM UTC-4, Wil Cooley wrote:
>
> On Fri, Aug 29, 2014 at 9:50 AM, Brian Wilkins  > wrote:
>
>> # RHEL/CentOS:
>> # And the passenger performance tuning settings:
>> PassengerHighPerformance On
>>
>
> The Passenger doc says that this bypasses several layers of Apache 
> processing, so it is incompatible with mod_rewrite and others -- I would 
> not be surprised if it also was the source of your trouble.
>  
> Wil
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/24ba6a00-15ac-46de-be37-f002c2ab7a1c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] not able to sign the certificate of puppet master

2014-09-02 Thread Spriya 
Hi,

I installed puppet using open source. when i tryied to run puppet agent -t 
it is throwing me error.

puppet agent -t 
Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: getaddrinfo: Name or service not known
Info: Retrieving pluginfacts








*Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional 
resources using 'eval_generate': getaddrinfo: Name or service not 
knownError: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not 
retrieve file metadata for puppet://puppet/pluginfacts: getaddrinfo: Name 
or service not knownWrapped exception:getaddrinfo: Name or service not 
knownInfo: Retrieving pluginError: /File[/var/lib/puppet/lib]: Failed to 
generate additional resources using 'eval_generate': getaddrinfo: Name or 
service not knownError: /File[/var/lib/puppet/lib]: Could not evaluate: 
Could not retrieve file metadata for puppet://puppet/plugins: getaddrinfo: 
Name or service not knownWrapped exception:getaddrinfo: Name or service not 
known*



























*[main]# The Puppet log directory.# The default value is 
'$vardir/log'.logdir = /var/log/puppet# Where Puppet PID files are 
kept.# The default value is '$vardir/run'.rundir = 
/var/run/puppet# Where SSL certificates are kept.# The default 
value is '$confdir/ssl'.ssldir = $vardir/ssl[agent]# The file in 
which puppetd stores a list of the classes# associated with the 
retrieved configuratiion.  Can be loaded in# the separate ``puppet`` 
executable using the ``--loadclasses``# option.# The default value 
is '$confdir/classes.txt'.classfile = $vardir/classes.txt# Where 
puppetd caches the local configuration.  An# extension indicating the 
cache format is added automatically.# The default value is 
'$confdir/localconfig'.localconfig = 
$vardir/localconfig[master] certname = hostname*


please help me





-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b6e0b4c4-7f13-4373-88bc-b937a856a07f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet, HA & Duplicate definitions

2014-09-02 Thread jcbollinger 


On Friday, August 29, 2014 7:07:22 PM UTC-5, Wil Cooley wrote:
>
> On Fri, Aug 29, 2014 at 12:47 PM, Julien Pivotto  > wrote:
>
>> On Fri, Aug 29, 2014 at 06:37:19PM +0200, José Luis Ledesma wrote:
>> >If both nodes has to export the same resource ( same
>> >type/same title) they cannot be collected together.
>> >
>> >So, if you need to collect both, change the title to make it
>> >unique.
>> >
>> >Regards,
>>
>> yes, but if they represent the same stuff (remember, we speak about HA),
>> would you EXPORT the data on one node or COLLECT the data of one node?
>>
>
> DO they represent the same stuff? Don't the backend nodes that are 
> exporting the data have bits that are specific to themselves, such as 
> hostname or IP address, as part of the exported resource? And doesn't the 
> front-ends that are collecting the resources need to know those unique bits 
> about each backend? Or am I not understanding the model that you're working 
> on?
>
>
+1

Those are exactly the right questions.

Generally speaking, nodes should export only resources that are in some way 
specific to themselves.  Resources that instead are just generally 
associated with the site should be declared concretely or virtually, 
perhaps with the help of external data.  Exporting / collecting such 
resources is messier and more fragile, for no advantage.  You know you are 
running up against this if you find yourself wanting to collect just one of 
several exported resources, but you don't care which.

On the other hand, if you need to collect all the resources in some group 
(because each adds something different to your configuration), then 
distinguishing them from each other is the way to go.  Typically that means 
putting a unique identifier of the exporting node into each resource's 
title.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/24a66c85-098b-4483-bb0c-e3d151f90d22%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet agent loops and taking 100% of one CPU

2014-09-02 Thread jcbollinger 


On Friday, August 29, 2014 9:59:12 AM UTC-5, pmorel wrote:
>
> Hello,
>
> Recently 3 puppet agents instances (on 3 different servers yet with 
> quasi-similar configurations) started running at 100% on one CPU and thus 
> they cannot listen to the master anymore.
>
> Nothing appears to be wrong in the logs : no fail or execution problems.
>
> Starting the agent like so : puppet agent --debug --verbose -t, I can see 
> that puppet runs fine until some command that executes "chown ..." and then 
> no more debug/log. Personally I don't think the problem comes from 
> "chown"...
>


Such a symptom *could* arise from the chown under some circumstances.

 

>
> With strace, I can see that the puppet agent reads the file 
> /var/lib/ruby/1.8/puppet.rb, closes it and then reopens it and recloses 
> again in infinite loop (causes the 100% CPU).
>
>

That does seem strange.  Is there any chance that your agents are 
corrupted?  For instance, could you have Puppet installs both from a 
package and from a gem on the same machines?

 

> I've tried the solution of executing date -s "`date`" (solution that I've 
> seen in threads with similar problem", also I reinstalled puppet (with 
> purge) and ruby but no change.
>
>

If there is some kind of conflict, such as native package vs. gem, then 
reinstalling just Puppet might not be sufficient to fix it.  You might need 
to go as far as completely purging Ruby itself, too, along with everything 
that depends on it.  But before you try that, read on

 

> Also I'm running ruby1.8 and puppet2.7.22 but I don't want to update those 
> packages.
>
> The servers are running Ubuntu 12.04.4 LTS
>
>

If you suspect that the problem is with a resource or resource combination 
rather than with Puppet itself, then you should consider how you might 
identify the problematic resource.  If you keep your manifests and data in 
a VCS repository (highly recommended) then you could try reverting manifest 
and/or data changes affecting the servers in question.  In particular, you 
could try reverting to the last configuration that you know to have worked, 
and then step forward from there.

You could also just start trimming classes and/or resources from these 
nodes until the misbehavior goes away, to help you identify the resource(s) 
with which it is associated.  Perhaps your strace gives you a good starting 
point for that.

Note, too, that in most cases, unless you make explicit provisions to the 
contrary, removing a resource from your nodes' catalogs simply leaves that 
resource unmanaged -- it does not (normally) cause that resource to be 
removed from the node itself.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/38eede5b-c4d0-48d3-bcd0-8bf2819b2f2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: create_resources with default parameters on top of yaml for onetime usage

2014-09-02 Thread jcbollinger 


On Monday, September 1, 2014 4:54:31 AM UTC-5, yamaka...@gmail.com wrote:
>
> Hi guys,
>
> I'm looking for a solution to svn checkout a branch and directly config 
> the branch modules using create_resources.
>
> My yaml would look like this I think for a one time checkout, which will 
> grab all the modules and configure them one by one:
>
>
> svnsource:
>   repourl:
>   branch: 
>   copydir: 
>   repo: 
>   username: 
>   password:
>modules: 
>mymodule1:
>  servername:
>  database:
>  username:
>  password:
> mymodule2:
>  servername:
>  database:
>  username:
>  password:
> mymodule2:
>  servername:
>  database:
>  username:
>  password:
>
> How can I do this ?
>


What component do you hope will consume your YAML?  (Hiera, maybe?)  Are 
the "modules" you're talking about Puppet modules, or some other kind?  Are 
you expecting to do this via the "apply" face or via the "agent" face?

For the belance of this post, I'm going to assume that the answers are, in 
order, "I don't actually care", "Yes, Puppet modules", and "the 'apply' 
face".

 

> it seems that default or merge doesn't do what I need here.
>
>

Each execution of the create_resources() function creates resources of 
exactly one type.  It takes multiple calls to create resources of multiple 
types.  Moreover, create_resources() is rarely used to declare classes, in 
part because that's what an external node classifier is for.  In fact, what 
you are describing sounds much like a data-driven external node classifier.

It's a little bit wonky to download your Puppet manifests *after* invoking 
the catalog compiler, but I think you can do it in this one-time mode [I 
think] you're describing.  I suggest that you indeed do approach it by 
writing an external node classifier that consumes the YAML, performs the 
SVN checkout into the right location, and emits the desired specifications 
for classes to apply.  It looks like that last bit might just be a subtree 
of your overall data.

I do not think it is wise to try to download Puppet modules for the current 
Puppet run any time after Puppet has passed the ENC point.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/312ffc24-4b1b-46bd-b931-43611660af59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppet dead but pid file exists

2014-09-02 Thread Spriya 
Hi,

I am having an issue when restarting puppetmaster.
*$service puppetmaster status*
*puppet dead but pid file exists*


Let me know what might be the issue.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/667caddf-93a3-4f3e-97bb-87c42996b727%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet dead but pid file exists

2014-09-02 Thread John Kennedy 
How are you stopping Puppetmaster? If you are not gracefully shutting
puppetmaster down then the PID file will not be deleted.


John Kennedy  (_8(|)
I have a yellow dog:
http://www.theyellowdogproject.com/The_Yellow_Dog_Project/About.html

Why would anyone foster a dog/cat?
I would rather cry watching them leave our home to live a life of happiness
and joy in a loving home than cry because no one stepped up to help them
and they died alone, frightened, and sad in a shelter.


On Tue, Sep 2, 2014 at 10:47 AM, Spriya 
wrote:

> Hi,
>
> I am having an issue when restarting puppetmaster.
> *$service puppetmaster status*
> *puppet dead but pid file exists*
>
>
> Let me know what might be the issue.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/667caddf-93a3-4f3e-97bb-87c42996b727%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAD6OLfw%3D3cg64Q89kL1kegoaBEOK1S%3DnUf%2BSxedv7bYixWXPpw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet server getting closed source?

2014-09-02 Thread Thomas Müller 
Hi 

Just heard some rumors on the floor that future Puppet products will only 
be available as closed source. 

Is there some official statement from Puppetlabs?


- Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/lu4lf5%24i96%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Why does my Puppet Master randomly revoke my Agent's certificate?

2014-09-02 Thread jcbollinger 


On Monday, September 1, 2014 5:57:58 PM UTC-5, Jason Oakley wrote:
>
> My servers were working fine, when I got this error:
> Inventory
> Could not retrieve facts from inventory service: SSL_connect returned=1 
> errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate 
> revoked
>
> Now, everything was working fine. Due to this error, I re-created the 
> certificate and all was well. Then, I logged onto the Master a day or two 
> later and the certificate is yet again revoked.
> How do I stop this?
>
>

Puppet does not perform automatic certificate revokations.  I have 
personally crawled the code to check.  IIRC, the last time we had a 
question like this one, the user eventually discovered a separate automated 
process in his environment that was revoking certain certificates.  If you 
have any kind of automated process around issuing certs, then that's the 
first place I would look.

You could also consider making your ssl/ directory and everything in it 
read-only (immutable, if necessary), to try to identify the rogue behavior 
by forcing it to error out.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f6c5cc3b-0a38-4358-a48f-9e06aec13623%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet dead but pid file exists

2014-09-02 Thread Spriya 
Hi John

This is the way i am doing:









*service puppetmaster stopStopping 
puppetmaster: [FAILED][root@cluster2 
puppet]# service puppetmaster startStarting 
puppetmaster: [  OK  ][root@cluster2 
puppet]# service puppetmaster statuspuppet dead but pid file existsLet me 
know*


On Tuesday, September 2, 2014 7:50:12 AM UTC-7, JohnK wrote:
>
> How are you stopping Puppetmaster? If you are not gracefully shutting 
> puppetmaster down then the PID file will not be deleted.
>
>
> John Kennedy  (_8(|)
> I have a yellow dog:
> http://www.theyellowdogproject.com/The_Yellow_Dog_Project/About.html
>
> Why would anyone foster a dog/cat?
> I would rather cry watching them leave our home to live a life of 
> happiness and joy in a loving home than cry because no one stepped up to 
> help them and they died alone, frightened, and sad in a shelter.
>
>
> On Tue, Sep 2, 2014 at 10:47 AM, Spriya  > wrote:
>
>> Hi,
>>
>> I am having an issue when restarting puppetmaster.
>> *$service puppetmaster status*
>> *puppet dead but pid file exists*
>>
>>
>> Let me know what might be the issue.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/667caddf-93a3-4f3e-97bb-87c42996b727%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8f9d5280-3cd3-4063-88d8-74c93ac0b4b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet dead but pid file exists

2014-09-02 Thread Brian Wilkins 
It probably died (either ps -ef | grep puppetmaster | awk '{print $2}' | 
xargs kill -9) or otherwise. Just remove the pid file and continue. You can 
examine the pid file to see if a process with that PID and named 
puppetmasterd exists. More than likely not.

On Tuesday, September 2, 2014 10:56:59 AM UTC-4, Spriya wrote:
>
> Hi John
>
> This is the way i am doing:
>
>
>
>
>
>
>
>
>
> *service puppetmaster stopStopping 
> puppetmaster: [FAILED][root@cluster2 
> puppet]# service puppetmaster startStarting 
> puppetmaster: [  OK  ][root@cluster2 
> puppet]# service puppetmaster statuspuppet dead but pid file existsLet me 
> know*
>
>
> On Tuesday, September 2, 2014 7:50:12 AM UTC-7, JohnK wrote:
>>
>> How are you stopping Puppetmaster? If you are not gracefully shutting 
>> puppetmaster down then the PID file will not be deleted.
>>
>>
>> John Kennedy  (_8(|)
>> I have a yellow dog:
>> http://www.theyellowdogproject.com/The_Yellow_Dog_Project/About.html
>>
>> Why would anyone foster a dog/cat?
>> I would rather cry watching them leave our home to live a life of 
>> happiness and joy in a loving home than cry because no one stepped up to 
>> help them and they died alone, frightened, and sad in a shelter.
>>
>>
>> On Tue, Sep 2, 2014 at 10:47 AM, Spriya  wrote:
>>
>>> Hi,
>>>
>>> I am having an issue when restarting puppetmaster.
>>> *$service puppetmaster status*
>>> *puppet dead but pid file exists*
>>>
>>>
>>> Let me know what might be the issue.
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/667caddf-93a3-4f3e-97bb-87c42996b727%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b9e4f4fd-eb18-45f0-b936-0e012c9920ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 'node data' when using common node_names?

2014-09-02 Thread Nigel Kersten 
On Wed, Aug 27, 2014 at 8:10 AM, jcbollinger 
wrote:

>
>
> On Tuesday, August 26, 2014 6:24:57 PM UTC-5, Nigel Kersten wrote:
>>
>>
>>
>>
>> On Tue, Aug 26, 2014 at 12:27 PM, Erik Dalén 
>> wrote:
>>
>>
>>>
>>>
>>> On 26 August 2014 20:22, jcbollinger  wrote:
>>>


 On Monday, August 25, 2014 11:13:40 AM UTC-5, Matt W wrote:

> Comments inline
>
> Matt Wise
> Sr. Systems Architect
> Nextdoor.com
>
>
> On Mon, Aug 25, 2014 at 6:55 AM, jcbollinger 
> wrote:
>
>>
>>
>
>>

>  Can you say a bit more about that?  What do you see that suggests
>> agents are pulling down "node information" other than their catalogs (and
>> later, any 'source'd files)?
>>
>>
> With nearly every puppet catalog compile, we also see GET requests
> like this:
>
> 10.216.61.76 - XXX - puppet "GET /production/node/xyz? HTTP/1.1" 200
>> 13733 "-" "-" 0.021
>
>
> Where 10.216.61.76 is *not* the local IP of the puppet master... its
> the remote IP of the ELB, which indicates that its remote traffic from our
> puppet clients.
>
>

 That traffic might be coming from nodes, but all you know for sure is
 that it is traversing the ELB.  Surely the master could send requests
 through the ELB that end up coming back to it.  For all I know, the ELB
 might preferentially route such requests back to the originating host.

 From the perspective of the Puppet service lifecycle, the two most
 likely sources of such traffic are (1) an ENC retrieving node facts, and
 (2) the master determining nodes' environments.  I don't know any reason
 why nodes would be requesting their own node information, and even if they
 did, I can't see how that would affect the catalog the master serves to
 them.

>>>
>>> The reason for them to do this is to be able to use the environment that
>>> was configured on the master to fetch the plugins from. So first it tries
>>> to fetch its node info from the master to see if the environment in that is
>>> different than what it had configured locally. This is a new feature since
>>> puppet 3.0.
>>>
>>> In puppet 2.7 it used the fact plugins from the agent configured
>>> environment and the catalog from the master configured if I remember
>>> correctly.
>>>
>>
>> Yes, and also file resources came from the agent-configured environment
>> even though the resource was from the master-configured environment, which
>> resulted in much hilarity.
>>
>>
>>
>
> I am well aware of all the old hilarity surrounding determining the
> environment from which to serve various bits, but I was unaware that the
> resolution involved agents requesting their environment from the master.
> That implies that the master *still* relies on the agent to correctly
> specify (echo back) the environment from which to serve those bits, else
> why would the agent need to know?
>
> If that's really what's happening then it's a poor design (which I guess
> is why I supposed it *wasn't* what was happening).  If the master is
> authoritative for a piece of information -- as it is for nodes'
> environments -- then it should not rely on relaying that information back
> to itself through an external actor -- that undermines its
> authoritativeness for the information.  Moreover, to the extent that the
> master does have such a reliance, it leaves Puppet open to malicious
> manipulation of the requested environment.
>
> So, um, are you sure?
>

Yes.  The bit of info we haven't mentioned is that if the client and server
environments don't match, and the server is set to be authoritative, then
it triggers the client to do a new pluginsync and run with the server
environment.

Tracking back to older tickets, there's a succinct description here from
Daniel Pittman:

http://projects.puppetlabs.com/issues/16753

(which has related tickets for the rest of the change)

"The reason this was removed was to support the changes that made the ENC
authoritative over the agent environment. As part of that we had a
bootstrapping problem: the agent had an idea of the environment to request,
used that in pluginsync, and then as part of the request for the catalog.

If that idea was wrong, the catalog would be returned from the correct, ENC
specified environment, but it would have been generated with the wrong set
of plugins – including custom facts. So, the agent would detect that,
pluginsync to the new environment in the catalog, and compile a new catalog.

That fixed the problem, but was inefficient – every agent run with an
incorrect environment would mean two catalog compilations, and doubling
master load in a common situation (ENC says !production, agent run from
cron) was pretty unacceptable.

So, instead, the agent was changed to query the master for node data about
itself – and to use the environment that came back from that."

-- 
You received this message because you are subscribed to the Goo

[Puppet Users] Re: Switching modules files dynamicaly

2014-09-02 Thread jcbollinger 


On Monday, September 1, 2014 4:28:08 AM UTC-5, Guy Meler wrote:
>
> Hey!
> I Need to swap modules dynamically on my puppet masters.
>
>

Are you talking about updating modules with newer versions, or something 
more dynamic than that?  If the latter, then there is likely a better way 
to achieve what you want.

 

> Is there a healthy way to do so?
> I'm afraid that I will swap a file during a catalog compilation and it 
> just seems wrong.
>
>

Yes, that's a concern, and it could definitely cause you grief.  Depending 
on which Puppet version you are using, you may also need to worry about 
Puppet caching previously-compiled classes and re-using them for a time 
after you switch.

 

> My thought was to stop the puppet master service every time, but it is 
> kind of messed up.
>


Routinely making large changes to your manifest set on the fly is kind of 
messed up.  I'd really like to hear more about what you're trying to 
accomplish, with a view toward suggesting a better approach.

 

> Is there any lock file or any other way I can tell a master to stop 
> processing new compilations?
>
>

The master does not have a built-in mechanism for that as far as I know, 
but you could block its port at the firewall.  You would need to keep it 
blocked until all current compilations are complete, then make your changes 
before unblocking.  Be aware that that might interfere with clients' 
ability to retrieve 'source'd File content (i.e. even after they receive 
their catalogs).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0fbbe009-e9cb-44a6-8906-11e5850e9414%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] erb tempate issue

2014-09-02 Thread Wil Cooley 
On Sep 1, 2014 3:35 AM, "Juan Sierra Pons"  wrote:
>
> Hi
>
> Finally I have changed to another kind on loop that works for my case
>
> uri<% @ldap_servers.each do |server| -%>
>  ldap://<%= server -%>
> <% end %>

As you've found, an explicit loop, er, iterable is better than trying to
use implicit conversion of an array to a string.

An alternative is to use the 'join' method; that will put the separator
only between the elements, rather than having to have it before or after
each. This would be clearly better with a comma or other non-whitespace
separator.

Wil

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMmm3r69VGauQJ_kNaHvL_eVR3K_QwJb0LNrnBT2f9asSBnX9A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 'node data' when using common node_names?

2014-09-02 Thread Brian Wilkins 
Matt,

There is a better way and that is to use the roles and profiles pattern. I 
use that and I have a custom facter ruby script that reads the fqdn from a 
yaml and assigns it's role. Puppet takes over from there. 

On Saturday, August 23, 2014 1:46:59 PM UTC-4, Matt W wrote:
>
> Will,
>   Thanks for the response. I know its a bit of a unique model -- but when 
> you think about it, it makes a decent amount of sense. We run hundreds of 
> nodes that are fundamentally similar .. i.e. "this is a web server, it gets 
> the XYZ package installed" and "this is a web server, it gets the ABC 
> package installed". Using hostnames to identify the systems node-definition 
> makes very little sense and leaves quite a bit of room for error. 
> Explicitly setting the node-type as a fact allows us to re-use the same 
> node types but for many different environments and keeps host-names out of 
> the mix. For example, I can quickly boot up a 
> "prod-mwise-dev-test-web-sever-thingy" using the same node definition as 
> our "prod-frontend-host" for some testing, without worrying about the 
> hostname regex structure.
>
>   Anyways that said ... what I'm really interested in knowing is why the 
> puppet-agents are pulling DOWN their "node information" from the puppet 
> masters? Is it possible that they do an upload of node information, then 
> ask for that information back, then somehow use the downloaded information 
> for their catalog request? I could see some interesting race conditions if 
> that was the case.
>
> Matt Wise
> Sr. Systems Architect
> Nextdoor.com
>
>
> On Fri, Aug 22, 2014 at 7:11 PM, Wil Cooley  > wrote:
>
>>
>> On Aug 22, 2014 7:37 AM, "Matt W" > 
>> wrote:
>> >
>> > Anyone have any thoughts on this?
>> >
>>
>> I have to say, using an identical node name as a way of assigning the 
>> node's role is an "interesting" approach. I would not be surprised if you 
>> run into other difficulties with this approach; some even harder to find. 
>> Even something like an appended unique identifier, such as from the host 
>> ID, MAC address, serial number, hashed SHA1, etc would have been better.
>>
>> Be that as it may, life would be dull if we didn't have to live with the 
>> sins of the past. You might check the config guide 
>> https://docs.puppetlabs.com/references/3.6.latest/configuration.html but 
>> in thinking about it, if you found a setting and tried to use a fact in it, 
>> you'd probably just get the master's fact.
>>
>> The reports, at least, should be easy - since they're pluggable, you 
>> could copy the existing "lib/puppet/reports/store.rb" to a new name & 
>> module and tweak the storage location.
>>
>> Wil
>>
>> > On Thursday, August 14, 2014 10:39:16 AM UTC-7, Matt W wrote:
>> >>
>> >> We noticed that our puppet reports and our puppet node data stored on 
>> our puppet servers is always written out in the form of the 'node name'. So 
>> when we use a node name like 'prod_webserver' across many webserver 
>> machines, we get a tree of reports and node data like this:
>> >>
>> >>> /var/lib/puppet/yaml/node/prod_web.yaml
>> >>> /var/lib/puppet/yaml/facts/prod_web.yaml
>> >>> /var/lib/puppet/reports/prod_web
>> >>> /var/lib/puppet/reports/prod_web/201408130200.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408140811.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408121328.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408130743.yaml
>> >>> /var/lib/puppet/reports/prod_web/201408140454.yaml
>> >>
>> >>
>> >> Where each of those reports likely reflects a compilation run for a 
>> different host... and the facts/node files at the top are getting 
>> constantly re-written as new clients come in.
>> >>
>> >> Is there a way to change the behavior of the data there to be written 
>> out based on the ${::fqdn} of the host (or certname) rather than its node 
>> name?
>> >>
>> >> (our client puppet configs ...)
>> >>>
>> >>> [main]
>> >>> ...
>> >>> node_name = facter
>> >>> node_name_fact = puppet_node
>> >>
>> >>
>> >> (a client puppet fact file...)
>> >>>
>> >>> puppet_node=prod_web
>> >>> puppet_environment=production
>> >>> package=frontend=some-version-here
>> >>> app_group=us1
>> >
>> > -- 
>> > You received this message because you are subscribed to the Google 
>> Groups "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to puppet-users...@googlegroups.com .
>> > To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/40c0048d-fc90-4006-99da-98bfa9ba94a7%40googlegroups.com
>> .
>> >
>> > For more options, visit https://groups.google.com/d/optout.
>>  
>> -- 
>> You received this message because you are subscribed to a topic in the 
>> Google Groups "Puppet Users" group.
>> To unsubscribe from this topic, visit 
>> https://groups.google.com/d/topic/puppet-users/adxt68xO210/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to 
>> puppet-users...@googlegroups.c

Re: [Puppet Users] Query with use of recurse

2014-09-02 Thread Wil Cooley 
On Sep 2, 2014 5:43 AM, "Balasubramaniam Natarajan" 
wrote:
>
> Hi
>
> I have a query regarding how recurse behaves when we call it with "ensure
=> file"[1] compared with "ensure => directory"[2] ?
>
> Would it make any sense to call recurse with "ensure => file" ?

No, recurse is only useful for copying directory to directory.

What are you going to accomplish? Copying a source directory of symlinks as
their targets? If so, there's a separate parameter for that.

Wil

> [1]
>   file {'/home/bala':
> ensure=> file,
> source => "puppet:///files/home/bala/",
> sourceselect => "all",
> recurse => true,
>   }
>
> [2]
>   file {'/home/bala':
> ensure=> directory,
> source => "puppet:///files/home/bala/",
> sourceselect => "all",
> recurse => true,
>   }
>
>
>
> --
> Regards,
> Balasubramaniam Natarajan
> http://blog.etutorshop.com
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAFHFDA%3D%3DHjSUdCttzWBizMnaJrNgyR_wM4Ga8NEUZoVgTPE5DA%40mail.gmail.com
.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMmm3r489aNH6Vt2eXBuSi613QpzQ2E_%2B5ooj%2BNGgpUeWWk5nA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] rspec-puppet and testing custom facts

2014-09-02 Thread Brett Swift 

rspec-puppet supports classes, functions, defined types, but not facts. 


spec
 |
  -> classses
  -> defines
  -> facts? ?  ? ??  ? 


Is there a recommended way to test facts?  

I've seen a few examples, but they seem hacky, and I have a feeling this 
should be or is available from puppet modules. 

http://unethicalblogger.com/2014/03/01/testing-custom-facts-with-rspec.html 
 
 --> requires re-writing every fact.  Not super keen on doing that if I 
don't have to. 


github.com/vStone/puppet-testing-example
-->  seems to work at first, but then when I change an expectation from 
false to true,  it still passes. This is 2 years old and the version of 
rspec isn't locked down in the gemfile, so it may not even be valid with 
the latest version. 


Does anyone have a working solution?  Maybe my google-fu isn't very good.. 
 there has to be something out there that works? 





-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e55b7789-ea18-4440-933b-efa1e5bc3263%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] rspec-puppet and testing custom facts

2014-09-02 Thread Hunter Haugen 
On Tue, Sep 2, 2014 at 10:48 AM, Brett Swift  wrote:

>
> rspec-puppet supports classes, functions, defined types, but not facts.
>
>
> spec
>  |
>   -> classses
>   -> defines
>   -> facts? ?  ? ??  ?
>
>
> Is there a recommended way to test facts?
>

You don't actually need any of the helpers in rspec-puppet to test facts
with rspec.

In rspec, you would stub any facts that are required but not under test
with `allow(Facter.fact(:osfamily)).to
receive(:value).and_return("fakeosfamily")`, then stub any commands that
the fact that you're testing with `expect(Facter::Util::Resolution).to
receive(:exec).with("some command here").and_return("out that the command
would return")`

Then you can call `expect(Facter.fact(:myfact).value).to eq("factvalue")`

Eg, testing the root_home fact in stdlib:
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/spec/unit/facter/root_home_spec.rb#L34-L50


>
> I've seen a few examples, but they seem hacky, and I have a feeling this
> should be or is available from puppet modules.
>
> http://unethicalblogger.com/2014/03/01/testing-custom-facts-with-rspec.html
>
>  --> requires re-writing every fact.  Not super keen on doing that if I
> don't have to.
>
>
> github.com/vStone/puppet-testing-example
> -->  seems to work at first, but then when I change an expectation from
> false to true,  it still passes. This is 2 years old and the version of
> rspec isn't locked down in the gemfile, so it may not even be valid with
> the latest version.
>
>
> Does anyone have a working solution?  Maybe my google-fu isn't very good..
>  there has to be something out there that works?
>
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/e55b7789-ea18-4440-933b-efa1e5bc3263%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJaQvGDj3Vf0LaVR2Q9c6PtUeYDHgzAp6%2B9T5C8mh46sQF7fSA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] windows mount points

2014-09-02 Thread Rob Reynolds 
On Mon, Sep 1, 2014 at 12:00 PM, Benjamin Priestman <
benja...@miniverse.me.uk> wrote:

> Hi,
>
> On windows hosts, I've taken to putting all my app data in c:\srv,
> mimicing the /srv location on Linux. Depending on the host, this may be a
> location on the system drive, or it is sometimes an additional disk mounted
> at that location. In the latter case, `puppet resource file ` shows this as
> a link whose target is the underlying volume.
>
> An attempt to define a file resource within this location fails with:
> 'Parent directory C:/srv does not exist'
> If I create subdirectories here by hand, the puppet run proceeds just
> fine. Has anyone else come across this behavior?
>
> I'm running puppet 3.4.2 at the moment. Happy to upgrade but I can't find
> any big reports that indicate this is a known issue.
>

We've had a similar issue when trying to copy files from non-NTFS volumes,
but perhaps the underlying bug also affected file resources in those
mounted folders. See PUP-1450[1] (also PUP-1368[2] and PUP-1389[3]) as it
could have could have been linked to what you are seeing currently.

[1] https://tickets.puppetlabs.com/browse/PUP-1450
[2] https://tickets.puppetlabs.com/browse/PUP-1368
[3] https://tickets.puppetlabs.com/browse/PUP-1389


>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/bc4867e4-4bf6-44a8-900c-1690512db21e%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*Join us at PuppetConf 2014 , September
20-24 in San Francisco*
*Register by September 8th to take advantage of the Final Countdown

*
*--**save $149!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4%3D%3Do_fKmmTbAHO_%3D%2BKYVUaPiwrpMU-VLrELT5Gb%3DJ90g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] rspec-puppet and testing custom facts

2014-09-02 Thread Sebastian Otaegui 
I tested my facts like this:

https://github.com/Spantree/puppet-thrift/blob/master/spec/unit/facter/thrift_version_spec.rb

One detail to take into account is that I change the mock library from its
default to rspec:
https://github.com/Spantree/puppet-thrift/blob/master/spec/spec_helper.rb

Regards



On Tue, Sep 2, 2014 at 1:28 PM, Hunter Haugen  wrote:

>
> On Tue, Sep 2, 2014 at 10:48 AM, Brett Swift  wrote:
>
>>
>> rspec-puppet supports classes, functions, defined types, but not facts.
>>
>>
>> spec
>>  |
>>   -> classses
>>   -> defines
>>   -> facts? ?  ? ??  ?
>>
>>
>> Is there a recommended way to test facts?
>>
>
> You don't actually need any of the helpers in rspec-puppet to test facts
> with rspec.
>
> In rspec, you would stub any facts that are required but not under test
> with `allow(Facter.fact(:osfamily)).to
> receive(:value).and_return("fakeosfamily")`, then stub any commands that
> the fact that you're testing with `expect(Facter::Util::Resolution).to
> receive(:exec).with("some command here").and_return("out that the command
> would return")`
>
> Then you can call `expect(Facter.fact(:myfact).value).to eq("factvalue")`
>
> Eg, testing the root_home fact in stdlib:
> https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/spec/unit/facter/root_home_spec.rb#L34-L50
>
>
>>
>> I've seen a few examples, but they seem hacky, and I have a feeling this
>> should be or is available from puppet modules.
>>
>>
>> http://unethicalblogger.com/2014/03/01/testing-custom-facts-with-rspec.html
>>
>>  --> requires re-writing every fact.  Not super keen on doing that if I
>> don't have to.
>>
>>
>> github.com/vStone/puppet-testing-example
>> -->  seems to work at first, but then when I change an expectation from
>> false to true,  it still passes. This is 2 years old and the version of
>> rspec isn't locked down in the gemfile, so it may not even be valid with
>> the latest version.
>>
>>
>> Does anyone have a working solution?  Maybe my google-fu isn't very
>> good..  there has to be something out there that works?
>>
>>
>>
>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/e55b7789-ea18-4440-933b-efa1e5bc3263%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJaQvGDj3Vf0LaVR2Q9c6PtUeYDHgzAp6%2B9T5C8mh46sQF7fSA%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Those who do not understand Unix are condemned to reinvent it, poorly.
Any sufficiently recent Microsoft OS contains an ad hoc,
informally-specified, bug-ridden, slow implementation of half of Unix.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAApMPgyCT_YmWm-anqXtyvPAF1Wuf%3DFBOk4zgn2dTCuLh48Aeg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Permission problems on Windows

2014-09-02 Thread Rob Reynolds 
On Mon, Sep 1, 2014 at 12:35 PM, Armindo Silva 
wrote:

> Hi,
>
> I have a zip file that has some binaries inside, if I unzip it (with 7z)
> manually and try to run one of the binaries and it just works, if I unzip
> it using puppet agent:
>
>   exec { 'eMZP':
> command => 'cmd /c 7z x c:\myfolder\my.zip -oc:\myfolder\',
> creates => 'c:/myfolder/mybin.exe',
> require => File['c:/myfolder/my.zip'],
>   }
>
> the unziped files don't have exec permissions so I am not able to run
> them.
>

This is likely due to how Puppet does not inherit permissions down to the
folder from the folder above. I thought we had fixed that in a newer
version of Puppet though. What version of Puppet are you running on the
box(es) in question?



> As workaround I have been setting the folder's mode but setting the mode
> on windows is deprecated.
>

Deprecated, but still usable. The replacement is the acl module[1].

[1] https://forge.puppetlabs.com/puppetlabs/acl


>
> Any ideas/pointers?
>
> Best regards,
> Armindo
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/32d3a423-9307-4beb-b423-7ff9f0d35b77%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*Join us at PuppetConf 2014 , September
20-24 in San Francisco*
*Register by September 8th to take advantage of the Final Countdown

*
*--**save $149!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4c1MXDZf_KH%2Bh1%2BfOipfKLpCtaSEF3mT1e%3DF7hsPHRqQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Enterprise runonce fails but regularly scheduled agent run succeeds

2014-09-02 Thread Rob Reynolds 
On Fri, Aug 29, 2014 at 4:03 PM, Paul Chernoch  wrote:

> The node is a Windows 2008R2 box.
> I am attempting to fetch files from Team Foundation Server using an exec
> resource and the command line program TF.EXE.
> When I process the catalog using the regularly scheduled puppet run, it
> completes successfully.
> When I use "Live Management" > "Control Puppet" > "runonce" I get errors.
> I do not fill in any parameters in the dialog.
> In the puppet log, I see this message repeated for each file I try to
> fetch:
>
> TF30063: You are not authorized to access http://
> .com:8080/tfs/.
>
>
> This seems to indicate that TF.EXE authentication prevented the operation.
> My initial runs relied upon the currently-logged-in-user's credentials. We
> gave proper rights to the user account assigned to puppet and this used to
> work before some recent changes.
> I decided to hardcode my personal user name and password to see if that
> would work.
> It continues to work for the regularly scheduled agent run, and continues
> to fail for the "runonce" run.
>


Run once user is likely determined by the MCO service user and not the
Puppet Agent service user. Please ensure you also add that user to the
authorized list.



>
> Here is an example of a command that my EXEC resource is trying to execute:
>
> TF.exe view /collection:http://.com:8080/tfs/PhoenixCollection
> /output:c:\phx_deployer\staging\phoenix\2.60.1.87\PaymentPlan.Services.Web.zip
> $\ReleasePackages\PhoenixReleasePackages\PaymentPlan.Services.Web.zip
> /login:, /version:L2.60.1.87
>
> The exec resource of course sets the current directory to be the location
> of TF.EXE and its DLLs.
> Here is the flavor of the exec resource:
>
>   exec { "tf view ${filename} /version:${versionspec}":
> command  => $tfview_cmd,
> path => $exec_path,
> cwd  => $tf_dir_unix,
> onlyif   => $tfhistory_cmd,
> require  => Class['tfview::tfcomponents']
>   }
>
> The *onlyif *command invokes a ruby script that itself calls TF.EXE
> HISTORY to see if the file has changed in TFS and needs to be checked out
> again. That script is coded so that if an exception is thrown by TF.EXE, it
> will return zero, and indicate that TF VIEW must be called to fetch a new
> copy of the file.
>
> Any ideas?
>
> Paul Chernoch
> Lead Software Engineer
> EF Education First
> Cambridge, MA
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/93762f3f-53cd-4431-928d-5c281418af9f%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*Join us at PuppetConf 2014 , September
20-24 in San Francisco*
*Register by September 8th to take advantage of the Final Countdown

*
*--**save $149!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4Kck%3DJQ4SWcbr_6bBUs9LkGEg4ux8iKQsdpAt7MMRqgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: creating custom facts - general usage

2014-09-02 Thread Mike Reed 


On Tuesday, September 2, 2014 6:42:11 AM UTC-7, jcbollinger wrote:
>
>
>
> On Friday, August 29, 2014 5:05:01 PM UTC-5, Mike Reed wrote:
>>
>> Hello all,
>>
>> To start, I would like to thank you in advance for your responses.
>>
>> I'm attempting to create a custom fact that will determine the network 
>> location of a node, based on it's hostname.  Ideally this would be run on a 
>> node prior to the rest of the puppet modules because I will use the result 
>> as a top scope variable to assign certain values to nodes, based on their 
>> network location.  My node hostnames currently subscribe to this convention:
>>
>> network-hostname/role-number (ie. home-elastic-01/work-mysql-02)
>>
>
>
> I would like to suggest that you *not* do this via a fact.  More 
> generally, I consider it a principle of a good design to avoid creating any 
> fact that is strictly derivative of other facts.
>
> You can get a top scope variable with the same value in several other 
> ways, principal among them:
>
>1. Compute it directly at top scope in your site manifest
>2. Compute it in a class that manages no resources, 'include' that 
>class at top scope, and set the top-scope variable from the class variable
>
> As a subset of (1), you could consider creating and using a custom 
> function, which would be very clean as far as your manifests go.
>
> Note, however, that for *most* purposes you don't actually need a 
> top-scope variable; you could instead use a class variable directly.  
> Either way, you should be using a fully-qualified name everywhere you refer 
> to the variable in your manifests, so the choice of namespace is mostly a 
> personal preference in that context.  The only use I can think of where you 
> actually need a top-scope variable is if you want to interpolate it into 
> Hiera hierarchy definitions (which is indeed a perfectly reasonable thing 
> to do).
>
> Option 2 might look like this:
>
> modules/site/manifests/hostname_info.pp:
> 
> class site::hostname_info {
>   $hostname_parts = split($::hostname, '-')
>   $network = $hostname_parts[0]
>   $role = $hostname_parts[1]
>   $number = $hostname_parts[2]
> }
>
>
> manifests/site.pp (or any other manifest where you need the info):
> 
> # ...
> include 'site::hostname_info'
> $host_network = $site::hostname_info::network
> # ...
>
>
> John
>
>
Hello Felix and John,

First, thank you both for your responses and information.

In regards to John's post, you make a very interesting point and I didn't 
realize that I could achieve my objective without using a custom fact.  My 
goal is to extract all site-specific data to Heira in the near future so 
this custom-fact exercise does seem worth while but thank you for pointing 
out these alternate ways to achieve my goal.

Thanks again to both of you for the informative posts.

Cheers,

Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/57d9f032-3adc-4291-be24-f0baa11e9a8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] custom facter fact not available from client

2014-09-02 Thread Mike Reed 
Hello all,

I'm attempting to create a custom fact to identify the network to which a 
node belongs to. Below is the fact definition (I realize this fact isn't 
complete but wanted to test what I have so far):

require 'facter'
Facter.add('network_geo') do
  setcode do
hostname   = Facter.value(:hostname)
hostname_array = hostname.split('-')

# debug info
puts "My network is #{hostname_array}"
  end
end

I then added the fact into a module named sys_ident and more specifically, 
into a directory like so: /modules/sys_ident/lib/facter/network_geo.rb

For debugging purposes, I created a quick init.pp for the sys_ident module 
and added this:

class sys_ident {
  notify{"My network identity is: ${network_geo}" :}
  notify{"My hostname identity is: ${hostname}" :}
}

I then turned on pluginsync on both the puppetmaster and client within 
puppet.conf.

After an initial run on my puppet client, I'm getting the following:

seanconnery-02:/$ sudo puppet agent -tv
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/network_geo.rb
My network is ["seanconnery", "02"]
My network is ["seanconnery", "02"]
Info: Caching catalog for seanconnery-02.domain
Info: Applying configuration version '1409685071'
Notice: My network identity is:
Notice: /Stage[main]/Sys_ident/Notify[My network identity is: ]/message: 
defined 'message' as 'My network identity is: '
Notice: My hostname identity is: seanconnery-02
Notice: /Stage[main]/Sys_ident/Notify[My hostname identity is: 
seanconnery-02]/message: defined 'message' as 'My hostname identity is: 
seanconnery-02'
Notice: Finished catalog run in 0.04 seconds

As you can see from the output, I'm not receiving the expected output from 
my "network_geo" notify parameter (also not sure why I'm getting the "My 
network" twice.  If I run facter from the puppet client, I get nothing in 
return:

seanconnery-02:/$ facter -p network_geo

For good measure, running the same command with the "hostname" fact 
produces this:

seanconnery-02:/$ facter -p hostname
seanconnery-02
 
Based on the output from my client run, it does look like the fact is 
making it to the client but I can't seem to actually invoke it.  

I feel that things are generally in the right place and after considerable 
troubleshooting, the only thing I can think of is a potential 
order-of-operations problem.  

Does anybody have any suggestions as to why this may be occurring?

Thank you in advance for your time and support and my apologies for the 
extra-long post.

Cheers,

Mike






-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/024a85ed-fa17-4770-ba9c-2bcbff0c6b91%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] 30 days left before Puppet 2.7 end-of-life

2014-09-02 Thread Sam Kottler 
Greetings puppet-users,

Just wanted to send out a note to everyone to remind you all that Puppet
2.7 will reach end of life status on the 30th of September. This means
there will be no new releases on {yum,apt}.puppetlabs.com, via tarballs, or
on RubyGems.org. Although OS distributions will likely continue to support
2.7, it's highly recommended to upgrade to 3.x as soon as possible.

Let me know if you have any questions or concerns.

-s

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPO4y0RBhiRm0MEYwajVY45W8ZKODkJNA3wSD3a-2%3DuFTL6PcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] custom facter fact not available from client

2014-09-02 Thread Nan Liu 
On Tue, Sep 2, 2014 at 12:20 PM, Mike Reed  wrote:

> Hello all,
>
> I'm attempting to create a custom fact to identify the network to which a
> node belongs to. Below is the fact definition (I realize this fact isn't
> complete but wanted to test what I have so far):
>
> require 'facter'
> Facter.add('network_geo') do
>   setcode do
> hostname   = Facter.value(:hostname)
> hostname_array = hostname.split('-')
>
> # debug info
> puts "My network is #{hostname_array}"
>   end
> end
>
> I then added the fact into a module named sys_ident and more specifically,
> into a directory like so: /modules/sys_ident/lib/facter/network_geo.rb
>
> For debugging purposes, I created a quick init.pp for the sys_ident module
> and added this:
>
> class sys_ident {
>   notify{"My network identity is: ${network_geo}" :}
>   notify{"My hostname identity is: ${hostname}" :}
> }
>
> I then turned on pluginsync on both the puppetmaster and client within
> puppet.conf.
>
> After an initial run on my puppet client, I'm getting the following:
>
> seanconnery-02:/$ sudo puppet agent -tv
> Info: Retrieving pluginfacts
> Info: Retrieving plugin
> Info: Loading facts in /var/lib/puppet/lib/facter/network_geo.rb
> My network is ["seanconnery", "02"]
> My network is ["seanconnery", "02"]
> Info: Caching catalog for seanconnery-02.domain
> Info: Applying configuration version '1409685071'
> Notice: My network identity is:
> Notice: /Stage[main]/Sys_ident/Notify[My network identity is: ]/message:
> defined 'message' as 'My network identity is: '
> Notice: My hostname identity is: seanconnery-02
> Notice: /Stage[main]/Sys_ident/Notify[My hostname identity is:
> seanconnery-02]/message: defined 'message' as 'My hostname identity is:
> seanconnery-02'
> Notice: Finished catalog run in 0.04 seconds
>
> As you can see from the output, I'm not receiving the expected output from
> my "network_geo" notify parameter (also not sure why I'm getting the "My
> network" twice.  If I run facter from the puppet client, I get nothing in
> return:
>
> seanconnery-02:/$ facter -p network_geo
>
> For good measure, running the same command with the "hostname" fact
> produces this:
>
> seanconnery-02:/$ facter -p hostname
> seanconnery-02
>
> Based on the output from my client run, it does look like the fact is
> making it to the client but I can't seem to actually invoke it.
>
> I feel that things are generally in the right place and after considerable
> troubleshooting, the only thing I can think of is a potential
> order-of-operations problem.
>
> Does anybody have any suggestions as to why this may be occurring?
>

The puts command simply print a message and never returned a value for the
fact. You probably meant something along the lines of:

 Facter.add('network_geo') do
  setcode do
hostname_array =  Facter.value(:hostname).split('-')

# debug info
puts "My network is #{hostname_array}"
hostname_array.first
  end
end

If you are developing facts, it's much easier to just drop into IRB and get
everything working there rather than doing round trip debugging between
puppet and facter:

irb(main):001:0> require 'facter'
=> true
irb(main):002:0> Facter.value("hostname")
=> "demo-1"
irb(main):003:0> Facter.value("hostname").split('-')
=> ["demo", "1"]

irb(main):006:0>  Facter.add('network_geo') do
irb(main):007:1*   setcode do
irb(main):008:2* hostname_array =  Facter.value(:hostname).split('-')
irb(main):009:2>
irb(main):010:2* # debug info
irb(main):011:2* puts "My network is #{hostname_array}"
irb(main):012:2> hostname_array.first
irb(main):013:2>   end
irb(main):014:1> end
irb(main):015:0> Facter.value(:network_geo)
My network is ["demo", "1"]
=> "demo"

If you run your existing fact in irb, you'll see the output is nil instead:

Facter.value(:network_geo)
My network is ["demo", "1"]
=> nil

HTH,

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACqVBqDr59xOL69BfCezu_oTVWvmegYHcrD6f1Nbf77wom1JJw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How best to accomplish geographic location of clients?

2014-09-02 Thread randal cobb 
Hello all,

I have a small problem I'm trying to resolve, and I'm bowing to the masters 
for suggestions.   Our development organization uses VMware and desktop VMs 
to perform development efforts;  I've come up with mechanisms to populate 
these VMs using puppet to install all the tools they need, such as Eclipse, 
Maven, JDKs, etc. but I'm faced with an issue that I have put off until 
now:  using geographically located tools and servers.  In my environment, 
we have several geographically located "mirror" or "slave" servers for key 
infrastructure environments such as Nexus, Sonar, Subversion, etc.  So, 
while all of our "master" servers are located in data-centers in the US, we 
will have "slave" versions of them located in other countries, such as 
Brazil, India, Canada, etc.   So, on to my question:  Is there a way for 
Puppet to detect where a client is running, geographically?   For example, 
if a VM starts up in Hyderabad, India, I want to add host entries to the VM 
that point services like SVN, Nexus, Sonar, Jenkins, etc. to local slaves. 
 I already have manifests to set the host entries appropriately for a given 
location, so this is the easy part.  To add a wrinkle, my company has added 
rules so that ALL VMs that end-users can run on their desktops or laptops 
MUST use NAT ip addresses, so I can't easily use an IP subnet to calculate 
what the best hosts to use are.

So, might anyone have any suggestions or ideas of how I might try to 
accomplish this?

Thanks in advance!
Randy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/80707b3f-d635-4ea5-a9f5-8643ff5f7bc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] custom script execution and sending output back to master

2014-09-02 Thread Felix Frank 
On 09/02/2014 02:45 PM, kaustubh chaudhari wrote:
> Hey,
>
> Thanks for the reply. I tried what you suggested.
>
> Sorry i am not a programmer, trying to find my way through.
>
> I am looking for a best way to achieve this.
>
> run a script on nodes user.sh which will create a file user.out, all i
> am looking for getting this user.out file back to the puppet master.
>
> can you suggest any ideas thoughts on this ?
> (i am running user.sh through my manifest)

It should be as simple as this custom fact:

Facter.add('user_sh_output') do
  setcode do
File.read('/path/to/user.out')
  end
end

https://docs.puppetlabs.com/facter/2.1/custom_facts.html#loading-custom-facts

This documentation explains what is what and where to put the code.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54063110.8050503%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet server getting closed source?

2014-09-02 Thread Felix Frank 
On 09/02/2014 04:50 PM, Thomas Müller wrote:
> Hi 
>
> Just heard some rumors on the floor that future Puppet products will only 
> be available as closed source. 
>
> Is there some official statement from Puppetlabs?
>
>
> - Thomas
You're hanging out with those Chef crowds too much ;-)

I call complete and utter bollocks.

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5406321D.9000507%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hierarchy and Structured Facts

2014-09-02 Thread Felix Frank 
On 08/30/2014 12:26 PM, Poil wrote:
> Hi,
>
> I've go a fact "cfn_roles" that is an array
> Is it possible to use it in hierarchy ?
>
> For exemple :
>
> * my fact :
> cfn_roles:
>   - apache
>   - mysql
>
> And my hierarchy
> |:hierarchy:
>   - "%{::roles}"|
> hiera will try each entry of cfn_roles ?
>
> Best regards, 

We've had pull requests to that effect, but it was decided that
supporting array expansion in the hierarchy at that level was too
dangerous to just allow off hand.

So, no, you cannot do this.

Sorry, best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/540632A4.2050701%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How best to accomplish geographic location of clients?

2014-09-02 Thread Nan Liu 
On Tue, Sep 2, 2014 at 1:31 PM, randal cobb  wrote:

> Hello all,
>
> I have a small problem I'm trying to resolve, and I'm bowing to the
> masters for suggestions.   Our development organization uses VMware and
> desktop VMs to perform development efforts;  I've come up with mechanisms
> to populate these VMs using puppet to install all the tools they need, such
> as Eclipse, Maven, JDKs, etc. but I'm faced with an issue that I have put
> off until now:  using geographically located tools and servers.  In my
> environment, we have several geographically located "mirror" or "slave"
> servers for key infrastructure environments such as Nexus, Sonar,
> Subversion, etc.  So, while all of our "master" servers are located in
> data-centers in the US, we will have "slave" versions of them located in
> other countries, such as Brazil, India, Canada, etc.   So, on to my
> question:  Is there a way for Puppet to detect where a client is running,
> geographically?   For example, if a VM starts up in Hyderabad, India, I
> want to add host entries to the VM that point services like SVN, Nexus,
> Sonar, Jenkins, etc. to local slaves.  I already have manifests to set the
> host entries appropriately for a given location, so this is the easy part.
>  To add a wrinkle, my company has added rules so that ALL VMs that
> end-users can run on their desktops or laptops MUST use NAT ip addresses,
> so I can't easily use an IP subnet to calculate what the best hosts to use
> are.
>
> So, might anyone have any suggestions or ideas of how I might try to
> accomplish this?
>

anycast. Ok, in all seriousness, you can either write a custom fact using
geoip lookup if the WAN address is reliable. Or you need pass location info
to the VM via ovf properties and read it back as a custom fact
using vmtoolsd. See
http://blogs.vmware.com/vapp/2009/07/selfconfiguration-and-the-ovf-environment.html
for more info on the second option.

HTH,

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACqVBqCn4CaRY701b%3DjZTv7f1P4BOiWmZyvQ_7E8E%2B1Wms1ALw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet 'node data' when using common node_names?

2014-09-02 Thread jcbollinger 


On Tuesday, September 2, 2014 11:14:27 AM UTC-5, Nigel Kersten wrote:
>
>
>
>
> On Wed, Aug 27, 2014 at 8:10 AM, jcbollinger  > wrote:
>
>>
>>
>> On Tuesday, August 26, 2014 6:24:57 PM UTC-5, Nigel Kersten wrote:
>>
>
[...]
 

>
>> I am well aware of all the old hilarity surrounding determining the 
>> environment from which to serve various bits, but I was unaware that the 
>> resolution involved agents requesting their environment from the master.  
>> That implies that the master *still* relies on the agent to correctly 
>> specify (echo back) the environment from which to serve those bits, else 
>> why would the agent need to know?
>>
>> If that's really what's happening then it's a poor design (which I guess 
>> is why I supposed it *wasn't* what was happening).  If the master is 
>> authoritative for a piece of information -- as it is for nodes' 
>> environments -- then it should not rely on relaying that information back 
>> to itself through an external actor -- that undermines its 
>> authoritativeness for the information.  Moreover, to the extent that the 
>> master does have such a reliance, it leaves Puppet open to malicious 
>> manipulation of the requested environment.
>>
>> So, um, are you sure?
>>
>
> Yes.  The bit of info we haven't mentioned is that if the client and 
> server environments don't match, and the server is set to be authoritative, 
> then it triggers the client to do a new pluginsync and run with the server 
> environment. 
>
> Tracking back to older tickets, there's a succinct description here from 
> Daniel Pittman:
>
> http://projects.puppetlabs.com/issues/16753
>
> (which has related tickets for the rest of the change)
>
> "The reason this was removed was to support the changes that made the ENC 
> authoritative over the agent environment. As part of that we had a 
> bootstrapping problem: the agent had an idea of the environment to request, 
> used that in pluginsync, and then as part of the request for the catalog.
>
> If that idea was wrong, the catalog would be returned from the correct, 
> ENC specified environment, but it would have been generated with the wrong 
> set of plugins – including custom facts. So, the agent would detect that, 
> pluginsync to the new environment in the catalog, and compile a new catalog.
>
> That fixed the problem, but was inefficient – every agent run with an 
> incorrect environment would mean two catalog compilations, and doubling 
> master load in a common situation (ENC says !production, agent run from 
> cron) was pretty unacceptable.
>
> So, instead, the agent was changed to query the master for node data about 
> itself – and to use the environment that came back from that."
>
>

What I'm hearing is that the master, when it is set authoritative, does 
rely on the agent's self-specified environment for plugin sync, but for 
catalog requests it uses that data only to verify that the agent knows the 
correct environment to request.  That's better, but it still means that 
plugins cannot be secured against access from other environments.

I suppose the issue there is that the determination of a node's environment 
may depend on its facts, which may depend on its environment  I guess 
it was judged better to open the possibility of infinite looping than to 
foreclose the possibility of choosing an environment based on custom fact 
values.

And I also suppose that the agent requests its last-assigned environment 
prior to plugin-sync, to avoid syncing twice every time when the ENC 
overrides the agent's self-specified environment.

I still don't like it.  If the master desires that the agent first sync 
plugins from its last-assigned environment, then why does it make the agent 
jump through hoops and create extra network traffic to do that?  It should 
look like this instead:

Agent: Please give me the plugins *for your best guess as to my correct 
environment* [which I think should be 'bar']

Master: Here you are.  These are the plugins for environment 'foo'.

Agent: Here are my facts for environment 'foo' [even though I think my 
environment should be 'bar'].  Please give me my catalog.

(option 1) Master: Here you are.
(option 2) Master: Oops, you're right, your environment should be 'bar'.  
Please sync again.  [...]
(option 3) Master: Oops, your environment should be 'plugh'.  Please sync 
again. [...]

Agent: Thank you.  Now please give me the content of File['/etc/example'] 
in environment 'foo'|'bar'|'plugh'

(option 1) Master: Here you are.
(option 2) Master: You're daft.  I already told you your environment was 
.  Go away.


Not only does that eliminate one network request, but it also allows 
plugins to be better secured.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google

[Puppet Users] Theory deployment of puppet master

2014-09-02 Thread Frans Thamura 
Hi all

I am seeking a diagram for deployment mechanism of puppet
manifest/module in puppet master

can anyone give illustration

and how the manifest and their modules work with puppet agent

thx

F

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOeeQyrER4M_zJNJB2cNBnBmzwmM7iDNRphYV_p_zEevdc-B9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Good PupptMaster/Passenger Guide w OSX 10 .9

2014-09-02 Thread keith . staley 

::Thumbs up

K





On Tuesday, September 2, 2014 9:05:01 AM UTC-4, thbe wrote:
>
> Install C6, install EPEL and SCL repository, install Foreman repository 
> and foreman-installer. Execute foreman-installer and the system is ready to 
> run (http://theforeman.org/manuals/1.5/quickstart_guide.html).
>
> Regards Thomas
>
>
> 2014-09-01 21:50 GMT+02:00 >:
>
>>
>>
>> On Tuesday, August 26, 2014 7:23:45 PM UTC-4, keith@gmail.com wrote:
>>
>>> HI guys;
>>>
>>>  after speaking with puppet labs and gettting the pricing for my site, I 
>>> thought it maybe cheaper ot go open spurce. so I am asking for a good guide 
>>> you guys have used the following:
>>>
>>> http://nullr0ute.com/2014/01/puppetmaster-on-apache-with-
>>> passenger-in-5-mins/
>>> http://www.6tech.org/2013/01/how-to-install-puppet-open-
>>> source-on-centos-6-3/
>>> http://darktraining.com/linux/105/
>>> http://www.unixmen.com/install-puppet-server-centos-6-56-4/
>>>
>>> all have given my the dreaded  ruby error. I hav eupdated the agent 
>>> nodes to the latest version of puppet/factor/hiera, but still get the 
>>> error, I have installed via RVM ruby 2.0, 2.1.2, and have seen passenger 
>>> not running ( passenger-status) and still get the ruby message from the 
>>> clients.
>>>
>>>
>>> so I am asking for  a little help and any links you guys can recommend
>>>
>>> site info:
>>> 800 OSX machines 300 Windows
>>>
>>> woud like puppetmaster to be CentOS with passenger and dashboard or 
>>> forman
>>>
>>> Thanks in advance
>>>
>>> Keith
>>>
>>
>>
>>
>>
>>
>>
>> Still never go this working. I just switched over to Foreman on Fedora 19 
>> and everything works with minimal tweeks 
>>
>> Keith 
>>  
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/faf566a4-854d-4d40-9f94-d286d8273f54%40googlegroups.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Linux ... enjoy the ride!
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/edec58b5-c2db-44fd-9910-05e5769b4e2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] custom facter fact not available from client

2014-09-02 Thread Mike Reed 
Hey Nan,

Thank you for pointing out the issue around "puts" and why the fact was 
never actually obtaining a value.  That makes sense and definitely fixes my 
problem.

Also, the irb is awesome and has significantly cut down my debugging time.  

Thank you for the quick response and for your help.  Much appreciated.

Cheers,

Mike

On Tuesday, September 2, 2014 1:04:17 PM UTC-7, Nan Liu wrote:
>
> On Tue, Sep 2, 2014 at 12:20 PM, Mike Reed  > wrote:
>
>> Hello all,
>>
>> I'm attempting to create a custom fact to identify the network to which a 
>> node belongs to. Below is the fact definition (I realize this fact isn't 
>> complete but wanted to test what I have so far):
>>
>> require 'facter'
>> Facter.add('network_geo') do
>>   setcode do
>> hostname   = Facter.value(:hostname)
>> hostname_array = hostname.split('-')
>>
>> # debug info
>> puts "My network is #{hostname_array}"
>>   end
>> end
>>
>> I then added the fact into a module named sys_ident and more 
>> specifically, into a directory like so: 
>> /modules/sys_ident/lib/facter/network_geo.rb
>>
>> For debugging purposes, I created a quick init.pp for the sys_ident 
>> module and added this:
>>
>> class sys_ident {
>>   notify{"My network identity is: ${network_geo}" :}
>>   notify{"My hostname identity is: ${hostname}" :}
>> }
>>
>> I then turned on pluginsync on both the puppetmaster and client within 
>> puppet.conf.
>>
>> After an initial run on my puppet client, I'm getting the following:
>>
>> seanconnery-02:/$ sudo puppet agent -tv
>> Info: Retrieving pluginfacts
>> Info: Retrieving plugin
>> Info: Loading facts in /var/lib/puppet/lib/facter/network_geo.rb
>> My network is ["seanconnery", "02"]
>> My network is ["seanconnery", "02"]
>> Info: Caching catalog for seanconnery-02.domain
>> Info: Applying configuration version '1409685071'
>> Notice: My network identity is:
>> Notice: /Stage[main]/Sys_ident/Notify[My network identity is: ]/message: 
>> defined 'message' as 'My network identity is: '
>> Notice: My hostname identity is: seanconnery-02
>> Notice: /Stage[main]/Sys_ident/Notify[My hostname identity is: 
>> seanconnery-02]/message: defined 'message' as 'My hostname identity is: 
>> seanconnery-02'
>> Notice: Finished catalog run in 0.04 seconds
>>
>> As you can see from the output, I'm not receiving the expected output 
>> from my "network_geo" notify parameter (also not sure why I'm getting the 
>> "My network" twice.  If I run facter from the puppet client, I get nothing 
>> in return:
>>
>> seanconnery-02:/$ facter -p network_geo
>>
>> For good measure, running the same command with the "hostname" fact 
>> produces this:
>>
>> seanconnery-02:/$ facter -p hostname
>> seanconnery-02
>>  
>> Based on the output from my client run, it does look like the fact is 
>> making it to the client but I can't seem to actually invoke it.  
>>
>> I feel that things are generally in the right place and after 
>> considerable troubleshooting, the only thing I can think of is a potential 
>> order-of-operations problem.  
>>
>> Does anybody have any suggestions as to why this may be occurring?
>>
>
> The puts command simply print a message and never returned a value for the 
> fact. You probably meant something along the lines of:
>
>  Facter.add('network_geo') do
>   setcode do
> hostname_array =  Facter.value(:hostname).split('-')
>
> # debug info
> puts "My network is #{hostname_array}"
> hostname_array.first
>   end
> end
>
> If you are developing facts, it's much easier to just drop into IRB and 
> get everything working there rather than doing round trip debugging between 
> puppet and facter:
>
> irb(main):001:0> require 'facter'
> => true
> irb(main):002:0> Facter.value("hostname")
> => "demo-1"
> irb(main):003:0> Facter.value("hostname").split('-')
> => ["demo", "1"]
>
> irb(main):006:0>  Facter.add('network_geo') do
> irb(main):007:1*   setcode do
> irb(main):008:2* hostname_array =  Facter.value(:hostname).split('-')
> irb(main):009:2>
> irb(main):010:2* # debug info
> irb(main):011:2* puts "My network is #{hostname_array}"
> irb(main):012:2> hostname_array.first
> irb(main):013:2>   end
> irb(main):014:1> end
> irb(main):015:0> Facter.value(:network_geo)
> My network is ["demo", "1"]
> => "demo"
>
> If you run your existing fact in irb, you'll see the output is nil instead:
>
> Facter.value(:network_geo)
> My network is ["demo", "1"]
> => nil
>
> HTH,
>
> Nan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/35c55615-1dfd-4898-99cd-047a165abeed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Why does my Puppet Master randomly revoke my Agent's certificate?

2014-09-02 Thread Jason Oakley 
Thanks. I'll look at that, but the only thing running on my Master server 
is Puppet Master. My Agent server only has Minecraft, PHP, MySQL, 
WordPress.. nothing using certificates at all.

On Wednesday, 3 September 2014 00:55:20 UTC+10, jcbollinger wrote:
>
>
>
> On Monday, September 1, 2014 5:57:58 PM UTC-5, Jason Oakley wrote:
>>
>> My servers were working fine, when I got this error:
>> Inventory
>> Could not retrieve facts from inventory service: SSL_connect returned=1 
>> errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate 
>> revoked
>>
>> Now, everything was working fine. Due to this error, I re-created the 
>> certificate and all was well. Then, I logged onto the Master a day or two 
>> later and the certificate is yet again revoked.
>> How do I stop this?
>>
>>
>
> Puppet does not perform automatic certificate revokations.  I have 
> personally crawled the code to check.  IIRC, the last time we had a 
> question like this one, the user eventually discovered a separate automated 
> process in his environment that was revoking certain certificates.  If you 
> have any kind of automated process around issuing certs, then that's the 
> first place I would look.
>
> You could also consider making your ssl/ directory and everything in it 
> read-only (immutable, if necessary), to try to identify the rogue behavior 
> by forcing it to error out.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0f75ac27-b64b-445c-8e07-d43499d5f8f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.