[Puppet Users] Re: Using puppet for the configuration of a custom appliance

2015-04-08 Thread lupindeterd 


On Wednesday, April 8, 2015 at 6:05:56 AM UTC+12, varun umesh wrote:
>
> Hello Lupin-
>
> Thank you for the update! Could you point me for any article, so that i 
> can take a look at how exactly it could be done.
>
> Thanks!
>
> -varun
>

Hi,

I can't find any link but I won't be just treat it as normal puppet 
resource if you can create  a type/provider for it would be better else you 
just sort to 'exec' resource.

E.g if you go for exec route

exec { 'call_to_api':
   command => 'curl -X -H url'
   x...x
}

Hth,
Lupin 

>
> On Monday, 6 April 2015 20:38:29 UTC-7, lupin...@gmail.com wrote:
>>
>>
>>
>> On Tuesday, April 7, 2015 at 8:09:41 AM UTC+12, varun umesh wrote:
>>>
>>> I am planning to use puppet for the configuration of a custom network 
>>> appliance. My main problem is i am unable to install puppet on the 
>>> appliance, as it is not supported. I have access to the rest api's exposed 
>>> by the appliance. So can i use puppet to make the rest api calls and try to 
>>> do the configurations as and when a parameter changes? Could anybody 
>>> suggest me a good way to handle this problem?
>>>
>>> Thanks!
>>>
>>
>> Hello,
>>
>> You can use a slave node ( which you can install Puppet and attached the 
>> module ), your module will do the call to ReST API of your appliance.
>>
>> Cheers
>> Lupin
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/db44-883d-4c4c-af2b-cc185b3df3b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Using puppet for the configuration of a custom appliance

2015-04-08 Thread Thomas Müller 


Am Montag, 6. April 2015 22:09:41 UTC+2 schrieb varun umesh:
>
> I am planning to use puppet for the configuration of a custom network 
> appliance. My main problem is i am unable to install puppet on the 
> appliance, as it is not supported. I have access to the rest api's exposed 
> by the appliance. So can i use puppet to make the rest api calls and try to 
> do the configurations as and when a parameter changes? Could anybody 
> suggest me a good way to handle this problem?
>
>
> IMHO sounds like a device: 

https://puppetlabs.com/blog/puppet-network-device-management
https://github.com/puppetlabs/puppetlabs-f5

try searching the web for "puppet device" 

- Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3dc915cb-e46a-4914-8338-73362b08a308%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter: unordered hashes lead to changes

2015-04-08 Thread jcbollinger 


On Tuesday, April 7, 2015 at 2:53:38 PM UTC-5, Guy Matz wrote:
>
> Ahhh!!   The version of facter on my new servers is 2.4 . .   old servers 
> have 1.7 . . .anyone know how to get facter 2.x to stringify facts?  
> I've tried adding 'stringify_facts = true' to my puppet.conf, but that did 
> not change behaviour . . 
>


You have misunderstood.  The stringify_facts parameter (of Puppet) 
*defaults* to true, so if you were not configuring it explicitly then it 
was already true.  Christopher was suggesting that you set it to *false*.  
This is an eminently reasonable thing to do even if you were not otherwise 
having any trouble, because this configuration parameter will be removed in 
Puppet 4 (the new behavior being to never stringify facts).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/37c61433-cea1-49b1-92d4-e4a45709dcb1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: collector in class with same name as tag causes all virtual resources of the type to be realized

2015-04-08 Thread jcbollinger 


On Tuesday, April 7, 2015 at 2:54:20 PM UTC-5, Neil - Puppet List wrote:
>
> Here is a similar example using notify
>
> == site.pp ==
> node default {
>   include noticegroups::matches
> }
> == modules/noticegroups/manifests/matches.pp ==
> class noticegroups::matches {
>   include notices
>   Notices::Anotice <| tag == matches |>
> }
> == modules/notices/manifests/anotice.pp ==
> define notices::anotice {
>   notify { $title: }
> }
> == modules/notices/manifests/data.pp ==
> class notices::data {
>   @notices::anotice { 'meant to be made': tag=>['matches'], }
>   @notices::anotice { 'NOT meant to be made': tag=>['doesnotmatch'], }
> }
> == modules/notices/manifests/init.pp ==
> class notices {
>   include notices::data
> }
>
> with that I get the behaviour I expect in puppet 3.6 and broken in 3.7
>
> if I change class noticegroups::matches to noticegroups::iwantmatches then 
> only the resource I want gets realized
>
> this just seems like 3.7 broke something to me
>


I agree.  You should file a ticket.

Puppet automatically tags resources that are declared by a given class with 
each segment of that class's name.  Possibly it does similarly to resources 
collected by classes (which would make sense), and I can imagine that a 
regression might have crept in in that area.  For instance, it may be that 
P3.7 erroneously tags collected resources *before* filtering by tag (and 
perhaps before filtering at all, which would be significantly worse).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d4db03ca-4b52-46c6-a3e6-4574c706755b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Sort by IP in ERB (related to puppetlabs-haproxy and MODULES-1919)

2015-04-08 Thread jcbollinger 


On Tuesday, April 7, 2015 at 11:09:59 AM UTC-5, Tom Limoncelli wrote:
 

>  If you look at the TravisCI output, you'll see 
> slightly different results for Ruby 1.8.7.  It looks like something 
> changed in Ruby 1.9. 
>
> https://travis-ci.org/puppetlabs/puppetlabs-haproxy/builds/57502529 
>
> I don't have a lot of deep Ruby knowledge. Can anyone suggest either a 
> way to fix the code or the test? 
>
>

Are you saying that all the tests pass on Ruby 1.9, but some fail on Ruby 
1.8.7?

I'm not sufficiently familiar with the module to quite understand the 
details of the test failures, but it looks like the sort order you are 
trying to apply does not very effectively cover the space of keys it may be 
used to sort.  In particular, what order is supposed to be used when the 
bind_address does not start with a dotted-quad IP address?  *Some* order 
will fall out from your code, but there's plenty of room for 
implementation-defined behavior there.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/379fdd13-b774-4909-8b57-2dc54634a1d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dependency problem for Puppet yum package

2015-04-08 Thread staceytian4321 
Hi John and Alex,

Thank you for the detail reply. I appreciate it very much!

I will do more test and let you know how it is going.

Thanks,
Stacey

On Monday, April 6, 2015 at 1:05:09 PM UTC-4, staceyt...@gmail.com wrote:
>
> Hi all,
>
> I am trying to use puppet to downgrade my gdm package from 64 to 39, but 
> got package dependency problem:
>
> Here is my class:
>
> class gdmver39 {
>   yumrepo { 'custom':
> baseurl => 'file:/home/admin/REPO/WS6.4',
> enabled => 1,
>   }
>
>   package { "gdm-libs": ensure => '2.30.4-39.el6', require => 
> Yumrepo["custom"] }   
>   package { "gdm-plugin-fingerprint": ensure => '2.30.4-39.el6', require 
> => Yumrepo["custom"] }
>   package { "gdm": ensure => '2.30.4-39.el6', require => Yumrepo["custom"] 
> } 
> }
>
> I think myabe i should add the parameter below to my 'gdm' line'?
>
>   require Package['gdm-libs', 'gdm-plugin-fingerprint'] 
>
> How to tell puppet to handle the dependency automatically?
>
> Thanks,
> Stacey
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cc991241-4fa9-41ed-8630-984de885266a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Best approach to creating wrapper classes

2015-04-08 Thread jcbollinger 


On Tuesday, April 7, 2015 at 3:30:30 PM UTC-5, Scott Jaffa wrote: 


> On Friday, April 3, 2015 at 9:15:00 AM UTC-4, jcbollinger wrote:
>>
>>
>>
>> On Thursday, April 2, 2015 at 4:02:30 PM UTC-5, Scott Jaffa wrote:
>>>
>>> Hi,
>>>
>>> I'm working in an environment where certain parameters need to be 
>>> enforced per security requirements..  
>>>
>>> The ways we've identified to do this are:
>>>
>>> 1)  Put the specific settings in the profile:
>>> Advantages:  Utilize stock roles and profiles pattern, plenty of 
>>> documentation and guides online.
>>> Disadvantage:  The settings are part of the profile and thus two groups 
>>> need to share ownership of the same module.  Reduces flexibility or speed 
>>> due to additional enforcement needed by shared ownership.
>>>
>>> 2)  Modify the modules themselves.
>>> Advantages:  Configuration is part of the module.
>>> Disadvantages:  We are now maintaining all custom modules.  
>>>
>>> 3)  Extend roles and profiles to add an additional layer between 
>>> existing profiles and the modules.
>>> The workflow would be:
>>> Role (business layer) > Profile (technology layer) > Security (security 
>>> layer) > Module.  
>>> Advantages:  Engineering configuration and security configuration are 
>>> seperated, with security configuration enforced.
>>> Disadvantages:  Need a way to present most options up to the profiles 
>>> layer for parameterization, while enforcing a few options.
>>>
>>>
>>> We'd prefer to go with option 3.  Does this make sense?
>>>
>>
>>
>> I'm having trouble understanding how you propose to factor out security 
>> considerations from the technology to which they apply.  Is this just about 
>> ownership of data, or do there need to be *bona fide* security-specific 
>> resources?  If the former, then what do you need that you cannot achieve 
>> via a security-specific level in your Hiera hierarchy?  If the latter, then 
>> how would making the security classes responsible for declaring 
>> component-level classes (per option 3) achieve the separation of concerns 
>> you claim as an advantage?
>>
>>  
>>
>>>
>>> If so, some tips on how to go about this would be appreciated.  Does it 
>>> make sense for the security module to inherit the base module in this case? 
>>>  It would look something like this (but actually work :) )
>>> class sec_profile::ssh inherits ::ssh {  
>>> $server_options = { 'Protocol' => '2', 'Ciphers' => 
>>> 'aes128-ctr,aes192-ctr,aes256-ctr', 'PermitRootLogin' => 'no', 
>>> 'ClientAliveInterval' => '900', 'PermitEmptyPasswords' => 'no', 
>>> 'PasswordAuthentication' => 'no', 'Port' => [22], } }
>>>
>>>
>>
>> If you are contemplating class inheritance for the purpose of greater 
>> freedom in applying resource property overrides, then maybe they would be 
>> useful to you.  If you have an idea that they would do anything else for 
>> you, then put it out of your mind -- class inheritance doesn't work that 
>> way (whatever way that happens to be).  Note, however, that often you can 
>> perform resource overrides without class inheritance, that often it is 
>> better to modify the external data from which modules draw property values 
>> than to override property values after the fact, and that class inheritance 
>> creates a very tight coupling that is probably better avoided if it crosses 
>> module boundaries.
>>
>> Yes, the goal is strictly to provide flexibility in parameters.  I think 
> this is a case where inheritance can make sense, but, particularly as an 
> end goal is the public release of these modules, I'd like to make sure they 
> are designed correctly, or at least today's definition of correctly.
>
>>  
>>
>>> If not, can you suggest a good approach to present the base module 
>>> options to the profile?  We'd like to to allow parameterization / hiera 
>>> lookups at the profile layer, preferrably without having to reimplement 
>>> each option in the security layer.
>>>
>>>
>>
>> It would help if you presented a representative example of what you're 
>> trying to configure, and explained the challenge you face with respect to 
>> that.  What you've presented so far is too abstract for me to offer any 
>> specific advice.
>>
>>
>> John
>>
>> Certainly!
>
> The goal here is to build security hardening into the Puppet configuration 
> stack while still allowing flexibility for environment configuration, as, 
> for example, it is reasonable to turn off one or more hardening settings. 
>  Ideally, any module released would allow one to select their hardening 
> standard, whether CIS, STIG, or other.
>
> Conceptually this would extend the roles and profiles pattern.  In 
> particular, profiles exist to define technology stacks.  This likely will 
> result in multiple profiles calling the same module.   The idea is to 
> inject another layer above the modules, which have a 1:1 correlation with 
> the modules.
>


This is where your separation of concerns falls down.  Any change to the 
underlying profile requires at le

Re: [Puppet Users] facter: unordered hashes lead to changes

2015-04-08 Thread Guy Matz 
I *did* misunderstand!  Thanks for pointing that out!  Much better now!

On Wed, Apr 8, 2015 at 8:57 AM, jcbollinger 
wrote:

>
>
> On Tuesday, April 7, 2015 at 2:53:38 PM UTC-5, Guy Matz wrote:
>>
>> Ahhh!!   The version of facter on my new servers is 2.4 . .   old servers
>> have 1.7 . . .anyone know how to get facter 2.x to stringify facts?
>> I've tried adding 'stringify_facts = true' to my puppet.conf, but that did
>> not change behaviour . .
>>
>
>
> You have misunderstood.  The stringify_facts parameter (of Puppet)
> *defaults* to true, so if you were not configuring it explicitly then it
> was already true.  Christopher was suggesting that you set it to *false*.
> This is an eminently reasonable thing to do even if you were not otherwise
> having any trouble, because this configuration parameter will be removed in
> Puppet 4 (the new behavior being to never stringify facts).
>
>
> John
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/37c61433-cea1-49b1-92d4-e4a45709dcb1%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABnTgtW3T%3DD264rvOwnkqe3ezmok_7u9buM6gr6mm__NqwLk6A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] team need some guidelinees ,like how to do software install and uninstal on windows using Active directory OU on windows

2015-04-08 Thread Rob Reynolds 
On Wed, Mar 25, 2015 at 7:37 AM, shyam sundar Keshari 
wrote:

> Hi Team ,
>
> I am using puppet with latest verion 3.7 .
>
> Some new requirement come up like do software  installation and
> un-installation on Windows operating system and hostname for this machine I
> need to
>
> get from Active directory OU list and then apply puppet policy accordingly
> .
>
> So if any1 has done such project then kindly share with your knowledge .
>

I am not sure this question is specific enough to be of any assistance.
Perhaps you might read over the more Windows specific documentation[1], try
out some things and let us know where your specific gaps are with examples
of what you have tried? Thanks!


[1] http://docs.puppetlabs.com/windows/



>
>
> Thanks in Advance
>
> Shyam Keshri
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/ae327142-3dbe-4bde-816d-aebfbadeb407%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4ZTKTGvTvw9pxjDDffu4HK3gLchShTvq1hUcD%3Dgyag3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Unreported Windows nodes (Puppet 3.7.3, Exchange 2010)

2015-04-08 Thread Rob Reynolds 
On Wed, Feb 11, 2015 at 11:31 PM, cko  wrote:

> I just updated to 3.7.4
>
> This is the output when I manually run Puppet:
> http://i.imgur.com/pdrklFm.png (Still, only happening on exchange 2010
> nodes)
>
> The Agent basically stops working after loading all facts, without
> removing the .lock file.
>
> Let me know if you need more information on this.
>

Apologies on not getting back sooner. This definitely seems like something
is wrong. However it would be hard to understand specifically what it is on
your system that is causing the weird behavior without some low level
debugging.

There are a few possibilities into why the pidlock file is not removed,
including possibly something else taking a lock on the file and Puppet is
not able to delete it on exit. There are tools out there that can help you
see what, if anything has a lock on a specific file/directory (I use
LockHunter). Timing it right though may be necessary, so a combination of
that and procmon.

Other debugging tools I would recommend:

   - Wireshark
   - SysInternals' Process Explorer (aka procexp)
   - SysInternal's Process Monitor (aka procmon)


One suggestion I would have before going to the low level debugging would
be to completely remove Puppet from that machine (including manually
removing the c:\programdata\puppetlabs directory), Reboot, and then try
installing it again fresh. Note that you will need to remove the cert from
the master as it will try to request a new cert.[1][2] I would back up the
programdata\puppetlabs directory prior to removing it.

[1] https://hurricanelabs.com/blog/managing-puppet-certificates/
[2] http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/


>
>
> On Thursday, February 5, 2015 at 11:27:43 PM UTC+1, Rob Reynolds wrote:
>>
>> On Tue, Feb 3, 2015 at 8:25 AM, cko  wrote:
>>
>>> Icacls: http://i.imgur.com/s1xQy65.png
>>>
>>
>> Can you run one against the last_run_report.yaml and the lock file (if
>> still present)?
>>
>> I'm seeing a similar set of permissions for var/state but want to verify
>> the permissions on the files (as they can be different).
>>
>>
>>> I will upgrade to Puppet 3.7.3 this week an see if that fixed the issue.
>>>
>>>
>>> On Monday, February 2, 2015 at 9:49:01 PM UTC+1, Rob Reynolds wrote:



 On Mon, Feb 2, 2015 at 5:05 AM, cko  wrote:

> I just noticed that the affected agents do not update the files
> located in "C:\ProgramData\PuppetLabs\puppet\var\state".
>
> Also interesting: The "agent_catalog_run.lock" file is not properly
> removed after a puppet run.
>
> See the timestamps on the files ( http://i.imgur.com/qE87OB5.png )
>


 Can you give me an icacls on that folder? icacls
 C:\ProgramData\PuppetLabs\puppet\var\state. Also I wonder if you have
 a connection issue in sending the report to the master? From the gist I
 didn't see an issue jump out at me though.

 Also, 3.7.4 just came out. I don't know for sure if it will resolve the
 issues or not.


>
>
>
> On Monday, December 15, 2014 at 5:24:55 PM UTC+1, Rob Reynolds wrote:
>>
>>
>>
>> On Sun, Dec 14, 2014 at 9:17 AM, cko  wrote:
>>>
>>> The Puppet Service is actually running.
>>>
>>> The eventlog shows records about successfully finished catalog runs.
>>> All files in the C:\ProgramData\PuppetLabs\puppet\var\state
>>> directory indicate that the puppet run finishes without problems.
>>>
>>> I suspect there is a problem with the submission of the report to
>>> the puppet master unless the puppet run is triggered manually.
>>>
>>
>> What user does the puppet agent service run under?
>>
>>
>>
>>>
>>> That might be the reason they are marked "out of sync" in any
>>> dashboard application (puppetdb, puppetexplorer, foreman).
>>>
>>>
>>>
>>>
>>> On Sunday, December 14, 2014 4:48:59 AM UTC+1, Rob Reynolds wrote:



 On Tue, Dec 9, 2014 at 7:28 AM, cko  wrote:
>
> Hi,
>
> I'm currently having an issue with the Windows Server 2008R2 nodes
> in our Exchange 2010 environment.
>
> Since I upgraded the four nodes to Puppet 3.7.3 , they do not
> check in to the Puppetmaster via the Windows Service every 30 minutes 
> like
> all the other nodes do.
>
> Here is a gist of the output from "puppet agent -t --debug" that
> might help https://gist.github.com/anonymous/e972393ea742631ccaef
>
> Is there a problem in my environment or are there any known issues
> regarding this behavior?
>

 We are not aware of a known issue for this behavior. If you could
 check the eventlog and determine what issues it may be reporting?

>  --
> You received this message because you are subscribed to the Google
> Gro

Re: [Puppet Users] Re: No connection could be made because the target machine actively refused it - Ubuntu VM on Win 8

2015-04-08 Thread Rob Reynolds 
On Mon, Dec 29, 2014 at 11:08 AM, kaustubh chaudhari 
wrote:

> Is there a firewall wall in between ? make sure from client you are able
> to run # telnet puppetmaster.example.com 8140 (replace the fqdn with your
> puppet master name).
>

Another thing to be sure of is that the hostname of the fqdn of the
puppetmaster is reachable, sometimes this requires adding its name and IP
address to the hosts file.


>
> HTH
> -Kaustubh
>
>
> On Sunday, December 28, 2014 3:36:42 PM UTC-5, havay...@gmail.com wrote:
>>
>> Hi everyone,
>>
>> I'm a newbie with puppet and i'm currently trying to run a puppet master
>> server on an ubuntu virtual box and the puppet agent on windows 8 ( which
>> is the host computer ).
>>
>> Using the cmd tool on windows i've executed the following to see if the
>> agent manages to connect with the master: *puppet agent --test --debug*
>> which eventually ended up with this error message:
>>
>>
>> *No connection could be made because the target machine actively refused
>> it*
>>
>> I've print-screened all the relevant conf files and the error i'm
>> getting. In my understanding since i'm running a VM I should forward
>> somehow the
>> requests to the master running there, for some reason this keeps failing
>> and I have no clue why.
>> Any ideas why? Both agent and master are up and running
>>
>> Any help is appreciated,
>>
>> Thanks in advance for your time,
>>
>> Havaya G
>>
>> P.S
>>
>> hosts file on Win 8 hasn't been changed or modified, its the default one,
>> I haven't added any entries there whatsoever.
>>
>>
>>
>>
>>
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/3314ceae-d5e4-4f9b-b60b-7dc2eca5f04f%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK6R3%3DKBHMTM51j3hBcqGZ9TRX9UhBM09r5GDB53mJbciw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] run code in a new puppet agent window (windows server)

2015-04-08 Thread Rob Reynolds 
On Wed, Feb 18, 2015 at 10:27 AM, Helen Paterson 
wrote:

> Hi,
>
> I set windows environment variables using puppet, but you must close the
> puppet agent window and open a new one to be able to use these variables.
>
> Can i do this programaticaly ?
>

Add the same value to the path[1][2] of the exec command (if that is what
you are using). Note when specifying paths for Windows, use semi-colon
(";") as a separator instead of colon.

Environment updates not immediately updating shells is part of how Windows
works, although it could probably could be resolved in a bit more elegant
way than it is likely being resolved now.

[1]
http://docs.puppetlabs.com/references/latest/type.html#exec-attribute-path
[2]
http://docs.puppetlabs.com/puppet/latest/reference/resources_exec_windows.html


> (i need git use git via puppet but you must set windows env git paths
> first )
>
 --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/4e95895d-2eb2-4a9e-bda2-b931d4f7c868%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK53VUaFDctgVuAOx7wbbb-RudDhTA7ZhxrNuVwUjhMhyA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Make 3rd party REST API calls using puppet

2015-04-08 Thread varun umesh 
Hello,

Does puppet have the capability to make third party REST API calls? For 
example, just the way we do a REST API call using Java.


Thanks!

-varun

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f83dec24-0050-4fa8-a846-6b20965c9de0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] My puppet code is not idempotent (Windows package provider)

2015-04-08 Thread Rob Reynolds 
On Thu, Feb 19, 2015 at 4:32 AM, cko  wrote:

> I installed the package manually and used "puppet resource package" to
> determine the exact package name.
>
> But I just found out that Puppet *doesn't install the package* at all
> *unless* I run puppet manually via "puppet agent -t". The report says
> otherwise.
>
> The Puppet service on the nodes runs as the "Local System Account"
> (Default)
>
>
> I do not want to run "puppet agent -t" manuall on every machine for this
> to work :|
>

I wonder if this is due to some requirement of the USB installer to install
interactively. When you are running puppet agent -t, you are doing it from
an interactive session. When the service runs puppet agent, it is not
interactive.

You can allow the service to interact with the desktop, but I'm not sure if
this would cause other issues. If you want to give it a shot though, it may
resolve the issue of installers that require interactive sessions.  Be sure
you restart the service once you make this change. I would recommend
testing this change against something non-production to be sure there are
no other consequences of this adjustment.
[image: Inline image 1]



>
> On Thursday, February 19, 2015 at 11:15:34 AM UTC+1, Dirk Heinrichs wrote:
>>
>>  Am 19.02.2015 um 10:29 schrieb cko:
>>
>>  But on every puppet run, the "package" resource gets applied. Example
>> tagmail output:
>>
>>
>>
>> *Thu Feb 19 09:48:28 +0100 2015 /Stage[main]/[ .. module
>> ]/Package[signotec WinUSB]/ensure (notice): created Thu Feb 19 10:16:59
>> +0100 2015 /Stage[main]/[ .. module ]/Package[signotec WinUSB]/ensure
>> (notice): created *
>> *.*
>>
>>  Any ideas?
>>
>>
>> Is  'signotec WinUSB' exactly the name of the package as reported by
>> Windows in Control Panel\All Control Panel Items\Programs and Features?
>> dito for the version?
>>
>> HTH...
>>
>> Dirk
>> --
>>
>> *Dirk Heinrichs*, Senior Systems Engineer, Engineering Solutions
>> *Recommind GmbH*, Von-Liebig-Straße 1, 53359 Rheinbach
>> *Tel*: +49 2226 159 (Ansage) 1149
>> *Email*: d...@recommind.com
>> *Skype*: dirk.heinrichs.recommind
>> www.recommind.com
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/fe2a6f7a-9010-4e47-bfb1-6c05896d6749%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK4sufrM%2B0tsAT60rPEK_37Zz5sbXMq59%2BSXuhwgMhpKOQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Using puppetlabs_spec_helper on Windows 7

2015-04-08 Thread Rob Reynolds 
On Fri, Feb 20, 2015 at 3:31 PM, Breeze  wrote:

> Is it a lost cause ? Or someone succeeded to test puppet modules on
> Windows ?
>
> BUMP
>

I wouldn't say lost cause -
https://github.com/puppetlabs/puppetlabs_spec_helper/pull/87 and
https://github.com/puppetlabs/puppetlabs_spec_helper/pull/84 - those were
released in 0.9.0 (somewhere late February) I believe.



>
> On Monday, October 28, 2013 at 5:44:30 AM UTC-5, Matthieu Nantern wrote:
>>
>> I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my
>> Puppet modules.
>>
>> Is this supported ? Because I encountered some problems:
>>
>>1. symlinks were not created on Windows 7 (even if the functionnality
>>are availabe). To manage that I added to rake_tasks.rb an ugly function:
>>
>>def make_link(source,target)
>>  ruby_platform = RbConfig::CONFIG['host_os']
>>  if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then
>>#Windows Stuff
>>source_win=source.tr("/","\\")
>>target_win=target.tr("/","\\")
>>`call mklink /D #{target_win} #{source_win}`
>>  elsif RUBY_PLATFORM =~ /linux/ then
>>FileUtils::ln_s(source, target)
>>  end
>>end
>>
>>2. undefined method `fetch' for nil:NilClass:
>>
>> Failure/Error: Unable to find matching line from backtrace
>> NoMethodError:
>>   undefined method `fetch' for nil:NilClass
>> # C:/Program Files/Puppet 
>> Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in
>>`block in after_each_test'
>> # C:/Program Files/Puppet 
>> Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in
>>`each'
>> # C:/Program Files/Puppet 
>> Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in
>>`after_each_test'
>>
>>3. I use the concat module. And when running "rake test", I got:
>>
>>Failure/Error: should contain_package('nfs-utils')
>> Puppet::Error:
>>   $concat_basedir not defined. Try running again with
>>pluginsync=true on the [master] section of your node's
>>'/etc/puppet/puppet.conf'.
>>
>>
>> Is it a lost cause ? Or someone succeeded to test puppet modules on
>> Windows ?
>>
>> Thank you for your help !
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/81f04c7d-bc59-48f3-b784-abc16809a2d6%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK7u2fgPVeB_FE6zoJBgmyjeuNUd0WW4TAV8R7fVSy54%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Error in provisioning with puppet

2015-04-08 Thread Rob Reynolds 
On Wed, Mar 11, 2015 at 2:18 AM, Ash26  wrote:

> I am trying to build a Win 2008 R1 SP2 baked AMI using packer and puppet.
>
> My builder works fine and creates the AMI with puppet installed.
>
> Now in my provisioner I have a very simple puppet script and it is
> executing when I do a puppet apply on the instance.
>
> But inside packer it is failing with the below error. The  json file was
> validated successfully by packer.
>
> amazon-windows-ebs: Provisioning with Puppet...
> amazon-windows-ebs: Creating Puppet staging directory...
> amazon-windows-ebs: The syntax of the command is incorrect.
>
> This is my provisioner
>
> "provisioners":[{
>   "type": "puppet-masterless",
>   "manifest_file":
> "C:\\Users\\xyz\\Downloads\\packer_0.7.5_windows_386\\site.pp"
> }]
>
>
Does the AMI have access to the file? Note I don't believe you can build a
local AMI for Windows with Packer.

I don't have a lot of experience building out AMI's but I can tell you that
there was some significant work recently put into Packer, AWS and Windows.
See http://jen20.com/2015/04/02/windows-amis-without-the-tears.html


> Please provide pointers.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/0732c5b0-1f9a-4827-8981-fb744f41126d%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK6JjUwJimCUQMCrKeT2a7A4bqTuaRRUujbFM7NHw1D%2B1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] My puppet code is not idempotent (Windows package provider)

2015-04-08 Thread Rob Reynolds 
On Thu, Feb 19, 2015 at 3:29 AM, cko  wrote:

> Hi everyone,
>
> I'm using the following manifest to deploy a driver package (and its
> certificate) to about 150 Windows Server 2008 R2 nodes.
>
> https://gist.github.com/anonymous/1cbaa90e1d0497ebaeb3
>

On second look, I noticed you were using a network share. It's possible
Puppet is silently failing on being unable to access the installer file.
The puppet agent service by default runs as LocalSystem, which will not
have access to network shares. You can either find a user that is in the
local Administrators group that have network access or copy the resource
locally through a different means before trying to use it with package.


>
>
> The "file" and "exec" resources are applied successfully and only once.
>
> But on every puppet run, the "package" resource gets applied. Example
> tagmail output:
>
>
>
>
> *Thu Feb 19 09:48:28 +0100 2015 /Stage[main]/[ .. module
> ]/Package[signotec WinUSB]/ensure (notice): createdThu Feb 19 10:16:59
> +0100 2015 /Stage[main]/[ .. module ]/Package[signotec WinUSB]/ensure
> (notice): created*
> *.*
>
>
> Any ideas?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/73b28b55-3f57-4ab1-b92a-1078c5175f76%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*PuppetConf 2015  is coming to Portland,
Oregon! Join us October 5-9.*
*Register now to take advantage of the Early Adopter discount

*
*--**save $349!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK6mEj%2B9enaVQ40LYjZYGeuoG3Y41WM94M2X0hgmrU-3ww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Best approach to creating wrapper classes

2015-04-08 Thread Scott Jaffa 
John,

Thanks for the detailed reply.  While we aren't in agreement on some of the 
finer points, it is moot as you've made it quite clear that the listed 
approaches won't work at a technical level.
Stepping back, can you suggest a good method by which one could separate 
out cross organizational (in this case security hardening) parameters in a 
way that they could be shared across organizations?  
Assuming the answer, shared or not, for the security layer is hiera, I need 
to put more thought into the structure.

Thanks,

Scott

On Wednesday, April 8, 2015 at 10:10:24 AM UTC-4, jcbollinger wrote:
>
>
>
> On Tuesday, April 7, 2015 at 3:30:30 PM UTC-5, Scott Jaffa wrote: 
>
>
>> On Friday, April 3, 2015 at 9:15:00 AM UTC-4, jcbollinger wrote:
>>>
>>>
>>>
>>> On Thursday, April 2, 2015 at 4:02:30 PM UTC-5, Scott Jaffa wrote:

 Hi,

 I'm working in an environment where certain parameters need to be 
 enforced per security requirements..  

 The ways we've identified to do this are:

 1)  Put the specific settings in the profile:
 Advantages:  Utilize stock roles and profiles pattern, plenty of 
 documentation and guides online.
 Disadvantage:  The settings are part of the profile and thus two groups 
 need to share ownership of the same module.  Reduces flexibility or speed 
 due to additional enforcement needed by shared ownership.

 2)  Modify the modules themselves.
 Advantages:  Configuration is part of the module.
 Disadvantages:  We are now maintaining all custom modules.  

 3)  Extend roles and profiles to add an additional layer between 
 existing profiles and the modules.
 The workflow would be:
 Role (business layer) > Profile (technology layer) > Security (security 
 layer) > Module.  
 Advantages:  Engineering configuration and security configuration are 
 seperated, with security configuration enforced.
 Disadvantages:  Need a way to present most options up to the profiles 
 layer for parameterization, while enforcing a few options.


 We'd prefer to go with option 3.  Does this make sense?

>>>
>>>
>>> I'm having trouble understanding how you propose to factor out security 
>>> considerations from the technology to which they apply.  Is this just about 
>>> ownership of data, or do there need to be *bona fide* security-specific 
>>> resources?  If the former, then what do you need that you cannot achieve 
>>> via a security-specific level in your Hiera hierarchy?  If the latter, then 
>>> how would making the security classes responsible for declaring 
>>> component-level classes (per option 3) achieve the separation of concerns 
>>> you claim as an advantage?
>>>
>>>  
>>>

 If so, some tips on how to go about this would be appreciated.  Does it 
 make sense for the security module to inherit the base module in this 
 case? 
  It would look something like this (but actually work :) )
 class sec_profile::ssh inherits ::ssh {  
 $server_options = { 'Protocol' => '2', 'Ciphers' => 
 'aes128-ctr,aes192-ctr,aes256-ctr', 'PermitRootLogin' => 'no', 
 'ClientAliveInterval' => '900', 'PermitEmptyPasswords' => 'no', 
 'PasswordAuthentication' => 'no', 'Port' => [22], } }


>>>
>>> If you are contemplating class inheritance for the purpose of greater 
>>> freedom in applying resource property overrides, then maybe they would be 
>>> useful to you.  If you have an idea that they would do anything else for 
>>> you, then put it out of your mind -- class inheritance doesn't work that 
>>> way (whatever way that happens to be).  Note, however, that often you can 
>>> perform resource overrides without class inheritance, that often it is 
>>> better to modify the external data from which modules draw property values 
>>> than to override property values after the fact, and that class inheritance 
>>> creates a very tight coupling that is probably better avoided if it crosses 
>>> module boundaries.
>>>
>>> Yes, the goal is strictly to provide flexibility in parameters.  I think 
>> this is a case where inheritance can make sense, but, particularly as an 
>> end goal is the public release of these modules, I'd like to make sure they 
>> are designed correctly, or at least today's definition of correctly.
>>
>>>  
>>>
 If not, can you suggest a good approach to present the base module 
 options to the profile?  We'd like to to allow parameterization / hiera 
 lookups at the profile layer, preferrably without having to reimplement 
 each option in the security layer.


>>>
>>> It would help if you presented a representative example of what you're 
>>> trying to configure, and explained the challenge you face with respect to 
>>> that.  What you've presented so far is too abstract for me to offer any 
>>> specific advice.
>>>
>>>
>>> John
>>>
>>> Certainly!
>>
>> The goal here is to build security hardening into th

Re: [Puppet Users] Running a daemon only during certain hours of the day

2015-04-08 Thread Peter Bukowinski 
On Apr 9, 2015, at 1:26 AM, Gabriel Filion  wrote:
> 
> Hello,
> 
> A client of mine needs to be able to control which hours during the day
> a certain daemon is running and which hours it is not.
> 
> So far I can think of hiera for controlling the on/off periods + some
> math magic to determine in the puppet manifests whether we are currently
> in the On or Off period (which would ensure either "running" or "stopped").

This seems like an overly-complex approach.

> The other option could be a custom fact (which would make manifests less
> complicated), but I'm unsure of how control over the on/off time periods
> could be achieved in this case.
> 
> Am I more or less on to something with the above or am I trying to do
> something with the wrong tool? One of the downsides of using puppet is
> that runs are only once per hour (in that case) so the starting and
> stopping times might be unreliable :\

Puppet is really good at managing steady states. Why not have puppet manage 
cron entries responsible for starting and stopping the daemon? A custom fact 
could be used to return the current on/off state (accurate as of the last 
puppet run, or course) of the daemon for auditing purposes.

--
Peter

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7DA458FE-70F8-4A5E-857F-6140FE49523E%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Running a daemon only during certain hours of the day

2015-04-08 Thread Gabriel Filion 
Hello,

A client of mine needs to be able to control which hours during the day
a certain daemon is running and which hours it is not.

So far I can think of hiera for controlling the on/off periods + some
math magic to determine in the puppet manifests whether we are currently
in the On or Off period (which would ensure either "running" or "stopped").

The other option could be a custom fact (which would make manifests less
complicated), but I'm unsure of how control over the on/off time periods
could be achieved in this case.

Am I more or less on to something with the above or am I trying to do
something with the wrong tool? One of the downsides of using puppet is
that runs are only once per hour (in that case) so the starting and
stopping times might be unreliable :\

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/55260D86.2070200%40lelutin.ca.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[Puppet Users] Precedence Q: repos -> packages

2015-04-08 Thread Guy Matz 
Hi!  I first used this sort of thing:
stage { 'yum' : before => Stage['main'] }

and tagged ll of my yumrepos with a stage of yum.  This doesn't work so
well for downloaded modules, so I'm thinking of using:
Yumrepo <| |> -> Package <| |>

Is there a downside?  Any recommendations?

Thanks,
Guy

P.S. - Sorry for asking; I'm sure this has been asked a zillion times, but
I haven't been able to find a good answer.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABnTgtUfingc%2BY9sBZoeZyCN0Mbpk%2Bknq2uyuU08AiLM4u15qw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.