[Puppet Users] Timeout after stored state

2008-09-07 Thread AJ Christensen 
So, I'm currently scratching my noodle regarding the following unhelpful
stack trace from `puppetd -t --no-noop --trace --debug`:
debug: //File[/var/lib/puppet/modules]: Autorequiring User[root]
debug:
//Node[gatekeeper]/monitoring/munin::client/munin::plugins::linux/munin::plugins::interfaces/Munin::Plugin[if_err_eth1]/File[/etc/munin/plugins/if_err_eth1]:
Autorequiring File[/etc/munin/plugins]
debug:
//Node[gatekeeper]/monitoring/munin::client/munin::plugins::linux/Munin::Plugin[df]/File[/etc/munin/plugin-conf.d/df.conf]:
Autorequiring File[/etc/munin/plugin-conf.d]
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy ruby1.8-dev'
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy git-core'
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy build-essential'
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy puppet'
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy libmysqlclient15-dev'
debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
policy linux-headers-server'
debug: Calling fileserver.describe
debug: Storing state
debug: Stored state in 0.03 seconds
/usr/lib/ruby/1.8/timeout.rb:54:in `open': execution expired
(Timeout::Error)
from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
 ... 38 levels...
from /usr/lib/ruby/1.8/puppet/network/client/master.rb:254:in `run'
from /usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
from /usr/lib/ruby/1.8/puppet/network/client/master.rb:236:in `run'
from /usr/sbin/puppetd:417


Any ideas?

Regards,

AJ

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Timeout after stored state

2008-09-07 Thread AJ Christensen 
Nay just me being an idiot.
Thought I had removed this post - guess it can't magically suck it back out
of everyones mailbox.

The problem was:

source => "puppet://ubuntu/path/to/file";

as opposed to:

source => "puppet:///ubuntu/path/to/file";

Must have sent my original email before coffee ;)

Regards,

AJ

2008/9/8 Adam Jacob <[EMAIL PROTECTED]>

> Perhaps an overloaded puppet master?
>
> The stack trace is showing that your client can't reach the puppet master
> via http..
>
> Adam
>
>
> On Sun, Sep 7, 2008 at 7:05 PM, AJ Christensen <[EMAIL PROTECTED]> wrote:
>
>> So, I'm currently scratching my noodle regarding the following unhelpful
>> stack trace from `puppetd -t --no-noop --trace --debug`:
>> debug: //File[/var/lib/puppet/modules]: Autorequiring User[root]
>> debug:
>> //Node[gatekeeper]/monitoring/munin::client/munin::plugins::linux/munin::plugins::interfaces/Munin::Plugin[if_err_eth1]/File[/etc/munin/plugins/if_err_eth1]:
>> Autorequiring File[/etc/munin/plugins]
>> debug:
>> //Node[gatekeeper]/monitoring/munin::client/munin::plugins::linux/Munin::Plugin[df]/File[/etc/munin/plugin-conf.d/df.conf]:
>> Autorequiring File[/etc/munin/plugin-conf.d]
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy ruby1.8-dev'
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy git-core'
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy build-essential'
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy puppet'
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy libmysqlclient15-dev'
>> debug: Puppet::Type::Package::ProviderApt: Executing '/usr/bin/apt-cache
>> policy linux-headers-server'
>> debug: Calling fileserver.describe
>> debug: Storing state
>> debug: Stored state in 0.03 seconds
>> /usr/lib/ruby/1.8/timeout.rb:54:in `open': execution expired
>> (Timeout::Error)
>> from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
>> from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
>> from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
>> from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
>> from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
>> from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
>> from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
>> from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
>>  ... 38 levels...
>> from /usr/lib/ruby/1.8/puppet/network/client/master.rb:254:in
>> `run'
>> from /usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
>> from /usr/lib/ruby/1.8/puppet/network/client/master.rb:236:in
>> `run'
>> from /usr/sbin/puppetd:417
>>
>>
>> Any ideas?
>>
>> Regards,
>>
>> AJ
>>
>>
>>
>
>
> --
> HJK Solutions - We Launch Startups - http://www.hjksolutions.com
> Adam Jacob, Senior Partner
> T: (206) 508-4759 E: [EMAIL PROTECTED]
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: README example

2008-09-08 Thread AJ Christensen 
That repo (git://oppermannen.com/modules/git.git/)
doesn't
work for me either, Git 1.5.6.GIT
Regards,

AJ

2008/9/9 Blake Barnett <[EMAIL PROTECTED]>

>
> You are most likely using a version of Git that is too far out of sync
> with the repository.  1.5.x is usually required now.
>
> -Blake
>
> On Sep 8, 2008, at 10:03 AM, Kenton Brede wrote:
>
> >
> > I tried it both ways, results are the same.
> > Thanks,
> > Kent
> >
> > 2008/9/8 Andrew Shafer <[EMAIL PROTECTED]>:
> >> It might be hosed, but try removing the trailing /.  I only have
> >> email for
> >> the moment or I would confirm.
> >>
> >> On Mon, Sep 8, 2008 at 10:59 AM, Kenton Brede <[EMAIL PROTECTED]>
> >> wrote:
> >>>
> >>> 2008/9/8 Andrew Shafer <[EMAIL PROTECTED]>:
>  git clone name-of-repo is the easiest way to set it up
> 
>  try:
>  git clone git://oppermannen.com/modules/git.git/
> 
>  git checkout switches between branches and git pull updates the
>  local
>  repo
> >>>
> >>> I knew I should have mentioned all that I tried in my first
> >>> message but I
> >>> wanted
> >>> to be brief :)  "git clone" was actually one of the first things I
> >>> tried.  This is what I get:
> >>>
> >>> $  git clone git://oppermannen.com/modules/git.git/
> >>> Initialized empty Git repository in /usr/local/src/git/.git/
> >>> fatal: no matching remote head
> >>> fetch-pack from 'git://oppermannen.com/modules/git.git/' failed.
> >>>
> >>> Given the git command reports "empty" or "not a git repository" I
> >>> made
> >>> the assumption
> >>> the repo was hosed.
> >>>
> >>> If anyone has the README from the git module and would like to
> >>> share,
> >>> I would appreciate it.
> >>> Thanks,
> >>> Kent
> >>>
> >>>
> >>
> >>
> >>>
> >>
> >
> > >
>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Managing SSH keys

2008-09-11 Thread AJ Christensen 
You'll need to generate keys for distribution, automating this somehow by
calling out to ssh-keygen I presume.
Regards,

AJ

2008/9/12 Kenneth Holter <[EMAIL PROTECTED]>

>
> I've gotten Puppet to distribute server A's public SSH key on some of the
> nodes in the network. For password-less login to work, the nodes' host key
> must be saved on server A.
>
> Is there a security reason for not automating this process (if possible),
> i.e. automating the process of retreiving the nodes' host key and importing
> them into server A's know hosts file? And is there a way to get puppet to do
> this using the built in types of version 0.24.4 (I know there is a sshkey
> type, but I'm not quite sure how this works)?
>
>
> Regards,
> Kenneth Holter
>
> On 9/11/08, Francois Deppierraz <[EMAIL PROTECTED]> wrote:
>>
>>
>> Kenneth Holter wrote:
>>
>> > But does this resource type manage the distribution of SSH public keys
>> > for setup of password-less login? If so, could you please provide a
>> > sample code for distributing the SSH public key for a server A?
>>
>> No, the sshkey type only manages host key (ie. /etc/ssh/ssh_known_hosts).
>>
>> You can use ssh_authorized_key available since puppet 0.24.5 to do what
>> you want.
>>
>> Example:
>>
>> ssh_authorized_key{"[EMAIL PROTECTED] on root":
>> ensure => present,
>> type   => "rsa",
>> key=> "A...",
>> user   => "root",
>> }
>>
>> By the way, you still need a way to generate the SSH key private key
>> beforehand.
>>
>> François
>> >>
>>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Using git to manage puppet manifests.

2008-09-18 Thread AJ Christensen 
I use a rake task:
desc "Install your manifests"
task :install => [ :update, :test ] do
  sh %{git push}
  sh %{ssh #{MASTER} 'cd /etc/puppet; sudo git pull'}
end

2008/9/19 Leah <[EMAIL PROTECTED]>

>
> I've set up puppet and had it running, but never bothered to set up an
> version control.  I've decided it is time to get it all in version
> control as the system is about to become production and I need to keep
> track of who is changing things and what is being changed.
>
> I am looking at storing all my configs in Git as that seems to be the
> version control of choice here and it's time I learned it.  I was
> wondering what other people do to automatically update their puppet
> server with the latest version from git.  I was looking at using some
> sort of git hook, but I'm not sure how to implement it efficiently and
> securely with a shared repository on another server.  I went looking
> on the wiki, but could only find information about doing this with
> subversion.
>
> Any examples of what others are doing would be appreciated so I can
> figure out the best approach.
>
> Thanks,
>
> Leah
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: external node trouble

2008-09-28 Thread AJ Christensen 
Sorry, forgot to chuck this in there:
irb(main):003:0> classes = [ "baseserver", "stg2server" ]
=> ["baseserver", "stg2server"]
irb(main):004:0> yaml_obj = YAML::dump(classes)
=> "--- \n- baseserver\n- stg2server\n"
irb(main):005:0> ruby_obj = YAML::load(yaml_obj)
=> ["baseserver", "stg2server"]
irb(main):006:0> classes == ruby_obj
=> true

2008/9/29 AJ Christensen <[EMAIL PROTECTED]>

> [EMAIL PROTECTED] /tmp$ irb -ryaml
> irb(main):001:0> classes = [ "baseserver", "stg2server" ]
> => ["baseserver", "stg2server"]
> irb(main):002:0> puts classes.to_yaml
> ---
> - baseserver
> - stg2server
> => nil
>
> AFAIK, Puppet uses YAML.load / YAML.dump for object manipulation.
>
> "claseses: [baseserver, stg2server]" is not a valid yaml array
> representation?
>
> 2008/9/29 Daniel Pittman <[EMAIL PROTECTED]>
>
>
>> "Andrew Shafer" <[EMAIL PROTECTED]> writes:
>> > On Tue, Sep 23, 2008 at 12:01 PM, heise <[EMAIL PROTECTED]> wrote:
>> >
>> > I'm trying to get puppet to function with external nodes, i've got a
>> > script that spits out yaml in the following for my test case
>> "classes:
>> > [baseserver, stg2server] " , from this i get the error of "couldn
>> not
>> > retrieve catalog: could not find default node or by name with
>> 'heise-
>> > laptop' on node heise-laptop" is there something i'm missing in my
>> > yaml , is there something more my external node classifer needs to
>> > return other than the yaml and an exit code of 0 ?
>> >
>>
>> > The yaml output is not formated properly for puppet. It should look more
>> like this:
>> > classes:
>> >   - baseserver
>> >   - stg2server
>> >
>> > http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
>>
>> Does puppet have a hand-rolled YAML parser incompatible with the
>> specification?  Those two reflect *exactly* the same content: the key
>> 'classes' associated with an array of two values.
>>
>> There should be absolutely *zero* different between the in-memory
>> representations of those two YAML declarations.
>>
>> Regards,
>> Daniel
>>
>> >>
>>
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: external node trouble

2008-09-28 Thread AJ Christensen 
[EMAIL PROTECTED] /tmp$ irb -ryaml
irb(main):001:0> classes = [ "baseserver", "stg2server" ]
=> ["baseserver", "stg2server"]
irb(main):002:0> puts classes.to_yaml
---
- baseserver
- stg2server
=> nil

AFAIK, Puppet uses YAML.load / YAML.dump for object manipulation.

"claseses: [baseserver, stg2server]" is not a valid yaml array
representation?

2008/9/29 Daniel Pittman <[EMAIL PROTECTED]>

>
> "Andrew Shafer" <[EMAIL PROTECTED]> writes:
> > On Tue, Sep 23, 2008 at 12:01 PM, heise <[EMAIL PROTECTED]> wrote:
> >
> > I'm trying to get puppet to function with external nodes, i've got a
> > script that spits out yaml in the following for my test case
> "classes:
> > [baseserver, stg2server] " , from this i get the error of "couldn not
> > retrieve catalog: could not find default node or by name with 'heise-
> > laptop' on node heise-laptop" is there something i'm missing in my
> > yaml , is there something more my external node classifer needs to
> > return other than the yaml and an exit code of 0 ?
> >
>
> > The yaml output is not formated properly for puppet. It should look more
> like this:
> > classes:
> >   - baseserver
> >   - stg2server
> >
> > http://reductivelabs.com/trac/puppet/wiki/ExternalNodes
>
> Does puppet have a hand-rolled YAML parser incompatible with the
> specification?  Those two reflect *exactly* the same content: the key
> 'classes' associated with an array of two values.
>
> There should be absolutely *zero* different between the in-memory
> representations of those two YAML declarations.
>
> Regards,
> Daniel
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: something wrong with puppet client or Server

2008-09-30 Thread AJ Christensen 
Best. Non-idempotent. Exec. Ever.
unless => "/bin/grep 'my line' /etc/vfstab" in your exec{}.

Regards,

AJ

2008/10/1 Andrew Shafer <[EMAIL PROTECTED]>

> Exec is not going to be idempotent unless you add the logic.
>
> You told Puppet to run that script every time, which adds the line.
>
>
> On Tue, Sep 30, 2008 at 3:46 PM, Peter Meier <[EMAIL PROTECTED]>wrote:
>
>>
>> Hi
>>
>> > I dont understand if once it is already added line in /etc/fstab why
>> > it is adding every time
>>
>> because you have never defined how it knows then it's added.
>> this is the expected behaviour of puppet.
>>
>> greets pete
>>
>>
>>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Could not request certificate: Certificate does not match private key

2008-11-19 Thread AJ Christensen 
Make --server (client) match --certname (master)
Regards,

AJ

2008/11/20 sprock <[EMAIL PROTECTED]>

>
> hello,
>
> I've just added a new client to an existing configuration but cannot
> get it recognised.  Both client and server are running 0.24.5,
> installed on gentoo linux using portage.
>
> This is what I dis:
>
> Server:
> /etc/init.d/puppetmaster start
>  * Starting
> puppetmaster ...
> [ ok ]
>
> Client:
>
> puppetd --test
> warning: peer certificate won't be verified in this SSL session
> notice: Did not receive certificate
> notice: Set to run 'one time'; exiting with no certificate
>
> Server:
>
> puppetca --generate client.here.there
> Generating certificate for client.here.there
>
> Client:
> puppetd --waitforcert 60 --test
> warning: peer certificate won't be verified in this SSL session
> err: Could not request certificate: Certificate retrieval failed:
> Certificate request does not match existing certificate; run 'puppetca
> --clean moonstone.esd.mun.ca'.
>
> Server:
>
> puppetca --list
> client.here.there
> server puppet # puppetca --sign client.here.there
> Signed client.here.there
>
> Client:
>
> puppetd --waitforcert 60 --test
> warning: peer certificate won't be verified in this SSL session
> err: Could not request certificate: Certificate does not match private
> key.  Try 'puppetca --clean client.here.there' on the server.
>
> I've tried doing as suggested (several times) but the error persists.
>
> Thanks for any help.
>
> Roger
>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: inherit and override?

2009-01-06 Thread AJ Christensen 

class x inherits y {
Resource["name"] {
parameter => "newvalue"
}
}

http://reductivelabs.com/trac/puppet/wiki/LanguageTutorial#id6

Regards,

AJ


On 7/01/09 3:18 PM, "Ben Beuchler"  wrote:

> 
> I'm fairly certain I encountered the preferred pattern for inheriting
> from a class for the specific purpose of disabling it.  I can't seem
> to find it anymore.  Any pointers?
> 
> A specific example would be our ldapauth module.  The main class
> installs a few packages and files in order to activate LDAP auth.
> This class is be included by default in all nodes.  I would like to
> have an ldapauth::disabled that can be added to a node to prevent
> realization of this class.
> 
> Thanks!
> 
> -Ben
> 
> > 



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: some ideas for facts

2009-01-08 Thread AJ Christensen 

How about check_puppet.rb in ext/ ? This one runs on the clients =)

Regards,

AJ


On 9/01/09 3:16 AM, "Helmut Lichtenberg" 
wrote:

> 
> James Turnbull schrieb am 07. Jan 2009 um 22:03:03 CET:
>> windowsrefund wrote:
>>> I've got a check defined in nagios that allows me to determine if a
>>> puppet client has not updated itself in awhile
>>> 
>>> /usr/lib/nagios/plugins/check_file_age -f /var/lib/puppet/state/
>>> state.yaml -w 3600 -c 4000
>> 
>> Have you seen the puppetlast script?  It's in the ext/ directory of the
>> Puppet package.  That might be useful too.
> 
> This script runs only on the puppetmaster (at least for Debian Lenny, it's
> part of the puppetmaster-package) and it displays a list of hosts and when the
> last run was.
> 
> I would also prefer a by-host check like the OP. Is anything wrong with the
> proposed check_file_age?
> 
> Helmut



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: What is an "external node tool"

2009-01-19 Thread AJ Christensen 

An external node tool provides classes and parameters (variables) for  
nodes.

It's a cool way of getting data from external sources onto your nodes.

iClassify - https://wiki.hjksolutions.com/display/IC/Home

Regards,

AJ

On 20/01/2009, at 3:53 PM, kevin wrote:

>
> I've been a bit confused by this terminology:  What exactly is such a
> tool?  What purpose does it serve?  Are there any examples?
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: What is an "external node tool"

2009-01-19 Thread AJ Christensen 

Woops, forgot this page too:

http://reductivelabs.com/trac/puppet/wiki/ExternalNodes

Has an example script which spits out some YAML.

Regards,

AJ

On 20/01/2009, at 3:53 PM, kevin wrote:

>
> I've been a bit confused by this terminology:  What exactly is such a
> tool?  What purpose does it serve?  Are there any examples?
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Solaris SSL error

2009-02-12 Thread AJ Christensen 

Is there any particular reason you're copying the certificates and  
whatnot by hand instead of using the built in mechanisms?

Regards,

AJ

On 13/02/2009, at 11:12 AM, chakkerz wrote:

>
> i've copied the ca.pem from the master to the client. Now i'm back to
> the familar:
>
> r...@puppetsun:/var/lib/puppet/ssl# /opt/csw/bin/puppetd -vt
> info: Retrieving plugins
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources during transaction: Certificates were not trusted:
> certificate verify failed
> warning: Certificate validation failed; consider using the certname
> configuration option
> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of
> resource: Certificates were not trusted: certificate verify failed
> Could not describe /plugins: Certificates were not trusted:
> certificate verify failed
> err: Could not retrieve catalog: private method `chomp' called for
> nil:NilClass
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: directory creation - difference in operation between RHEL5 and Solaris

2009-02-24 Thread AJ Christensen 

You probably wanna use ensure => directory, as it implies present, and  
ensure present will make a file IIRC

On 25/02/2009, at 6:27 PM, chakkerz wrote:

>
> The following code,
>file
>{ "/var/log/sysinfo":
>owner  => root,
>group  => root,
>mode   => 755,
>ensure => [ present, directory ],
>}
>
> on RHEL5 generates a directory:
> [r...@puppetks4 ~]# uname -a ; ls -ld /var/log/sysinfo
> Linux puppetks4.its.uq.edu.au 2.6.18-128.el5 #1 SMP Wed Dec 17
> 11:41:38 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
> drwxr-xr-x 2 root root 4096 Feb 18 09:04 /var/log/sysinfo
>
> using
> [r...@puppetks4 ~]# rpm -q puppet
> puppet-0.24.7-4.el5
>
> while on OpenSolaris generates a file:
> r...@puppetsun:/# uname -a ; ls -l /var/log/sysinfo
> SunOS puppetsun 5.11 snv_101b i86pc i386 i86pc Solaris
> -rwxr-xr-x 1 root root 0 2009-02-13 17:57 /var/log/sysinfo
>
> using
> r...@puppetsun:/# pkginfo -l CSWpuppet
>   PKGINST:  CSWpuppet
>  NAME:  puppet - a system configuration tool
>  CATEGORY:  application,system
>  ARCH:  all
>   VERSION:  0.24.7,REV=2009.01.10
>   BASEDIR:  /
>VENDOR:  http://reductivelabs.com/projects/puppet packaged for CSW
> by Gary Law and Mark Phillips
>PSTAMP:  zone6120090110180023
>  INSTDATE:  Dec 29 1986 04:18
> EMAIL:  g...@blastwave.org
>STATUS:  completely installed
> FILES:  524 installed pathnames
>  12 shared pathnames
>  95 directories
> 419 executables
>3713 blocks used (approx)
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: problem changing group membership for linux users

2009-03-01 Thread AJ Christensen 

I believe you can only use git:// through an HTTP proxy when it  
supports the CONNECT method.

It may be possible to clone via HTTP, but push operations are only  
possible over HTTP to DAV.

Regards,

AJ


On 2/03/2009, at 7:10 PM, Sebastian Krueger wrote:

>
> Hi everyone,
>
> so I'm trying to do a checkout from the git repository as James said
> that the problem may already be resolved in a later version.
>
> However, I can't seem to get git to go through the corporate http  
> proxy server.
>
> I do the following:
>
> http_proxy=http://foo:1234 git clone git://reductivelabs.com/puppet
>
> And then it just sits there and times out eventually.
>
> Do any of you guys use git through a proxy and could share their  
> configuration?
>
> Regards, Sebastian.
>
>
> On Mon, Mar 2, 2009 at 6:50 PM, Sebastian Krueger  > wrote:
>>
>> Hi Nick,
>>
>> I've added in the membership => inclusive part but it's still  
>> trying to reassign the groupmembership all the time.
>>
>> Regards, Sebastian.
>>
>> On Mon, Mar 2, 2009 at 10:39 PM,  wrote:
>>>
>>> On Mon, 02 Mar 2009 03:46:55 -, Sebastian Krueger
>>>  wrote:
>>>
 Hi list,

 I want the ensure that the eaiadmin user is always a member of  
 the users
 group. I use the following configuration:

 class baseusers {
 include virt_groups, virt_users

 realize(
 Group["eaiadmin"],
 Group["users"]
 )

 realize(
 User["eaiadmin"]
 )

 }

 class virt_users {
 @user { "eaiadmin":
 gid=> "30",
 ensure => present,
 groups => [ "users" ]
 }
 }

 class virt_groups {
 @group { "eaiadmin":
 gid => "30",
 ensure  => present
 }
 @group { "users":
 gid => "100",
 ensure  => present
 }
 }
>>>
>>> Hi Sebastian,
>>> I think u must try to add "membership => inclusive" in @user for  
>>> more
>>> "stability". Btw what is u puppet version, cuz as i see "groups" are
>>> version sensitive.
>>> And look here http://reductivelabs.com/trac/puppet/wiki/TypeReference#id312
>>>
>
>>
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

2009-03-04 Thread AJ Christensen 

Hi David,

Not sure if you looked at it, but I'm one of the developers of Chef;  
an alternate ruby-based configuration management / systems integration  
framework.

What work is involved in getting a functional Augeas resource? I'm not  
sure we want to expose the level of functionality of Augeas entirely,  
but perhaps expose it through limited resources, that is unless we can  
lock it down a little. There are ruby bindings, yes?

Regards,

AJ

On 4/03/2009, at 5:55 PM, David Lutterkort wrote:

>
> On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote:
>> Hi David,
>>
>> David Lutterkort wrote:
>>> Yeah, that's what that means. Here's a dirty trick to check multiple
>>> conditions:
>>
>> Your assistance so far has been awesome. If I had more time to  
>> play, I'm
>> sure I could solve this in time, but I'm being hammered by the  
>> security
>> teams and I need to get a solution onto our servers as soon as  
>> possible.
>>
>> I'm trying to check/change /etc/pam.d/system-auth
>>
>> The initial (default set) lines look like this:
>>
>> passwordrequisite pam_cracklib.so try_first_pass retry=3
>> passwordsufficientpam_unix.so md5 shadow nullok  
>> try_first_pass
>> use_authtok
>>
>> I want to change them to this (result set):
>>
>> passwordrequisite pam_cracklib.so retry=3 lcredit=1 ucredit=1
>> dcredit=1 ocredit=1
>> passwordsufficientpam_unix.so md5 shadow try_first_pass
>> use_authtok remember=7
>>
>> Essentially, I need to check if the lines match the result set and if
>> not, to make the change. I'm happily able to make the proper changes,
>> using the following (using the first line as an example):
>>
>> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ 
>> argument",
>> "set *[module='pam_cracklib.so'][type='password']/argument[1]  
>> retry=3",
>> "set *[module='pam_cracklib.so'][type='password']/argument[2]  
>> lcredit=1",
>> "set *[module='pam_cracklib.so'][type='password']/argument[3]  
>> ucredit=1",
>> "set *[module='pam_cracklib.so'][type='password']/argument[4]  
>> dcredit=1",
>> "set *[module='pam_cracklib.so'][type='password']/argument[5]  
>> ocredit=1"],
>>
>> But I'm really struggling with the onlyif line to check that all the
>> arguments are in place, the correct value and there are no extras.  
>> I'm
>> able to test individual argument values and the overall count, but I
>> seem unable to build a full match that checks everything at once,  
>> i.e.
>> checks each of the first five argument values and ensures that  
>> there are
>> only 5 arguments total.
>
> If you don't mind an unnecessary change the first time you run your
> Augeas resource on a system, you don't need the onlyif - unnecessary
> here means that system-auth might be changed simply because there's
> different amounts of spaces between the current file and what Augeas
> would generate based on your tree changes.
>
> Augeas will not actually change the file if it stays byte-for-byte
> identical, even if you made changes to the tree (e.g. change the value
> of a node to something new, then back to the old thing)
>
> Depending on the version of the Augeas plugin you have, puppet _might_
> report changes even though none were necessary (or made) - Bryan might
> be able to shed some light on the state of reporting in the Augeas  
> type
> in 0.24.7 vs the latest in git.
>
> David
>
>
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

2009-03-04 Thread AJ Christensen 
No.

Regards,

AJ

On 5/03/2009, at 12:18 AM, paul matthews wrote:

> I could be out of line in saying this but rather than developing an  
> alternate to Puppet, would your efforts not be better served  
> producing something that is complementary. The puppet equivalent of 
> http://nagiosexchange.org 
> , springs to mind. As I understand it there is a need for a  
> repository for modules for parts of puppet which are non-core.  
> Nagiosexchange is a viable venture in its own right and the two co- 
> exist as mutually beneficial partners. At least I think that's the  
> case.
>
> Gaining knowledge from this group, to work on something which can  
> only be considered as a rival, seems somehow not quite right
>
> Paul
>
> 2009/3/4 AJ Christensen 
>
> Hi David,
>
> Not sure if you looked at it, but I'm one of the developers of Chef;
> an alternate ruby-based configuration management / systems integration
> framework.
>
> What work is involved in getting a functional Augeas resource? I'm not
> sure we want to expose the level of functionality of Augeas entirely,
> but perhaps expose it through limited resources, that is unless we can
> lock it down a little. There are ruby bindings, yes?
>
> Regards,
>
> AJ
>
> On 4/03/2009, at 5:55 PM, David Lutterkort wrote:
>
> >
> > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote:
> >> Hi David,
> >>
> >> David Lutterkort wrote:
> >>> Yeah, that's what that means. Here's a dirty trick to check  
> multiple
> >>> conditions:
> >>
> >> Your assistance so far has been awesome. If I had more time to
> >> play, I'm
> >> sure I could solve this in time, but I'm being hammered by the
> >> security
> >> teams and I need to get a solution onto our servers as soon as
> >> possible.
> >>
> >> I'm trying to check/change /etc/pam.d/system-auth
> >>
> >> The initial (default set) lines look like this:
> >>
> >> passwordrequisite pam_cracklib.so try_first_pass retry=3
> >> passwordsufficientpam_unix.so md5 shadow nullok
> >> try_first_pass
> >> use_authtok
> >>
> >> I want to change them to this (result set):
> >>
> >> passwordrequisite pam_cracklib.so retry=3 lcredit=1  
> ucredit=1
> >> dcredit=1 ocredit=1
> >> passwordsufficientpam_unix.so md5 shadow try_first_pass
> >> use_authtok remember=7
> >>
> >> Essentially, I need to check if the lines match the result set  
> and if
> >> not, to make the change. I'm happily able to make the proper  
> changes,
> >> using the following (using the first line as an example):
> >>
> >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/
> >> argument",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[1]
> >> retry=3",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[2]
> >> lcredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[3]
> >> ucredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[4]
> >> dcredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[5]
> >> ocredit=1"],
> >>
> >> But I'm really struggling with the onlyif line to check that all  
> the
> >> arguments are in place, the correct value and there are no extras.
> >> I'm
> >> able to test individual argument values and the overall count,  
> but I
> >> seem unable to build a full match that checks everything at once,
> >> i.e.
> >> checks each of the first five argument values and ensures that
> >> there are
> >> only 5 arguments total.
> >
> > If you don't mind an unnecessary change the first time you run your
> > Augeas resource on a system, you don't need the onlyif - unnecessary
> > here means that system-auth might be changed simply because there's
> > different amounts of spaces between the current file and what Augeas
> > would generate based on your tree changes.
> >
> > Augeas will not actually change the file if it stays byte-for-byte
> > identical, even if you made changes to the tree (e.g. change the  
> value
> > of a node to something new, then back to the old thing)
> >
> > Depending on the version of the Augeas plugin you have, puppet  
> _might_
> > report changes even though none were necessary (or made) - Bryan  
> might
> > be able to shed some light on the state of reporting in the Augeas
> > type
> > in 0.24.7 vs the latest in git.
> >
> > David
> >
> >
> >
> > >
>
>
>
>
>
>
> -- 
> Paul Matthews
> --
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

2009-03-04 Thread AJ Christensen 
To clarify; if you're upset by my behavior - this was meant to be an  
off-list reply. I apologies if I've offended anyones sensibilities.

Puppet tends to gather some of the smartest minds around architecture.

Regards,

AJ

On 5/03/2009, at 12:18 AM, paul matthews wrote:

> I could be out of line in saying this but rather than developing an  
> alternate to Puppet, would your efforts not be better served  
> producing something that is complementary. The puppet equivalent of 
> http://nagiosexchange.org 
> , springs to mind. As I understand it there is a need for a  
> repository for modules for parts of puppet which are non-core.  
> Nagiosexchange is a viable venture in its own right and the two co- 
> exist as mutually beneficial partners. At least I think that's the  
> case.
>
> Gaining knowledge from this group, to work on something which can  
> only be considered as a rival, seems somehow not quite right
>
> Paul
>
> 2009/3/4 AJ Christensen 
>
> Hi David,
>
> Not sure if you looked at it, but I'm one of the developers of Chef;
> an alternate ruby-based configuration management / systems integration
> framework.
>
> What work is involved in getting a functional Augeas resource? I'm not
> sure we want to expose the level of functionality of Augeas entirely,
> but perhaps expose it through limited resources, that is unless we can
> lock it down a little. There are ruby bindings, yes?
>
> Regards,
>
> AJ
>
> On 4/03/2009, at 5:55 PM, David Lutterkort wrote:
>
> >
> > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote:
> >> Hi David,
> >>
> >> David Lutterkort wrote:
> >>> Yeah, that's what that means. Here's a dirty trick to check  
> multiple
> >>> conditions:
> >>
> >> Your assistance so far has been awesome. If I had more time to
> >> play, I'm
> >> sure I could solve this in time, but I'm being hammered by the
> >> security
> >> teams and I need to get a solution onto our servers as soon as
> >> possible.
> >>
> >> I'm trying to check/change /etc/pam.d/system-auth
> >>
> >> The initial (default set) lines look like this:
> >>
> >> passwordrequisite pam_cracklib.so try_first_pass retry=3
> >> passwordsufficientpam_unix.so md5 shadow nullok
> >> try_first_pass
> >> use_authtok
> >>
> >> I want to change them to this (result set):
> >>
> >> passwordrequisite pam_cracklib.so retry=3 lcredit=1  
> ucredit=1
> >> dcredit=1 ocredit=1
> >> passwordsufficientpam_unix.so md5 shadow try_first_pass
> >> use_authtok remember=7
> >>
> >> Essentially, I need to check if the lines match the result set  
> and if
> >> not, to make the change. I'm happily able to make the proper  
> changes,
> >> using the following (using the first line as an example):
> >>
> >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/
> >> argument",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[1]
> >> retry=3",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[2]
> >> lcredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[3]
> >> ucredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[4]
> >> dcredit=1",
> >> "set *[module='pam_cracklib.so'][type='password']/argument[5]
> >> ocredit=1"],
> >>
> >> But I'm really struggling with the onlyif line to check that all  
> the
> >> arguments are in place, the correct value and there are no extras.
> >> I'm
> >> able to test individual argument values and the overall count,  
> but I
> >> seem unable to build a full match that checks everything at once,
> >> i.e.
> >> checks each of the first five argument values and ensures that
> >> there are
> >> only 5 arguments total.
> >
> > If you don't mind an unnecessary change the first time you run your
> > Augeas resource on a system, you don't need the onlyif - unnecessary
> > here means that system-auth might be changed simply because there's
> > different amounts of spaces between the current file and what Augeas
> > would generate based on your tree changes.
> >
> > Augeas will not actually change

[Puppet Users] Re: Puppet for password management

2008-10-03 Thread AJ Christensen (Fujin) 

I wrote a parser func that relies on mkpasswd on the master ages ago:
http://pastie.org/pastes/222996

## mkpasswd("password", "12345678")
# needs an 8-char salt *always*
module Puppet::Parser::Functions
  newfunction(:mkpasswd, :type => :rvalue) do |args|
%x{/usr/bin/mkpasswd -H MD5 #{args[0]} #{args[1]}}.chomp
  end
end

## usage [plain_text]
$pw = mkpasswd("test", "12345678")
notify { $pw: }

## output [plain_text]
notice: //Node[junglist]/Notify[$1$12345678$oEitTZYQtRHfNGmsFvTBA/]/
message: is absent, should be $1$12345678$oEitTZYQtRHfNGmsFvTBA/

On Oct 4, 4:41 am, Mike Pountney <[EMAIL PROTECTED]> wrote:
> On 2 Oct 2008, at 18:01, Geoff Newell wrote:
>
> > I'm working on a turnkey Linux system where the post build config is  
> > handled with puppet.
> > One of the unique constraints with a turnkey system is that  
> > passwords are essentially set at build time and then stay fixed for  
> > the life of the product.
> > I was wondering if anyone had used puppet to manage user passwords?
> > The 'user' type supports an encrypted hash, but ideally I need the  
> > facility of passing in a plaintext password, md5 hash it and then  
> > have puppet idempotently check it's been set.
>
> You can do this via shelling out via generate() on the puppetmaster:
>
> $salt = 'dqwdqaom'
> $password = 'mycleartextpassword'
>
> $md5_password = generate('/bin/sh', '-c', "/usr/bin/mkpasswd -H md5 -S  
> $salt '$passwd' | tr -d '\n'")
>
> Ugly, but it works.
>
> The pretty way of doing this would be to create a custom function.  
> We're intending on doing this, but it's not there yet.
>
> Cheers,
>
> Mike
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---