Re: [Puppet Users] intermodule dependency
Hello,
On 12-01-23 04:45 AM, Jos Houtman wrote:
> I am looking for advice/best-practices on how to handle inter module
> dependency's.
> We have a fairly large/complex code base (100+ modules) with a lot of
> history (we started at 0.24) and lately we have taken into looking how
> we can improve the quality of the codebase.
> Parameterized classes, the style guide are all quick wins and no brainers.
>
> But we have some intermodule dependency's, mostly because of ordering,
> for which a proper design pattern is more elusive.
I'm fairly interested in this subject and would like to see what others
have to say here.
>From my experience, modules tend to come in "sets" of inter-dependant
modules, and this makes it sometimes painful to integrate modules from
external sources. Even just merging divergant modules can be quite
tedious. For example, I worked on merging new stuff that was developed
on the nagios module by others in the community.. but since service
resources are declared pretty much _everywhere_ in the module code base,
it took an extensive analysis of what the changes would impact and the
merging process took much more time than it should have because of this.
> A good example is our ldap setup, this setup needs to happen after the
> initialization of our packaging system.
> It also has to happen before a lot of the other modules, because ldap
> provides the details for some of the file owners/groups that are used.
> [...]
In this case, the link between the differring blocks should be
externalized from your ldap module (e.g. the ldap module should care
about stuff related to ldap.. not about relations to other modules).
You could put the order declaration in a "node type" or "node role" kind
of class that you include in your node.
say:
class mysql_server_role {
include ldap_authentication_role # which declares whatever is needed
# for ldap support
include mysql
Class['Ldap'] -> Class['Mysql']
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Selecting modlues based on subnet in nodes.pp
Hello, On 12-01-23 02:14 PM, Derek wrote: > I have four major zones in my nework: Development, Quality Assurance, > User Acceptanc Testing, and Production. I am able to deply different > modules to these zones based on the simple regular expressions posted > in the example at the bottom of this message. > > I have two data centers in my network: Salt Lake City and Santa > Clara. I would like to be able to deploy different modules to servers > based on the data center that they reside it. I have tried simple if > statements and case statements but don't seem to be able to deploy my > site based modules. > > Can you give me some imput on the best approach to my problem? You could use environments to differentiate the nodes..: http://docs.puppetlabs.com/guides/environment.html http://hunnur.com/blog/2010/10/dynamic-git-branch-puppet-environments/ Or (maybe better) you could define a custom fact that tells in which DC your node is present and then branch on the value of this fact: http://www.devco.net/archives/2011/06/29/facter_facts_from_txt_json_yaml_and_non_ruby_scripts.php (see the end of the post for a link to github where you can find the code for custom facts from arbitrary files) -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Interesting permissions issue with nagios_* providers
On 12-02-03 10:54 AM, Peter Berghold wrote:
> I noticed an interesting problem with the nagios_* providers especially
> in Debian. Besides writing to the wrong file (I fixed that issue) I've
> noticed there is a umask issue where the config files end up being owned
> by root with perms 0640. This causes nagios to spit milk out of its
> nose because it cannot read the configuration files.
>
> I came up with a kludgey solution to the problem but I'm not happy with
> it. Anybody out there run into this and fixed it? I'm curious to see
> what others came up with to fix this.
>
> For those that are curious as to how I fixed the "wrong file" problem I
> came up a solution where in my site.pp file I have the following:
>
> if ( $operatingsystem == "Debian ) {
> Nagios_host { target => "/etc/nagios3/conf.d/puppet_hosts.pp" }
> --- etc ---
> }
yes, you do need to set the target on nagios resources. In order to let
different nagios servers be installed with different OSes (weird idea, I
know, but hey! anything's possible ;) ), you could set that target on
resource collection:
Nagios_command <||> {
target =>
"${nagios::defaults::vars::int_nagios_cfgdir}/conf.d/nagios_command.cfg",
# ...
}
also, for the permissions, you could use a file resource with the same
path to set permissions (but not the contents).
check out this module for examples (have a look at manifests/base.pp):
https://labs.riseup.net/code/projects/shared-nagios
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Ensure service nsca
On 12-02-06 02:53 AM, jkm89 wrote:
> This is my configuration:
> service { $nscasvc:
> ensure => stopped,
> enable => false,
> pattern => "$nscapattern",
> require => Class["nsca::install"],
> }
>
> If I add hasstatus => true work perfectly on gentoo but work bad on
> debian.
It's possible (I haven't verified) that the init script for nsca does
not have a "status" command which reports if the service is running or not.
If that's the case, then you'll have to go with a process name pattern.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] opensource VPN modules
Hey there, Do you guys know of opensourced puppet modules for managing VPN services? I've only found a handful of modules for openvpn that seemed less than complete. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera data unusable in a class with an array parameter
try adding this in your template above the call to
scope.function_hiera_array():
<% Puppet::Parser::Functions.function('hiera_array') -%>
On 12-02-09 11:47 PM, Vlad wrote:
> Thanks Nan, I've tried them all (hiera, hiera_array and hiera_hash),
> unfortunately with no luck.
> Like I mentioned above, it doesn't have to be necessarily a hiera hash.
> Even a simple var: name inside the yaml file gives that error. As long
> as you have an array defined as a parameter, together with any type of
> variable from hiera (string, array, or hash), it doesn't work.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/U6a7O_EwdyYJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] opensource VPN modules
On 12-02-10 10:12 AM, Raffael Schmid wrote: > On Thu, 09 Feb 2012, Gabriel Filion wrote: > >> Do you guys know of opensourced puppet modules for managing VPN >> services? >> >> I've only found a handful of modules for openvpn that seemed less >> than complete. > > Check mine https://github.com/luxflux/puppet-openvpn, I think it > is complete. hmm nice, it manages certificate creation for each client defined. > Or which options are you missing? I was intending to manage both the server and client with puppet in order to maintain a vpn tunnel up and running between two sites. but I talked with someone I know, and actually my use case is so simple -- I want to be able to contact my puppetmaster, which is behind a NAT, behind a dynamic IP from a remote host. and that remote host has a static ip -- that it's gonna be less hassle to use a simple reverse ssh tunnel from the puppetmaster to the host with a static ip. (p.s. and .. yes, I know.. a puppetmaster in such a painful setup, yuck! but the infrastructure is mostly my personal testbed) but I'll keep you module in mind, thanks :) -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dynamically extending the group membership of a custom system user
Hello,
On 12-02-13 07:59 AM, Christian Requena wrote:
> I need to expand the membership of a custom system user depending on the
> availability of some group on the target system i.e.
>
>user {
> "logger":
> name => "logger",
> ensure => "present",
> groups => ["adm", "wheel", "this _group_ if it exists"],
> shell => "/bin/bash";
> }
>
> The "this _group_ if it exists" entry only works, if the group was
> already create. I need to expand the list of groups depending on the
> availability of some groups like i.e.
>
> user {
> "logger":
> name => "logger",
> ensure => "present",
> [ 'mongodv', 'postgres', 'custom', 'www' ].each do | g |
> g.exist? _groups < g.to_s
> end
> groups => _groups
> shell => "/bin/bash";
> }
>
> I know that is totally wrong, but I just want to describe what I'm
> aiming to.
One thing you could do would be to create a custom fact that would
harvest those groups that are present and that you need to add to your
users. (I can't help you too much with how to implement this, though,
since my ruby is at the level of baby steps)
In your manifests, you would then have to split the string returned by
the fact into an array and add this array to your static list of groups.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] catalog format performance comparison
Hello, Changelog from 0.24.5 mentions a new format, "marshal", being very much faster than the previous default, "yaml". But the current default format is "pson". I can't find any comparison in performance to the other two. Is "pson" the new default because it fairs better than "marshal" ? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] catalog format performance comparison
On 12-03-25 11:43 PM, Gabriel Filion wrote: > Changelog from 0.24.5 mentions a new format, "marshal", being very much > faster than the previous default, "yaml". > > But the current default format is "pson". I can't find any comparison in > performance to the other two. > > Is "pson" the new default because it fairs better than "marshal" ? any ideas about this? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Why latest stable Debian Squeeze package is 2.6.2-5+squeeze4 please ?
On 12-04-05 07:19 AM, Christophe L wrote: > After some research, I have found that the last stable debian package > version is > puppet (2.6.2-5+squeeze4) [security] > http://packages.debian.org/squeeze/puppet > > and that 2.7.12-3 is considered as unstable > http://packages.qa.debian.org/p/puppet.html In Debian's release cycle, the packages are freezed before a release. when this happens it means that package versions that are currently in the "testing" branch will be used for the next debian release, and will be used until the next release. the "stable" part in all that is the debian branch name that represents the current release, so what software they support. security patches will be backported to 2.6 as much as possible for as long as the current "stable" branch is the current one. for now, you can use the squeeze-backports[1] branch, in which you can find puppet 2.7 [1]: http://backports-master.debian.org/Instructions/ -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet and Passenger
On 12-04-07 10:43 AM, Christopher Wood wrote: > http://apt.puppetlabs.com/ > > Use that and then "apt-get install puppetmaster-passenger". (There's a yum > repository too.) Then you can crib from those configs. oh, interesting, I didnt' know about this one.. and it's available in squeeze-backports, too: http://packages.debian.org/squeeze-backports/puppetmaster-passenger Jax01: if you'd still like to try it out the long way (and thus understand what's happening), you can follow that doc: http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger hopefully it's still all applicable as-is to puppet 2.6 and 2.7 (most of it should be..) generally, for debian you apt-get install apache2 libapache2-mod-passenger and rails, then you setup your apache virtualhost file to trigger passenger, and finally, there's one config file for passenger to know where to find puppet's main executable and librairies. also, the puppet master configuration file is named puppet.conf, too. there's only a section more in there giving setup info about the master. in puppet 2.6+ this section is called "[master]". see: http://docs.puppetlabs.com/guides/configuring.html hth. > On Fri, Apr 06, 2012 at 05:45:39PM -0700, Jax01 wrote: >> Hi Everyone; >> >> I am new to puppet and would SO appreciate any help you might be able >> to provide! >> >> I am attempting to configure Passenger. I have followed all of the >> installation instructions but, when I restart my webserver, it does >> not start the puppetmaster nor does it throw any errors. So, I am not >> even sure where to begin to look. >> >> Also, some of the documentation refers to the puppetmaster.conf file. >> I am not sure what this is. I have only a puppet.conf file on the >> puppetmaster which contains the required entries for the master. Am I >> missing something here? >> >> Any help you could provide would be so greatly appreciated. >> >> Thank you! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Taking github noise away from puppet-dev list
FWIW, I was following puppet-dev before the move to github, but unsubscribed because of the level of noise it generated. I'm not a skilled ruby dev, but I like to follow discussions around some modifications, especially if I see something around an issue I'm watching on redmine. not a suggestion for a change, but mostly a grain of salt about how others do this: I really like how things are done in the git mailing list. patches are sent there and reviewed and possibly accepted or not there, too. support requests also go into the same list, and since all the developers and users are already there, they can answer to users and sometimes, if it turns out to be a bug, the discussion morphs into a patch submission. if people don't like the quantity of e-mails that go there, they can very well send a message to the list even though they're not subscribed to the it and the default policy is to "reply-all" so that people outside the list can receive responses. but changes pushed to the official repository aren't sent to the list. they're sent to the #git-devel irc channel as notices from the bot. On 12-04-09 05:09 PM, Michael Stahnke wrote: > Since our move to github for pull requests and patches, the usefulness > of puppet-dev has declined significantly. puppet-dev used to be a > great list for development discussion of puppet and the ecosystem > around it. With the information and pull request emails from github, > unless everybody has finely-tuned their email clients, the puppet-dev > list has turned into mostly noise. > > We have a goal to foster development discussion from the community. > Because of that, I am proposing we move the github notifications to a > new list, puppet-commits. I realize this may have a consequence of > reducing patch/commit discussion. This should be compensated by: > > 1. Still having a list where pull requests can be commented on > 2. Ability to comment on pull requests directly on github > 3. More forethought and discussion on the dev list prior to making a > pull request/patch. > 4. You can also watch the RSS feed for the puppet projects you have > the most interest in. > > This decision isn't final, but I would like to get opinions on the > idea. I welcome feedback until Friday, April 13. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Implementing hooks
I'm currently using a "nagios" module that's developed by an opensource community, and I'd like to hook some logic into a define to implement some kind of notion that's really specific to the place I work. For now, I've been obligated to keep a modified version of the module, but that means I always need to rebase re-arrange my code around upstream modifications.. and for maintenance, it really adds a bunch of work. Do you guys know if it would be possible to implement a way to "hook" my extraneous logic into the define so that I don't need to modify the module directly anymore? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Implementing hooks
On 12-04-12 04:18 AM, Luke Bigum wrote: > Could you get by with a wrapper? Say, a 'my_nagios' define that does > it's own thing, then uses the third party 'nagios' definition? > > You could add your own resources in your my_nagios that 'Subscribes' to > resources in the 'nagios' define to insert your own resources into the > dependency chain. Well, I've thought about that. But the problem with this approach is that all the nagios services defined in other modules to automatically verify services will not be using the 'my_nagios' definition, but still the one from the nagios module. > If you actually need to modify parameters of a resource in a definition > though then the only way I know of would be to have that parameter > controlled by an argument to the defined type. yeah, hence the need to modify the define to add in the additional logic :\ > On 12/04/12 07:10, Gabriel Filion wrote: >> I'm currently using a "nagios" module that's developed by an opensource >> community, and I'd like to hook some logic into a define to implement >> some kind of notion that's really specific to the place I work. >> >> For now, I've been obligated to keep a modified version of the module, >> but that means I always need to rebase re-arrange my code around >> upstream modifications.. and for maintenance, it really adds a bunch of >> work. >> >> Do you guys know if it would be possible to implement a way to "hook" my >> extraneous logic into the define so that I don't need to modify the >> module directly anymore? >> > > -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Implementing hooks
On 12-04-12 04:18 AM, Luke Bigum wrote:
> Could you get by with a wrapper? Say, a 'my_nagios' define that does
> it's own thing, then uses the third party 'nagios' definition?
>
> You could add your own resources in your my_nagios that 'Subscribes' to
> resources in the 'nagios' define to insert your own resources into the
> dependency chain.
I've just thought about that: maybe I could get what I want by setting a
default value to some parameters to the define? for example, if I'd like
to define some groups depending on an arbitrary "level" of service :
class level1_apache_server {
Nagios::Service {
base_groups => 'level1-apache-server',
}
include apache_logic
}
I think I remember seeing discussion about this kind of feature getting
killed sometime because of scoping issues.. is that right?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Implementing hooks
On 12-04-12 02:10 AM, Gabriel Filion wrote: > Do you guys know if it would be possible to implement a way to "hook" my > extraneous logic into the define so that I don't need to modify the > module directly anymore? oh, I think I've just found something that does pretty much exactly this: https://github.com/example42/puppet-openssh/blob/master/manifests/init.pp this class can include an arbitrary $my_class class to extend functionality. maybe I can do the same thing with an arbitrary define? I'll try that out -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Telly: Nagios types moving into Module
On 12-04-13 03:06 PM, Ashley Penney wrote: > I'm actually fairly nervous about this new move towards dragging > more and more out of the core into modules. It wouldn't be so bad if > Puppet had a proper > "packaging system" that handled dependencies and so forth, but as it > stands I'm just worried > about reaching a situation where we're constantly telling people in > #puppet "oh, well first > you need to get stdlib, nagios, yum, this, that, etc, that's why you > can't do this". humm I must agree with this. Since the types by themselves are not a module per-se, could it be better to package them in the same manner as the core is packaged, and made available through the same resources? so then, people could install those with gem, apt or yum. (and easily require those automatically from actual modules) -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Cron job isn't running
Hey, sorry to butt in for just a small comment: On 12-04-21 12:56 PM, Dave Burkholder wrote: > It just contains the output of "hostname -i " In my understanding, this would probably be equivalent to the $ipaddress fact that comes with facter. Am I mistaken? > On Apr 21, 2012 12:52 PM, "Christopher Wood" <mailto:christopher_w...@pobox.com>> wrote: > > What does the custom facter variable contain? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Template populated from multiple defines
On 12-05-04 07:23 PM, Jared Curtis wrote:
> I'm trying to create a file similar to this
>
>
> Name User One
> Phone 111222
>
>
> Name User Two
>
>
>
> I want to be able to add users in this fashion
> app::users {
> 'user1': name => 'User One', phone => '111222';
> 'user2': name => 'User Two';
> }
> Then use a template to create the actual file. I've done something
> similar to this in the past by using hashes but it seems like a hack and
> doesn't cleanly express what variables are available to be set.
>
> Anyone have any suggestions on the best way to make this work?
The only way that I could think of doing this would be by using a
concatenated file[1]. Each define would create a morcel that would get
concatenated to the "main part" (rest of the structure) for the final
result.
https://github.com/ripienaar/puppet-concat
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] use puppet to manage user accounts on mysql
On 11-07-10 12:48 AM, newguy wrote: > I have 2 types of clients(developers, users) connecting to my puppet > server, puppet installs mysql on both the machines but I want that > when its user machine connecting to server the mysql root user is > disabled and a user account should be made with a custom password and > for developers machine puppet makes a root user with an option to > select a password(right now puppet just installs mysql with root user > and without asking for any root password), developers should also be > able to make a non root account through puppet on mysql. > > Is this possible with puppet, please help. I'm not entirely sure what the long sentence is asking about, but yes I guess it should be possible. the following module includes custom resource types that could help you out (Mysql_database, Mysql_user, Mysql_grant): https://labs.riseup.net/code/projects/shared-mysql check out 'lib/puppet/type' -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: use puppet to manage user accounts on mysql
On 11-07-11 04:43 PM, newguy wrote:
> I made a directory in modules named mysql and put the rise up module
> in there and I included this module in the nodes.pp
that sounds about right.
You should be able to create mysql users by adding the first part into
the desired nodes (think of it as a resource that each interesting node
should have):
node 'puppetclient' {
include mysql
mysql_user { "user@host":
ensure => present,
password_hash => mysql_password("your_password"),
require => Package[mysql],
}
mysql_grant { "user@host/database":
privileges => "all",
require => Mysql_user["user@host"],
}
}
of course, change the values so that the username, password, hostname
and database correspond to real values.
you could also ensure the presence of the database by adding something
like the following inside your node:
mysql_database { "database":
ensure => present,
}
(and in this case, you could add the database in the list of
requirements for the grants)
> On Jul 11, 6:18 am, ew wrote:
>> ++1
>>
>> On Jul 10, 7:13 pm, Nigel Kersten wrote:
>>> This looks like a good opportunity for the various mysql module authors to
>>> all get together and produce one single awesome module :)
I suggested collaboration to the others in the group working on the
shared modules hosted at riseup's. I think it should indeed be a great
opportunity :)
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exported Resources with --noop
On 11-07-13 12:06 PM, Andrew Thompson wrote: > When I puppet with the noop flag resources are being exported to the > db. Is this expected or a bug? Hmm what version of puppet are you using? I've just encountered exactly this with puppet 0.25.4. ran puppet with "-t --noop" on a node that has yet never run puppet, and it exported a nagios host. I think it's a bug. If you open an issue about it, send the URL here and I'll go vote for it. > I would expect it to simulate the transaction with the db... I would too. It could for example warn if there's a conflict (redefinition of an exported resource) but it shouldn't commit resources to database. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Using puppet to import database on client side
On 11-07-15 02:47 PM, newguy wrote:
> exec {"Get db":
> command => "/usr/bin/mysql -uroot -proot papa <
> dumpfile.sql",
> require => exec["Retrieve dump"],
> }
if your .sql file name is written in a similar fashion in your manifests
it probably errors out because it doesn't find it. try using an absolute
path to your dump file.
e.g.:
exec {"Get db":
command => "/usr/bin/mysql -uroot -proot papa <
/var/backups/mysql/dumpfile.sql",
require => exec["Retrieve dump"],
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Up and running with puppet
On 11-08-31 01:15 PM, AJ wrote: > I am just getting started with Puppet, went through the install on a > SuSE Linux (11.1) system. > I wanted to use the web console but run into this error: > "Ruby on Rails application could not be started" > "Permission denied - /opt/puppet/share/puppet-dashboard/config/ > database.yml" > > I've checked the permissions on this yml, changed it to 777 for good > measure but still can't seem to get rid of this error. I was wondering > if somebody who's had more experience with puppet or Ruby on Rails > could help throw some light on the topic. verify the permissions on the whole path. maybe the "config" or the "puppet-dashboard" directories don't give enough privileges to the user running dashboard. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] classes with parameters
Hi,
On 11-09-06 11:11 AM, David Kavanagh wrote:
> I have a node def that refers to 2 classes like this;
>
> node default {
> class {
> [ eucalyptus, eucalyptus::nc ]:
> }
> }
>
>
> The 2nd "requires" the first class.
>
> Now, I've added parameters to the 2nd class and would like to set
> values here. What is the appropriate way to do that?
Did you try to split the two classes up? e.g.:
class {
'eucalyptus':
'eucalyptus::nc':
arg1 => value1,
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] classes with parameters
On 11-09-06 12:15 PM, David Kavanagh wrote:
> Thanks,
> It wasn't clicking that it was an array notation.
hep, no problem ;)
I thought it was a little bit weird too, to be changing from "include
classname" to "class { 'classname': ...}". (e.g. because of the 'class'
reserved word, it now looks like you're defining a new class inside your
nodes)
But I guess once you get the hang of it, it's not that bad. Being able
to use the same notation as other kinds of resources is a good thing.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Storeconfigs seem slow
Hi, On 11-09-12 04:43 PM, Justin Lambert wrote: > We are moving to have our nagios servers generate their nagios configs > based on what services are installed on specific hosts (as well as the > hosts registering themselves). What we have found is that our runtimes > have gone through the roof on this and I'm trying to figure out why > (summary below from a puppet run). The config pull takes a while, but > the majority of the time is spent on the client side. Running puppet > with -d has a large chunk of this time with nothing being updated on the > screen and one processor core being pegged. We're running 2.6.9 on > SL6.0 x86_64. What db backend are you using for stored configs? If you're using the sqlite3 backend, I'd recommend switching to mysql or postgresql. The sqlite3 backend is mainly there for easing puppet dev, but it's way too slow for production use.. > I'm not sure if I have an unreasonable number of resources and I need to > do things differently or if I have a problem on my client I need to > address. Any insight or direction to go down to continue debugging? Normally the client run time shouldn't change much with or without exporting nagios resources, except on the Nagios server (the one extracting the puppet resources). In my experience, exporting native Nagios resources on Nagios clients and collecting them on the Nagios server doesn't seem to be scaling very well. But still, it's usable with around 100 hosts and 500 services.. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Storeconfigs seem slow
On 11-09-12 05:41 PM, Justin Lambert wrote: > Thanks for the response. We're using Posrgres, and the catalog build > seems a bit slow, but nothing compared to the client runtime which is > where I've been focusing. Your assessment is correct, it is just the > nagios server that is extremely slow (~20 mins), there is minimal/no > impact to the client machines. > > We're at about the 100 hosts, but have closer to 1500 services - maybe > we have exceeded what storeconfigs can do then. hmm.. so yeah, you've hit the same kind of very bad scaling from the nagios config native resources than I've experienced. Seeing how bad it becomes with that number of services is now convincing me that I want to change method. > If that is the case, is > there a recommended alternative that isn't manually maintaining config > files? One alternative would be to use file templates, combined with concatenated_file resources (from David Schmidt's 'puppet-common' module). That way, for every host and service definition (and other nagios config items), you can export a file and its contents will be verified by md5 sum. Every file that you export to the nagios server should notify a concatenation exec that binds everything together. The good thing with this method is that you can manage the module directory (where the different config file excerpts are stored) with 'purge => true' so that only exported resources are present in the final nagios configuration (something that native types don't handle very well -- or actually handle very badly). > It seems like most of the processing time is spent client side > and I haven't been able to figure out why. Even doing an md5sum on all > of the files from the CLI takes less than 2 seconds. I haven't traced the thing, but from what I could understand, the most time is spent in resolving relationships between exported nagios resources and ensuring that all the exported resources are unique. To verify this, you could setup postgres to log SQL requests and check out what gets requested during one run. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom function puzzlement
hello,
functions in puppet are always executed on the puppet master. So in your
case, every node gets the same value since you're always basing your
calculation on the puppet master's fqdn.
You might want to look into transforming your function (master-side)
into a fact (client-side)
or, you could also use the builtin function fqdn_rand, which gives you a
random number with the machine's fqdn as a seed for the pseudo-random
number generator. It might save you some work:
http://docs.puppetlabs.com/references/2.6.8/function.html#fqdnrand
On 11-09-16 02:21 PM, Christopher Wood wrote:
> This is using puppet 2.6.2 on Debian Squeeze.
>
> I am attempting to use a custom function in a module to return random numbers
> with the hostname (translated to a number) as the random seed. These random
> numbers can be random values for hour/minute cron, to avoid the
> herd-of-elephants effect when they all run apt-get update daily.
>
> While I'm not experienced with ruby, I've tested the function in a plain ruby
> script and it seems to work. My /tmp/t1 and /tmp/t2 files on the puppetmaster
> (see below) have the expected values in them. I have restarted puppetmaster
> after putting in the function.
>
> How do I get the return value out of my function?
>
> Am I missing anything else obvious?
>
> I am reading from this guide:
>
> http://docs.puppetlabs.com/guides/custom_functions.html
>
> My cheap-as-heck custom function:
>
> $ cat /etc/puppet/modules/yum_apt/lib/puppet/parser/functions/hsrand.rb
> module Puppet::Parser::Functions
>
> newfunction(:hsrand, :type => :rvalue) do |args|
>
> values = Hash[
> "a" => 1,
> "b" => 2,
> "c" => 3,
> "d" => 4,
> "e" => 5,
> "f" => 6,
> "g" => 7,
> "h" => 8,
> "i" => 9,
> "j" => 10,
> "k" => 11,
> "l" => 12,
> "m" => 13,
> "n" => 14,
> "o" => 15,
> "p" => 16,
> "q" => 17,
> "r" => 18,
> "s" => 19,
> "t" => 20,
> "u" => 21,
> "v" => 22,
> "w" => 23,
> "x" => 24,
> "y" => 25,
> "z" => 26,
> 1 => 1,
> 2 => 2,
> 3 => 3,
> 4 => 4,
> 5 => 5,
> 6 => 6,
> 7 => 7,
> 8 => 8,
> 9 => 9,
> "." => 1,
> "_" => 2,
> "-" => 3,
> ]
>
> string = lookupvar('fqdn')
>
> File.open('/tmp/t1', 'w') {|f| f.write(string) }
>
> stringarray = string.split(//)
>
> File.open('/tmp/t2', 'w') {|f| f.write(stringarray[0]) }
>
> count = 0
>
> for i in (stringarray)
> if values[i]
> count = count + values[i]
> end
> end
>
> srand(count)
>
> rand = rand(args[0])
>
> return(rand)
>
> end
>
> end
>
>
>
> In the module's init.pp I attempt to use this in a cron type:
>
> $aptupdater = '/usr/bin/apt-get update'
>
> # some files and stuff in between
>
> cron { 'apt-get-update':
> command => $aptupdater,
> user => 'root',
> hour => hsrand(24),
> minute => hsrand(60),
> ensure => present,
> }
>
> However, the cron job on every lab server ends up as:
>
> # Puppet Name: apt-get-update
> 1 1 * * * /usr/bin/apt-get update
>
>
> I greatly appreciate any assistance. I'm stumped.
>
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom function puzzlement
On 11-09-16 09:59 PM, Christopher Wood wrote: > Every time I kick a client host /tmp/t1 on the puppetmaster changes to the > fqdn of that host. As well using my puppetmaster's fqdn as the seed in a > separate ruby script gives me a series of random values that doesn't start > with 1,1. The "Using Facts and Variables" section of > http://docs.puppetlabs.com/guides/custom_functions.html shows how to use > lookupvar() to obtain client facts. oh, I didn't know about the purpose of lookupvar().. I guess I'll sleep a little less stupid tonight :) sorry for the noise then. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using puppet to install debian packages from backports
On 11-09-24 06:17 PM, Denmat wrote: > Hi, > > The options available to you are: > * Try an exec that installs the package > * try pinning the resource and push that to your apt config > * try specifying version in the config Using the backports version in the ensure parameter works, but you have to manually and regularly change the version tag if you want to follow upgrades. So this solution is only viable if you need the backports version, but also need to stay at a fixed version. Using the pinning mechanism works well. You just have to make sure you let only the packages you want to come from backports. If you're lucky enough to be using Squeeze, then you can simply drop a file in /etc/apt/preferences.d (it's unavailable before squeeze) > On 24/09/2011, at 8:06, Sébastien B. wrote: > >> Hello, >> >> with debian, provided you added backports.debian.org to your >> sources.list, you can install some fresher packages (say iceweasel) >> with the command >> >> apt-get install -t squeeze-backports iceweasel >> >> Is there anyway to do this using puppet ? >> >> Or maybe should I specify the required version of iceweasel. Maybe >> puppet will be smart enough to notice this version is only available >> from backports and install it ? >> >> Thank you from any help, >> >> Cheers >> Sebastien >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting only certain virtual resources?
Hello,
You can use the "tag" argument to mark different resources and then
collect only the resources with a certain tag.
See an example on this page:
http://docs.puppetlabs.com/guides/exported_resources.html
On 11-10-19 05:48 PM, Kevin Wolf wrote:
> I'm currently working on automating our Nagios monitoring with Puppet.
>
> My plan is to have three different Nagios servers... one in each data
> center. I'd like to have the Chicago (location => 'CH3') Nagios
> server only monitor servers who also reside in that data center.
>
> My question is, how do I go about collecting only the correct virtual
> resources on each Nagios server? Ideally, I'd like to collect only
> resources that belong to servers who's location fact matches the
> location fact of the nagios server.
>
> For example:
>
> Nagios_host <<| |>> { notify => Class['nagios::service'] }
> Nagios_service <<| |>> { notify => Class['nagios::service'] }
>
> collects services and hosts for ALL data centers, not just where the
> location fact is 'CH3'.
>
> I'm using a single mysql DB for thin stored configs, and have three
> puppet masters, one in each location. All three are connecting to the
> same mysql db for stored configs.
>
> Any suggestions? There might just be some simple syntax that I'm
> missing.
>
> Thanks,
> Kevin.
>
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] AW: nagios_service does not replace target file
t; >
>>> > Hi all,
>>> >
>>> > I'm using Puppet 2.6.6 on both clients and master along with stored
>>> > configurations. My clients provide Nagios configurations like this
>>> > example:
>>> >
>>> > @@nagios_service { "check_ping_${hostname}":
>>> >check_command => "check_ping!100.0,20%!500.0,60%",
>>> >use => "generic-service",
>>> >host_name => "$fqdn",
>>> >service_description => "${prefix}PING: ${hostname}",
>>> > }
>>> >
>>> > They are realized on the master with the Nagios_service:
>>> >
>>> > Nagios_service <<||>> {
>>> >
>>> > target => "${baseconfigdir}/${conf_file_srvs}",
>>> > require => File["${baseconfigdir}/${conf_file_srvs}"],
>>> > }
>>> >
>>> > Since I needed special access rights for the target file (it's
>>> rsynced
>>> > from another host), I added an appropriate file resource:
>>> >
>>> > file { "${baseconfigdir}/${conf_file_srvs}":
>>> > ensure => "present",
>>> > owner => "puppet",
>>> > group => "puppet",
>>> > mode => "0644",
>>> > backup => false,
>>> > require => File["${baseconfigdir}"],
>>> > }
>>> >
>>> > Everything works fine on the first run. But once a client changes its
>>> > Nagios resources, the new configuration will not end up in the target
>>> > file of Nagios_service.
>>> >
>>> > I checked the table 'resources' within the MySQL database after the
>>> > client executes - the changes to the exported resources are
>>> definitely
>>> > done there. (E.g.: mysql> select title,restype from resources where
>>> > host_id=6 and exported=1;)
>>> >
>>> > I tried to poke around and added
>>> >
>>> > content => " "
>>> >
>>> > to the file resource. Or I removed the 'require' attribute from the
>>> > Nagios_service resource. I also tried to keep the "${baseconfigdir}
>>> > clean by adding this resource:
>>> >
>>> >
>>> > file {"${baseconfigdir}":
>>> > ensure => "directory",
>>> > owner => "puppet",
>>> > group => "puppet",
>>> > mode => "0755",
>>> > backup => false,
>>> > recurse => true,
>>> > purge => true,
>>> > source => "puppet:///modules/icinga/puppet_generated",
>>> > }
>>> >
>>> > Within 'puppet:///modules/icinga/puppet_generated' there's only a
>>> > README file. And I thought with 'recurse' and 'purge' this will clean
>>> > all other files. But obviously not. The only thing that currently
>>> helps
>>> > is manually deleting the target files.
>>> >
>>> > There are no errors in the log files, the catalog compiles without
>>> > errors, I couldn't find any related bug entry, so I'm a little bit
>>> lost
>>> > at the moment.
>>> >
>>> > Thanks for any help
>>> > Bernd
>>> >
>
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] AW: nagios_service does not replace target file
On 11-11-17 04:04 AM, Bernd Adamowicz wrote: > Removing the 'require' link leads back to the very first problem I've > encountered: The files are not regenerated even thought the stored > configurations inside the MySQL database changed (I did check the table > content before.). hmm right, sorry you had mentioned this in your original post. I must say I don't understand why it wouldn't be working. I'm using puppet 2.6.2 with this module: https://labs.riseup.net/code/projects/shared-nagios permissions are set right, and files get modified for new exported resources. You said you rsynced the files from somewhere else, though. If you hold out that rsync process for a while, do you see new services getting added to the file? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Running puppet agent and master from cron jobs
On 11-12-04 11:53 AM, Christopher Wood wrote: >> 1. Run `puppet agent --onetime` every 30 minutes on agents > Definitely use fdqn_rand (see the function list) in the cron job minutes to > spread these out. yep, we use a bash-version of this random time thing. You'll quickly notice that you need to randomize client check-in times to ease up some load on the master: if everyone requests their catalogs at the same time, your puppetmaster won't be able to survive around 100 clients (maybe even less). another option for this is to use marionette-collective to do the client scheduling for you. but if you want to start your setup small and simple, the run interval randomization is quite sufficient. >> > 2. Run `service puppetmaster restart` on the master every 12 hours. > I've personally never needed to do this. Now I'm nosy about puppetmaster > uptime. Here, puppet is run via Apache with the passenger module, so the service simply doesn't need any restarting at all (since the puppetmaster code is only interpreted when a request is made) -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is there a way to push/copy a file from client to master ?
Hello,
If I'm not mistaken, you could use exported resources for this. e.g.:
node client {
@@file { ..., tag => "SSL_cert_whatever" }
}
node server {
File <<| tag == 'SSL_cert_whatever' |>>
On 11-12-13 08:11 AM, Dan White wrote:
> I am dealing with SSL certificates for secure rsyslog that need to be created
> on each machine and then collected onto the logging server.
>
> Getting a file from puppetmaster to client is trivial, but how do I reverse
> the process ?
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere in
> the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] a tips , run puppet in client mode in big datacenter
On 11-12-13 07:36 AM, Felix Frank wrote: > Puppet usually authenticates both master and agent, so there is no added > security in throwing GPG at it. > The catalogue isn't getting any more encrypted or signed than the > regular puppet master does. actually, the benefit could be that the GPG key, being off of the puppet master, ensures an external validation of the catalog content. but for the rest, it sounds like it's just a manual deconstruction of the puppetmaster-puppetclient model.. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] filtering exported resources...
On 11-12-15 02:29 PM, Matthew Nicholson wrote:
> I've stopped collecting dsa keys, we don't care about those, and are
> looking to cut our run times down (about 1750 hosts). However, I'm
> assuming that a new node brought online will still get all the dsa
> keys since they have already been collected, right?
Actually, resources live for as long as they are being exported by
nodes. If puppet runs and doesn't "re-export" a resource, it is cleaned
out of the storedconfigs database.
So, assuming that all of your clients run periodically without errors,
now that you removed RSA key exporting, the RSA keys should get cleaned
out of the database after all clients have run puppet.
The key files that were already installed won't get removed from
servers, though. For that, you'd have to export resources for the RSA
keys by forcing "ensure => absent" on them.
> Can I do something like:
>
> class ssh::knownhosts {
> Sshkey <<| type= 'rsa' |>> {ensure => present}
> }
this should surely work, yes.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet capacity with apache+passenger, server saturated
Hello, On 11-12-21 08:01 AM, Antonio Xanxess wrote: > MinSpareThreads 25 > MaxSpareThreads 75 > MaxRequestsPerChild 0 How much RAM does each Apache process take? Does Apache take more and more memory up to the point you mentioned (11Gb taken)? With luck, if you set MaxRequestsPerChild to something like 1000 (or maybe a little lower) your processes will be able to clear out their memory from time to time.. It's possible that it doesn't really help that much, but it could give you a little more space. Also, depending on how much clients hit your server at peak concurrency, you could lower MaxSpareThreads a little to have Apache kill more loose processes (and thus regain their memory faster). -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best practice for SELinux overrides
Or you could use a parametrized class to make things shorter and easier
to understand:
class common ( $selinux_mode = 'enforcing' ) {
class { selinux: mode => $selinux_mode }
}
node server1 {
include common
}
node server2 {
class { common: selinux_mode => 'permissive' }
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with definition/classes
On 12-01-07 12:55 PM, Ola wrote:
> On the puppet server i have the stuff placed at: /etc/puppet/modules/
> snmpd/manifests
> The init.pp looks like this:
hmm it mostly looks okay, but I don't know if it was a typing mistake
when copying or if you really copy-pasted from your file, but:
> class snmpd::install {
> package { "net-snmpd":
> ensure => present,
> }
>
you're missing a } here
>
>
> class snmpd {
> include snmpd::install, snmpd::service
>
>
>
> }
>
> define snmpd::type($placement) {
>
> include snmpd
>
> file { "/etc/snmp/snmpd.conf":
>
> owner => "root",
> group => "root",
> mode=> 640,
>source => "puppet:///snmp/snmpd-($placement).conf",
> require => Class["snmpd::install"],
> }
and another } here
> And on the node that getting the error message i have include snmpd.
If the above is true though, I would expect puppet to fail with a syntax
error instead of saying that it can't find the class.
You can check your init.pp file for syntax with the command:
puppet --parseonly --ignoreimport
/etc/puppet/modules/snmpd/manifests/init.pp
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Nagios hostgroups
Hello, I've been working for the past two days on transforming a Nagios module to make it "hostgroup"-aware, that is, to include hosts in groups to reuse services intead of always redefining them for every host. I tested giving a list of strings to the "hostgroups" attribute to the nagios_host resource but it only considers the first element of the list. Is there a way to "collect" unique group names for a single host and to concatenate the final result in a comma separated string? The purpose of this would be to make modules add nagios groups to the hosts if they have those services installed. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Nagios hostgroups
On 14/06/10 07:30 PM, donavan wrote:
> On Jun 12, 1:09 pm, Gabriel Filion wrote:
>> I tested giving a list of strings to the "hostgroups" attribute to the
>> nagios_host resource but it only considers the first element of the list.
>
> Something like this?:
> nagios_host {
> "$fqdn":
> address => "$ipaddress",
> hostgroups => ["group1", "group2"]
> }
>
That's exactly what I'd like to do. Trying this generates a host config
for nagios with only "group1" in the "hostgroups" line.
> I haven't tried what youre doing, but sounds like it might be a Type/
> Provider bug.
>
bug or missing feature.. I haven't tried it with 0.25.5, though. I'm on
Debian unstable, using the puppet/puppetmaster packages, so the version
is 0.25.4
should I open a bug report about this?
>> Is there a way to "collect" unique group names for a single host and to
>> concatenate the final result in a comma separated string? The purpose of
>> this would be to make modules add nagios groups to the hosts if they
>> have those services installed.
>
> You might be able to use a template or function to join() your array.
>
> class bar{
> $nagios_hostgroups += ["group1"]
> }
>
> class foo {
> include bar
> $nagios_hostgroups += ["group2"]
> nagios_host {
> "$fqdn":
>address => "$ipaddress",
>hostgroups => template("join_hostgroups.erb")
> }
> }
>
> join_host_groups.erb:
> <%= nagios_hostgroups.join(',') %>
>
Interesting. I'll try this out in the next few days and give you
feedback on whether this workaround does the job.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Nagios hostgroups
On 2010-06-15 21:17, donavan wrote:
> On Jun 14, 11:07 pm, Gabriel Filion wrote:
>> Interesting. I'll try this out in the next few days and give you
>> feedback on whether this workaround does the job.
>
> If you use a variable, like $nagios_hostgroups, you may also need to
> specify the namespace. As an example ${nagios::nagios_hostgroups}
> provides a way to access your variable from any other class. Don't
> recall how that works with templates though.
>
The trick with the template did the job for transforming an array into a
comma-separated string.
However, concatenating groups with "$nagios_hostgroups += ['something']"
in each included class is too restrictive: because of the scope of
variables, I never get the entire list during the call to the define
that exports the "nagios_host" resource. Also, with qualified variable
names, I cannot modify the value in higher scopes.
I've tried figuring out virtual resources but they don't seem to be of
any help here either for simple arrays..
Any other ideas of how to acumulate values in an array for the entire node?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find class, code-blind
On 2010-06-17 06:31, Tore wrote:
> I'm troubled with a node-definition not able to resolve a class:
> Could not find class rhnsd::common at /etc/puppet/manifests/nodes.pp:
> 8 on node X
>
> Content of manifest/site.pp:
> import "nodes.pp"
> [...]
>
> The layout of modules/rhnsd/ is:
> |-- files
> | `-- up2date-rhn
> |-- manifests
> | |-- client.pp
> | |-- common.pp
> | |-- init.pp
> | `-- rhn.pp
>
> A `cat' from each manifest file:
> client.pp::
> class rhnds::client inherits rhnsd::common {
>
> service { "rhnsd":
> ensure => running,
> enable => true,
> hasrestart => true,
> hasstatus => true,
> require => [ Package["rhnsd"], File["/etc/
> sysconfig/rhn/up2date"] ],
> subscribe => File["/etc/sysconfig/rhn/up2date"],
> }
>
> }
>
> common.pp::
> class rhnds::common inherits rhnsd {
^--
If you really pasted this, then here is your error ;)
I saw the same typo in client.pp higher up.
>
> if ($operatingsystem != 'RedHat') {
> fail("${fqdn} is not an RedHat OS, it is $
> {operatingsystem}. Unable to apply module RHN, since it is only used
> on RedHat based systems")
> }
>
> if ($lsbmajdistrelease != '5') {
> fail("${fqdn} is not a 5-major release from RedHat.
> Puppet modules for other major releases have not been made yet.")
> }
>
> $rhn_client_requirements = $lsbmajdistrelease ? {
> 5 => [ 'yum', 'rhn_register', 'rhnsd' ],
> 4 => [ 'yum', 'up2date', 'rhnsd' ],
> }
>
> package { $rhn_client_requirements:
> ensure => present,
> }
>
> }
>
> init.pp::
> class rhnsd {
>
> }
>
>
> client.pp::
> class rhnsd::client::rhn inherits rhnsd::client {
>
> file { "/etc/sysconfig/rhn/up2date":
> ensure => present,
> source => "puppet:///rhn/up2date-rhn",
> require => File["/usr/share/rhn/RHNS-CA-CERT"],
> }
>
> file { "/usr/share/rhn/RHNS-CA-CERT-VISMA":
> ensure => present,
> source => "puppet:///rhn/RHNS-CA-CERT",
> }
>
> }
>
>
> Why wont this work, I know it must be an small error, but right now im
> code-blind, it sucks.
>
> Thanks for your help
>
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scope in classes
On 2010-06-20 14:55, Douglas Garstang wrote:
> I think I have a misunderstanding of variable scope in classes.
>
> Wy isn't tfel4_ClusterDbType set in the elements::tfel4::elements
> class? It's set in elements::tfel4::defaults but then goes *poof* when
> elements::tfel4::elements tries to access it.
>
> class elements::tfel4::defaults {
> if ( !$tfel4_ClusterDbType ) {
> $tfel4_ClusterDbType = "oracle"
> }
> notice("(1)tfel4_ClusterDbType = ${tfel4_ClusterDbType}")
> }
>
> class elements::tfel4::elements {
> include elements::tfel4::jboss
> include elements::tfel4::defaults
> notice("(2)tfel4_ClusterDbType = ${tfel4_ClusterDbType}")
> }
>
Each class is able to access the scopes of its parents but not of its
siblings. so, in the case of the elements::tfel4::defaults class, it
will see variables from elements::tfel4 , elements, :: (global scope),
in that order of precendence -- e.g. the global variables being accessed
only if the variables are not "redefined" or modified in the parents.
so, for your case, the tfel4_ClusterDbType variable could be defined in
elements::tfel4
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] header for puppet managed files
On 2010-06-20 15:37, Psyber wrote: > Anyone have any ideas on adding a default header to puppet managed > files and templates? > This might be tricky because of the different methods of adding > comments for different types of files but I'm certainly open to > suggestions that would enforce the existence of a header. > I've been meaning to ask the same question, lately. thanks for asking :) Unfortunately I didn't look into it yet so I don't have any suggestion about that. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] header for puppet managed files
On 2010-06-20 15:50, Patrick Mohr wrote: > > On Jun 20, 2010, at 12:37 PM, Psyber wrote: > >> Anyone have any ideas on adding a default header to puppet managed >> files and templates? >> This might be tricky because of the different methods of adding >> comments for different types of files but I'm certainly open to >> suggestions that would enforce the existence of a header. > > I manage: > 1) Config files that use "#" or ";" for comments. > 2) Html files that use for comments. > 3) Pxe config files that use "#" for comments. > 4) Binary files that can't have comments. > > The problem is there's no easy way for puppet to know what format comments > are in. There's no common comment format that will work with all files. "#" > comments are the most common, but nowhere near universal. > Good point there. I wonder if using a module that does "file concatenation" could be a good method. one would need to have a define for each format of header to include and could include a file by calling the appropriate define. I'm not sure but it could make overwriting file resources a lot more complicated... -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Nagios hostgroups
Hello,
On 2010-06-15 21:17, donavan wrote:
> On Jun 14, 11:07 pm, Gabriel Filion wrote:
>> bug or missing feature.. I haven't tried it with 0.25.5, though. I'm on
>> Debian unstable, using the puppet/puppetmaster packages, so the version
>> is 0.25.4
>>
>> should I open a bug report about this?
>
> Take a look on puppet-dev group and the issues db. If there's nothing
> found I'd just open a bug. Worst case it's a no action and youre in
> the same spot.
>
For those interested, I've opened a feature request for supporting lists
with the "hostgroups" argument to nagios_host:
http://projects.puppetlabs.com/issues/4020
There is also a possibility that this feature could be useful with other
nagios resource values. If you think of any other that you'd like to see
support lists of strings, then please comment on this feature request.
>> Interesting. I'll try this out in the next few days and give you
>> feedback on whether this workaround does the job.
>
> If you use a variable, like $nagios_hostgroups, you may also need to
> specify the namespace. As an example ${nagios::nagios_hostgroups}
> provides a way to access your variable from any other class. Don't
> recall how that works with templates though.
>
Maybe using an external function to store the collected values could be
a solution.. but then, we would be somewhat reimplementing puppet's
virtual resource realization feature.
Does anyone see an interest in making puppet able to collect values into
a list from arbitrary sub-scopes, other than for implementing host-based
nagios configuration?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable Scoping: What do you want?
On 2010-06-29 19:47, Joe McDonagh wrote: > On 06/29/2010 12:22 PM, Luke Kanies wrote: >> Hi all, >> >> Given the number of threads on variable scoping recently, it's pretty >> clear we need to change how it works. Markus has a lot of this redone >> in his futures branch, and I'm asking him to fully describe what the >> results will be when that's merged, but my guess is that there are >> different expectations for what people want to see. >> >> So, my question is, what behaviour changes would you like to see in >> how variable scoping works? How would you like the edge cases that >> are currently hurting you to behave? >> > Since order is not guaranteed, re-defining is kind of a no-go, but maybe > some kind of 'final override' keyword would work. Some logic like "if > var is defined, i don't care, this value takes final precedence." But > you wouldn't be able to have more than one 'final override' or whatever > term you want to call it. > > Also, it would be *huge* to be able to append to vars. Right now I open > fw ports via a variable in the node def like: > > $open_tcp_ports = "22,443" > > If I could always open 22 in the node def, but += inside classes for > httpd, nfs, etc. things would be nice. I'm guessing this might be a > little difficult because all the variables in the catalog would have to > be assembled before applying the catalog. > I think the appending facility would be nice.. It could be something similar to virtual resources that you realize in a precise place. Only, it would not be a resource, but a list that you realize as a metaparameter or variable value. And to go with that, having access to joining lists into a string without having to use an inline template would be nice. I think that collecting values inside a list from within any arbitrary class, that should be used in one place is a not-so-edgy case that is currently halted by class scopes. Firewall rules, as Joe McDonagh mentioned, is one example. Another example is nagios hostgroups/servicegroups. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios Types
On 2010-07-05 19:34, Douglas Garstang wrote:
> First off, does anyone use the puppet built in nagios types?
>
> I just started to play with them, and I noticed that nagios_host
> writes the nagios_host.cfg file as owned by root, and readable by
> root, and no on else. Is there a reason for that? Since nagios runs as
> the nagios user, it can't read the file. Sure, I can change the
> ownership later with a file {}, but I shouldn't need to.
>
> -rw--- 1 root root 294 Jul 5 16:30 nagios_host.cfg
>
> James, hope my tone is acceptable.
>
> Doug
>
This is probably the case since the puppet daemon must run as root to be
able to install packages and create/remove/modify files. Also, the
default umask for root is normally set to create files that are not
accessible to everyone.
As you mentioned, "file {...}" is probably the way to go:
file { nagios_resource_cfg:
path => "$nagios_basedir/resource.cfg",
source => [ ... ],
notify => Service['nagios'],
owner => root, group => nagios, mode => '0640';
}
Another possibility would be to use (I havent tested it yet)
File { owner => root, group => nagios, mode => '0640'; }
inside the class in which you declare the nagio file resources so that
those permissions are the default for the nagios config files.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!
On 2010-07-20 01:40, Rohan McGovern wrote: > And, asking from the other direction: would anyone else be interested in > such a thing? > I know the company I work for would be very interested in having it packaged for Windows. The last time I asked on IRC, the Windows support was coming along but was not quite there yet. What features are currently working properly and what are the ones that are lacking? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: Puppet on Windows (was Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!)
On 2010-07-20 01:47, James Turnbull wrote: > Rohan McGovern wrote: >> James Turnbull said: >>> The journey was long and arduous and many fell along the way but Puppet >>> Labs is proud to announce the 2.6.0 release! >>> >> >> Is anyone aware of an attempt to package up a complete (puppet + all >> prereqs) installer for Windows? Either official, or by someone in the >> community? >> >> And, asking from the other direction: would anyone else be interested in >> such a thing? >> >> I would be, because setting up puppet on Windows seems pretty tough >> right now. I also have no need for Ruby on my Windows boxes except >> for the usage of puppet. > > Rohan > > There isn't such an attempt so far - we've got it on the cards to do - > but any progress in that direction would be awesome. > > We've got some basic notes at: > > http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows > Oh, I didn't see your reply before I sent my last message. thanks for the link. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios allowed hosts, how would you do it?
On 20/07/10 08:06 AM, Tore wrote:
> Hi,
>
> We currently have a module `nagios` which install nrpe and nagios
> plugins for all nodes. The default node have this module included.
>
> Currently we have a customer who wants to monitor their own services.
> We will still monitor them, but they want to do their own checks, fair
> enough.
>
> How would you do this? This is what I have now:
>
> node default {
> [...]
>include nagios
>$nagios_allowed_hosts = ["ip1", "ip2"]
> [...]
> }
>
> But we don't want to add their source IP to this list, so thought this
> would do:
> Keep current default node, add this:
>
> node special_customer inherits default {
> $nagios_allowed_hosts += "ip"
> }
>
> And then inherit all of their nodes from this rather than default.
>
It may look a bit nasty but you could possibly do it with a global variable:
$nagios_allowed_hosts = ['ip1', 'ip2']
node default {
import nagios
// ...
}
node special_customer inherits default {
$nagios_allowed_hosts += ['ip3']
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] use current array element when declaring multiple resources using an array
On 11/10/2010 10:18 AM, luke.bigum wrote:
> Hi list,
>
> When declaring multiple resources at once with an array like this:
>
> file { [ "foo", "bar" ]: ... }
>
> Is there a way to access the current array element so as to pass this
> value as a parameter? So the "foo" resource has a parameter value
> "foo" and "bar" with a parameter value "bar"?
I think what you want is to use $name. it corresponds to the resource
name that is currently being worked on.
file { [ "foo", "bar" ]: path => "/blah/${name}.txt", ... }
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The puppet model
Hello,
On 11/23/2010 12:34 PM, Dan Bode wrote:
> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Internals
>
> The model in puppet is implemented as a directed acyclic graph (DAG). The
> vertices of the graph are resoures, the edges are the relationships (order
> dependencies) between resources.
>
> Resource types describe the desired state of a resource in terms of
> properties.
>ex: File has properties content, mode, owner, group
>
> Types specify the description of a resource, which is abstracted from
> providers that specify the implementation (how we query the current state,
> how we synchronize)
> ex: package { 'foo': ensure => installed} is a relevant description
> regardless of the implementation of how we query the current state and how
> we synchronize if it does not match the description. (could be apt, rpm,
> yum)
>
> Properties are attributes of resources that can be synchronized.
>
> The synchronization process is as follows:
> - query the real state of the property on the system
> - compare to the desired state
> - if they are not the same, then synchronize them
> - if we have to sync resources, then create an event.
This description is actually concise and quite understandable. I would
suggest adding it to Puppet's documentation wiki, not too far away from
the "extended knowledge" section [1].
[1]: http://docs.puppetlabs.com/#extended-knowledge
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet definitions and inheritance
On 10-12-28 01:31 PM, cyrus wrote:
> [...]
> But Puppet complains
>
> err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> Invalid resource type luser.
>
> I know this definition works since I can call it directly from within
> the class main. I even tried calling luser using main::luser but same
> error.
>
If your code is in a module, try invoking it in a fully qualified manner:
module_name::main::luser { "blah": ... }
hope it helps.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How the agents are distinguishing the matching config changes ?
On 10-12-28 09:45 AM, mbuyukkarakas wrote:
> Dear members,
>
> I'm a newbie in Puppet. I was not able to find answers about this.
> Could you please redirect me to the correct resources. Thank you.
>
>
> I need to manage several Solaris10 servers. But I guess every server
> wont have the same configuration or same templates. So how the agents
> are distinguishing the correct configuration file which matches to the
> server or the group ?
well, generally you need to build your puppet modules so that the file
they send to the client can be set specifically for one server (or group
of servers, depending on your needs..)
here's an example taken from a module for 'apt' (the whole file can be
seen at
https://labs.riseup.net/code/projects/shared-apt/repository/revisions/master/entry/manifests/init.pp
):
apt_conf { "02show_upgraded":
source => [ "puppet:///modules/site-apt/${fqdn}/02show_upgraded",
"puppet:///modules/site-apt/02show_upgraded",
"puppet:///modules/apt/02show_upgraded" ]
}
so, here (for this example, let's name the host requesting the config
file 'host1.example.com') puppet first tries to find something in the
'site-apt' module's files directory in the 'host1.example.com'
subdirectory (i.e. 'site-apt/files/host1.example.com/02show_upgraded').
If there's nothing there (or the subdirectory doesn't exist), it'll try
to get 'site-apt/files/02show_upgraded'.
If this one is not there, its last resort is in the 'apt' module. So,
it'll try to find a file in 'apt/files/02show_upgraded'.
This way, you have one very generic file in the module, one way to
change the generic file (by putting one in the site-apt module) and one
way to set the config file's contents to be specific to one host.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with specifying server name
On 11-01-20 11:40 AM, Basil Kurian wrote: > On 20 January 2011 11:29, Patrick On Jan 19, 2011, at 6:06 AM, Basil Kurian wrote: >> root@client ~# puppetd --test >> err: Could not retrieve catalog from remote server: undefined >> method `closed?' for nil:NilClass >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run > > This error is a bug that is fixes in later versions of puppet. It > means, something went wrong (this might be your fault) and the > cleanup code failed (this part isn't your fault). > > You can find more information and a workaround that will get you the > real error at: > http://projects.puppetlabs.com/issues/3101 > I installed puppet from ubuntu's repo. The installed version is 0.25.4 One possibilty could also be a client that is less recent that the puppetmaster.. I've seen the same error as you this week when I was playing with FreeBSD-8.1-RELEASE which uses puppet 0.25.4 and my puppet master is under Debian squeeze with puppetmaster 2.6.1 Upgrading the client fixed my problem. It's not very scientific, though. You should give the above-mentioned workaround a try. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] accessing puppet config variables inside a manifest
Hello,
I'm currently using a module named "common" which is based off of David
Schmitt's work.
I'm having issues with it in OpenBSD, and the reason is that the
directory created to contain module-specific files is hardcoded to
/var/lib/pupppet/modules.
Now, I could easily special-case the path for OpenBSD and the other OSes
that don't keep their $vardir under this directory, but I was wondering
if it was possible to access variables from puppet.conf into the manifests.
If it could be possible, it would be more elegant to use the $vardir
value directly.
I've done a quick test to print (notify{}) the value of $vardir and it's
empty. Do you guys know of a way I could access this value within the
module's manifests?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] accessing puppet config variables inside a manifest
On 11-01-31 01:09 PM, Nan Liu wrote:
>> I've done a quick test to print (notify{}) the value of $vardir and it's
>> > empty. Do you guys know of a way I could access this value within the
>> > module's manifests?
> Yeah, that would make manifests a lot more flexible. Here's a function
> that should work for this purpose and potentially other puppet
> configuration variables as well:
>
> # puppet_vardir.rb
> module Puppet::Parser::Functions
> newfunction(:puppet_vardir, :type => :rvalue) do
> Puppet[:vardir]
> end
> end
hmm, that's interestingly very simple. I would personally use a fact
instead of a function, but now that I know the ruby part to fetch the
config value, writing a fact shouldn't be too difficult.
thanks,
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: accessing puppet config variables inside a manifest
On 11-02-01 04:16 AM, R.I.Pienaar wrote: > Since 2.6.0 you can just do notice($settings::vardir) oh .. I've just tried it out and it works. hurray for 2.6, then! :) and, I'll also keep Nan Liu's suggestion in mind for 0.25.x Thanks to everyone for the feedback! -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] can we choose which inteface defines the $ipaddress fact?
Hi, I've run into some bug today with nagios checks that are exported in a client's puppet setup. The problem is that some host definitions are exported with an internal address (10.x or 192.168.x) even though the servers do have an external IP on another interface. One of those uses a tap inteface to bridge traffic, and another has a virtual interface that is used for a vlan. In all cases, the interface with an internal IP comes up higher in the output of ifconfig, and this makes the fact "ipaddress" take it as its value. Is there a way to force facter to chose a specific interface for the ipaddress value? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] can we choose which inteface defines the $ipaddress fact?
On 11-02-08 12:05 AM, Patrick wrote: > Yes and no. > > Try running "facter | grep ipaddress" on the client. This will give you the > names of variables you should be using instead that are listed by interface. hmm, well thanks for confirming this. I'll have to put some effort on my nagios module to provide for an override for the ip address, then. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] can we choose which inteface defines the $ipaddress fact?
On 11-02-09 01:01 AM, Naresh V wrote:
> Facter.add(:ipaddress, :timeout => 2) do
> setcode do
> if hostname = Facter.value(:hostname)
> # we need Hostname to exist for this to work
> host = nil
> if host = Facter::Util::Resolution.exec("host #{hostname}")
> list = host.chomp.split(/\s/)
> if defined? list[-1] and
> list[-1] =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/
> list[-1]
> end
> else
> nil
> end
> else
> nil
> end
> end
> end
> If this part were the default/first piece of code that'd be used to
> produce the ipaddress fact, setting the right A record for the fqdn
> should solve the problem?
hmm this fact looks like it won't work for any host that doesn't
resolve, which would be problematic for something like a test setup with
virtual machines.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Inter-Module Dependency
On 11-02-15 05:25 PM, Nan Liu wrote:
> You can also create class level dependency so it is less tightly
> coupled to a specific resource which may benefit you in the long run
> should you need to refactor dns_config class.
>
> class random_app {
> require dns_config
> ...
> }
hmm this actually binds the OP's 'random_app' module to the 'dns_config'
one while Daniel's suggestion can find the File resource even though it
is moved from one module to another.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios configuration arrays
Hello,
I finally abandoned the idea of having a group-based sane-looking Nagios
configuration with puppet, because there are too many weirdnesses in
Naginator. And unfortunately I can't really bring any help with patches
since I don't write any ruby..
There are some great nagios modules out there which you could use, or
from which you could borrow ideas. Generally speaking, I see that they
tend to define services for each host and attach them directly to hosts.
It's big and clunky, but at least it works..
For example, in an sshd module, you would have something like:
@@nagios_service { "${fqdn}_ssh":
check_command => "check_ssh",
host_name => $fqdn,
}
The biggest problem I have right now is that purging nagios resources
doesn't seem to erase anything, so my config gets messed up from time to
time when nodes are taken out or things are moved around and I need to
manullay remove nagios config files and have puppet regenerate them :\
On 11-03-02 09:55 AM, Martijn Grendelman wrote:
> On 02-03-11 14:49, Brian Gallew wrote:
>> Sadly, signs point to "no".
>
> Too bad. But since I run a patched Puppetmaster anyway, I can do what I
> want :-)
>
> Unfortunately, it doesn't solve my problem.
>
> I am trying to do the same thing as Gabriel Filion in this post:
> http://groups.google.com/group/puppet-users/browse_thread/thread/276e6e694520224d
>
> So, I have a nagios-target class, that defines a virtual resource:
>
> @@nagios_host { "$hostname":
> use => "generic-host",
> address => $fqdn,
> alias => $hostname,
> ensure => present,
> hostgroups => [],
> }
>
> and I would like to do something along the lines of this: in a different
> class (not a subclass of nagios-target), for example in the class that
> configures the MTA:
>
> Nagios_host [$hostname] {
> hostgroups +> "mail-satellite-servers",
> }
>
> which results in this error:
>
> "Only subclasses can override parameters at ..."
>
> which sounds logical, but...
>
> Is there any way to do what I want? I can't really think of anything,
> since (variable) scoping will always be in my way, as far as I can see...
>
>> On Wed, Mar 2, 2011 at 5:15 AM, Martijn Grendelman > <mailto:mart...@iphion.nl>> wrote:
>>
>> Hi,
>>
>> A question for the devs. Will this:
>>
>> http://projects.puppetlabs.com/issues/4020
>>
>> make it into a release any time soon?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios configuration arrays
On 11-03-02 02:27 PM, Brian Gallew wrote: > I've found that Puppet/Naginator has the bad habit of occasionally breaking > the Nagios config. Here's how I worked around this: > 1) When you collect your Nagios resource, store them all in a temporary > directory (in my case, ~nagios/var/tmp) > 2) Purge that directory with a cron job every night (so deleted resources > disappear) > 3) Create an exec that creates a ~nagios/etc/nagios-tmp.cfg by running sed on > ~nagios/etc/nagios.cfg and changing directories appropriately. > 4) Create an exec that pre-flights Nagios using the nagios-tmp.cfg (which > checks the tmp dir) and, if successful, sync the files over into the real > Nagios config directory. > > It's a little clunky, but Nagios doesn't ever break anymore. Remember that > your pre-flight exec should require all the Nagios resources (so the files > get updated first), and should always run if the contents of the tmp dir vary > at all from the real target (diff is your friend here). Otherwise, the > preflight may fail once and then never run again until the next time you make > a substantive server change. hmm, that's an interesting approach. it sounds like it requires a lot of exec magic but it does cover for the config breakages and also for purging resources. When I finally get some free time, I'll look into implementing that. Thanks for the hint. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to fix symbolic links
Hello,
On 11-04-20 01:02 PM, Martin Alfke wrote:
> On Apr 20, 2011, at 6:07 PM, Sans wrote:
>> Say for example, this is the package, already installed on the
>> system:
>>
>> # rpm -qa | grep lfc-libs
>> lfc-libs-1.8.0-1sec.sl5
>> lfc-libs-1.8.0-1sec.sl5
>>
>> and I want a symbolic: "liblfc.so -> libdpm.so.1.8.0" in "/opt/lfc/
>> lib", for example. Is it possible? Cheers!!
>
> Setting symlinks is standard job for file resource type:
>
> file { '':
> ensure => ''
> }
>
> Example.:
>
> file {'/etc/inetd.conf':
> ensure => 'etc/inet/inetd.conf'
> }
>
> This creates a symlink /etc/inetd.conf pointing to /etc/inet/inetd.conf
the above will work fine, but using the "ensure" parameter to specify
the target path was deemed misleading and so an alternative was added.
I suggest checking out this page for more info on the "file" resource type:
http://docs.puppetlabs.com/references/stable/type.html#file
However, from what I can see, the documentation about its "ensure"
parameter could use a little fine-tuning. Even though the first
parameter doesn't mention "link" as a valid value for "ensure", there is
an example of the alternative I'm describing in the first code box.
Here's an example using the alternative method, which in my opinion
makes things clearer:
# this should theroetically make a symlink relative to the current
# directory. You can also use absolute paths for the target.
file { '/opt/lfc/lib/liblfc.so':
ensure => link,
target => 'libdpm.so.1.8.0',
}
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Automating Nagios with Puppet
uot;ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!check_raiz"
> > }
> >
> > @@nagios_service { "Host - /boot":
> > use => "ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!check_boot"
> > }
> >
> > @@nagios_service { "Host - Memoria":
> > use => "ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!check_memoria"
> > }
> >
> > @@nagios_service { "Host - Swap":
> > use => "ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!check_swap"
> > }
> >
> > @@nagios_service { "Host - Numero Procesos":
> > use => "ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!
> > check_total_procs"
> > }
> >
> >
> > @@nagios_service { "Host - Interfaces de Red":
> > use => "ingacceso_generic-
> > service",
> > host_name => "$fqdn",
> > check_command => "check_nrpe!
> > check_interfaces_net"
> > }
> > }
> > }
> >
> > After this, I include this module in the template.pp:
> >
> > node basenode {
> > case $operatingsystem {
> > centos: { include centos }
> > default: { include centos }
> > }
> > include baseapps, sshd, administradores, nagiosclient
> > include nagios::target
> > }
> > node default inherits basenode {}
> > node webserver inherits basenode {
> > include apache
> > }
> > node dbserver inherits basenode {
> > include mysql
> > }
> > node mailserver inherits basenode {
> > include postfix
> > }
> > node nagiosserver {
> > case $operatingsystem {
> > centos: { include centos }
> > default: { include centos }
> > }
> > include baseapps, sshd, administradores, nagiosclient
> > include nagios
> > }
> >
> > Also I define my nodes in the node.pp file:
> >
> > node 'masterpuppet.example.int <http://masterpuppet.example.int>'
> inherits basenode {}
> > node 'web.example.int <http://web.example.int>' inherits webserver {
> > apache::virtual_host { "test1.example.int
> <http://test1.example.int>":
> > ip => "172.16.73.201"
> > }
> > apache::virtual_host { "test2.example.int
> <http://test2.example.int>":
> > ip => "172.16.73.201"
> > }
> > }
> > node 'db.example.int <http://db.example.int>' inherits dbserver {}
> > node 'mail.example.int <http://mail.example.int>' inherits
> mailserver {}
> > node 'nagios.example.int <http://nagios.example.int>' inherits
> nagiosserver {}
> >
> > I verified that my store configs work well in my MySQL Database but in
> > the reports of my Nagios host I can see this error:
> >
> > --- !ruby/object:Puppet::Transaction::Report
> > configuration_version:
> > host: nagios.example.int <http://nagios.example.int>
> > kind: apply
> > logs:
> > - !ruby/object:Puppet::Util::Log
> > level: !ruby/sym err
> > message: "Could not retrieve catalog from remote server: Error
> > 400 on SERVER: Exported resource Nagios_service[Host - /] cannot
> > override local resource on node nagios.example.int
> <http://nagios.example.int>"
> > source: Puppet
> > tags:
> > - err
> > time: 2011-04-26 09:39:55.848399 +02:00
> > - !ruby/object:Puppet::Util::Log
> > level: !ruby/sym notice
> > message: Using cached catalog
> > source: Puppet
> > tags:
> > - notice
> > time: 2011-04-26 09:39:55.928445 +02:00
> > - !ruby/object:Puppet::Util::Log
> > level: !ruby/sym err
> > message: Could not retrieve catalog; skipping run
> > source: Puppet
> > tags:
> > - err
> > time: 2011-04-26 09:39:55.928687 +02:00
> > metrics: {}
> > puppet_version: 2.6.6
> > report_format: 2
> > resource_statuses: {}
> > status: failed
> > time: 2011-04-26 09
> >
> > and the files nagios_*.cfg don't appear in my Nagios config.
> >
> > Can somebody help me with this troubleshoot?
> >
> > Ref:
>
> http://blog.gurski.org/index.php/2010/01/28/automatic-monitoring-with-puppet-and-nagios/
> >
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Automating Nagios with Puppet
Hello,
On 11-04-28 05:55 AM, Sans wrote:
> On Apr 26, 9:29 am, Fransua33 wrote:
>> > [ ]
>> >
>> > $servicelist=["nagios", "httpd"]
>> >
>> > service { $servicelist:
>> > ensure => "running",
>> > hasstatus => "true",
>> > hasrestart => "true"
>> > }
>> >
> Do you really need to run "httpd" on the client node to run Nagios
> client?
Judging from the manifests that the OP sent, the HTTP server is run on
the nagios server, not on each node: the "nagios" class is included only
on the node 'nagiosserver', while the class "nagios::target" is included
everywhere.
It is possible to run a Nagios server without a web server, but you
won't be able to access its web interface.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Negative checkin time
Hi, I'm using puppet 0.25.5 and a puppetlast script [1]. [1] : http://humangenomeinfo.com.ar/1.txt/usr/share/puppet/ext/puppetlast I get a negative checkin time from one node.. UNKNOWN: somenode.fqdn checked in -16 minutes ago how is that possible? The timestamp for the checkin time is taken from node.values[:_timestamp]. Is this timestamp based on the remote node's clock? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Negative checkin time
On 11-05-19 01:58 PM, Chris Phillips wrote: > I raised a bug for the report date being based on the clients clock, > which doesn't seem right in my > book: https://projects.puppetlabs.com/issues/7520 Thanks to both of you the problem was indeed a clock drift and using 'ntpd -s -d' on the node "solved" my issue. but I think, like you, that basing the checkin time on the remote clock is awfully wrong. I'll go vote for the issue. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] enabling of 'thin_storeconfigs'
Hello, I found out that a puppetmaster I manage is currently not using the thin_storeconfigs option and suggested to the other admins that we use this in order to reduce puppet run times a little. Is it recommended to purge the [mysql] database once the option is enabled on the puppetmaster? p.s. on another note: I can't grasp the advantage of not using thin_storeconfigs. Since we'll be parsing the manifests on every change anyway, having all info replicated into a database doesn't seem to bring us anything. Is there any use case where not using this option would make sense? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] enabling of 'thin_storeconfigs'
On 11-05-22 05:22 AM, Brice Figureau wrote: > On 22/05/11 01:10, Gabriel Filion wrote: >> Hello, >> >> I found out that a puppetmaster I manage is currently not using the >> thin_storeconfigs option and suggested to the other admins that we use >> this in order to reduce puppet run times a little. > > Thin storeconfigs won't reduce your puppet agent run time, only the > master compilation time. thanks for the precision. still there's a little gain in comparison. I would probably gain more performance in upgrading from 0.25.5 to 2.6.x, but that will come later since it requires more effort. >> Is it recommended to purge the [mysql] database once the option is >> enabled on the puppetmaster? > > I don't think so. The next run with thin_storeconfigs should get rid of > all the extraneous data. great, that's good to know. >> p.s. on another note: I can't grasp the advantage of not using >> thin_storeconfigs. Since we'll be parsing the manifests on every change >> anyway, having all info replicated into a database doesn't seem to bring >> us anything. Is there any use case where not using this option would >> make sense? > > Having all the data in the database can help write inventory > applications. If you don't have such application, thin storeconfig is > way better. On another hand, if you don't use exported > resources/collection, you really don't care about storeconfigs at all > and you should disable it altogether. thanks to everyone for details on this subject. since we currently don't use the extra info (and don't plan to use it in the near future), but do use exported resources (nagios configs, ssh keys), using storeconfigs with thin_storeconfigs will fit just great. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] enabling of 'thin_storeconfigs'
On 11-05-25 01:28 PM, Nigel Kersten wrote: > On Wed, May 25, 2011 at 10:23 AM, Nathan Clemons <mailto:nat...@livemocha.com>> wrote: > > So if Nagios configs are the only thing you use stored configs for, > thin stored configs will work just fine? > > If so, I forsee a switch in our future. :) > > Also, since you mentioned it... how difficult is it to upgrade from > 0.25 to 2.6 / 2.7? I've been curious to upgrade but for the most > part everything's been working fine so I've been holding off. Will I > need to rewrite parts of my config? (I'm not doing much fancy, > mostly user/service/package/file management with a side of Nagios.) > > > You shouldn't have to rewrite anything to go from 0.25 to 2.6.x. Like Nigel said, if you don't use too much fancy features combined with funky inheritance, you shouldn't have much problems upgrading. You could try things out first to see how things go and to be able to make corrections to your manifests if needed. Set up a new puppet master with 2.6/2.7, copy your modules and manifests to that new server and setup a few virtual servers to use different setups from your nodes. This testing phase will be the longest, but it's always better to be safe than sorry ;) After that, upgrade your puppet master, wait a couple of days just to see if it holds up well. Finally upgrade your clients. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] functions and environments
Hello,
I'm trying to test out new features of a module before I deploy it and I
have difficulty with the functions declared by the module.
I'm using an enviroment called "development" where I dropped the "new"
module and would like to test on a node with the following:
puppetd --environment=development -t --noop
I can see that the file containing the function gets created but puppet
complains that it doesn't know the function in question:
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib]/mode: mode changed '775' to '755'
notice: /File[/var/lib/puppet/lib/puppet]/mode: mode changed '775' to '755'
notice: /File[/var/lib/puppet/lib/puppet/parser]/mode: mode changed
'775' to '755'
notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/mode: mode
changed '775' to '755'
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/debian_nextcodename.rb]/ensure:
defined content as '{md5}930cce14ff8a84fa29f9a2312d564d37'
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/debian_nextrelease.rb]/ensure:
defined content as '{md5}f314fb8d164034f1562acb00924d4232'
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/debian_release.rb]/ensure:
defined content as '{md5}cb4789fe5e233f2ae193e84a754350f9'
notice:
/File[/var/lib/puppet/lib/puppet/parser/functions/debian_release_version.rb]/ensure:
defined content as '{md5}8cd893cbb749897d17a28dd17a06ef6c'
info: Loading downloaded plugin
/var/lib/puppet/lib/puppet/parser/functions/debian_nextcodename.rb
info: Loading downloaded plugin
/var/lib/puppet/lib/puppet/parser/functions/debian_nextrelease.rb
info: Loading downloaded plugin
/var/lib/puppet/lib/puppet/parser/functions/debian_release.rb
info: Loading downloaded plugin
/var/lib/puppet/lib/puppet/parser/functions/debian_release_version.rb
info: Loading facts in sshkeys
info: Loading facts in interfaces
info: Loading facts in acpi_available
info: Loading facts in vserver
info: Loading facts in mysql
info: Loading facts in mountpoints
info: Loading facts in netmask
info: Loading facts in smbldap_installed
info: Loading facts in virtual
info: Loading facts in sshkeys
info: Loading facts in interfaces
info: Loading facts in acpi_available
info: Loading facts in vserver
info: Loading facts in mysql
info: Loading facts in mountpoints
info: Loading facts in netmask
info: Loading facts in smbldap_installed
info: Loading facts in virtual
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Unknown function debian_release at
/etc/puppet/modules-development/apt/manifests/init.pp:73 on node
node.mydomain.net
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
There's a mention on the wiki [1] about plugins vs. environments but I
don't really get what would be needed.
[1] :
http://projects.puppetlabs.com/projects/1/wiki/Using_Multiple_Environments#Plugins+and+Facts
Could anybody help me sort out a way to do my tests?
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] functions and environments
On 11-06-14 04:39 PM, Nigel Kersten wrote:
> On Tue, Jun 14, 2011 at 1:26 PM, Gabriel Filion <mailto:lelu...@gmail.com>> wrote:
> I'm trying to test out new features of a module before I deploy it and I
> have difficulty with the functions declared by the module.
>
> I'm using an enviroment called "development" where I dropped the "new"
> module and would like to test on a node with the following:
>
> puppetd --environment=development -t --noop
>
> I can see that the file containing the function gets created but puppet
> complains that it doesn't know the function in question:
>
> Functions get executed master side, so even though they get delivered to
> the node, they need to be accessible on the master.
oh, ok.. so I'd need to have that new plugin used by the master first?
> What version of Puppet are you running on the master and nodes?
master: 0.25.4
node: 0.25.4
> info: Retrieving plugin
> notice: /File[/var/lib/puppet/lib]/mode: mode changed '775' to '755'
> notice: /File[/var/lib/puppet/lib/puppet]/mode: mode changed '775'
> to '755'
> notice: /File[/var/lib/puppet/lib/puppet/parser]/mode: mode changed
> '775' to '755'
> notice: /File[/var/lib/puppet/lib/puppet/parser/functions]/mode: mode
> changed '775' to '755'
> notice:
>
> /File[/var/lib/puppet/lib/puppet/parser/functions/debian_nextcodename.rb]/ensure:
> defined content as '{md5}930cce14ff8a84fa29f9a2312d564d37'
> notice:
>
> /File[/var/lib/puppet/lib/puppet/parser/functions/debian_nextrelease.rb]/ensure:
> defined content as '{md5}f314fb8d164034f1562acb00924d4232'
> notice:
>
> /File[/var/lib/puppet/lib/puppet/parser/functions/debian_release.rb]/ensure:
> defined content as '{md5}cb4789fe5e233f2ae193e84a754350f9'
> notice:
>
> /File[/var/lib/puppet/lib/puppet/parser/functions/debian_release_version.rb]/ensure:
> defined content as '{md5}8cd893cbb749897d17a28dd17a06ef6c'
> info: Loading downloaded plugin
> /var/lib/puppet/lib/puppet/parser/functions/debian_nextcodename.rb
> info: Loading downloaded plugin
> /var/lib/puppet/lib/puppet/parser/functions/debian_nextrelease.rb
> info: Loading downloaded plugin
> /var/lib/puppet/lib/puppet/parser/functions/debian_release.rb
> info: Loading downloaded plugin
> /var/lib/puppet/lib/puppet/parser/functions/debian_release_version.rb
> info: Loading facts in sshkeys
> info: Loading facts in interfaces
> info: Loading facts in acpi_available
> info: Loading facts in vserver
> info: Loading facts in mysql
> info: Loading facts in mountpoints
> info: Loading facts in netmask
> info: Loading facts in smbldap_installed
> info: Loading facts in virtual
> info: Loading facts in sshkeys
> info: Loading facts in interfaces
> info: Loading facts in acpi_available
> info: Loading facts in vserver
> info: Loading facts in mysql
> info: Loading facts in mountpoints
> info: Loading facts in netmask
> info: Loading facts in smbldap_installed
> info: Loading facts in virtual
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Unknown function debian_release at
> /etc/puppet/modules-development/apt/manifests/init.pp:73 on node
> node.mydomain.net <http://node.mydomain.net>
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
>
> There's a mention on the wiki [1] about plugins vs. environments but I
> don't really get what would be needed.
>
> [1] :
>
> http://projects.puppetlabs.com/projects/1/wiki/Using_Multiple_Environments#Plugins+and+Facts
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with usage of arrays
Talking a bit through my hat here.. but:
On 11-06-16 05:36 AM, Roband wrote:
> i can't use array in puppet. Here is my codesnipplet:
>
> $callapidata = [ 'wert1','wert2']
> notice $callapidata[1]
try something like the following instead of the second line:
notice { $callapidata[1]: }
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] functions and environments
I got further into the problem thanks to your help.. but there's something else now. On 11-06-15 12:36 PM, Nigel Kersten wrote: > > Functions get executed master side, so even though they get > delivered to > > the node, they need to be accessible on the master. > > oh, ok.. so I'd need to have that new plugin used by the master first? > > > What version of Puppet are you running on the master and nodes? > > master: 0.25.4 > node: 0.25.4 > > > Ah. For that version, you'll need to make sure the function is in the > libdir of the puppet master, as I believe that functions from > environments weren't accessible to the master in 0.25.x that seems to have worked. I copied the files in the master's lib dir and it got further. However, I'm now stuck on another weirdness between environments: I get an error about some resource that gets redefined between the init.pp from the production environment and another manifest from the development environment called moduledir.pp in the puppet master's config I have: [main] logdir=/var/log/puppet vardir=/var/lib/puppet rundir=/var/run/puppet ssldir=/var/lib/puppet/ssl environment=production [...] [development] modulepath=/etc/puppet/modules-development:/etc/puppet/modules:/usr/share/puppet/modules I was expecting the declaration in the [development] section to mean that if modules are found in the first directory, then the other dirs are not inspected.. But apparently this is not the case. This could lead to some nasty bugs when testing things out with such a mixed environment. Is there a work around to make the other module of the same name in the /etc/puppet/modules directory not influence the development environment? -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] functions and environments
On 11-06-16 03:47 PM, Nathan Clemons wrote: > Or what you might want to do is to create a specific common directory > for code that should be shared, and per-environment directories which > contain code that should not be shared. If you find that something > should no longer be common, you then move it into the per-env > directories as appropriate. Oh ok ... I'll have to work something out then.. this is more complicated to use than I thought. Thanks everyone for all the help. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pros and Cons of a Decentralized Puppet Architecture
On 12-07-17 09:11 AM, JMeterX wrote: > We have around 300 RHEL servers that are currently connecting to a > Puppetmaster server. However, we have noticed some performance > bottlenecks and it is the point of failure in our system. I am fairly > new to puppet in general and I am considering creating a decentralized > puppet architecture instead of having Puppet clients connect to the > Puppetmaster server. Aside from what I would suspect to happen such as > performance gain and lack of signing and exchanging SSL certs for new > machines, what are other pros and cons to setting up a decentralized > architecture? here's an incomplete list that comes from the top of my head. pros: * you move the single point of failure security-wise to a repository from which your nodes pull the manifests, which is probably easier to secure (less moving parts). * the setup scales much better than with a centralised puppet master. the performance that you'll need to be verifying is wheter too much nodes pull the manifests simultaneously. everything else is done by each node. cons: * passing resources and files from one node to another (e.g. collecting resources) is tougher. you pretty much have to reinvent a method of doing it. * you really have to trust users with root access on each node since manifests are pulled directly on the server (and can thus be modified locally). -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] dmz network configuration
On 12-08-29 01:51 AM, Andrei-Florian Staicu wrote: > I need to install puppet agent on some DMZ hosts, so I need to have > all TCP ports. > Can anyone tell me what the data flow is between agents and the master? > Also, what would be the case when using MCollective, inseatad of puppet kick? If I'm not mistaken, in the simplest scenario where your puppetmaster is not interacting with external filebuckets, puppetDBs, schedulers and whatnot, puppet clients pretty much only need to be able to establish a TCP connection with the puppet master on port 8140. As long as you let established connections out of the DMZ, then connection both ways should be assured. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios purge deleted items and notify nagios service problem
On 12-09-10 10:46 PM, Bruno Leon wrote:
> resources { "nagios_service":
> #notify => Service["nagios3"]
> purge => true,
> }
>
> resources { "nagios_host":
> #notify => Service["nagios3"]
> purge => true,
> }
>
>
>
> And make Nagios service subrscribe to the file /etc/nagios (cheksum =>
> mtime)
hum, was the purge functionality ever fixed for nagios types? I've
wanted to use that for some time but fwir it was not implemented.
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios purge deleted items and notify nagios service problem
On 12-09-10 11:32 PM, Peter Brown wrote: >> hum, was the purge functionality ever fixed for nagios types? I've >> > wanted to use that for some time but fwir it was not implemented. > Purge generally works if you don't change the target for any of the > the nagios types and keep the names the same otherwise you will have > issues. ah, you're right the bug was with purge + changing target. (yes I do consider this as a bug even though in the code it says it's an architectural restriction -- but I won't bug puppetlabs with an issue about this since I can expect it to only get marked as "wontfix") -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] sharing a storeconfigs db between masters (across versions)
Hey there, I'm currently in the process of migrating a 0.25.4 puppet master to 2.6. Since we're really not sure about how things will work out if I just upgrade the puppetmaster and pray, I chose to create a new master and to integrate one node at a time with 2.6 to make sure that everything goes well on every node. Now I'm wondering if anyone has tried the following or has any interesting info about whether or not it would be a good idea: >From what I understand of storeconfigs, it is possible to plug both puppetmasters on the same MySQL db. Are there any possibilities of issues with having two puppetmasters with *different versions* hit on the same db ? The goal of the above scenario with the storeconfigs db would be to keep the nagios configuration functional across puppet master versions while migrating nodes to the 2.6 master. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing a storeconfigs db between masters (across versions)
On 2012-09-29 16:42, Gabriel Filion wrote: > From what I understand of storeconfigs, it is possible to plug both > puppetmasters on the same MySQL db. Are there any possibilities of > issues with having two puppetmasters with *different versions* hit on > the same db ? FYI I ran a test run and got my answer. It is *not* a good idea :P the 2.6 client run on the 2.6 master got the following error: err: Could not run Puppet configuration client: Parameter require failed: No title provided and "#" is not a valid resource reference and after that, the storeconfigs DB was screwed up on the 0.25.4 master. clients kept getting the following error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `title' for nil:NilClass dropped the db and restored the dump I had made before the test and client runs started working again against the 0.25.4 master. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sharing a storeconfigs db between masters (across versions)
On 2012-10-02 02:46, David Schmitt wrote: > On 01.10.2012 23:11, Gabriel Filion wrote: >> On 2012-09-29 16:42, Gabriel Filion wrote: >>> From what I understand of storeconfigs, it is possible to plug both >>> puppetmasters on the same MySQL db. Are there any possibilities of >>> issues with having two puppetmasters with *different versions* hit on >>> the same db ? >> >> FYI I ran a test run and got my answer. It is *not* a good idea :P >> >> the 2.6 client run on the 2.6 master got the following error: >> >> err: Could not run Puppet configuration client: Parameter require >> failed: No title provided and "#" is not a >> valid resource reference >> >> and after that, the storeconfigs DB was screwed up on the 0.25.4 master. >> clients kept getting the following error: >> >> err: Could not retrieve catalog from remote server: Error 400 on SERVER: >> Could not render to pson: undefined method `title' for nil:NilClass >> >> dropped the db and restored the dump I had made before the test and >> client runs started working again against the 0.25.4 master. >> > > You should be able to run 0.25 clients against a 2.6 master. I tried the other way around :) actually the case was a bit more perverted. it was a 2.6 client against a 2.6 master, but I had configured the 2.6 master to poke around the same MySQL database than the 0.25 master uses for the storeconfigs. It proved out to mess up the database and prevent client runs :\ -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 02:35, Pondy wrote:
> Hi everyone,
>
> Please help, I have built a new server and installed puppet (2.6.17)
> running on RHEL 6.3. It seems that it is not listening on port 8139.
By default, puppet listens on 8140, not 8139. And your configuration
doesn't seem to be specifying an alternative port.
maybe that's what you ought to looking for?
tcp0 0 0.0.0.0:81400.0.0.0:*
LISTEN 18794/ruby1.8
> iptables -L:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> /etc/puppet/puppet.conf:
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
>
> [agent]
> # The file in which puppetd stores a list of the classes
> # associated with the retrieved configuratiion. Can be loaded in
> # the separate ``puppet`` executable using the ``--loadclasses``
> # option.
> # The default value is '$confdir/classes.txt'.
> classfile = $vardir/classes.txt
>
> # Where puppetd caches the local configuration. An
> # extension indicating the cache format is added automatically.
> # The default value is '$confdir/localconfig'.
> localconfig = $vardir/localconfig
> listen = true
> server = mypuppet server.fqdn
>
> /etc/puppet/namespaceauth.conf:
> [puppetmaster]
> allow mypuppet server.fqdn
>
> /etc/puppet/auth.conf:
> # This is an example auth.conf file, it mimics the puppetmasterd defaults
> #
> # The ACL are checked in order of appearance in this file.
> #
> # Supported syntax:
> # This file supports two different syntax depending on how
> # you want to express the ACL.
> #
> # Path syntax (the one used below):
> # -
> # path /path/to/resource
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The path is matched as a prefix. That is /file match at
> # the same time /file_metadat and /file_content.
> #
> # Regex syntax:
> # -
> # This one is differenciated from the path one by a '~'
> #
> # path ~ regex
> # [environment envlist]
> # [method methodlist]
> # [auth[enthicated] {yes|no|on|off|any}]
> # allow [host|ip|*]
> # deny [host|ip]
> #
> # The regex syntax is the same as ruby ones.
> #
> # Ex:
> # path ~ .pp$
> # will match every resource ending in .pp (manifests files for instance)
> #
> # path ~ ^/path/to/resource
> # is essentially equivalent to path /path/to/resource
> #
> # environment:: restrict an ACL to a specific set of environments
> # method:: restrict an ACL to a specific set of methods
> # auth:: restrict an ACL to an authenticated or unauthenticated request
> # the default when unspecified is to restrict the ACL to authenticated
> requests
> # (ie exactly as if auth yes was present).
> #
>
> ### Authenticated ACL - those applies only when the client
> ### has a valid certificate and is thus authenticated
>
> # allow nodes to retrieve their own catalog (ie their configuration)
> path ~ ^/catalog/([^/]+)$
> method find
> allow $1
>
> # allow all nodes to access the certificates services
> path /certificate_revocation_list/ca
> method find
> allow *
>
> # allow all nodes to store their reports
> path /report
> method save
> allow *
>
> # Puppetrun settings
> path /run
> allow mypuppet server fqdn
>
> # inconditionnally allow access to all files services
> # which means in practice that fileserver.conf will
> # still be used
> path /file
> allow *
>
> ### Unauthenticated ACL, for clients for which the current master doesn't
> ### have a valid certificate
>
> # allow access to the master CA
> path /certificate/ca
> auth no
> method find
> allow *
>
> path /certificate/
> auth no
> method find
> allow *
>
> path /certificate_request
> auth no
> method find, save
> allow *
>
> # this one is not stricly necessary, but it has the merit
> # to show the default policy which is deny everything else
> path /
> auth any
>
> It seems as though the puppet is running:
> 4074 ?Ss 0:00 /usr/bin/ruby /usr/sbin/puppetd
> --server=mypuppetserver.fqdn --logdest=/var/log/puppet/puppet.log
>
> But I cant even telnet to port 8139 on the localhost to test that the
> port is open.
>
> Can any one please help?
>
> Any suggestions welcome, I have copied the /etc/puppet/*.conf files from
> another working server.
>
> Please Help!
--
Gabriel Filion
signature.asc
Description: OpenPGP digital signature
Re: [Puppet Users] Puppet client not listening on port 8139
On 2012-10-10 18:37, Pondy wrote: > Hi All, thanks for your input. So, I am talking about the puppet client. ah oops sorry, I'm not used to dealing with this option :\ my bad > The puppet master server and all other clients seem to be working ok. I > am also unable to telnet locally to port 8139 or 8140. hmm this is weird. in your original post you showed us that there were no iptables rules, and you do have "listen = true" in your puppet.conf. do you see the port as open and listening with netstat? -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Nagios
On 2012-10-11 14:59, TFML wrote: > I've got a Nagios setup with puppet to add nodes/contacts/command > running at one datacenter, I'm trying to setup a second Nagios server > using the same manifests, but I'm getting this error: > > info: Retrieving plugin > info: Loading facts in snmpd > info: Loading facts in snmpd > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Exported resource Nagios_timeperiod[24x7] cannot override local resource > on node nagios2.theflux.net <http://nagios2.theflux.net> your manifests are probably exporting the same resources twice. you might want to verify either that one nagios server is exporting these and the second is collecting them, or that both create them as local resources and collect host/service definitions from other nodes. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Encrypt Passwords in Manifests
Hi there,
On 04/03/2013 09:18 AM, jim wrote:
> I mainly use Puppet for managing windows hosts, and what to know they
> best way to either encrypt passwords in manifests or where to store them
> so they are encrypted and reference them as in a variable etc ? (if that
> makes sense)
>
> e.g.
>
> class roles::base::users {
> user { 'Administrator':
> ensure => present,
> password => 'Please_hide_me;01',
> }
You might want to have a look at trocla which was developped for that
purpose:
https://github.com/duritong/trocla
with the puppet integration module:
https://github.com/duritong/puppet-trocla
--
Gabriel Filion
signature.asc
Description: OpenPGP digital signature
Re: [Puppet Users] Puppet 2.6.x is now EOL
On 30/04/13 05:05 PM, Michael Stahnke wrote: > The time has come for us to say good-bye to Puppet 2.6.x. Puppet 2.6.x > is now end of Life, as originally announced Jan 17, 2013. hmm .. so that means that puppet squeeze won't get any more security updates? kinda sucks cause squeeze'll be around for another year. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Holding packages on providers with holdable feature
Hey there, On 15/05/13 08:24 PM, sjr wrote: > The thing is we would like to be able to specify a version for the > package and tell dpkg to hold it to prevent unwanted upgrades (mainly > because human errors). As I haven't been able to get it working with > current APT provider I would like if with its current status this is > possible... if you provide a version in the "ensure" parameter, then puppet will install this specific version.. but the way we do it where I work is to have puppet drop a file in /etc/apt/preferences.d and pin it. See [0] for more info on pinning (it doesn't talk about preferences.d, but everything that can go in /etc/apt/preferences can be split in different files in /etc/apt/preferences.d) [0]: http://wiki.debian.org/AptPreferences this way, you're sure that no operation, should it be puppet or manual interventions will upgrade the package. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Holding packages on providers with holdable feature
On 16/05/13 03:28 AM, sjr wrote: > Take a look to the example I wrote, I know writing the version in ensure > puppet will do that...but let's imagine someone puts a new version of > one of our services in the repository and another someone comes and > makes the mistake of upgrading without noticing that new version, the > service will be restarted twice ... for the upgrade and next time puppet > will run, also notice we're not running puppet agent in daemon mode so > either a human or Nagios will have to find out about the upgrade. We > would like to avoid this kind of situations. oh! I just went back to the puppet documentation and learned something. I didn't know puppet was able to hold packages.. according to documentation you should set "ensure" to the value "held" to have puppet use "dpkg --set-selections $package hold", but then reading the "package" type and its "apt" provider, unfortunately I don't think it's possible to mix holding and enforcing a particular version since both use the ensure parameter.. > On Thursday, May 16, 2013 7:25:57 AM UTC+2, Lelutin wrote: > On 15/05/13 08:24 PM, sjr wrote: > > The thing is we would like to be able to specify a version for the > > package and tell dpkg to hold it to prevent unwanted upgrades (mainly > > because human errors). As I haven't been able to get it working with > > current APT provider I would like if with its current status this is > > possible... > > if you provide a version in the "ensure" parameter, then puppet will > install this specific version.. > > but the way we do it where I work is to have puppet drop a file in > /etc/apt/preferences.d and pin it. See [0] for more info on pinning (it > doesn't talk about preferences.d, but everything that can go in > /etc/apt/preferences can be split in different files in > /etc/apt/preferences.d) > > [0]: http://wiki.debian.org/AptPreferences > <http://wiki.debian.org/AptPreferences> > > this way, you're sure that no operation, should it be puppet or manual > interventions will upgrade the package. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Holding packages on providers with holdable feature
On 17/05/13 03:45 AM, sjr wrote: > I have done a quick&dirty hack to the APT provider and it works when > installing a new package I can enforce a version and hold it. But from > my minor mod to a proper patch...there is still much work to do, so > that's why I was looking for comments, opinions, and so on about this > feature well I can't really think of why both features should be exclusive (the current state). "holding" a package doesn't ensure a particular version other than the one that's already currently installed, which is not particularly precise. so it'd be interesting to make them separate (maybe just have a "hold" parameter to the type) the best place to discuss your patch and implementation/design details would probably be on the puppet-dev list. and maybe open up an issue on redmine first and refer to it on the list. that way you can get people to vote on the issue to show support ;) -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Puppet 2.7 deprecation warnings
On 03/06/13 04:30 AM, Marc wrote: > *Type 2:* > > /puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. > For more information, > see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the > change in behavior, use the --debug flag./ > / > / > As you can see, type 2 has no reference to the code. Am I right to > assume that type 2 logs are related to ruby functions or .erb templates? one way to have a better idea what causes the error is to run with --debug to see the full trace. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Re: New to Puppet bash: command not found
On 15/06/13 02:15 PM, gfdadd...@gmail.com wrote:
> Forgot to mention that I am ne to LInux also...
>
> Do you have an example?
the path that was mentioned by Peter is a set of directory paths
separated by ":" where binaries are searched when invoked. it is set in
the environment variable $PATH.
with puppet, it is considered a good practice to set a global $PATH
value that corresponds to your system with the below snippet (the
capital letter at the beginning of "Exec" is important).
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
--
Gabriel Filion
signature.asc
Description: OpenPGP digital signature
Re: [Puppet Users] Nagios service not restarting when removing a host from the database
Hi there, On 05/08/13 10:51 AM, John Santana wrote: > When I remove the host from the database via > > delete from fact_values where host_id='N'; > delete from resources where host_id='N'; > delete from hosts where id='N'; if you remove the host exported resource in the manifests and the DB, then the nagios server is not collecting anything about it anymore: that's why the service doesn't get notified. you need to export the resource with ensure => absent and run puppet on the host, then on the nagios server so that everything runs fine. however in your example, you seem not to be redefining the "target" when collecting, so you might consider using purge => true. to achieve what you want with the workflow you mentioned above (e.g. without the need to export with ensure => absent) -- Gabriel Filion signature.asc Description: OpenPGP digital signature
