[Puppet Users] Hiera, define, class, putting all together

[Helmut Schneider]

Hi,

I'm new to puppet and read docs as much as possible, so forgive some
confusion in my code.

ubuntu-common.yaml:
---
packages:
  - bc
  - bsd-mailx
  - fail2ban
  - logrotate
  - open-vm-tools
  - openssh-server
  - rsyslog
  - rsync
  - sudo
  - snmpd
apacheModules:
  - auth_kerb
  - authnz_ldap
  - status
classes:
  - ubuntu-common-files

nodes/xyz.yaml:
packages:
  - postfix
  - wget
apacheModules:
  - mpm_prefork
  - php
  - ssl

apache24::modules.pp:
define modules ($module = $title) {
  class { "apache::mod::$module": }
}

install-packages::packages.pp:
define install-packages ($package = $title) {
  if $package != undef {
package { $package:
  ensure => installed
}
# I have some classes named as packages that copy files e.g.
if defined ("$package") {
  class { "$package": }
}
  }
}

nodes.pp:
case $operatingsystem {
  /^(Debian|Ubuntu)$/: {
$ubuntuDefaultPackages = hiera_array ('packages', '',
'ubuntu-common')
$ubuntuExtraPackages = hiera_array ('packages', '', "nodes/$fqdn")
$ubuntuPackages = [ $ubuntuDefaultPackages, $ubuntuExtraPackages ]
$ubuntuDefaultApacheModules = hiera_array ('apacheModules', '',
'ubuntu-common')
$ubuntuExtraApacheModules = hiera_array ('apacheModules', '',
"nodes/$fqdn")
$ubuntuApacheModules = [ $ubuntuDefaultApacheModules,
$ubuntuExtraApacheModules ]
hiera_include ('classes', '', 'ubuntu-common')
  }
  default: {
   }
}
hiera_include ('classes', '', "nodes/$fqdn")
[...]
install-packages { [ $ubuntuDefaultPackages, $packages ]: } <= works
apache24::modules { $ubuntuApacheModules: } <= fails

The error is:

Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Duplicate declaration: Apache24::Modules[mpm_prefork] is
already declared in file
/etc/puppet/environments/production/manifests/nodes.pp:54; cannot
redeclare at /etc/puppet/environments/production/manifests/nodes.pp:54
on node xyz

Apache24::Modules[mpm_prefork] varies. I'm using the apache class from
puppetlabs. Apache24::Modules is called only from nodes.pp, there are
no duplicates.

My question is: Is the approach itself correct? I want to pass
$packages and $apachemodules to a class that does the install.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k6v1rjogku21000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Hiera, define, class, putting all together

[Helmut Schneider]

jcbollinger wrote:

> On Saturday, June 4, 2016 at 7:20:19 PM UTC-5, Helmut Schneider wrote:
> > 
> > Hi, 
> > 
> > I'm new to puppet and read docs as much as possible, so forgive
> > some confusion in my code. 

[Code]

> Consider this call:
> 
> hiera_array ('apacheModules', '', 'ubuntu-common')
> 
> It performs an array-merge lookup for key 'apacheModules', with
> hierarchy level 'ubuntu-common' inserted at the top of the hierarchy.
> That level is already in the hierarchy for the node, or so I must
> presume.  Now remember that an array-merge lookup collects data from
> every level in the hierarchy, so if that duplicate level contains any
> data for the requested key then you will automatically get dupes for
> all those data.
> 
> Even if you weren't getting dupes by virtue of having the same
> hierarchy level consulted twice, it looks like you have a second
> avenue for dupes.  You are performing two array-merge lookups and
> then concatenating the results.  Since each array-merge lookup will
> collect data from the whole hierarchy (plus, in your case, an extra
> level), the two sets of results you are concatenating will have many
> elements in common, so concatenating them produces dupes.

This in fact wasn't clear to me, I thought it would restrict the serach
to ubuntu-common.yaml and not extend it.

> In fact, even your 'case' statement is a bit suspect.

Without the case statement, how can I make sure that ubuntu only
receives classes for ubuntu and not e.g. for Windows then?

> With appropriate use of fact interpolation in your hierarchy
> definition, you should be able to reduce [the section you presented
> of] your nodes.pp to just this:
> 
> $packages = hiera_array ('packages', [])
> $apacheModules = hiera_array ('apacheModules', []) 
> hiera_include ('classes') 
> install-packages { $packages: }
> apache24::modules { $apacheModules: }

Works like a charm btw.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k6yybesbrkfk000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Hiera, define, class, putting all together

[Helmut Schneider]

jcbollinger wrote:

> 
> On Tuesday, June 7, 2016 at 8:02:24 AM UTC-5, Helmut Schneider wrote:
> > 
> > jcbollinger wrote: 
> > 
> > 
> Without the case statement, how can I make sure that ubuntu only 
> > receives classes for ubuntu and not e.g. for Windows then? 
> > 
> > 
> 
> That is where your data hierarchy comes in.  You have a level named 
> "ubuntu-common"; it therefore stands to reason that if you have any
> Windows machines under management then there is also a
> "windows-common" (even if it's only notional).  These would be
> alternatives for a particular level of your hierarchy, and you would
> select which to use based on node facts.  That's precisely what you
> presently do via the 'case' statement, but you can, and probably
> should, do it directly in your hierarchy definition.  This is one of
> the primary uses of Hiera interpolation tokens.  The Hiera docs for
> defining a hierarchy
> <https://docs.puppet.com/hiera/3.1/hierarchy.html> discuss this and
> provide an example.  (I've linked to the Hiera 3.1 docs, but
> substantially the same thing applies to older Hiera as well.)

I changed my config accordingly:

:hierarchy:
  - "nodes/%{::fqdn}"
  - "%{::operatingsystem}"
  - "%{::osfamily}"
  - common

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k7324iwgvkxm000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Issue copying files if package exists

[Helmut Schneider]

Hi,

I want to copy files if a package is installed. What works fine with
the packages 'postfix', 'fail2ban' and 'apache2' does not with
'openssh-server.

class fail2ban {
  $postfixPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'postfix',
default   => 'undef',
  }
  $sshdPackage = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'openssh-server',
default   => 'undef',
  }

  if ! defined (Package["$package"]) {
package { "$package":
  ensure => installed,
}
  }

  if defined (Package["$postfixPackage"]) {
file { "/etc/fail2ban/filter.d/postfix-amavis.local":
  mode => "0644",
  owner => 'root',
  group => 'root',
  source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/postfix-amavis.local',
}
  }
  if defined (Package["$sshdPackage"]) {
file { "/etc/fail2ban/filter.d/sshd-dos.local":
  mode => "0644",
  owner => 'root',
  group => 'root',
  source =>
'puppet:///modules/fail2ban/etc/fail2ban/filter.d/sshd-dos.local',
}
  }
}

$ rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local^C
$ sudo rm /etc/fail2ban/filter.d/postfix-amavis.local
/etc/fail2ban/filter.d/sshd-dos.local
$ sudo puppet agent -t -d | grep -Ei
'(postfix|openssh-server|postfix-amavis.local|sshd-dos.local)'
[...]
Debug: /Package[postfix]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
Debug: /Package[openssh-server]: Provider apt does not support features
virtual_packages; not managing attribute allow_virtual
[...]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]/
ensure: defined content as '{md5}c5def71abe5f682c2beb896fd5e30e10'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/postfix-amavis.local]:
The container Class[Fail2ban] will propagate my refresh event

So /etc/fail2ban/filter.d/sshd-dos.local is not copied. When
uncommenting the if-clause 'if defined (Package["$sshdPackage"])' the
file gets copied:

$ sudo puppet agent -t -d | grep -i 'sshd-dos.local'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]:
Autorequiring File[/etc/fail2ban/filter.d/]
Notice:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]/ensure
: defined content as '{md5}3d993678f322e5cb6335addaaa40512e'
Debug:
/Stage[main]/Fail2ban/File[/etc/fail2ban/filter.d/sshd-dos.local]: The
container Class[Fail2ban] will propagate my refresh event

Am I missing the obvious?

$ puppet -V
3.8.7
$ lsb_release -d
Description:Ubuntu 14.04.4 LTS

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k75zp1zhqvbs000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue copying files if package exists

[Helmut Schneider]

Rob Nelson wrote:

> Your code only shows one package, $package, being created, but it
> does not show where the value for $package is set. Either that var

The package block is missleading, it just installs fail2ban:

  $package = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'fail2ban',
default   => 'undef',
  }

> has the value 'postfix', or the postfix package is managed in another
> file. Regardless, there is nothing showing where a package called
> $sshdPackage is managed here, which is why the if block is never hit.

Do I have to manage postfix or openssh-server in the same file? The
following log should prove that openssh-server is installed and managed
(somewhere).

> > Debug: /Package[openssh-server]: Provider apt does not support
> > features virtual_packages; not managing attribute allow_virtual

Nevertheless, if you check the log snippets again, why is the
'postfix'-block hit and 'openssh-server' isn't?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k761cd1fi74001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppetlabs/apache: override variable

[Helmut Schneider]

Hi,

apache/manifests/init.pp defines:

  if $::apache::conf_dir and $::apache::params::conf_file {
case $::osfamily {
  'debian': {
$error_log= 'error.log'
$scriptalias  = '/usr/lib/cgi-bin'
$access_log_file  = 'access.log'
  }

I would like to change $error_log and $access_log_file (for the server,
not for a vhost!). Can I parametrize the apache class or do I have to
change init.pp?

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k77ewp1fk9ni001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue copying files if package exists

[Helmut Schneider]

Craig Dunn wrote:

> Given the above, what are you trying to achieve?  Are you trying to
> manage the file resource after the package resource, or are you
> saying you only want to manage the file if the package exists on the
> target system?

The latter. If openssh-server is installed, copy the file sshd-dos.local

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k77es51fdoh1000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue copying files if package exists

[Helmut Schneider]

Rob Nelson wrote:

> Modeling state can be tricky. It's pretty easy for a human to
> understand conditionals like "If a package is installed, install a
> file," but for state modeling, resources are best defined as either
> managed or unmanaged, not somewhere in between. It's important to
> keep this in mind when modeling state. You can always, of course,
> "beat" the computer and figure out a workaround, but you're losing
> out on the strengths of the CM tool you have chosen.

I think I found a way around without losing the strengths:

if "$sshdPackage" in hiera_array ('packages', []) {
  do_something
}

This at least fits for me. I also tried to tag packages:

define install_packages ($package = $title) {
  [...]
  tag "Hello"

  if tagged("Hello") {
notify { "TAGGED 'Hello'": }
  }
}

This works within the define but not outside

class fail2ban {
  if tagged("Hello") {
notify { "TAGGED 'Hello'": }
  }
}

does not output anything allthough install_packges is involved.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k7cvqc53aszx000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] change order of elements

[Helmut Schneider]

Hi,

Given the following structure:

hiera.yaml:
[...]
:hierarchy:
  - nodes/%{::fqdn}
[...]
  - common
:merge_behavior: deeper

common.yaml:
[...]
profiles:
  webserver:
apache:
  modules:
- auth_kerb
- authnz_ldap
- cgid
- status

host.yaml:
profiles:
  webserver:
apache:
  modules:
- mpm_event
- php
- ssl

hiera_hash ('profiles')['webserver']['apache']['modules'] returns the
following array:

[auth_kerb, authnz_ldap, cgid, status, mpm_event, headers, proxy,
proxy_http, rewrite, ssl]

mpm_event may also be mpm_prefork and mpm_worker.

How can I ensure that mpm_* is always the first element in the array?

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k7frtb825pme000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] change order of elements

[Helmut Schneider]

Peter Kristolaitis wrote:

> > How can I ensure that mpm_* is always the first element in the
> > array?
>
> Assuming you're trying to solve the problem I think you're trying to
> solve (i.e. to have Apache with the correct process model installed
> before any additional modules), it's important to note that
> reordering the array doesn't guarantee that.  The order in which
> Puppet applies resources is non-deterministic unless you have
> explicit ordering.
> 
> You're probably better off solving this problem in a different way;
> for example by creating a new data element (e.g.
> profiles::webserver::apache::process_model), and then specifying
> explicit ordering between the process_model package and the modules
> packages.

I'm using puppetlabs/apache to install apache. I already created 4
classes, apache24::install, apache24::modules, apache24::default_hosts
and apache::config to ensure the ordering of the installation process.

apache24::install includes apache{}, where I define "mpm_module =>
false," to be able to provide my own mpm_ module.

Then I call apache24::modules to install the appropriate mpm_ and other
modules.

Obviously the installation of cgi(d) checks the installation of a mpm_
module:

Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find resource 'Class[Apache::Mod::Prefork]' for
relationship on 'Class[Apache::Mod::Cgi]' on node myhost

I therefore need to ensure that before all other modules an appropriate
mpm mpdule is installed

I helped mysqlf with

  # mpm must be the first module to install
  if /(mpm_.*)/ in $apacheModules {
$mpmModule = [ $1 ]
$apacheModulesTemp = delete($apacheModules, $mpmModule)
  } else {
$apacheModulesTemp = $apacheModules
  }
  [...]
  $apacheModulesRevised = concat($mpmModule, $apacheModulesTemp)

but was wondering if there is an easier/cleaner/better solution.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0k7hedi9sg2jy000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Hiera and nested / reuse variables

[Helmut Schneider]

Hi,

common.yaml:

profiles:
  mailserver:
postfix:
  instances:
postfix-in:
  instance_path: '/etc/postfix-in'
  other_path:"%{instance_path}"  <= required

Is it possible to nest both variables somehow? Or alternatively from
common.pp:

$instance_path =
$profiles['mailserver']['postfix']['instances'][postfix-in]['instance_pa
th']

Can I somehow use $instance_path from common.pp in common.yaml?

helmut@puppet:~$ sudo puppet agent -V
4.10.12
helmut@puppet:~$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lbgz1d8mkmi000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Check existence of a hierarchy

[Helmut Schneider]

Hello all,

let's assume the following structure in a yaml:

profiles:
  vpn:
openvpn:
  instances:
client:
  myclient:
remote:   'openvpn_host 1194'

I would now like to check if e.g. "client" exists:

if ($profiles['vpn']['openvpn']['instances']['client'])

This works as long as the structure

profiles:
  vpn:
openvpn:
  instances:

exists and fails if not (because OpenVPN should not be available for
that client):

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Operator '[]' is not applicable
to an Undef Value. at
/etc/puppetlabs/code/modules/openvpn/manifests/init.pp:17:7 on node
my_client

Is there a way to check the existence of a hierarchy without creating
an empty hierarchy or doing something like

  if is_hash($profiles) {
if has_key($profiles, 'vpn') {
  if has_key($profiles['vpn'], 'openvpn') {
if has_key($profiles['vpn']['openvpn'], 'instances') {
  ...and so on
}
  }
}
  }

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcc078szqyl1000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Check existence of a hierarchy

[Helmut Schneider]

Ben Ford wrote:

> What you're looking for is the dig() function.
> https://puppet.com/docs/puppet/latest/function.html#dig
> 
> $profiles.dig('vpn', 'openvpn', 'instances', 'client')
> 
> On Wed, Jul 11, 2018 at 8:32 AM Helmut Schneider 
> wrote:
> 
> > Hello all,
> > 
> > let's assume the following structure in a yaml:
> > 
> > profiles:
> >   vpn:
> > openvpn:
> >   instances:
> > client:
> >   myclient:
> > remote:   'openvpn_host 1194'
> > 
> > I would now like to check if e.g. "client" exists:
> > 
> > if ($profiles['vpn']['openvpn']['instances']['client'])
> > 
> > This works as long as the structure
> > 
> > profiles:
> >   vpn:
> > openvpn:
> >   instances:
> > 
> > exists and fails if not (because OpenVPN should not be available for
> > that client):
> > 
> > Error: Could not retrieve catalog from remote server: Error 500 on
> > SERVER: Server Error: Evaluation Error: Operator '[]' is not
> > applicable to an Undef Value. at
> > /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:17:7 on node
> > my_client
> > 
> > Is there a way to check the existence of a hierarchy without
> > creating an empty hierarchy or doing something like
> > 
> >   if is_hash($profiles) {
> > if has_key($profiles, 'vpn') {
> >   if has_key($profiles['vpn'], 'openvpn') {
> > if has_key($profiles['vpn']['openvpn'], 'instances') {
> >   ...and so on
> > }
> >   }
> > }
> >   }
> > 
> > Thank you!

Great, thanks a lot!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcc1v3t20grw001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera and nested / reuse variables

[Helmut Schneider]

Angel L. Mateo wrote:

> El 21/06/18 a las 14:32, Helmut Schneider escribió:
> > Hi,
> > 
> > common.yaml:
> > 
> > profiles:
> >mailserver:
> >  postfix:
> >instances:
> >  postfix-in:
> >instance_path: '/etc/postfix-in'
> >other_path:"%{instance_path}"  <= required
> > 
> > Is it possible to nest both variables somehow? Or alternatively from
> > common.pp:
> 
> common.yaml:
> 
> instance_path: '/etc/postfix-in'
> profile:
>mailserver:
>  postfix:
>instances:
>  postfix-in:
>instance_path: "%{hiera('instance_path')}"
>other_path:"%{hiera('instance_path')}"
> 

I tried

profile:
  mailserver:
postfix:
  instances:
postfix-in:
  instance_path: '/etc/posfix-in'
  other_path:
"%{hiera('profile::mailserver::postifx::instances::postfix-in::instance_
path')}"

which gives an empty value.

> or, if you want to reuse value in the same file:
> 
>instance_path: &instance_path '/etc/postfix-in'
>other_path: *instance_path

This works but can I also construct a string here? Like

  instance_path: &instance_path '/etc/postfix-in'
  other_path: "*instance_path something_else"

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcer7hvrowur002%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Hi,

openvpn.yaml:
[...]
profiles:
  vpn:
openvpn:
  defaults:
client:
  dev:   'tun'
  proto: 'udp'
  resolv-retry:  'infinite'
  nobind:
  user:  'nobody'
  group: 'nogroup'
  persist-key:
  persist-tun:

init.pp:
[...]
$openvpnConf = $profiles['vpn']['openvpn']['defaults']['client']
[...]

In the template:

### <%= @openvpnConf['dev'] %> ###
### <%= @openvpnConf['nobind'] %> ###

The result is

### tun ###
### undef ###

but I would expect

### tun ###
###  ###

The problem is that testing for defined?, .nil? and also != 'undef' all
fail.

How can I test if a key has a value withn the template?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcerxlvsqnut003%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Christopher Wood wrote:

> Have you considered switching to an EPP template? You can limit the
> data passed in to only valid types (otherwise catalog compilation
> failure), it's quite useful.

Not yet. And I'm not sure if that will help. In my case there are
commands with and without parameters:

proto udp
dev tun
persist-tun
nobind

So even if I pass only specific ones I still have to check if there is
a corresponding value for the key, otherwise

<%= key %> <%= value %>

will fail.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcetoovv4qov004%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Christopher Wood wrote:

> On Fri, Jul 13, 2018 at 03:44:04PM +0000, Helmut Schneider wrote:
> > Christopher Wood wrote:
> > 
> > > Have you considered switching to an EPP template? You can limit
> > > the data passed in to only valid types (otherwise catalog
> > > compilation failure), it's quite useful.
> > 
> > Not yet. And I'm not sure if that will help. In my case there are
> > commands with and without parameters:
> > 
> > proto udp
> > dev tun
> > persist-tun
> > nobind
> 
> This still sounds like a data validation item quite doable with types.
> 
>
https://puppet.com/docs/puppet/5.5/lang_data_hash.html#the-hash-data-type
> 
> Hash[Enum['proto', 'dev'], String]
> Hash[Enum['proto', 'dev'], Variant[String, Undef]]
> 
> > So even if I pass only specific ones I still have to check if there
> > is a corresponding value for the key, otherwise
> > 
> > <%= key %> <%= value %>
> > 
> > will fail.
> 
> However the odd thing is that I am unable to reproduce what you are
> seeing with a plain undef in a very simple case. The undef is not
> stringified for me in puppet 5.4.0.

I changed the template to output value.class:

proto String
dev String
persist-tun Symbol
nobind Symbol
resolv-retry String
comp-lzo String
user String
group String
persist-key Symbol
cert String
key String
ca String
ns-cert-type String
verb String
log-append String
script-security String
plugin String
up String
down String

After further investigation this happend with deep_merge, because
without:

proto String
dev String
persist-tun NilClass
nobind NilClass
resolv-retry String
compress NilClass
comp-lzo String
user String
group String
persist-key NilClass
cert String
key String
ca String
ns-cert-type String
verb String
log-append String
script-security String
plugin NilClass
up String
down String

Without the deep_merge "if @openvpnConf[parameter]" works as expected.

helmut@h2786452:~$ puppet -V
4.10.12
helmut@h2786452:~$

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcew6gvygcft005%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Christopher Wood wrote:

> Nice catch, wouldn't have figured on that.

You gave the hint with "if value.is_a? String" ;)

And now? Is that expected? What can I do, "if
@openvpnConf[parameter].is_a? Symbol"?! And what is a symbol and how do
I check if it empty?

Even more questionmark now...

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcewqhvz9cts006%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Henrik Lindberg wrote:

> On 2018-07-13 19:39, Helmut Schneider wrote:
> > Christopher Wood wrote:
> > 
> > > Nice catch, wouldn't have figured on that.
> > 
> > You gave the hint with "if value.is_a? String" ;)
> > 
> > And now? Is that expected? What can I do, "if
> > @openvpnConf[parameter].is_a? Symbol"?! And what is a symbol and
> > how do I check if it empty?
> > 
> > Even more questionmark now...
> > 
> 
> You may be getting the symbol :undef which is used in some parts of
> puppet to represent puppet undef. In puppet 4x we changed a lot
> around undef/nil.
> 
> Which version of puppet are you on?

helmut@h2786452:~$ puppet -V
4.10.12
helmut@h2786452:~$

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcf2c9w6sqeg007%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Henrik Lindberg wrote:

> On 2018-07-14 13:47, Johan Fleury wrote:
> > I meant bool2str, sorry.
> > 
> >
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/README.md#bool2str
> > 
> 
> Helmut, before digging yourself deeper into problems by using work
> around on top of problems - do consider using EPP since it protects
> you from the issues of needing to know how puppet represents things
> in Ruby; which is complicated as puppet handles things differently in
> different parts of the code base for backwards compatibility reasons.
> 
> Many of the functions in stdlib are smelly as they are sometimes quite
> imprecise and not always correct. The "bool2str" however, does what
> it is supposed to, but will error if not given a boolean true or
> false.  That is, it will error if given empty string, undef, or the
> ruby symbol :undef. (Thus, in your case, you may get another
> surprise/error if you try to use that function).
> 
> In puppet language (in EPP) you can do this:
> 
> $result = if $val { 'it is truthy' } else { 'it is falsey' }

I find the existing documentation in the net very confusing so I
havent' used epp yet. E.g. according to
https://puppet.com/docs/puppet/5.4/lang_template_epp.html this should
work:

content => epp("openvpn/etc/openvpn/config.epp", { openvpnConf =>
$openvpnConf, openvpnMode => $openvpnMode, instance => $instance }),

<%- | Hash $openvpnConf,
  String $openvpnMode,
  String $category,
  String $parameters,
  String $instance
| -%>

<% ({
'Misc' => [
'script-security',
'plugin',
'up',
'down',
],
}).each |$category, $parameters| { -%>
<%= $category %>
<% } -%>

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Error while evaluating a
Function Call, epp(): Invalid EPP: Ambiguous EPP parameter expression.
Probably missing '<%-' before parameters to remove leading whitespace
at
/etc/puppetlabs/code/modules/openvpn/templates/etc/openvpn/config.epp:6:
6 at /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:28:22 on
node h2786452.stratoserver.net

The same documentation uses different sysntax, once without '$'

$servers.each |server|

and then with '$'

$ntp::restrict.flatten.each |$restrict|

What is correct? And what is wrong with the code above? Do I need to
declare only variables that I pass to the epp or also those I create
within the epp?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lchjp4yls1g2008%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Henrik Lindberg wrote:

> On 2018-07-15 15:45, Helmut Schneider wrote:
> > <%- | Hash $openvpnConf,
> 
> It is important that there is no text before the opening <%-
> Not sure if you have a blank line there. If so you will get a syntax
> error because of the text output before the declaration of the
> parameters.

Thank you.

I managed to get it work with the following code:

<%- | Hash $openvpnConf, String $openvpnMode, String $instance | -%>
<% ({
'Mode' => [
"$openvpnMode",
],
}).each |$category, $parameters| { -%>
### <%= $category %> ###
<% $parameters.each |$parameter| { -%>
<% if $parameter == 'remote' { -%>
<%= $parameter %> <%= $openvpnConf['server'] %> <%=
$openvpnConf['port'] %>
<% } else { -%>
<%= $parameter %> <%= $openvpnConf[$parameter] %>
<% } -%>
<% } %>
<% } -%>

What does not work yet is to add something after <%- | [...] | -%>,
everything I add (here <%= $openvpnMode %>) gives an error. E.g.:

<%- | Hash $openvpnConf, String $openvpnMode, String $instance | -%>
<%= $openvpnMode %>
<% ({
'Mode' => [
"$openvpnMode",
],
}).each |$category, $parameters| { -%>
### <%= $category %> ###
<% $parameters.each |$parameter| { -%>
<% if $parameter == 'remote' { -%>
<%= $parameter %> <%= $openvpnConf['server'] %> <%=
$openvpnConf['port'] %>
<% } else { -%>
<%= $parameter %> <%= $openvpnConf[$parameter] %>
<% } -%>
<% } %>
<% } -%>

fails with

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Error while evaluating a
Function Call, epp(): Invalid EPP: Ambiguous EPP parameter expression.
Probably missing '<%-' before parameters to remove leading whitespace
at
/etc/puppetlabs/code/modules/openvpn/templates/etc/openvpn/config.epp:2:
20 at /etc/puppetlabs/code/modules/openvpn/manifests/init.pp:29:22 on
node h2786452

How can I fix this?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lciprn72y0u000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] undef / nil / empty in template

[Helmut Schneider]

Henrik Lindberg wrote:

> On 2018-07-16 10:21, Helmut Schneider wrote:
> > How can I fix this?
> > 
> 
> It is a bug, please file a ticket in puppet's Jira for project PUP.

https://tickets.puppetlabs.com/browse/PUP-9005

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcit4obnqr7001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] epp: has_key

[Helmut Schneider]

Hi,

---
profiles:
  vpn:
openvpn:
  defaults:
client:
  dev:   'tun'
  proto: 'udp'
  resolv-retry:  'infinite'
  nobind:
  user:  'nobody'
  group: 'nogroup'
  persist-key:
  persist-tun:
  ca:'/etc/openvpn/ca-charlieroot.de.crt'
  cert:  '/etc/openvpn/mail.helmut-ritter.de.crt'
  key:   '/etc/openvpn/mail.helmut-ritter.de.key'
  ns-cert-type:  'server'
  # OpenVPN <= 2.3
  comp-lzo:  'yes'
  # OpenVPN > 2.3
  # compress:  'lz4'
  log-append:'/var/log/openvpn.log'
  verb:  '4'
  script-security:   '2'
  up:'/etc/openvpn/update-resolv-conf'

The eep is called by

content => epp("openvpn/etc/openvpn/config.epp", { openvpnConf =>
$openvpnConf, openvpnMode => $openvpnMode, instance => $instance }),

The epp:

<%- | Hash $openvpnConf, String $openvpnMode, String $instance | -%>
<% ({
'Mode' => [
"$openvpnMode",
],
'Connection' => [
'remote',
'proto',
'dev',
'persist-tun',
'nobind',
'resolv-retry',
'compress',
'comp-lzo',
],
'Privileges' => [
'user',
'group',
'persist-key',
],
'Authentication' => [
'cert',
'key',
'ca',
'ns-cert-type',
],
'Logging' => [
'verb',
'log-append',
],
'Misc' => [
'script-security',
'plugin',
'up',
'down',
],
}).each |$category, $parameters| { -%>
### <%= $category %> ###
<%#= $openvpnConf %>
<% $parameters.each |$parameter| { -%>
<% if $parameter == 'remote' { -%>
<%= $parameter %> <%= $openvpnConf['server'] %> <%=
$openvpnConf['port'] %>
<% } elsif $openvpnConf[$parameter] { -%>
<%= $parameter %> <%= regsubst($openvpnConf[$parameter],
'__INSTANCE__', $instance) %>
<% } elsif defined($openvpnConf[$parameter]) { -%>
<%= $parameter %>
<% } -%>
<% } %>
<% } -%>

The problem: compress does not exist in the hiera but is printed in the
epp. How can I test if the key "compress" exists in the
$openvpnConf-Hash?

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcn8do1cf5g5000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] epp: has_key

[Helmut Schneider]

R.I. Pienaar wrote:

> 
> > On 19 Jul 2018, at 21:19, Henrik Lindberg
> >  wrote:
> > 
> >> On 2018-07-19 17:15, Helmut Schneider wrote:
> >> Hi,
> >> ---
> >> profiles:
> >>   vpn:
> >> openvpn:
> >>   defaults:
> >> client:
> >>   dev:   'tun'
> >>   proto: 'udp'
> >>   resolv-retry:  'infinite'
> >>   nobind:
> >>   user:  'nobody'
> >>   group: 'nogroup'
> >>   persist-key:
> >>   persist-tun:
> >>   ca:'/etc/openvpn/ca-charlieroot.de.crt'
> >>   cert:
> '/etc/openvpn/mail.helmut-ritter.de.crt' >>   key:
> '/etc/openvpn/mail.helmut-ritter.de.key' >>   ns-cert-type:
> 'server' >>   # OpenVPN <= 2.3
> >>   comp-lzo:  'yes'
> >>   # OpenVPN > 2.3
> >>   # compress:  'lz4'
> >>   log-append:'/var/log/openvpn.log'
> >>   verb:  '4'
> >>   script-security:   '2'
> >>   up:'/etc/openvpn/update-resolv-conf'
> >> The eep is called by
> >> content => epp("openvpn/etc/openvpn/config.epp", { openvpnConf =>
> >> $openvpnConf, openvpnMode => $openvpnMode, instance => $instance
> }), >> The epp:
> >> <%- | Hash $openvpnConf, String $openvpnMode, String $instance |
> -%> >> <% ({
> >> 'Mode' => [
> >> "$openvpnMode",
> >> ],
> >> 'Connection' => [
> >> 'remote',
> >> 'proto',
> >> 'dev',
> >> 'persist-tun',
> >> 'nobind',
> >> 'resolv-retry',
> >> 'compress',
> >> 'comp-lzo',
> >> ],
> >> 'Privileges' => [
> >> 'user',
> >> 'group',
> >> 'persist-key',
> >> ],
> >> 'Authentication' => [
> >> 'cert',
> >> 'key',
> >> 'ca',
> >> 'ns-cert-type',
> >> ],
> >> 'Logging' => [
> >> 'verb',
> >> 'log-append',
> >> ],
> >> 'Misc' => [
> >> 'script-security',
> >> 'plugin',
> >> 'up',
> >> 'down',
> >> ],
> >> }).each |$category, $parameters| { -%>
> >> ### <%= $category %> ###
> >> <%#= $openvpnConf %>
> >> <% $parameters.each |$parameter| { -%>
> >> <% if $parameter == 'remote' { -%>
> >> <%= $parameter %> <%= $openvpnConf['server'] %> <%=
> >> $openvpnConf['port'] %>
> >> <% } elsif $openvpnConf[$parameter] { -%>
> >> <%= $parameter %> <%= regsubst($openvpnConf[$parameter],
> >> '__INSTANCE__', $instance) %>
> >> <% } elsif defined($openvpnConf[$parameter]) { -%>
> >> <%= $parameter %>
> >> <% } -%>
> >> <% } %>
> >> <% } -%>
> >> The problem: compress does not exist in the hiera but is printed
> in the >> epp. How can I test if the key "compress" exists in the
> >> $openvpnConf-Hash?
> > 
> > You can simply check if the hash has an Undef value for that key.
> > 
> >  $openvpnConf['compress'] == undef

Did not work as I also want to print keys without values.

> Another option:
> 
> If “compress” in $openvpnConf { }

Works for me, thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lcoc3m2d60t5001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Format text in epp

[Helmut Schneider]

Hi,

is there a way to format text in epp? Something like

a  100
abc20
defgds 30

Thank you!

<%- | Hash $postfixTransport
| -%>
# This file is managed by Puppet, don't edit it by hand.
# All changes will be overwritten!

<% if ($postfixTransport) { -%>
<% $postfixTransport.each |$domain, $target| { -%>
<%= $domain %>  <%= $target %>
<% } -%>
<% } -%>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ld6o4njlzigd000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Format text in epp

[Helmut Schneider]

jcbollinger wrote:

> On Wednesday, August 1, 2018 at 5:05:32 AM UTC-5, Helmut Schneider
> wrote:
> > 
> > Hi, 
> > 
> > is there a way to format text in epp? Something like 
> > 
> > a  100 
> > abc20 
> > defgds 30 
> > 
> > Thank you! 
> > 
> > <%- | Hash $postfixTransport 
> > | -%> 
> > # This file is managed by Puppet, don't edit it by hand. 
> > # All changes will be overwritten! 
> > 
> > <% if ($postfixTransport) { -%> 
> > <% $postfixTransport.each |$domain, $target| { -%> 
> > <%= $domain %>  <%= $target %> 
> > <% } -%> 
> > <% } -%> 
> > 
> > 
> EPP has access to all operators, functions, and types available in
> the current Puppet environment, both built-in and module-provided.
> Among Puppet's built-in functions is sprintf 
> <https://puppet.com/docs/puppet/5.5/function.html#sprintf>, which is
> a wrapper for Ruby's Kernel::sprintf
> <https://apidock.com/ruby/Kernel/sprintf>, which in turn is inspired
> by C's sprintf.  It can perform the kind of formatting you're looking
> for, perhaps something like this:
> 
> <% $postfixTransport.each |$domain, $target| { -%>
> <%= sprintf("%-10s %4d", $domain, $target) %>
> <% } -%>

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ld8ddjlg0p9o000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Include Hiera Classes

[Helmut Schneider]

Hi,

I want to include hiera classes.

---
roles::webserver::apache::classes:
  - my_apache
roles::backup::bacula::classes:
  - bacula
roles::timeserver::ntpd::classes:
  - ntpd
roles::databaseserver::mysql::classes:
  - mysqld

I used to use the follwoing (ugly) code in nodes.pp to do so:

  if ($roles) {
$roles.each |$category, $classes| {
  if ($classes) and (category) {
$classes.each |$class| {
  if ($class) {
hiera_include ("roles::${category}::${class}::classes", {})
  }
}
  }
}
  }

Is there a better way e.g. using lookup?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lddu4bbmleo000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] is_numeric

[Helmut Schneider]

Hi,

I want to check if a variable is numeric. The manpage says is_numeric
is deprectaed and I shall user validate_legacy. But

<% if validate_legacy(Numeric, 'validate_numeric', $subsetting) { -%>

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Error while evaluating a
Function Call, validate_legacy(validate_numeric) expects a Numeric
value, got String at
/etc/puppetlabs/code/modules/bacula/templates/etc/bacula/bacula-dir.conf
.epp:25:7 on node bsdhelmut1164

What is the proper way to check if something is numeric?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lddxg1g5gp4001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Issue with lookup / hiera in yaml

[Helmut Schneider]

Hi,

common.yaml:
variable:
  baculaWorkingDirectory: '/var/lib/bacula'

variables:
  baculaWorkingDirectory: '/var/lib/bacula'

config.pp:
[...]
  $variables = lookup({
"name" => "variables",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
#  "sort_merged_arrays" => true,
},
"default_value" => [],
  })
[...]

bacula.pp:
class bacula inherits config {
  $test1 = lookup('variable.baculaWorkingDirectory')
  #$test2 = lookup('variables.baculaWorkingDirectory')
  $baculaWorkingDirectory = $variables['baculaWorkingDirectory']
  notify {"Test": message => $test1}
  #notify {"Test": message => $test2}
  notify {"baculaWorkingDirectory": message => $baculaWorkingDirectory}
}

Notice: /var/lib/bacula
Notice: /Stage[main]/Bacula/Notify[Test]/message: defined 'message' as
'/var/lib/bacula'
Debug: /Stage[main]/Bacula/Notify[Test]: The container Class[Bacula]
will propagate my refresh event
Notice: /var/db/bacula
Notice: /Stage[main]/Bacula/Notify[baculaWorkingDirectory]/message:
defined 'message' as '/var/db/bacula'

If I uncomment #test2:

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Function lookup() did not find a value for the
name 'variables.baculaWorkingDirectory' on node
bsdhelmut1164.charlieroot.de

What am I missing?

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ldqjfd8vw7x000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Include Hiera Classes

[Helmut Schneider]

Jo Rhett wrote:

> Well the exact answer to your question is:
> 
> lookup("roles::${category}::${class}::classes", Array,
> 'unique').include()
> 
> However, the code you've shown is implementing a hierarchy for class
> assignment duplicative of the Hiera hierarchy. Why not use Hiera's
> hierarchy to your advantage?
> 
> hiera.yaml:
>hierarchy:
> - name: "Role data"
>   path: "roles/%{facts.category}.yaml"
> 
> Then have an array named classes, and just use
> 
>   lookup('classes', Array, 'unique').include()
> 
> Much easier. Don't make your own hierarchy, make use of Hiera.

What is the difference / advantage of

hierarchy:
  - name: "Role data"
path: "roles/%{facts.category}.yaml"

and

hierarchy:
  name: "Role data"
  path: "roles/%{facts.category}.yaml"

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ldqofkfp40e001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with lookup / hiera in yaml

[Helmut Schneider]

Helmut Schneider wrote:

> common.yaml:
> variable:
>   baculaWorkingDirectory: '/var/lib/bacula'
> 
> variables:
>   baculaWorkingDirectory: '/var/lib/bacula'
> 
> config.pp:
> [...]
>   $variables = lookup({
> "name" => "variables",
> "merge" => {
>   "strategy" => "deep",
>   "knockout_prefix" => "--",
> #  "sort_merged_arrays" => true,
> },
> "default_value" => [],
>   })
> [...]
> 
> bacula.pp:
> class bacula inherits config {
>   $test1 = lookup('variable.baculaWorkingDirectory')
>   #$test2 = lookup('variables.baculaWorkingDirectory')
>   $baculaWorkingDirectory = $variables['baculaWorkingDirectory']
>   notify {"Test": message => $test1}
>   #notify {"Test": message => $test2}
>   notify {"baculaWorkingDirectory": message =>
> $baculaWorkingDirectory} }
> 
> Notice: /var/lib/bacula
> Notice: /Stage[main]/Bacula/Notify[Test]/message: defined 'message' as
> '/var/lib/bacula'
> Debug: /Stage[main]/Bacula/Notify[Test]: The container Class[Bacula]
> will propagate my refresh event
> Notice: /var/db/bacula
> Notice: /Stage[main]/Bacula/Notify[baculaWorkingDirectory]/message:
> defined 'message' as '/var/db/bacula'
> 
> If I uncomment #test2:
> 
> Error: Could not retrieve catalog from remote server: Error 500 on
> SERVER: Server Error: Function lookup() did not find a value for the
> name 'variables.baculaWorkingDirectory' on node
> bsdhelmut1164.charlieroot.de
> 
> What am I missing?

I don't get it:

$test3 = lookup('variables')
notify {"Test3": message => $test3}

Notice: /Stage[main]/Bacula/Notify[variables]/message: defined
'message' as '{"debug"=>0, "baculaConfPath"=>"/etc/bacula",
"baculaClientService"=>"bacula-fd",
"baculaDirectorService"=>"bacula-dir",
"baculaStorageService"=>"bacula-sd",
"baculaClientPackage"=>"bacula-client",
"baculaServerPackage"=>"bacula-server",
"baculaWorkingDirectory"=>"/var/lib/bacula", "baculaGID"=>"bacula",
"baculaUID"=>"bacula", "apachePackage"=>"apache2",
"apacheService"=>"apache2", "fail2banConfPath"=>"/etc/fail2ban",
"fail2banPackage"=>"fail2ban", "fail2banService"=>"fail2ban",
"logrotatePackage"=>"logrotate", "openvpnPackage"=>"openvpn",
"openvpnService"=>"openvpn", "openvpnConfPath"=>"/etc/openvpn",
"perlDbiPackage"=>"libdbi-perl",
"perlDbdMysqlPackage"=>"libdbd-mysql-perl", "puppetService"=>"puppet",
"rootUID"=>"root", "rootGID"=>"root", "rsyslogPackage"=>"rsyslog",
"rsyslogService"=>"rsyslog", "snmpdConfPath"=>"/etc/snmp",
"snmpdService"=>"snmpd", "spamassassinPackage"=>"spamassassin",
"syslogUID"=>"syslog", "syslogGID"=>"adm", "ufwConfPath"=>"/etc/ufw",
"ufwPackage"=>"ufw", "ufwService"=>"ufw", "postfixPackage"=>"postfix",
"postfixService"=>"postfix", "postfixConfPath"=>"/etc/postfix",
"amavisdPackage"=>"amavisd-new", "arjPackage"=>"arj",
"p7zipPackage"=>"p7zip-full", "amavisdConfPath"=>"/etc/amavis/conf.d",
"amavisdService"=>"amavis", "appEtcConfPath"=>"/etc",
"bindConfPath"=>"/etc/bind", "bindPackage"=>"bind9",
"bindService"=>"bind9", "clamavConfPath"=>"/etc/clamav",
"clamavPackage"=>"clamav-daemon",
"clamavService"=>"clamav-daemon-chroot",
"clamavServiceOrg"=>"clamav-daemon", "cronConfPath"=>"/etc/cron.d",
"defaultsEtcConfPath"=>"/etc/default",
"freshclamService"=>"clamav-freshclam-chroot",
"freshclamServiceOrg"=>"clamav-freshclam", "initPath"=>"/etc/init.d",
"logrotateConfPath"=>"/etc/logrotate.d",
"perlSitePath"=>"/usr/local/lib/site_perl",
"postfixLdapSearchPackages"=>["libconfig-inifiles-perl",
"libmime-lite-perl", "libnet-ldap-perl"],
"rsyslogConfPath"=>"/etc/rsyslog.d", "sasl2Service"=>"saslauthd",
"snmpdPackage"=>"snmpd",
"spamassassinConfPath"=>"/etc/mail/spamassassin",
"sudoersConfPath"=>"/etc/sudoers.d"}'

$test2 = lookup('variables.debug')
notify {"Test2": message => $test2}

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Function lookup() did not find a value for the
name 'variables.debug' on node h2786452

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ldruw91k4ksb000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with lookup / hiera in yaml

[Helmut Schneider]

Henrik Lindberg wrote:

> If your data looks like this:
> 
> >> variables:
> >>baculaWorkingDirectory: '/var/lib/bacula'
> 
> Then you do not have a variables.debug key - you can lookup
> variables, or variables.baculaWorkingDirectory

common.yaml:

---
netconfig:
variables:
  debug:   0
  baculaConfPath: '/etc/bacula'
  baculaClientService:'bacula-fd'
  baculaDirectorService:  'bacula-dir'
  baculaStorageService:   'bacula-sd'
  baculaClientPackage:'bacula-client'
  baculaServerPackage:'bacula-server'
  baculaWorkingDirectory: '/var/lib/bacula'
  baculaGID:  'bacula'
  baculaUID:  'bacula'
  apachePackage:   'httpd'
  apacheService:   'httpd'
  fail2banConfPath:'/etc/fail2ban'
  fail2banPackage: 'fail2ban'
  fail2banService: 'fail2ban'
  logrotatePackage:'logrotate'
  openvpnPackage:  'openvpn'
  openvpnService:  'openvpn'
  openvpnConfPath: '/etc/openvpn'
  perlDbiPackage:  'libdbi-perl'
  perlDbdMysqlPackage: 'libdbd-mysql-perl'
  puppetService:   'puppet'
  rootUID: 'root'
  rootGID: 'root'
  rsyslogPackage:  'rsyslog'
  rsyslogService:  'rsyslog'
  snmpdConfPath:   '/etc/snmp'
  snmpdService:'snmpd'
  spamassassinPackage: 'spamassassin'
  syslogUID:   'root'
  syslogGID:   'root'
  ufwConfPath: '/etc/ufw'
  ufwPackage:  'ufw'
  ufwService:  'ufw'

I meanwhile found out that

lookup('variables.baculaWorkingDirectory', String, 'deep')

works while

lookup('variables.baculaWorkingDirectory')

does not. The problem is that in apps/bacula.yaml

WorkingDirectory: "%{lookup('variables.baculaWorkingDirectory')}"

works (but gives an emtpy string as 'variables.baculaWorkingDirectory'
is not found) while

WorkingDirectory: "%{lookup('variables.baculaWorkingDirectory', String,
'deep')}"

does not:

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Error while evaluating a
Function Call, Lookup of key 'profiles' failed: Syntax error in string:
%{lookup('variables.baculaWorkingDirectory', String, 'deep')} at
/etc/puppetlabs/code/modules/config/manifests/init.pp:43:15 on node
h2786452

apps/bacula.yaml:

---
profiles:
  backup:
bacula:
  defaults:
[...]
Client:
  FileDaemon:
"%{::fqdn}-fd":
  FDport:9102
  #WorkingDirectory:
"%{lookup('variables.baculaWorkingDirectory')}"
  WorkingDirectory:
"%{lookup('variables.baculaWorkingDirectory', String, 'deep')}"
[...]

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ldrwks1mf082001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with lookup / hiera in yaml

[Helmut Schneider]

Henrik Lindberg wrote:

> You cannot give arguments to lookup as an interpolation function
> inside of data. Use the commented out variant. Then use
> lookup_options (in your data) to configure that lookup of 'variables'
> should always be a 'deep' merge.

Great, works now, thanks a lot!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ldrz2d1pqa2f002%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] exec and variables

[Helmut Schneider]

Hi,

I want to exec something with a variable. If found the following link
and tried to implement:

https://stackoverflow.com/questions/33557093/puppet-notify-a-class-with-parameters

  file { "${apacheConfPath}/conf-available/${file}":
mode   => '0640',
owner  => $rootUID,
group  => $rootGID,
source =>
"puppet:///modules/my_apache/${operatingsystem}/${apacheConfPath}/conf.d/${file}",
#notify => a2enmod["$file"],
#notify => a2enmod['99-status.conf'],
  }
  exec { "a2enconf_${title}":
path=> '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
refreshonly => true,
command => "a2enconf ${title}",
#subscribe   => File['99-status.conf'],
subscribe   => File["$file"],
  }

Error: Failed to apply catalog: Could not find dependency
File[99-status.conf] for Exec[a2enconf_my_apache::config_files] at
/etc/puppetlabs/code/modules/my_apache/manifests/config_files.pp:130

Can someone point me to the right direction?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lixerc48gqno000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] exec and variables

[Helmut Schneider]

Ben Ford wrote:

> Sure. When you make a reference (the upper case File syntax), it has
> to point to a thing that exists. The reference is a resource type
> (File) and a resource title (99-status.conf), but you've not defined
> a resource with that title. Basically, it's like making a symlink to
> a file that doesn't exist. To fix it, you just need to change your
> code so the reference and the resource title agree on a title.
> 
> Read more about relationships at
> https://puppet.com/docs/puppet/5.5/lang_relationships.html and about
> the reference syntax at
> https://puppet.com/docs/puppet/5.5/lang_data_resource_reference.html

That helped, thanks:

$filesConfd0640 = [
  "99-status.conf",
]
$filesConfd0640.each |String $file| {
  file { "${apacheConfPath}/conf-available/${file}":
mode   => '0640',
owner  => $rootUID,
group  => $rootGID,
content => epp("${module_name}/etc/apache2/conf.d/${file}.epp",
{ apacheCfg => $apacheCfg, apacheConfPath => $apacheConfPath }),
notify  => Exec['/usr/local/bin/apache.sh -c restart']
  }
  exec { "a2enconf ${file}":
path=> '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
refreshonly => true,
command => "a2enconf ${file}",
subscribe   => File["${apacheConfPath}/conf-available/${file}"],
  }
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0liyhy558fy2w000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] resolve hostname via custom fact

[Helmut Schneider]

Hi,

I want to resolve a hostname via a custom fact:

require "resolv"

Facter.add("puppet_master_ip") do
  setcode do
Resolv::DNS.open(:nameserver => ['8.8.8.8']) do |dns|
  ip = dns.getaddresses("www.puppet.org")
end
  end
end

How do I get the output? I just want to get the first IP.

helmut@h2786452:~$ facter puppet_master_ip
[

]
helmut@h2786452:~$ facter puppet_master_ip --debug --trace
2018-12-23 16:22:57.816747 INFO  puppetlabs.facter - executed with
command line: puppet_master_ip --debug --trace.
2018-12-23 16:22:57.820403 INFO  leatherman.ruby:138 - ruby loaded from
"/opt/puppetlabs/puppet/lib/libruby.so.2.1.0".
2018-12-23 16:22:57.880073 INFO  leatherman.ruby:187 - using ruby
version 2.1.9
2018-12-23 16:22:57.880231 INFO  puppetlabs.facter - requested queries:
puppet_master_ip.
2018-12-23 16:22:57.880317 DEBUG puppetlabs.facter - fact
"facterversion" has resolved to "3.6.10".
2018-12-23 16:22:57.880364 DEBUG puppetlabs.facter - fact
"aio_agent_version" has resolved to "1.10.14".
2018-12-23 16:22:57.881923 DEBUG leatherman.file_util:65 - Error
reading file: No such file or directory
2018-12-23 16:22:57.882710 DEBUG puppetlabs.facter - loading all custom
facts.
2018-12-23 16:22:57.882751 DEBUG puppetlabs.facter - loading custom
fact directories from config file
2018-12-23 16:22:57.883863 DEBUG puppetlabs.facter - searching for
custom facts in /opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0/facter.
2018-12-23 16:22:57.884066 INFO  puppetlabs.facter - loading custom
facts from
/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0/facter/external_ip4.rb.
2018-12-23 16:22:57.962679 INFO  puppetlabs.facter - loading custom
facts from
/opt/puppetlabs/puppet/lib/ruby/site_ruby/2.1.0/facter/puppet_master_ip.
rb.
2018-12-23 16:22:58.295668 DEBUG puppetlabs.facter - fact
"external_ip4" has resolved to "81.169.210.177".
2018-12-23 16:22:58.555197 DEBUG puppetlabs.facter - fact
"puppet_master_ip" has resolved to [

].
2018-12-23 16:22:58.555380 DEBUG puppetlabs.facter - skipping external
facts for "/home/helmut/.puppetlabs/opt/facter/facts.d": No such file
or directory
2018-12-23 16:22:58.555445 DEBUG puppetlabs.facter - skipping external
facts for "/home/helmut/.facter/facts.d": No such file or directory
2018-12-23 16:22:58.555478 DEBUG puppetlabs.facter - no external facts
were found.
[

]
helmut@h2786452:~$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lj1k498fj8t8000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] resolve hostname via custom fact

[Helmut Schneider]

Ben Ford wrote:

> > I want to resolve a hostname via a custom fact:
> > require "resolv"
> > Facter.add("puppet_master_ip") do
> >   setcode do
> > Resolv::DNS.open(:nameserver => ['8.8.8.8']) do |dns|
> >   ip = dns.getaddresses("www.puppet.org")
> > end
> >   end
> > end
> > How do I get the output? I just want to get the first IP.
> 
> Ruby has a habit that it picked up from its Perl ancestor of
> implicitly returning the last expression from a block or function.
> That's a neat shortcut, but that's also why you see so much Ruby code
> that just seems to stop and doesn't show returning of data. Because
> it's the last expression evaluated, your fact is simply returning an
> array of Resolv objects, which Facter doesn't know what to do with.
> 
> To make your code work, you just need to do two things:
> 
> require "resolv"
> Facter.add("puppet_master_ip") do
>   setcode do
> 
> *ip = nil # Declare your variable outside the block to
> keep its scope available*Resolv::DNS.open(:nameserver =>
> ['8.8.8.8']) do |dns|   ip = dns.getaddresses("www.puppet.org")
> end
> 
> *ip.first.to_s# implicitly return the string value of the
> first item*  end
> end
> 
> You should also put your fact in a module and let Puppet pluginsync it
> automatically. You'll need to run facter with the -p flag.
>
https://puppet.com/docs/puppet/latest/plugins_in_modules.html#adding-plug-ins-to-a-module
> 
> Cheers!

Thanks a lot and happy holidays!

helmut@h2786452:~$ facter puppet_master_ip
52.24.136.51
helmut@h2786452:~$

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lj2uk09pf8j7001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] [augeas] edit YAML file

[Helmut Schneider]

Hi,

I want to edit a YAML file:

network:
  version: 2
  renderer: networkd
  ethernets:
eth0:
  dhcp4: yes
  dhcp6: yes

Id like to add a line:

network:
  version: 2
  renderer: networkd
  ethernets:
eth0:
  dhcp4: yes
  dhcp6: yes
  dhcp-identifier: mac

How can I do so?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lpwsm9ld5lb8000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] knockout_prefix

[Helmut Schneider]

Hi,

hiera.conf:
:hierarchy:
  - nodes/%{::fqdn}
  - apps/apache
  - common

apache.yaml:
---
lookup_options:
  variables:
merge:
  strategy:"deep"
  knockout_prefix: "--"
[...]
profiles:
  webserver:
apache:
  server:
configfiles:
  enable:
02-listen.conf:
  Listen:
- abc
- 'localhost:80'
- 'localhost:443'

host.yaml:
profiles:
  webserver:
apache:
  server:
configfiles:
  enable:
02-listen.conf:
  Listen:
- --abc
- '--localhost:80'
- '--localhost:443'
- "80"
- "443"

init.pp:
[...]
  $profiles = lookup({
"name" => "profiles",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
#  "sort_merged_arrays" => true,
},
"default_value" => [],
  })
[...]

Result:

"02-listen.conf"=>{"Listen"=>["abc", "localhost:80", "localhost:443",
"443"]}

So I expected 'abc', "localhost:80" "localhost:443" to be removed while
'80' was.

helmut@puppet:~$ sudo /opt/puppetlabs/bin/puppetserver -v
puppetserver version: 2.8.1
helmut@puppet:~$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lpxxl8ww6go001%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] knockout_prefix

[Helmut Schneider]

Helmut Schneider wrote:

> hiera.conf:
> :hierarchy:
>   - nodes/%{::fqdn}
>   - apps/apache
>   - common
> 
> apache.yaml:
> ---
> lookup_options:
>   variables:
> merge:
>   strategy:"deep"
>   knockout_prefix: "--"
> [...]
> profiles:
>   webserver:
> apache:
>   server:
> configfiles:
>   enable:
> 02-listen.conf:
>   Listen:
> - abc
> - 'localhost:80'
> - 'localhost:443'
> 
> host.yaml:
> profiles:
>   webserver:
> apache:
>   server:
> configfiles:
>   enable:
> 02-listen.conf:
>   Listen:
> - --abc
> - '--localhost:80'
> - '--localhost:443'
> - "80"
> - "443"
> 
> init.pp:
> [...]
>   $profiles = lookup({
> "name" => "profiles",
> "merge" => {
>   "strategy" => "deep",
>   "knockout_prefix" => "--",
> #  "sort_merged_arrays" => true,
> },
> "default_value" => [],
>   })
> [...]
> 
> Result:
> 
> "02-listen.conf"=>{"Listen"=>["abc", "localhost:80", "localhost:443",
> "443"]}
> 
> So I expected 'abc', "localhost:80" "localhost:443" to be removed
> while '80' was.
> 
> helmut@puppet:~$ sudo /opt/puppetlabs/bin/puppetserver -v
> puppetserver version: 2.8.1
> helmut@puppet:~$

hiera.conf:
:hierarchy:
  - nodes/%{::fqdn}
  - "%{::operatingsystem}"
  - apps/apache
  - common

Ubuntu.yaml:
profiles:
  webserver:
apache:
  server:
configfiles:
  enable:
03-chroot.conf:
  LoadFile:
- '/lib/x86_64-linux-gnu/libgcc_s.so.1'
- '/lib/x86_64-linux-gnu/libnss_dns.so.2'

host.yaml:
profiles:
  webserver:
apache:
  server:
configfiles:
  enable:
03-chroot.conf:
  LoadFile:
- '--/lib/x86_64-linux-gnu/libgcc_s.so.1'
- '--/lib/x86_64-linux-gnu/libnss_dns.so.2'
- '/lib/i386-linux-gnu/libgcc_s.so.1'
- '/lib/i386-linux-gnu/libnss_dns.so.2'


Works fine. Hmmm

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lpxyyayq18t002%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] [augeas] edit YAML file

[Helmut Schneider]

Ben Ford wrote:

> The https://forge.puppet.com/fiddyspence/hash_file module makes it
> very easy to manage yaml files.

Will check. Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lpxxcdwjcu8000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] facter to return version of an installed package

[Helmut Schneider]

Hi,

before I reinvent the wheel:

Does anyone know a custom fact that returns the version of an installed
package (if it is installed)?

I assume it would be something like

Facter.add(:package_version) do
  setcode do
osfamily = Facter.value(:osfamily)
case osfamily
when /ubuntu|debian/
  Facter::Util::Resolution.exec("dpkg -l '*$my_package*' | grep
^ii")
when 'freebsd'
  Facter::Util::Resolution.exec("pkg info -ix $my_package*")
end
  end
end

but I have not found out yet how to pass a variable to facter.

helmut@ubuntu:~$ puppet -V
6.4.2
helmut@ubuntu:~$ facter -v
3.13.2
helmut@ubuntu:~$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ltx8j23azj63000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter to return version of an installed package

[Helmut Schneider]

Ben Ford wrote:

> To be sure, this pattern doesn't always work and you don't always have
> control over the full system. What's your use case that you're trying
> to solve?

if $operatingsystem == "Ubuntu" {
  if versioncmp($facts['os']['release']['full'], '18') >= 0 {
file { "/etc/netplan/windows-dhcp.yaml":
  mode=> '0644',
  owner   => "${rootUID}",
  group   => "${rootGID}",
  content =>
epp("${module_name}/etc/netplan/windows-dhcp.yaml.epp"),
}
  }
}

I would like to check if netplan is installed before doing so.

onlyif => 'test -d /etc/netplan',

would help. Or

onlyif => 'test -n "`dpkg -l | grep netplan | grep ^ii`"',

but I thought a custom fact would be more efficient.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0ltyu254zxcub000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter to return version of an installed package

[Helmut Schneider]

Chris Taylor wrote:

> if $operatingsystem == "Ubuntu" { 
>   if versioncmp($facts['os']['release']['full'], '18') >= 0 { 
> package { 'netplan':
>   ensure => present,
> }
> file { "/etc/netplan/windows-dhcp.yaml": 
>   mode=> '0644', 
>   owner   => "${rootUID}", 
>   group   => "${rootGID}", 
>   content => 
> epp("${module_name}/etc/netplan/windows-dhcp.yaml.epp"), 
>   requires => Package['netplan'],
> } 
>   } 
> } 
> 
> If you only want netplan on specific systems, then you'd want that 
> delcaration to be done in such a way to only apply to said systems, I
> leave that as an exercise for the reader, as the mechanism that is
> best depends heavily upon your own setup.

I don't want to install netplan but if it exists do the needful:

  exec { 'test_for_netplan':
path=> ['/usr/bin','/usr/sbin','/bin','/sbin'],
command => "/bin/true",
onlyif  => 'test -n "`dpkg -l | grep netplan | grep ^ii`"',
  }

  if $operatingsystem == "Ubuntu" {
if versioncmp($facts['os']['release']['full'], '18') >= 0 {
  file { "/etc/netplan/windows-dhcp.yaml":
mode=> '0644',
owner   => "${rootUID}",
group   => "${rootGID}",
content =>
epp("${module_name}/etc/netplan/windows-dhcp.yaml.epp"),
require => Exec['test_for_netplan'],
  }
}
  }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lu0bwv6ju0fl000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] facter to return version of an installed package

[Helmut Schneider]

jcbollinger wrote:

> On Thursday, May 16, 2019 at 10:50:45 AM UTC-5, Helmut Schneider
> wrote:
> 
> > I don't want to install netplan but if it exists do the needful: 
> 
> I reiterate Ben Ford's comments: This is generally considered an 
> anti-pattern.
> 
> It is better from an administrative perspective for you to know which 
> systems are supposed to have netplan, and to unconditionally ensure
> that it is both installed and properly configured on those systems.
> You could go so far as to ensure it absent from other machines,
> though whether that's appropriate is a policy question whose answer
> will vary.  In any case, it is not only reasonable but safer for all
> concerned to demand that the identities of machines for which you are
> going to manage netplan configuration be statically known to you.

I see your point and in 99% of my tasks with Puppet I agree.

> With that said, if you insist on treading this path anyway then a
> custom fact is indeed the right way to convey the wanted information
> to Puppet, whether that's the version of netplan that's installed, if
> any, or merely whether netplan is installed at all.  For that you'll
> want either a fact specific to that purpose (e.g.
> $::netplan_version), or a more general fact from which you can glean
> the information (e.g. $::installed_packages).  There is no way to
> parameterize a fact so that it has different meaning depending on how
> it is evaluated.

Nevertheless knowing what packages are installed might help me, too,
and although my ruby knowledge is very rudimentary here is some output:

#!/usr/bin/ruby

Facter.add('installed_packages') do
  confine :osfamily => /freebsd|debian/

  setcode do
begin
  packages_hash = {}
  if Facter.value(:osfamily) == 'Debian'
packages = Facter::Util::Resolution.exec('/usr/bin/dpkg -l |
/bin/grep ^ii | /usr/bin/awk \'{print $2"|"$3}\'')
  elsif Facter.value(:osfamily) == 'FreeBSD'
packages = Facter::Util::Resolution.exec('/usr/sbin/pkg info |
/usr/bin/awk \'{print $1}\' | /usr/bin/sed -E
\'s#-([[:digit:]])#\|\1#g\'')
  end

  packages.each_line do |package|
if package
  name,*version = package.chomp.split(/\|/)
  packages_hash[name] = version.join("")
end
  end
  packages_hash
rescue
end
  end
end

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lu5wgxchwp1000%40news.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] [EPP] Using tagged, defined, a better way to create variables, ... to verify if a class is included

[Helmut Schneider]

Hi,

I hope I can descripe the challenge.

/etc/puppetlabs/code/environments/production/manifests/nodes.pp:
node default {
  include common
}

/etc/puppetlabs/code/modules/common/manifests/init.pp:
class common inherits config {
  include $classes
[...]

/etc/puppetlabs/code/modules/config/manifests/init.pp:
class config {
  $classes = lookup({
"name" => "classes",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
},
"default_value" => [],
  })

/etc/puppetlabs/code/modules/bacula/templates/etc/bacula/fileset-exclude
.epp
<%- | Hash $packages,
  Array $classes
| -%>
<% if !empty(grep($packages['install'], "amavis")) or
!empty(grep($classes, "amavis")) { -%>



But I'm also using roles:

/etc/puppetlabs/code/environments/production/hieradata/nodes/node.yaml
roles:
  mailserver:
- amavisd
  vpn:
- openvpn
  webserver:
- apache

/etc/puppetlabs/code/environments/production/hieradata/roles.yaml:
role_details:
  mailserver:
amavisd:
  classes:
- amavisd
- clamav
- spamassassin

To include all role classes I do:

/etc/puppetlabs/code/modules/common/manifests/init.pp:
class common inherits config {
  include $classes

  if ($roles) {
$roles.dig.keys.each |String $role| {
  $roles[$role].each |String $application| {
$roleClasses = lookup({"name" =>
"role_details.${role}.${application}.classes", "merge" => "deep",
"default_value" => undef})
if ($roleClasses) {
  include $roleClasses
}
  }
}
  }

As I did not find a way put all role-classes to a single variable
(e.g.$roleClasses) I tried to do this in the epp:

<%= tagged("amavisd") %>

It resolves to false. Always.

Does anyone see a way to put all roleClasses into a single variable or
make "tagged" work in the epp or any other way to solve this? I know
the concept of Puppet but there are sometimes challenges where just
describing a state is not sufficient. :)

[helmut@BSDHelmut ~]$ puppet -V
5.5.14
[helmut@BSDHelmut ~]$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lwqh7y7j1qws000%40news.gmane.org.

Re: [Puppet Users] [EPP] Using tagged, defined, a better way to create variables, ... to verify if a class is included

[Helmut Schneider]

Christopher Wood wrote:

> Top post, I'm not skilled enough to read this hence not sure where I'd
> interject. You may be better off using simpler constructs so that
> people with a wider variety of skill levels in your organization can
> contribute.
> 
> What problems are you encountering where describing state is not
> sufficient to correctly configure a host?

I need to put "/var/amavis" into a configuration file (only) if amavisd
is installed. So I'm either looking for a way to do a lookup with
wildcards

$roleClasses = lookup({"name" => "role_details.*.*.classes", "merge" =>
"deep", "default_value" => undef})
[...]
<% if !empty(grep($roleClasses, "amavisd")) { -%>

or to pass tags to an epp template:

<% if tagged("amavisd") %>

If I put "/var/amavis" into this configuration file and amavisd is not
installed it throws an error.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lwqkg17nfd95001%40news.gmane.org.

Re: [Puppet Users] Using bash for custom facts - results are strings, not booleans

[Helmut Schneider]

'Prentice Bisbal' via Puppet Users wrote:

> I'm trying to use bash to create custom facts that are booleans, 
> Unfortunately, when I do, the values are interpreted as strings, and
> not booleans. For example, here is my bash script, gdm.sh:
> 
> #!/bin/bash
> 
> PATH=/usr/bin:/bin:/usr/sbin:/sbin
> 
> rpm --quiet -q gdm
> retval=$?
> if [ $retval -eq 0 ]; then
>      echo gdm_installed=true
> else
>      echo gdm_installed=false
> fi

Does that change anything?

rpm --quiet -q gdm && echo 'gdm_installed=true' || echo
'gdm_installed=false'

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lwrq478qpi2o002%40news.gmane.org.

[Puppet Users] Order in notify

[Helmut Schneider]

Hi,

can I order Execs in a notify?

exec { "Request $quality certificate for $letsencryptCommonName
(SAN: ${join(sort($letsencryptDnsNames), ',')})":
  path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
  onlyif   => "$requestOnlyif",
  command  => "$requestCommand",
  require  => Package["${certbotPackage}"],
#  notify   => [ Exec['/usr/local/bin/apache.sh -c restart'],
Exec["Copy $quality public key for $letsencryptCommonName (SAN:
${join(sort($letsencryptDnsNames), ',')})"], Exec["Copy $quality
private key for $letsencryptCommonName (SAN:
${join(sort($letsencryptDnsNames), ',')})"] ],
  notify   => [ Exec["Copy $quality public key for
$letsencryptCommonName (SAN: ${join(sort($letsencryptDnsNames),
',')})"] -> Exec["Copy $quality private key for $letsencryptCommonName
(SAN: ${join(sort($letsencryptDnsNames), ',')})"] ->
Exec['/usr/local/bin/apache.sh -c restart'] ],
}

The second notify does not produce an error but only executes

Exec['/usr/local/bin/apache.sh -c restart'

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lwukoo2m9m7y000%40news.gmane.org.

[Puppet Users] change from 'notrun' to ['0'] failed

[Helmut Schneider]

Hi,

I want to copy a file if a diff fails:

exec { "Private key
'${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem'
changed, updating":
  path=> '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
  command => "$copyPrivateCommand",
  unless  => "diff -q
${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key > /dev/null",
  notify  => Exec['/usr/local/bin/apache.sh -c restart'],
  logoutput   => true,
}

This results in:

Debug: Executing: 'diff -q
/usr/local/etc/letsencrypt/live/www./privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null'
Error: no implicit conversion of nil into String
Error: /Stage[main]/Letsencrypt/Exec[Private key
'/usr/local/etc/letsencrypt/live/www/privkey.pem' changed,
updating]/returns: change from 'notrun' to ['0'] failed: no implicit
conversion of nil into String (corrective)
Debug: /Stage[main]/Letsencrypt/Exec[Copy live public key for www (SAN:
www)]: 'cp -L /usr/local/etc/letsencrypt/live/www/fullchain.pem
/usr/local/etc/ssl/www.letsencrypt.4096.crt' won't be executed because
of failed check 'refreshonly'

The diff itself runs fine:

[helmut@BSDHelmut ~]$ sudo diff -q
/usr/local/etc/letsencrypt/live/www/privkey.pem
/usr/local/etc/ssl/private/www.letsencrypt.4096.key > /dev/null; echo $?
1
[helmut@BSDHelmut ~]$

Where is the issue?

[helmut@BSDHelmut ~]$ puppet -V
5.5.16
[helmut@BSDHelmut ~]$

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lyako587brxt001%40news.gmane.org.

Re: [Puppet Users] change from 'notrun' to ['0'] failed

[Helmut Schneider]

Bart-Jan Vrielink wrote:

> I cannot fully understand what you are trying to do, as I do not know
> what $copyPrivateCommand is, but I would advice against using an exec
> for copying a file, but just use a file resource instead:

$copyPrivateKeyCommand = "cp -L
${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem
$appEtcConfPath/ssl/private/${letsencryptCommonName}.letsencrypt.$letsen
cryptKeySize.key"

But the copy command does not fail, it is the diff the results in the
error.

I check if the certificate was renewed and then copy it. The
certificate is on the agent system, not the master so I need to do the
exec.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lyf0k2bdc0qg001%40news.gmane.org.

Re: [Puppet Users] change from 'notrun' to ['0'] failed

[Helmut Schneider]

Bart-Jan Vrielink wrote:

> file {
> "${letsencryptConfPath}/live/${letsencryptCommonName}/privkey.pem":
>   ensure => file,   source =>
> "${appEtcConfPath}/ssl/private/${letsencryptCommonName}.letsencrypt.${
> letsencryptKeySize}.key",   notify => Exec['/usr/local/bin/apache.sh
> -c restart'],   # Or better: notify => Service['apache'], }

Uh, now I understand, I can copy files locally! Thanks, this is
REALLY helpful!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/xn0lyg8jccjtc36002%40news.gmane.org.

[Puppet Users] Augeas and SSH

[Helmut Schneider]

Hi,

I want to set some values in sshd_config. Example:

KexAlgorithms
curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256

keys($sshdCfg).each |String $comment| {
  augeas { "$file: $comment":
context => $sshdCfg[$comment]['context'],
changes => [ $sshdCfg[$comment]['changes'] ],
notify  => Service["${sshdService}"],
  }
}

'sshd_config Security Settings':
  context:   '/files/etc/ssh/sshd_config'
  changes:
- 'set KexAlgorithms
curve25519-sha...@libssh.org,diffie-hellman-group-exchange-sha256'

This does not work, error below. I can work around that with

'sshd_config Security Settings':
  context:   '/files/etc/ssh/sshd_config'
  changes:
- 'set KexAlgorithms/1 curve25519-sha...@libssh.org'
- 'set KexAlgorithms/2 diffie-hellman-group-exchange-sha256'

but this does not remove existing values 3, 4, 5, ... How can I solve
that?

Thank you!

Debug: /Stage[main]/My_sshd/Notify[sshd_config PrintMotd]: The
container Class[My_sshd] will propagate my refresh event
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): Opening augeas
with root /, lens path , flags 32
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): Augeas version
1.12.0 is installed
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): Will attempt
to save and only run if files changed
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): sending
command 'set' with params ["/files/etc/ssh/sshd_config/PrintMotd",
"yes"]
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): Skipping
because no files were changed
Debug: Augeas[: sshd_config PrintMotd](provider=augeas): Closed the
augeas connection
Notice: {"context"=>"/files/etc/ssh/sshd_config", "changes"=>["set
KexAlgorithms
curve25519-sha...@libssh.org,curve25519-sha...@libssh.org"]}
Notice: /Stage[main]/My_sshd/Notify[sshd_config Security
Settings]/message: defined 'message' as {
  'context' => '/files/etc/ssh/sshd_config',
  'changes' => ['set KexAlgorithms
curve25519-sha...@libssh.org,curve25519-sha...@libssh.org']
}
Debug: /Stage[main]/My_sshd/Notify[sshd_config Security Settings]: The
container Class[My_sshd] will propagate my refresh event
Debug: Augeas[: sshd_config Security Settings](provider=augeas):
Opening augeas with root /, lens path , flags 32
Debug: Augeas[: sshd_config Security Settings](provider=augeas): Augeas
version 1.12.0 is installed
Debug: Augeas[: sshd_config Security Settings](provider=augeas): Will
attempt to save and only run if files changed
Debug: Augeas[: sshd_config Security Settings](provider=augeas):
sending command 'set' with params
["/files/etc/ssh/sshd_config/KexAlgorithms",
"curve25519-sha...@libssh.org,curve25519-sha...@libssh.org"]
Debug: Augeas[: sshd_config Security Settings](provider=augeas): Put
failed on one or more files, output from /augeas//error:
Debug: Augeas[: sshd_config Security Settings](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error = put_failed
Debug: Augeas[: sshd_config Security Settings](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error/path =
/files/etc/ssh/sshd_config/
Debug: Augeas[: sshd_config Security Settings](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error/lens =
/usr/local/share/augeas/lenses/dist/sshd.aug:142.12-.47:

 { "#comment" = "$FreeBSD: releng/11.2/crypto/openssh/sshd_config
323136 2017-09-02 23:39:51Z des $" }
 {  }
 { "#comment" = "This is the sshd server system-wide configuration
file.  See" }
 { "#comment" = "sshd_config(5) for more information." }
 {  }
 { "#comment" = "This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin" }
 {  }
 { "#comment" = "The strategy used for options in the default
sshd_config shipped with" }
 { "#comment" = "OpenSSH is to specify options with their default
value where" }
 { "#comment" = "possible, but leave them commented.  Uncommented
options override the" }
 { "#comment" = "default value." }
 {  }
 { "#comment" = "Note that some of FreeBSD's defaults differ from
OpenBSD's, and" }
 { "#comment" = "FreeBSD has a few additional options." }
 {  }
 { "#comment" = "Port 22" }
 { "#comment" = "AddressFamily any" }
 { "#comment" = "ListenAddress 0.0.0.0" }
 { "#comment" = "ListenAddress ::" }
 {  }
 { "#comment" = "HostKey /etc/ssh/ssh_host_rsa_key" }
 { "#comment" = "HostKey /etc/ssh/ssh_host_dsa_key" }
 { "#comment" = "HostKey /etc/ssh/ssh_host_ecdsa_key" }
 { "#comment" = "HostKey /etc/ssh/ssh_host_ed25519_key" }
 {  }
 { "#comment" = "Ciphers and keying" }
 { "#comment" = "RekeyLimit default none" }
 {  }
 { "#comment" = "Logging" }
 { "#comment" = "SyslogFacility AUTH" }
 { "#comment" = "LogLevel INFO" }
 {  }
 { "#comment" = "Authentication:" }
 {  }
 { "#comment" = "LoginGraceTime 2m" }
 { "#comment" = "PermitRootLogin no" }
 { "#comment" = "StrictModes yes" }
 { "#comment" = "MaxAuthTries 6"
 { "#com

[Puppet Users] Knocking out values

[Helmut Schneider]

Hi,

using Puppet 5.5 and Hiera 3.4.6:

common.yaml:
profiles:
  webserver:
apache:
  server:
modules:
  enable:
- mpm_event
- status

host.yaml:
profiles:
  webserver:
apache:
  server:
modules:
  enable:
- headers
- include
- mpm_prefork
- ssl
- --mpm_event

config.pp
  $profiles = lookup({
"name" => "profiles",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
},
"default_value" => [],
  })

Notice: {"enable"=>["mpm_event", "status", "headers", "include", 
"mpm_prefork", "ssl"]}
Notice: 
/Stage[main]/My_apache::Config/Notify[apacheCfg/modules]/message: 
defined 'message' as {
  'enable' => ['mpm_event', 'status', 'headers', 'include', 
'mpm_prefork', 'ssl']

}

Why isn't mpm_event being removed?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r40jif%243uj3%241%40ciao.gmane.io.

Re: [Puppet Users] Knocking out values

[Helmut Schneider]

Am 07.03.2020 um 19:00 schrieb Becca Robinson:

I just ran through some testing and try putting single quotes around 
your --mpm_event in Hiera.


host.yaml:
profiles:
  webserver:
    apache:
  server:
    modules:
  enable:
    - headers
    - include
    - mpm_prefork
    - ssl
    -‘--mpm_event'


puppet lookup --node $(hostname -f) --merge deep --knock-out-prefix '--' 
profiles

---
webserver:
   apache:
     server:
       modules:
         enable:
         - status
         - headers
         - include
         - mpm_prefork
         - ssl


Single quotes also do not work for me:

modules:
  enable:
- headers
- include
- mpm_prefork
- ssl
- '--mpm_event'

helmut@puppet:~$ sudo puppet lookup --node h2786452.stratoserver.net 
--merge deep --knock-out-prefix '--' 
profiles.webserver.apache.server.modules

---
enable:
- mpm_event
- status
- headers
- include
- mpm_prefork
- ssl
helmut@puppet:~$

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r437ki%247fk%241%40ciao.gmane.io.

Re: [Puppet Users] Knocking out values

[Helmut Schneider]

Am 07.03.2020 um 19:00 schrieb Becca Robinson:
I just ran through some testing and try putting single quotes around 
your --mpm_event in Hiera.


host.yaml:
profiles:
  webserver:
    apache:
  server:
    modules:
  enable:
    - headers
    - include
    - mpm_prefork
    - ssl
    -‘--mpm_event'


puppet lookup --node $(hostname -f) --merge deep --knock-out-prefix '--' 
profiles

---
webserver:
   apache:
     server:
       modules:
         enable:
         - status
         - headers
         - include
         - mpm_prefork
         - ssl


Not for me. But:

modules:
  enable:
- headers
- include
- --blablabla
- mpm_prefork
- ssl

This knocks out the next item, here 'mpm_prefork':

helmut@puppet:~$ sudo puppet lookup --node h2786452 --merge deep 
--knock-out-prefix '--' profiles.webserver.apache.server.modules

Warning: Undefined variable 'session'; \n   (file & line not available)
---
enable:
- mpm_event
- status
- headers
- include
- ssl
helmut@puppet:~$

modules:
  enable:
- headers
- '--funny'
- include
- --blablabla
- mpm_prefork
- ssl

helmut@puppet:~$ sudo puppet lookup --node h2786452 --merge deep 
--knock-out-prefix '--' profiles.webserver.apache.server.modules

Warning: Undefined variable 'session'; \n   (file & line not available)
---
enable:
- mpm_event
- status
- headers
- ssl
helmut@puppet:~$

modules:
  enable:
- --'abc'
- headers
- '--def'
- include
- --geh
- mpm_prefork
- --ijk
- ssl

helmut@puppet:~$ sudo puppet lookup --node h2786452 --merge deep 
--knock-out-prefix '--' profiles.webserver.apache.server.modules

Warning: Undefined variable 'session'; \n   (file & line not available)
---
enable:
- mpm_event
- status
helmut@puppet:~$

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2a4a50cd-a883-a8a3-5808-6f6fbc56ccda%40gmx.de.

Re: [Puppet Users] Knocking out values

[Helmut Schneider]

Am 09.03.2020 um 16:48 schrieb Becca Robinson:

What version of Puppet?


helmut@h2786452:~$ puppet -V
5.5.18
helmut@h2786452:~$ hiera -V
3.4.6
helmut@h2786452:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.4 LTS
Release:18.04
Codename:   bionic
helmut@h2786452:~$

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r45ooo%24j99%241%40ciao.gmane.io.

Re: [Puppet Users] Knocking out values

[Helmut Schneider]

Am 09.03.2020 um 18:36 schrieb Henrik Lindberg:

On 2020-03-07 17:53, Helmut Schneider wrote:

Why isn't mpm_event being removed?


You are running into this: https://tickets.puppetlabs.com/browse/PUP-7428


What is the preferred way to handle this? Should one write his/her own code?

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r47l8s%24j5o%241%40ciao.gmane.io.

[Puppet Users] Nested interpolation

[Helmut Schneider]

Hi,

I'm using something like this:

netconfig:
  hostname:'BSDHelmut'
  interfaces:
"%{facts.networking.primary}":
  ip4:  &ip4   '192.168.124.35'
  cidr4:&cidr4 '192.168.124.35/24'
  ip4aliases:
- '192.168.124.36/32'
  ip6:  &ip6   'DHCP'

Can I either do something like

- "%{lookup('netconfig.interfaces.%{facts.networking.primary}.ip4.helmut')}"
- "text*{ip4}text"

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r4fkn1%24ngm%241%40ciao.gmane.io.

[Puppet Users] Access variable defined in each {}

[Helmut Schneider]

Hi,

class abc {
  keys($netconfig['interfaces']).each |String $interface| {
if $netconfig['interfaces'][$interface]['ip6'] {
  $myvariable = 'yes'
  break()
}
  }

  if $myvariable == 'yes' {
do something
  }
}

How can I access $myvariable?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r50n62%243pet%241%40ciao.gmane.io.

Re: [Puppet Users] Access variable defined in each {}

[Helmut Schneider]

Am 19.03.2020 um 22:54 schrieb Henrik Lindberg:

On 2020-03-19 22:11, Helmut Schneider wrote:

Hi,

class abc {
   keys($netconfig['interfaces']).each |String $interface| {
     if $netconfig['interfaces'][$interface]['ip6'] {
   $myvariable = 'yes'
   break()
     }
   }

   if $myvariable == 'yes' {
     do something
   }
}

How can I access $myvariable?


No need for a variable or anything - if you do need one do this:

$myvariable = $netconfig['interfaces'].any() |$k, $v| {
$v['ip6'] =~ NotUndef
}

if $myvariable {
# do something
}


Works like a charm.

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/r52292%2412j4%241%40ciao.gmane.io.

[Puppet Users] if ($variable) after upgrade from 5.5 to 6

[Helmut Schneider]

Hi,

helmut@puppet:~$ sudo puppet lookup --node mynode roles
helmut@puppet:~$

Good because does not exist.

class common inherits config {
  include $classes
  if ($roles) {
keys($roles).each |String $role| { <== line9
[...]

Error: Could not retrieve catalog from remote server: Error 500 on 
SERVER: Server Error: Evaluation Error: Error while evaluating a 
Function Call, 'keys' parameter 'hsh' expects a Hash value, got Array 
(file: /etc/puppetlabs/code/modules/common/manifests/init.pp, line: 9, 
column: 5) on node mynode


Why? $roles does not exists so why is keys($roles).each |String $role| { 
executed?


helmut@puppet:~$ puppet -V
6.16.0
helmut@puppet:~$ puppetserver -v
puppetserver version: 6.12.0
helmut@puppet:~$

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rcctn5%242jfi%241%40ciao.gmane.io.

Re: [Puppet Users] if ($variable) after upgrade from 5.5 to 6

[Helmut Schneider]

Am 17.06.2020 um 13:10 schrieb Helmut Schneider:


helmut@puppet:~$ sudo puppet lookup --node mynode roles
helmut@puppet:~$

Good because does not exist.

class common inherits config {
include $classes
if ($roles) {
  keys($roles).each |String $role| { <== line9
[...]

Error: Could not retrieve catalog from remote server: Error 500 on
SERVER: Server Error: Evaluation Error: Error while evaluating a
Function Call, 'keys' parameter 'hsh' expects a Hash value, got Array
(file: /etc/puppetlabs/code/modules/common/manifests/init.pp, line: 9,
column: 5) on node mynode

Why? $roles does not exists so why is keys($roles).each |String $role| {
executed?


I forgot:

  $roles = lookup({
"name" => "roles",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
#  "sort_merged_arrays" => true,
},
#"default_value" => [],
"default_value" => undef,
  })

I had "default_value" => [] active. Anyway, I thought that if 
($variable) is an empty array it also results in 'false'. Can I check if 
an array has elements?


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rccv9s%241ugk%241%40ciao.gmane.io.

Re: [Puppet Users] if ($variable) after upgrade from 5.5 to 6

[Helmut Schneider]

Am 17.06.2020 um 15:01 schrieb 'Dirk Heinrichs' via Puppet Users:

Am Mittwoch, den 17.06.2020, 13:37 +0200 schrieb Helmut Schneider:


Can I check if  an array has elements?


if size($something) > 0 {}


Found $array.empty but thank you.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rci0ho%2437c5%241%40ciao.gmane.io.

[Puppet Users] [augeas] ins before / after

[Helmut Schneider]

Hi,

I want to put values ordered in (here) sshd_config. I tried with 
ins...after but get only errors:


'sshd_config PrintMotd':
  context: '/files/etc/ssh/sshd_config'
  changes:
- 'set PrintMotd yes'
'sshd_config PasswordAuthentication':
  context: '/files/etc/ssh/sshd_config'
  changes:
- 'ins PasswordAuthentication after 
/files/etc/ssh/sshd_config/PrintMotd'

- 'set PasswordAuthentication no'

Error: /Stage[main]/My_sshd/Augeas[/files/etc/ssh/sshd_config: 
sshd_config PasswordAuthentication]: Could not evaluate: Save failed, 
see debug output for details


I want to add an entry "PasswordAuthentication no" after "PrintMotd 
yes". What is the correct syntax?


Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/re7226%24bhj%241%40ciao.gmane.io.

[Puppet Users] Duplicate declaration: Exec

[Helmut Schneider]

Hi,

/etc/puppetlabs/code/modules/amavisd/manifests/init.pp

ensure_resource('exec', '/usr/local/bin/amavisd.sh -sP', {
  path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin',
  refreshonly => true,
  command => 'su -l root -c "/usr/local/bin/amavisd.sh -sP"',
})

One client reports:

Server Error: Could not find resource 'Exec[/usr/local/bin/amavisd.sh 
-sP]' in parameter 'notify' (file: 
/etc/puppetlabs/code/modules/spamassassin/manifests/init.pp, line: 49)


So I add the same block also to 
/etc/puppetlabs/code/modules/spamassassin/manifests/init.pp


But then another client reports:

Server Error: Evaluation Error: Error while evaluating a Function Call, 
Duplicate declaration: Exec[/usr/local/bin/amavisd.sh -sP] is already 
declared at (file: 
/etc/puppetlabs/code/modules/amavisd/manifests/init.pp, line: 26); 
cannot redeclare (file: 
/etc/puppetlabs/code/modules/spamassassin/manifests/init.pp, line: 16)


I thought that "ensure_resource" should avoid such conflicts? Or am I 
doing something wrong?


Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ril76c%24bs8%241%40ciao.gmane.io.

Re: [Puppet Users] inlined-epp with hash

[Helmut Schneider]

Am 10.09.2020 um 08:10 schrieb Andreas Dvorak:


epp file
<%- |
Hash database_conf,
| -%>


Hash $databse_conf

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rjcv5a%24s5t%241%40ciao.gmane.io.

[Puppet Users] Puppet Reports

[Helmut Schneider]

Hi,

as /opt/puppetlabs/server/data/puppetserver/reports/ is filling up, what 
are those reports used for? I read that I can purge them but want to 
understand the purpose of those reports before doing so. I use puppetdb 
if that is important.


Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rpnpfu%24m4r%241%40ciao.gmane.io.

Re: [Puppet Users] Puppet Reports

[Helmut Schneider]

Am 26.11.2020 um 10:19 schrieb 'Dirk Heinrichs' via Puppet Users:

Am Donnerstag, den 26.11.2020, 09:37 +0100 schrieb Helmut Schneider:


as /opt/puppetlabs/server/data/puppetserver/reports/ is filling up, what
are those reports used for?


Errh, for checking what's going on in your environment?


Who does so? A system? A program? Me? If the latter I can disable 
reporting and enable if required?!


I read that I can purge them but want to understand the purpose of 
those reports before doing so. I use puppetdb

if that is important.


Yes, you can purge them after a certain amount of time, a good measure 
would be one or two weeks (maybe you might want to know when things 
started to break). There are also some report processors available out 
there to ease reading. We, for example, use https://theforeman.org 
<https://theforeman.org> for this (it's a bit overkill, I know, but it's 
still the best tool when it comes to visualize Puppet reports).


I used foreman but not anymore. Total overkill.

Are the reports required for puppetdb?

reports = store,puppetdb

Can I remove "store" and puppetdb keeps working?

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rpo12p%24spe%241%40ciao.gmane.io.

Re: [Puppet Users] Puppet Reports

[Helmut Schneider]

Am 26.11.2020 um 12:04 schrieb 'Dirk Heinrichs' via Puppet Users:

Am Donnerstag, den 26.11.2020, 11:46 +0100 schrieb Helmut Schneider:


Am 26.11.2020 um 10:19 schrieb 'Dirk Heinrichs' via Puppet Users:

Am Donnerstag, den 26.11.2020, 09:37 +0100 schrieb Helmut Schneider:

Can I remove "store" and puppetdb keeps working?


Yes. From the documentation:

"By default, Puppet uses the store report processor. You can enable 
other report processors or disable reporting in the reports setting."


Thank you.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rpqimj%24b8t%241%40ciao.gmane.io.

[Puppet Users] Could not retrieve local facts: can't create Thread: Resource temporarily unavailable

[Helmut Schneider]

Hi,

after update of puppet-agent on Ubuntu I get the following error:

Debug: Facter: Query is operatingsystem
Debug: Facter: Checking query tokens operatingsystem
Debug: Facter: List of resolvable facts: 
[#@fact_class=Facts::Linux::Os::Name, @filter_tokens=[], 
@user_query="operatingsystem", @type=:legacy, @file=nil>]

Debug: Facter: Resolving fact in parallel
Debug: Facter: Loading external facts
Debug: Facter: User query is: []
Debug: Facter: Resolving fact in parallel
Error: Could not retrieve local facts: can't create Thread: Resource 
temporarily unavailable
Error: Failed to apply catalog: Could not retrieve local facts: can't 
create Thread: Resource temporarily unavailable

Debug: Resolving service 'report' using Puppet::HTTP::Resolver::Settings

helmut@h2873756:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 18.04.5 LTS
Release:18.04
Codename:   bionic
helmut@h2873756:~$ puppet -V
7.0.0
helmut@h2873756:~$

Any ideas?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rqneve%24slb%241%40ciao.gmane.io.

Re: [Puppet Users] Could not retrieve local facts: can't create Thread: Resource temporarily unavailable

[Helmut Schneider]

Am 08.12.2020 um 13:15 schrieb Bogdan Irimie:

Facter 4 resolves each fact on a separate thread, this can lead to a 
high number of threads being created. Can you please provide the output 
of `cat /proc/sys/kernel/threads-max` on the system where you see this 
issue? Does this happen at every run or sporadically?


helmut@h2873756:~$ cat /proc/sys/kernel/threads-max
3090194
helmut@h2873756:~$

Every time I run puppet.

Please try to run facter from the cli and let me know if you have any 
issues.


helmut@h2873756:~$ facter
Traceback (most recent call last):
14: from /opt/puppetlabs/puppet/bin/facter:10:in `'
13: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/cli/cli_launcher.rb:23:in 
`start'
12: from 
/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/base.rb:485:in 
`start'
11: from 
/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor.rb:392:in 
`dispatch'
10: from 
/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/invocation.rb:127:in 
`invoke_command'
 9: from 
/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/thor-1.0.1/lib/thor/command.rb:27:in 
`run'
 8: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/cli/cli.rb:114:in 
`query'
 7: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter.rb:390:in 
`to_user_output'
 6: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact_manager.rb:25:in 
`resolve_facts'
 5: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:15:in 
`resolve_facts'
 4: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:62:in 
`start_threads'
 3: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:62:in 
`map'
 2: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:63:in 
`block in start_threads'
 1: from 
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:63:in 
`new'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/facter/framework/core/fact/internal/internal_fact_manager.rb:63:in 
`initialize': can't create Thread: Resource temporarily unavailable 
(ThreadError)

helmut@h2873756:~$

You can disable parallel fact resolution with facter.conf 
(https://puppet.com/docs/facter/3.11/configuring_facter.html 
) by adding



global : {

sequential: true

}


That helps, yes.

The system is a VM on OpenVZ. Other machines on Hyper-V and VMWare are 
not affected.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rqo01m%2415p%241%40ciao.gmane.io.

Re: [Puppet Users] Could not retrieve local facts: can't create Thread: Resource temporarily unavailable

[Helmut Schneider]

Am 08.12.2020 um 14:45 schrieb Helmut Schneider:

Am 08.12.2020 um 13:15 schrieb Bogdan Irimie:

Facter 4 resolves each fact on a separate thread, this can lead to a 
high number of threads being created. Can you please provide the output 
of `cat /proc/sys/kernel/threads-max` on the system where you see this 
issue? Does this happen at every run or sporadically?

The system is a VM on OpenVZ. Other machines on Hyper-V and VMWare are
not affected.


facter seems to have an issue anyways:

helmut@h2873756:~$ facter ipaddress

helmut@h2873756:~$ facter networking.primary

helmut@h2873756:~$ facter networking | grep primary
  primary => "aPublicIP"
helmut@h2873756:~$ facter networking.interfaces

helmut@h2873756:~$ facter networking | grep -A100 interfaces
  interfaces => {
lo => {
  bindings => [
{
  ip => "10.0.124.17",
  ip6 => "fe80::cc7a:d052:3220:e442",
  mac => "",
  mtu => 1500,
  netmask => "255.255.255.255",
  netmask6 => ":::::",
  network => "10.0.124.17",
  network6 => "fe80::",
  scope6 => "link"
},
venet0 => {
  bindings => [
{
  address => "127.0.0.1",
  netmask => "255.255.255.255",
  network => "127.0.0.1"
},
{
  address => "aPublicIP",
  netmask => "255.255.255.255",
  network => "aPublicIP"
}
  ],
  bindings6 => [
{
  address => "::2",
  netmask => ":::::::",
  network => "::2"
},
{
  address => "aPublicIP",
  netmask => ":::::::",
  network => "aPublicIP"
}
  ],
  ip => "aPublicIP",
  ip6 => "::2",
  mac => "",
  mtu => 1500,
  netmask => "255.255.255.255",
  netmask6 => ":::::::",
  network => "aPublicIP",
  network6 => "::2",
  scope6 => "compat,global"
}
  },
  primary => "aPublicIP"
}
helmut@h2873756:~$ facter networking.hostname
h2873756
helmut@h2873756:~$

helmut@h2873756:~$ facter -v
4.0.46
helmut@h2873756:~$

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/rqo2n4%248ga%241%40ciao.gmane.io.

[Puppet Users] FIll array in loop

[Helmut Schneider]

Hi,

I need to fill an array in a loop. While I understand variable scoping I 
found some information that it is possible.


https://stackoverflow.com/questions/41041549/puppet-adding-array-elements-in-a-loop/41047623
https://blog.thewatertower.org/2019/04/15/building-or-appending-to-an-array-using-a-lambda-in-puppet/

Unfortunately I'm not able to adapt it to my needs:

$array = []
[1, 2, 3].each |$variable| {
  add $variable to $array
}

Any tips?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/srerjj%24k3l%241%40ciao.gmane.io.

Re: [Puppet Users] FIll array in loop

[Helmut Schneider]

Am 10.01.2022 um 08:04 schrieb 'Dirk Heinrichs' via Puppet Users:

Am Sonntag, dem 09.01.2022 um 15:31 +0100 schrieb Helmut Schneider:


Unfortunately I'm not able to adapt it to my needs:

$array = []
[1, 2, 3].each |$variable| {
  add $variable to $array
}

Any tips?


The first link you posted already has the answer. Puppet variables are 
immutable so you can't create an empty array and then add vaules to it. 
It must be done in one step and, as that answer says, you'll have to use 
the map function, like


$array = [1, 2, 3].map |$var| { $var }

HTH...


I'm afraid I still do not unterstand this correctly:

profiles:
  vpn:
openvpn:
  syslogd:
40-openvpn.conf:
  openvpn:
'*.*':  '/var/log/openvpn.log'

$array = [1].map |$var| {
  keys($profiles).each |$category| {
if $profiles[$category] =~ Hash {
  keys($profiles[$category]).each |$app| {
"$app"
  }
}
  }
}

notify {"Array: $array":}

This returned "vpn" ($category) while I'd expect "openvpn" ($app).

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/srhcb3%2496n%241%40ciao.gmane.io.

Re: [Puppet Users] FIll array in loop

[Helmut Schneider]

Am 10.01.2022 um 15:55 schrieb 'Dirk Heinrichs' via Puppet Users:
> Am Montag, dem 10.01.2022 um 14:29 +0100 schrieb Helmut Schneider:
>
>> I'm afraid I still do not unterstand this correctly:
>>
>> profiles:
>>vpn:
>>  openvpn:
>>syslogd:
>>  40-openvpn.conf:
>>openvpn:
>>  '*.*':  '/var/log/openvpn.log'
>>
>> $array = [1].map |$var| {
>>keys($profiles).each |$category| {
>>  if $profiles[$category] =~ Hash {
>>keys($profiles[$category]).each |$app| {
>>  "$app"
>>}
>>  }
>>}
>> }
>
> Not 100% sure this will be correct, since your "profiles" sample above
> has only one entry, but anyway...
>
> I guess what you'd need to do is
>
> $array = $profiles.map |...| {
>...
> }

Well, yes, it outputs "openvpn" now but at the end of the day I hoped to 
get the "openvpn" key from "40-openvpn.conf" and not from "vpn".


profiles:
  vpn:
openvpn:
  syslogd:
40-openvpn.conf:
  openvpn:
'*.*':  '/var/log/openvpn.log'
  backup:
bacula:
  syslogd:
40-bacula.conf:
  bacula-dir:
'*.*': '/var/log/bacula-dir.log'
  bacula-fd:
'*.*': '/var/log/bacula-fd.log'
  bacula-sd:
'*.*': '/var/log/bacula-sd.log'
  management:
snmpd:
  syslogd:
40-snmpd.conf:
  snmpd:
'*.*':'/var/log/snmpd.log'

I'm looking for a way to get the information of $profiles.*.*.syslogd or 
better $profiles.*.*.syslogd.*. So "openvpn", "bacula-dir", "bacula-fd", 
... into an array / hash / whatever.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/srhnl8%24nf4%241%40ciao.gmane.io.

Re: [Puppet Users] FIll array in loop

[Helmut Schneider]

Am 10.01.2022 um 18:07 schrieb Karsten Heymann:

Hi Helmut,
you could take this as a starting point (untested):

$profile_logging = $profiles.map | $p_name, $p_data | { $p_data.map | 
$s_name, $s_data | { $s_data['syslog'] } }.flatten


p_ is the outer profile layer, s_ is the inner service layer.


$array = keys($profiles).map |$ca_index, $category| {
  keys($profiles[$category]).map |$a_index, $app| {
keys($profiles[$category][$app]).map |$co_index, $config| {
  if $config == "syslogd" {
keys($profiles[$category][$app][$config]).map |$f_index, $file| {
  keys($profiles[$category][$app][$config][$file]).map 
|$p_prog, $prog| {

$prog
  }
}
  }
}
  }
}.flatten

$profile_logging = $array.filter |$index, $entry| {
  $entry =~ NotUndef
}

notify {"profile_logging: $profile_logging":}



Maybe not best code style but works. Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/srmrl4%24tk0%241%40ciao.gmane.io.

[Puppet Users] Nested hiera lookup

[Helmut Schneider]

Hi,

common.yaml:
---
lookup_options:
  paths:
merge:
  strategy:  'deep'
  knockout_prefix:   '--'
  variables:
merge:
  strategy:  'deep'
  knockout_prefix:   '--'
paths:
  logfilePath: '/var/log'
[...]

another.yaml:
lookup_options:
  paths:
merge:
  strategy:  'deep'
  knockout_prefix:   '--'
  variables:
merge:
  strategy:  'deep'
  knockout_prefix:   '--'
variables:
  logFile:  "%{lookup('paths.logfilePath')}/logfile.log"
[...]

Notice: /var/log
Notice: 
/Stage[main]/My_puppet/Logrotate::Include[my_puppet]/Notify[paths 
my_puppet:]/message: defined 'message' as '/var/log'

Notice: /logfile.log
Notice: 
/Stage[main]/My_puppet/Logrotate::Include[my_puppet]/Notify[variables 
my_puppet:]/message: defined 'message' as '/openvpn.log'


Should that work?

helmut@h2873756:~$ puppet -V
7.14.0
helmut@h2873756:~$

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ssudbh%24kou%241%40ciao.gmane.io.

[Puppet Users] Can't knockout value

[Helmut Schneider]

Hi,

my hiera.yaml:

---
version: 5

defaults:
  datadir:   /etc/puppetlabs/code/environments/%{::environment}/hieradata
  data_hash: yaml_data

hierarchy:
  - name:  "Nodes"
path:  "nodes/%{::fqdn}.yaml"
  - name:  "Domains"
globs:
  - "domains/%{::domain}/*.yaml"
  - name:  "Operating Systems"
paths:
  - "%{::operatingsystem}-%{::operatingsystemrelease}.yaml"
  - "%{::operatingsystem}-%{::virtual}.yaml"
  - "%{::operatingsystem}.yaml"
  - "%{::kernel}.yaml"
  - name:  "Roles"
path:  "roles.yaml"
  - name:  "Profiles"
path:  "profiles.yaml"
  - name:  "Applications"
globs:
  - "apps/*.yaml"
  - name:  "Common settings"
path:  "common.yaml"

common.yaml:
---
lookup_options:
  classes:
merge:
  strategy:  'deep'
  knockout_prefix:   '--'
[...]
classes:
  - cron
  - environment_files::common
  - environment_files::%{facts.operatingsystem}
  - logrotate
  - my_facts
  - my_perl
  - my_puppet
  - my_snmpd
  - my_sudo
  - openntpd
  - openssh
  - shell_scripts::install
  - users

config.pp:
[...]
class config {
  $classes = lookup({
"name" => "classes",
"merge" => {
  "strategy" => "deep",
  "knockout_prefix" => "--",
  "sort_merged_arrays" => true,
},
"default_value" => {},
  })
[...]

I'm trying to knockout "opennntpd". This works on CentOS in CentOS.yaml:

---
[...]
classes:
  - --openntpd
  - my_ntpd

but not in Ubuntu-openvzve.yaml:

---
[...]
classes:
  - --openntpd
  - my_ntpd

helmut@puppet:/etc/puppetlabs/code/environments/production/hieradata$ 
sudo grep -ir openntpd .

./common.yaml:  - openntpd
./Ubuntu-openvzve.yaml:  - --openntpd
./CentOS.yaml:  - --openntpd
helmut@puppet:/etc/puppetlabs/code/environments/production/hieradata$

Ubuntu-openvzve.yaml is read successfully, if I enter a bogus value it 
get's evaluated.


helmut@h2873756:~$ facter operatingsystem virtual
operatingsystem => Ubuntu
virtual => openvzve
helmut@h2873756:~$

How can I debug further?

helmut@puppet:~$ puppet -V
7.14.0
helmut@puppet:~$ lsb_release -d
Description:Ubuntu 20.04.4 LTS
helmut@puppet:~$

Thank you!

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/t1hcng%24pfb%241%40ciao.gmane.io.

Re: [Puppet Users] Can't knockout value

[Helmut Schneider]

Am 24.03.2022 um 15:18 schrieb Tim Skirvin:

Helmut Schneider  writes:


paths:
  - "%{::operatingsystem}-%{::operatingsystemrelease}.yaml"
  - "%{::operatingsystem}-%{::virtual}.yaml"
  - "%{::operatingsystem}.yaml"
  - "%{::kernel}.yaml"



I'm trying to knockout "opennntpd". This works on CentOS in CentOS.yaml:


 I've got a very different hiera layout than you, but I've run into
this problem as well, and I also haven't been able to find a good way to
describe it well enough to file a bug about it.  FYI.  I set:

   - name: "zone/role/subrole + common"
 paths:
   - "zones/%{zone}/%{role}/%{subrole}.yaml"
   - "zones/%{zone}/%{role}.yaml"
   - "zones/%{zone}.yaml"
   - common.yaml


Interesting, I changed the order in hiera.yaml to

>> paths:
>>   - "%{::operatingsystem}-%{::operatingsystemrelease}.yaml"
>>   - "%{::operatingsystem}.yaml"
>>   - "%{::kernel}.yaml"

  - "%{::operatingsystem}-%{::virtual}.yaml"


and the value get's knocked out. Unfortunately now values higher in 
hiera.yaml don't. I created a bug report.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/t1k6cn%2416ra%241%40ciao.gmane.io.