Re: [Puppet Users] Chef knife equivalent in puppet
On 2 February 2012 09:25, Nan Liu wrote: > Using the rake task is reasonably straightforward. I'm not finding an > authoritative documentation, but you can use this page as starting > Nan, this has been bugging me for a while - I've raised this as an issue - http://projects.puppetlabs.com/issues/12366 Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Chef knife equivalent in puppet
On 2 February 2012 11:16, Nick Fagerlund wrote: > Like this? > > http://docs.puppetlabs.com/pe/2.0/console_classes_groups.html#rake-api > > It needs a few more tasks added, and then I'll C&P it to the dashboard > manual too. > > Very nice. Thanks! John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Chef knife equivalent in puppet
On 2 February 2012 12:28, Nick Fagerlund wrote: > This is done: > > http://docs.puppetlabs.com/pe/2.0/console_classes_groups.html#rake-api > http://docs.puppetlabs.com/dashboard/manual/1.2/rake_api.html > > Thanks Nick - that's great John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How do I track updates to forge modules?
Is there a way to "watch" modules and be notified if they are updated? I can't see anything obvious in the documentation Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How do I track updates to forge modules?
On 3 February 2012 09:55, John Warburton wrote: > Is there a way to "watch" modules and be notified if they are updated? > > I can't see anything obvious in the documentation > Anyone? Bueller? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How do I track updates to forge modules?
On 11 February 2012 01:15, Kelsey Hightower wrote: > On Feb 2, 5:55 pm, John Warburton wrote: > > Is there a way to "watch" modules and be notified if they are updated? > > > > I can't see anything obvious in the documentation > > Currently there is no easy way to "track" when modules are updated on > the Forge. One way I can think of to track updates to modules, but not > necessarlly releases to the Forge, would be to follow the project on > Github. > > > This also sounds like a really good feature request which can be > opened here: https://projects.puppetlabs.com/projects/module-site > > Thanks Kelsey - raised https://projects.puppetlabs.com/issues/12587 Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How do I quote a percent sign in the text of a template?
Hi I am scratching my head on this not being a ruby person... I am turning my kickstart files into templates, but am having issues with percent signs in free form text. This returns a syntax error: %post OK, fine , let me escape it: %%post No error, but the end result is %%post Not quite what I wanted I'm missing something blindingly obvious - can someone point me to it? :-) Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do I quote a percent sign in the text of a template?
On 9 March 2012 09:58, Garrett Honeycutt wrote:
> On 3/8/12 4:28 PM, John Warburton wrote:
> > I am turning my kickstart files into templates, but am having issues
> > with percent signs in free form text. This returns a syntax error:
> > %post
>
ERB should not have any problems with percent signs in a template. I use
> the following bash function to help me with syntax checking.
>
> # puppet template syntax checking
> function pt()
> {
>if [ -z $1 ]; then
>echo "usage: pt "
>return;
>fi
>/usr/bin/erb -P -x -T '-' $1 | /usr/bin/ruby -c
> }
>
>
Thanks to an off list discussion, my problem was really with a line that
looked like "%post --logfile /root/ks-postinstall.log" and the "-P" in the
pre-commit hook told erb to ignore lines starting with a "%" for checking
I have updated the erb checks in
https://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Version_Controlto
include "-P"
Thanks Garrett
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet eating solaris 10 crontab for lunch
On 14 March 2012 09:16, Romeo Theriault wrote: > Here are the logs the solaris 10 box returns after it's crontab gets > destroyed: > > ERR Puppet Could not prefetch cron provider 'crontab': Could not read > crontab for root: No child processes > NOTICE /Stage[main]/Puppet/Cron[puppet]/ensure created > NOTICE Puppet Finished catalog run in 2.52 seconds > > After this the only thing that exists in the crontab is the entry we > have puppet adding. > > I found this bug: > > http://projects.puppetlabs.com/issues/1672 > > which says there was a fix and it was merged but we're still seeing > this issue... > > puppet agent v. 2.7.9 > facter v. 1.6.5 > > It could be this bug - https://projects.puppetlabs.com/issues/5752 That and https://projects.puppetlabs.com/issues/9854 are keeping me from pushing migrating to 2.7 up my priority list Indeed, there are 5 issues marked Urgent in the 2.7.x bucket John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] stdlib module not working
On 30 March 2012 20:18, Stefan Wiederoder
wrote:
> thanks Eric,
>
> ensure did the trick, now I´m stuck while trying to use a facter variable
> within the line statement:
>
> file_line { "tmpfs entry":
> line => "tmpfs /dev/shmtmpfs size=${kis_tmpfs_size} 0 0",
> path => "/etc/fstab.d/system.fstab",
> ensure => present
> }
>
> maybe it´s better to try validate_string.
>
Per Dan White - you should be using puppet built in resources for the job:
the "host" resource for modifying /etc/hosts and the "mount" resource for
modifying /etc/fstab -
http://docs.puppetlabs.com/references/latest/type.html
I define $tmpfs_size elsewhere
mount{ "/tmp":
ensure => mounted,
device => "tmpfs",
fstype => "tmpfs",
pass=> "0",
dump=> "0",
options => "size=${tmpfs_size}m,mode=1777",
}
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] configuration version variable?
On 7 April 2012 03:12, psychobyte wrote:
> Thanks for the reply Patrick but, I should have been more specific.
>
> I wanted the "puppet configuration version" as in
>
> info: Applying configuration version '1333729957'
>
> So any file that gets manipulated by puppet has it in a header.
>
>
This is a good question - its been on my to do list for a while.
http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter
ok - looks good
% vi local_puppet_info.erb
#
# Puppet server:
modulepath: <%= scope.lookupvar('settings::modulepath') %>
manifest:<%= scope.lookupvar('settings::manifest') %>
manifestdir: <%= scope.lookupvar('settings::manifestdir') %>
config_version: <%= scope.lookupvar('settings::config_version') %>
yields:
#
# Puppet server:
modulepath: /local/file-repo/lab/modules
manifest:/local/file-repo/lab/manifests/site.pp
manifestdir: /local/file-repo/lab/manifests
config_version: cat /local/file-repo/lab/version
Oh noes - well its correct but doesn't return what I really want:
info: Applying configuration version 'lab-r49068'
I suspect Patrick's hiera magic may have the same issue
Any suggestions where we go from here?
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Creating a system module path (starting with Telly)
+1 A couple of requests: - Notifications on module updates: https://projects.puppetlabs.com/issues/12587 - Testing - I'd like to confirm these module paths support environments John On 24 April 2012 07:03, Michael Stahnke wrote: > There was some discussion and concern about moving the Nagios > types/providers out of the core area of Puppet for Telly. We made a > mistake of talking about a point solution to a problem rather than the > vision on where we’d like it to go, and why. We’ve attempted to > outline this a bit more so you can hopefully have a better > understanding of our ideas. As always, feel free to comment and voice > concerns. This isn’t set in stone and at this point is a proposal. > > == The Problem == > > Bundling types and providers into the core of Puppet has a few problems. > > The most important problem is that it ties releases of the types or > providers to releases of core Puppet. That is a pretty slow moving > (for stability) system, and it is also a system where most of the > investment goes into supporting new releases rather than improving > older releases. > > We want to keep our core stable, while allowing the community platform > experts, distro maintainers and other users to enhance the experience > with certain aspects of Puppet without having to wait for the next > major release. > > The secondary problem is that it plays favourites - some platform > types are in core, others are not. Some monitoring systems, or disk > management systems are in core, others are not. That doesn't reflect > the real importance of those types, or that some are more special or > more stable than others - just happenstance of time. > > On the other hand, having Puppet work out of the box is awesome. You > should be able to install Puppet and immediately get started, managing > your platform and generally doing awesome things. > > Puppet with no types, and no providers, is not awesome. It can't do > anything - and "install twenty things, then ..." is not a good > introductory experience. > > == Proposed Solution == > > We want to take some of the great lessons from other platforms - Perl, > Python, and Ruby - and apply them to this problem: > > We are proposing to pull more types and providers out of Puppet, so > they get the benefit of an independent release cycle, and the > advantages of full forge integration. > > We also propose to have a "system" module path: a set of modules that > ship with core Puppet, taken from the forge, and available by default > at install time. They will ensure that Puppet is still awesome out of > the box - but that you can list modules and their versions, and can > update freely. > > We also plan a "vendor" module path, and a "site" module path. Other > platforms have shown the value of this: when distributions package > Puppet, they might want more or different modules to support their > systems better. Allowing them to drop into the vendor module path and > operate in the same way as our system modules makes it easy to use > normal modules in an awesome way. > > Finally, the "site" module path allows for easy deployment of modules > through other packaging systems like yum and apt, internally to > companies and sites that want a different path for versioning modules. > They separate the mutable path used by the local tool and the managed > path for self-packaged modules. > > This seems to offer the best of both worlds: we can take full > advantage of the strengths of modules, but without giving up the > awesomeness of Puppet that does great things out of the box. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
On 8 May 2012 20:00, Derek J. Balling wrote: > > On May 7, 2012, at 12:47 PM, Christopher Wood wrote: > > Wrapper script (similar concept for anywhere with a yaml reader): > > Still have to *write* the YAML files. > > Oh yeah. This is my big motivator sticking with extlookup and not converting to Hiera - anyone in the team can do CSV. But YAML is starting to push well into the dev camp and far away from ops (IMHO) John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 and Hiera
Thanks R.I. & Craig Dunn On 8 May 2012 21:43, R.I.Pienaar wrote: > > If you want the same abilities that CSV has then this would be your YAML: > > sysadmin: y...@your.com > nameservers: [1.2.3.4, 2.3.4.5] > > just that simple, I think this is much clearer than CSV. If people really > are That's great - an easy migration then Cheers John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: Facter 2.0.0rc1 Available
On 16 May 2012 10:15, Matthaus Litteken wrote: > Facter 2.0 is designed to accompany the upcoming Puppet 3.0 release > and has breaking changes from Facter 1.6.x. Facter 2.0 is not > backwards compatible with Puppet 2.6 or 2.7. > Will you be documenting the "breaking changes"? Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-dashboard delayed workers
On 13 July 2011 13:49, Nathan wrote: > Hello > > I have just installed puppet dashboard from git. > > everything seems to load ok except it seems as though background tasks > are not being run. > > You have to start them up yourself. An init script is a good idea to ensure they get started at boot time > According to the code README: > > running: # env CPUS=4 RAILS_ENV=production /.../script/delayed_job -p > dashboard -n $CPUS -m start > > > will start the worker. > > You need to take that example with a grain of salt and do what works for you. For me, on Solaris that invocation silently quit. Maybe it was the "env". This worked for me: % RAILS_ENV=production ./script/delayed_job -p dashboard -n 2 -m start however it seems as though it is not running (or if it is how can I check?) > > "ps" :-) % ps -ef|grep delayed_job puppet 7984 1 0 Jul 03 ? 0:11 ruby ./script/delayed_job -p dashboard -n 2 -m start puppet 7980 1 0 Jul 03 ? 745:31 ruby ./script/delayed_job -p dashboard -n 2 -m start puppet 7979 1 0 Jul 03 ? 0:12 ruby ./script/delayed_job -p dashboard -n 2 -m start puppet 7988 1 0 Jul 03 ? 748:59 ruby ./script/delayed_job -p dashboard -n 2 -m start John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Solaris mount provider question
On 14 July 2011 09:06, Stefan Schulte wrote: > On Wed, Jul 13, 2011 at 02:54:07PM -0700, Aaron Grewell wrote: > > I'm trying to mount multiple swap partitions in Solaris, but I'm not sure > > how to create a working syntax for that. Since the mountpoint for a swap > > partition is '-' adding more than one is going to result in a multiple > > declaration. > > You cannot manage a mountpoint (here "-") twice because puppet uses the > mount point to identify your resource. > (there is an old bug report about your exact same usecase: > http://projects.puppetlabs.com/issues/611) > > That's the problem - Solaris swap entries in vfstab do not have unique names for the mount point - just a "-". I sort of hinted at this in https://projects.puppetlabs.com/issues/6845#note-12 (which Stefan sorted - so he's the guru on this) > Puppet just needs something to identify a resource and for the mounttype > it is the mount point. You probably can use an exec resource like > > Maybe someone else has better ideas? > > I can think of nothing short of modifying the mount provider to accept a different name for the specific case of swap mount entries. Not pretty. Maybe it could be merged into https://projects.puppetlabs.com/issues/7188:-) Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Validating a puppet configuration
On 1 August 2011 15:47, Nikolay Sturm wrote: > * Lars Kellogg-Stedman [2011-07-29]: > > I am trying to place some sanity checks (currently as git pre-commit > > hooks) in our configuration repository to avoid committing invalid > > Puppet configurations. > > This is exactly the use case for cucumber-puppet. It compiles your > Does anyone do this on a large scale? I have 140 manifests managing over 1600 resources. Writing cucumber for all that seems quite burdensome John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet Module Tool version 0.3.4
On 10 August 2011 08:47, James Turnbull wrote: > We've just released version 0.3.4 of the puppet-module tool used to > create and retrieve modules from the Puppet Labs Forge > (http://forge.puppetlabs.com). > > excellent > Will now be installed into your module path as: > > apache > No, actually it won't install into your module path: "This archive is then automatically unpacked into a new directory under your current directory" -- unless you are in your module path So reading the section "Install a module release" it says "You can then add this *module directory* to your Puppet configuration files to use it". My mind went huh? Seems like I'm not the only one ( http://groups.google.com/group/puppet-users/browse_thread/thread/6ae174f50e5f7364 ) After 20 minutes of googling and Mr Google telling me there was a section on the forge in Chapter 8 of Pro Puppet, I read the examples and worked out that I need to install into modulepath as set in my puppetmaster config file modulepath seems to be the key text missing in the instructions & examples. It may be obvious for people who have been doing this, but first timers, its not quite there. So, if I was doing this, I'd have something like: [environment] modulepath = /path/to/environment/modules:/path/to/forge/modules $ cd /path/to/forge/modules $ puppet-module install puppetlabs-lvm [BTW this doesn't sit too well with me - seems to manual. I may end up creating an RPM/pkg for each module to install...] Hope this helps someone out there John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet Module Tool version 0.3.4
On 10 August 2011 11:24, Scott Smith wrote: > How will it know which directory in your modulepath to install it? > That's the point. You need to explicitly cd to the correct modulepath directory first. Per my example at the bottom $ cd /path/to/forge/modules $ puppet-module install puppetlabs-lvm John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
On 16 September 2011 07:32, Douglas Garstang wrote: > Where are people more likely to source external node data from? > > a) By using extlookup, hiera etc within each puppet module to load > data specific to that module, OR > b) Having the external node script source everything at once from, say > a database, and then dump all the variables that the node will ever > need. > Both. The rule we have is: - extlookup - more than one host where we can group data - ENC for one off's -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Hostname fact doesn't handle hostnames with periods
On 8 October 2011 09:26, Adrien Thebo wrote: > You can effectively override a fact by setting the weight, as follows > > Facter.add(:hostname) do > has_weight 200 > setcode do ># your own hostname implementation > end > end > > Now that is something worth knowing. Can this be added to the documentation? I can't see reference to it in http://docs.puppetlabs.com/guides/custom_facts.html or http://projects.puppetlabs.com/projects/1/wiki/Adding_Facts Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] URL too long...
On 12 October 2011 06:52, Matthew Nicholson wrote: > > 414 Request-URI Too Large > > Request-URI Too Large > > Which run just fine. All the clients involved have identical puppet > versions (2.6.7, the master is 2.7.1). I know I can change the URL > > It looks like http://projects.puppetlabs.com/issues/6117. Can you try with a client running 2.7.x as well? John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
On 29 November 2011 01:17, Graham Leggett wrote: > On 27 Nov 2011, at 20:04, Graham Leggett wrote: > > > I have a task to convince puppet and augeas to modify multiple postfix > > files, most specifically /etc/postfix/main.cf and /etc/postifx/ > > acceptdomains.cf (and other LDAP related files), and I'm struggling to > > find out how to do that. I have found examples on how to use augeas to > Graham - the initial allure of Augeas is attractive, but we ended up using puppet's File resource with files and templates. It enabled us to have the files & templates under version control (big win) and gave us the flexibility if we need to change other parts of the config file - you don't end up with an Augeas resource per line of the file! And its much more intuitive at a glance as to what is going on Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Dashboard Questions
n 6 December 2011 11:49, hai wu wrote: > Great! Is there any API to use to retrieve these information from > dashboard database, so that we could generate a nice report via email, > with short and verbose versions for such report? > > API? Unix text tools, perl, ruby, Excel - choose your poison as you can wget the URL from "Export nodes as CSV" on the front page You may want to use my grep in http://projects.puppetlabs.com/issues/7687#note-3 to trim down what you have to deal with John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] accessing client certname in manifests?
On 29 May 2010 09:33, Nigel Kersten wrote:
>
> On Fri, May 28, 2010 at 4:19 PM, James Turnbull
> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Nigel Kersten wrote:
>> > I mentioned we had a custom fact for the client certname in IRC the
>> > other day and someone poked fun at me as it's apparently built in.
>> >
>> > For the life of me I can't work out what variable it is. Anyone know?
>> >
>> > (our certnames bear no relationship to any other attribute, fqdn etc)
>>
>> It is not built-in - someone has misled you young man.
>>
>
> Anyone see any problems with doing it like this?
>
>
> require 'puppet'
>
> Facter.add("certname") do
> setcode do
> Puppet[:config] = "/etc/puppet/puppet.conf"
> Puppet.parse_config
> Puppet[:certname]
> end
> end
>
> This is nice. Can we go the whole hog and provide all configuration
options as facts? Could have a unique name space of something like
CONF_variable --> CONF_certname
For now, I'd like to use Nigel's code to bulk load these options, and it got
me thinking that the configuration file location must be known by the client
as well. How do I get it?
Cheers
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] accessing client certname in manifests?
On 1 June 2010 14:17, James Turnbull wrote: > John Warburton wrote: > > > > This is nice. Can we go the whole hog and provide all configuration > > options as facts? Could have a unique name space of something like > > CONF_variable --> CONF_certname > > I though I logged a feature request for this a while ago but damned if I > can find it now - so feel free to log one. > > I've updated http://projects.puppetlabs.com/issues/3021 to expand its scope. If a new request is needed, I'll do that John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] authenticating new nodes that are created by provisioning
When we create a new node in the node classifier, we also update .../etc/autosign.conf with the node name John On 3 June 2010 14:42, Matthew Delves wrote: > Hey Folks, > I'm looking at doing automated provisioning of new servers and am trying to > integrate puppet into this process. What I'm wondering though is what the > best process for securely registering a new node is. > > At the moment the first time puppet is run I have to then accept the > certificate on the puppetmaster and then run puppet again. > > What I would like to do is accept the certificate automatically, though am > hesitant to do so as then anyone could just register against the > puppetmaster. > > Is there a way to do this securely? > > Thanks, > Matt. > -- > > - > Matthew Delves > System Administrator > Information Systems > Networks & Infrastructure > University of Ballarat > ph: 03 5327 9732 > email: m.del...@ballarat.edu.au > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RHEL-3
You might want to see my post on installing puppet on ESX 3.5 which is RHEL 3 based http://groups.google.com/group/puppet-users/browse_thread/thread/3de6777df0a75ba2/fdfef3e8d8ff0ccd Regards John On 8 June 2010 03:46, Daniel Wittenberg wrote: > I was working on updating some of our RHEL-3 systems, and looks like > putting puppet on there is a little harder due to older libraries, so before > I went and tried retro-fitting these guys I thought I'd see if anyone was > using it with luck there and any tips/tricks I might watch out for? > > Thanks! > Dan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem using the logadm pattern
Hi All I am trying to deploy the Solaris logadm pattern from http://projects.reductivelabs.com/projects/puppet/wiki/Logadm_Patterns. I dropped it in .../lib/puppet/type/logadm.rb However, I am getting an error message: err: Could not run Puppet configuration client: Munging failed for value "puppet" in class backup: Global resource access is deprecated And I have traced it back to line 186 where it set: defaultto "puppet" > But that is where my ruby ability stops. I am comparing against .../lib/puppet/type/file.rb, and that seems to get away with doing this 1) Any ideas on what I need to do to fix the global access? 2) Do I log a ticket to get this type put into the base? 3) Who do I thank for this type? There is no attribution on the Wiki page 4) I can't find this page from the official patterns index - http://projects.puppetlabs.com/projects/puppet/wiki/Patterns - but I can from the Wiki page index http://projects.reductivelabs.com/projects/puppet/wiki/Page_index Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Parsing key/value pairs in ruby
I based my bad first ruby code on http://www.devco.net/archives/2008/04/17/easy_per-machine_custom_facts_ for_puppet.php I just checked the URL, and Volcane admits the code was bad too - so have a look at http://www.devco.net/archives/2008/06/16/rework_of_puppet_facts_for_etcfactstxt.php John On 12 August 2010 14:33, Patrick Mohr wrote: > I'm making a provider for cups and I need to parse a string into arbitrary > key/value pairs. The string looks like this: > > printer-make-and-model='Brother HL-2060 Foomatic/hpijs-pcl5e (recommended)' > printer-state=3 printer-state-change-time=1266621145 > printer-state-reasons=none printer-type=8564756 > > I know almost no ruby. Any advice for what functions or data structures I > want to use? It looks like "split" might be what I want to use for parsing, > but the quoted strings will give me trouble. For the first version, I'm > only using 3 of the values. Do I just want to pull out those manually > instead of parsing the whole string? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Scalability - Centralised Puppet SSL Cert Issues
Hi All I am trying to use the section on Centralised Puppet Infrastructure on the Scaling Puppet page - http://projects.puppetlabs.com/projects/1/wiki/Puppet_Scalability No matter what I do, I always end up with the client contacting a puppet server and rejecting the configuration with a dreaded "certificate verify failed": err: /File[/var/puppet/confdir/var/lib]: Failed to retrieve current state of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet:// engnsvr002.example.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed I have started from completely fresh servers, and repeated this behavior a number of times, with clean puppet configs - you can see a very detailed working below. I am stumped as to what to do next, but suspect a number of things: - the example given was for Mongrel - is Passenger different? - there are a number SSL cert chaining tickets in the issues list My goal is to have any puppet client be able to talk to any puppet server, so that if one.s designated puppet server died, we could repoint its CNAME to another puppet server in another datacentre and the client would continue working as if nothing happened. Does anyone have a working configuration that fits this scenario? Thanks John I have Solaris 10 Update 8 0.25.5 puppeteer, client and server, and Apache 2.2.15 with rack and the following gems: fastthread (1.0.7) passenger (2.2.14) rack (1.1.0) rake (0.8.7) I start with a clean config on my puppeteer: cornadm010# nslookup puppet.example.com Server: 1.2.3.4 Address:4.5.6.7#53 puppet.example.com canonical name = cornadm010.example.com. Name: cornadm010.example.com cornadm010# /opt/local/sbin/puppetmasterd --server puppet.example.com--certname puppet.example.com --certdnsname `uname -n`.example.com:puppet.example.com--genconfig --vardir=/local/puppet/var --confdir=/local/puppet/etc --pluginsync --ssl_client_header=SSL_CLIENT_S_DN --ssl_client_verify_header=SSL_CLIENT_VERIFY --reports store --autosign /local/puppet/etc/autosign.conf --node_terminus exec --external_nodes /local/puppet/bin/node_classifier.pl | sed -e 's/genconfig = true/genconfig = false/' > /local/puppet/etc/puppetmasterd.conf cornadm010# \rm -rf /local/puppet/etc/ssl r...@cornadm010# /opt/local/sbin/puppetmasterd --no-daemonize --verbose --config /local/puppet/etc/puppetmasterd.conf info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list info: Creating a new SSL key for puppet.example.com info: Creating a new SSL certificate request for puppet.example.com notice: puppet.example.com has a waiting certificate request info: authstore: defaulting to no access for puppet.example.com notice: Signed certificate request for puppet.example.com notice: Removing file Puppet::SSL::CertificateRequest puppet.example.com at '/local/puppet/etc/ssl/ca/requests/puppet.example.com.pem' notice: Removing file Puppet::SSL::CertificateRequest puppet.example.com at '/local/puppet/etc/ssl/certificate_requests/puppet.example.com.pem' notice: Starting Puppet server version 0.25.5 r...@engnsvr002# /opt/local/sbin/puppetmasterd --server `uname -n`. example.com --certname `uname -n`.example.com --certdnsname `uname -n`. example.com --genconfig --vardir=/local/puppet/var --confdir=/local/puppet/etc --pluginsync --ssl_client_header=SSL_CLIENT_S_DN --ssl_client_verify_header=SSL_CLIENT_VERIFY --reports store --autosign /local/puppet/etc/autosign.conf --node_terminus exec --external_nodes /local/puppet/bin/node_classifier.pl | sed -e 's/genconfig = true/genconfig = false/' > /local/puppet/etc/puppetmasterd.conf r...@engnsvr002# \rm -rf /local/puppet/etc/ssl r...@engnsvr002# /opt/local/sbin/puppetmasterd --no-daemonize --verbose --config /local/puppet/etc/puppetmasterd.conf info: Creating a new SSL key for ca info: Creating a new SSL certificate request for ca notice: Signed certificate request for ca notice: Rebuilding inventory file info: Creating a new certificate revocation list info: Creating a new SSL key for engnsvr002.example.com info: Creating a new SSL certificate request for engnsvr002.example.com notice: engnsvr002.example.com has a waiting certificate request notice: Signed certificate request for engnsvr002.example.com notice: Removing file Puppet::SSL::CertificateRequest engnsvr002.example.comat '/local/puppet/etc/ssl/ca/requests/engnsvr002.example.com.pem' notice: Removing file Puppet::SSL::CertificateRequest engnsvr002.example.comat '/local/puppet/etc/ssl/certificate_requests/engnsvr002.example.com.pem' notice: Starting Puppet server version 0.25.5 r...@engnsvr002# egrep example.com /tmp/openssl.cnf commonName = engnsvr002.example.com nsCaRevocationUrl = https://puppet.example.
Re: [Puppet Users] Puppet Scalability - Centralised Puppet SSL Cert Issues
Thanks Ohad I have updated the Wiki entry with a warning (where's the tag?) and references to the bugs on certificate chaining I'm not 100% comfortable with a single CA, so would it be possible to do the following: ca_server = puppet-ca.example.com rsync the ssl dir every 5 minutes to puppet-ca2.example.com If puppet-ca dies, I would swing the CNAME over to puppet-ca2.example.com Thanks John On 1 September 2010 16:37, Ohad Levy wrote: > There is an open bug with 0.25.x (and 2.6) which breaks certificate > chaining. > this works well for the 0.24.x series, and I hope that will work again > sometime in the near future with 2.6.x series. > > I would recommend you at the moment to use one machine as the CA, if you > can accept the fact that its a single point of failure for creating new > certificates. > > Ohad > > > On Wed, Sep 1, 2010 at 9:14 AM, Patrick wrote: > >> >> On Aug 31, 2010, at 10:47 PM, John Warburton wrote: >> >> Hi All >> >> I am trying to use the section on Centralised Puppet Infrastructure on the >> Scaling Puppet page - >> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Scalability >> >> No matter what I do, I always end up with the client contacting a puppet >> server and rejecting the configuration with a dreaded "certificate verify >> failed": >> >> err: /File[/var/puppet/confdir/var/lib]: Failed to retrieve current state >> of resource: SSL_connect returned=1 errno=0 state=SSLv3 read server >> certificate B: certificate verify failed Could not retrieve file metadata >> for puppet://engnsvr002.example.com/plugins: SSL_connect returned=1 >> errno=0 state=SSLv3 read server certificate B: certificate verify failed >> >> I have started from completely fresh servers, and repeated this behavior a >> number of times, with clean puppet configs - you can see a very detailed >> working below. >> >> I am stumped as to what to do next, but suspect a number of things: >> - the example given was for Mongrel - is Passenger different? >> - there are a number SSL cert chaining tickets in the issues list >> >> My goal is to have any puppet client be able to talk to any puppet server, >> so that if one.s designated puppet server died, we could repoint its CNAME >> to another puppet server in another datacentre and the client would continue >> working as if nothing happened. Does anyone have a working configuration >> that fits this scenario? >> >> >> I've done it 2 ways. >> 1) Just copy the ca folder to the other servers. (Warning, breaks >> certificate revocation because of duplicate serial numbers) >> 2) Use one server as the ca for everything, but have local servers for >> everything else. (Not as much reliability, but close. You can't sign when >> the ca goes down, but everything else works.) >> >> I have tried using that method, but I've had horrible luck and didn't >> manage to make it work. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: can checksum be set to none on a file if content is defined?
I'm getting this too on 0.25.5 when a file does not yet exist, and when I
don't care about about md5 changes *after* the file has been created by
puppet
Like John, I don't particularly care when the checksum changes, and don't
want it to appear in my noop reports
It is unclear from the 2.6.x release notes on how checksum has been reworked
if this has been resolved. Anyone have some experience with this?
Thanks
John
err: //ssl_keys/File[/local/puppet/etc/ssl/ca/inventory.txt]/ensure: change
from absent to file failed: Could not set file on ensure: undefined method
`none' for # at
/local/file-repo/lab/modules/puppet_server/manifests/ssl_keys.pp:66
file {"/local/puppet/etc/ssl/ca/inventory.txt":
owner => puppet,
group => puppet,
mode=> 644,
# this is to only initialise the file if it doesn't exist
# Once it does, the CA will be updating the file
replace => false,
checksum => none,
source =>
"puppet:///modules/puppet_server/local/puppet/etc/ssl/ca/inventory.txt",
require => File['/local/puppet/etc/ssl/ca'],
}
On 28 August 2010 06:43, John Lyman wrote:
> That is the behavior I want, and I am actually using "replace =>
> false" (though I didn't in my example). My only problem is that I
> have nodes that run in noop mode, and even though the file doesn't
> change, they will complain that the checksum has changed eventually.
> I think puppet "forgets" the checksum after a while, because the nodes
> all start complaining at the same time. If the behavior I want is not
> possible, I will just turn off reporting for that resource.
>
> On Aug 27, 2:53 pm, Dan Bode wrote:
> > On Fri, Aug 27, 2010 at 11:49 AM, Patrick wrote:
> >
> > > On Aug 27, 2010, at 7:07 AM, John Lyman wrote:
> >
> > > > On a file resource, if the content parameter is set and checksum is
> > > > set to none, I am getting "Parameter content failed: Munging
> > > > failed..."
> >
> > > > This appears to be a bug, but maybe I missed something in the
> > > > documentation and it isn't supposed to work.
> >
> > > > cat test.pp
> > > > file { "/tmp/foo":
> > > >checksum => none,
> > > >content => "this is foo\n",
> > > > }
> >
> > > > puppet test.pp --debug
> > > > debug: Failed to load library 'selinux' for feature 'selinux'
> > > > Parameter content failed: Munging failed for value "this is foo\n" in
> > > > class content: undefined method `none' for
> > > > #
> >
> > > What are you trying to do? You want it to create the file with that
> > > content if the file doesn't exist, but not change the file if the file
> > > exists but doesn't match?
> >
> > if this is the behavior you want, try
> >
> > replace => false
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to puppet-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscr...@googlegroups.com
>
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Making edits to /etc/system on Solaris
Hi All Just wondering what everyone else does when editing /etc/system on Solaris It is on the Augeas To Do list (http://augeas.net/page/Augeas_on_Solaris) - has anyone tried a lens for it? I tried to start but the file format is almost free form and there would always be an exception causing the parse to fail So, apart from http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns, I don't see any other solution Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Making edits to /etc/system on Solaris
I may not go down that path, but you've triggered something in my head - why don't I use concat file? http://www.devco.net/archives/2010/03/12/puppet_concat_20100312.php If there isn't anything more elegant, I'll use concat Thanks for the different viewing angle :-) John On 14 September 2010 15:03, Brian Gallew wrote: > I've basically ended up with one /etc/system to rule them all (and in the > darkness bind them?). Fortunately for me, my systems are large enough to > support this and there have been no conflicting requirements. I'm sure I'm > losing some tiny bit of performance and memory, but I really can't work up > enough concern to do anything about it. > > On Mon, Sep 13, 2010 at 5:29 PM, John Warburton wrote: > >> Hi All >> >> Just wondering what everyone else does when editing /etc/system on Solaris >> >> It is on the Augeas To Do list (http://augeas.net/page/Augeas_on_Solaris) >> - has anyone tried a lens for it? I tried to start but the file format is >> almost free form and there would always be an exception causing the parse to >> fail >> >> So, apart from >> http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns, I >> don't see any other solution >> >> Thanks >> >> John >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Can I access data structure internal to providers
Hi I would like to be able to access the hash "info2hash" in lib/puppet/provider/package/sun.rb which is a list of all Solaris packages on a Sun server Is it possible to query this so that I don't have to run "pkginfo -l" myself, and probably create a fact for each package with its version number? My Ruby is basic, so I'm not quite sure how to read providers. What I am trying to do is have my own Solaris package provider that is versionable without having to resort to supporting Blastwave/Sunfreeware like external scripts. The last comment for the "update" definition doesn't make me comfortable "This will probably often fail" Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can I access data structure internal to providers
Hi Nigel On 18 September 2010 01:41, Nigel Kersten wrote: > On Fri, Sep 17, 2010 at 4:32 AM, John Warburton > wrote: > > Hi > > > > I would like to be able to access the hash "info2hash" in > > lib/puppet/provider/package/sun.rb which is a list of all Solaris > packages > > on a Sun server > > > > It sounds like you want to subclass the provider yourself so you get > that hash/method for free. > > I'm not really sure what that means, which might be my original problem. Does this mean editing/changing sun.rb or creating my own mysun.rb and somehow inherit sun.rb and all its goodies? Do you have any pointers where I can up to speed with this sort of thing? Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can I access data structure internal to providers
Thanks Nigel I'm slowly digesting this whilst quickly learning my next step of ruby John On 20 September 2010 01:21, Nigel Kersten wrote: > On Sun, Sep 19, 2010 at 5:41 AM, John Warburton > wrote: > > Hi Nigel > > > > On 18 September 2010 01:41, Nigel Kersten > wrote: > >> > >> On Fri, Sep 17, 2010 at 4:32 AM, John Warburton > >> wrote: > >> > Hi > >> > > >> > I would like to be able to access the hash "info2hash" in > >> > lib/puppet/provider/package/sun.rb which is a list of all Solaris > >> > packages > >> > on a Sun server > >> > > >> > >> It sounds like you want to subclass the provider yourself so you get > >> that hash/method for free. > >> > > I'm not really sure what that means, which might be my original problem. > > Does this mean editing/changing sun.rb or creating my own mysun.rb and > > somehow inherit sun.rb and all its goodies? > > > > Do you have any pointers where I can up to speed with this sort of thing? > > I mean the latter, inheritance. > > I would probably have a look at the apt* providers and how they > inherit from the dpkg provider? > > > > > > Thanks > > > > John > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > . > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] noop "Out of sync" reporting
Hi All I am looking to report on all servers that are "Out of sync". Currently we run puppet in noop mode hourly, and so we get reports saying there are X resources Out of sync. Unfortunately, because it is a noop, puppet reports those X resources out of date as successfully applied, which makes Puppet Dashboard (downloaded the HEAD this morning) think that everything is good and green, which isn't what I was hoping for. - - !ruby/sym applied - Applied - 12 - - !ruby/sym out_of_sync - Out of sync - 12 How do others report on "Out of sync", and will/does Dashboard (or Foreman) support reporting noop Out of sync as an warning? My google, and reading of issues/roadmaps were not illuminating Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] noop "Out of sync" reporting
Thanks Dan The subject line to Feature #3535 wasn't obvious that was what I was looking for. I have updated the feature with my reasons we need an out of sync report Regards John On 27 September 2010 07:31, Dan Bode wrote: > Hi John, > > On Tue, Sep 21, 2010 at 10:44 PM, John Warburton wrote: > >> Hi All >> >> I am looking to report on all servers that are "Out of sync". >> >> Currently we run puppet in noop mode hourly, and so we get reports saying >> there are X resources Out of sync. >> > > > > >> Unfortunately, because it is a noop, puppet reports those X resources out >> of date as successfully applied, which makes Puppet Dashboard (downloaded >> the HEAD this morning) think that everything is good and green, which isn't >> what I was hoping for. >> >> - - !ruby/sym applied >> - Applied >> - 12 >> - - !ruby/sym out_of_sync >> - Out of sync >> - 12 >> >> How do others report on "Out of sync", and will/does Dashboard (or >> Foreman) support reporting noop Out of sync as an warning? My google, and >> reading of issues/roadmaps were not illuminating >> > > A ticket already exists for this feature. It may be worth noting that a > differentiation between applied changes as opposed to reported changes (with > noop) would be useful. > > http://projects.puppetlabs.com/issues/3535 > > > >> Thanks >> >> John >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] noop "Out of sync" reporting
On 27 September 2010 13:09, James Turnbull wrote: > > Have you also seen the pseudo-Tripwire audit capability introduced in > 2.6.0? > > http://www.puppetlabs.com/blog/all-about-auditing-with-puppet/ > > That might interest too. > > Thanks James No - I haven't seen the audit capability - but it looks like what I am needing. It isn't mentioned in the Release Notes. Should I be looking somewhere else? Cheers John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] mount type attempting remount when ensure => present
Hi All
I am not sure if I am doing this right, or just meeting some Solaris
specific thing that hasn't been catered for.
Solaris 10, with puppet 0.25.5, and trying to manage /tmp. Note that /tmp
can't be remounted on a live system (
http://wikis.sun.com/display/BigAdmin/Talking+about+RAM+disks+in+the+Solaris+OS
)
mount{ "/tmp":
atboot => "yes",
device => "swap",
ensure => present,
pass=> "-",
fstype => "tmpfs",
options => "size=4096m",
}
Changes /etc/vfstab as expected, but yields this error:
err: //solaris/Mount[/tmp]/ensure: change from mounted to present failed:
Execution of '/usr/sbin/umount /tmp' returned 1: umount: /tmp busy
notice: //solaris/Mount[/tmp]: Refreshing self
info: Mount[/tmp](provider=parsed): Remounting
err: //solaris/Mount[/tmp]: Failed to call refresh on Mount[/tmp]: Execution
of '/usr/sbin/umount /tmp' returned 1: umount: /tmp busy
Seems that ensure => present (Set to present to add to fstab but not change
mount/unmount status) is being overridden by the fact the provider is deemed
refreshable.
I've had a look lib/puppet/type/mount.rb &
lib/puppet/provider/mount/parsed.rb and it isn't obvious how I can change
the provider to something that isn't refreshable.
I suspect this may end up as a feature request to turn off refreshable for
Solaris tmpfs fstypes
Thanks
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] mount type attempting remount when ensure => present
I'll file a bug On 1 October 2010 05:01, Nigel Kersten wrote: > On Thu, Sep 30, 2010 at 11:13 AM, Rob McBroom > wrote: > > On Sep 30, 2010, at 12:37 PM, Nigel Kersten wrote: > > > >>> I noticed similar behaviour in Linux, with catastrophic results. > >>> Ensure => present apparently always means "in fstab, but not mounted", > >>> which not only doesn't make much sense to me, but led me to never use > >>> any ensure setting besides "mounted". > >> > >> Anyone bug reported this yet? > > > > According to the documentation, that's how `ensure => present` is > supposed to work, though I can't imagine the use case for “put it in fstab > but make sure it's never mounted”. I would love it if that behavior were > changed to just “put it in fstab”. Then I could actually use it. :) > > It's perfectly reasonable to bug report something you think is broken, > even if it is consistent with provided documentation :) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] mount type attempting remount when ensure => present
http://projects.puppetlabs.com/issues/4904 Can Felix & Rob update the ticket with your use cases and requests? Thanks John On 1 October 2010 09:01, John Warburton wrote: > I'll file a bug > > > On 1 October 2010 05:01, Nigel Kersten wrote: > >> On Thu, Sep 30, 2010 at 11:13 AM, Rob McBroom >> wrote: >> > On Sep 30, 2010, at 12:37 PM, Nigel Kersten wrote: >> > >> >>> I noticed similar behaviour in Linux, with catastrophic results. >> >>> Ensure => present apparently always means "in fstab, but not mounted", >> >>> which not only doesn't make much sense to me, but led me to never use >> >>> any ensure setting besides "mounted". >> >> >> >> Anyone bug reported this yet? >> > >> > According to the documentation, that's how `ensure => present` is >> supposed to work, though I can't imagine the use case for “put it in fstab >> but make sure it's never mounted”. I would love it if that behavior were >> changed to just “put it in fstab”. Then I could actually use it. :) >> >> It's perfectly reasonable to bug report something you think is broken, >> even if it is consistent with provided documentation :) >> >> -- >> > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Checking and setting svc properties in Solaris
If you own the manifest already, you can set properties there
Otherwise, you can do what we do and use an exec - not efficient, but it
works
exec { 'syslog_remote':
command => "svccfg -s svc:/system/system-log setprop
config/log_from_remote = $syslog_from_remote \
|| { svccfg -s svc:/system/system-log addpg config application;
svccfg -s svc:/system/system-log setprop config/log_from_remote = boolean:
$syslog_from_remote; }",
unless => "svccfg -s svc:/system/system-log listprop
config/log_from_remote 2>&1 | grep \"^config/log_from_remote * boolean *
$syslog_from_remote\"",
notify => Service['syslogd'],
path=> '/usr/sbin:/bin:/usr/bin',
}
John
On 7 October 2010 08:21, Philip Brown wrote:
> Hello folks,
> I've been looking into how I might check (and possibly set) svc
> properties via puppet.
> The closest I've found, is the provider/service/smf stuff.
> However, that seems to only allow enabling and disabling of services.
> NOT of configuring properties.
>
> Is there some way I dont know of, how to do that?
>
> If not, and I need to write something... under which module/plugin/
> whatever should I attempt to write one?
>
> To give an example of what I want to do:
>
>
> 1. Check if
> `svcprop -p defaults/tcp_wrappers inetd` == true
>
>
> 2. If NOT.. either complain loudly, or automatically fix it.
>
> It isn't exactly a service... it's a configuration, or property,
> associated with a service.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Checking and setting svc properties in Solaris
Hi Philip
1. The snippet came from our security module in a "jass" class, which our
Solaris servers include:
class security {
case $operatingsystem {
Solaris: {
include jass
All our servers include the security module, set in the node classifier
(equiv to site.pp).
http://projects.puppetlabs.com/projects/puppet/wiki/External_Nodes
2. Notify is to tell the syslogd service to be restarted by puppet, as
something has changed.
http://docs.puppetlabs.com/references/latest/metaparameter.html
All puppet runs will log to where you tell it to. We simply capture stdout
as we run puppet on clients in a shell script wrapper from cron. The results
are also logged back to the puppet server
3. "Owning" the manifest - sorry I was loose with my terms. I meant the SMF
XML manifest. If you own that, ie it isn't a system XML manifest and have it
fully under puppet control, then maybe that would be a better place to
manage properties. We do that with our home compiled apache and sshd
If you want to be able to have different properties on different classes of
hosts, you can use templates when managing the XML file in puppet
If you want to be able to switch properties on/off at will on the same
server, that functionality isn't in the puppet SMF handler (yet). You can
"watch" http://projects.puppetlabs.com/issues/4144 to show more people than
me are interested...
Regards
John
On 8 October 2010 03:10, Philip Brown wrote:
>
>
> On Oct 6, 4:53 pm, John Warburton wrote:
> > If you own the manifest already, you can set properties there
> >
> > Otherwise, you can do what we do and use an exec - not efficient, but it
> > works
> >
>
> Hmm.
>
> Interesting.
>
> Disclaimer: I'm a puppet newbie. So two followup questions:
> 1. Where does the snippet below belong. Does that go straight into
> site.pp?
>
> 2. Does it log something if a change was needed?
>
> Does the "notify" bit handle that?
>
> (i also dont understand the bit about owning the manifest. if you are
> referring to "manifests/site.pp", then where ELSE do you put it? :-/ )
>
>
> > exec { 'syslog_remote':
> > command => "svccfg -s svc:/system/system-log setprop
> > config/log_from_remote = $syslog_from_remote \
> > || { svccfg -s svc:/system/system-log addpg config
> application;
> > svccfg -s svc:/system/system-log setprop config/log_from_remote =
> boolean:
> > $syslog_from_remote; }",
> > unless => "svccfg -s svc:/system/system-log listprop
> > config/log_from_remote 2>&1 | grep \"^config/log_from_remote * boolean *
> > $syslog_from_remote\"",
> > notify => Service['syslogd'],
> > path=> '/usr/sbin:/bin:/usr/bin',
> > }
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] serialized or limited parallelism
Philip
There are a couple of ways:
If your clients run puppetd in daemon mode, then look in the client
configuration file at:
splay = true
splaylimit = 1800
We run our puppet clients as a wrapper from cron and make use of the
function which randomises a number based on fqdn (and other options if you
want)
cron {"puppet client hourly noop":
user=> root,
minute => fqdn_rand(60, "noop"),
command => "puppet_wrapper_script.sh",
}
Regards
John
On 12 October 2010 08:09, Philip Brown wrote:
> I've been poking around the web docs, and dont see an answer to this
> yet:
>
> Is there any pre-existing functionality in puppet, to allow limiting
> parallelism?
>
> Example:
> Lets say that I want all machines to run some sort of job, that
> updates a central database with information about the state of each
> puppet client.
>
> Lets also say, that I have 1000 machines, so if all of them decide to
> do it at the exact same time, it would be a Bad Thing.
> So I ideally would like some kind of puppet mechanism that says,
> "run this script... but only if there are less than 10 other machines
> doing the same thing at this particular moment)"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
John Warburton
Ph: 0417 299 600
Email: jwarbur...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.3 - Release Candidate 1 available!
Hi James Is there an ETA for the full release of 2.6.3? For what it is worth, I have been running 2.6.3rc1 for almost 13 days on Solaris 10 U8 & U9 as server and clients. Server is running passenger 2.2.14 with clients and servers weighing in at managing between 500 & 780 resources depending on class chosen. No incidents! Cheers John On 14 October 2010 16:02, James Turnbull wrote: > All too quickly we're back with a maintenance release: 2.6.3. This > release addresses some issues in the 2.6.2 release. > > 2.6.3 is a maintenance release in the 2.6.x branch and it contains only > bug fixes and no new features or other changes. > > The release candidate is available for download at: > > http://puppetlabs.com/downloads/puppet/puppet-2.6.3rc1.tar.gz > > Please note that all final releases of Puppet are signed with the > Puppet Labs key. > > See the Verifying Puppet Download section at > http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet > > Please test this release candidate and report feedback via the > Puppet Labs Redmine site: > > http://projects.puppetlabs.com > > Please select an affected version of 2.6.3rc1. > > CHANGELOG > 3c56705 Fix for #4832 -- Making PSON handle arbitrary binary data > e232770 Minimal fix for #4975 -- only call chage when managing password > age rules > a090e86 Fix for #4963 -- Use correct commands for password expiry on > solaris > > Regards > > James Turnbull > > -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] require service started at another node
On 29 October 2010 22:56, Leonko wrote: > Hello, > Anybody now how make with puppet dependence on other service on > another node? > > You could try looking at it like an application control problem and use tools that sit on top of puppet - like ControlTier - http://blog.controltier.com/2009/04/new-whitepaper-achieving-fully.html john -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.3 - Release Candidate 1 available!
On 28 October 2010 02:06, James Turnbull wrote: > John Warburton wrote: > >> Hi James >> >> Is there an ETA for the full release of 2.6.3? >> >> For what it is worth, I have been running 2.6.3rc1 for almost 13 days on >> Solaris 10 U8 & U9 as server and clients. Server is running passenger >> 2.2.14 with clients and servers weighing in at managing between 500 & >> 780 resources depending on class chosen. No incidents! >> >> > Thanks for testing! That's a great data point. We're finalising an rc2 > with some minor updates and then hopefully the release shortly after that! > Oh dear. I just realised I had been doing my testing on clients that were "upgraded" from 0.25.5 and not a fresh 2.6.x install I seem to have hit http://projects.puppetlabs.com/issues/4867 with 2.6.3rc2 when trying to build a "puppet server", but not any other class of server. I have updated the issue with my debugging John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.6.3 - Release Candidate 1 available!
On 4 November 2010 08:47, James Turnbull wrote: > There is a trial patch available if you could try that: > > http://projects.puppetlabs.com/issues/4867 > > Thanks James - tried and still failing. Ticket updated John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] certdnsnames question
Hi All Apologies if this is obvious, but I'm a bit flaky around SSL certificates. NB puppet version 0.25.5 We use the brilliant feature of certificates where you can have Alternate DNS names for a certificate which is manifested in the puppet master config file as certdnsnames. All our clients connect to puppet-$ location.example.com, and if $location is down, we can point the CNAME to another puppet server which has the original puppet-$location in the puppet servers certificate. All puppet servers get the same certificate When we bring on a new DC, we just update the puppet hostcert certificates and send out via puppet. Worked nicely in test, but the first time I do it in real life, it doesn't quite work that way. Lets see how this works 1. Set all host certs to be the same file in puppet master config hostcert = /local/puppet/etc/ssl/certs/puppet.example.com.pem 2. Generate a new cert /opt/local/sbin/puppetca --config /local/puppet/etc/puppetca.conf --generate --certdnsnames puppet.bfm.com:puppet-ca.bfm.com:puppet-ca2.bfm.com: puppet-lab.bfm.com:puppet-svn.bfm.com:puppet-del.bfm.com:puppet-ndh.bfm.com: puppet-prn.bfm.com:puppet-nyc.bfm.com:puppet-smw.bfm.com:puppet-tkm.bfm.com: puppet-ewd.bfm.com:puppet-lva.bfm.com:puppet-rmc.bfm.com:puppet-rdc.bfm.com: puppet-sfo.bfm.com puppet.bfm.com 3. Confirm we have all our DNS names in the alternate DNS names: openssl x509 -text -noout -in /local/puppet/etc/ssl/certs/puppet.example.com.pem | grep DNS DNS:puppet.example.com, DNS:puppet-ca.example.com, DNS: puppet-ca2.example.com, DNS:puppet-lab.example.com, DNS: puppet-svn.example.com, DNS:puppet-del.example.com, DNS: puppet-ndh.example.com, DNS:puppet-prn.example.com, DNS: puppet-nyc.example.com, DNS:puppet-smw.example.com, DNS: puppet-tkm.example.com, DNS:puppet-ewd.example.com, DNS: puppet-lva.example.com, DNS:puppet-rmc.example.com, DNS: puppet-rdc.example.com, DNS:puppet-sfo.example.com, DNS:puppet.example.com 4. Make sure puppet daemon (running via passenger) also has the correct alternate names: echo "" | openssl s_client -connect engncfm001:8140 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -text | grep DNS: DNS:puppet.example.com, DNS:puppet-ca.example.com, DNS: puppet-ca2.example.com, DNS:puppet-lab.example.com, DNS: puppet-svn.example.com, DNS:puppet-del.example.com, DNS: puppet-ndh.example.com, DNS:puppet-prn.example.com, DNS: puppet-nyc.example.com, DNS:puppet-smw.example.com, DNS: puppet-tkm.example.com, DNS:puppet-ewd.example.com, DNS: puppet-lva.example.com, DNS:puppet-rmc.example.com, DNS: puppet-rdc.example.com, DNS:puppet-sfo.example.com, DNS:puppet.example.com 5. Hurrah. Now the interesting thing is that a new data centre we are bringing online had its location mae changed from ewe to ewd. No matter - as you can see above I have updated the cert. 6. However, when we build a new server, and we check the cert on the puppet server from the client for DNS alternative names openssl x509 -text -noout -in /local/puppet/etc/ssl/ca/signed/engnjmp002.example.com.pem | grep DNS DNS:puppet.example.com, DNS:puppet-ca.example.com, DNS: puppet-ca2.example.com, DNS:puppet-lab.example.com, DNS: puppet-del.example.com, DNS:puppet-ndh.example.com, DNS: puppet-prn.example.com, DNS:puppet-nyc.example.com, DNS: puppet-smw.example.com, DNS:puppet-tkm.example.com, DNS: puppet-wew.example.com, DNS:puppet-lva.example.com, DNS: puppet-rmc.example.com, DNS:puppet-rdc.example.com, DNS: puppet-sfo.example.com, DNS:engnjmp002.example.com That's not right - puppet-wew not puppet-ewd, and puppet-svn is missing. How can this be as I checked openssl talking to puppet? It seems that the client's certificate is being signed with a CNAME list from the "certdnsnames" entry in the puppetmaster config file. I can mess around with that and confirm it is that entry which modifies the clients Alternate Names entry. I **assumed** the client certificate would be signed against the server's certificate file. So, now, I update certdnsnames with exactly what is in the hostcert and things are OK, and I just need to update my documentation to include that step, but I found it odd. Should I find that odd, or am I missing something? Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem using the logadm pattern
I got a reply from Adam (windowsref...@gmail.com) that is a good enough workaround until I can sit down and understand the type From: windows refund > To: John Warburton > > Hello John, > > I just worked around it by commenting out the problematic line in the > logadm.rb file and setting backup => false when I call the type. > > Best, > Adam > > On 30 June 2010 17:09, John Warburton wrote: > Hi All > > I am trying to deploy the Solaris logadm pattern from > http://projects.reductivelabs.com/projects/puppet/wiki/Logadm_Patterns. I > dropped it in .../lib/puppet/type/logadm.rb > > However, I am getting an error message: > > err: Could not run Puppet configuration client: Munging failed for value > "puppet" in class backup: Global resource access is deprecated > > And I have traced it back to line 186 where it set: > > defaultto "puppet" >> > > But that is where my ruby ability stops. I am comparing against > .../lib/puppet/type/file.rb, and that seems to get away with doing this > > 1) Any ideas on what I need to do to fix the global access? > > 2) Do I log a ticket to get this type put into the base? > > 3) Who do I thank for this type? There is no attribution on the Wiki page > > 4) I can't find this page from the official patterns index - > http://projects.puppetlabs.com/projects/puppet/wiki/Patterns - but I can > from the Wiki page index > http://projects.reductivelabs.com/projects/puppet/wiki/Page_index > > Thanks > > John > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple CA / Puppet master environment
I rsync my ssl dir from CNAMES puppet-ca.example.com to puppet-ca2.example.com every 5 mins All clients configuration is set up such that ca_server = puppet-ca.example.com If puppet-ca goes down, I swing the pppet-ca CNAME to the puppet-ca2 server Note that to make this work I use the same single cert for all puppet servers and use certdnsnames to include puppet-ca & puppet-ca2 and every CNAME for every puppet server in the organisation As for storedconfigs - I'm not there yet, but thought I'd have MySQL point to the one server. All the warnings about queuing and the like has pushed the priority down for me John On 18 November 2010 08:29, Scott Smith wrote: > nfs mount the puppetmaster ssl dir. seperate puppetca (set on clients) play > with it and you'll figure it out :) > On Nov 11, 2010 9:18 AM, "luke.bigum" wrote: > > Hi, > > > > Does anyone know if this document is up to date (besides the comment > > at the top saying it's not): > > > > > http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities > > > > Or does anyone who has a load balanced multi puppet master with some > > kind of shared CA confirm that the procedure is accurate? > > > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Can't get plugins in modules with environments to work in 2.6
Hi All I'm quite prepared to acknowledge I've missed the bleeding obvious here, but I just can't see. Hence the post I am getting the exact same errors as issue 4409 ( http://projects.puppetlabs.com/issues/4409) when trying to use a type in a module in an environment When the type is in /modules/testmodule/lib/puppet/type, I get this error message: err: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type logadm at /tmp/puppet26/environments/prod/modules/testmodule/manifests/init.pp:15 on node corwadm010.bfm.com When I copy it to $libdir/puppet/type on the server - it works, which ignores the environments :-( I have updated http://projects.puppetlabs.com/issues/4409 with my test case - fresh independent 2.6.3 install - config files, client & server debug output (from Markus Robert's diagnostic patch) in http://projects.puppetlabs.com/attachments/1227/issue4409.txt I am sure I am missing something - as http://projects.puppetlabs.com/issues/1175 says it was all fixed for 2.6 Thanks for any pointers Regards John References: http://docs.puppetlabs.com/guides/custom_types.html http://docs.puppetlabs.com/guides/environment.html http://docs.puppetlabs.com/guides/plugins_in_modules.html http://projects.puppetlabs.com/issues/1175 http://projects.puppetlabs.com/issues/4409 https://github.com/MarkusQ/puppet/tree/ticket/2.6.x/4409 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] config settings for environments
I am guessing this feature request didn't get submitted (well not on keyword config_version), and I just hit it The way I do it is that my config_version script shells out a call to the node classifier (I'm one of the lucky ones who has one!) and greps for the environment I have filed http://projects.puppetlabs.com/issues/5404 John On 14 March 2010 04:10, Alan Barrett wrote: > On Wed, 10 Mar 2010, Rob McBroom wrote: > > Hello. The documentation on using multiple environments says there are > > only a couple of settings that make sense per-environment (modulepath, > > templatedir, manifest) but it=??s not clear to me whether or not those > > are the only ones supported. > > I believe that those three are the only variables that may > be changed per environment. > > > Specifically, I=??m trying to set config_version. Each of my > > environments are clones of the same git repo at different points in > > its history, so using git to determine a config_version should yield > > different results in different environments. > > Sorry, you are out of luck. I suggest filing a feature request for the > environment name and/or other relevant variables to be passed to the > config_version script. > > --apb (Alan Barrett) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple CA / Puppet master environment
t; > >> >> You received this message because you are subscribed to the Google > > >> >> Groups > > >> >> "Puppet Users" group. > > >> >> To post to this group, send email to puppet-users@googlegroups.com > . > > >> >> To unsubscribe from this group, send email to > > >> >> puppet-users+unsubscr...@googlegroups.com > . > > >> >> For more options, visit this group at > > >> >>http://groups.google.com/group/puppet-users?hl=en. > > > > >> > -- > > >> > You received this message because you are subscribed to the Google > > >> > Groups > > >> > "Puppet Users" group. > > >> > To post to this group, send email to puppet-us...@googlegroups.com. > > >> > To unsubscribe from this group, send email to > > >> > puppet-users+unsubscr...@googlegroups.com > . > > >> > For more options, visit this group at > > >> >http://groups.google.com/group/puppet-users?hl=en. > > > > >> -- > > >> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > > > >> -- > > >> You received this message because you are subscribed to the Google > Groups > > >> "Puppet Users" group. > > >> To post to this group, send email to puppet-us...@googlegroups.com. > > >> To unsubscribe from this group, send email to > > >> puppet-users+unsubscr...@googlegroups.com > . > > >> For more options, visit this group at > > >>http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > > >http://about.me/scoot > > >http://twitter.com/ohlol > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en. > > > > -- > > Nigel Kersten - Puppet Labs - http://www.puppetlabs.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] config settings for environments
One important thing I missed out is that I get my server name passed as an environment variable ($SSL_CLIENT_S_DN_CN no less) because I run puppetmaster from passenger. John On 29 November 2010 17:34, John Warburton wrote: > I am guessing this feature request didn't get submitted (well not on > keyword config_version), and I just hit it > > The way I do it is that my config_version script shells out a call to the > node classifier (I'm one of the lucky ones who has one!) and greps for the > environment > > I have filed http://projects.puppetlabs.com/issues/5404 > > John > > > On 14 March 2010 04:10, Alan Barrett wrote: > >> On Wed, 10 Mar 2010, Rob McBroom wrote: >> > Hello. The documentation on using multiple environments says there are >> > only a couple of settings that make sense per-environment (modulepath, >> > templatedir, manifest) but it=??s not clear to me whether or not those >> > are the only ones supported. >> >> I believe that those three are the only variables that may >> be changed per environment. >> >> > Specifically, I=??m trying to set config_version. Each of my >> > environments are clones of the same git repo at different points in >> > its history, so using git to determine a config_version should yield >> > different results in different environments. >> >> Sorry, you are out of luck. I suggest filing a feature request for the >> environment name and/or other relevant variables to be passed to the >> config_version script. >> >> --apb (Alan Barrett) >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > > > -- > John Warburton > Ph: 0417 299 600 > Email: jwarbur...@gmail.com > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs.com down?
It seems it isn't me - http://downforeveryoneorjustme.com/www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Best passenger stack for 2.6
Hi All I saw quite a bit of discussion a few months ago about getting passenger to run on 2.6. I was wondering if there was a consensus, as it isn't reflected in http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger. I am having a caching issue with config_version and I want to eliminate other software first I am using puppet 2.6.4, and use the same stack I did on 0.25.x: gems: fastthread (1.0.7) passenger (2.2.14) rack (1.1.0) pkgs: apache 2.2.15 ruby 1.8.7-p249 puppet 2.6.4 facter 1.5.8 Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] extlookup debugging
Hi All We are going through a tedious debug looking for a nit with our extlookup data. I wondered if there was any way to get progress/status from extlookup to help us find our problem It seems R.I.Pienaar has some debug code for extlookup ( http://groups.google.com/group/puppet-dev/msg/5c70621832b48698), so I filed https://projects.puppetlabs.com/issues/5760 to ask for that debug support to be built in. Please 'watch' this ticket to register your interest in getting this scheduled. Until then, any other solutions would be gratefully received Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Cron provider deleting all entries from crontab?
Thanks for identifying the problem Kent - I can confirm it here on our Sol 10 U9 puppet servers which require the puppet user with a crontab Other servers without a user crontab requirement don't nuke root's crontab I have updated bug 5752 Regards John On 5 January 2011 03:07, Kent wrote: > Just FYI to people looking at this thread I filled bug 5752 on > puppetlabs.com for this issue. > Hopefully it gets resolved soon or I can figure out a work around > because right now we have to stop using the cron provider for all > users. > > -Kent > > On Jan 3, 2:12 pm, Kent wrote: > > Ok that seems to be the problem but it's apparently still not fixed in > 2.6.3 > > on Solaris. > > I did figure out more on this issue, it seems that if you are managing a > > cron entry for a user that does not yet exist puppet nukes all the > current > > entries for any cron jobs it's currently managing for existing users. > Once > > all users exist everything works as expected. > > > > Since the cronjob pre-fetch occurs before the user(s) get added it always > > happens the first time you run puppet on a new host and doesn't seem to > keep > > a backup of the original crontab. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Supporting tar.gz as file source
On 6 January 2011 12:52, Nigel Kersten wrote: > > > On Wed, Jan 5, 2011 at 2:52 PM, Michael Knox wrote: > >> It would be neat if puppet could use tar.gz's as a source, instead of just >> bare directory trees. So I've lodged a feature request: >> https://projects.puppetlabs.com/issues/5786 >> >> Many of my manifests for applications need to cover the following process: >> 1. Download .tar.gz to host >> 2. Expand .tar.gz >> 3. Whatever install process is required >> > > I'm not totally against this, but I am curious why you haven't decided to > build packages for these applications, as that should essentially contain > all your desired functionality right? > Our own situation is that we have developers who build their own applications, and if we packaged them with RPM or pkg, then they would have to be installed as root. We don't trust them enough for that, so right now we run an exec as the application owner to unpack the tar.gz John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Supporting tar.gz as file source
On 6 January 2011 16:18, Nigel Kersten wrote:
> On Wed, Jan 5, 2011 at 6:39 PM, John Warburton wrote:
>
>> Our own situation is that we have developers who build their own
>> applications, and if we packaged them with RPM or pkg, then they would have
>> to be installed as root. We don't trust them enough for that, so right now
>> we run an exec as the application owner to unpack the tar.gz
>>
>>
> Do you just unpack once and leave it alone? Drop a marker file when an
> install script succeeds and you don't have to run it again?
>
Yes - unpack and leave there - which is "messy", and on the "To Do" list,
but good enough for now. The marker file is the directory we expect to have
been unpacked from the tar ball
It sounds like we could maybe do a tar.{gz,bz2,zip} "package" provider, with
> simple install, uninstall, maybe the ability to specify versions by
> symlinks.
>
We actually have a define on top of the package provider to use graft (
http://peters.gormand.com.au/Home/tools/graft/graft-html) to use different
versions of packages with sym links because package management in Solaris
isn't version aware like rpm is
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Supporting tar.gz as file source
On 7 January 2011 01:33, jcbollinger wrote: > > On Jan 5, 8:39 pm, John Warburton wrote: > [...] > > Our own situation is that we have developers who build their own > > applications, and if we packaged them with RPM or pkg, then they would > have > > to be installed as root. We don't trust them enough for that, so right > now > > we run an exec as the application owner to unpack the tar.gz > > Like Doug, I don't quite follow that. Perhaps I misunderstand > "installed as root", because Puppet is already providing root > privileges for the installation. If you mean "installed as owned by > root" or "installed in " then you are > mistaken: RPMs can easilly be built so that their files are installed > wherever you like and have whatever ownership and permissions you > like. > I probably wasn't clear, but what I meant was that rpm and pkgadd have to run as root, so we have to trust that the developers didn't do anything silly / naughty / destructive in the script areas, or overwrote into places like /bin. We don't have the resources right now to build them ourselves or audit such packages, so the least worst compromise (for us) was installing a tar ball with an exec being run as the application owner. If you are concerned about scriptlets in the RPM being run as root > then you can easily avoid that. Don't rely on the developers to > package their own software; instead take the tarballs they already > provide and package up all the contents in RPM form (without any > as above, we'd like to, but we just don't have the resources to do this right now > I try at all costs to avoid installing anything on my systems without > packaging it. That way I know what's (supposed to be) there, I can > > YMMV. > I agree, but we're in the early stages of large scale puppet deployment. Proper package management techniques for the outliers hopefully will come in the next iteration BTW for Solaris people, we use pkgbuild (http://pkgbuild.sourceforge.net/) which will automatically build a SVR4 pkg or IPS package from a RPM like SPEC file. It is pretty cool - it enforces that you don't build packages as root, and if you have your SPEC file created correctly does everything from downloading a tarball, configure, compile and packaging. Very nice, and is what the Open Solaris project uses Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] config_version - runs once at daemon startup, not every compile time
Hi All For those that use, or want to use config_version, you might want to watch http://projects.puppetlabs.com/issues/3692 My debugging (with webrick) shows that the puppet server only executes the script defined in config_version at daemon startup, no matter how many clients connect. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Set client environment on master
On 19 January 2011 14:40, Patrick wrote: > On Jan 18, 2011, at 7:38 PM, Dan Bode wrote: > > On Tue, Jan 18, 2011 at 7:16 PM, Bostjan Skufca < > bostjan.skufca.w...@gmail.com> wrote: > >> > I work around this by setting a variable in the node definition if I >> > want the client to use an environment other than production by default. >> > My puppet client class then uses this variable value as the environment >> > value in the clients puppet.conf (via a template) >> >> But I want to set it on master for various reasons (mainly security >> and node separation, various environments for various clients (not >> puppet clients, but company clients) which should not be able to see >> other client's stuff by just changing the environment manually). >> > > if you use an external node classifier, you can set it there. > > http://docs.puppetlabs.com/guides/external_nodes.html > > > I don't have the bug report on hand, but I believe that this won't lock > clients out of files and/or plugins in a different environment. > > I actually want to be able to have it the other way around - the node classifier sets the default environment, but my client can override if it so wishes - https://projects.puppetlabs.com/issues/3910 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Set client environment on master
On 19 January 2011 17:41, Bruce Richardson wrote: > On Wed, Jan 19, 2011 at 05:10:56PM +1100, John Warburton wrote: > > wishes - https://projects.puppetlabs.com/issues/3910 > > *Looks at discussion* Ouch. If the client were still allowed to > override the environment, even when the server was explicitly set to be > authoritative, that would make a complete nonsense of "authoritative". > Glad the discussion has gone the other way. > This may be true for you, but not for all sites. What I am looking for is a way to set the level of authoritativeness on the server, so that you and I can coexist. I imagine you would set the server to always be authoritative, where I would set it to be "let the client choose", but default to what the server thinks if the client doesn't supply an option That means the authoritativeness policy that works for our site (and I know another large site that manages desktops with puppet lets the client set the environment) won't interrupt yours John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Set client environment on master
On 20 January 2011 13:18, Bostjan Skufca wrote: > The way John sums it up really makes sense. Feature request? > Alan Barrett did this in note 17 - https://projects.puppetlabs.com/issues/3910#note-17 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] pre-compiling gems
Hi I have a small number of gems I install on my puppet server, and manage to get them compiled and they pick up my non standard environment and install OK However, I need to send some options to the mysql gem to get it to compile. Hence I do it by hand, which is now biting, as well as not the right way to do it in puppet. I'm also not comfortable having to install a C compiler on servers I want to install gems on What are my options in compiling the gem in puppet? I have come up with: 1) Pre-set the environment so that when I run my puppet client from a wrapper script, I set my compile options there. I'm not too keen on this for one offs, but can live with it 2) Trying to pre-compile the gem and install it. Since I have no idea what I am doing, I saw this - https://github.com/frsyuki/gem-compile - which implies using my package provider (RPM, Solaris pkg) to install the gem, and not gem itself. Does anyone do this & have any tips for the hapless & clueless rubygem newbie? Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] pre-compiling gems
On 20 January 2011 15:08, Daniel Pittman wrote: > On Wed, Jan 19, 2011 at 20:02, John Warburton > wrote: > > 2) Trying to pre-compile the gem and install it. Since I have no idea what > I > > This. Always do this. It gives you predictable, uniform behaviour, a > uniform interface to specify dependencies between the gem and OS > packages (well, not pkg, maybe ;), and a way to ensure that you have > exactly the same binary code on every machine. > Thanks Daniel - needed that level of definitiveness :-) > PS: I have "packaged" some gems by literally wrapping the standard OS > packaging tools around running "gem install" with an option to write > to the correct place. Worked fine for our needs, so it doesn't > require a lot of infrastructure, and you can fetch the thing with 'gem > fetch' for easy operation. > That gave me the push I needed, and now have my fave packager ( http://pkgbuild.sourceforge.net/) compiling the gem into a packaging directory for packaging as non root: gem install --no-ri --no-rdoc mysql --install-dir /some/where/users/can/write --source http://our/gem/repo Regards John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetmasterd verbose log
On 28 January 2011 11:17, Sergey V. Arlashin wrote: > Hi! > When I issue > $ puppetmasterd --no-daemonize --verbose > > I get very neat and clear log to STDIN. But I can't figure out how to get > this log when I start puppetmasterd without --no-daemonize option. Is it > possible? > You can log to a file with logdest - but doesn't buffer correctly. Watch https://projects.puppetlabs.com/issues/4139 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Application / database deployment coordination
On 29 January 2011 07:27, Pete Ehlke wrote: > Question: is the sort of orchestration that I seem to need something that > can be approached in puppet, or would I be better off slicing this > application out to a different automation platform? > > Orchestration outside of the client isn't puppet's strong point. Look at tools like Control Tier ( http://dev2ops.org/blog/2009/11/2/6-months-in-fully-automated-provisioning-revisited.html) with whom Puppet Labs have a relationship John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetmaster 100%cpu usage on 2.6 (not on 0.24)
On 1 February 2011 08:43, Brice Figureau wrote: > On 31/01/11 19:11, Udo Waechter wrote: > > Do you use storeconfigs? > Speaking of resource hogs, do you run the puppet labs dashboard on the same host? I had a similar setup (on crusty old Sun kit mind), and found a big performance hit in writing the reports by the client to the puppet master and then those reports to the dashboard. Everything calmed down once I moved the dashboard to another host John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] version number for modules
On 1 February 2011 08:05, Nan Liu wrote: > On Mon, Jan 31, 2011 at 11:45 AM, Christopher Lee > wrote: > > If you manage the entire puppet modules in a repository, you might > also be interested in the config_version option to log version info. > config_version has issues - especially with environments. I've had to abandon using it for the specific case described here. Official ticket is http://projects.puppetlabs.com/issues/3692 (background reading http://projects.puppetlabs.com/issues/3043 & https://projects.puppetlabs.com/issues/4640) John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet delegation / teams
On 1 February 2011 04:29, Nigel Kersten wrote: In any case it sounds like you want some pre-commit hooks to run > --parseonly on the manifests to check they parse, and you're going to > want to split up the modulepaths such that different groups have > different permissions. > parseonly hasn't been working for 2.6.x - https://projects.puppetlabs.com/issues/5081 Will be fixed when 2.6.5 comes out John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Anyone using config_version successfully?
I have tried to use config_version and failed due to limitations in the way I would like to use it: - http://projects.puppetlabs.com/issues/3692 - http://projects.puppetlabs.com/issues/4845 - http://projects.puppetlabs.com/issues/5404 As part of http://projects.puppetlabs.com/issues/3692, we'd like to get a handle on who in the puppet community is using config_version successfully as it stands Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to include the Scope(...) in a generated string?
On 3 February 2011 05:04, Dan Bode wrote:
>
> Here is some code to print all of the current variable names in the scopes
> symbol table:
>
> class fooperi {
> $foo = inline_template("<% scope.to_hash.keys.each do |k| %>
> <%= k %><% end %>")
> notice($foo)
> }
>
For those of us with next to no ruby or knowledge on where to look inside
puppet for variables, this is brilliant! I have on occasion wondered about
this
I would love to see that in
http://docs.puppetlabs.com/guides/templating.html in the "Access to defined
tags and classes" section. I have created a ticket for that -
https://projects.puppetlabs.com/issues/6124
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet 2.6.5-rc1 Parameter type failed: type is read-only
Hello All Well, I quickly packaged up puppet-2.6.5-rc1 and dropped it on my test VM (Solaris 10 U9) against my 2.6.4 server, and immediately started getting the same error message, but on different manifests, or the same manifests but different line numbers. These manifests were written in 0.25.5 days and successfully made the transition to 2.6.4 running on a couple of hundred servers John root@warbjohn# /opt/local/sbin/run-puppet.sh --color true + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime --no-daemonize --ignorecache --no-usecacheonfailure --config /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest /var/log/puppet_client/puppet_client.log --color true err: Could not run Puppet configuration client: Parameter type failed: type is read-only at /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/openssh.pp:44 root@warbjohn# /opt/local/sbin/run-puppet.sh --color true + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime --no-daemonize --ignorecache --no-usecacheonfailure --config /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest /var/log/puppet_client/puppet_client.log --color true err: Could not run Puppet configuration client: Parameter type failed: type is read-only at /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/openssh.pp:54 root@warbjohn# /opt/local/sbin/run-puppet.sh --color true + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime --no-daemonize --ignorecache --no-usecacheonfailure --config /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest /var/log/puppet_client/puppet_client.log --color true err: Could not run Puppet configuration client: Parameter type failed: type is read-only at /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/init.pp:111 root@warbjohn# /opt/local/sbin/run-puppet.sh --color true --trace + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime --no-daemonize --ignorecache --no-usecacheonfailure --config /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest /var/log/puppet_client/puppet_client.log --color true --trace info: Retrieving plugin info: Loading facts in cyberark_init info: Loading facts in pkgs_facts info: Loading facts in svcs_facts info: Loading facts in serialnumber info: Loading facts in solaris_memory info: Loading facts in cyberark_init info: Loading facts in pkgs_facts info: Loading facts in svcs_facts info: Loading facts in serialnumber info: Loading facts in solaris_memory info: Caching catalog for warbjohn.insidelive.net /opt/local/lib/puppet/parameter.rb:171:in `fail' /opt/local/lib/puppet/type/file/type.rb:15:in `unsafe_validate' /opt/local/lib/puppet/parameter.rb:255:in `validate' /opt/local/lib/puppet/property.rb:300:in `should=' /opt/local/lib/puppet/property.rb:300:in `each' /opt/local/lib/puppet/property.rb:300:in `should=' /opt/local/lib/puppet/property.rb:337:in `value=' /opt/local/lib/puppet/type.rb:416:in `[]=' /opt/local/lib/puppet/type.rb:1773:in `set_parameters' /opt/local/lib/puppet/type.rb:1767:in `each' /opt/local/lib/puppet/type.rb:1767:in `set_parameters' /opt/local/lib/puppet/type.rb:1749:in `initialize' /opt/local/lib/puppet/type/file.rb:387:in `initialize' /opt/local/lib/puppet/resource.rb:277:in `new' /opt/local/lib/puppet/resource.rb:277:in `to_ral' /opt/local/lib/puppet/resource/catalog.rb:553:in `send' /opt/local/lib/puppet/resource/catalog.rb:553:in `to_catalog' /opt/local/lib/puppet/resource/catalog.rb:531:in `each' /opt/local/lib/puppet/resource/catalog.rb:531:in `to_catalog' /opt/local/lib/puppet/resource/catalog.rb:468:in `to_ral' /opt/local/lib/puppet/configurer.rb:113:in `convert_catalog' /opt/local/lib/puppet/configurer.rb:108:in `retrieve_catalog' /opt/local/lib/puppet/configurer.rb:139:in `run' /opt/local/lib/puppet/agent.rb:39 /opt/local/lib/puppet/agent/locker.rb:21:in `lock' /opt/local/lib/puppet/agent.rb:39 /opt/local/pkgs/ruby-1.8.7-p249/lib/ruby/1.8/sync.rb:230:in `synchronize' /opt/local/lib/puppet/agent.rb:39 /opt/local/lib/puppet/agent.rb:103:in `with_client' /opt/local/lib/puppet/agent.rb:37 /opt/local/lib/puppet/application.rb:171:in `call' /opt/local/lib/puppet/application.rb:171:in `controlled_run' /opt/local/lib/puppet/agent.rb:35:in `run' /opt/local/lib/puppet/application/agent.rb:114:in `onetime' /opt/local/lib/puppet/application/agent.rb:88:in `run_command' /opt/local/lib/puppet/application.rb:304:in `run' /opt/local/lib/puppet/application.rb:410:in `exit_on_fail' /opt/local/lib/puppet/application.rb:304:in `run' /opt/local/sbin/puppetd:4 err: Could not run Puppet configuration client: Parameter type failed: type is read-only at /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/openssh.pp:44 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubsc
[Puppet Users] Re: puppet 2.6.5-rc1 Parameter type failed: type is read-only
Let me get back to you on this. The server is still 2.6.4! On 7 February 2011 20:19, John Warburton wrote: > Hello All > > Well, I quickly packaged up puppet-2.6.5-rc1 and dropped it on my test VM > (Solaris 10 U9) against my 2.6.4 server, and immediately started getting the > same error message, but on different manifests, or the same manifests but > different line numbers. These manifests were written in 0.25.5 days and > successfully made the transition to 2.6.4 running on a couple of hundred > servers > > John > > root@warbjohn# /opt/local/sbin/run-puppet.sh --color true > + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime > --no-daemonize --ignorecache --no-usecacheonfailure --config > /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest > /var/log/puppet_client/puppet_client.log --color true > err: Could not run Puppet configuration client: Parameter type failed: type > is read-only at > /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/openssh.pp:44 > > root@warbjohn# /opt/local/sbin/run-puppet.sh --color true > + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime > --no-daemonize --ignorecache --no-usecacheonfailure --config > /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest > /var/log/puppet_client/puppet_client.log --color true > err: Could not run Puppet configuration client: Parameter type failed: type > is read-only at > /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/openssh.pp:54 > > root@warbjohn# /opt/local/sbin/run-puppet.sh --color true > + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime > --no-daemonize --ignorecache --no-usecacheonfailure --config > /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest > /var/log/puppet_client/puppet_client.log --color true > err: Could not run Puppet configuration client: Parameter type failed: type > is read-only at > /u1/warbjoh/svn-workspace/puppet/trunk/modules/base/manifests/init.pp:111 > > root@warbjohn# /opt/local/sbin/run-puppet.sh --color true --trace > + /opt/local/sbin/puppetd --server puppet-lab.bfm.com --verbose --onetime > --no-daemonize --ignorecache --no-usecacheonfailure --config > /var/puppet/etc/puppetd.conf --environment Lwarbjoh --logdest > /var/log/puppet_client/puppet_client.log --color true --trace > info: Retrieving plugin > info: Loading facts in cyberark_init > info: Loading facts in pkgs_facts > info: Loading facts in svcs_facts > info: Loading facts in serialnumber > info: Loading facts in solaris_memory > info: Loading facts in cyberark_init > info: Loading facts in pkgs_facts > info: Loading facts in svcs_facts > info: Loading facts in serialnumber > info: Loading facts in solaris_memory > info: Caching catalog for warbjohn.insidelive.net > /opt/local/lib/puppet/parameter.rb:171:in `fail' > /opt/local/lib/puppet/type/file/type.rb:15:in `unsafe_validate' > /opt/local/lib/puppet/parameter.rb:255:in `validate' > /opt/local/lib/puppet/property.rb:300:in `should=' > /opt/local/lib/puppet/property.rb:300:in `each' > /opt/local/lib/puppet/property.rb:300:in `should=' > /opt/local/lib/puppet/property.rb:337:in `value=' > /opt/local/lib/puppet/type.rb:416:in `[]=' > /opt/local/lib/puppet/type.rb:1773:in `set_parameters' > /opt/local/lib/puppet/type.rb:1767:in `each' > /opt/local/lib/puppet/type.rb:1767:in `set_parameters' > /opt/local/lib/puppet/type.rb:1749:in `initialize' > /opt/local/lib/puppet/type/file.rb:387:in `initialize' > /opt/local/lib/puppet/resource.rb:277:in `new' > /opt/local/lib/puppet/resource.rb:277:in `to_ral' > /opt/local/lib/puppet/resource/catalog.rb:553:in `send' > /opt/local/lib/puppet/resource/catalog.rb:553:in `to_catalog' > /opt/local/lib/puppet/resource/catalog.rb:531:in `each' > /opt/local/lib/puppet/resource/catalog.rb:531:in `to_catalog' > /opt/local/lib/puppet/resource/catalog.rb:468:in `to_ral' > /opt/local/lib/puppet/configurer.rb:113:in `convert_catalog' > /opt/local/lib/puppet/configurer.rb:108:in `retrieve_catalog' > /opt/local/lib/puppet/configurer.rb:139:in `run' > /opt/local/lib/puppet/agent.rb:39 > /opt/local/lib/puppet/agent/locker.rb:21:in `lock' > /opt/local/lib/puppet/agent.rb:39 > /opt/local/pkgs/ruby-1.8.7-p249/lib/ruby/1.8/sync.rb:230:in `synchronize' > /opt/local/lib/puppet/agent.rb:39 > /opt/local/lib/puppet/agent.rb:103:in `with_client' > /opt/local/lib/puppet/agent.rb:37 > /opt/local/lib/puppet/application.rb:171:in `call' > /opt/local/lib/puppet/application.rb:171:in `controlled_run' > /opt/local/lib/puppet/agent.rb:35:in `run' > /opt/local/lib/
[Puppet Users] Re: puppet 2.6.5-rc1 Parameter type failed: type is read-only
OK - I found the issue. Because 2.6.x gives us nice human readable(ish)
catalogs, I compiled mine and the 'random' hits were all for directories.
Re-reading the manifest, I see those directories in the error messages all
had "type => directory", like
file { "/var/empty":
ensure => 'directory',
*type => 'directory',*
mode => 755,
Seems 2.6.5 is being a bit tighter
Anyway - all is well after deleting these types.
John
On 8 February 2011 09:46, John Warburton wrote:
> Let me get back to you on this. The server is still 2.6.4!
>
>
> On 7 February 2011 20:19, John Warburton wrote:
>
>> Hello All
>>
>> Well, I quickly packaged up puppet-2.6.5-rc1 and dropped it on my test VM
>> (Solaris 10 U9) against my 2.6.4 server, and immediately started getting the
>> same error message, but on different manifests, or the same manifests but
>> different line numbers. These manifests were written in 0.25.5 days and
>> successfully made the transition to 2.6.4 running on a couple of hundred
>> servers
>>
>> John
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to include the Scope(...) in a generated string?
On 3 February 2011 05:04, Dan Bode wrote:
> class fooperi {
> $foo = inline_template("<% scope.to_hash.keys.each do |k| %>
> <%= k %><% end %>")
> notice($foo)
> }
>
so I have this running nicely in a file - but I'd love to have the results
sorted. Putting ".sort" at random places on the hash gives me errors. Any
pointers for a ruby newby?
Thanks
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to include the Scope(...) in a generated string?
On 10 February 2011 16:04, Nan Liu wrote:
>
> Not sure if there's a better way. Convert all Hash key to string, so
> it doesn't choke on the array sort:
>
> $foo = inline_template("<% scope.to_hash.keys.collect{|x|
> x.to_s}.sort.each do |k| %><%= k %><% end %>")
> notice($foo)
>
> Thanks Nan - it works perfectly - even if it looks like a bit of voodoo :-)
But then, so did perl when I first started using it...
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetmaster 100%cpu usage on 2.6 (not on 0.24)
On 8 February 2011 06:15, Ashley Penney wrote: > I just upgraded the master, I was too lazy to do the nodes yet. > > > On Mon, Feb 7, 2011 at 1:56 PM, Brice Figureau < > brice-pup...@daysofwonder.com> wrote: > >> On 07/02/11 17:23, Ashley Penney wrote: >> > Because I like to live dangerously I upgraded to 2.6.5 and it seems like >> > this has resolved the CPU problem completely for me. >> >> Did you upgrade the master or the master and all the nodes? >> > Was that upgrade to 2.6.5rc2? Seems there has been a nice patch to speed up large HTTP POST & PUTs. Since 2.6.x reports can be large (I have some approaching 1 Mb), this might be where the problem may have been https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.6.5 https://projects.puppetlabs.com/issues/6257 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet in the DMZ
Curse GW Bush and his 'Axis of Evil' - my google searches are contaminated with hits to Korea, and other such fun... Does anyone have any experiences with puppet in the DMZ they can share? At my puppet master training (Hi Hunter), it was mentioned some people compile their catalogs inside, then ship them out to servers in the DMZ to be applied. I understand that fine, but we use facts quite a bit to get state information, so the traditional part of the client server/model where facts are shipped back from the client to the puppet server is missing. How do people get around the "common" rule that DMZ servers should not initiate network connections back to the internal network? Should we have a puppet server in the DMZ? Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet 2.6.5-rc1 Parameter type failed: type is read-only
On 9 February 2011 21:57, John Warburton wrote:
> OK - I found the issue. Because 2.6.x gives us nice human readable(ish)
> catalogs, I compiled mine and the 'random' hits were all for directories.
> Re-reading the manifest, I see those directories in the error messages all
> had "type => directory", like
>
> file { "/var/empty":
> ensure => 'directory',
> *type => 'directory',*
> mode => 755,
>
> I was wondering how the type in the file resource for directories got in
there. Maybe too enthusiastic reading of the manual? It seems it may have
been ralsh from when it was working.
Now that https://projects.puppetlabs.com/issues/3165 is resolved, I used
ralsh on a directory with 2.6.5rc2, and it generated the same bad code!
I have raised https://projects.puppetlabs.com/issues/6314
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Namespace tools?
On 18 February 2011 08:45, Master Cho wrote: > Are there any tools/techniques for dumping/browsing all of the > namespaces? > I have found the template examples at the bottom of http://docs.puppetlabs.com/guides/templating.html useful John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Trying to write a visudo checker
On 4 March 2011 13:21, Rich Rauenzahn wrote: > This visudo checker I've written (based on some examples from the web > and puppet training materials) causes a dependency loop -- but only > I've approached the problem from another direction and we have a subversion pre-commit hook for the sudoers file... case $file in */sudoers) OUTPUT=`/usr/sbin/visudo -c -q -f $TMPFILE 2>&1` if [ $? -ne 0 ] ; then echo "sudoers syntax error in $file" >&2 echo "$OUTPUT" >&2 exit 1 fi ;; John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Role-based access in Dashboard
On 3 March 2011 06:02, Randall Hansen wrote: > Role-based access will be one of the next big features in Dashboard. If > this is something that would help you, will you tell me the minimum features > that you would consider useful? That is, the features without which RBAC > would be useless to you. > > Everything everyone else has said plus audit logging of actions taken by the user, and ways to report on that (even a "last x changes" on the node view) John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] finished, yet execution expired
I'd suggest waiting for 2.6.6 to be fully released >From http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.5 Faster Passenger support Bug #6257 <http://projects.puppetlabs.com/issues/6257>: Rack POST and PUT request handling is very slow. The speed of the Rack HTTP handler has been dramatically improved. This should prevent timeouts that some users were experiencing when running under Passenger. John On 9 March 2011 03:24, Angelo Corbo wrote: > I would like to follow up on this issue, because it was never really > addressed, as the OP switched to nginx. > > I am experiencing a few of those "finished, yet execution expired" runs, > and I can see from the agent's run (using --trace, as suggested by Jeff) > that there's a timeout (/usr/lib/ruby/1.8/timeout.rb:64:in `rbuf_fill'). > > Interestingly enough, this event occurs systematically on one type of hosts > (I only use role based conf defined by environment), while all other types > are completing their runs successfully. > > Is this the right thread to post in or would it be better to open a new > one, yet with the same very effective subject? > > Many thanks, > > Angelo > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- John Warburton Ph: 0417 299 600 Email: jwarbur...@gmail.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Proposal: "strict" mode for manifests
On 9 March 2011 09:37, Robin Bowes wrote: > I'd really like puppet to blow-up at this stage and tell me that I've > used an variable without defining it first. Those familiar with perl > will recognise this as "use strict;". > Yes please! There are lots of places where puppet continues where IMHO it should abort. Here are a few I've been watching: - syntax errors in config file do not abort daemon: https://projects.puppetlabs.com/issues/4372 - Invalid settings in config blocks should produce a warning - https://projects.puppetlabs.com/issues/5218 - Option to make Puppet fail as soon as a resource fails - https://projects.puppetlabs.com/issues/3933 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Passenger Install Success / Question about logs
On 10 March 2011 07:44, Christopher Lee wrote: > Hello, > > Well I spent the morning getting passenger installed on my RHEL 5 server > and finally got it working and was able to run an agent update. But now I > have a questions about logs, before when we were working we would tail -f > puppetmaster.log file to see notices and errors, but now this log files is > not getting updated (makes since), but were can I view the logs now that > passenger is running? > > Logs go to syslog by default You will have to wait for 2.6.6 to be released for nice autoflushed logs in passenger to a file other than syslog ( https://projects.puppetlabs.com/issues/4139) John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] symlink noop error
Hi All
I have a bit of a strange one, and am not sure I'm doing this right. This is
with 2.6.4 on Solaris 10
We want to create a sym link from a source file that is created by a
package. If the package isn't installed, puppet in noop is registering an
error (big red in the dashboard) because it cannot stat the source file of
the link.
root@warbjohn# cat /tmp/symlink2.pp
package {"somepackage":
ensure => installed,
}
file {"/path/created/by/some/package/link":
source => "/path/created/by/some/package/source",
require => Package["somepackage"],
}
root@warbjohn# puppet --verbose --noop /tmp/symlink2.pp
info: Applying configuration version '1299817006'
notice: /Stage[main]//Package[somepackage]/ensure: current_value absent,
should be present (noop)
err: /Stage[main]//File[/path/created/by/some/package/link]: Could not
evaluate: Could not retrieve information from source(s)
/path/created/by/some/package/source at /tmp/symlink2.pp:7
notice: Finished catalog run in 10.63 seconds
IMHO, I don't think this should be an error from noop. Is this a bug, or am
I pushing my luck?
Thanks
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] symlink noop error
On 11 March 2011 20:57, Stefan Schulte wrote:
> On Fri, Mar 11, 2011 at 03:20:20PM +1100, John Warburton wrote:
> > file {"/path/created/by/some/package/link":
> > source => "/path/created/by/some/package/source",
> > require => Package["somepackage"],
> > }
> >
>
> Currently you're copying a file from source to link. If you want to
> create a symlink do:
>
> file { '/path/created/by/some/package/link':
> target => "/path/created/by/some/package/source",
> ensure => link,
> require => Package["somepackage"],
> }
>
> Oh duh, thanks Stefan - couldn't see the wood for the trees!
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet-dashboard Explorer 8
On 13 August 2010 18:59, ScubaDude wrote: > Ticket filed (bug, refactor) > > On Aug 13, 7:56 am, Matt Robinson wrote: > > We weren't aware as none of us are using Internet Explorer. We'll > > have to have someone get a copy to test with at some point. > > > > Can you file a ticket? > > > > http://projects.puppetlabs.com > > > > Thanks, > > Matt > > > > On Thu, Aug 12, 2010 at 6:40 AM, ScubaDude > wrote: > > > puppet-dashboard on internet exploder 8: > > > > > Layout borked and no graphs? > > > I was wondering if you were aware of this? > Am I the only other person interested in this? https://projects.puppetlabs.com/issues/4530 Its driving our managers nuts to copy & paste URLs from email to Firefox (if they have it) rather than just clicking on the dashboard URL and having it work with the corporate SOE Please "watch" this ticket if you are interested Thanks John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] ANNOUNCE: Puppet 2.6.7 final!
On 25 March 2011 11:42, Nigel Kersten wrote: > On Thu, Mar 24, 2011 at 5:10 PM, Thomas S Hatch wrote: > >> These accelerated releases are going to keep us on our toes! >> > This is the downside of monthly releases, particularly when we have an > extra, out of cycle release like we did for 2.6.6. > Also an issue for those of us that don't run mainstream (Solaris :-) systems where edge case changes may not be tested. I haven't had time in th epast weeks to test the release candidates, but downloaded 2.6.7 just now and found massive changes in the mount provider failing on /tmp. Bug to be filed John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] mount tmpfs on Solaris fail with 2.6.7
Apologies - I haven't had time to test the release candidates. This is a kicker for us, as I want to start using the new features from the dashboard & inventory in 2.6.7 https://projects.puppetlabs.com/issues/6845 John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: manage /etc/passwd and /etc/group
On 4 April 2011 23:20, stefanero wrote: > Okey, > > thank you for this information, so augeas cannot handle this type of > requests. > I noted this a few years ago, and so did a simple line append. ( http://projects.puppetlabs.com/projects/1/wiki/Simple_Text_Patterns) You may want to file a feature request with the Augeas people to get it to understand netgroups in the password file John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SSL issues: Separate CA, multiple load balanced masters
On 7 April 2011 04:02, Andrei Serdeliuc wrote: > Hi, > > I've been at it for about 4 days now and I just can't figure it out. > I'm getting the following error when running puppet agent on my > masters: SSL_connect returned=1 errno=0 state=SSLv3 read server > certificate B: certificate verify failed > It took me a bit longer than 4 days, but using http://bodepd.com/wordpress/?p=7 as a guide, I did this: 1. CA server is a puppet server with the exact same configuration on all puppet servers. ca_server is puppet-ca.example.com 2. Same certname everywhere: puppet.example.com. Manage the certs in puppet: $etc/ssl/ca/signed/puppet.example.com.pem $etc/ssl/certs/puppet.example.com.pem $etc/ssl/private_keys/puppet.example.com.pem $etc/ssl/public_keys/puppet.example.com.pem 3. Same certdnsname everywhere with every possible combination of name the client contacts the puppet master with. I have heard (but not tried) you can use wild cards. This includes puppet-ca.example.com, puppet.example.com, ... 4. I keep all $etc/ssl/ca files managed in puppet too Note that I use CNAMEs everywhere so I don't have to change certificates if I replace a machine. Adding machines will require a new cert Keep playing. Once it works, it works well. I can deploy a new puppet server in the blink of an eye! John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
