Re: [Puppet Users] Thoughts on preseed vs config files?

[Thomas Bendler]

2012/5/2 Brian Gupta 

> So having an internal debate on whether to use puppet managed debian
> preseed files to configure packages prior to installation or
> installing with no-config and using puppet to manage the config files
> after the fact.
>
> The end of the discussion is that ideally one would use both, but if
> one had to chose just one, it would be puppet managing the configs,
> with the exception of certain packages that gain more benefit than
> average by being configured through debconf. e.g. - Setting root mysql
> password, so that debian maint. cron jobs can run without issue.
>
> Thoughts?
>

>From my point of view it is a good way to be as close as possible on the
upstream way of doing. It is surely possible to write puppet classes for
everything to get administrative actions done but it is not very release
save. I made the observation that the amount of work which is necessary to
rewrite classes to match a new distribution release increases drastically
when I do the whole work with my own written classes. When I use standard
mechanisms that the distribution provide (regardless if debconf or
something else) instead of own configuration mechanism I save a lot of
time. I still can call the distribution mechanism with exec so I still can
reflect the configuration change within puppet.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] (mostly) philosophical design question

[Thomas Bendler]

Hi David,

2011/10/3 David Ressman 

> [...]
> I'm currently redoing our puppet setup and trying to start with new design
> from the ground up to implement all of the puppet 2.6+ goodness, but I'm
> getting tripped up with the complexity of the design. I want to do things
> the right way, but I don't want to introduce additional complexity, which is
> what I feel like I'm doing. The best example I can come up with is for an
> NTP module, since puppet docs use it a lot. I'll just describe how I imagine
> it should work from my understanding of the style guide and the
> parameterized class documentation, and hopefully someone can help clear it
> up a bit by either telling me I'm on the right track or that I'm hitting the
> crack pipe a bit too hard. For the sake of simplicity, I've left out
> ntp::server, but it looks the same as ntp::client.
> [...]
>

since I switched to Eclipse/Gepetto module development I do something like
this fo init.pp:

# Class: backup
#
# This module manages backup
#
# Parameters: usageType
#
# Actions: Setup backup
#
# Requires: common module
#
# Sample Usage: class { backup: usageType = "baculaClient" }
#
# [Remember: No empty lines between comments and class definition]
class backup(
$usageType = "none"
) {
#todo: ZZZ Module finished but untested
$localOS = $operatingsystem ? {
CentOS => true,
RedHat => true,
Scientific => true
}

if $localOS {
case $usageType {
"baculaServer": {
include backup::bacula
include backup::bacula::client
include backup::bacula::server
}

"baculaStorage": {
include backup::bacula
include backup::bacula::storage
}

"baculaClient": {
include backup::bacula
include backup::bacula::client
}
}
} else {
notice("$localOS not support in module $module_name")
}
}

So I use a service based setup instead of a product based setup. It is not
final because the main idea is to say, this node should get a backup client
and a site specific configuration decide which product should be used. The
main problem from my point of view is to find a design approach which
strictly separate generic from site specific code but I'm still in a design
development phase ;).

Regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Publicly accessible server?

[Thomas Bendler]

2011/10/21 Brian Gallew 

> In theory, as long as you are NOT auto-signing certificate requests, this
> is exactly what the puppet server was designed for.  However, you should
> note that the server is likely to suffer lots of random probing and may be
> susceptible to performance problems.
> [...]
>

Set up a firewall and restrict the IPs that can access Puppet.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: require service started at another node

[Thomas Bendler]

2010/11/1 Leonko 

> [...]
> >  2.  Make your application server tolerant of database downtime (that
> > is, have the applications generate sensible errors while the db is down
> > and recover when it is up, rather than just crash and require an
> > application server restart).
>
> If appserver (java app server like jboss)  start and can't find db
> it's crash and need to restart by hand.  We are unable to do anything
> with it.
>

Make a start script for the Appserver which do the steps for you:

#! /bin/sh

checkdb () {
  [... code to check if DB is up ...]
}

startdb () {
  [... code to start DB if down ...]
}

startApp () {
  [... code to start App if down ...]
}

if [ ! $(checkdb) ]; then
  startdb
  sleep 60
  if [ ! $(checkdb) ]; then
echo "Failed, couldn't start DB!"; exit
  else
startApp
  fi
fi

You can also implement it as a watchdog if you put your code in a construct
like this:

while true; do
  [... start logic with checks ...]
  sleep 30
done

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Prevent users from creating new accounts

[Thomas Bendler]

2010/11/4 hywl51 

> If puppet can not fullfill this requirement, is there any other tool
> or solution to solve it?
> [...]
>

There are several solutions you can use to audit your system. You can log
all events to a central server which might not be sufficent because root can
stop reporting or you can use things like PowerBroker to restrikt and audit
access to root or other accounts (
http://www.beyondtrust.com/PowerBroker-Servers-Unix.aspx?section=PowerBroker-Servers-Unix).
I'm still searching for something comparable based on an open source
solution but didn't find something yet.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Managing private key files; content=>file vs. binary content.

[Thomas Bendler]

Hi Chris,

2010/11/10 Chris 

> [...]
> file{"/path/to/foo.key": source=>"puppet:///keys/foo.key"} , because
> any valid puppet client could access foo.key.
> [...]
>


you are not sticked to the puppet file server, you can also use something
like this:

file {
   "/path/to/file":
 source => "/nfs/$host/file";
}

Make an export for each connected server and restrict access to this one.
Put all private files on the NFS server and you're done.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Managing private key files; content=>file vs. binary content.

[Thomas Bendler]

Hi Chris,

2010/11/10 Chris 

> [...]
> Yes, except that approach suffers from the same administrative
> problems as using puppet:/// and auth.conf. HTTPS certs aren't
> specific to hosts. If I have 20 servers all requiring foo.key (because
> they all have the foo-application class in their manifest), then
> either I have to copy foo.key into 20 different directories, or else
> have one export with 20 allowed hosts. And every time I add the foo-
> application class to another host, I need to remember to also expose
> the key to that host. With large numbers of keys and hosts, and
> moderate levels of churn, this becomes difficult to manage and prone
> to errors.
>

got the point, thought that you need one specific key on each server. So
that should be even simpler, use file with content and put the key in the
content field:

$myKey = "-BEGIN RSA PRIVATE
KEY-\nMIICXgIBAAKBgQDTqkVS4/iwKx8LngXQrEShlfSRtcSyOB1IjC5AIGUAJvapq9lz\n..."

file {
  "/path/to/keyFile":
content => $myKey;
}

Put this into your Webserver class and assign the class only to the
Webservers.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Managing private key files; content=>file vs. binary content.

[Thomas Bendler]

2010/11/10 Richard Crowley 

> [...]
> This works perfectly for PEM-formatted keys because they're ASCII,
> which is a subset of UTF-8.  Binary keys are not (usually) valid UTF-8
> and thus can't be crammed into a catalog without some encoding.
>

And why don't you convert the key to a PEM key before putting it into
puppet? You can use OpenSSL to convert the binary key to a PEM key:

openssl enc -in some-bin.key -out some-pem.key -a

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Disabling Certificates

[Thomas Bendler]

Hi Derek,

2010/11/12 Derek J. Balling 

> [...]
> Nope. Because "autosign" doesn't also "auto-overwrite".
>
> - New Host "foo001.domain.tld" is created
> - Certs are exchanged for foo001 with the puppetmaster, life is good,
> autosigned
> - Host foo001.domain.tld is retired
> - Replacement Host "foo001.domain.tld" is created
> - foo001 tries to talk to puppetmaster, presenting brand new certs. They
> don't match what the master has for that host. It tells foo001 to
> pound-sand.
>
> At that point, I have to manually log into the CA and clean out the
> certificates for foo001. I also have to go out to foo001, and blow away all
> ITS certs, since it's been given a cert it has no idea what to do with.
>

removing the certificate is part of the retirement process, as well as
removing the DNS entry, free up the IP in the CMDB, remove hardware from
rack and what else needs to be done when a box is retired. Nearly all of
this stuff could be scripted except the removal from the rack.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Thoughts on dropping 0.24.x client support in Puppet 2.7?

[Thomas Bendler]

2010/11/25 Nigel Kersten 

> [...]
> How do people feel about us dropping all XMLRPC support from 2.7.x,
> such that it only supported Puppet clients 0.25.x and higher?
> [...]
>

Will it be possible to run two puppet server instances (2.6.x and 2.7.x) on
the same host on different ports? If yes, go ahead and drop XMLRPC support.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Thoughts on dropping 0.24.x client support in Puppet 2.7?

[Thomas Bendler]

2010/11/25 Klaus Ethgen >

> [...]
> There are many distributions out there providing 0.24 version only. And
> as the use of puppet is to manage many distributions, even the
> antiquated »enterprise« distributions, I think that dropping support for
> version lower than 0.25 is not that good idea.
> [...]
>

But on this distributions you normaly use also the old server variant, so
shouldn't be a problem. And if you make you're own repository with actual
puppet rpms you should upgrade the client as well I would assume.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet on Windows

[Thomas Bendler]

Hi Nigel,

2010/11/25 Nigel Kersten 

> On Thu, Nov 25, 2010 at 5:48 AM, thbe  wrote:
> [...]
> > Any updates on this issue? Just set up puppet on a test box with a
> > Windows 2003 R2 32 Bits and I get the same error.
> We'll update the page for the alpha Windows support, but testing
> indicates we only support local manifests application on Windows right
> now, and we only have a provider for managing files so far.
>

thanks for the update, managing some files and getting machine facts via
facter would be completely sufficient for me in the first shot (facter
already does what I expect). Do you know if MCollective will be running on
Windows as well? With this combination I could manage my own script
directory to start and stop applications as well as start and stop Windows
itself.

Kind regards, Thomas
-- 
thomas bendler (systemadministration/network/SAP)
cimt consulting ag   fon: +49 (163) 6081 302
burchardstrasse 17  fax: +49 (40) 5 33 02-22
20095 hamburg  http://www.cimt.de/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet on Windows

[Thomas Bendler]

2010/11/26 Paul Nasrat 

> [...]
> Joel did do a users/group provider which may be quite dated and need
> some porting - if you are happy to test/develop:
> https://github.com/finalprefix/puppet/tree/win


What is the procedure to use this version? Download the ZIP and run
install.rb or must be something taken into account before using it?

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Package Repositories at http://yum.puppetlabs.com/

[Thomas Bendler]

Hi Jeff,

2010/12/30 Jeff McCune 

> [...]
> The "base" repository located at: http://yum.puppetlabs.com/base/ contains
> official packages for software Puppet Labs has released.  Currently this
> repository contains official releases of MCollective and Dashboard.
> [...]
>

what is the prerequisite for using this repository (i.e. CentOS Base +
EPEL)? Currently I maintain my own private repository because of missing
dependencies (didn't check if it is still true). So from my point of view it
would make sense to offer an repository that I can simply use in a
combination with CentOS + EPEL or RHEL + EPEL or whatever combination will
help.

Regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] race conditions in using "svn update" in puppetmaster's /etc/puppet directory?

[Thomas Bendler]

Hi James,

2011/1/3 James Ralston 

> [...]
> So, here's my question: if you are currently using the "svn update"
> approach to manage /etc/puppet on the puppetmaster, have you taken
> conscious steps to help avoid a race condition? If so, what are they?
> And if not, why not?
> [...]
>

I use a script (see attachement) which build up a local copy of /etc/puppet
from SVN. When it's done, the master is stopped, the configuration is
replaced and the master is started again. The script isn't bullet proof yet,
but it shouldn't be a big deal to implement some additional checks to make
it more robust.

Kind regards,
Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



svnSync.sh
Description: Bourne shell script

Re: [Puppet Users] Re: ANNOUNCE: Facter 1.5.9rc2

[Thomas Bendler]

Hi Todd,

2011/3/18 Todd Zullinger 

> [...]
> If you find problems with the packaging, please let me know.  If you
> find other bugs, please file them in redmine:
>
>http://projects.puppetlabs.com/projects/facter/issues
> [...]
>

don't know if it's a bug or related to the packages but facter search arp at
/usr/sbin/arp but on CentOS 5 it is at /sbin/arp.

Regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] MCollective facts with uppercase

[Thomas Bendler]

Hi @all,

don't know if this is the correct list for a question like this, but maybe
someone knows. Is there a reason why mc-facts don't support facts with
uppercase inside but mc-inventory does?

thbe@ocean:~$ mc-facts custRole
Could not call remote agent: Input fact does not match validation regex
^[a-z_0-9]+$
thbe@ocean:~$ mc-inventory node1.domain.tld | grep custRole
  custRole => standard
thbe@ocean:~$

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet Dashboard 1.1.0rc3

[Thomas Bendler]

Hi Jacob,

2011/3/24 Jacob Helwig 

> [...]
> This release is available for download at:
>
> http://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.1.0rc3.tar.gz
> [...]
>

are there already RPMs available? I would like to help testing but only if
RPMs are provided.

Kind regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet Dashboard 1.1.0rc3

[Thomas Bendler]

Hi Matt,

2011/4/8 Matt Robinson 

> [...]
> We definitely appreciate any help testing RC's and releases, so I look
> forward to your feedback.
> [...]
>

Ok, here it is (CentOS 5.6 system). I've changed:

su -s /bin/sh -c "${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}"
${DASHBOARD_USER} &

to:

su -s /bin/sh -c "${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}
>/dev/null 2>&1" ${DASHBOARD_USER} &

in /etc/init.d/puppet-dashboard. Otherwise my console is messed up with
error logs and I can't log out without loosing puppet-dashboard. /dev/null
could be replaced by a log file wich should be part of logrotate.

Regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Nagios group problem

[Thomas Bendler]

Hi @all,

I got stucked in the configuration of Nagios resources from Puppet. I've
wrote a some classes setting up a Nagios server, collect virtual resources
from the client and push them to the Nagios server. So far so good, it's
working. Now I try to group the hosts and services and the problems start.
I've created a basline class rolled out on all clients with entries like
this:

@@nagios_host { "${::fqdn}":
ensure => present,
alias => $::hostname,
address => $::ipaddress,
use => "linux-server",
hostgroups => ["baseline"]
}

@@nagios_service { "check-host-alive_${::hostname}":
check_command => "check-host-alive!100.0,20%!500.0,60%",
use => "generic-service",
host_name => $::fqdn,
notification_period => "24x7",
service_description => "${::hostname}_check-host-alive",
servicegroups => ["baseline"],
require => Nagios_host["$::fqdn"]
}

And a server class with entries like this:

Nagios_host <<||>> { notify => Service["nagios"] }
Nagios_hostextinfo <<||>> { notify => Service["nagios"] }
Nagios_hostgroup <<||>> { notify => Service["nagios"] }
Nagios_servicegroup <<||>> { notify => Service["nagios"] }
Nagios_service <<||>> { notify => Service["nagios"] }

But instead of creating a file with hostgroup baseline and a file with
servicegroup baseline I got the following error:

$ puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Another local or imported resource exists with the type and title
Nagios_servicegroup[baseline] on node nagios2.domain.local
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
$

Anyone any idea how to fix this?

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Nagios group problem

[Thomas Bendler]

Hi Steven,

2012/9/8 Steven C 

> Having a similar problem. So far I've tried clearing the nagios.cfg and
> dropping the puppet database from puppetmaster, but this has not helped.
> [...]
>

currently I've defined the groups manually as a template file in puppet but
this is only a workaround. The goal is to automate this completely, so any
hints how to solve this are welcome.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Deploy nagios client on windows

[Thomas Bendler]

Hi @all,

does anyone manage the NSClient++ deployment with puppet? I have the
strange behavior that I can distribute the installation package to the
target server and install the package with the MSI provider. The relevant
code is here:

  if $windows {
file {
  "c:/local/source":
  ensure => directory, mode => 0770,
  owner => "Administrators", group => "Administrators";

  "c:/local/source/NSClient++-0.3.9-x64.msi":
  ensure => present, mode => 0660,
  owner => "Administrators", group => "Administrators",
  require => File["c:/local/source"],
  path => $::operatingsystem ? { default =>
"c:/local/source/NSClient++-0.3.9-x64.msi" },
  source => "puppet:///modules/monitor/nagios/NSClient++-0.3.9-x64.msi";

  "c:/local/nsclient/boot.ini":
  ensure => present, mode => 0664,
  owner => "Administrators", group => "SYSTEM",
  require => Package["NSClientpp"],
  notify => Service["NSClientpp"],
  path => $::operatingsystem ? { default =>
"c:/local/nsclient/boot.ini" },
  content => template("monitor/nagios/client/boot.ini.erb");

  "c:/local/nsclient/nsc.ini":
  ensure => present, mode => 0664,
  owner => "Administrators", group => "SYSTEM",
  require => Package["NSClientpp"],
  notify => Service["NSClientpp"],
  path => $::operatingsystem ? { default => "c:/local/nsclient/nsc.ini"
},
  content => template("monitor/nagios/client/nsc.ini.erb");
}

package {
  "NSClientpp":
  ensure => installed,
  provider => "msi",
  source => 'c:\local\source\NSClient++-0.3.9-x64.msi',
  install_options => {
'INSTALLLOCATION' => 'c:\local\nsclient',
'ADDLOCAL' => 'ALL',
'START_SERVICE_ON_EXIT' => '1'
  };
}

service {
  "NSClientpp":
  name => $::operatingsystem ? { default => "NSClientpp" },
  ensure => "running", enable => true,
  require => Package["NSClientpp"];
}
  }

Now to the strange thing, when the package is installed with the MSI
provider, the service entry from the NSClient++ disapear. When I manually
execute the installation package with option repair, it apears again ...
until the next puppet run where it disapear again. So calling the service
resource fail because of the missing service entry. The OS is a 2003SP2
x64, the puppet client has the version 2.7.19. Any ideas?

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Deploy nagios client on windows

[Thomas Bendler]

Hi Josh,

2012/10/2 Josh Cooper 

> On Mon, Oct 1, 2012 at 10:39 AM, Josh Cooper  wrote:
> > [...]
>

thanks for the answer and sorry for the late reply but I was on vacation. I
will follow your recommendations as soon as possible but it won't be before
next week (too much projects ;)).

Reards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 3.0 upgrade issue

[Thomas Bendler]

2012/10/8 Henrik Lindberg 

> [...]
> run_mode is deprecated as a setting in 3.x - do you have it in some
> settings file?
> It can still be used on the command line.
> [...]
>

I don't think that I used run_mode anywhere:

$ cd /etc/puppet/
$ grep -R run_mode *
$ cd /var/lib/puppet/
$ grep -R run_mode *
$ cd /etc/httpd/
$ grep -R run_mode * | grep -v logs
$

But it look like it is used by Puppet itself:

$ cd /usr/lib/ruby/site_ruby/1.8/puppet
$ grep -R run_mode * | cut -d ':' -f 1 | uniq | sort -rn
util/run_mode.rb
util/log/destinations.rb
test/test_helper.rb
ssl/certificate_authority.rb
settings.rb
network/server.rb
network/http/webrick.rb
indirector/yaml.rb
indirector/json.rb
indirector/facts/yaml.rb
indirector/face.rb
indirector/catalog/compiler.rb
face/node.rb
face/node/clean.rb
face/help/man.erb
face/facts.rb
face/config.rb
defaults.rb
daemon.rb
application/secret_agent.rb
application.rb
application/master.rb
application/inspect.rb
application/doc.rb
application/device.rb
application/cert.rb
application/certificate.rb
application/ca.rb
application/agent.rb
$ rpm -qf application/agent.rb
puppet-3.0.0-1.el6.noarch
$

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet 3.0 upgrade issue

[Thomas Bendler]

Hi Gary,

2012/10/8 Gary Titchmarsh 

> [...]
> Looking at this 
> linkto
>  the breaking changes, you need to amend your
> config.ru:
> Comment out the following lines:
> [...]
>

thanks for the tip, you got me into the right direction. I thought the hole
time I was using the config.ru from the RPM package but instead I used a
copy which wasn't upgraded. Replacing the config.ru with the current
version solved the problem.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet 3 and ENC deploy ... nothing

[Thomas Bendler]

Hi @all,

I have a problem with my Puppet setup after upgrading to Puppet 3 (OS:
SL6.3). I use a puppetmaster with ENC (foreman) to provide classes to my
clients. On the master, everything looks good as far as I can tell:

$ cat /etc/puppet/puppet.conf
### /etc/puppet/puppet.conf
#
# Puppet configuration file
#

[main]
# Non-default locations
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = /var/lib/puppet/ssl

# Report to master puppet server
report = true
report_server = puppet.int.domain.local
reports = log,foreman

# Fact synchronisation
pluginsync = true

[agent]
# Non-default locations
classfile = /var/lib/puppet/classes.txt
localconfig = /var/lib/puppet/localconfig

# Interval and master
runinterval = 3600
server = puppet.int.domain.local

# Report actions
report = true
graph = true

[master]
# Settings for local database used by puppetmaster
storeconfigs = true
dbadapter = mysql
dbuser = puppet
dbpassword = 
dbserver = localhost
dbsocket = /var/lib/mysql/mysql.sock

# Syslog settings
syslogfacility = user

# The server through which to send email reports.
smtpserver = mail.int.domain.local

# Settings for reporting
rrdgraph = true

# Fix SSL settings
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

# Manage Puppet nodes configuration with Foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
$ /etc/puppet/node.rb wiki.int.domain.local
---
  parameters:
root_pw: XX
hostgroup: web
mac: "XX:XX:XX:XX:XX:XX"
foreman_env: production
owner_email: "XX"
comment: "Mediawiki Server"
ip: "XXX.XXX.XXX.XX"
owner_name: "Thomas Bendler"
puppetmaster: ""
domainname: "int.domain.local (Unknown)"
  classes:
backup::bacula::client:
mail::ssmtp:
custom:
backup::bacula:
security:
virtual:
management:
common:
monitor:
  environment: production
$

So far, so good. When I exceute the puppet agent on the client side it also
looks good:

$ puppet agent --test
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Caching catalog for wiki.int.domain.local
Info: Applying configuration version '1349862242'
Finished catalog run in 0.16 seconds
$

But when I check the classes that are applied on this box I see only:

$ cat /var/lib/puppet/classes.txt
settings
$

So it look like that not even one class is deployed on this box. This also
applies to all other systems and when I change things in my current classes
there is also nothing deployed to the clients. Any hints?

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Migration from Puppet 2.6.7 to 3.0.0 issues

[Thomas Bendler]

2012/10/10 Jeff McCune 

> I haven't seen this specific issue yet.
> [...]
>

I saw this issue after an upgrade to 3.0.0 when I used manifests with a
package/service definition inside. Unfortunately I didn't had the time to
investigate this issue, so no solution from my side ... currently. But
maybe some logic around these types has changed.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 3 and ENC deploy ... nothing

[Thomas Bendler]

Hi Josh,

2012/10/10 Josh Cooper 

> [...]
> There is an issue with ENCs when using storeconfigs. See
> http://projects.puppetlabs.com/issues/16698
> [...]
>

thanks for the hint, after disabling storeconfig, ENC seem to work again
but now I hit the issue that David already reported:

https://groups.google.com/forum/#!msg/puppet-users/2qQRYpCGP6o/gQbeNRi6ljsJ

I will spend some time on this issue on Friday.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Migration from Puppet 2.6.7 to 3.0.0 issues

[Thomas Bendler]

Hi Josh,

2012/10/10 Josh Cooper 

> [...]
> I think puppet agent is expecting yaml, and is either receiving json
> or otherwise can't parse the yaml it's receiving. We made performance
> improvements in Puppet 3 relating to yaml parsing, so perhaps that is
> the issue.
>

you are the man! I had several performance and other tweaks in my standard
puppet.conf. One of them was preferred_serialization_format = b64_zlib_yaml
or preferred_serialization_format = yaml which seem to cause the error.
I've removed most of the tweaks and started with a more standard like
puppet.conf and which seem to work as expected. Now I can focus on bugfix
all the remaining issues occuring within the upgrade. Thanks a lot!

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Error: Not authorized to call find on /file_metadata/files

[Thomas Bendler]

Hi Rodolfo,

2012/10/12 Rodolfo Pilas 

> [...]
> Error: Not authorized to call find on /file_metadata/files
> Can you tell me any suggestion to solve this issue?
>

how do specify your files? With 3.x I had to change my calls from:

puppet:://puppetservername/modulename/file

to

puppet:///modules/modulename/file

This solved my occurence of the file_metadata error.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet version 2.7 or 3?

[Thomas Bendler]

Hi Ohad,

2012/11/16 Ohad Levy 

> [...]
> For the record, Puppet 3 support was added to foreman a couple of days ago.
> [...]
>

do you know when the puppet 3 support will be available in the test RPMs?
I've updated to the current test RPMs yesterday but still had to patch some
files in foreman and foreman-proxy to get it working with Puppet 3.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New to Puppet -- why the puppet user

[Thomas Bendler]

2012/11/27 Steven VanDevender 

> [...]
> One gathers you're not really a practicing sysadmin.  What you cite are
> a bunch of good reasons one should avoid running daemons and
> applications as root.  But you can't create and manage the mechanisms
> that are used to avoid running things as root without root access.

[...]


The question is more what actions are done by the daemon. Compiling the
catalog, transfer files from a file server, sending reports to a central
instance and a lot of stuff more are not necessarily things where the
daemon need root privileges, installing packages or replacing configuration
files is a different thing. But under normal circumstances it is better to
only be root if it is really necessary. So starting as a user and gain more
privileges only where needed.

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Commercial tools

[Thomas Bendler]

Hi Thomas,

2012/12/4 Thomas Eichberger 

> We are checking which tool might be the best one for us. I like Puppet
> (together with Foreman or whatever helps), but there are commercial tools
> UC4 (http://uc4.com/) which seem to offer a lot.
> [...]
>

the scope is different, UC4 was designed for process automation and
configuration management is a kind of an add-on, Puppet is designed for
configuration management only but does this much better (better DSL and
better state control). So if you are looking for things like automated
system copies in SAP systems, you will end up with UC4 or SolMan or ..., if
you are looking for well managed UNIX systems, you will end up with Puppet
or Chef or 

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and Windows runtime error

[Thomas Bendler]

2013/1/21 Josh Cooper 

> [...]
> The name of the package in your manifest
>
>  package { 'NSClientpp':
>
> needs to match the name that is displayed in Add/Remove Programs.
>

Life could be so easy ... ;)

Now it's working as expected, thanks for the help!

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppetlabs forge modules

[Thomas Bendler]

Hi @all,

what is the standard communication method for reporting bugs, enhancements,
... for forge modules. I saw i.e., that the nodejs module support RedHat
but not Scientific Linux which is only a matter of the selector. So I tried
to report this but the issue link is dead. Any hints on how to proceed?

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Windows ACL best practise

[Thomas Bendler]

Hi @all,

I've started to extend some classes I wrote with support for Windows.
Unfortunately I got stucked with the ACLs. The plan is (as I thougth) quite
simple, I would like to create a central directory (i.e. c:\managed) and I
would like to put some additional files and directories underneath this
directory (i.e. a repository, a project directory and some programs). The
idea is to have everything related to Puppet in one place. So far, so good,
creating the resources is not a big deal but when it comes to ACLs it
become complicated (at least for me). I've wrote a param class with
something like this inside:

# Operating system definitions
case $::osfamily {
  redhat: {
$osUser = 'root'
$osGroup = 'root'
$osFilePermissions = '0644'
$osDirectoryPermissions = '0755'
  }
  windows: {
$osUser = 'Administrator'
$osGroup = 'Administrators'
$osFilePermissions = '0660'
$osDirectoryPermissions = '0770'
  }
}

In the common class I have for Windows something like this:

# Create central manged directory
file {
  "c:\managed":
ensure => directory,
mode => "${common::params::osDirectoryPermissions}",
owner => "${common::params::osUser}",
group => "${common::params::osGroup}";
}

Now I ran into the first problem, we have english Windows systems as well
as german Windows systems where the administrator group is Administrators
(english) and Administratoren (german). So on german systems, the group is
invalid and all depending stuff is not working because the central
directory isn't available. Sometimes it's even worst, the directory is
created but only the local Administrator can access the directory, neither
local system nor anyone else.

I was thinking about two approaches to solve the problem, first, create
something base on exec with mkdir if directory does not exist and a script
setting the correct ACLs (with inheritance) or second, create a local
puppet group and assign the correct groups to it (what could result in
manual actions because of the language settings). Any ideas how to deal
with that situation or even better, does someone have already working
solutions dealing with that kind of problem?

Regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows ACL best practise

[Thomas Bendler]

Hi Josh,

2013/3/20 Josh Cooper 

> S-1-5-18


thanks for the clarification, I wasn't aware that the SIDs are always the
same as stated in http://support.microsoft.com/kb/243330. What's about
everyone or user, will everyone or user get read-only access when I change
the mode to 0775? Multiple groups can't be specified inside the file type,
can they? The reference documentation (
http://docs.puppetlabs.com/references/3.1.latest/type.html#file) isn't
really clear about this topics ... at least from my point of view ;).

Regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Coding style best practise

[Thomas Bendler]

Hi @all,

I've started rewriting some of my modules to achieve separation of logic
and data. So I did some standard layout with init.pp and params.pp for
default values and parametrized classes for individual configuration like
this:

class example (
  $parameter1 = hiera('example::parameter1', $example::params::parameter1),
  $parameter2 = hiera('example::parameter2', $example::params::parameter2))
inherits example::params {
# Some coding
}

I
s this approach generic enough or will a different coding style be a
better approach with more use cases in mind? What do you think, any
suggestions?


Regards Thomas

-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Coding style best practise

[Thomas Bendler]

2013/4/4 jcbollinger 

> [...]
> Code following that template should work equally well in any Puppet from
> v2.6 onward, provided that hiera is installed.  (Hiera is built-in for
> Puppet 3, but it is a separate add-on to Puppet 2).
>
> However, if you are going to go so far as to specify explicit hiera()
> calls for your default values, then I would recommend you just dump class
> parameterization altogether, and if you do so then you can also avoid class
> inheritance (or use it, where needed, for its real purpose):
>
> class example {
>   include 'example::params'
>   $parameter1 = hiera('example::parameter1', $example::params::parameter1)
>$parameter2 = hiera('example::parameter2', $example::params::parameter2
> )
> # Some coding
> }
>
> That loses you the alternative of expressing class data directly in your
> class declarations, but doing so is problematic and always has been.
>

the idea behind this example was to write a module that could be used with
Puppet v2.6 and above and that should be able to run in nearly every
environment without modifications. So, if I only look at my
infrastructure, we are talking about ENC provided by foreman. But when I
rewrite my classes I have the goal to write classes that could work in any
other environment as well, regardless if ENC is used or something different.

[...]
>
> If you don't care about Puppet 2, on the other hand, then explicit hiera
> calls for your parameter defaults are overkill, and possibly even
> redundant.  The non-parameterized form, on the other hand, is no better or
> worse in Puppet 3 than in Puppet 2.
> [...]
>

So from this perspective I would tend to drop hiera completely for now
and thing about hiera support later on again. So I would simply go for an
approach like this:

class example (
  $parameter1 = $example::params::parameter1,
  $parameter2 = $example::params::parameter2)
inherits example::params {
# Some coding
}

which should give me the maximum of flexibility at this point in time. So
predefined values in a separate params class (all configuration at one
point) that could be touched directly if necessary or that could be
overwritten by an ENC.

Are there any mistakes in my thoughts or is it a good and valid approach?

Regards Thomas

-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Got a SOGo Puppet module?

[Thomas Bendler]

You realize users and groups without creating them (
http://docs.puppetlabs.com/guides/virtual_resources.html).

Regards Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppetlabs/openstack

[Thomas Bendler]

Hi @all,

I'm trying to setup an openstack test cluster with one controller node and
three compute nodes. Therefor I've used the puppetlabs openstack modules.
On the controller node I've used:


   - openstack::auth_file
   - openstack::controller
   - openstack::repo
   - openstack::repo::yum_refresh
   - openstack::test_file


On the compute node I've used:


   - openstack::compute
   - openstack::repo
   - openstack::repo::yum_refresh


The configuration is completely done with parameters. On the controller
node I specified the following parameters (the rest remain default as
specified in params.pp):

openstack::auth_file admin_password s3cret
openstack::controlleradmin_emailjohn.doe@example.local
 admin_password s3cret
 bridge_interface   eth1
 cinder_db_password s3cret
 cinder_user_password   s3cret
 floating_range 172.17.0.128/25
 glance_api_servers 127.0.0.1:9292
 glance_db_password s3cret
 glance_user_password   s3cret
 horizon_app_links  "
http://monitor.example.local/";
 keystone_admin_token   keystone_admin_token
 keystone_db_password   s3cret
 multi_host true
 mysql_root_passwords3cret
 nova_db_password   s3cret
 nova_user_password s3cret
 private_interface  eth1
 public_address 192.168.1.1
 public_interface   eth0
 quantumfalse
 rabbit_passwords3cret
 secret_key s3cret
 verbosetrue
openstack::test_file floating_iptrue
 quantumfalse
 sleep_time 120

On the compute nodes the configuration is like this (for testing I have
both, KVM and QUEMU nodes):

openstack::compute   cinder_db_password s3cret
 db_hostcontroller1.example.local
 fixed_range10.0.0.0/24
 glance_api_servers
controller1.example.local:9292
 internal_address   192.168.1.2
 keystone_host  controller1.example.local
 libvirt_type   qemu
 multi_host true
 nova_db_password   s3cret
 nova_user_password s3cret
 private_interface  eth1
 public_interface   eth0
 purge_nova_config  false
 quantumfalse
 quantum_user_password  s3cret
 rabbit_hostcontroller1.example.local
 rabbit_passwords3cret
 setup_test_volume  true
 verbosetrue
 vncproxy_host  controller1.example.local

Preparations with volume groups as stated in the module documentation are
done before installation. The installation is working so far, I can connect
to the controller node but several things don't work as expected. I.e.,
when I go to the system info page I only see services from the controller
node but no service from the compute nodes. I can create VMs without
storage but no VMs with storage. So I guess I did something wrong or not
completely. Does anyone know if I miss something (i.e. with the parameters)?

The platform is Scientific 6.4 with openstack modules version 2.1.0.

Regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] RPM Warning

[Thomas Bendler]

Hello @all,

I noticed that I got rpm based warnings on my EL5 boxes:

Warning: Failed to match rpm line ...

I know there is a ticket that adress the problem (don't know the ticket
number out of my head), but as far as I know with the current rpm version
from yum.puppetlabs.com this should already be fixed:

$ lsb_release -a
LSB Version:
:core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: Scientific
Description: Scientific Linux release 5.9 (Boron)
Release: 5.9
Codename: Boron
$ rpm -qa | grep "puppet-3"
puppet-3.3.1-1.el5
$

Is the fix missing in the el5 RPMs or is this a different error?

Regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OKJDced9rDswPPNrQ8Uj0H7rw458gRvUcz1P5KEGMHZA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Hash and loops

[Thomas Bendler]

Hi @all,

I try to pass a hash to a module class like this:

class { 'modulename':
  filecontent => {
name1 => 'value1',
name2 => 'value2',
...
namex => 'valuex',
  }
}

​The class should take the hash list, loop over the list and create i.e.
file resources with namex and content valuex. What is the best way to do
this and, even more important, is it possible to do something like this?

Regards Thomas​
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OamZnZKmOK7bn1wSPoc5bafNT_xBthDUPzikASy9n45A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] What is the best replacement for Puppet Dashboard ?

[Thomas Bendler]

As far as I know, there is nothing available yet that can compare with
foreman in terms of functionality. There are some reporting projects
available, but if you want to use the dashboard as an ENC as well, there is
know alternative to foreman.

Regards Thomas


2014-01-28 kaustubh chaudhari 

> Hi All,
>
> As we all know Puppet Dashboard is now EOL, with that said what is the
> best replacement for the same? We do need a graphical way of managing and
> reporting!
>
> Any thoughts or suggestion! I am looking at Forman, but havent explored it
> yet!
>
> -Kaustubh
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/15cfd564-c8eb-493e-8db6-4b2247da1e95%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OfHkmwsYQB2TJzd6V-6PSmCOgsAWZ2BX0m1ygUFGR%2Bgw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] howto determine a users homedir in a class file

[Thomas Bendler]

You can change the path to authorized_keys as it is done in my ssh puppet
module (http://forge.puppetlabs.com/thbe/ssh). The next version of this
module will give you the possibility to deploy usernames with keys as
parameters but I'm not sure when I'll find time to implement this. Till now
you have to put the username key files manually in /etc/ssh.d/

Regards Thomas


2014-01-30 Andrew :

> So ...
> I am tasked with managing ssh keys for which I want to use puppet to do
> the deployment.
> I dont know ahead of time which users will using/assigned keys so, my
> question is.
>
> how to determine the homedir of any user? is there a variable present with
> this info without resorting to an exec?
>
> Not all users have /home/$USER homedirs, (eg apache=/var/www,
> puppet=/var/lib/puppet),
>
> I need to create a .ssh dir in the users homedir and copy some private
> keys in there.
> The authorized_keys type includes a user property, so the public key is
> easy.
>
> kinda stumped ...
> Any ideas?
>
> Thanks in advance.
>
> Regards,
> Andrew
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1944e04e-e98c-4cb6-8e3f-e470c88ce6ad%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1MBZ6dO9Sz_oAwK%2B%3Dd1JfyYf3ysovGfbSgTW%2B9uLOv5ZA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] New Puppet book: Extending Puppet

[Thomas Bendler]

​Also from my side, congratulations, I bought the ebook and start reading
it, so far, excellent, even for people with strong puppet knowledge.

Regards Thomas​


2014-07-03 11:23 GMT+02:00 Alessandro Franceschi :

> Thank you Johan and thank you all for the encouraging words.
> This is the first "live" feedback I receive and it's promising.
>
> I just would like to notify that the publisher Packt Publishing has
> promoted a small contest about it:
> whoever tweets something funny or interesting about the book, or why (s)he
> would like to read it, using this link http://bit.ly/extendingpuppet is
> eligible to win one free e-copy.
>
> What's better than a good free e-copy of a Puppet book to read before
> going to sleep? :-)
>
> Al
>
> On Tuesday, July 1, 2014 9:47:48 AM UTC+2, Johan De Wit wrote:
>
>>  Almost half way the book, and indeed, it IS a great book.
>>
>> Thx Allesandro for the great work.
>>
>> Jo
>>
>> On 01/07/14 09:41, Rakesh Kathpal wrote:
>>
>>  Congratulations Alessandro ... just ordered the ebook.. looks promising.
>>
>>  - Rakesh K.
>>
>>
>> On Sat, Jun 28, 2014 at 6:52 AM, Rich Burroughs 
>> wrote:
>>
>>> Yes congrats :) The table of contents looks like it covers a lot of
>>> useful material.
>>>
>>>
>>>  Rich
>>>
>>>
>>> On Thursday, June 26, 2014, Alessandro Franceschi  wrote:
>>>
 Sorry for the shameless promotion, but I suppose this might be of
 interest for the readers of this group.

 After more that 6 months of pain, efforts, frustration and excitement
 it's finally out a book where I tried to pour all my knowledge and
 experience on Puppet.
 It's oriented to people who have already some experience on Puppet (for
 beginners there are definitively more fitting titles around) and I hope it
 can give some useful information also to experienced users.

 Find more about it at:
 http://www.packtpub.com/extending-puppet/book

 You can get a free chapter here: http://bit.ly/1qbxWZy

 I'd take this occasion to thank some members of this group for their
 support, in particular:
 Brice Figureau, who has been a great technical reviewer and has
 prevented me from making some big mistakes. His support and help has been
 decisive.
 Nigel Kersten, who has written the Foreword and has given me very
 useful hints and feedback.
 Joshua Hoblitt, who has reviewed some chapters and has given great
 advices on the language and the contents.
 Daniele Sluijters, who has been a very precise technical reviewer for
 some chapters.
 Jon Forrest, who has slashed the language of my first drafts and opened
 my eyes on what it means to write in proper english (I obviously haven't
 learnt how to do it properly, but thanks to the reviewers the final output
 has been definitively more linguistically appropriate than the first
 drafts).

 I hope this book can help people who work with Puppet and, if you
 happen to get it, please give feedback, in any way you find appropriate.

 Thank you
 Alessandro Franceschi
  --
 You received this message because you are subscribed to the Google
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/
 msgid/puppet-users/30744a77-5c0b-4a14-94ff-6fa4cd364b32%
 40googlegroups.com
 
 .
 For more options, visit https://groups.google.com/d/optout.

>>>--
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>>  To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/puppet-users/CAPGcbtA7KiUNmmJTR3HH0D8rsCzQD
>>> S51OOvOx9FE0-dAQQzV6w%40mail.gmail.com
>>> .
>>>
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com.
>>
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/puppet-users/CAEJrXMXKpmpL2di8pioYqZgF6CgX6mJn%3Dzf_1t9tQJk1hLbNKA%
>> 40mail.gmail.com
>> 
>> .
>> For more options, visit https://groups.googl

Re: [Puppet Users] Puppet on Openelec

[Thomas Bendler]

That would be a hard task because a lot of prerequisites are not in the
default build. So getting this up and running mean to recompile the base
image which break the automatic upgrade feature. Better would be preparing
the configuration per media box locally and use something like pssh to
distribute the configurations.

Regards Thomas


2014-07-03 3:08 GMT+02:00 Ellick Johnson :

> Anyone ever tried to get puppet on the Openelec OS? I want to keep all my
> XBMC configs updated.
>
> Open Embedded Linux Entertainment Center (OpenELEC) is a small Linux
> distribution built from scratch as a platform to turn your computer into an
> XBMC  media center.
>
> -Ellick
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/48061eeb-1c64-4beb-98e6-a553e7eff36a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1MLhr7xrVXjm0He_986JME5XA7qZQG6xbi8_Mk3bjU8ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet, Vagrant and repos

[Thomas Bendler]

I use a separate module for the repositories (
https://forge.puppetlabs.com/thbe/yum) and require them during startup like
here (https://forge.puppetlabs.com/thbe/ssmtp). So Puppet is doing the work
to get everything in place in the correct order.

Regards Thomas


2014-07-07 17:35 GMT+02:00 Andrei Maxim :

> Hi,
>
> I've been looking into Puppet recently and I'm trying to setup a couple of
> virtual machines that should mimick what's in production. I'm pretty much a
> developer trying to lean towards DevOps :-)
>
> Locally, I'm using Vagrant and the CentOS 6.5 64-bit box with Puppet 3.4.3
> that was published by Puppetlabs, which should somewhat mirror what's on
> the servers (a custom AMI based on CentOS 6.5).
>
> What I'm trying to do right now -- and I've found a bunch of ways to do
> this -- is to setup a couple of repositories (EPEL and MySQL Community
> being the most important ones). I've noticed that people do this in a
> number of ways, from grabbing the RPM package to using the 'yumrepo' type
> to adding a custom module for each repo or by using a general purpose Yum
> module (like the one from example42) and specifying the repos there.
>
> Normally, when I install those repos, I download the RPM locally and
> install it using the command line, for example:
>
> yum install http://dev.mysql.com/get/
> mysql-community-release-el6-5.noarch.rpm
>
> That RPM will create a number of entries in the /etc/yum.repos.d/, which
> seems odd to add each one by hand using the `yumrepo` type.
>
> I've seen this example given a number of times (it's also the correct
> answer to a similar question on SO):
>
> node default {
>   include base
> }
>
> class base {
>   yumrepo { "IUS":
>  baseurl => "http://dl.iuscommunity.org/pub/ius/stable/$
> operatingsystem/$operatingsystemrelease/$architecture",
>  descr => "IUS Community repository",
>  enabled => 1,
>  gpgcheck => 0
>   }
> }
>
> Then, for any node that extends base you can say
> class foo {
>   package { "bar": ensure => installed, require => Yumrepo["IUS"] }
> }
>
> Going back to the example with the MySQL Community RPM, I would have to
> manually do this for three repos (the other two are disabled):
>
> * mysql-connectors-community
> * mysql-tools-community
> * mysql56-community
>
> Is this still the accepted solution in the Puppet community? If so, how
> would you organize those repositories? Create a module for each repository?
> Create a repository module with all the sources?
>
> And, somewhat related to this subject, I've noticed that I might get some
> errors when provisioning my VMs because the base system wasn't up to date.
> I was planning to add a `yum update` command to my setup, but I realize
> that this might not be the best solution because I might not want to update
> the base system everytime I run puppet.
>
> What's the best way to update the system only when running Puppet for the
> first time?
>
> Thanks,
> Max
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/lpeenc%243ai%241%40ger.gmane.org.
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1M5F%2B9yb9cBBDNzKigEw8yd%3DSvOhu6riQw-SWGO8Mar7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Good PupptMaster/Passenger Guide w OSX 10 .9

[Thomas Bendler]

Install C6, install EPEL and SCL repository, install Foreman repository and
foreman-installer. Execute foreman-installer and the system is ready to run
(http://theforeman.org/manuals/1.5/quickstart_guide.html).

Regards Thomas


2014-09-01 21:50 GMT+02:00 :

>
>
> On Tuesday, August 26, 2014 7:23:45 PM UTC-4, keith@gmail.com wrote:
>
>> HI guys;
>>
>>  after speaking with puppet labs and gettting the pricing for my site, I
>> thought it maybe cheaper ot go open spurce. so I am asking for a good guide
>> you guys have used the following:
>>
>> http://nullr0ute.com/2014/01/puppetmaster-on-apache-with-
>> passenger-in-5-mins/
>> http://www.6tech.org/2013/01/how-to-install-puppet-open-
>> source-on-centos-6-3/
>> http://darktraining.com/linux/105/
>> http://www.unixmen.com/install-puppet-server-centos-6-56-4/
>>
>> all have given my the dreaded  ruby error. I hav eupdated the agent nodes
>> to the latest version of puppet/factor/hiera, but still get the error, I
>> have installed via RVM ruby 2.0, 2.1.2, and have seen passenger not running
>> ( passenger-status) and still get the ruby message from the clients.
>>
>>
>> so I am asking for  a little help and any links you guys can recommend
>>
>> site info:
>> 800 OSX machines 300 Windows
>>
>> woud like puppetmaster to be CentOS with passenger and dashboard or forman
>>
>> Thanks in advance
>>
>> Keith
>>
>
>
>
>
>
>
> Still never go this working. I just switched over to Foreman on Fedora 19
> and everything works with minimal tweeks
>
> Keith
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/faf566a4-854d-4d40-9f94-d286d8273f54%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1O%2BVPCsnu_vXvsTWP9hm%3DamfdhvTpqr4V0908%2BonWhbgg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet module for checking CVE's

[Thomas Bendler]

Question is the goal of the factor output. From my point of view, only CVEs
not implemented in the system are relevant (i.e. for reporting). CVEs
already implemented are not really from interest to me. So if the standard
behavior is, only show facts with CVEs not implemented yet and show all
CVEs only if configured, than there shouldn't be to much facts.

More important is the question how to get the CVEs into the system without
to much manual interaction. I think it could be an idea to check if this
could be generated from openscap.

Regards Thomas

2014-10-13 21:23 GMT+02:00 Trevor Vaughan :

> Unfortunately, I very much share Felix's fear in getting swamped by facts.
> I mean, there are *thousands* of CVEs.
>
> Good goal though, I'll have to think about this.
>
> Trevor
>
> On Mon, Oct 13, 2014 at 12:41 PM, Garrett Honeycutt <
> g...@garretthoneycutt.com> wrote:
>
>> On 10/13/14 8:59 AM, Trevor Vaughan wrote:
>> > Would it be possible to side-load this into PuppetDB?
>> >
>> > For instance, instead of running the full list of checks with every run
>> > of puppet, have a cron job (or something) that runs the list and feeds
>> > the data directly into PuppetDB for the node.
>> >
>> > That would take the pressure off of each Puppet run but still make the
>> > data available.
>> >
>> > A nifty MCollective plugin for triggering full runs or targeting
>> > specific CVE regexes would be handy for catching things like Shellshock.
>> >
>> > For skipping facts, why not use a JSON/YAML file?
>> >
>> > Trevor
>> >
>>
>> Hi Trevor,
>>
>> Goal is to use facts so vulnerabilities could be determined without
>> Puppet while also working with Puppet and its ecosystem - PuppetDB and
>> MCollective.
>>
>> Good idea on skipping facts using structured data. While that is easy on
>> the fact side to implement in ruby, it seems easier to implement from
>> puppet using either file{} or file_line{} as I want to maintain the
>> ability to specify an array of facts to skip through Hiera.
>>
>> BTW: Could really use help adding code to check for more CVE's :)
>>
>> Best regards,
>> -g
>>
>> --
>> Garrett Honeycutt
>> @learnpuppet
>> Puppet Training with LearnPuppet.com
>> Mobile: +1.206.414.8658
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/543C00CE.1000301%40garretthoneycutt.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaug...@onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUMETU4nmeAjWEvU7R7N2w8LfadLnRyFtv9YcHPQb-mSg%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1Op60qdDYT3LY9fzJsEr%2B1x6cMFPfRD0qHJ96%3DWwJw3uw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] ENC vs manifest - cage match

[Thomas Bendler]

It depend on the scope, there are already some modules with in module hiera
that do not fully work in conjunction with ENC (i.e.
puppetlabs/mcollective). You can still use the module but you can't benefit
from in module hiera. If you can accept this limitations, Foreman is from
my point of view the best ENC that is currently available. Maybe they'll
support Hiera in later versions, but currently they don't.

Regards Thomas

2014-10-29 11:49 GMT+01:00 Felix Frank :

> On 10/29/2014 11:44 AM, JonY wrote:
> > If we throw these two into the octagon.. who wins? If one says "add it"
> > and the other says "remove it".. what do I end up with?
>
> There are exactly two things that might compel me to consider using an ENC:
>
> 1. If I really wanted a web interface for managing my nodes.
> 2. If I had an existing database such as LDAP to rely on.
>
> Note that Hiera can stand in as an ENC equivalent, which I prefer when
> neither of the above applies.
>
> Using neither ENC nor Hiera is a no-no, though.
>
> Cheers,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/5450C62D.4050907%40alumni.tu-berlin.de
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OA9nJ4Zt6Qf_oj%2BCjammF1xxo18wanfOJvoJZEVe%3Dpvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Best way for sync folder with many files and subfolders via Puppet that changed rarely

[Thomas Bendler]

2014-11-03 15:53 GMT+01:00 jcbollinger :

> [
> ​...]​
>
> As I understand, Puppet on every sync action recheck each file (rebuild
>> md5 sum) on server and client for finding changes.
>>
>> On client computers this folder will be readonly, so we don't need to
>> recheck md5 sums on every sync process. On server files will be changed
>> very rarely too.
>>
> If the files were genuinely read-only then you would have a different
> problem: Puppet would not be able to update them when that's needed.  If
> Puppet (running as root) *can* update them, on the other hand, then it is
> *not* safe to assume that they will remain unchanged between Puppet runs.
> [
> ​...]
>

​The easiest way will be an exec statement running an rsync process for the
synchronization. Maybe based on a flag if things changed on server side
like an empty file in the root directory every time a file changed:

if $updateStart {

  file { '/srv/update':

ensure  => directory,

recurse => true,

purge   => true,

force   => true,

mode=> 0644,

owner   => "root",

group   => "root",

source  => 'puppet:///module/update';

  }

}


exec { 'RsyncLocalFiles':

  command => "rsync -az u...@server1.example.com:/srv/files /srv/files &&
rm /srv/update/start",

  onlyif  => "/usr/bin/test -e /srv/update/start",

}

So can use Puppet to deploy the update file via an parameter if an update
is needed and the sync remove the flag if finished. This is just
quick'n'dirty, maybe there is a more elegant way.

Regards Thomas​

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1NARgU9f0OsGZ1Z9Ns3htuu_Xkn9p9bNszY%3DYCzggcnUg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Restricting ssh keys?

[Thomas Bendler]

I've solved this by moving ssh keys to a different location outside
/home/user/.ssh to /etc/ssh.d/user. This gives you full control over the
ssh-keys without the possibility that a user more or less accidentally
change it to something not compliant. You can take a look at my ssh module (
https://forge.puppet.com/thbe/ssh) which should give you an indication how
it's done.

Regards Thomas

2016-07-05 16:22 GMT+02:00 dkoleary :

> Hey, all;
>
> I have a number of application administration accounts which can be
> accessed via a select set of ssh keys.  I've seen several pages/recipes for
> using virtual users and the ssh_authorized_key resource which look like
> they work well for adding and deleting keys; but, not necessarily for
> restricting access to *only* those keys.
>
> More specifically, I have ~ 1200 hosts.  On all of them, I have an admin
> account that should have ssh keys for four administrators.  ~ 90% will have
> other admin accounts that will have an additional key in the file and a few
> outliers that will have 3 -4 other keys.
>
> Basically, what i"m looking for is having any keys that are not one of
> those automatically removed.
>
> Is there a way to do that outside of using a file resource?  I'm still
> working my way through the ~38,000 google search results and am hoping to
> cut that work down a bit.
>
> Any hints greatly appreciated.
>
> Thanks
>
> Doug O'Leary
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d3b3ca4d-209b-412e-8f03-afe3dc8d5328%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
performance, security, automation, SAP
cimt consulting ag, Burchardstrasse 17, 20095 Hamburg
fon: +49 (163) 6081 302, fax: +49 (40) 5 33 02-22, web: www.cimt.de
key: FED7C867 at pgp.mit.edu

Sitz der Gesellschaft: Hamburg, Amtsgericht Hamburg, HRB 74173
Vorstand: Christoph Friedlaender, Dr.-Ing. Thorsten Kuhlmann
Vorsitzender des Aufsichtsrats: Christian Gottsmann

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1Pg7eynpV1Hdg7gY6o7EkQwbGv%3DNkDSy8oGW4X1gC%2BncQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] ERB Template array modification

[Thomas Bendler]

Hi community,

I have a problem with one of my ERB templates. I would like to display an
array containing class names. But I don't want to display every class, I
would like to display the top class only. If no top class exist, it should
show the sub classes. So input is something like this:

class1
class1::package
class1::params
class1::config
class2::client
class2::common

The output should be:
class1
class2::client
class2::common

Currently I use a standard each on the array that display everything:

<% classlist.sort.uniq.each do |item| -%>
- <%= item %>
<% end -%>

Any ideas how to get this implemented?

Kind regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1MFrTtoEYnbRKo6bvx7YTTW68zyoJctrX8OUjz1ALnJ0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Order class with parameter

[Thomas Bendler]

Hello List,

I have a question about ordering of classes with parameters. My first class
install the service it should install. To be able to install the service, a
second class is need which add the necessary repository. So the init class
look like this:

*class { '::yum':*
*  repoIcinga => 'yes',*
*}*

*contain icinga::package*
*contain icinga::config*
*contain icinga::service*

*Class['icinga::package'] ->*
*Class['icinga::config'] ->*
*Class['icinga::service']*

Unfortunately the ordering isn't correct, the module try to install the
service before the repository is added and usable. After the second run,
everything is fine because the repository gets added during the first run
and the configuration for the service could be finished. I know that
require is under normal circumstances the solution for that situation, but
in this case I can't call the class with the relevant parameter. Any hints?

Regards, Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OONXQ7yfrGAqe87cw%3DVOFBEoZLop-f0US0RnRGDujw%3Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Order class with parameter

[Thomas Bendler]

Hi Felix,

it's on the forge (https://forge.puppetlabs.com/thbe/icinga). The
declaration of the repository is in the init section (
https://github.com/thbe/puppet-icinga/blob/master/manifests/init.pp).

The idea behind this is a generic module for yum that allows service
modules to add repositories to the host specific for this service. In this
case, the official Icinga repository should be added.

The problem here is simple, the repository must be added before the
packages gets installed. Unfortunately in the way I did it, the repository
is not necessarily added before the packages get installed which result in
a failed run for the first time. Second run is ok because the repositories
are in place from the first run.

Under normal circumstances I would use require to include class yum and
yum::config::icinga but with parameters it would look cleaner.

Regards Thomas

2015-03-05 23:12 GMT+01:00 Felix Frank :

>  On 03/04/2015 02:10 PM, Thomas Bendler wrote:
>
>  *contain icinga::package*
> *contain icinga::config*
> *contain icinga::service*
>
>  *Class['icinga::package'] ->*
> *Class['icinga::config'] ->*
> *Class['icinga::service']*
>
>  Unfortunately the ordering isn't correct, the module try to install the
> service before the repository is added and usable. After the second run,
> everything is fine because the repository gets added during the first run
> and the configuration for the service could be finished. I know that
> require is under normal circumstances the solution for that situation, but
> in this case I can't call the class with the relevant parameter. Any hints?
>
>
> That's fine. The relationship arrows are adequate for what you want.
>
> Where is the repository declared? Is it a resource right in the
> icinga::package class?
>
> Can you make the whole module visible somewhere, or at least a rough
> sketch of it?
>
> Thanks,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/54F8D4E1.9090908%40Alumni.TU-Berlin.de
> <https://groups.google.com/d/msgid/puppet-users/54F8D4E1.9090908%40Alumni.TU-Berlin.de?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
> --
> Linux ... enjoy the ride!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1N92p4syenSW9jxLrADOrqrSZXBvzmC%2BW3Fo%2BaaTduSEQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Order class with parameter

[Thomas Bendler]

Hi Felix,

2015-03-06 11:38 GMT+01:00 Felix Frank :

> [
> ​...]​
>
> now I see - you're relying on https://github.com/thbe/puppet-yum to
> handle the repo, yes?
>
> You are lacking a crucial dependency then is all.
>
> Class['::yum] ->
> Class['icinga::package'] ->
> Class['icinga::config'] ->
> Class['icinga::service']
>
> I'm still a little confused as to how the yum module works, especially
> the repoIcinga parameter. Anyhow, since you seem to rely on `contain`,

this dependency should do the right thing.

[
> ​...]​
>

the yum module is quite simple, per default the standard repositories like
base, updates, epel are added to the host. Additional repositories can be
added by using parameters like class { '::yum': repoIcinga => 'yes' } which
will trigger the yum module to use standard plus Icinga (parameters instead
of hiera because I use ENC). I'll try the dependency you've suggested and
keep you updated when it's tested.

Regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1NqwAgD91oXwu%2BZt2ip3pDx%2BQggSJ828mGyopzgWfv5fw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Slightly Off-Topic: CI Test of Puppet module fail

[Thomas Bendler]

​Hello,

I have a small problem with a Puppet module I've wrote​. The module is:

https://forge.puppetlabs.com/thbe/bacula

When I check the module locally with:

bundle exec rake validate && bundle exec rake lint && bundle exec rake spec
SPEC_OPTS='--format documentation'

​it says everything is fine. When I deploy the module on my test box, it
work fine. When I pass my commit to Travis CI, it fail:

https://travis-ci.org/thbe/puppet-bacula/builds/103322979

Any Ideas?

Regards Thomas​
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OO_vbiJoG2gmEEbnjE23LnUvH7yYJZmk4t_W9NoK_rSg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Slightly Off-Topic: CI Test of Puppet module fail

[Thomas Bendler]

Hi Gareth,

thanks a lot, using the control comment fixed my problem and the CI run is
now passing.

Regards Thomas

2016-01-19 13:31 GMT+01:00 Gareth Rushgrove :

> The error from Travis suggests a linting issue, specifically:
>
> manifests/config/mysql.pp - WARNING: ensure found on line but it's
> not the first attribute on line 24
>
> My guess for why you're not seeing that locally, but it's coming up in
> Travis is that the version of puppet-lint is unspecified. I'd wager
> that locally you have an older version, but Travis is installing the
> latest.
>
> https://github.com/thbe/puppet-bacula/blob/master/Gemfile#L7
>
> Looking at this more closely however the plot thickens. It looks like
> it might be a bug in puppet-lint.
>
>
> https://github.com/thbe/puppet-bacula/blob/master/manifests/config/mysql.pp#L24
>
> The code referenced does use ensure, but as an attribute of a nested
> data structure, not as a parameter.
>
> Two options present:
>
> * Add a control comment to ignore the check for that line, described
> here: http://puppet-lint.com/controlcomments/
> * Determine the local version of puppet-lint that is passing the check
> and pin to that version in your Gemfile
>
> I'd also open the issue over on
> https://github.com/rodjek/puppet-lint/issues as I think it's a bug.
>
> Cheers (and definitely not off-topic. This list is for pretty-much
> anything that's useful to users of Puppet in my view.
>
> Gareth
>
> On 19 January 2016 at 11:54, Thomas Bendler 
> wrote:
> >
> > Hello,
> >
> > I have a small problem with a Puppet module I've wrote. The module is:
> >
> > https://forge.puppetlabs.com/thbe/bacula
> >
> > When I check the module locally with:
> >
> > bundle exec rake validate && bundle exec rake lint && bundle exec rake
> spec
> > SPEC_OPTS='--format documentation'
> >
> > it says everything is fine. When I deploy the module on my test box, it
> work
> > fine. When I pass my commit to Travis CI, it fail:
> >
> > https://travis-ci.org/thbe/puppet-bacula/builds/103322979
> >
> > Any Ideas?
> >
> > Regards Thomas
> > --
> > Linux ... enjoy the ride!
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to puppet-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/CAELoU1OO_vbiJoG2gmEEbnjE23LnUvH7yYJZmk4t_W9NoK_rSg%40mail.gmail.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Gareth Rushgrove
> @garethr
>
> devopsweekly.com
> morethanseven.net
> garethrushgrove.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAFi_6y%2Bgu9uEbG6eooEHTQsxaFu8N6dNme5Qm0QhFKhDAxu2CA%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
performance, security, automation, SAP
cimt consulting ag, Burchardstrasse 17, 20095 Hamburg
fon: +49 (163) 6081 302, fax: +49 (40) 5 33 02-22, web: www.cimt.de
key: FED7C867 at pgp.mit.edu

Sitz der Gesellschaft: Hamburg, Amtsgericht Hamburg, HRB 74173
Vorstand: Christoph Friedlaender, Dr.-Ing. Thorsten Kuhlmann
Vorsitzender des Aufsichtsrats: Christian Gottsmann

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1Pyvfqh0peOUi8p2futBmiCex6QFRrgxzidYc4r8azA4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] New Resource Type for bareos

[Thomas Bendler]

Hi Björn,

depends on how you would like to implement the fully automatic configuration. I 
do this on the server side because backup is nothing that apply out of the box 
after provisioning to the client and server. Under normal circumstances I would 
like to add a client only to the backup if really needed. Therefore I used an 
array in my module to specify the client:

https://github.com/thbe/puppet-bareos

The module is still v0.1.0, so it’s not yet feature complete and not released 
on the forge but works the way I need it. I think I’ll release it on the forge 
sometime in Q1/2016 when missing features are implemented.

Regards Thomas

> Am 21.01.2016 um 15:23 schrieb Björn :
> 
> Hello,
> 
> I try to make the bareos puppet module ready for puppetdb and fully automatic 
> configuration. 
> 
> When I understand correctly, I'll need a resource type to export it and bring 
> the client configuration on the bareos server finally. 
> 
> $ cat bareos/lib/puppet/type/bareos_client.rb 
> Puppet::Type.newtype(:bareos_client) do
>   desc 'TEST'
>   ensurable 
>   newparam(:name, :isnamevar => true) do
> desc "The name of the client."
>   end
> end
> 
> $ tail bareos/manifests/client.pp
> mode=> '0644',
> owner   => 'bareos',
> group   => 'bareos',
>   } 
> 
>   @@bareos_client{ $::hostname:
>   }
> 
>   Bareos_client <<| |>>
> }
> 
> I get this error when I make a puppet run on the client:
> Error: /Stage[main]/Bareos::Client/Bareos_client[PC3256CO]: Could not 
> evaluate: No ability to determine if bareos_client exists
> /usr/lib/ruby/site_ruby/1.8/puppet/property/ensure.rb:85:in `retrieve'
> /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:1048:in `retrieve'
> /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:1076:in `retrieve_resource'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:236:in 
> `from_resource'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:19:in 
> `evaluate'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:204:in `apply'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:217:in `eval_resource'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `call'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `evaluate'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:335:in `thinmark'
> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:334:in `thinmark'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `evaluate'
> /usr/lib/ruby/site_ruby/1.8/puppet/graph/relationship_graph.rb:118:in 
> `traverse'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:138:in `evaluate'
> /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:169:in `apply'
> /usr/lib/ruby/site_ruby/1.8/puppet/util/log.rb:149:in `with_destination'
> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/report.rb:112:in 
> `as_logging_destination'
> /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:168:in `apply'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:120:in `apply_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:161:in `benchmark'
> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:160:in `benchmark'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:119:in `apply_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:227:in `run_internal'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:134:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/context.rb:64:in `override'
> /usr/lib/ruby/site_ruby/1.8/puppet.rb:246:in `override'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:133:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:47:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:20:in `lock'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:47:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:117:in `with_client'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:44:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:82:in `run_in_fork'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:43:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:179:in `call'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:179:in `controlled_run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:41:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:361:in `onetime'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:327:in `run_command'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:507:in `plugin_hook'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:496:in `exit_on_fail'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:381:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:146:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:92:in `execute'
> /usr/bin/puppet:8
> 
> Thanks in advance.
> 
> Regards,
> Björn
> 
> -- 
> You received this message because you are subscribed 

Re: [Puppet Users] New Resource Type for bareos

[Thomas Bendler]

Hi Björn,

do you have a your code on i.e. github so that I can take a look on it or
is it restricted? I use Foreman for the backup definition, I have global
smart parameters setting with file-fd to true and a configuration group
backup-client. All hosts that belong to this configuration group get the
client installed and activated. On the director host I add the clients I
would like to backup. This result in a standard set of files, for upcoming
versions I plan to make something like backup class gold, silver, bronze
with different retention times and a scope type of thing for different
filesets. But this is not yet implemented, not enough time. Maybe adding
some functionality in the future like, there is a backup client installed
so a basic, bronze set is scheduled in the backup might be a cool idea, but
I guess it's not that easy to implement with focus on reusable modules and
also with space management in mind.

Regards Thomas

2016-01-27 17:06 GMT+01:00 Björn :

> Hi Thomas,
>
> I got a hiera group of linux boxes. All of these should have the bareos
> client and should backup a standard fileset for instance /var/log.
> Okay, the backup client array on the master module would work, but if you
> forget to add a backup client you got no backup. Now I'm dreaming from a
> implementation through puppetdb like the nagios resource types.
> Or a solution that all backup clients automaticly register at the server.
> From my point of view the automic configuration is preferable, because a
> missing backup can have the same impact as missing monitoring.
>
> May there are better solutions to handle it without puppetdb, I'm not
> sure.
>
> Regards,
> Björn
>
> Am Dienstag, 26. Januar 2016 16:48:52 UTC+1 schrieb thbe:
>>
>> Hi Björn,
>>
>> depends on how you would like to implement the fully automatic
>> configuration. I do this on the server side because backup is nothing that
>> apply out of the box after provisioning to the client and server. Under
>> normal circumstances I would like to add a client only to the backup if
>> really needed. Therefore I used an array in my module to specify the client:
>>
>> https://github.com/thbe/puppet-bareos
>>
>> The module is still v0.1.0, so it’s not yet feature complete and not
>> released on the forge but works the way I need it. I think I’ll release it
>> on the forge sometime in Q1/2016 when missing features are implemented.
>>
>> Regards Thomas
>>
>> Am 21.01.2016 um 15:23 schrieb Björn :
>>
>> Hello,
>>
>> I try to make the bareos puppet module ready for puppetdb and fully
>> automatic configuration.
>>
>> When I understand correctly, I'll need a resource type to export it and
>> bring the client configuration on the bareos server finally.
>>
>> $ cat bareos/lib/puppet/type/bareos_client.rb
>> Puppet::Type.newtype(:bareos_client) do
>>   desc 'TEST'
>>   ensurable
>>   newparam(:name, :isnamevar => true) do
>> desc "The name of the client."
>>   end
>> end
>>
>> $ tail bareos/manifests/client.pp
>> mode=> '0644',
>> owner   => 'bareos',
>> group   => 'bareos',
>>   }
>>
>>   @@bareos_client{ $::hostname:
>>   }
>>
>>   Bareos_client <<| |>>
>> }
>>
>> I get this error when I make a puppet run on the client:
>> Error: /Stage[main]/Bareos::Client/Bareos_client[PC3256CO]: Could not
>> evaluate: No ability to determine if bareos_client exists
>> /usr/lib/ruby/site_ruby/1.8/puppet/property/ensure.rb:85:in `retrieve'
>> /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:1048:in `retrieve'
>> /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:1076:in `retrieve_resource'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:236:in
>> `from_resource'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/resource_harness.rb:19:in `
>> evaluate'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:204:in `apply'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:217:in `eval_resource'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `call'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `evaluate'
>> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:335:in `thinmark'
>> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
>> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:334:in `thinmark'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:147:in `evaluate'
>> /usr/lib/ruby/site_ruby/1.8/puppet/graph/relationship_graph.rb:118:in `
>> traverse'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction.rb:138:in `evaluate'
>> /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:169:in `apply'
>> /usr/lib/ruby/site_ruby/1.8/puppet/util/log.rb:149:in `with_destination'
>> /usr/lib/ruby/site_ruby/1.8/puppet/transaction/report.rb:112:in
>> `as_logging_destination'
>> /usr/lib/ruby/site_ruby/1.8/puppet/resource/catalog.rb:168:in `apply'
>> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:120:in `apply_catalog'
>> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:161:in `benchmark'
>> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
>> /usr/lib/ruby/site_ruby/1.8/puppet/uti

[Puppet Users] Test define in module with rspec_puppet

[Thomas Bendler]

Hi @all,

I have a small problem with my module test using spec_puppet. I use the
Puppetlabs MySQL module to create databases in my module. When running
"rake spec" my coverage report that not all resources are tested:

​<--- snip --->​
Mysql_database[test1]
Mysql_grant[test1@localhost/test1.*]
Mysql_user[test1@localhost]
​<--- snap --->​

​How can I include this resources in my spec file to get tested also? I've
already added the classes to the spec file but this did not solve the
problem:

<--- snip --->
it { is_expected.to contain_class('mysql::server') }
it { is_expected.to contain_class('mysql::server::backup') }
it { is_expected.to contain_class('mysql::server::account_security') }
it { is_expected.to contain_class('mysql::server::mysqltuner') }
<--- snap --->

Is it necessary to create a spec file for each define? Are there any public
examples that I can use for education?

Regards Thomas​
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1Pt%3Db1zjGOLrcsp-rEbO%2Bncy_Jv-cu-bqRGXY%3DrsATkHg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Test define in module with rspec_puppet

[Thomas Bendler]

Things can be so easy:

Total resources:   56

Touched resources: 56

Resource coverage: 100.00%

Thanks a lot!

Regards Thomas

2016-02-16 15:28 GMT+01:00 Gareth Rushgrove :

> On 16 February 2016 at 09:37, Thomas Bendler 
> wrote:
> > Hi @all,
> >
> > I have a small problem with my module test using spec_puppet. I use the
> > Puppetlabs MySQL module to create databases in my module. When running
> "rake
> > spec" my coverage report that not all resources are tested:
> >
> > <--- snip --->
> > Mysql_database[test1]
> > Mysql_grant[test1@localhost/test1.*]
> > Mysql_user[test1@localhost]
> > <--- snap --->
> >
> > How can I include this resources in my spec file to get tested also? I've
> > already added the classes to the spec file but this did not solve the
> > problem:
> >
> > <--- snip --->
> > it { is_expected.to contain_class('mysql::server') }
> > it { is_expected.to contain_class('mysql::server::backup') }
> > it { is_expected.to contain_class('mysql::server::account_security') }
> > it { is_expected.to contain_class('mysql::server::mysqltuner') }
> > <--- snap --->
> >
>
> You should be able to do something like the following if memory serves:
>
> it { is_expected.to contain_mysql_database('test1') }
>
> Gareth
>
>
> > Is it necessary to create a spec file for each define? Are there any
> public
> > examples that I can use for education?
> >
> > Regards Thomas
> > --
> > Linux ... enjoy the ride!
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to puppet-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/puppet-users/CAELoU1Pt%3Db1zjGOLrcsp-rEbO%2Bncy_Jv-cu-bqRGXY%3DrsATkHg%40mail.gmail.com
> .
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Gareth Rushgrove
> @garethr
>
> devopsweekly.com
> morethanseven.net
> garethrushgrove.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAFi_6yLVKzpin%2BQ_VYLi%2BtbswNr1KOzZbL-4Tu6idgQmU_aLRA%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1PAZO1fgPWO-viaZ3dMnTccE5wmxG1h_JBKaoRxf0u5AQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Module parameter handling

[Thomas Bendler]

Hi @all,

I write a module that create local users on my boxes. Now I try to make
that module fully dynamic so that the user informations are passed to the
module as parameter like this:

class { 'local_users':
  user => [
{ 'john' => { name => 'John Doe', home => '/export/home/john' } },
{ 'jane' => { name => 'Jane Doe', home => '/export/home/jane' } }
  ]
}

So far, so good. But now I would like to iterate through the user array and
create the user resource and I have no clue how this should be done
correctly. My approach is to call a define:

local_users::config::account { $local_users::user }

Which look like this:

define local_users::config::account (
  $id   = $title,
  $name = undef,
  $home = undef
) {
  user { $id:
ensure => present,
  comment=> $name,
  home   => $home,
  managehome => true,
  password   => '!!';
  }
}

I guess the direction should be understandable, I would like to specify the
users and their attributes as a parameter. What I don't get so far is, do I
need one resource definition for each possible combination or is there a
way that only the parameter that contain values are used within the
resource type? Is the path in general the correct one that I use or is
there a better approach to get this done?

​Regards Thomas​
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1NfDYgjqgHsH%3DAGmOsM9GG1nuAfnRibc_fA9cRUe5uMug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Module parameter handling

[Thomas Bendler]

Thanks for the hints, I’ll check what fits best.

Regards Thomas

> Am 03.03.2016 um 19:29 schrieb Henrik Lindberg 
> :
> 
> On 02/03/16 11:26, Thomas Bendler wrote:
>> Hi @all,
>> 
>> I write a module that create local users on my boxes. Now I try to make
>> that module fully dynamic so that the user informations are passed to
>> the module as parameter like this:
>> 
>> class { 'local_users':
>>   user => [
>> { 'john' => { name => 'John Doe', home => '/export/home/john' } },
>> { 'jane' => { name => 'Jane Doe', home => '/export/home/jane' } }
>>   ]
>> }
>> 
> You could use a hash there directly instead of an array of hashes. The 'id' 
> (e.g. 'john', 'jane' has to be unique anyway.
> 
>> So far, so good. But now I would like to iterate through the user array
>> and create the user resource and I have no clue how this should be done
>> correctly. My approach is to call a define:
>> 
>> local_users::config::account { $local_users::user }
>> 
>> Which look like this:
>> 
>> define local_users::config::account (
>>   $id   = $title,
>>   $name = undef,
>>   $home = undef
>> ) {
>>   user { $id:
>> ensure => present,
>>   comment=> $name,
>>   home   => $home,
>>   managehome => true,
>>   password   => '!!';
>>   }
>> }
>> 
>> I guess the direction should be understandable, I would like to specify
>> the users and their attributes as a parameter. What I don't get so far
>> is, do I need one resource definition for each possible combination or
>> is there a way that only the parameter that contain values are used
>> within the resource type? Is the path in general the correct one that I
>> use or is there a better approach to get this done?
>> 
> 
> If you are on 3.x with future parser, or on 4.x you can iterate.
> 
> I made some simplifications here, everything is one hash, and
> I renamed 'name' to 'comment' so I could use the hash directly
> to set all attributes without having to first transform 'name'
> into 'comment'.
> 
> class { 'local_users':
>  user => {
>'john' => { comment => 'John Doe', home => '/export/home/john' },
>'jane' => { comment => 'Jane Doe', home => '/export/home/jane' }
>  }
> }
> 
> class local_users($users) {
>  $users.each |$id, $attributes | {
>user { $id:
>  managehome => true,
>  password   => '!!',
>  *  => $attributes  # attributes from hash
>}
>  }
> }
> 
> With typed parameter
> 
> 
> To make it more robust you can also type the $users argument
> 
> class local_users(
>  Hash[String, Struct[{
>name => String,
>home => String}]
>  ] $users)
> {
>  $users.each |$id, $attributes | {
>user { $id:
>  managehome => true,
>  password => '!!',
>  * => $attributes
>}
>  }
> }
> 
> Hope that helps.
> 
> Regards
> - henrik
> 
> --
> 
> Visit my Blog "Puppet on the Edge"
> http://puppet-on-the-edge.blogspot.se/ 
> <http://puppet-on-the-edge.blogspot.se/>
> 
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> <mailto:puppet-users+unsubscr...@googlegroups.com>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/56D88274.2010101%40puppetlabs.com
>  
> <https://groups.google.com/d/msgid/puppet-users/56D88274.2010101%40puppetlabs.com>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/C15FDCB5-3E68-4598-B4E8-055A509C31FA%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Message signed with OpenPGP using GPGMail

[Puppet Users] Github actions for Puppet module deploy

[Thomas Bendler]

Hi @all,

are there any official Github Actions available to deploy Puppet modules to
the Puppet forge? I know they exist for TravisCI (
https://docs.travis-ci.com/user/deployment/puppetforge/) but didn't find
the equivalent for Github Actions yet. Does anyone know more?

Kind regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1M%2BiKsH3Y_G7P3KrHC0PDQjv5NytVNWbFXP1hPWqFkOow%40mail.gmail.com.

Re: [Puppet Users] Github actions for Puppet module deploy

[Thomas Bendler]

Hi David,

thanks for the update. Looking forward to what will be released soon ...

Kind regards Thomas

Am Fr., 13. Dez. 2019 um 14:12 Uhr schrieb David Schmitt <
david.schm...@puppet.com>:

> This was just a topic of conversation on the community slack (
> https://puppetcommunity.slack.com/archives/C11LCKKQ9/p1576194567348200)
>
> * There is no finished example yet
> * PDK 1.15.0 (due next week) will have a `pdk release` subcommand that
> will handle most of the puppet-specific workflow
> * The content team (which I'm am part of) is currently supercharging a lot
> of our processes through github actions, so expect some development from us
> in the next weeks.
>
>
> Cheers, David Schmitt
>
> On Thu, 12 Dec 2019 at 12:17, Thomas Bendler 
> wrote:
>
>> Hi @all,
>>
>> are there any official Github Actions available to deploy Puppet modules
>> to the Puppet forge? I know they exist for TravisCI (
>> https://docs.travis-ci.com/user/deployment/puppetforge/) but didn't find
>> the equivalent for Github Actions yet. Does anyone know more?
>>
>> Kind regards Thomas
>> --
>> Linux ... enjoy the ride!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAELoU1M%2BiKsH3Y_G7P3KrHC0PDQjv5NytVNWbFXP1hPWqFkOow%40mail.gmail.com
>> <https://groups.google.com/d/msgid/puppet-users/CAELoU1M%2BiKsH3Y_G7P3KrHC0PDQjv5NytVNWbFXP1hPWqFkOow%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CALF7fHZM4stUHRjrjUirwqPHddNObKDLdV4iYvjG-6JWfqC-fg%40mail.gmail.com
> <https://groups.google.com/d/msgid/puppet-users/CALF7fHZM4stUHRjrjUirwqPHddNObKDLdV4iYvjG-6JWfqC-fg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>


-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1OBx5QGRYENwdCtUhOpUHT5GLEiejaJTwuiLLAUurE%2B0A%40mail.gmail.com.

Re: [Puppet Users] Bacula with Puppet

[Thomas Bendler]

On Thu, Aug 24, 2023 at 5:27 PM Laci D  wrote:

> Has someone worked before on Puppet manifest file that will install and
> configure bacula-fd on a client server and also configure Bacula server to
> backup that client?
> Preferably with password authentication.
>

https://forge.puppet.com/modules?q=bacula

There are plenty of examples ...

Kind regards Thomas
-- 
Linux ... enjoy the ride!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAELoU1NVqTxxQkK3yVTzxbvN81WFX7xpKEJsgpHNMWyu4EQjxQ%40mail.gmail.com.