[Puppet Users] Unable to access hash elements directly from templates

[Josh]

I am using puppet version 6.2 (the one that comes with squeeze) in case it 
makes a difference.

I am new to puppet and am having a problem getting access to the elements 
of a hash in my erb templates and no matter what I google for I cannot seem 
to find out what I am doing wrong. 

I have stripped everything back to example code to rule out other things, 
in reality I have split my files up a but to avoid the monolithic init.pp 
and nodes.pp. Anyway...

my nodes.pp has this in it:

node 'pc01.domain.com' {

  # Test code
  $myhash = { 
key => { 
  subkey1 => 'foo',
  subkey2 => 'bar'
}
  }

  include mymodule
}

Then in the modules init.pp I have:

class mymodule {
  # Test code
  notice($myhash[key][subkey1])
  notice($myhash[key][subkey2])
  file { "/tmp/test":
ensure => present,
content => template("mymodule/test.erb"),
  }
}

If I run puppet against this the two notice lines work fine so I have 
access to the data within the module, the problem is getting it into the 
template. I tried a few different syntaxes to no effect:

So first I tried a template like so:
TEST: <%= $myhash[key][subkey1] %>

This gave me the error:
*err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template mymodule/test.erb: Could not find value for 'key' 
at /etc/puppet/modules/mymodule/manifests/init.pp:7 on node pc01.domain.com*

If I quote the string in the template (i.e. "<%= $myhash[key][subkey1] %>") 
then it just spits out that string into the file rather than interpreting 
the data.

I have similar errors if I try to use scope.lookupvar to explicitly specify 
where things are too.

So, what am I doing wrong or is it just not possible to pick a single hash 
element and put it into a template.

Thanks
Josh
p.s. my Ruby sucks so if I have to go down that route it'll need to be a 
noddy explanation

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/nSPGiquUVBIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Creating classes for individual nodes

[Josh]

This is more of a style question than implementation. I have a bunch of 
nodes running the same software but in many cases they need config files 
that are customized for that specific node. I was thinking I could push all 
the main files from the app through a central class and have separate 
classes for each individual node that has the config files. Is this the 
best way to do this or does it go against the purpose of using puppet?

Also, for implementation, is it best practice to create a separate module 
and class for each node where the class includes only that module? Thanks.

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/nfC30zTpr1oJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Unable to access hash elements directly from templates

[Josh]

On Wednesday, 11 April 2012 17:14:10 UTC+1, Gary Larizza wrote:
>
> Don't use the $ for variables in Templates - Puppet variables and arrays 
> are accessed as local variables/arrays in templates.  So try this:  TEST: 
> <%= myhash[key][subkey1] %>
>


Ah, I did try that before. I get the error:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template mymodule/test.erb: Could not find value for 'key' 
at /etc/puppet/modules/mymodule/manifests/config.pp:22 on node 
pc01.domain.com

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/pOIGkNnuEo4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Unable to access hash elements directly from templates

[Josh]

Sorry, that should be:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template mymodule/test.erb: Could not find value for 'key' 
at /etc/puppet/modules/mymodule/manifests/init.pp:7 on node pc01.domain.com

(i.e. it errors on the content => ... line)

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VFGB1obBa8QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Unable to access hash elements directly from templates

[Josh]

Eventually I worked this out (nothing like trying every possible 
combination eh), solution was to remove the $ at the start as you said and 
also quote the keys in single quotes like so:

TEST: <%= myhash['key']['subkey1'] %>

Thanks again for your help
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/QznbDyO5SDAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Creating classes for individual nodes

[Josh]

Thanks everyone! This is a good start. I'll have to research most of
this but at least I know what to research now. Thanks.

Josh

On Apr 12, 10:19 am, Brian Gallew  wrote:
> I'm absolutely with John on this.  As an example, for our JBoss application
> we need the configuration file to be different based on the the hostname
> (we only host one app per host/VM) and environment
> (dev/integration/qa/staging/production).  Further, some "dev" boxes need to
> allow the developers to hand-update their configs.  So what I have is a
> templated configuration file that has all the configuration information in
> it for all the environments, and only the pertinent information gets
> shipped to the Puppet client.  Further, I wrap this in a define{} so that
> the file Puppet actually manages is "server.properties-default".  There is
> an exec{} in the define which checks for a "server.properties-noupdate"
> file.  If that file exists, the exec{} bails.  If it doesn't, then it
> rsync's the -default file onto the "server.properties" file that JBoss
> references.  Finally, the define{} also creates a
> "server.properties-README" which tells the developer about how the file is
> managed and what they can do if they want to override Puppet.
>
> On Wed, Apr 11, 2012 at 1:52 PM, jcbollinger wrote:
>
>
>
>
>
>
>
>
>
> > On Apr 11, 12:04 pm, Josh  wrote:
> > > This is more of a style question than implementation. I have a bunch of
> > > nodes running the same software but in many cases they need config files
> > > that are customized for that specific node. I was thinking I could push
> > all
> > > the main files from the app through a central class and have separate
> > > classes for each individual node that has the config files. Is this the
> > > best way to do this or does it go against the purpose of using puppet?
>
> > There is no inherent problem with that approach, but for a little
> > extra effort you can get something that will be easier to maintain.
> > I'm not a big fan of parameterized classes myself, but I heartily
> > endorse an external data store, accessed via Hiera.  Instead of using
> > per-node classes, record per-node data where needed.  You can use that
> > data to fill templates, choose among alternatives in your manifests,
> > set resource properties, etc..
>
> > > Also, for implementation, is it best practice to create a separate module
> > > and class for each node where the class includes only that module?
> > Thanks.
>
> > I would say not.  It might or might not make sense to put the per-node
> > classes in the module with the main classes for the application in
> > question, but I certainly see no reason to separate them from each
> > other.  But the question is moot if you choose a cleaner strategy.
>
> > John
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] HA with BIG-IP?

[Josh]

Hi,

Is there anyone using BIG-IP to load balance client side connections
to multiple puppet masters?  I'm looking for advice on a
configuration, specifically:

* How to handle SSL.  Should I try to decrypt client side traffic at
the BIG-IP?  If so, should LB <-> BIG-IP traffic be unencrypted via
HTTP?  I have seen this scenario described in Pro Puppet.  I would
think I would run into problems verifying clients at the PM if I
decrypt at the load balancers.

* How are you deploying health monitors for the PM's?

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: HA with BIG-IP?

[Josh]

Thanks, Luke.  I'm going to pipe HTTPS straight thru the BIG-IP's to
the PM's for now.

Josh

On Apr 23, 12:19 pm, Luke Bigum  wrote:
> Hi Josh,
>
> It would depend on whether an F5 can be made to write the necessary
> information into an HTTP header. What I would do to is look at how
> Apache populates the SSL_CLIENT_S_DN and SSL_CLIENT_VERIFY headers when
> you use it as a Puppet Master front end and see if you can replicate
> that on an F5. F5 iRules are quite powerful so I'd say it might be
> possible but probably not straight out of the box.
>
> As for a health monitor I'm not sure... Puppet Masters are RESTful so
> you might be able to come up with something tricky with that.
>
> -Luke
>
> On 23/04/12 16:53, Josh wrote:
>
>
>
>
>
>
>
>
>
> > Hi,
>
> > Is there anyone using BIG-IP to load balance client side connections
> > to multiple puppet masters?  I'm looking for advice on a
> > configuration, specifically:
>
> > * How to handle SSL.  Should I try to decrypt client side traffic at
> > the BIG-IP?  If so, should LB<->  BIG-IP traffic be unencrypted via
> > HTTP?  I have seen this scenario described in Pro Puppet.  I would
> > think I would run into problems verifying clients at the PM if I
> > decrypt at the load balancers.
>
> > * How are you deploying health monitors for the PM's?
>
> > Thanks,
>
> > Josh
>
> --
> Luke Bigum
>
> Information Systems
> Ph: +44 (0) 20 3192 2520
> luke.bi...@lmax.com |http://www.lmax.com
> LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN
>
> FX and CFDs are leveraged products that can result in losses exceeding
> your deposit.  They are not suitable for everyone so please ensure you
> fully understand the risks involved.  The information in this email is not
> directed at residents of the United States of America or any other
> jurisdiction where trading in CFDs and/or FX is restricted or prohibited
> by local laws or regulations.
>
> The information in this email and any attachment is confidential and is
> intended only for the named recipient(s). The email may not be disclosed
> or used by any person other than the addressee, nor may it be copied in
> any way. If you are not the intended recipient please notify the sender
> immediately and delete any copies of this message. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
>
> LMAX operates a multilateral trading facility.  Authorised and regulated
> by the Financial Services Authority (firm registration number 509778) and
> is registered in England and Wales (number 06505809).
> Our registered address is Yellow Building, 1A Nicholas Road, London, W11
> 4AN.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using templates from another module

[Josh]

I have had a look around and cannot seem to find out whether this is 
possible. To explain further (using 2.7.13 btw)...

I have 

   - a module that I am using to configure various things about the 
   network, lets call it 'my_network'
   - another module that defines my platform, for arguments sake 
   'my_webserver'
   
Now, in the 'my_network' module I have a definedtype that generates 
/etc/network/interfaces from a given ERB template which is associated with 
the platform, simplified version:

define my_network::interfaces ($template = $title) {
  file { '/etc/network/interfaces':
ensure => present,
content => template($template),
  }
}

I call this like so from 'my_webserver':

my_network::interfaces { my_webserver/interfaces_template.erb: }

This results in an error where it cannot see the template:

*err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template my_webserver/interfaces_template.erb: undefined 
method `[]' for nil:NilClass at 
/local/puppet/env/production/modules/my_network/manifests/interfaces.pp:47 
on node mynode.com*
*
*
I also tried this using Classes rather then definedtypes and had the same 
problem.

What I want to do is have the function for handling network configuration 
in its own module (to avoid duplication of code and confusion) and the 
templates situated in another module specific to my node or platform.

So is there any way that I can use a template from another module? From my 
understanding of how puppet compiles the catalogue I cannot see why it 
wouldn't work?

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/fN6PaZTExigJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using templates from another module

[Josh]

In fact, after messing about a lot more this seems like a terrible idea 
since it removes the 'module as a stand-alone entity' concept and 
introduces a whole load of complexity.

This leaves me with global templates or just including all my templates in 
the my_network module ... think I'll go with the latter for overall 
consistency.

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Qdx9wdhswvUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using templates from another module

[Josh]

>
> I'm missing something here: why do you not want to put the template 
> into the module that uses it? 
>

Basically, we are an ISP and have a whole bunch of different platforms with 
different network configurations, that also differ depending which 
datacentre they are in.

I was hoping to have all the configuration for 'my_webserver', for example, 
in the class that defines that platform rather than have 100+ templates in 
the 'my_network' module (which then needs to be updated every time a new 
platform, or new network config for an existing platform, is added)

Fixed the template btw Nan, the problem was that I was calling data from a 
hash that didn't exist:

<%= hash['key1']['key2] %>

This results in the 'undefined method `[]' for nil:NilClass' error ... 
which while correct is pretty confusing. Think it is all part of the fact 
that hashes are new in Puppet and (as yet) not catered for particularly 
well. Cheers for the debug method, will come in handy!

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/noLre4R8gCIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 3.0 and Hiera

[Josh]

I'm not sure if its in there but one thing that would be *amazing* would be 
support for empty arrays/hashes. E.g.

$hash1 = hiera_hash('hash1', {})
$hash1 = hiera_hash('hash2', {})

This means that now I can do a:

merge_hash($hash1, $hash2)

This will now work regardless of whether I have declared hash1 and hash2 
for a given node or not, where as at the moment if you don't declare both 
of them in hiera the merge fails because the empty hash is seen as a string.

Native support for the merging would be handy as well.

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/bmYUG6203roJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using templates from another module

[Josh]

>
> I don't like that at all.  Generally speaking, defined types should 
> not manage resources whose identity is independent of the type 
> parameters. 
>

Yeah, I already binned that lot off and just used a class instead, as I say 
I was messing about to try and get it working
 

> Ideally, though, you would switch to an *un*parameterized class, and 
> communicate the erstwhile parameters to it via external data (e.g. 
> Hiera) and/or by creating separate [sub-]classes. 
>

The information from the host (ip address etc) is coming from hiera already 
so I am doing this already (maybe? unless I read that wrong). It is just 
the template that I cannot pull in via hiera (or can I ... can you just use 
multi-line yaml formatting and get the template from there? Will give it a 
whirl)

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/_mQTXUy0HUoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using templates from another module

[Josh]

>
> (or can I ... can you just use multi-line yaml formatting and get the 
> template from there? Will give it a whirl)
>

...of course not, what was I thinking :( 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/mrdF752oVz4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Lots of problems with Puppet 2.7 and Passenger on FreeBSD

[Josh]

cateChainFile /var/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile/var/puppet/ssl/ca/ca_crt.pem
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
DocumentRoot /usr/local/etc/puppet/rack/public/
RackBaseURI /

Options None
AllowOverride None
Order allow,deny
allow from all



Does anything stand out?

THanks,
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/LQZ6QHiiiT8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Odd SSL issue - host not showing with puppet cert --list --all

[Josh]

Hi,

Just wondering if anyone had any similar issues OR idea's on
troubleshooting the following problem.

I have a client/node registered to the puppet master and it is working
without any issues. On the server I can see it compile the catalog in
the logs. However when I run 'puppet cert --list --all' it is not in
the list. Note we use auto signing (/etc/puppet/autosign.conf).

# Client Working
[root@sitvhmnp161105 ~]# puppet agent --test
info: Retrieving plugin
info: Loading facts in systeminfo
info: Loading facts in systeminfo
info: Caching catalog for sitvhmnp161105.mambodev.local
info: Applying configuration version '1311904488'
notice: Finished catalog run in 1.31 seconds
[root@sitvhmnp161105 ~]#

# Server Logs
[root@sitvhmnp004201 ~]# grep sitvhmnp161105 /var/log/messages | tail
-2
Jul 29 16:25:28 sitvhmnp004201 puppet-master[25611]: Compiled catalog
for sitvhmnp161105.mambodev.local in environment production in 0.11
seconds
Jul 29 16:34:47 sitvhmnp004201 puppet-master[25611]: Compiled catalog
for sitvhmnp161105.mambodev.local in environment production in 0.10
seconds

# Certificate List
[root@sitvhmnp004201 ~]# puppet cert list --all | grep -i
sitvhmnp161105
[root@sitvhmnp004201 ~]#

I can see all my other hosts showing when using the puppet cert --list
command.

Regards,
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Odd SSL issue - host not showing with puppet cert --list --all

[Josh]

Hi Nan,

Thanks for that info! We have been rebuilding a set of servers
frequently as part of our testing and using the clean/revoke function.

I can see that inventory.txt does in fact mention sitvhmnp161105
twice.

[root@sitvhmnp004201 ~]# grep sitvhmnp161105 /var/lib/puppet/ssl/ca/
inventory.txt
0x00b6 2011-07-20T17:48:59GMT 2016-07-18T17:48:59GMT /
CN=sitvhmnp161105.mambodev.local
0x029d 2011-07-27T04:23:30GMT 2016-07-25T04:23:30GMT /
CN=sitvhmnp161105.mambodev.local

However sitvhmnp161105 does not show like my other hosts in /var/lib/
puppet/ssl/ca/signed/

[root@sitvhmnp004201 ~]# ls /var/lib/puppet/ssl/ca/signed/
sitvhmnp16110*
/var/lib/puppet/ssl/ca/signed/sitvhmnp161101.mambodev.local.pem
/var/lib/puppet/ssl/ca/signed/sitvhmnp161102.mambodev.local.pem
/var/lib/puppet/ssl/ca/signed/sitvhmnp161103.mambodev.local.pem
/var/lib/puppet/ssl/ca/signed/sitvhmnp161104.mambodev.local.pem
/var/lib/puppet/ssl/ca/signed/sitvhmnp161106.mambodev.local.pem

Does this mean my inventory is out of sync with my certificates? What
would be the best way to clean this up?

Cheers,
Josh

On Jul 29, 7:40 pm, Nan Liu  wrote:
> On Fri, Jul 29, 2011 at 2:38 AM, Josh  wrote:
> > Just wondering if anyone had any similar issues OR idea's on
> > troubleshooting the following problem.
>
> > I have a client/node registered to the puppet master and it is working
> > without any issues. On the server I can see it compile the catalog in
> > the logs. However when I run 'puppet cert --list --all' it is not in
> > the list. Note we use auto signing (/etc/puppet/autosign.conf).
>
> > # Client Working
> > [root@sitvhmnp161105 ~]# puppet agent --test
> > info: Retrieving plugin
> > info: Loading facts in systeminfo
> > info: Loading facts in systeminfo
> > info: Caching catalog for sitvhmnp161105.mambodev.local
> > info: Applying configuration version '1311904488'
> > notice: Finished catalog run in 1.31 seconds
> > [root@sitvhmnp161105 ~]#
>
> > # Server Logs
> > [root@sitvhmnp004201 ~]# grep sitvhmnp161105 /var/log/messages | tail
> > -2
> > Jul 29 16:25:28 sitvhmnp004201 puppet-master[25611]: Compiled catalog
> > for sitvhmnp161105.mambodev.local in environment production in 0.11
> > seconds
> > Jul 29 16:34:47 sitvhmnp004201 puppet-master[25611]: Compiled catalog
> > for sitvhmnp161105.mambodev.local in environment production in 0.10
> > seconds
>
> > # Certificate List
> > [root@sitvhmnp004201 ~]# puppet cert list --all | grep -i
> > sitvhmnp161105
> > [root@sitvhmnp004201 ~]#
>
> > I can see all my other hosts showing when using the puppet cert --list
> > command.
>
> It is possible to have a working cert that doesn't appear in puppet
> cert -la. A few possibilities:
> Revoked and cleaned, but certificate CRL not honored.
> Signed by another puppet master with the same CA.
> Signed by the system, but the cert files were removed.
> Since you are running puppet cert, I don't think it's an issue with
> puppetca clean not revoking cert (old bug).
>
> Check your puppet master ssl directory and review your inventory.txt
> and compare it against the certificate serial number of
> sitvhmnp161105. If it's indeed signed by this puppet master CA, you
> should have something matching:
>
> 0x0008 2011-07-12T22:20:37GMT 2016-07-10T22:20:37GMT /CN=sitvhmnp161105
>
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 8 (0x8)
> ...
>         Subject: CN=sitvhmnp161105
>
> Thanks,
>
> Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Configuration error on 0.25.5 (default provider)

[Josh]

I inherited a puppet install from a former sys admin at my
organization and this is my first time working with it. I'm on 0.25.5
and would like to upgrade eventually but I'm afraid to do that at the
moment so I'm looking for suggestions other than "Upgrade".

I need to add a new server to the configuration. This is on RHEL 5 and
I installed through yum. I copied $vardir from another server in the
fleet and wiped out the machine-specific ssl certs. From the look of
things, I was able to successfully generate and sign a new ssl cert
for the machine. When I start the service, though, I get the error:

"Could not create resources for managing Puppet's files and
directories in sections [:main, :puppetd, :ssl]: Could not find a
default provider for file".

I've googled for this error for days and haven't found anything
useful. There are a few bug reports but most of them are for other OSs
or aren't applicable. I'm not sure what this error is referring to at
all. Some people suggest that it has something to do with the ruby
configuration but I don't know much about ruby either. If someone
could help with this, I would greatly appreciate it. I need to get
this server up and running soon. Let me know if I haven't provided
enough info.

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configuration error on 0.25.5 (default provider)

[Josh]

Nicolai,

Thanks for the reply. I think I copied the /var/lib/puppet directory
from another server as a last resort after trying a bunch of other
things first. For the sake of argument, though, I've deleted my entire
puppet installation and begun from scratch. I did a yum install of
puppet and then did the following:

[root@server ~]# puppetd --server puppetmaster.domain.com --
waitforcert 30 --test
err: Could not create resources for managing Puppet's files and
directories in sections [:main, :puppetd, :ssl]: Could not find a
default provider for file
err: Could not create resources for managing Puppet's files and
directories in sections [:main, :ssl]: Could not find a default
provider for file
info: Creating a new SSL key for server.domain.com
err: Could not request certificate: Cannot save server.domain.com;
parent directory /var/lib/puppet/ssl/private_keys does not exist
info: Creating a new SSL key for server.domain.com
err: Could not request certificate: Cannot save server.domain.com;
parent directory /var/lib/puppet/ssl/private_keys does not exist
info: Creating a new SSL key for server.domain.com
err: Could not request certificate: Cannot save server.domain.com;
parent directory /var/lib/puppet/ssl/private_keys does not exist
info: Creating a new SSL key for server.domain.com
err: Could not request certificate: Cannot save server.domain.com;
parent directory /var/lib/puppet/ssl/private_keys does not exist
info: Creating a new SSL key for server.domain.com
err: Could not request certificate: Cannot save server.domain.com;
parent directory /var/lib/puppet/ssl/private_keys does not exist
Cancelling startup

This error keeps scrolling up the screen until I ctrl-C out of it like
I did above. While this is going on, I run `puppetca --sign
server.domain.com` on the puppetmaster but it fails and says there is
no request from the server. At this point, I create the ssl/
private_keys directory manually. I go through the above steps a few
more times and it complains about the ssl/public_keys, ssl/certs and
ssl/certificate_requests directories not existing so I create them as
well. After all of that, I can finally get a signed ssl cert. Then I
try to start the puppet service and get the following errors in
syslog:

Starting Puppet client version 0.25.5
Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl, :puppetd]: Could not find a default provider
for file
Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl]: Could not find a default provider for file
Could not retrieve catalog from remote server: No such file or
directory - /var/lib/puppet/client_yaml/catalog
Using cached catalog
Could not retrieve catalog; skipping run

At this point, I stop puppet and create the client_yaml/catalog
directories. I restart puppet and then get the following errors in
syslog which is what my original question was about:

Starting Puppet client version 0.25.5
Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl, :puppetd]: Could not find a default provider
for file
Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl]: Could not find a default provider for file
Could not run Puppet configuration client: Could not find a default
provider for file

Then puppet does nothing. If you know how to fix this error or you can
point out anything in my installation that's wrong, I'd greatly
appreciate it. I'm more than happy to read docs, too, if you can point
me to good online documentation but I've searched all over the puppet
labs site and can't find anything useful. Their docs for installing
and configuring a new server are terrible, especially when it comes to
adding a new client. Thanks very much for your help.

Josh

On Sep 15, 7:06 pm, Nicolai  wrote:
> There is no need to copy _anything_ from /var/lib/puppet from another
> machine, actually i think it breaks stuff.
>
> As youre running 0.25.5 you need to run puppetd once so that it can create
> its private key and cert, sign the cert on the master with puppetca --sign
> machine-name.
>
> Then puppet should run and apply the manifests you have for the node.
>
> Regards
>
> Nicolai

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configuration error on 0.25.5 (default provider)

[Josh]

Again, the error I'm seeing is:

"Could not create resources for managing Puppet's files and
 directories in sections [:main, :puppetd, :ssl]: Could not find a
 default provider for file"

Has anyone here ever seen this error or know how to fix it? This is
not a clearly worded error so I have no idea where to begin
troubleshooting it.

Thanks,

Josh

On Sep 16, 10:17 am, Josh  wrote:
> Nicolai,
>
> Thanks for the reply. I think I copied the /var/lib/puppet directory
> from another server as a last resort after trying a bunch of other
> things first. For the sake of argument, though, I've deleted my entire
> puppet installation and begun from scratch. I did a yum install of
> puppet and then did the following:
>
> [root@server ~]# puppetd --server puppetmaster.domain.com --
> waitforcert 30 --test
> err: Could not create resources for managing Puppet's files and
> directories in sections [:main, :puppetd, :ssl]: Could not find a
> default provider for file
> err: Could not create resources for managing Puppet's files and
> directories in sections [:main, :ssl]: Could not find a default
> provider for file
> info: Creating a new SSL key for server.domain.com
> err: Could not request certificate: Cannot save server.domain.com;
> parent directory /var/lib/puppet/ssl/private_keys does not exist
> info: Creating a new SSL key for server.domain.com
> err: Could not request certificate: Cannot save server.domain.com;
> parent directory /var/lib/puppet/ssl/private_keys does not exist
> info: Creating a new SSL key for server.domain.com
> err: Could not request certificate: Cannot save server.domain.com;
> parent directory /var/lib/puppet/ssl/private_keys does not exist
> info: Creating a new SSL key for server.domain.com
> err: Could not request certificate: Cannot save server.domain.com;
> parent directory /var/lib/puppet/ssl/private_keys does not exist
> info: Creating a new SSL key for server.domain.com
> err: Could not request certificate: Cannot save server.domain.com;
> parent directory /var/lib/puppet/ssl/private_keys does not exist
> Cancelling startup
>
> This error keeps scrolling up the screen until I ctrl-C out of it like
> I did above. While this is going on, I run `puppetca --sign
> server.domain.com` on the puppetmaster but it fails and says there is
> no request from the server. At this point, I create the ssl/
> private_keys directory manually. I go through the above steps a few
> more times and it complains about the ssl/public_keys, ssl/certs and
> ssl/certificate_requests directories not existing so I create them as
> well. After all of that, I can finally get a signed ssl cert. Then I
> try to start the puppet service and get the following errors in
> syslog:
>
> Starting Puppet client version 0.25.5
> Could not create resources for managing Puppet's files and directories
> in sections [:main, :ssl, :puppetd]: Could not find a default provider
> for file
> Could not create resources for managing Puppet's files and directories
> in sections [:main, :ssl]: Could not find a default provider for file
> Could not retrieve catalog from remote server: No such file or
> directory - /var/lib/puppet/client_yaml/catalog
> Using cached catalog
> Could not retrieve catalog; skipping run
>
> At this point, I stop puppet and create the client_yaml/catalog
> directories. I restart puppet and then get the following errors in
> syslog which is what my original question was about:
>
> Starting Puppet client version 0.25.5
> Could not create resources for managing Puppet's files and directories
> in sections [:main, :ssl, :puppetd]: Could not find a default provider
> for file
> Could not create resources for managing Puppet's files and directories
> in sections [:main, :ssl]: Could not find a default provider for file
> Could not run Puppet configuration client: Could not find a default
> provider for file
>
> Then puppet does nothing. If you know how to fix this error or you can
> point out anything in my installation that's wrong, I'd greatly
> appreciate it. I'm more than happy to read docs, too, if you can point
> me to good online documentation but I've searched all over the puppet
> labs site and can't find anything useful. Their docs for installing
> and configuring a new server are terrible, especially when it comes to
> adding a new client. Thanks very much for your help.
>
> Josh
>
> On Sep 15, 7:06 pm, Nicolai  wrote:
>
>
>
> > There is no need to copy _anything_ from /var/lib/puppet from another
> > machine, actually i think it breaks stuff.
>
> > As youre running 0.25.5 you need to run puppetd once so that it can create
> > its private key and cert, si

[Puppet Users] Recursively pushing sym links in 2.6.6

[Josh]

Background:

I like to keep installed apps in a non-standard area and sym link to
the binaries, libraries and other files through the /usr/local tree so
that they're in the user's path. The purpose of this is to help with
software versions, upgrades and to allow me to keep multiple versions
of apps on one machine which can be useful for interpreters like perl
or python. I created a file repository under /etc/puppet that is
filled with these sym links and I'm trying to push them out to the
servers but I keep getting the error "Could not evaluate: Got nil
value for content" in the logs and it's not pushing the sym links. My
configuration in the manifest is the following:

file { "/usr":
path=> "/usr",
ensure  => present,
recurse => true,
links   => manage,
force   => true,
source  => "puppet://puppet/app/usr",
notify  => Service[app],
}

I started with a very bare bones configuration but added ensure, links
and force after doing some research. From what I've read the links
directive is supposed to make this work but it's unclear to me if
there is a bug that prevents this from working in 2.6.x. BTW, this was
working until a couple of days ago but the Redhat yum repos just
upgraded from 0.25.5 to 2.6.6 and that seems to have broken this.
Thanks for any help you can give.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Help with cloud provisioner

[Josh]

I have a very basic puppet install right now, running puppet master,
with the dashboard and foreman on the same host, I have some legacy
static nodes (nodes.pp) and now I am using puppet to provision nodes
in EC2. I am running cloud provisioner .60rc1 and my question is what
happens after a puppet node bootstrap? I'm running into some issues
and maybe its just idiot user driving this thing, but I do something
like:

puppet node bootstrap --image  ami-79e32e10  --keypair puppet --login
root --keyfile  \
/root/.ssh/puppet.pem --certname app01.c43870.blueboxgrid.com --type
m1.small

which works okay when EC is being nice,  the node comes up and puppet
logs in and installs the agent which then generates a certificate  and
has it auto signed. After which the puppet agent exits (why?), and
nobody is really happy after that:

Sep 30 12:16:51 app01 puppet-master[18203]: Removing file
Puppet::SSL::CertificateRequest 21b5041a-db2a-f26f-c2e6-faf3676a5d2a
at '/etc/puppet/ssl/ca/requests/21b5041a-db2a-f26f-c2e6-
faf3676a5d2a.pem'
Sep 30 12:17:01 app01 puppet-master[18203]: Could not find node
'21b5041a-db2a-f26f-c2e6-faf3676a5d2a'; cannot compile

What am I missing?  Of course there's no catalog, I had no idea what
the name of the node was going to appear as, so its not like I could
put together a manifest for new instance.  Is the idea being that it
gets a default set of packages then I need to use facts to figure out
what it is?

So basically my question is, what happens next? What am I missing?  I
have a new instance with puppet on it but since there's no catalog,
the agent (if it were still running) wouldn't know what to ask for.
Thanks
-Josh



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Could not retrieve catalog (403) and 500

[Josh]

Hi,

I just recently upgraded my puppetmaster and clients from 0.25.3 to
2.6.3.rc3.  Everything worked fine for a while.  Now, none of my
clients are able to retrieve their catalog.  Here is some [hopefully]
relevant information:

$ puppetd --server fc-pupm01 --verbose --waitforcert 60 --
environment=fcprod --test
err: Could not retrieve catalog from remote server: Error 403 on
SERVER: Forbidden request: fc-pupm01(172.26.101.160 access to /catalog/
fc-pupm01 [find] at line 93
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: Error 500 on SERVER: 

500 Internal Server Error

Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator,
 r...@localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.
More information about this error may be available
in the server error log.

Apache/2.2.3 (CentOS) Server at fc-pupm01 Port 8140


.. and Apache's error log:

[Tue Nov 16 15:18:34 2010] [error] [client 172.26.101.51]
(104)Connection reset by peer: ap_content_length_filter:
apr_bucket_read() ailed
[ pid=11148 file=ext/apache2/Hooks.cpp:566 time=2010-11-16
15:18:42.256 ]:
  Unexpected error in mod_passenger: An error occured while sending
the request body to the request handler: Broken pipe (32)
  Backtrace:
 in 'virtual void
Passenger::Application::Session::sendBodyBlock(const char*, unsigned
int)' (Application.h:159)
 in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:491)

Other things behind passenger (Foreman) continue to work properly.
Running Passenger 2.2.2.

Does anyone have any ideas what may have caused this, and how to fix
it?

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Could not retrieve catalog (403) and 500

[Josh]

On Nov 16, 4:26 pm, Josh  wrote:
> Hi,
>
> I just recently upgraded my puppetmaster and clients from 0.25.3 to
> 2.6.3.rc3.  Everything worked fine for a while.  Now, none of my
> clients are able to retrieve their catalog.  Here is some [hopefully]
> relevant information:
>

Some more info:

The client is CentOS5/x86_64:


*** LOCAL GEMS ***

fastthread (1.0.7)
mysql (2.8.1)
passenger (2.2.2)
rack (1.0.1, 0.4.0)
rake (0.8.7, 0.8.3)
sqlite3-ruby (1.2.4)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Could not retrieve catalog (403) and 500

[Josh]

Ok, looks like this may be fixed.  I added "allow *" to the
puppetmaster's auth.conf.  I guess this is something that changed
between 0.25.3 and 2.6.3, and I missed it while reading the release
notes.

Josh

On Nov 16, 4:45 pm, Josh  wrote:
> On Nov 16, 4:26 pm, Josh  wrote:
>
> > Hi,
>
> > I just recently upgraded my puppetmaster and clients from 0.25.3 to
> > 2.6.3.rc3.  Everything worked fine for a while.  Now, none of my
> > clients are able to retrieve their catalog.  Here is some [hopefully]
> > relevant information:
>
> Some more info:
>
> The client is CentOS5/x86_64:
>
> *** LOCAL GEMS ***
>
> fastthread (1.0.7)
> mysql (2.8.1)
> passenger (2.2.2)
> rack (1.0.1, 0.4.0)
> rake (0.8.7, 0.8.3)
> sqlite3-ruby (1.2.4)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] No changes being applied to clients 2.6.3rc3

[Josh]

Hi,

I'm having a problem where no changes are getting applied to any of my
puppet clients since upgrading from 0.25.3 to 2.6.3rc3.  I'm using
Passenger 2.2.2 and Ruby 1.8.7.  I don't see any errors in Apache's
logs nor Puppet's logs.  The below is an output of when I try a a
manual run from one of the clients:

$ puppetd --server fc-pupm01 --verbose --waitforcert 60 --
environment=fcprod --test
info: Caching catalog for fc-pupm01
info: Applying configuration version '129730'
notice: Finished catalog run in 0.15 seconds

Logs on the puppetmaster:

Nov 17 07:40:02 fc-pupm01 puppet-master[19310]: Compiled catalog for
fc-pupm01 in environment fcprod in 0.02 seconds
Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Caching catalog for fc-
pupm01
Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Applying configuration
version '129730'
Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Finished catalog run in
0.15 seconds

So, the logs are reporting that everything was successful, yet nothing
is actually getting applied.  Where can I begin to troubleshoot this
issue?

Thanks in advance!

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: No changes being applied to clients 2.6.3rc3

[Josh]

ation_format' (pson) is invalid for
report, using default (marshal)
debug: report supports formats: b64_zlib_yaml marshal raw yaml; using
marshal


On Nov 17, 7:42 am, Josh  wrote:
> Hi,
>
> I'm having a problem where no changes are getting applied to any of my
> puppet clients since upgrading from 0.25.3 to 2.6.3rc3.  I'm using
> Passenger 2.2.2 and Ruby 1.8.7.  I don't see any errors in Apache's
> logs nor Puppet's logs.  The below is an output of when I try a a
> manual run from one of the clients:
>
> $ puppetd --server fc-pupm01 --verbose --waitforcert 60 --
> environment=fcprod --test
> info: Caching catalog for fc-pupm01
> info: Applying configuration version '129730'
> notice: Finished catalog run in 0.15 seconds
>
> Logs on the puppetmaster:
>
> Nov 17 07:40:02 fc-pupm01 puppet-master[19310]: Compiled catalog for
> fc-pupm01 in environment fcprod in 0.02 seconds
> Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Caching catalog for fc-
> pupm01
> Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Applying configuration
> version '129730'
> Nov 17 07:40:02 fc-pupm01 puppet-agent[19567]: Finished catalog run in
> 0.15 seconds
>
> So, the logs are reporting that everything was successful, yet nothing
> is actually getting applied.  Where can I begin to troubleshoot this
> issue?
>
> Thanks in advance!
>
> Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Best practices for different hosts with different configs

[Josh]

Greetings,
I'm just getting started with setting up Puppet in an environment of
about ~15 servers, a mixture of Mac OS X servers and Ubuntu servers -
each with different roles and obviously different versions of configs.

Before I get too carried away, I was hoping to get advice on the "rule
of thumb" about different versions of configs.  Most of the
documentation and examples I've seen seem to be geared more towards
"roles" of a set of nodes, such as "http nodes, dns nodes" etc.  What
hasn't been too clear to me is a smaller scale environment where there
aren't multiple nodes sharing the same job.

Say I have an application installed on two of my servers and
obviously, each server has its own version of the config files for
that.  What is the "best practice" to manage that?  Do I define a
class for "server1" with each thing I want to manage, and point to a
specific file (e.g. puppet://puppet/files/server1/config.cfg  .../
server2/config.cfg ...etc)?

Any nudge in the right direction is greatly appreciated!  Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ActiveRecord/Puppet error? Missing mysql2 gem.

[Josh]

Hi,

Building a new 2.7+storeconfigs+passenger puppetmaster and running
into a problem:

$ puppetd --server  --verbose --waitforcert 60 --
environment=blah --test
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: !!! Missing the mysql2 gem. Add it to your Gemfile: gem
'mysql2'
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Other [maybe] relevant information:

$ rpm -qa | grep puppet
puppet-server-2.6.7-1.el6.noarch
puppet-2.6.7-1.el6.noarch


~$ gem list

*** LOCAL GEMS ***

abstract (1.0.0)
actionmailer (3.0.5)
actionpack (3.0.5)
activemodel (3.0.5)
activerecord (3.0.5)
activeresource (3.0.5)
activesupport (3.0.5)
arel (2.0.9)
builder (3.0.0, 2.1.2)
bundler (1.0.10)
daemon_controller (0.2.6)
erubis (2.6.6)
fastthread (1.0.7)
file-tail (1.0.5)
i18n (0.5.0)
mail (2.2.15)
mime-types (1.16)
mysql2 (0.2.7)
passenger (3.0.5)
polyglot (0.3.1)
rack (1.2.2)
rack-mount (0.6.13)
rack-test (0.5.7)
rails (3.0.5)
railties (3.0.5)
rake (0.8.7)
spruz (0.2.5)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.25)

Any idea on how to solve this problem?

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ActiveRecord/Puppet error? Missing mysql2 gem.

[Josh]

Cody,

Thanks for the help.  Installing the "ruby-mysql" RPM from EPEL seemed
to fix this issue.

Thanks!

Josh

On Apr 11, 5:32 pm, Cody Robertson  wrote:
> Did you manually install the gem? I believe Todd's RPMS are built to work
> with EPEL so you might want to look for the mysql-ruby RPM and see if that
> works.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Ensure a package is newer than version X

[Josh]

Check out yum-versionlock for RHEL/CentOS, its a yum plugin. We use it
to lock down versions and then just have ensure => latest in our
manifests..

Regards,
Josh

On May 24, 8:26 pm, Felix Frank 
wrote:
> On 05/17/2011 09:37 PM, Doug Warner wrote:
>
> > On Gentoo we would handle this by putting a mask in place to mask versions <
> > 1.7.1, then just ensure => installed on the package.
>
> Come to think of it, Debian would do this using apt pinning.
>
> There are probably yum/zypper counterparts for the RPM world.
>
> Cheers,
> Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Problem with hiera arrays not obeying the hierachy

[Josh]

Versions: puppet 2.7.18, hiera 0.3.0

I have encountered a problem that is completely counter intuitive to how I 
thought hiera was meant to work. I have three levels in my hierarchy in the 
following order:
- .yaml   (specific to the host)
- .yaml   (we have multiple sites, this is info specific to the 
site)
- common.yaml   (applies to everything)

I noticed this problem while working round a DNS problem, needless to say I 
had the following (ip addresses changes to protect the innocent) in the 
.yaml:

dns_servers:
  - '1.1.1.1'
  - '2.2.2.2'

I wanted a specific host to use different DNS so in the .yaml I added:

dns_servers:
  - '3.3.3.3'

Now, when I do a hiera_array('dns_servers') I would expect that the 
original array (1.1.1.1 and 2.2.2.2) would be overwritten with a single 
value (3.3.3.3)...

As it turned out is concatenated the two arrays together, giving me 
(1.1.1.1 and 2.2.2.2 and 3.3.3.3). Non-plussed I added another entry to the 
common.yaml (4.4.4.4) and lo and behold it added that in as well giving 
me  (1.1.1.1 and 2.2.2.2 and 3.3.3.3 and 4.4.4.4).

I really did assume from the documentation that the hierarchy would be 
obeyed and both .yaml and common.yaml would be ignored ... or 
have I misunderstood how the system works?

Thanks
Josh 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/e-jCVgKPe6AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Problem with hiera arrays not obeying the hierachy

[Josh]

...my hiera.conf since it would probably help. %{datacentre} is a custom 
fact that is set at build time:

---
:hierarchy:
  - node/%{hostname}
  - common/%{datacentre}
  - common/common
:backends:
  - yaml
  - puppet
:yaml:
  :datadir: '/local/puppet/env/%{environment}/hieradata'
:puppet:
  :datasource: data

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7FV-TOufBLcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Problem with hiera arrays not obeying the hierachy

[Josh]

On Monday, September 3, 2012 5:11:23 PM UTC+1, Aaron Grewell wrote:
>
> The hiera function works as you described and supports strings, arrays and 
> hashes. The hiera_array and hiera_hash functions build additive arrays and 
> hashes that include the values of all matching variables across the entire 
> hierarchy. For your use case you should use hiera()  instead of 
> hiera_array()
>

Really, thats brilliant cheers. Not only does that fix my problem but I can 
remove a whole load of weird hacks I had in place merging hases together. I 
also upgraded to hiera 1.0 to try and fix so all good.

What is the behaviour regarding hash keys? Would a merged hash that ends up 
with a duplicate key take the value from higher up the hierarchy?

Thanks again,
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/c3MNQGhVEdYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Problem with hiera arrays not obeying the hierachy

[Josh]

On Tuesday, September 4, 2012 9:10:57 AM UTC+1, Josh wrote:
>
> What is the behaviour regarding hash keys? Would a merged hash that ends 
> up with a duplicate key take the value from higher up the hierarchy
>

Have answered my own question. The answer to this is yes (for the benefit 
of people who come across this post in future)

Josh 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/0TImwu3Ae-gJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Variable interpolation inside hiera data

[Josh]

Hi,

I am using the latest version of hiera and puppet and wondering if there is 
any way to make variables in hiera interpolate when they are called, for 
example:

---
foo:
  bar: $::hostname
  baz: $some_variable

When I try to access this in puppet it invariably comes back with 
'$hostname' instead of the variable, as if it has been single quoted by 
default. The same applies if I set a variable in the module as in the 
second example. I tried double quoting the value to no effect.

I know I can fix this by looking at each variable and processing it but 
this seems clunky and becomes especially annoying when arrays are involved.

Any way to get puppet to take notice of the $ and look the actual value up?

Thanks
Josh



















-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/e5mpgJLhaHIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Variable interpolation inside hiera data

[Josh]

So obvious now that I think about it! *slaps head*

Cheers
Josh

On Tuesday, September 25, 2012 3:11:32 AM UTC+1, Nan Liu wrote:
>
> On Mon, Sep 24, 2012 at 2:39 AM, Josh 
> > 
> wrote: 
> > I am using the latest version of hiera and puppet and wondering if there 
> is 
> > any way to make variables in hiera interpolate when they are called, for 
> > example: 
> > 
> > --- 
> > foo: 
> >   bar: $::hostname 
> >   baz: $some_variable 
> > 
> > When I try to access this in puppet it invariably comes back with 
> > '$hostname' instead of the variable, as if it has been single quoted by 
> > default. The same applies if I set a variable in the module as in the 
> second 
> > example. I tried double quoting the value to no effect. 
> > 
> > I know I can fix this by looking at each variable and processing it but 
> this 
> > seems clunky and becomes especially annoying when arrays are involved. 
> > 
> > Any way to get puppet to take notice of the $ and look the actual value 
> up? 
>
> In heira variable lookup is %{varname}, so in this case %{hostname}. 
>
> HTH, 
>
> Nan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/YCtTucAZybUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Exclusions in site.pp?

[josh]

So here's the scenario, roughly 800 hosts as puppet clients, single
puppet master server, all running Open Solaris.

Most of them are identical, I have roughly 25% or so that have
different firewall rulesets.

Currently my site.pp looks like this:

# /etc/puppet/manifests/site.pp

import "classes/*"

node default {
include ipf
include sshd_conf
include disable_rpcbind
}

What I'd like to do is have some way to split up the nodes by
classification, i.e. import nodes/typea, import nodes/typeb, import
nodes/typec
then have

node typea {
   include ipf-typea
}

node typeb
  include ipf-typeb
}
node typec
  include ipf-typec
}

Or something along those lines, and nodes/typea contains  a list of
all the typea stores, nodes/typeb includes a list of the typeb hosts,
etc.

Is this possible?

Thanks,
Josh



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

Thanks to everyone for their quick replies.  I will give this a shot!

Josh

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

Ah one more question which I neglected to ask.

How do I specify that if a node is not in typea or typeb that it's
default?

i.e. I now have:

include nodes/*

and in nodes:

typea.pp:

node foo, bar, baz {
  include ipf.a
}

typeb.pp:

node bear, monkey, lion {
  include ipf.b
}

but for any other node I want it to include class ipf.other, but don't
want to specify each of the other 600 or so hosts in a "typec.pp" file
or whatever., or will that just get covered by this statement in
site.pp:

node default {
include ipf
include sshd_conf
include disable_rpcbind
}



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

Thanks Paul.
I'm having an issue with wildcards in the nodes/typea.pp file, there
are inconsistent domain names for the clients, so I might have
foo.domain.net, or foo.domaain.com, or foo.something or just foo,
so I tried using the following

node foo*, bar*, baz* {
  include ipf.typea
}

But I get the following error on the client:

Could not retrieve catalog: Could not parse for environment
development: Could not match '*,' at /etc/puppet/manifests/nodes/
typea.pp:1





On Sep 8, 4:50 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> If there is a default node, and you aren't using external nodes, and
> the current node is not specified, it will use default.
>
> - --Paul
>
> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.8 (Darwin)
> Comment:http://getfiregpg.org
>
> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> =KjYQ
> -END PGP SIGNATURE-
>
>
>
> > Ah one more question which I neglected to ask.
>
> > How do I specify that if a node is not in typea or typeb that it's
> > default?
>
> > i.e. I now have:
>
> > include nodes/*
>
> > and in nodes:
>
> > typea.pp:
>
> > node foo, bar, baz {
> >  include ipf.a
> > }
>
> > typeb.pp:
>
> > node bear, monkey, lion {
> >  include ipf.b
> > }
>
> > but for any other node I want it to include class ipf.other, but don't
> > want to specify each of the other 600 or so hosts in a "typec.pp" file
> > or whatever., or will that just get covered by this statement in
> > site.pp:
>
> > node default {
> >    include ipf
> >    include sshd_conf
> >    include disable_rpcbind
> > }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

OK thanks Paul. hrm back to the drawing board then, or I just
manually set the domain name on each box first.

On Sep 8, 5:32 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> Sorry, no wildcard matching yet!
>
> - --Paul
>
> On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.8 (Darwin)
> Comment:http://getfiregpg.org
>
> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
> =D2Kf
> -END PGP SIGNATURE-
>
>
>
> > Thanks Paul.
> > I'm having an issue with wildcards in the nodes/typea.pp file, there
> > are inconsistent domain names for the clients, so I might have
> > foo.domain.net, or foo.domaain.com, or foo.something or just foo,
> > so I tried using the following
>
> > node foo*, bar*, baz* {
> >  include ipf.typea
> > }
>
> > But I get the following error on the client:
>
> > Could not retrieve catalog: Could not parse for environment
> > development: Could not match '*,' at /etc/puppet/manifests/nodes/
> > typea.pp:1
>
> > On Sep 8, 4:50 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> >> -BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
>
> >> If there is a default node, and you aren't using external nodes, and
> >> the current node is not specified, it will use default.
>
> >> - --Paul
>
> >> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> >> -BEGIN PGP SIGNATURE-
> >> Version: GnuPG v1.4.8 (Darwin)
> >> Comment:http://getfiregpg.org
>
> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> >> =KjYQ
> >> -END PGP SIGNATURE-
>
> >> > Ah one more question which I neglected to ask.
>
> >> > How do I specify that if a node is not in typea or typeb that it's
> >> > default?
>
> >> > i.e. I now have:
>
> >> > include nodes/*
>
> >> > and in nodes:
>
> >> > typea.pp:
>
> >> > node foo, bar, baz {
> >> >  include ipf.a
> >> > }
>
> >> > typeb.pp:
>
> >> > node bear, monkey, lion {
> >> >  include ipf.b
> >> > }
>
> >> > but for any other node I want it to include class ipf.other, but don't
> >> > want to specify each of the other 600 or so hosts in a "typec.pp" file
> >> > or whatever., or will that just get covered by this statement in
> >> > site.pp:
>
> >> > node default {
> >> >    include ipf
> >> >    include sshd_conf
> >> >    include disable_rpcbind
> >> > }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

Interesting, thanks.
None of the puppet clients really have a DNS domain set, they don't
use DNS for anything.  Some of them have hostname.domain.net, some
hostname.domain.com, others hostname.domainfromthedslmodem, some just
hostname,
I guess I could force all hosts to be the same TLD using your method.

On Sep 9, 4:45 am, Heiko <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 8, 2008 at 11:40 PM, josh <[EMAIL PROTECTED]> wrote:
>
> > OK thanks Paul. hrm back to the drawing board then, or I just
> > manually set the domain name on each box first.
>
> Hello,
>
> i do some matching for domains inside the classes:
>
> case $domain {
>
>         "domain1":       { $hostopt="from=\"172.17.1.100\"" }
>         "domain2":      { $hostopt="from=\"172.17.24.100\"" }
>         "domain3":     { $hostopt="from=\"172.19.2.100\"" }
>
> }
>
> class ssh_user {
>
>                 ssh_authorized_key{
>                         "user":
>                                 ensure => present,
>                                 key => "ssheyhere"
>                                 name => "[EMAIL PROTECTED]",
>                                 type => "ssh-rsa",
>                                 options => $hostopt,
>                                 target => "/home/user/.ssh/authorized_keys",
>                         }
>
> }
>
> but its not always the easiest way, something like a default for all
> hosts which also have some node specific clasess, or groups would be
> nice
>
> greetings
>
> > On Sep 8, 5:32 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
>
> >> Josh,
>
> >> Sorry, no wildcard matching yet!
>
> >> - --Paul
>
> >> On Mon, Sep 8, 2008 at 2:23 PM, josh  wrote:
>
> >> -BEGIN PGP SIGNATURE-
> >> Version: GnuPG v1.4.8 (Darwin)
> >> Comment:http://getfiregpg.org
>
> >> iEYEARECAAYFAkjFmeEACgkQX6ecHn3cW4m2RgCfX9yOh4UaRrFKkHp7L7EKdJKr
> >> NE4An2eU7sJvhQGpVX3XomGX4UKgqg92
> >> =D2Kf
> >> -END PGP SIGNATURE-
>
> >> > Thanks Paul.
> >> > I'm having an issue with wildcards in the nodes/typea.pp file, there
> >> > are inconsistent domain names for the clients, so I might have
> >> > foo.domain.net, or foo.domaain.com, or foo.something or just foo,
> >> > so I tried using the following
>
> >> > node foo*, bar*, baz* {
> >> >  include ipf.typea
> >> > }
>
> >> > But I get the following error on the client:
>
> >> > Could not retrieve catalog: Could not parse for environment
> >> > development: Could not match '*,' at /etc/puppet/manifests/nodes/
> >> > typea.pp:1
>
> >> > On Sep 8, 4:50 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> >> >> -BEGIN PGP SIGNED MESSAGE-
> >> >> Hash: SHA1
>
> >> >> If there is a default node, and you aren't using external nodes, and
> >> >> the current node is not specified, it will use default.
>
> >> >> - --Paul
>
> >> >> On Mon, Sep 8, 2008 at 1:41 PM, josh  wrote:
>
> >> >> -BEGIN PGP SIGNATURE-
> >> >> Version: GnuPG v1.4.8 (Darwin)
> >> >> Comment:http://getfiregpg.org
>
> >> >> iEYEARECAAYFAkjFkCgACgkQX6ecHn3cW4nRgwCgi/+SHGKu3JzvFmH16glj5yTD
> >> >> 3xwAoJMZeo544FfKLh+Ug0J3Lwailzg9
> >> >> =KjYQ
> >> >> -END PGP SIGNATURE-
>
> >> >> > Ah one more question which I neglected to ask.
>
> >> >> > How do I specify that if a node is not in typea or typeb that it's
> >> >> > default?
>
> >> >> > i.e. I now have:
>
> >> >> > include nodes/*
>
> >> >> > and in nodes:
>
> >> >> > typea.pp:
>
> >> >> > node foo, bar, baz {
> >> >> >  include ipf.a
> >> >> > }
>
> >> >> > typeb.pp:
>
> >> >> > node bear, monkey, lion {
> >> >> >  include ipf.b
> >> >> > }
>
> >> >> > but for any other node I want it to include class ipf.other, but don't
> >> >> > want to specify each of the other 600 or so hosts in a "typec.pp" file
> >> >> > or whatever., or will that just get covered by this statement in
> >> >> > site.pp:
>
> >> >> > node default {
> >> >> >    include ipf
> >> >> >    include sshd_conf
> >> >> >    include disable_rpcbind
> >> >> > }
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Exclusions in site.pp?

[josh]

On another note, I do know the IP addresses of the boxes, can I use
IP's in the nodes, or does it have to be via host name? (since that's
what's in the certificate?)

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Sharing the same file for different nodes

[josh]

Joshua,

On Sep 15, 2:26 pm, "Joshua Timberman" <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 15, 2008 at 10:44 AM, josh <[EMAIL PROTECTED]> wrote:
>
> > class typeA {
> >    file { "/etc/ipf/ipf.conf":
> >        owner => "root",
> >        group => "sys",
> >        mode  => 644,
> >        source => "puppet://10.1.2.208/files/etc/ipf/ipf.conf.typeA",
> >        alias => typeA
> >    }
>
> Try this, replacing X with A, B etc.
> class typeX {
>   file { "ipf-conf-typeX":
>     path => "/etc/ipf/ipf.conf",
>     ...
>   }
>
> }
>
> --
> Joshua Timberman
> "Patriotism has no party" - Barack Obama, DNC 2008.


Thank you, I will try that approach.  It seems that I had a typo in
one of my nodes/foo.pp files, and fixing that resolved the issue for
now, but I like your approach.

Josh


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

I should have mentioned, I'm running four mongrel instances fronted by
Apache/2.2.8 on the puppetmaster server for serving the clients.



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] How long for changes to be pushed out?

[josh]

Hello, I have 680 hosts reporting into a central puppet server.
Yesterday I made a change to site.pp and the nodes/foo.pp and nodes/
bar.pp files to push out some new files (a script to enable LDAP) and
it seems that only a handful of stores have downloaded the file and
run the script.

(I don't have reporting setup yet other than on a few clients which I
did manually)

If I ssh into a client and run 'puppetd --test --verbose --debug' it
will in fact download the script to enable LDAP and run it with no
problem.

My understanding was that puppetd "checks in" with the puppetmaster
server every 30 minutes (based on the runinterval variable in
puppet.conf, which I've left at default) and if there were new files
"waiting" for it, it would then do whatever, download them, etc.

I restarted puppetmasterd on the puppetmaster box, and as I said I can
manually run puppetd on a box and it will do the right thing and
download the script and run it, but clearly logging into each box and
manually doing that isn't an option, otherwise I don't need puppet ;)

Am I missing something obvious here?

The clients are all running puppet-0.24.4 with facter-1.3.8 and ruby
1.8.6.  The server is running puppet-0.24.5, facter-1.5.2, and ruby
1.8.6.

Thanks as always,
Josh

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

With almost 700 nodes this isn't an option.  The whole point of
installing puppet in the first place was to not have to do this.

And like I said, if I run puppetd manually on each box it gets the
files, runs the scripts, etc. etc.

Also due to inconsistencies in the syslog config on these boxes, not
all of them have puppet logging to syslog the right way.Maybe I
will just configure puppet to log to a file locally on the box instead
of via syslog and see if I can get some more insight that way.

Josh


On Sep 17, 12:23 pm, chalex <[EMAIL PROTECTED]> wrote:
> I would do something like an ssh for loop that looked for the log
> entries from the clients to see what they're doing:
>
> for i in $NODES
> ssh $i grep puppetd /var/log/messages
> etc
>
> On Sep 17, 9:48 am, josh <[EMAIL PROTECTED]> wrote:
>
> > I should have mentioned, I'm running four mongrel instances fronted by
> > Apache/2.2.8 on the puppetmaster server for serving the clients.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

I have that setup now, I have a class for puppet.conf and a command to
restart it, but it isn't getting pushed out automatically.  I also
just discovered a misconfiguration in a critical system config file,
and since puppet isn't doing it's job, I may have to ssh into each box
manually and fix it.

Here's another question, does the puppetd binary need to be in /usr/
bin or some "normal" place?  Due to OpenSolaris being OpenSolaris, my
copy of puppetd is in /usr/ruby/1.8/bin.

A ps shows this:

/usr/ruby/1.8/bin/ruby /usr/ruby/1.8/bin/puppetd

But do I need to put /usr/ruby/1.8/bin in the "path =" statment in
puppet.conf?
(Currently it's commented out by default or unset)

On Sep 17, 4:16 pm, Aj <[EMAIL PROTECTED]> wrote:
> You'll definitely be wanting to setup reporting, even just the log  
> type to get your clients puppet logs back on the master.
>
> On 18/09/2008, at 7:31 AM, josh <[EMAIL PROTECTED]> wrote:
>
>
>
> > With almost 700 nodes this isn't an option.  The whole point of
> > installing puppet in the first place was to not have to do this.
>
> > And like I said, if I run puppetd manually on each box it gets the
> > files, runs the scripts, etc. etc.
>
> > Also due to inconsistencies in the syslog config on these boxes, not
> > all of them have puppet logging to syslog the right way.    Maybe I
> > will just configure puppet to log to a file locally on the box instead
> > of via syslog and see if I can get some more insight that way.
>
> > Josh
>
> > On Sep 17, 12:23 pm, chalex <[EMAIL PROTECTED]> wrote:
> >> I would do something like an ssh for loop that looked for the log
> >> entries from the clients to see what they're doing:
>
> >> for i in $NODES
> >> ssh $i grep puppetd /var/log/messages
> >> etc
>
> >> On Sep 17, 9:48 am, josh <[EMAIL PROTECTED]> wrote:
>
> >>> I should have mentioned, I'm running four mongrel instances  
> >>> fronted by
> >>> Apache/2.2.8 on the puppetmaster server for serving the clients.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

Splunk is in the works, puppet was the first step in the formula.
We do have a centralized log server, it's just that not all the client
boxes have the proper syslog-ng config in place - another think that
puppet was supposed to "fix" but since it's not doing anything, I'm
SOL.

I have enabled reporting for some stores manually, and it looks like
things are working, but out of ~680 I'm only seeing 40 reporting back.




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

OK so I'm looking at one client machine, and it looks like the
information in /var/puppet/state/ is out of date by about a week.
Shouldn't those files get recreated anytime that puppetd runs?

Also I'm runing puppetd --verbose, but not seeing anything in /var/
puppet/log/
I have the following in puppet.conf:
puppetdlog = /var/puppet/log/puppetd.log

The directory is there, owned by user puppet group puppet, but there's
no puppetd.log file being created.

Am I just missing something obvious here?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

Brian,
Sorry for getting  a little bent out of shape, it's just that my boss
is pushing on me, etc. etc.

Anyways, I think I see an issue.
I saw this in the log file on a client, and I bet I'll see it on many
others if I looked.

Sep 18 10:48:55  puppetd[17896]: [ID 702911 daemon.error] Could not
retrieve catalog: undefined method `-' for #

Looks like that started at around the same time that I went from using
Webrick for the web server to Apache2 in front of mongrel.

I basically used the httpd.conf that is on the Puppet web site.
http://www.reductivelabs.com/trac/puppet/wiki/UsingMongrel

Well at least now I see there's a problem that can be resolved.
Thank you for helping me see the forest for the trees (or whatever
that expression is!)

Now I need to troubleshoot my apache2/mongrel configuration (as I'm
guessing that's where the issue lies).


On Sep 18, 10:51 am, "Brian Mathis" <[EMAIL PROTECTED]> wrote:
> I understand your frustration with this problem, but you've now
> mentioned in almost every email that puppet is "not doing anything",
> "puppet isn't doing it's job", and "it's not doing anything".  Since
> there are many happy users of puppet, it's a good indicator that
> puppet does indeed work, and it's most likely an issue specific to
> your configuration.
>
> The comment from "chalex" was meant to indicate an option on how you
> can check what's wrong with puppet, not as a way to manually perform
> the tasks instead of using puppet.
>
> Before this goes too off-topic about logging, it would be a good idea
> to reread the comment from Andrew Shafer where he suggests:
>
>
>
> > "Does it appear that puppet is doing other things?  Because I suspect it 
> > isn't doing anything.
> > The mystery is to figure out why your puppet clients aren't 
> > running/retrieving their catalogs.
>
> That's the right answer.  Figure out why puppet isn't working.
>
> On Thu, Sep 18, 2008 at 4:39 PM, josh <[EMAIL PROTECTED]> wrote:
>
> > Splunk is in the works, puppet was the first step in the formula.
> > We do have a centralized log server, it's just that not all the client
> > boxes have the proper syslog-ng config in place - another think that
> > puppet was supposed to "fix" but since it's not doing anything, I'm
> > SOL.
>
> > I have enabled reporting for some stores manually, and it looks like
> > things are working, but out of ~680 I'm only seeing 40 reporting back.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

Nigel,

Thanks *phew* that was an easy one line fix!

I had upgraded the server from 0.24.4 to 0.24.5 trying to troubleshoot
another issue, and introduced this one.

Oh well, live and learn.

I'll keep my eyes posted, see if the catalogs get run now on the
client machines.

JOsh


On Sep 18, 11:29 am, "Nigel Kersten" <[EMAIL PROTECTED]> wrote:
> Josh, that's this bug:
>
> http://projects.reductivelabs.com/issues/show/1551
>
> and a simple server side patch will fix it, you can find the patch here:
>
> http://github.com/nigelkersten/puppetmaster/commit/65ce150b04e46cfb57...
>
> I'm not sure why more people haven't seen this. Does everyone simply upgrade
> all their puppet clients at exactly the same time they upgrade their
> servers?
>
>
>
> On Thu, Sep 18, 2008 at 8:19 AM, josh <[EMAIL PROTECTED]> wrote:
>
> > Brian,
> > Sorry for getting  a little bent out of shape, it's just that my boss
> > is pushing on me, etc. etc.
>
> > Anyways, I think I see an issue.
> > I saw this in the log file on a client, and I bet I'll see it on many
> > others if I looked.
>
> > Sep 18 10:48:55  puppetd[17896]: [ID 702911 daemon.error] Could not
> > retrieve catalog: undefined method `-' for # > 0x8e6cf14>
>
> > Looks like that started at around the same time that I went from using
> > Webrick for the web server to Apache2 in front of mongrel.
>
> > I basically used the httpd.conf that is on the Puppet web site.
> >http://www.reductivelabs.com/trac/puppet/wiki/UsingMongrel
>
> > Well at least now I see there's a problem that can be resolved.
> > Thank you for helping me see the forest for the trees (or whatever
> > that expression is!)
>
> > Now I need to troubleshoot my apache2/mongrel configuration (as I'm
> > guessing that's where the issue lies).
>
> > On Sep 18, 10:51 am, "Brian Mathis" <[EMAIL PROTECTED]> wrote:
> > > I understand your frustration with this problem, but you've now
> > > mentioned in almost every email that puppet is "not doing anything",
> > > "puppet isn't doing it's job", and "it's not doing anything".  Since
> > > there are many happy users of puppet, it's a good indicator that
> > > puppet does indeed work, and it's most likely an issue specific to
> > > your configuration.
>
> > > The comment from "chalex" was meant to indicate an option on how you
> > > can check what's wrong with puppet, not as a way to manually perform
> > > the tasks instead of using puppet.
>
> > > Before this goes too off-topic about logging, it would be a good idea
> > > to reread the comment from Andrew Shafer where he suggests:
>
> > > > "Does it appear that puppet is doing other things?  Because I suspect
> > it isn't doing anything.
> > > > The mystery is to figure out why your puppet clients aren't
> > running/retrieving their catalogs.
>
> > > That's the right answer.  Figure out why puppet isn't working.
>
> > > On Thu, Sep 18, 2008 at 4:39 PM, josh <[EMAIL PROTECTED]> wrote:
>
> > > > Splunk is in the works, puppet was the first step in the formula.
> > > > We do have a centralized log server, it's just that not all the client
> > > > boxes have the proper syslog-ng config in place - another think that
> > > > puppet was supposed to "fix" but since it's not doing anything, I'm
> > > > SOL.
>
> > > > I have enabled reporting for some stores manually, and it looks like
> > > > things are working, but out of ~680 I'm only seeing 40 reporting back.
>
> --
> Nigel Kersten
> Systems Administrator
> Tech Lead - MacOps
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: How long for changes to be pushed out?

[josh]

So I made the change on the server roughly 30 minutes ago, hopefully
within a few hours most of the clients will have checked back in to
the server and downloaded the catalogs fresh (I shouldn't need to
restart puppetd or remove /var/puppet/state on the clients should I?)

Josh


On Sep 18, 11:44 am, "Nigel Kersten" <[EMAIL PROTECTED]> wrote:
> heh. This bug taught us something valuable though.
>
> When testing new versions, running with "--test" isn't a good test :) as it
> ignores the local cache, and thus will never hit this bug

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet clients stop talking to the puppetmaster server

[josh]

Here's the scenario,

We have roughly 700 OpenSolaris hosts running puppet-0.24.4,
facter-1.3.8, and ruby 1.8.6.
Puppetmaster server is running OpenSolaris, puppet-0.24.5,
facter-1.5.2, and ruby 1.8.6.
I'm running 4 puppetmasterd instances with mongrel fronted by apache
in load balancer mode.

It seems that quite a few (roughly a third) of the boxes stop checking
in to the puppetmaster server, or just stop downloading/creating the
new classes file from the puppetmaster server.  If I ssh into each
box, stop puppetd and restart it, it downloads the new /var/puppet/
state/classes.txt and everything is good again.

All of the clients are identical, same OS versions, same patch levels,
same puppet.conf, etc.

I am not seeing anything in the logs on the puppetmaster server
(either in the apache logs or puppetmasterd logs) that is indicative
of an issue.

Any thoughts?

Thanks,
Josh


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet clients stop talking to the puppetmaster server

[josh]

The clients still check in every 30 minutes or so, but aren't
downloading the new classes from the server, and they wil still be
trying to download non-existant classes.  I'm pushing out an upgrade
of facter from 1.3.8 to 1.5.2, as of right now 500 out of 700 hosts
have the new facter version, the other 200 or so need to have puppetd
restarted.  I can enable debug mode in the logs and see if that helps
with the troubleshooting.

i.e.:

Sep 29 21:58:49  puppetd[17414]: [ID 702911 daemon.notice]
Starting catalog run
Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
ensure) No specified sources exist
Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
ensure) No specified sources exist
Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
source) No specified sources exist
Sep 29 21:59:01  puppetd[17414]: [ID 702911 daemon.notice]
Finished catalog run in 12.23 seconds



On Sep 29, 5:56 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> What do the logs look like on the clients that stop connecting?
>
> That's where I'd expect to see something, not on the master.
>
> On Mon, Sep 29, 2008 at 11:14 AM, josh <[EMAIL PROTECTED]> wrote:
>
> > Here's the scenario,
>
> > We have roughly 700 OpenSolaris hosts running puppet-0.24.4,
> > facter-1.3.8, and ruby 1.8.6.
> > Puppetmaster server is running OpenSolaris, puppet-0.24.5,
> > facter-1.5.2, and ruby 1.8.6.
> > I'm running 4 puppetmasterd instances with mongrel fronted by apache
> > in load balancer mode.
>
> > It seems that quite a few (roughly a third) of the boxes stop checking
> > in to the puppetmaster server, or just stop downloading/creating the
> > new classes file from the puppetmaster server.  If I ssh into each
> > box, stop puppetd and restart it, it downloads the new /var/puppet/
> > state/classes.txt and everything is good again.
>
> > All of the clients are identical, same OS versions, same patch levels,
> > same puppet.conf, etc.
>
> > I am not seeing anything in the logs on the puppetmaster server
> > (either in the apache logs or puppetmasterd logs) that is indicative
> > of an issue.
>
> > Any thoughts?
>
> > Thanks,
> > Josh
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet clients stop talking to the puppetmaster server

[josh]

Paul,

Yes puppetmasterd has been restarted several times but no luck.  I'm
upgrading all the clients to facter-1.5.2 now, and once that done I
may either upgrade all the clients to puppet-0.24.5, or downgrade the
server to 0.24.4, that way both the clients and the server will have
the same versions of facter and puppet (and ruby, which they already
do)

Josh


On Sep 30, 2:41 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> Have you restarted puppetmasterd? Often when I see changes not
> propagating to clients, it turns out there was a syntax error which
> stopped the puppetmaster from reloading changes.
>
> Try restarting puppetmasterd and watch the logs.
>
> --Paul
>
> On Mon, Sep 29, 2008 at 7:29 PM, josh <[EMAIL PROTECTED]> wrote:
>
> > The clients still check in every 30 minutes or so, but aren't
> > downloading the new classes from the server, and they wil still be
> > trying to download non-existant classes.  I'm pushing out an upgrade
> > of facter from 1.3.8 to 1.5.2, as of right now 500 out of 700 hosts
> > have the new facter version, the other 200 or so need to have puppetd
> > restarted.  I can enable debug mode in the logs and see if that helps
> > with the troubleshooting.
>
> > i.e.:
>
> > Sep 29 21:58:49  puppetd[17414]: [ID 702911 daemon.notice]
> > Starting catalog run
> > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > ensure) No specified sources exist
> > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > ensure) No specified sources exist
> > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > source) No specified sources exist
> > Sep 29 21:59:01  puppetd[17414]: [ID 702911 daemon.notice]
> > Finished catalog run in 12.23 seconds
>
> > On Sep 29, 5:56 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> >> What do the logs look like on the clients that stop connecting?
>
> >> That's where I'd expect to see something, not on the master.
>
> >> On Mon, Sep 29, 2008 at 11:14 AM, josh <[EMAIL PROTECTED]> wrote:
>
> >> > Here's the scenario,
>
> >> > We have roughly 700 OpenSolaris hosts running puppet-0.24.4,
> >> > facter-1.3.8, and ruby 1.8.6.
> >> > Puppetmaster server is running OpenSolaris, puppet-0.24.5,
> >> > facter-1.5.2, and ruby 1.8.6.
> >> > I'm running 4 puppetmasterd instances with mongrel fronted by apache
> >> > in load balancer mode.
>
> >> > It seems that quite a few (roughly a third) of the boxes stop checking
> >> > in to the puppetmaster server, or just stop downloading/creating the
> >> > new classes file from the puppetmaster server.  If I ssh into each
> >> > box, stop puppetd and restart it, it downloads the new /var/puppet/
> >> > state/classes.txt and everything is good again.
>
> >> > All of the clients are identical, same OS versions, same patch levels,
> >> > same puppet.conf, etc.
>
> >> > I am not seeing anything in the logs on the puppetmaster server
> >> > (either in the apache logs or puppetmasterd logs) that is indicative
> >> > of an issue.
>
> >> > Any thoughts?
>
> >> > Thanks,
> >> > Josh
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet clients stop talking to the puppetmaster server

[josh]

Yes I can.  The server will have a LOT of log info as it's serving up
just under 700 clients, but I can pick a few clients and enable debug
logging for them and report back.

On Oct 2, 2:32 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> Can you get debug logs on the client and server?
>
> On Thu, Oct 2, 2008 at 8:25 AM, josh <[EMAIL PROTECTED]> wrote:
>
> > Paul,
>
> > Yes puppetmasterd has been restarted several times but no luck.  I'm
> > upgrading all the clients to facter-1.5.2 now, and once that done I
> > may either upgrade all the clients to puppet-0.24.5, or downgrade the
> > server to 0.24.4, that way both the clients and the server will have
> > the same versions of facter and puppet (and ruby, which they already
> > do)
>
> > Josh
>
> > On Sep 30, 2:41 pm, "Paul Lathrop" <[EMAIL PROTECTED]> wrote:
> > > Have you restarted puppetmasterd? Often when I see changes not
> > > propagating to clients, it turns out there was a syntax error which
> > > stopped the puppetmaster from reloading changes.
>
> > > Try restarting puppetmasterd and watch the logs.
>
> > > --Paul
>
> > > On Mon, Sep 29, 2008 at 7:29 PM, josh <[EMAIL PROTECTED]> wrote:
>
> > > > The clients still check in every 30 minutes or so, but aren't
> > > > downloading the new classes from the server, and they wil still be
> > > > trying to download non-existant classes.  I'm pushing out an upgrade
> > > > of facter from 1.3.8 to 1.5.2, as of right now 500 out of 700 hosts
> > > > have the new facter version, the other 200 or so need to have puppetd
> > > > restarted.  I can enable debug mode in the logs and see if that helps
> > > > with the troubleshooting.
>
> > > > i.e.:
>
> > > > Sep 29 21:58:49  puppetd[17414]: [ID 702911 daemon.notice]
> > > > Starting catalog run
> > > > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > > > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > > > ensure) No specified sources exist
> > > > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > > > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > > > ensure) No specified sources exist
> > > > Sep 29 21:58:55  puppetd[17414]: [ID 702911 daemon.warning] (//
> > > > Node[default]/dhcp_server/File[/export/home/jrivel/dhcp-server.tar]/
> > > > source) No specified sources exist
> > > > Sep 29 21:59:01  puppetd[17414]: [ID 702911 daemon.notice]
> > > > Finished catalog run in 12.23 seconds
>
> > > > On Sep 29, 5:56 pm, "Andrew Shafer" <[EMAIL PROTECTED]> wrote:
> > > >> What do the logs look like on the clients that stop connecting?
>
> > > >> That's where I'd expect to see something, not on the master.
>
> > > >> On Mon, Sep 29, 2008 at 11:14 AM, josh <[EMAIL PROTECTED]> wrote:
>
> > > >> > Here's the scenario,
>
> > > >> > We have roughly 700 OpenSolaris hosts running puppet-0.24.4,
> > > >> > facter-1.3.8, and ruby 1.8.6.
> > > >> > Puppetmaster server is running OpenSolaris, puppet-0.24.5,
> > > >> > facter-1.5.2, and ruby 1.8.6.
> > > >> > I'm running 4 puppetmasterd instances with mongrel fronted by apache
> > > >> > in load balancer mode.
>
> > > >> > It seems that quite a few (roughly a third) of the boxes stop
> > checking
> > > >> > in to the puppetmaster server, or just stop downloading/creating the
> > > >> > new classes file from the puppetmaster server.  If I ssh into each
> > > >> > box, stop puppetd and restart it, it downloads the new /var/puppet/
> > > >> > state/classes.txt and everything is good again.
>
> > > >> > All of the clients are identical, same OS versions, same patch
> > levels,
> > > >> > same puppet.conf, etc.
>
> > > >> > I am not seeing anything in the logs on the puppetmaster server
> > > >> > (either in the apache logs or puppetmasterd logs) that is indicative
> > > >> > of an issue.
>
> > > >> > Any thoughts?
>
> > > >> > Thanks,
> > > >> > Josh
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] How to add users in Solaris via puppet

[josh]

So I'm trying to add two users to ~700 machines running puppet-0.24.4
(Puppetmaster server is also running 0.24.4)

I can get puppet to add the user, or make the home directory, but I
can't get it to set the password (I Don't want to push out an /etc/
shadow file as not every location is 100% the same, and I can't push
out an /etc/passwd file either as not every machine has the exact same
UID/GID combination for the local users, and then I'd have to deal
with cleaning up permissions on directories, etc. and that could get
really ugly - especially for the puppet user)

I tried using some code that would insert a line into a file (/etc/
shadow in this case) but it doesn't seem to always work, which is
weird.

Am I missing something obvious here?  useradd in solaris doesn't have
an option to set the password via the useradd command?

Thanks so much,
Josh

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Slow user resource-type when host is attached to LDAP directory

[Josh]

The majority of our servers are attached to large LDAP directories. 
 However, there are also cases when we need to define local service 
accounts for whatever reason.  We do this with the "user" resource-type. 
 If the host is attached to a LDAP directory, it takes Puppet a VERY long 
time to process the "user" resource-type.  In our case, it takes 60+ 
seconds to process each user type.  Running "puppet resource user username" 
on the host takes over 2 minutes.  During this time, the "puppet" process 
on each hosts is pegged at 100% CPU usage.

Is there any way around this?  I have seen it brought up on the list, but 
not anytime recently (2008, last I searched).

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

Hi,

I have looked all over the place and can't seem to find a complete answer 
to my query

I am setting up MCollective to run alongside my puppet deployment and am 
having some problems getting it to play as I want it to

Basically, I need to make sure that puppet NEVER makes any changes without 
them being triggered by someone (I honestly can't see how anyone would ever 
want that not to the the case but there you go).

I was going to just run puppet in cron in --noop mode for monitoring and 
manually run it for changes, but the 'mco rpc puppet' command requires that 
it be running in daemon mode. Thats fine and working but I am unable to 
find a way to make this work and disable the puppet auto-runs. I found the 
--no-client option for the agent, which the docs seem to imply would do 
this for me, but when I use this option and trigger a puppet run it doesn't 
not report success back to MCollective client:

With the daemon running normally I get:
  myserver  : OK
{:summary=>"Signalled the running Puppet Daemon"}

With no-client mode (which does prevent the auto-runs) I get:
  myserver  : execution expired
  execution expired

It actually triggers a puppet run and all works, but I would like to know 
which hosts have sucessfully started a puppet run. Am I just misreading the 
error?

Am I just missing something here? Is there another way of making sure that 
puppet never makes automated changes in daemon mode?

I thought that maybe I could have the daemon in noop mode all the time and 
pass in the --no-noop flag but this gives:
  myserver  : Cannot specify any custom puppet 
options when the daemon is running
{:summary=>  "Cannot specify any custom puppet options when the 
daemon is running"}

I am using puppet 3.1 and the mcollective-puppet-common|agent|client plugin

Any ideas welcome, I just seem to be going round in circles now

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: How to setup /etc/resolv.conf dependent on network

[Josh]

On Friday, April 12, 2013 9:44:31 AM UTC+1, ForumUser wrote:

> We have nodes in different networks - they use different DNS servers.
> I'd like to set up its /etc/resolv.conf dependent on network they are in.
>

Are you using Hiera? We run multiple datacentres that have different 
management networks, syslog servers and such, I provide the server with 
knowledge of the datacentre with a custom fact (which just reads a file in 
my case) and then in the hiera config I have:

:hierarchy:
  - nodes/%{hostname}
  - common/%{datacentre}

Then anything specific to the datacentre goes in that file. You could 
easily do something similar for the network.

Alternatively you might be able to define it all in a case statement 
matching the IP address of the server, although depending on how 
complicated your network architecture the regexs could become complicated:

case $::ipaddress_eth0 {
 /^192.168.1/: { $nameserver = '192.168.1.254' }
 /^192.168.2/: { $nameserver = '192.168.2.254' }
}

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 10:13:28 AM UTC+1, R.I. Pienaar wrote:

> you do not need to have puppet running for the agent to work, just stop it 
> entirely and then trigger runs through mcollective - in that setup it will 
> happily pass custom arguments like --noop or --no-noop etc 
>

Right, I was kind of hoping that would be how it works but I still get the 
message "execution expired" back from the node ... what is that even meant 
to mean? If you compare the output from my node and my puppetmaster (where 
I am running mco from):

2013-04-12 10:31:45: training-puppetmaster schedule status: Started a 
background Puppet run using the 'puppet agent --onetime --daemonize 
--color=false --no-noop' command
2013-04-12 10:31:51: training-node1 schedule status: execution expired

 Is that just what I should be expecting?

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

Sorry, slack of me:

*Running:*
*
*
 mco puppet -v runall 2

*Agent Config:*
*
*
[main]
  logdir=/var/log/puppet
  vardir=/var/lib/puppet
  ssldir=/var/lib/puppet/ssl
  rundir=/var/run/puppet
  factpath=$vardir/lib/facter
  templatedir=$confdir/templates

[agent]
  server  = puppetmaster
  ca_server   = puppetmaster
  report  = true

*And as I am using Debian, /etc/default/puppet:*
*
*
# Defaults for puppet - sourced by /etc/init.d/puppet

# Enable puppet agent service?
# Setting this to "yes" allows the puppet agent service to run.
# Setting this to "no" keeps the puppet agent service from running.
START=no

# Startup options
DAEMON_OPTS=""

*Server Config:*
*
*
[main]
  logdir= /var/log/puppet
  vardir= /var/lib/puppet
  ssldir= /var/lib/puppet/ssl
  rundir= /var/run/puppet
  factpath  = $vardir/lib/facter

[master]
  certname   = training-puppetmaster.plus.net
  ca = true
  pluginsync = true
  manifest   = $confdir/manifests/unknown_environment.pp
  modulepath = $confdir/modules
  ssl_client_header = SSL_CLIENT_S_DN
  ssl_client_verify_header = SSL_CLIENT_VERIFY

[agent]
  server = puppetmaster
  ca_server = puppetmaster

[production]
  manifest= /local/puppet/env/$environment/manifests/site.pp
  manifestdir = /local/puppet/env/$environment/manifests


*The error message is in the output of mco, puppet. Copied verbatim:*
*
*
root@training-puppetmaster:~# mco puppet -v runall 2
2013-04-12 11:37:05: Running all nodes with a concurrency of 2
2013-04-12 11:37:05: Discovering enabled Puppet nodes to manage
Discovering hosts using the mc method for 3 second(s)  2
2013-04-12 11:37:08: Found 2 enabled nodes
Discovering hosts using the mc method for 3 second(s)  0
2013-04-12 11:37:15: training-puppetmaster schedule status: Started a 
background Puppet run using the 'puppet agent --onetime --daemonize 
--color=false' command
2013-04-12 11:37:21: training-node1 schedule status: execution expired

Thanks
Josh

On Friday, April 12, 2013 10:55:51 AM UTC+1, R.I. Pienaar wrote:
>
>
>
> - Original Message - 
> > From: "Josh" > 
> > To: puppet...@googlegroups.com  
> > Sent: Friday, April 12, 2013 10:33:17 AM 
> > Subject: Re: [Puppet Users] MCollective and Puppet with periodic runs 
> disabled 
> > 
> > On Friday, April 12, 2013 10:13:28 AM UTC+1, R.I. Pienaar wrote: 
> > 
> > > you do not need to have puppet running for the agent to work, just 
> stop it 
> > > entirely and then trigger runs through mcollective - in that setup it 
> will 
> > > happily pass custom arguments like --noop or --no-noop etc 
> > > 
> > 
> > Right, I was kind of hoping that would be how it works but I still get 
> the 
> > message "execution expired" back from the node ... what is that even 
> meant 
> > to mean? If you compare the output from my node and my puppetmaster 
> (where 
> > I am running mco from): 
> > 
> > 2013-04-12 10:31:45: training-puppetmaster schedule status: Started a 
> > background Puppet run using the 'puppet agent --onetime --daemonize 
> > --color=false --no-noop' command 
> > 2013-04-12 10:31:51: training-node1 schedule status: execution expired 
> > 
> >  Is that just what I should be expecting? 
> > 
>
> no idea - you're not showing us what command you run, your configs, what 
> logs these are from etc. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 11:44:44 AM UTC+1, R.I. Pienaar wrote:

> OK - and on training-node1 what is in mcollective server.cfg and if you 
> have in /etc/mcollective/plugin.d/puppet.cfg ? 
>

The server.cfg (just password auth while I am testing):

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/share/mcollective/plugins
logfile = /var/log/mcollective.log
loglevel = info
keeplogs = 1
max_log_size = 10240
identity = training-node1
registerinterval = 300
daemonize = 1

# Plugins
securityprovider = psk
plugin.psk = unset

# ActiveMQ Configuration
connector = activemq
direct_addressing = 1
plugin.activemq.pool.size = 1

plugin.activemq.pool.1.host = 192.168.10.254
plugin.activemq.pool.1.port = 61613
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.1.password = secret
plugin.activemq.pool.1.ssl = 0


# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml 


I don't have anything like /etc/mcollective/plugin.d/puppet.cfg on the 
server

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 12:13:12 PM UTC+1, R.I. Pienaar wrote:

> ok - so if you did 'mco rpc puppet runonce -I training-node1' do you get 
> the 
> same timeout error? 
>

Yes. Output:
root@training-puppetmaster:~# mco rpc puppet runonce -I training-node1

 * [ > ] 1 / 1

training-node1   Unknown Request Status
   execution expired

Finished processing 1 / 1 hosts in 5903.96 ms
 

> anything in the logs on like mcollectived.log on training-node1? 
>

Not beyond the stomp connections messages, even in debug mode.

Josh 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 3:10:05 PM UTC+1, R.I. Pienaar wrote:

> can you show your client.cfg either /etc/mcollective/client.cfg or 
> ~/.mcollective 
> where you ran this 'mco rpc' command? 
>

Almost the same as the server.cfg tbh:

topicprefix = /topic/
main_collective = mcollective
collectives = mcollective
libdir = /usr/share/mcollective/plugins
logfile = /var/log/mcollective.log
loglevel = info
keeplogs = 1
max_log_size = 10240

# Plugins
securityprovider = psk
plugin.psk = unset

# ActiveMQ Configuration
connector = activemq
direct_addressing = 1
plugin.activemq.pool.size = 1

plugin.activemq.pool.1.host = 192.168.10.254
plugin.activemq.pool.1.port = 61613
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.1.password = secret
plugin.activemq.pool.1.ssl = 0

# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

Josh 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 3:55:49 PM UTC+1, R.I. Pienaar wrote:

> you need this everywhere if you set it... 
>

It is in the client.cfg and the server.cfg across both hosts. I don't need 
to add anything into my activemq configuration do I?

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: How to setup /etc/resolv.conf dependent on network

[Josh]

On Friday, April 12, 2013 3:54:16 PM UTC+1, ForumUser wrote:
>
> what if I have 192.168.* with exception of 192.168.100.* ?
> Is the order in case statement important ?
> E.g.:
>
> case $::ipaddress_eth0 {
>  /^192.168.100/: { $nameserver = '192.168.100.254' }
>  /^192.168./: { $nameserver = '192.168.1.254' }
> }
>

It will choose the first match in the case statement.

You can also add a default (and I would always have a default anyway, even 
if it is just to fail with a sensible message)

case $::ipaddress_eth0 {
/^192.168.100/: { $nameserver = '192.168.100.254' }
/^192.168./: { $nameserver = '192.168.1.254' }
default: { fail("You shouldn't get this far") }
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 4:23:14 PM UTC+1, R.I. Pienaar wrote:

> everywhere, all client.cfg and server.cfg. 


Yup, it is everywhere then

Josh 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] MCollective and Puppet with periodic runs disabled

[Josh]

On Friday, April 12, 2013 4:41:24 PM UTC+1, R.I. Pienaar wrote:

> so it works now? 
>
> if not - first make sure 'mco rpc rpcutil ping -I your.node' works 
> when that works the rest will also work. 
>

No, still not working, and the ping (and everything else for that matter 
just as inventory) works fine.

I am begging to suspect that there is some internal timeout in the mco 
plugin and the puppet agent is taking some time to fire up and hence 
triggering the timeout. This is all on virtual machines without a great 
deal of resources but it still seems to run puppet quickly enough when i 
run it manually 

I will have a think about it over the weekend, maybe I will have a flash of 
inspiration.

Many thanks for all your time today, I'll post back if I get some progress

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] New to hiera

[Josh]

Hello,

I've never looked at heira before. I'm looking into upgrading from 2.7 to 
3, and it seems that heira is the recommended way to do things now. From 
what I've read so far, it looks like one professed reason to use it is to 
go from parameterized classes to hiera overrides, because I guess 
parameterized classes are bad. So instead of:

class bar ($foo = 'blah') { ... }

One would have something like:

class bar { $foo = heira('bar::foo', 'blah') }

Is that correct?

I'm not yet sold on heira; so far it seems to just shift complexity outside 
of the classes and add a little more in the process, with hierarchies and 
stuff, and now I have data in multiple places... I still need case 
statements to handle different OSes and stuff. Eh, we'll see. Maybe I just 
haven't read something that explains the benefits well yet.

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Offering "Puppet As A Service"

[Josh]

We have several internal customers that we would like to start offering 
"Puppet as a Service" to.  Our central group would manage Puppet masters, 
ENC, etc.  But, we want other independent groups to be able to use our 
Puppet services.

Is anyone currently doing this?  If so, how are you handling segregation of 
manifests?  Are you creating multiple environments for each internal 
customers (perhaps with one common environment shared amongst all for base 
configuration).

Any suggestions would be greatly appreciated.

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Roles/profile design

[Josh]

As we are starting to re-factor our puppet modules using Craig's 
roles/profile design we have found that this system works well for servers 
(or groups of servers) who have an entire stack of technology deployed to 
them or who all are part the same custom application. Clusters of servers 
typically have a unique set of configuration and fit well into this design. 
 For example, a web-server in the "app1" cluster may look like:

node webserver1 {
  include role::app1_webserver
}

class role::app1_webserver {
  include profiles::base
  include profiles::webserver:app1
}

class profiles::webserver::app1 {
  class { '::apache':
a => 'x',
b => 'y',
  }

  file { "/etc/something":
ensure => present,
content => template("apache/blah.erb"),
  }
}

Along with standard apache, there are various other custom/non-standard 
things that need to be done.  This works well in profiles because it 
provides a layer of abstraction between the component modules and this 
extra configuration is common for all servers in the "app1" cluster. 

I'm having trouble understanding how to treat those "one-off" servers who 
just need things like a standard apache, or a standard mysqld installation, 
but aren't part of any common application and don't need any custom stuff. 
 I thought about defining profiles like so:

class profiles::webserver::apache::generic {
  include ::apache
}

I feel like this design just over complicates the profiles logic, but I 
can't seem to figure out another way to handle this type of scenario. 
 Furthermore, what if I need a generic webserver with PHP?  Do I need 
another profile (ie, profiles::webserver::apache::generic::php).  Can 
anyone give any input on to how I should be handling this?

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8cac06f5-90fc-4cd3-b158-7cb20bb22fef%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Roles/profile design

[Josh]

Ramin,

Thanks.  Your description was very helpful. I have finally started to 
understand how everything should be organized.

My profile::apache class needs to drop some additional templates/files to 
the host for my Apache configuration.  Where should these files and 
templates be located?  For example, is it frowned upon to create a "files" 
or "templates" sub-directory under profiles?  Example?

profiles/files/apache/apachestats.conf
profiles/templates/apache/apachestats.erb

This particular file/template should be associated directly with Apache, 
but I don't know if it warrants creating an entirely new module just to 
house one or two files.

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e0d68599-4488-4fc0-baf7-a908a70c6f6f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Roles/profile design

[Josh]

Ramin,

After looking more at your example for configuring apache mods via hiera, I 
have one problem.

The create_resources will actually just define a resource like so:

apache::mod { 'php' }

However, to install the php module with puppetlabs/apache, I actually need 
to include the apache::mod::php class, ie:

class { 'apache::mod::php' }

Any ideas on how to make this work correctly?  The hiera data should allow 
me to choose which apache::mod::subclass modules that should be installed.

Thanks,

Josh 
 

> You're overloading profile because you're not using Hiera or an 
> ENC. 
> Take this example 
>
> class role::app1_fe { # or perhaps ::fe_app1 
>include profile::apache 
>include profile::php 
> } 
>
> class profile::apache { 
>include apache 
>
>$mymods = hiera('apache::a2mods', {}) 
>create_resources('apache::a2mod', $mymods) 
>$myvhosts = hiera('apache::vhosts', {}) 
>create_resources('apache::vhost', $myvhosts) 
>
> } 
>
> profile::apache can be used by *any* server that needs Apache because by 
> default it does nothing but the minimal config of Apache. However if you 
> were to feed it data such as modules to enable or vhosts to load you 
> could build any Apache server you might need. 
>
> hieradata/app1_fe.yaml  # this assumes you have a role fact. 
> --- 
> apache::a2mods: 
>expires: {} 
>headers: {} 
>rewrite: {} 
> apache::vhosts: 
>www.example.com: {} 
>
> Structures like profile::webserver::app1 indicate you're mixing roles 
> and profiles. And you also embedding data into your Puppet code rather 
> than writing code to consume data. 
>
> It's a lot to wrap your head around and from my experience it 
> takes 1-2 
> restructures of your Puppet code to fully understand it. 
>
> Ramin 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/72124198-748e-4e3e-8bb5-75c333edb8b5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Roles/profile design

[Josh]

Joseph,

I'm not currently defining classes with hiera.  The host is assigned a 
role, which includes a profile, which installs includes ::apache.  I guess 
this may be something that we need to look at for these types of scenarios.

Josh
 

> Hi, 
> How are you declaring your classes to include from with in hiera? 
>
> Is it similar to this? 
>
> --- 
> classes: 
>   - apache 
>   - apache::mod 
> apache::someparamater: value 
> apache::mod::php: blah 
>
>
> If so, you should be able to do: 
>
> --- 
> classes: 
>   - apache 
>   - apache::mod::php 
> apache::my_favorite_parameter: value 
> apache::mod::php::php_parameter: some_other_vaule 
>
> I haven't tried that exact thing with the apache module, but it does 
> work for other modules with sub-classes that I've been working with. 
> That is assuming that you're using the 'classes' array with the 
> hiera_include function.  We use the create_resources function to create 
> wrappers for defines, while regular classes are included via the 
> hiera_include and classes array. 
>
> Our setup was pretty much taken directly from the hiera documentation: 
>
>
> http://docs.puppetlabs.com/hiera/1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>  
>
> There are some gotchas that come up with the hiera merge behavior 
> depending on how complex you're hiera layout becomes.  For example, we 
> had to set the hiera merge_behavior to deeper for us to get some of the 
> desired results that we were looking for. 
>
> -- 
> Joseph Swick > 
> Operations Engineer 
> Meltwater Group 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c7ba4374-1b14-4dfc-8165-97122836141a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Roles/profile design

[Josh]

Joseph,

So, the problem with this method appears to be that once you specify 
"hiera_include('classes')" in the environment's site.pp, Puppet appears to 
try and make Hiera the ONLY source for node classification.  I rely on 
roles from my ENC and profiles for classification as well.

Josh


> Hi, 
> How are you declaring your classes to include from with in hiera? 
>
> Is it similar to this? 
>
> --- 
> classes: 
>   - apache 
>   - apache::mod 
> apache::someparamater: value 
> apache::mod::php: blah 
>
>
> If so, you should be able to do: 
>
> --- 
> classes: 
>   - apache 
>   - apache::mod::php 
> apache::my_favorite_parameter: value 
> apache::mod::php::php_parameter: some_other_vaule 
>
> I haven't tried that exact thing with the apache module, but it does 
> work for other modules with sub-classes that I've been working with. 
> That is assuming that you're using the 'classes' array with the 
> hiera_include function.  We use the create_resources function to create 
> wrappers for defines, while regular classes are included via the 
> hiera_include and classes array. 
>
> Our setup was pretty much taken directly from the hiera documentation: 
>
>
> http://docs.puppetlabs.com/hiera/1/puppet.html#assigning-classes-to-nodes-with-hiera-hierainclude
>  
>
> There are some gotchas that come up with the hiera merge behavior 
> depending on how complex you're hiera layout becomes.  For example, we 
> had to set the hiera merge_behavior to deeper for us to get some of the 
> desired results that we were looking for. 
>
> -- 
> Joseph Swick > 
> Operations Engineer 
> Meltwater Group 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b20be34f-afce-4c76-805c-fb9ca879ec0a%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Hiera and ENC-set top-scope variables

[Josh]

Hi,

I'm trying to do the exact same thing without success.  If I understand the 
Hiera documentation correctly [1], this should be possible (although, I may 
be misunderstanding this documentation).  The only workaround I have 
currently is to turn the top-scope variable (provided by my ENC) into a 
fact using something like:

file { "/etc/puppetlabs/facter/facts.d/group.txt":
  content => "group=$group",
}

However, this has it's disadvantages, because the $::group fact doesn't 
become available until after the puppet run that declares the file resource.

Any ideas?

Thanks,

Josh

[1] http://docs.puppetlabs.com/hiera/1/variables.html

On Friday, November 22, 2013 12:34:24 PM UTC-5, Matthew Ceroni wrote:
>
> I am trying to use an ENC-set top-scope variable in my Hiera hierarchy. 
> However it doesn't seem to be working.
>
> Here is what is returned by my ENC script (it is the foreman ENC script) 
> for a node:
>
> parameters: 
>   san_rafael-spacewalk: mai01-sprxy-02v
>   puppet_ca: mai01-pmstr-02v
>   group: engineering
>   spacewalk_type: site
>   san_rafael_dmz-spacewalk: mai01-sprxy-01v
>   hostgroup: base/production/engineering/quality_assurance/locked
>   san_rafael_dmz-proxy: mai01-dprxy-01v
>   spacewalk_host: mai02-swalk-01v
>   santa_rosa_dmz-spacewalk: mai02-sprxy-01v
>   root_pw: $1$ubWDPsM+$lzyZdN91QCk6dZAhMXBlM/
>   foreman_env: production
>   santa_rosa_dmz-proxy: mai02-dprxy-01v
>   activation_key: 5-839beb8c567b98c0720db37f19ecb64d
>   puppetmaster: mai01-pmstr-02v
> environment: production
> classes: 
>   security::access: 
>   security::users: 
>
> Then in my hiera.yaml file I have:
>
> ---
> :backend:
>   - yaml
> :hierarchy:
>   - %{::clientcert}
>   - %{::group}
>   - %{::dc_location}_%{::is_dmz}
>   - %{::operatingsystem}
>   - common
>
> :yaml:
>   :datadir: '/var/lib/hiera'
>
> Then within /var/lib/hiera I added an engineering.yaml file. But it 
> doesn't seem to be referenced when Hiera goes through the hierarchy. One 
> way I verified this (to ensure something else funky wasn't going on) is 
> that i purposely put an error in the engineering.yaml file and Puppet runs 
> without issue. 
>
> Is it not possible to use a variable returned from ENC?
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0f5dd617-8144-4c58-9c0d-ac31e3886cbc%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Cloud provisioning using Open Source Puppet

[Josh]

You could always check out The Foreman [1].

[1] http://theforeman.org

Josh

On Sunday, January 5, 2014 4:14:56 AM UTC-5, Johan Martinez wrote:
>
>
> I am looking for Open Source Puppet solution that will help in launching 
> and managing ec2 instances, RDS instances, elastic cache instances. I think 
> Puppet Enterprise supports AWS out of the box, but I am confused by Puppet 
> Open Source support. Are there any puppetlabs modules  that would hep in 
> AWS/cloud instance management? I found cloud provisioner module - 
> https://forge.puppetlabs.com/puppetlabs/cloud_provisioner , but it's 
> 'getting started' is missing. I would appreciate if someone could point out 
> Puppet Open source solutions for AWS and their documentation.
>
> Thanks,
> -jM
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d739f707-fb23-4968-a838-ccc59755485f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet 5 Repo Mirror

[Josh]

I know this is a longshot...

I have recently changed job and have inherited a mess of a Puppet 5/CentOS 
7 environment. I know I need to migrate off both of these and that is my 
intention

In the short term, however, I can't fix anything because the puppetlabs yum 
repo for puppet 5 disappeared a couple of years 
back: https://yum.puppetlabs.com/puppet5/

Does anyone know of any current working puppet 5 yum repositories? I just 
want to make a local mirror that I can use before I embark on the process 
of uplifting everything

Thanks
Josh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/de4cbb8b-af0d-4f00-8c8c-6baa97c2e56dn%40googlegroups.com.

Re: [Puppet Users] Puppet 5 Repo Mirror

[Josh]

Sorry it has taken me so long to get back here and thank you! This resolved 
my problems and I can move on to upgrading

Josh

On Thursday 13 June 2024 at 12:30:02 UTC+1 Dietrich, Stefan wrote:

> Hello Josh,
>
> while not available anymore on the web, they can be still pulled via rsync 
> from rsync://rsync.puppet.com/packages/yum/puppet5/
> The README.txt contains additional information for mirroring: 
> https://yum.puppetlabs.com/README.txt
>
> Regards,
> Stefan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/32cfbe4e-1310-4906-a154-2b505cd04745n%40googlegroups.com.

Re: [Puppet Users] windows filepath error

[Josh Cooper]

Hi,

On Fri, Jan 20, 2012 at 2:47 PM, tborthwick  wrote:

> Hello,
>
> I've set up a puppetmaster on red hat and a client on windows 7
> (puppet version 2.7.9 on both), and I'm getting this error when I run
> puppet agent --server  --waitforcert 60 --test:
>
> info: Applying configuration version '1327098121'
> err: /Stage[main]/Win_test/Package[win_test]/ensure: change from
> absent to present failed: The source parameter is required when using
> the MSI provider.
>
> My manifest looks like this:
>
> class win_test {
>  package { win_test: ensure => present }
>  file { "c:/test/win_test_file":
> ensure => 'file',
> owner = 'Administrator',
> source => 'puppet:///modules/win_test/win_test_file',
> require => Package["win_test"]
>  }
> }
>
> I have a file at /etc/puppet/modules/win_test/files/win_test_file.
>

You need a source parameter in your package resource, from which msiexec
can install the msi. At present, this must be a local file (or mapped
drive).

Presumably, the msi you want to install, is the one you downloaded from
your module? If so, then you just need:

package { 'win_test':
  ensure => 'installed',
  source => 'c:/test/win_test_file'
}

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: windows filepath error

[Josh Cooper]

On Mon, Jan 23, 2012 at 6:55 AM, tborthwick  wrote:

> Thanks, I didn't realize it had to be a local file.


I've updated the package description on the Windows wiki page:
http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows?version=63

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet on Windows - client installer?

[Josh Cooper]

On Wed, Jan 18, 2012 at 5:54 AM, jmp242  wrote:

> Is this the case, or am I missing where the installer is? Is there any

thought to creating a msi / exe installer in the future that would
> have puppet be self contained


Funny you should ask: https://projects.puppetlabs.com/issues/11205. We are
working on an MSI installed containing everything you need to install
puppet, facter, ruby, gems.


> and run a service?
>

This is something we are not planning on doing, partly because of the issue
with long running ruby processes, memory usage, etc. Instead we were
looking to use scheduled tasks to run puppet on a specified interval. It
does mean you couldn't `puppet kick` these agents. Would that work in your
environment?

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Has anybody tried puppet in combination with NSIS installers?

[Josh Cooper]

Hi Pedro,

On Tue, Feb 7, 2012 at 2:04 AM, Pedro Lafuente  wrote:

> Just wondering if anyone has successfully used puppet in combination
> with NSIS installers (afaik only msi support is available at the
> moment - i'm not yet familiar with puppet's capabilities under windows
> systems).
>

Puppet can currently only manage msi packages on Windows, see
https://projects.puppetlabs.com/issues/11870. For more general information
about Puppet's windows support, see the wiki page at
http://projects.puppetlabs.com/projects/1/wiki/Puppet_Windows

Thanks,
Josh
-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet on Windows

[Josh Cooper]

Hi Jay,

On Thu, Feb 16, 2012 at 6:14 AM, Jay Ze wrote:

> Hi,
>
> I want to run Puppet on a Windows 2003 Server. I already have a
> working Puppetmaster (Scientific Linux).
>
> I installed Puppet on Windows like shown here:
> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Windows
>
> This worked very well.
>

Great to hear.


> notice: Ignoring --listen on onetime run
> info: Retrieving plugin
> err: /File[C:/Dokumente und Einstellungen/All Users/Anwendungsdaten/
> PuppetLabs/p
> uppet/var/lib]: Failed to generate additional resources using
> 'eval_generate: Co
> uld not intern_multiple from pson: Paths must be fully qualified
> err: /File[C:/Dokumente und Einstellungen/All Users/Anwendungsdaten/
> PuppetLabs/p
> uppet/var/lib]: Could not evaluate: Could not intern from pson: Paths
> must be fu
> lly qualified Could not retrieve file metadata for puppet://
> foreman.id.dvag.com/
> plugins: Could not intern from pson: Paths must be fully qualified
>

This is https://projects.puppetlabs.com/issues/11408#note-32

It will be fixed shortly.


> err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: PGError
> : ERROR:  invalid byte sequence for encoding "UTF8": 0xe46973
> : INSERT INTO "fact_values" ("value", "host_id", "created_at",
> "fact_name_id", "
> updated_at") VALUES ('Mitteleuropõische Zeit   ', 88, '2012-02-16
> 15:13:29.29309
> 9', 28, '2012-02-16 15:13:29.293099') RETURNING "id"


Somewhere between facter gathering the hostname and the hostname being
inserted into the database, there is a problem with how we are handling
UTF8 encoding. The text 'Mitteleuropõische Zeit' should be UTF8 encoded as
'4D 69 74 74 65 6C 65 75 72 6F 70 C3 B5 69 73 63 68 65 20 5A 65 69 74 20'
(in hex). The sequence 'e4 69 73' is most definitely an illegal UTF8
sequence.

Can you file a ticket against puppet?

Thanks,
Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet on Windows

[Josh Cooper]

Hi Jay,

On Thu, Feb 16, 2012 at 10:32 PM, Jay Ze wrote:

> Thanks for your quick answer. What does "soon" mean? 1-2 weeks or
> within the next months?
>

I have a fix in my topic branch:
https://github.com/joshcooper/puppet/tree/ticket/2.7.x/11408-remote-recursionCan
you try it out and update the ticket with your findings:
https://projects.puppetlabs.com/issues/11408

Thanks,
Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet agent fails to start on Windows Server 2008 with --listen option

[Josh Cooper]

Hi Andrei,

On Mon, Feb 20, 2012 at 3:43 AM, Andrei Pashkevich  wrote:

> Hi all,
> I'm trying to start puppet agent on windows machine with --listen
> option:
> puppet agent --no-daemonize --verbose --listen
>
> But in this case I`m receiving the following error message:
>
> notice: Starting Puppet client version 2.7.10
> D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:72:in
> `setup_logger': uninitialized constant Fcntl::F_SETFD (NameError)
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/network/http/
> webrick.rb:20:in `listen'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/network/
> server.rb:100:in `listen'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/network/
> server.rb:115:in `start'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/daemon.rb:123:in
> `start'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application/
> agent.rb:347:in `main'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application/
> agent.rb:302:in `run_command'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 412:in `hook'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 404:in `exit_on_fail'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
>from D:/Ruby187/lib/ruby/site_ruby/1.8/puppet/util/
> command_line.rb:69:in `execute'
>from D:/Ruby187/bin/puppet:4
>
> I've tried to use 2.7.9 puppet agent, but without any luck too.
>
> Any ideas how to workaround this problem?


This is a bug, filed as https://projects.puppetlabs.com/issues/12725

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet on Windows - client installer?

[Josh Cooper]

Hi Shawn,

On Tue, Feb 21, 2012 at 10:54 AM, Shawn Turpin wrote:

> Is this .MSI available (at least for testing)?  When I click on the
> link it takes me to a login screen.
>

There should be a link to create a redmine account, which may be useful
later if you run into trouble and need to file a ticket.


> I am trying to pilot it in my test lab environment and would love to
> give it a whirl.  Especially since this testlab environment has
> limited Internet connectivity (read that as none) so trying to install
> the individual pieces for the Windows agents is a pain.  Trying to do
> a POC for the Windows servers.
>

The repo for building the MSI is publicly available (
https://github.com/puppetlabs/puppet_for_the_win), though it requires that
you have the WiX toolset installed, etc. We don't yet have nightly MSI
builds, but we could make a preview version available for you to try. It'd
be great to get your feedback before we release.

I'll ping you separately tomorrow. If anyone else is interested in giving
it a whirl, please send an email to me directly.

Thanks,
Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Can not retrieve file from puppet master linux to puppet agent windows

[Josh Cooper]

On Mon, Feb 27, 2012 at 1:41 AM, Shirley  wrote:

> Linux master : ubuntu 11.10, puppet 2.7.1
> Windows agent : 2008 r2 x64, puppet 2.7.1
>

Windows agent support was added in 2.7.6, however, we have fixed a number
of issues since then, including the one you are running into. You'll want
to use the latest 2.7.x release:

https://groups.google.com/group/puppet-announce/browse_thread/thread/2d5daed2291962c2

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Agent on Windows

[Josh Cooper]

Hi Igor,

On Mon, Feb 27, 2012 at 12:54 PM, Igor  wrote:

> Yes, we are running it as a windows service.
>
> We are using nssm as a wrapper, here is how we created the service:
>
> nssm.exe install puppet-agent c:\ruby187\bin\puppet.bat agent --
> logdest c:\puppet.log
>

Can you set the trace[1] option in puppet.conf[2]. Restart the service, and
reply with the backtrace?

Thanks,
Josh

[1] http://docs.puppetlabs.com/references/stable/configuration.html#trace
[2] http://projects.puppetlabs.com/projects/1/wiki/Puppet_Windows#Settings
-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Agent on Windows

[Josh Cooper]

Hi Igor,

Are you using the ruby interpreter from rubyinstaller.org? Or cygwin?

On Mon, Feb 27, 2012 at 1:43 PM, Igor  wrote:

> Here you go:
>
> Mon Feb 27 13:41:20 -0800 2012 Puppet (notice): Starting Puppet client
> version 2.7.11
> Mon Feb 27 13:41:20 -0800 2012 Puppet (err): Could not run: fork()
> function is unimplemented on this machine
> Mon Feb 27 13:41:20 -0800 2012 Puppet (err): c:/Ruby187/bin/c:/Ruby187/
> lib/ruby/site_ruby/1.8/puppet/agent.rb

c:/Ruby187/bin/c:/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb
> c:/Ruby187/bin/c:/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb
> c:/Ruby187/bin/c:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb
> c:/Ruby187/bin/c:/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb
>

Something is wrong here. The path should be
c:/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb. Also, the backtrace
normally contains line numbers. How did you install ruby and puppet?

Can you run the following:

cd c:\Ruby187\bin
ruby -v
ruby -e "require 'puppet'; puts Puppet[:daemonize]"
ruby -e "require 'puppet'; puts Puppet.features.microsoft_windows?"

Thanks,
Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet Agent on Windows

[Josh Cooper]

Hi Daniel,

On Tue, Feb 28, 2012 at 11:58 AM, Daniel  wrote:

> I'm having the same issue.  I'm new to puppet and have setup a linux
> puppet master server.  I have successfully signed the cert from the
> windows computer.  In fact, the windows agent was able to perform the
> actions once but now it can't.
>
> I'm running puppet agent interactively from a command prompt (with
> elevated privileges).
>
> puppet agent --verbose --server master.puppet.xx.com  --logdest c:
> \junk\puppetinfo_145.txt
>
> This may or may not have an impact.  I'm connection the windows
> computer to the network through a wireless 4g network (clearwire) so
> there is not local DNS.  I get my IP from clearwire.  When I run
> facter is get unexpected results:
>
> facter hostname
> WN7X64-6MYJ5Q1
>
> facter domain
> <>
>

What is your primary dns suffix (try running ipconfig /all). This is likely
https://projects.puppetlabs.com/issues/12864


> I have tracing turned on:
>
> notice: Starting Puppet client version 2.7.10
> err: Could not run: fork() function is unimplemented on this machine
> err: C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:
> 101:in `fork'
>

This code only exists in master, not 2.7.x. I'm guessing there is something
wrong with the code Brice added to apply catalogs in a separate process
when run on Windows (see 6812ee9fc51f327f3a74fc6a6c0eefd9758d0134). Can you
check that you installed puppet from the 2.7.x branch?


> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:101:in
> `run_in_fork'C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/
> agent.rb:45:in `run' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/
> puppet/application.rb:172:in `call' C:/Dev/tools/Ruby187/lib/ruby/
> site_ruby/1.8/puppet/application.rb:172:in `controlled_run' C:/Dev/
> tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:43:in `run' C:/
> Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:87:in `start'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> signal-system.rb:95:i
> n `call' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/
> event-loop/signal-system.rb:95:in `__signal__' C:/Dev/tools/Ruby187/
> lib/ruby/site_ruby/1.8/puppet/external/event-loop/signal-system.rb:
> 95:in `each' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/
> external/event-loop/signal-system.rb:95:in `__signal__' (eval):2:in
> `signal' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/
> event-loop/event-loop.rb:317:in `sound_alarm' C:/Dev/tools/Ruby187/lib/
> ruby/site_ruby/1.8/puppet/agent.rb:91:in `start' C:/Dev/tools/Ruby187/
> lib/ruby/site_ruby/1.8/puppet/daemon.rb:126:in `start' C:/Dev/tools/
> Ruby187/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:347:in
> `main' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application/
> agent.rb:302:in `run_command' C:/Dev/tools/Ruby187/lib/ruby/site_ruby/
> 1.8/puppet/application.rb:309:in `run' C:/Dev/tools/Ruby187/lib/ruby/
> site_ruby/1.8/puppet/application.rb:412:in `hook' C:/Dev/tools/Ruby187/
> lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run' C:/Dev/tools/
> Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:404:in
> `exit_on_fail' C:/Dev/tools/R
> uby187/lib/ruby/site_ruby/1.8/puppet/application.rb:309:in `run' C:/
> Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:
> 69:in `execute' C:/Dev/tools/Ruby187/bin/puppet:4
>
>
>
>
> On Feb 27, 11:48 am, Jeff McCune  wrote:
> > On Mon, Feb 27, 2012 at 9:29 AM, Igor  wrote:
> > > I'm having issues getting puppet to work properly on our servers. we
> > > have puppet allready running on our linux servers however are unable
> > > to have the puppet agent run on windows.
> >
> > > the log displays only the following:
> >
> > > Puppet (notice): Starting Puppet client version 2.7.11
> > > Puppet (err): Could not run: fork() function is unimplemented on this
> > > machine
> >
> > > The only modules the servers load is:
> >
> > > node 'win2' {
> > >  include windows-admin
> > > }
> >
> > > This is the the contents of the module:
> >
> > > class windows-admin {
> > >  user { "Administrator":
> > >ensure  => present,
> > >password=> 'w5&X341144!'
> > >}
> >
> > > This works properly if running it as a test and sets the password. As
> > > soon as you start the service and the log fills up with:
> > > Puppet (err): Could not run:

Re: [Puppet Users] Windows Puppet 2.7.12rc1-7-g281901e hands at end of run

[Josh Cooper]

7/lib/ruby/site_ruby/1.8/puppet/agent.rb:46:in
> `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:110:in
> `with_client'
>
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:44:in
> `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 172:in `call'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 172:in `contro
> lled_run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:42:in
> `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:85:in
> `start'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> signal-sy
> stem.rb:95:in `call'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> signal-sy
> stem.rb:95:in `__signal__'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> signal-sy
> stem.rb:95:in `each'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> signal-sy
> stem.rb:95:in `__signal__'
> (eval):2:in `signal'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/external/event-loop/
> event-loo
> p.rb:317:in `sound_alarm'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/agent.rb:89:in
> `start'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/daemon.rb:124:in
> `start'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application/
> agent.rb:365:in `
> main'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application/
> agent.rb:320:in `
> run_command'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 416:in `hook'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 407:in `exit_o
> n_fail'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/application.rb:
> 309:in `run'
> C:/Dev/tools/Ruby187/lib/ruby/site_ruby/1.8/puppet/util/
> command_line.rb:69:in `e
> xecute'
> C:/Dev/tools/Ruby187/bin/puppet:4
> err: Failed to apply catalog: Parameter source failed: Cannot use
> relative URLs
> 'WN7X64-6MYJ5QA\\source\\win_test_file.txt' at /etc/puppet/
> manifests/nodes.p
> p:6
> notice: Caught INT; calling stop
> Terminate batch job (Y/N)? y
>
>
> Nodes.pp on server only has the following:
>
> node wn7x64-6myj5q1 {
>file { "c:/test/puppet/target/win_test_file.txt":
>  ensure => 'file',
>  owner => 'Administrator',
>  source => 'WN7X64-6MYJ5QA\\source\\win_test_file.txt',
>}
> }
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet windows File permissions

[Josh Cooper]

Hi Marco,

On Wed, Feb 29, 2012 at 5:46 AM, mparrad  wrote:

> Hi Guys, I'm recently start working with puppet and mostly puppet for
> windows, On linux works perfect, but on windows works fine!, but I got a
> issue working on c:\windows\system32\inetsrv\config folder, I need modify
> the file applicationHost.config using puppet, to keep centralized the
> config for IIS, but when I run the puppet agent for windows the behavior
> it's real weird, The execution finish without errors, also said the file
> was updated, or created, but when I take a look to the file, it's remain
> without changes.
>
> I'm working with puppet master 2.7.1 on CentOS 5.7 server, and puppet for
> windows 2.7.1 on Windows 2008 R2 server...
>

Are you running puppet agent from cmd.exe? or as a service? If the former,
can you run: whoami /groups

I tried changing the permissions to the folder, I put read/write
> permission, I put Full control, I take ownership, but nothing, when I run
> the puppet agent I got the next:
>
> On puppet master i wrote this init.pp for a module called iisconfig:
>
> class iisconfig()
> {
> file { 'C:\Windows\System32\drivers\etc\hosts':
> ensure => present,
> content => template("/etc/puppet/modules/iisconfig/files/hosts"),
> }
>
> file { 'C:\Windows\System32\inetsrv\config\applicationHost.config':
> ensure => 'present',
> content =>
> template('/etc/puppet/modules/iisconfig/files/applicationHost.config'),
> }
>
>
Can you try changing content => 'some literal string'? I'm curious if this
is a templating issue.


> file { "c:/temp/test.txt":
> ensure => 'file',
> mode => '660',
> owner => 'Administrator',
> group => 'Administrators',
> content =>
> template('/etc/puppet/modules/iisconfig/files/applicationHost.config'),
> }
> }
>
> This is the execution
> C:\temp>puppet agent --test
> notice: Ignoring --listen on onetime run
> info: Retrieving plugin
> info: Caching catalog for test01.office.com
> info: Applying configuration version '1330497348'
> notice:
> /Stage[main]/Iisconfig/File[C:\Windows\System32\drivers\etc\hosts]/content:
> info: FileBucket adding {md5}f6b9e9fce03e4bbd9952814d55353857
> info: /Stage[main]/Iisconfig/File[C:\Windows\System32\drivers\etc\hosts]:
> Filebucketed C:/Windows/System32/drivers/etc/hosts to puppet sum
> f6b9e9fce03e4bbd9952814d55353857
> notice:
> /Stage[main]/Iisconfig/File[C:\Windows\System32\drivers\etc\hosts]/content:
> content changed '{md5}f6b9e9fce03e4bbd9952814d55353 to
> '{md5}32aca7ae45f022642e2f5b0156dcb3ca'
> notice: /Stage[main]/Iisconfig/File[c:/temp/test.txt]/content:
> info: FileBucket adding {md5}b3589a284c00ce9a67dd42ccaf15e46d
> info: /Stage[main]/Iisconfig/File[c:/temp/test.txt]: Filebucketed
> c:/temp/test.txt to puppet with sum b3589a284c00ce9a67dd42ccaf15e46d
> notice: /Stage[main]/Iisconfig/File[c:/temp/test.txt]/content: content
> changed '{md5}b3589a284c00ce9a67dd42ccaf15e46d' to
> '{md5}881bfbf113937635f5c35241ed2'
> notice: Finished catalog run in 8.25 seconds
> notice:
> /File[C:/ProgramData/PuppetLabs/puppet/var/state/last_run_summary.yaml]/content:
>
>
> The first file and the last one works fine, but the file I need to modify
> didn't works, but also didn't show any error message or something


Yeah, that's no good. Hopefully the above will shed some light on what's
going on.

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet windows File permissions

[Josh Cooper]

Hi Marco,

On Wed, Feb 29, 2012 at 10:52 AM, Marco Parra D. wrote:

>  Hi Josh,
> I'm runnig from cmd.exe, I'm using Administrator account on the windows
> box, this is the output for the command that you asked:
>
> C:\Users\Administrator>whoami /groups
>
> GROUP INFORMATION
> -
>
> Group Name   Type SID
> Attributes
>   
> ===
> Everyone Well-known group S-1-1-0
> Mandatory group, Enabled by default, Enabled group
> BUILTIN\Administrators   AliasS-1-5-32-544
> Mandatory group, Enabled by default, Enabled group, Group owner
>

This shows that you are running elevated, which is good.


> BUILTIN\UsersAliasS-1-5-32-545
> Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
> Mandatory group, Enabled by default, Enabled group
> CONSOLE LOGONWell-known group S-1-2-1
> Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
> Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\This Organization   Well-known group S-1-5-15
> Mandatory group, Enabled by default, Enabled group
> LOCALWell-known group S-1-2-0
> Mandatory group, Enabled by default, Enabled group
> NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10
> Mandatory group, Enabled by default, Enabled group
> Mandatory Label\High Mandatory Level LabelS-1-16-12288
> Mandatory group, Enabled by default, Enabled group
>
> C:\Users\Administrator>
>
>
> I found a page that talks about security on windows 2008, and I tried
> changing a configuration for the IIS, On the Ineternet Information Services
> Manager, under Management, Configuration Editor, selecting Providers, click
> on Edit Items, selecting DataProtectionConfigurationProvider, I change
> useMachineProtection, and save the change.
>
> On Windows 7 the scripts run perfect, but on Windows 2008 R2 still didn't
> work, still the execution said that the file was modified, but nothing
> happens on the file. no errors it's showed
>

Is your Windows 7 box 32-bit? If you're using 32-bit ruby on a 64-bit
Windows 2008 R2 to edit
C:\Windows\System32\inetsrv\config\applicationHost.config,
Windows may be redirecting you to %windir%\syswow64\inetsrv instead:
http://forums.iis.net/p/1150832/1875622.aspx

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Windows Puppet 2.7.12rc1-7-g281901e hands at end of run

[Josh Cooper]

Hi Daniel,

On Wed, Feb 29, 2012 at 2:33 PM, Daniel  wrote:

> Those items corrected the issues except that it hangs.  It copies the
> file as specified and sets all the permissions then just hangs.
>
> puppet agent --verbose --server master.puppet.marketvine.com  --
> logdest c:\junk\puppetinfo_430.txt
>
> notice: Starting Puppet client version 2.7.12
> info: Caching catalog for wn7x64-6myj5q1
> info: Applying configuration version '1330554637'
> info: FileBucket adding {md5}f4e04d7bdf2a9da08bf419b6358bb774
> info: /Stage[main]//Node[wn7x64-6myj5q1]/File[c:/test/puppet/target/
> win_test_file.txt]: Filebucketed c:/test/puppet/target/
> win_test_file.txt to puppet with sumf4e04d7bdf2a9da08bf419b6358bb774
> notice: /Stage[main]//Node[wn7x64-6myj5q1]/File[c:/test/puppet/target/
> win_test_file.txt]/content: content changed '{md5}
> f4e04d7bdf2a9da08bf419b6358bb774' to '{md5}
> 6dd90ee1f9641d34b48636156c012a90'
> notice: /Stage[main]//Node[wn7x64-6myj5q1]/File[c:/test/puppet/target/
> win_test_file.txt]/owner: owner changed 'Administrators' to
> 'S-1-5-21-1802859667-647903414-1863928812-1828668'
> notice: /Stage[main]//Node[wn7x64-6myj5q1]/File[c:/test/puppet/target/
> win_test_file.txt]/mode: mode changed '2000700' to '0755'
> notice: Finished catalog run in 8.24 seconds
>
> It just sits at this point w/o a command prompt until I hit control-C


On Windows, `puppet agent` will sit in a loop, periodically applying
catalogs based on the runinterval property. You will need to specify
--onetime to have the agent perform a single run. This option is also
enabled when using --test.

One difference between Windows and Unix when running `puppet agent` is that
on Unix we daemonize by default -- the current process does a fork/exec,
and the daemonized child does setsid, closes stdin/out/err fds, etc. On
Windows, we do not support daemonizing, so the puppet run (and subsequent
event loop) occur in the current process until interrupted.

HTH,
Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet windows File permissions

[Josh Cooper]

Hi Marco,

On Thu, Mar 1, 2012 at 6:17 AM, Marco Parra D. wrote:

>  Hi Josh, thank you for reply,
>
> On 29-02-2012 19:12, Josh Cooper wrote:
>
> Hi Marco,
>
> On Wed, Feb 29, 2012 at 10:52 AM, Marco Parra D. 
> wrote:
>
>>  Hi Josh,
>> I'm runnig from cmd.exe, I'm using Administrator account on the windows
>> box, this is the output for the command that you asked:
>>
>> C:\Users\Administrator>whoami /groups
>>
>> GROUP INFORMATION
>> -
>>
>> Group Name   Type SID
>> Attributes
>>   
>> ===
>> Everyone Well-known group S-1-1-0
>> Mandatory group, Enabled by default, Enabled group
>> BUILTIN\Administrators   AliasS-1-5-32-544
>> Mandatory group, Enabled by default, Enabled group, Group owner
>>
>
>  This shows that you are running elevated, which is good.
>
>
>>  BUILTIN\UsersAliasS-1-5-32-545
>> Mandatory group, Enabled by default, Enabled group
>> NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4
>> Mandatory group, Enabled by default, Enabled group
>> CONSOLE LOGONWell-known group S-1-2-1
>> Mandatory group, Enabled by default, Enabled group
>> NT AUTHORITY\Authenticated Users Well-known group S-1-5-11
>> Mandatory group, Enabled by default, Enabled group
>> NT AUTHORITY\This Organization   Well-known group S-1-5-15
>> Mandatory group, Enabled by default, Enabled group
>> LOCALWell-known group S-1-2-0
>> Mandatory group, Enabled by default, Enabled group
>> NT AUTHORITY\NTLM Authentication Well-known group S-1-5-64-10
>> Mandatory group, Enabled by default, Enabled group
>> Mandatory Label\High Mandatory Level LabelS-1-16-12288
>> Mandatory group, Enabled by default, Enabled group
>>
>> C:\Users\Administrator>
>>
>>
>> I found a page that talks about security on windows 2008, and I tried
>> changing a configuration for the IIS, On the Ineternet Information Services
>> Manager, under Management, Configuration Editor, selecting Providers, click
>> on Edit Items, selecting DataProtectionConfigurationProvider, I change
>> useMachineProtection, and save the change.
>>
>> On Windows 7 the scripts run perfect, but on Windows 2008 R2 still didn't
>> work, still the execution said that the file was modified, but nothing
>> happens on the file. no errors it's showed
>>
>
>  Is your Windows 7 box 32-bit? If you're using 32-bit ruby on a 64-bit
> Windows 2008 R2 to edit 
> C:\Windows\System32\inetsrv\config\applicationHost.config,
> Windows may be redirecting you to %windir%\syswow64\inetsrv instead:
> http://forums.iis.net/p/1150832/1875622.aspx
>
>
> Yeah, I'm using a Windows 7 32 bits box, and it's works fine... in the
> other hand, I've testing on Windows 2008 R2 64 bits server, I checked on
> the path tha you said, and your right, the file is changed on
> c:\windows\SysWOW64\inetsrv\config\applicationHost.config, but IIS uses the
> file on c:\windows\system32\inetsrv\config\applicationHost.config
>
> C:\Windows\SysWOW64\inetsrv\Config>dir applicationHost.config
>  Volume in drive C has no label.
>  Volume Serial Number is F4D5-2946
>
>  Directory of C:\Windows\SysWOW64\inetsrv\Config
>
> 03/01/2012  06:01 AM82,384 applicationHost.config
>1 File(s) 82,384 bytes
>0 Dir(s)   6,910,136,320 bytes free
>
> C:\Windows\SysWOW64\inetsrv\Config>dir
> c:\Windows\System32\inetsrv\config\applicationHost.config
>  Volume in drive C has no label.
>  Volume Serial Number is F4D5-2946
>
>  Directory of c:\Windows\System32\inetsrv\config
>
> 02/29/2012  11:01 AM82,122 applicationHost.config
>1 File(s) 82,122 bytes
>0 Dir(s)   6,910,136,320 bytes free
>
>
> How can I tell ruby that don't uses c:\windows\SysWOW64\inetsrv\config
> path? Is this posible?...
>

You can disable file system redirection using the special 'sysnative'
alias: C:\Windows\Sysnative\inetsrv\config\applicationHost.config. But
acccording to MS this is not available on 2003[1], which is odd, because
then 32-bit processes in 64-bit 2003 can't disable file system redirection
on a per-file basis. There are APIs for disabling file system redirection
for the entire process, but that would pr

Re: [Puppet Users] Puppet Agent on Windows - High CPU Usage

[Josh Cooper]

Hi Matt,

On Wed, Mar 7, 2012 at 2:58 PM, Matt Mencel  wrote:

> I recently noticed that the Windows host where I installed the Puppet
> agent for testing was thrashing the CPU.
>
> The culprit ended up being Ruby.exe *32 - "Ruby interpreter (CUI)
> 1.8.7.334 [i386-mingw32]".  This is actually being launched by the
> puppet-agent service in Windows.
>

Did you install the service as described in the wiki page with nssm? Or did
you install the MSI, which installed the service for you? If it's the
former, what version of puppet are you using?


>  The CPU on the host was pegged around 50% all day long.  When I shut down
> the puppet-agent it went down to a reasonable level...hovering in the low
> single digits most of the time.
>
> Start puppet-agent and CPU Usage (on both CPUs in a 2vCPU host)
> immediately pegs to 40%-60%stop puppet-agent and it drops to near zero.
>
> Is this a known issue?  Puppet-agent eating up tons of CPU time (via the
> ruby interpreter)?
>

What happens if you stop the puppet-agent service and launch cmd.exe with
elevated privileges (Run as Administrator), then try running:

1. facter.bat --timing

2. puppet.bat agent --test --debug

This host is a Windows 2008 VMware VM (VSphere 5) with 2vCPUs and 4GB of
> RAM assigned.  It has no CPU or Memory resource limits (set to unlimited).
>  No reservations (set to 0).  CPU and memory resource shares are set to
> "High".  VMware Tools are installed, running, and current.
>

Josh
-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.