[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

David Lutterkort wrote: > Augeas will not actually change the file if it stays byte-for-byte > identical, even if you made changes to the tree (e.g. change the value > of a node to something new, then back to the old thing) Well, that's handy. :) Thanks! Avi --~--~-~--~~---

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > Hi David, > > David Lutterkort wrote: > > Yeah, that's what that means. Here's a dirty trick to check multiple > > conditions: > > Your assistance so far has been awesome. If I had more time to play, I'm > sure I could solve this in time, b

[Puppet Users] Re: Puppet Python release?

On Sat, Feb 28, 2009 at 4:30 PM, James Turnbull wrote: > > Agreed. That'd be a useful feature and if we'd probably do it like > Nagios plug-ins do - doesn't matter what the language is as long as they > output data that the Facter API can parse into facts - Perl, Python, C, > Rexx (*coughs*), et

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hi David, David Lutterkort wrote: > Yeah, that's what that means. Here's a dirty trick to check multiple > conditions: Your assistance so far has been awesome. If I had more time to play, I'm sure I could solve this in time, but I'm being hammered by the security teams and I need to get a solu

[Puppet Users] Re: Connection timeout calling fileserver.describe: socket read timeout

Arnau Bria writes: > On Mon, Mar 2, 2009 at 7:50 PM, Joshua Anderson > wrote: [...] > a lot of connections, so seems that clients still try to connect all > at once. Maybe i should start evaluating cron option... We ended up using cron and fqdn_rand() to spread execution time, rather than s

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 11:07 +1100, Avi Miller wrote: > I assume this means that the Augeas type doesn't support an array in > onlyif, but I thought I'd check to be 100% sure. :) Yeah, that's what that means. Here's a dirty trick to check multiple conditions: onlyif => "match /files[ (c

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

David Lutterkort wrote: > Ouch .. you are right. There's a bug that makes '>' mean'>=' and '>=' > mean '>'. I'll commit a fix. Well, on the plus side, it means I'm not actually going insane. :) Quick question: I'm trying to have multiple onlyif matches using standard Puppet syntax, i.e. only

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 11:01 +1100, Avi Miller wrote: > However, note that the > appears to imply >=, i.e. if I use > count(argument)>5 then it will fire when there are 5 arguments. If I use > >6, it will not fire on 5 arguments, but will fire on 6. Ouch .. you are right. There's a bug that mak

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hi, David Lutterkort wrote: > If you have Augeas 0.4.1 on both the puppet client and master (count was > only added in 0.4.1) this should work. Bryan, any ideas what could be > wrong ? I have upgraded both my test client and master to 0.4.1 and I have worked out the problem. Switching to this o

[Puppet Users] other end went away - ONLY on HP-UX

I have spent the last week researching and trying to figure out this problem. I know there are a lot of issues with "other end went away" but I can find any relation to how I am seeing it. Only coming from clients with HP-UX. No other system (Linux, Solaris) has this issue. All my other software

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 10:48 +1100, Avi Miller wrote: > Hi David, > > David Lutterkort wrote: > > You definitely should read up on path expressions[1] for that, and maybe > > even have a look at the test cases for them[2], since they show some > > more esoteric uses. > > I'm still having a bit of

[Puppet Users] Re: Mac OSX Package install

engle, does it work when you avoid the define and just do a standard package install? Note that the pkgdmg provider relies upon marker files for packages in /var/db/.puppet_installed_* so if that marker already exists, it won't reinstall it. (There's no necessary link between the dmg name and the

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hi David, David Lutterkort wrote: > You definitely should read up on path expressions[1] for that, and maybe > even have a look at the test cases for them[2], since they show some > more esoteric uses. I'm still having a bit of a brain disconnect on converting Augeas' XPath stuff into Puppet ty

[Puppet Users] port 8140 issue in ubuntu

I installed all required pkgs for Puppet & other configurations are done. I have issues getting certificates from server. vm1 is server & vm2 is client. In client I run, r...@vm2# puppetd --server vm-devserver-18.dev.s.vonagenetworks.net -- waitforcert 60 --test and I see, /usr/lib/ruby/1.8/pu

[Puppet Users] Mac OSX Package install

I am trying to setup a simple puppet config to pull a .dmg file off an http server and install that package on to a mac laptop. I seem to have the configuration working somewhat, but the package does not get installed on the laptop. I am trying to do a simple install of Firefox and have obtained

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 09:43 +1100, Avi Miller wrote: > Hey list, > > Bryan Kearney wrote: > > onlyif => "match AllowGroups/*[.='sshuser'] size == 0", > > Just to let you all know that this works perfectly with Augeas 0.4.1-1 > from EPEL-testing. > > Now to move onto using Augeas w

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hey list, Bryan Kearney wrote: > onlyif => "match AllowGroups/*[.='sshuser'] size == 0", Just to let you all know that this works perfectly with Augeas 0.4.1-1 from EPEL-testing. Now to move onto using Augeas with the pam.d files. :) I have to work out how to remove lines that ar

[Puppet Users] Re: problem changing group membership for linux users

bump On Mon, Mar 2, 2009 at 8:41 PM, Sebastian Krueger wrote: > How hard would it be to add a flag / option to reductivelabs projects > that use git, to tell git to use the http > method? > > So it would tell git to use http:// instead of git:// > > example: > git clone http://reductivelabs.com/p

[Puppet Users] Re: too many open files

Hurrah! :) Thanks for that chakkerz On Mar 4, 3:07 am, Luke Kanies wrote: > On Feb 26, 2009, at 9:23 PM, chakkerz wrote: > > > > > i sounds extremely exactly likehttp://projects.reductivelabs.com/issues/1844 > > It's probably more this: > > http://projects.reductivelabs.com/issues/961 > > Which

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hey David, David Lutterkort wrote: > EPEL only pushes from epel-testing to epel infrequently (usually when a > coresponding RHEL update release happens) That means that if you want > updates in between, you need to enable the epel-testing repo. Awesome, thanks! cYa, Avi --~--~-~--~

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Wed, 2009-03-04 at 06:35 +1100, Avi Miller wrote: > Any idea when 0.4.0 will show up on EPEL in an official format? :) EPEL only pushes from epel-testing to epel infrequently (usually when a coresponding RHEL update release happens) That means that if you want updates in between, you need to e

[Puppet Users] Re: puppet and LDAP users (SOLVED)

On Mar 3, 2009, at 12:09 PM, Luke Kanies wrote: > > On Mar 1, 2009, at 9:27 PM, Larry Ludwig wrote: > >> >> >> On Mar 1, 2009, at 9:04 PM, Trevor Hemsley wrote: >> >>> >>> [puppetd] >>> ldapserver=ldap.myorg.company.com >>> ldapbase=dc=myorg,dc=org >>> ldapuser=cn=admin,dc=myorg,dc=org >>> ldapp

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Hi David, David Lutterkort wrote: > If you are using Augeas 0.4.0 or newer, you can use the following: Unfortunately, I'm using Augeus 0.3.6, which is the latest version in EPEL. I will download the 0.4.0 sources and rebuild the RPM and give it a whirl. Any idea when 0.4.0 will show up on EPE

[Puppet Users] Re: Special file types

On Mar 3, 2009, at 8:05 AM, Ryan Steele wrote: > > On Feb 27, 5:56 pm, Luke Kanies wrote: >> On Feb 27, 2009, at 1:40 PM, Ryan Steele wrote: >> >> >> >>> Does Puppet have any plans to make resource types for special files, >>> such as FIFO pipes and sockets? Seems like a cleaner alternative to

[Puppet Users] Re: Certificate problems

On Mar 2, 2009, at 5:07 AM, Alexis Hazell wrote: > > Hi all, > > I'm trying to set up puppet 0.24.5 using the packages provided for > Mandriva 2009.0. After installing the packages and starting the > puppetmaster service for the first time, the relevant CA certificates > and keys are generated au

[Puppet Users] Re: puppet and LDAP users (SOLVED)

On Mar 1, 2009, at 9:27 PM, Larry Ludwig wrote: > > > On Mar 1, 2009, at 9:04 PM, Trevor Hemsley wrote: > >> >> [puppetd] >> ldapserver=ldap.myorg.company.com >> ldapbase=dc=myorg,dc=org >> ldapuser=cn=admin,dc=myorg,dc=org >> ldappassword=mysecret >> > > > In my case it's in [puppetmasterd] but

[Puppet Users] Re: too many open files

On Feb 26, 2009, at 9:23 PM, chakkerz wrote: > > i sounds extremely exactly like http://projects.reductivelabs.com/issues/1844 It's probably more this: http://projects.reductivelabs.com/issues/961 Which is now closed, and as soon as we get 0.24.8 out, you can reap the benefits. -- No one w

[Puppet Users] Re: Puppet Python release?

On Feb 27, 2009, at 11:30 PM, James Turnbull wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Nigel Kersten wrote: >> >> 3. ++ to what everyone else said. >> >> There has been discussion around a future version of Facter allowing >> for facts to be provided by executables in a certa

[Puppet Users] Re: Puppet Python release?

On Feb 27, 2009, at 9:15 PM, go8ose wrote: > >> >> I'd be interested in a python version of puppet. >> >> Don't get me wrong it's a great tool it's just that I like python a >> lot more than ruby and hence (of course) do most of my scripting in >> python which leads to more python knowledge which

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

On Tue, 2009-03-03 at 10:05 +1100, Avi Miller wrote: > Hey Bryan, > > Bryan Kearney wrote: > >augeas { "sshd_conf_group_sshuser": > >context => "/files/etc/ssh/sshd_config", > >changes => "set AllowGroups/1 sshuser", > >onlyif => "match AllowGroups != sshuser >

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Bryan Kearney wrote: > Avi Miller wrote: >> Hey Bryan, >> >> Bryan Kearney wrote: >>>augeas { "sshd_conf_group_sshuser": >>>context => "/files/etc/ssh/sshd_config", >>>changes => "set AllowGroups/1 sshuser", >>>onlyif => "match AllowGroups != sshuser >>>} >>

[Puppet Users] Re: Using Augeas type to update sshd_config's AllowGroups

Avi Miller wrote: > Hey Bryan, > > Bryan Kearney wrote: >>augeas { "sshd_conf_group_sshuser": >>context => "/files/etc/ssh/sshd_config", >>changes => "set AllowGroups/1 sshuser", >>onlyif => "match AllowGroups != sshuser >>} > The current type does not supp

[Puppet Users] Re: Requiring a definition

On 3/3/2009 5:12 AM, Scott wrote: > I've tried requiring the exec the definition runs, I've tried > requiring the actual definition using various forms, and I've tried > using an alias but I keep getting various errors. I have the following working for making a standard user access list (origina

[Puppet Users] Re: Special file types

On Feb 27, 5:56 pm, Luke Kanies wrote: > On Feb 27, 2009, at 1:40 PM, Ryan Steele wrote: > > > > > Does Puppet have any plans to make resource types for special files, > > such as FIFO pipes and sockets?  Seems like a cleaner alternative to > > using an exec (e.g., running 'file' on the resource)

[Puppet Users] Requiring a definition

So I'm trying to setup puppet where all packages require a definition (the definition being the addition of a local deb repository to apt- get). and I'm wondering how I can do this. Since installing packages is pretty much the first thing that I need to have puppet do and since I need to have the

[Puppet Users] Re: Connection timeout calling fileserver.describe: socket read timeout

On Mon, Mar 2, 2009 at 7:50 PM, Joshua Anderson wrote: Hi Josh, > Having all your nodes connect at the same time is a Bad Idea. Try running > puppetd with *--splay=true*. See the config > reference > for > details, but it s