On Tue, May 1, 2012 at 10:38 PM, bainar wrote:
> Can anyone tell me if it is possible to explicitly specify the only
> allowed packages on a host (modules on a node?) - i.e. a white list?
> This is for hardening a VPS in the cloud.
>
>
Shouldn't it work using a resource default, something like:
Rather than whitelisting packages, you probably want to build a severely
cut-down repository and ensure it's the only one configured for your box.
On May 1, 2012 1:40 PM, "bainar" wrote:
> Can anyone tell me if it is possible to explicitly specify the only
> allowed packages on a host (modules on
I'm working in a Puppet environment (0.22.1) that I didn't setup. It's
working pretty well but there's one thing that confuses me.
/etc/puppet/manifests/site.pp has the following lines:
filebucket { main: server => "server1.example.com" }
File { backup => main }
-
On server1.example.c
Hi Peter,
take a look at this:
class testme {
define vhost ($servername = "${hostname}.${domain}", $serveralias =
[ "www.${hostname}.${domain}" ], $inorout = "1", $owner = "root",
$group = "root", $enabled = "link", $rewrite = "", $ssl = "false",
$cacert = "", $certchain = "", $certfile = "",
you could always write shell to compare a "whitelist" against a dpkg -l
listing, or whatever pkg manager you are using. Then have it generate your
puppet manifest..
First I would try to figure out how to prevent unwanted packages from being
installed in the first place, not removing them after they
is your time the same on both client and master?
it would be helpful if you provided the --verbose --debug --test
--no-daemonize output of the client.. Also run your master in verbose mode
and paste it's errors here as well.
On Fri, Apr 27, 2012 at 10:12 AM, Demon wrote:
> Hey there!
>
> All
You can install and remove specific packages, but not specify a whitelist.
(Unless you wanted to do creative things with facts, templates, and puppetized
scripts. I'm assuming you think it's better to hose your server due to a typo
than run with a single unpermitted package. And then how are you
On Tue, May 1, 2012 at 10:35 AM, Russell Van Tassell
wrote:
> On Tue, May 1, 2012 at 12:45 PM, Romeo Theriault
> wrote:
>>
>> Unfortunately, solaris
>> doesn't have a cron.d directory where we can drop crontab files
>> either.
>
>
> Are you talking about /var/spool/cron/crontab on Solaris? (thin
Can anyone tell me if it is possible to explicitly specify the only
allowed packages on a host (modules on a node?) - i.e. a white list?
This is for hardening a VPS in the cloud.
Thanks in advance
Andrew
--
You received this message because you are subscribed to the Google Groups
"Puppet Users"
On 01/05/12 21:12, Darryl Wisneski wrote:
> On Tue, May 01, 2012 at 02:15:25PM -0400, Steve Wills wrote:
>> Hi,
>>
>> Thanks for the info. Something is definitely not right, but it doesn't
>> seem to work for me even with the older version:
>>
>> It looks like the problem is that the fix in ticket
On Tue, May 1, 2012 at 12:45 PM, Romeo Theriault
wrote:
> Unfortunately, solaris
> doesn't have a cron.d directory where we can drop crontab files
> either.
>
Are you talking about /var/spool/cron/crontab on Solaris? (think that's
the right path)
It won't reload them without being kicked. But,
Hi Dominic:
On Tue, May 01, 2012 at 09:01:16PM +0100, Dominic Cleal wrote:
> Hi Darryl,
>
> On 01/05/12 16:11, Darryl Wisneski wrote:
> > Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't
> > get augeas to address /etc/rc.conf. I was able to modify key/values
> > in /etc/rc.con
Hi Steve:
On Tue, May 01, 2012 at 02:15:25PM -0400, Steve Wills wrote:
> Hi,
>
> Thanks for the info. Something is definitely not right, but it doesn't
> seem to work for me even with the older version:
>
> It looks like the problem is that the fix in ticket 255:
>
> https://fedorahosted.org/au
Hi Darryl,
On 01/05/12 16:11, Darryl Wisneski wrote:
> Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't
> get augeas to address /etc/rc.conf. I was able to modify key/values
> in /etc/rc.conf in augeas-0.7.1_2 in my puppet classes and augtool.
> I think I recall Dominic saying
On Tue, May 1, 2012 at 03:14, Kent wrote:
> I don't think it's issue #5752, I opened that issue and provided a
> patch to resolve it.
> When I build new versions of Puppet for my Solaris hosts I apply that
> patch each time via my build script and I'm still having some hosts
> where the crontab ge
All,
I am trying to install puppet master version 2.7.13 on Red Hat
Enterprise Linux 6, and utilize stored configs.
I followed the guide here:
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration
When I run puppet --noop on one of the clients, I get the following
error:
e
On Tue, May 1, 2012 at 9:24 AM, Philip Brown wrote:
> On Tue, May 1, 2012 at 6:58 AM, jcbollinger wrote:
>>
>>> But that requires the files be hosted on the puppet master.
>>> What if the conf files are still rdisted out under /rdist/base instead?
>>> What does that look like?
>>
>> It looks exac
On Tue, May 1, 2012 at 6:58 AM, jcbollinger wrote:
>
>> But that requires the files be hosted on the puppet master.
>> What if the conf files are still rdisted out under /rdist/base instead?
>> What does that look like?
>
> It looks exactly like what you are now doing (i.e. no Puppet). How do
> y
Hello,
I am seeing the issue where puppet agent becomes non-responsive and says it
is already running when trying to do a puppet kick and there is a lock file
in /var/lib/puppet/state. I have seen other posts about this and the fix
seemed to be a kernel update. I am running on RHEL6.2 so I d
I am wondering what would cause a puppet client to get into a state like
this. I had a test vm do the same thing to me today.
On Friday, April 13, 2012 2:59:43 PM UTC-4, Thomas wrote:
>
> That worked, thanks!
>
> On Apr 13, 2:54 pm, Patrick Carlisle wrote:
> > This is a bug in the error messag
I can't say that my puppet installation is even close to best
practices, but I think I have a situation similar enough to OP to put
it up for scrutiny. I deploy 7600 files to /var/www/html using puppet
and rsync. Puppet manages an rssh + chroot-jailed read-only file
share and provides the web hea
Howdy:
Since I upgraded some of my FreeBSD boxen to augeas-0.10.0* I can't
get augeas to address /etc/rc.conf. I was able to modify key/values
in /etc/rc.conf in augeas-0.7.1_2 in my puppet classes and augtool.
I think I recall Dominic saying that the /etc/rc.conf lens was added
by the FreeBSD po
Hey Den, thanks for the answer
I changed the import to include it was just a leftover when for some reason
include wasnt good enough to be able to use defined resource types with
some older version.
This false solution isnt working sadly still that monstring get evaluated
with the default value a
Hi,
can't see anything wrong off the top of my head except you use an import
statement instead of an include.
http://docs.puppetlabs.com/guides/language_guide.html#importing-manifests
Have you tried testing for a string like 'false'? Just to see if something odd
not going on.
>> $mode = '755
On Apr 28, 9:53 am, Philip Brown wrote:
> On Saturday, April 28, 2012 2:11:23 AM UTC-7, Luke Bigum wrote:
>
> > Yes, Puppet is perfect for your file-copy-and-hook scenario. In Puppet
> > speak it's "notify" and "subscribe" between resources, here's a very
> > quick example that will restart Some
On Apr 30, 10:52 am, Philip Brown wrote:
> I've already said that converting modified files to packages, was not an
> option.
No, you said that getting your admins' to deploy config changes by
packaging them up was not an option. My suggestion avoids imposing
any need for them to do that.
It
I don't think it's issue #5752, I opened that issue and provided a
patch to resolve it.
When I build new versions of Puppet for my Solaris hosts I apply that
patch each time via my build script and I'm still having some hosts
where the crontab gets "eaten" and it always seems to correspond with
'pr
On 01/05/12 13:00, heriyanto wrote:
> Hi ,
>
> This my puppet class, working nicely. But after i upgarde augeas into
> augeas-0.10.0-3
There was an incompatible change to the modprobe lens in Augeas 0.10.0:
"Modprobe: Parse commands in install/remove stanzas (this introduces a
backwards incompa
Anybody got any idea on this?
I am really stuck with this one.
On Apr 30, 4:51 pm, Peter Horvath
wrote:
> Hi,
>
> I have a modul which created the vhosts and based on the variables defined
> there i am creating nagios defacement host cfg.
> My problem is that I can't conditionally decide if the f
I have to install a client/server app. The server end is easily set
up but I need a puppet module that ensures a package is installed on a
managed node only if the server package has already been installed on
a different server.
Is there a way to do this?
As others have said, it's tricky - C
Hi ,
This my puppet class, working nicely. But after i upgarde augeas into
augeas-0.10.0-3
class modprobe {
modprobe::disableModule{"Disable cramfs, 2.2.2.5": module =>
"cramfs" }
modprobe::disableModule{"Disable freevxfs, 2.2.2.5": module =>
"freevxfs" }
modprobe::disa
31 matches
Mail list logo
