at's referenced from
the puppet.conf file on the master. Look at what that script is
doing, and try running the same or similar commands by hand.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to thi
ng these parameters", and let the apache class call
that. Behind the scenes, the nagios class would use concat and
concat::fragment to do the work.
See
<http://www.devco.net/archives/2010/02/19/building_files_from_fragments_with_puppet.php>
for an example.
--apb (Alan Bar
/file instead of /dir/subdir/file is
enough to fool the code that adds implicit dependencies.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
ke this:
if $error_message {
fail("External node classifier says: $error_message")
}
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.
On Mon, 28 Feb 2011, Douglas Garstang wrote:
How is it possible to use external nodes as local files? I was
under the impression that node_terminus=exec or node_terminus=ldap
were the only ways of using external nodes.
Really? That might be because everyone seems to be on the LDAP
external n
/extdata/nodes
I don't do this, obviously, because I didn't know it was possible.
However, I'd probably be inclined to store the data in an
environment-specific directory.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups "
On Wed, 23 Feb 2011, mark risher wrote:
>ssh_authorized_key { $username:
>ensure => present,
>key => "abcdefghijklmnop_very_long_string",
You don't have the 'user' or 'type' parameters. Perhaps that's
related to th
e belongs to).
I don't know what you mean by "set of external nodes"; if you are
referring to some sort of data that is used by the external_nodes
script, then obviously it depends on how the script is written.
--apb (Alan Barrett)
--
You received this message because you are subscrib
cket than by searching all old logs back
to the beginning of time.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this gro
On Wed, 26 Jan 2011, Daniel Pittman wrote:
> I would love to create a bug for this, because "silently" is a bad
> thing: we should either work, or complain about not working, not just
> silently ignore anything.
See issue #4690 and issue #3514.
--apb (Alan Barrett)
--
You re
On Fri, 07 Jan 2011, Patrick wrote:
> On Jan 6, 2011, at 10:55 PM, Alan Barrett wrote:
> > I probably wouldn't do this, but:
> >
> >exec { "secret stuff":
> > command => "/bin/false",
> > unless => "do the real wo
command => "whatever",
noop => false, # overrides global noop mode
}
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
quot;: property was out of sync, and couldn't be changed to be in sync
> due to an error.
> - "noop": property was out of sync, and wasn't changed due to noop mode.
> - "audit": property was in sync, and was being audited.
Thank you! At the time I checked the Repo
;; the other rule says "it must contain a line that
says 'works'". You can't simultaneously satisfy both rules, but puppet
tries as hard as it can, removing the "works" line when it focuses on
the "file" rule, and reinstating the "works" line when it focuses
nstead of echo to avoid portability problems with
different versions of echo interpreting "-" or "\" differently.
* Use grep -F option to make it search for a fixed string
instead of a regular expression;
* Use grep -e option to avoid problems if $line begins with "-&q
t. Some of the comments at
<http://www.devco.net/archives/2010/02/19/building_files_from_fragments_with_puppet.php>
discuss tradeoffs between concat and augeas.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
T
ly
use a symlink to switch atomically between two working copies.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from t
for noop mode? I didn't notice anything like
status = "out of sync, but did not change due to noop mode".
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...
other people might find it more
convenient to time travel within the history of a single branch; the
time travelers might occasionally want to switch from one branch to
another.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users"
but perhaps it can do enough log
analysis to help?
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email t
filename from the template itself,
> but I havent figured that out; __FILE__ and ARGV are not working]
Feature request #4359 asks for a way that templates can get their own
name. It's not possible at the moment.
--apb (Alan Barrett)
--
You received this message because you are subscribed
no variable for the first instance of
> "/etc/syslog-ng/syslog-ng.conf"
> ???
No, but you can define your own variable and use that, or you can wrap
it in a definition and use $name inside the definition.
> Is there a simple way to say "just create any directories you ne
dmit that I did not have time to continue troubleshooting this
> further...
Thanks. I give up now.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroup
rtificate. "openssl crl -text"
reports that the ca_crl.pem file contains no revocations.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
T
ms to have
something to do with the problem but I haven't figured out the details.
If I delete that file, then the puppetd client can connect, and it
downloads a fresh copy of the CRL, after which it can no longer connect.
I have configured certificate_revocation=false on the server, but it
never
On Mon, 29 Nov 2010, Alan Barrett wrote:
> It seems to me that I should be able to take the $ssldir/ca/ca_crt.pem
> files from the two puppetmasters, concatenate them to create a
> ca-bundle.pem file, and place the bundle in some suitable place where
> any client or server can use t
On Mon, 29 Nov 2010, Alan Barrett wrote:
> I am struggling with using multiple puppet CAs. I think I am missing
> information about which files are used for which purposes by different
> parts of puppetmasterd, puppetd, puppetca, and the apache/passenger
> frontend.
For example, w
bundle to verify certificates from any
CA. I haven't been able to figure out where that suitable place is.
Help?
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send ema
ver, puppet.server and search(), but failed. Do you
> know where in the documentation or in the wiki could I have found this?
No, sorry. I think I picked it up from reading the source code.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
&qu
$server = $settings::server
In version 0.25, you can say
$server = inline_template("<%= Puppet.settings[:server] %>").
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group,
ut with only one single quotation...
The closing quotation mark is probably on a different line. This
implies that the variable's value contains an embedded newline
character.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users&qu
er
Thanks.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.
C 3986 section 3
says 'When authority is not present, the path cannot begin with
two slash characters ("//").'
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group,
<http://projects.puppetlabs.com/projects/1/wiki/Release_Notes>
do not mention "audit". The metaparameters documentation at
<http://docs.puppetlabs.com/references/latest/metaparameter.html> does
not mention "audit".
--apb (Alan Barrett)
--
You received this mes
t, though I think they would expose
catalogs being compiled with a modulepath for the wrong environment.
I don't set modulepath at the top level or in the [puppetmasterd]
section; it's set only in the environment-specific sections of
puppet.conf.
--apb (Alan Barrett)
--
You received this
On Fri, 17 Sep 2010, Nigel Kersten wrote:
> >> On Wed, Sep 15, 2010 at 09:31:19PM +0200, Alan Barrett wrote:
> >> > I use an external node classifier purely for the purpose of
> >> > setting the environment [...]
> > I have tested with incorrect environments
On Thu, 16 Sep 2010, Bruce Richardson wrote:
> On Wed, Sep 15, 2010 at 09:31:19PM +0200, Alan Barrett wrote:
> > I use an external node classifier purely for the purpose of setting
> > the environment [...]
> You're still trusting the client.
Yes, for file serving, as I di
I take from the POSIX spec is that one could argue either way about
whether or not it's an error for the "type" command to report that a
target command does not exist; but for the "command -v" command it's
clear that nonexistence of the target command sho
On Wed, 15 Sep 2010, Nigel Kersten wrote:
> On Wed, Sep 15, 2010 at 12:31 PM, Alan Barrett wrote:
> > On Wed, 15 Sep 2010, Nigel Kersten wrote:
> >> > The external node classifier can override the client's idea of the
> >> > environment.
>
uppet.conf from a template, to make the client specify the
correct environment on the next run.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To u
o ignore or override the client's idea
> of which environment to use on a per host basis.
The external node classifier can override the client's idea of the
environment.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"
ile loop in the "command"
parameter of a puppet exec resource, or write a wrapper script that
loops. To run a command once per puppet run as long as it keeps
failing, but stop after it has been successful once, can use the
exec/onlyif technique.
I don't want to add anything to th
6.1rc1, which was about 50% slower
than 0.25.5. Thank you!
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send
On Wed, 11 Aug 2010, martin kummer wrote:
> [files]
> path /etc/puppet/files
> allow 178.78.72.121 <-space here
>
> this breaks the puppetmaster silently. this is real bad. this must be
> a bug.
This is puppet bug #3514. It's supposed to be fixed in version 2
[in node: x="x set in node" y="y default set in
defs.pp"]/message: defined 'message' as 'in node: x="x set in node" y="y
default set in defs.pp"'
Why is it seeing $x as undefined, and taking the wrong branch of
the if statement in defs.pp?
ng people add sh/bash/ksh -c to the beginning of the
> command in the exec. I mean, is that really such a big deal?
Most of the work is already done by ruby's Kernel.exec() function;
puppet would simply need the ability to pass an array all the way
through to the underlying ruby function.
t; "/bin/ls | foo" }
>
> ...which passes it to the default system shell.
+1 [I added a missing comma above.]
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to p
gt; seem to work either, does it? You can't use this from the command
> line, can you?
The command-line equivalent would be
"--no-manage_internal_file_permissions".
Be careful with the hyphens and underlines.
--apb (Alan Barrett)
--
You received this message because you are subs
It didn't quite work in puppet
0.24.8, but if you copy lib/puppet/parser/functions/versioncmp.rb from
puppet-0.25.0 then it should work. See issue #2110.
I think you want somethng like this:
if (versioncmp($version, "1.22") >= 0) {
# do stuff
}
--apb (Alan Barrett)
-
local/lib at run time will
be placed in /tmp/altroot/usr/local/lib at install time.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe f
quot;,
onlyif => "some script to check whether the real files
are out of sync with the bundle",
}
Oh, after writing the above I realised that you probably want a
single template per target file, in the conventional way, but that
you want an easy way of sayin
27;t find the bug report, and
I don't see any errors in your config.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from th
or an interaction between the two. Kill and restart
puppetmasterd to be sure you are testing the changes you think you are
testing.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send ema
d happen. Any "require" passed to your definition
should propagate to the "file" resource insuide the definition
automatically.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this
acility name somewhere. If not at the node level,
then where?
Also, if you were willing to put "include facility::sjc" at the node
level, then why is "$facility_name = sjc" any worse?
I am unlikely to help you any further, unless there's a dramatic
improvement in your attitu
640,
content => template("gu_auth/ldap.conf.rb"),
}
exec { "update /etc/ldap.conf":
command => "cp /etc/ldap.conf.puppet /etc/ldap.conf",
unless => "grep -E '^PUPPET ME NOT' /etc/ldap.conf",
}
--apb (Alan Ba
... do something with $facility::ldapserver
}
> Another approach is to do everything with node inheritance
Common opinion seems to be that node inheritance should be avoided.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users&quo
unge the
arguments, but I would probably not have found such a simple
solution, and I had not yet started writing the code.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppe
he right order
> and doing something like:
>
> package{ $packages :
> ensure => present,
> }
No, that won't install the packages in any specific order. There are no
explicit or implicit dependencies between apckages in your example, but
in my case I want each package to e
actually doing any work in this environment though are you?
No. The "fail" statement in site.pp causes an error message on the
client, and nothing more happens until the configuration is fixed.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Goog
dn't try /dev/null, but I'd be
afraid of puppet converting it from a device to a directory.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com
"patch1", "1.2.3.0.1",
"patch2", "1.2.3.0.2",
"patch3", "1.2.3.0.3"]
I think I can make this work using some ugly code inside
inline_template, or maybe writing my own pa
K for the default installation to use any directories
it likes, provided it's easy to change at build time (and it is easy
enough).
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to
uppet's
"environment" variable to an array is an error.
I don't know how you could prevent the LDAP "environment" variable from
being copied to the puppet "environment" variable, or prevent the LDAP
server from reporting the value of that variable, but per
ons with tag or an exported file.
I have the external node classifier set a $errormessage variable if
appropriate, and then something included by site.pp fails if the
error message is defined.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google
this YAML:
---
parameters:
var: "value"
classes:
- someclass
- "complex_stuff_for_node::foo_domain_example"
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this grou
you envisage
would arise. I think I know what "a default external node that does
nothing" is (it's basically the almost-empty YAML that I mentioned
above), but I don't know how or why you'd have an internal node
definition that referred to the empty external node defin
). For
example, projects using gnats as the bug tracker could easily reject
messages that are not formatted correctly. Projects using an anonymous
web form could use a CAPTCHA to slow spammers down.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google
ffairs is not useful to the maintainers of the software, who would
benefit from bug reports, but who do not benefit from people choosing
not to bother reporting problems.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" g
cellent! I'll change my node classifier to use that information.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this
correct information to Puppet.
> >
> thats not correct (at least in the case of http://theforeman.org).
Really? Did feature #2834 get implemented while I wasn't paying attention?
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
On Mon, 26 Apr 2010, R.I.Pienaar wrote:
> puppet really needs a downcase function.
$var = "Mixed CaSe sTUff"
$downcased_var = inline_template("<%= var.downcase %>")
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
xt time
you start puppetd, it will generate a new key for itself, generate
a new certificate signing request for that key, and send the request
to the server.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users"
group => $group,
mode => $mode,
}
}
> So, on the whole my feeling is that an automatic "key distribution
> service" that was accessible to puppet but (mostly) not to people
> would be ideal.
That would be nice.
--apb (Alan Barrett)
--
You received this me
# do stuff with $filelist, $group, and $home
}
class DevelopersManager {
StaffManager { "developers":
filelist => "developerUserlist.txt",
group => "users",
home => "/home",
}
}
c
uot; package providers will probably be close enough.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email
uld yield
> different results in different environments.
Sorry, you are out of luck. I suggest filing a feature request for the
environment name and/or other relevant variables to be passed to the
config_version script.
--apb (Alan Barrett)
--
You received this message because you are subscri
time (adding
a message in the log), even if the files already have the correct
ownership. To get rid of the unwanted log message at the expense of
slower execution, add
onlyif => "some command to check whether there's a problem",
The onlyif command could use somet
resent,
key => $bob_ssh_key,
type => $bob_ssh_key_type,
user => "repo",
options => "command=\"svnserve -t --tunnel-user=bob\"",
}
--apb (Alan Barrett)
--
You received this message because you are subscribed t
<http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes#command-line-compile-apply>.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from
sh/authorized_keys":
source => "puppet:///wherever",
require => Exec["fail if $homedir does not exist"],
}
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post
^
>"domain2.local" => ['10.128.36.20','10.128.36.10'],
> default => ['10.128.36.10','10.2.36.20'],
> }
I'd put a comma here --^
t unless an
authorised change is known to be ready for deployment; then puppetd is
run in --noop mode to verify that the changes it wants to make are as
expected; finallly puppetd is run in --no-noop mode.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Go
r you want to instantiate the mount: */
include nas-1::virtual
realize Util::Mymount["foo"]
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@g
se, so I run "puppetd --onetime --noop" or "puppetd --onetime
--no-noop" via ssh.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegro
dule providing
> the @mount.
There is a feature request for this:
<http://projects.reductivelabs.com/issues/2084>. Until that is
implemented, I think you'll need to work around it using a define.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the
t; parameter to be a a
filename or an URL to the individual package, not an URL to a collection
of many packages. I have been using the "blastwave" provider, with a
custom config file that points to a private package repository.
--apb (Alan Barrett)
--
You received this message because y
87 matches
Mail list logo
