[Puppet Users] Re: Users without shadow

2009-08-31 Thread Michael Gliwinski
Hi Mark, We also use the combination of AD/LDAP + Puppet and I just checked and I don't have any entries in shadow file for any AD users. I also checked the provider code and in fact AFAICS it first checks if any changes need to be applied (by comparing property values specified in manifest t

[Puppet Users] certificate error

2009-08-31 Thread pinoyskull
Hi, Im having a weird problem, always get certificate error when checking logs, the error says... Mon Aug 31 10:59:01 + 2009 Puppet (warning): Certificate validation failed; consider using the certname configuration option The date/time of server and client is in sync... What else to

[Puppet Users] Re: certificate error

2009-08-31 Thread Justin Kinney
If you're using multiple puppet servers, be sure that you're talking to the right one. I mistakenly left a "puppet" CNAME entry in DNS that pointed to my test layer puppet server, and that caused the same error. This occurred even though I explicitly defined the puppet server in puppet.conf as "

[Puppet Users] Re: Users without shadow

2009-08-31 Thread Gajillion
I withdraw my question in shame :( Turns out one of my fellow madmins was overriding our new user creation calls and inserting a default password. Doh! Removing that solves the problem. On Aug 31, 6:18 am, Michael Gliwinski wrote: > Hi Mark, > > We also use the combination of AD/LDAP + Puppet

[Puppet Users] Re: User's and managing expired passwords

2009-08-31 Thread jcbollinger
On Aug 28, 10:15 am, Kyle Mallory wrote: [...] > I think I made some minor progress, as it appears that the password > handing is actually done by 'lib/puppet/provider/user/ > user_role_add.rb' (which makes so sense to me whatsoever), and despite > everything to the contrary, doesn't actually u

[Puppet Users] "Dynamically" use file contents in variables

2009-08-31 Thread Andrew Heagle
Hi, We want to use files to set variables in some recipes in puppet, which works ok. However I have one problem. The first step of the recipe is to get an updated version of a "control file", which has some info to manage data. Even though the file has new data, the recipe reads the file contents

[Puppet Users] Re: Using Puppet for updating Ubuntu machines over the network

2009-08-31 Thread Justin Kinney
> I'm new with Puppet and as far as I have searched I couldn't find a > very good solution for updating some machines over the network. I I think that many on the list feel that you should use the correct tool for the job here, which in your case sounds like an apt-get or equivalent via cron. I

[Puppet Users] Re: Using Puppet for updating Ubuntu machines over the network

2009-08-31 Thread Jordi Funollet
On Thursday 27 August 2009 07:55:58 E. Andrasi wrote: > Hello! > > I'm new with Puppet and as far as I have searched I couldn't find a > very good solution for updating some machines over the network. I > could use Puppet to do a cron job for that but I don't have so much > control over the update

[Puppet Users] Re: User's and managing expired passwords

2009-08-31 Thread seph
>> Actually, these the passwords for the 3 system administrators.  We >> have to have an expiration policy to meet our security guidelines. > I took a different and more hacky approach. > I wrote a function that fetches the complete shadow line from the > shadow file then pushes that line to the

[Puppet Users] Re: User's and managing expired passwords

2009-08-31 Thread James Turnbull
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jcbollinger wrote: > Puppet's resource model involves having a common front end for each > resource type that defines the available parameters, properties, and > features, plus one or more "providers" for that type that interact > with specific host e

[Puppet Users] Re: User's and managing expired passwords

2009-08-31 Thread James Turnbull
2009/8/28 Kyle Mallory : > > The problem is, the User type (w/ manage_passwords enabled and ruby- > shadow installed) will only set the password in /etc/shadow, but it > doesn't manage any of the other shadow parameters, namely the > sp_lstchg parameter).  As a result, after our 90-day period, all

[Puppet Users] Re: User's and managing expired passwords

2009-08-31 Thread Andrew Shafer
git blame I am the culprit. The only provider that does passwords this way is user_role_add on Solaris. If you are not using Solaris, you are not running that code. The rational at the time was, useradd/mod do not support the password parameter on Solaris and libshadow for Ruby is an unmaintain

[Puppet Users] Re: virtual users and groups

2009-08-31 Thread Peter Brown
I put my groups in the virtual::users class as well. Keeps them in one place and it's easier to manage. 2009/8/21 Rene : > > Hi > > Is this a good idea: > > In the users module: > class users::db { > >   �...@group { dba: >        gid    => 200, >        ensure => present, >    } > >   �...@user

[Puppet Users] Re: Puppet, Mongrel, Apache and Debian

2009-08-31 Thread Justin Kinney
> You can see my settings in the above pastie, Apache starts fine and > appears to function fine.  However when I run puppetd --test on any node > I receive the following error: > > warning: Certificate validation failed; consider using the certname > configuration option > err: Could not retrieve

[Puppet Users] Re: Mac OS X open ssh server refresh from puppet...

2009-08-31 Thread Nigel Kersten
On Sun, Aug 30, 2009 at 6:30 AM, grandpa wrote: > > Forgot to add that I'm running Snow Leopard... I've just had a metric crapload of work get dumped on me today, so if anyone else feels like having a look at this issue for Snow Leopard, that would be awesome. Essentially we have two main choice

[Puppet Users] Re: storeconfigs + environments issue

2009-08-31 Thread josbal
Ok guys... thanks to the #puppet irc guys, I have been able to fix my problem. Seems as though when downloading mysql gem via "gem install mysql", puppetmaster was not interfacing with mysql server correctly, and therefore not populating the database. So i removed the mysql gem - "gem uninstall

[Puppet Users] Re: "Dynamically" use file contents in variables

2009-08-31 Thread Teyo Tyree
On Mon, Aug 31, 2009 at 6:56 AM, Andrew Heagle wrote: > > Hi, > > We want to use files to set variables in some recipes in puppet, which > works > ok. However I have one problem. The first step of the recipe is to get > an > updated version of a "control file", which has some info to manage > dat

[Puppet Users] Re: Notify someone on failure

2009-08-31 Thread chakkerz
Very nice! I think we can make that work. Thanks for that!!! chakkerz On Aug 26, 8:44 pm, Gerard Bernabeu wrote: > Hi, > > I'm using nagios to monitor puppet by runing the script below in each host. > The script looks at the log file, it returns 0 if everything is OK or 1 if > there's some erro