If you are like me, the problem is that the ruby for your platform sucks.
The webstack ruby 1.8.7 for Solaris 10 has a nasty tendency to hang (for
the daemons) and core dump for individual runs. Individual runs out of a
crontab are the most reliable way I've found to make it all work.
On Tue, Fe
Further, you should remember that there is no reason for an Apache
configuration to be monolithic. Apache is perfectly happy to have a bunch
of files to include. Throw in a naming convention (e.g. files named
foo.ssl will be included by my SSL config file) and you've got some real
flexibility.
O
Allow me to offer a couple of alternatives:
1) If Puppet is not otherwise doing stuff with the domains, then stop
trying to manage the bind configs purely with Puppet. Instead, have your
configs in revision control (best practice) and have the puppet run do an
update/reload (e.g. have the exec som
Also, there are some known issues with certain Ruby builds that cause the
puppet daemon to randomly hang. Sometimes it's best to have cron run your
puppet jobs.
On Thu, Mar 1, 2012 at 3:01 PM, Alexander Swen wrote:
> Thanks Markus, that's a very usefull tip. will follow!
>
>
>
>> # Whether to s
I did up a nifty deployment engine using Jenkins. Give the devs/CM a form
(e.g. "silo", application versions, etc). It would figure out what it
needed to deploy and then do so, complete with telling the Nagios system to
disable checks while everything was going on. Foreman/Puppet could be the
ri
I do check_mk configuration and Netbackup work via this method.
On Mon, Mar 5, 2012 at 1:57 PM, windowsrefund wrote:
>
> This is exactly how I handle things.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send em
On Thu, Mar 29, 2012 at 10:23 PM, Richard wrote:
>
> Thanks Justin!
>
> If we go with the stepped approach, would the following work?
>
> Puppet Master running 2.6.x on RHEL 6.2, serving 2.5.x clients on RHEL 5?
> Do the different versions of Ruby come into play at all?
>
>
You're not thinking ab
I just did a 2.6.11 -> 2.7.12 migration with Puppet updating Puppet. The
only real hitch I ran into was my puppet masters would update themselves
but somehow Apache/Passenger didn't get restarted, so I had to do that by
hand. Since I didn't start putting any 2.7 features into my manifests
until *
M, Richard wrote:
>
>
> On Friday, 30 March 2012 06:43:17 UTC+1, Brian Gallew wrote:
>>
>>
>>
>>> Thanks Justin!
>>>
>>> If we go with the stepped approach, would the following work?
>>>
>>> Puppet Master running 2.6.x on RHEL 6.2,
I would imagine this has to do with the whole, "you can't override
variables" thing that comes with a declarative language. Truly, if you
want do to this you need to just change the variable names so they won't
conflict with the facter values. This is the primary reason (IMO) that
example42 use m
Every host is trying to create an exported resource named "foo-admins".
That's not what you want. You want a *virtual* resource named foo-admins
and then realize it on each node.
On Tue, Apr 10, 2012 at 3:19 PM, Robert Smith wrote:
> Hello,
>
> I've been trying to build multiple Nagios servers
I'm absolutely with John on this. As an example, for our JBoss application
we need the configuration file to be different based on the the hostname
(we only host one app per host/VM) and environment
(dev/integration/qa/staging/production). Further, some "dev" boxes need to
allow the developers to
Another alternative is to unconditionally copy the file to a staging
director (e.g. /var/staging) and then have
exec {
"conditional copy to path1":
onlyif => "test -d /opt/path1"
command => "rsync -a /var/staging/file.txt /opt/path1";
"conditional copy to path2":
onlyif => "test -d
yif => "test -d /opt/xyz"
>
> file { "/opt/xyz/file.txt":
> owner => "jboss",
> group => "jboss",
> source => "puppet://$puppetserver/modules/module_name/opt/xyz/file.txt",
> }
> }
> }
>
> Thanks,
> Jeeva
Rather than whitelisting packages, you probably want to build a severely
cut-down repository and ensure it's the only one configured for your box.
On May 1, 2012 1:40 PM, "bainar" wrote:
> Can anyone tell me if it is possible to explicitly specify the only
> allowed packages on a host (modules on
Your requirements are moving you to the "must use an ENC or Hiera or Ruby
DSL" camp. Puppet's static typing will absolutely prevent you from doing
this the way you seem to be thinking about it. At this point, your easiest
answer is probably to use Hiera for looking up the value of this hash.
On
I'm a long-term PostgreSQL fan, but MySQL has one feature that makes it a
hands-down winner in our environment: trivial replication. I have
puppetmasters in two different datacenters. Being able to have my
dashboard see the status of systems in both datacenters makes it a lot more
useful to the t
So, yeah, you're doing it wrong.
Really, you probably want to be running something like archiva and have the
clients install from there, but I'm going to guess that's not really
possible for you.
I presume that "done by a script being run (puppetd -onetime) but it should
be run on the client" rea
As one who has previously used Puppet to drive Nagios configurations (and
attempted to contribute patches to Puppetlabs), allow me offer a somewhat
fabulous alternative: check_mk. check_mk is a package that can be used to
generate your Nagios configuration in a programmatic fashion. Here's how
it
I certainly don't see any value there. You need to come up with a
non-strawman argument.
Configuration management is about consistency. Every system is like every
other system to the extent that is possible. Where it is not possible, you
describe that difference in the manifests such that it af
I had exactly this situation: I wanted to manage application configuration,
but developers wanted to be able to alter the configs as necessary, yet
still revert to the "real" config when they wanted. It's a snap with a
define{}:
# We would like to both distribute configuration files as well as
#
"ensure => absent" is the standard syntax for all Puppet types.
On Fri, Jun 15, 2012 at 6:21 AM, eduardo wrote:
> Having advised :
> 'it is highly recommended to migrate work from exec to native
> Puppet types as quickly as possible.'
>
> Is there any chance to purge keys ?
>
> Do nothing wr
As has already been suggested, make the change yourself, submit a patch.
You have indicated several times that this isn't that big a change.
Further, it's a change that is clearly only of benefit to you at this
point, so trying to convince others to do it for you is pointless. If you
*really* wa
There actually is a way to do this, though you may find it to be more
painful to work with.
Imagine, if you will, two environments: production and maintenance.
The production environment is the one you're running right now, for
production. It fully manages everything and ensures that your system
If you are thinking abou Nagios, Icinga, or Shinken, may I suggest you look
at omdistro.org? They provide a single installable RPM/DEB (e.g.
omd-0.54.rpm) which includes all three, plus 10 or so add-ins, all
configured to work together, *plus* a nifty management tool that makes it
super easy to se
On Jun 29, 2011, at 9:05 AM, Nigel Kersten wrote:
> I've long wanted the equivalent of a "conffile" in Puppet.
>
> e.g. "replace this file if it's still the same as the one Puppet put down,
> but if it's been modified from the default, don't replace it"
>
> I've wanted this in the past for thin
I was seeing the behavior on my Solaris boxes when running Puppet under SMF.
The issue, in my case, was that I was trying to work around an SMF bug. My
"workaround" was to "svcadm disable puppetd;svccfg import
/var/svc/manifest/network/puppetd.xml;svcadm enable puppet". The astute
viewer will no
So, I'm into templating. I *like* templating. What I *don't* like, of
course, is to have to use multiple, similar templates for different output
files. So, let's work a concrete example. Suppose I have a template
"standard_profile.erb" which looks like this:
install_typeinitial_install
>
>
String interpolation in the Puppet DSL is strictly variable->string, and does
not handle arrays. For what you want, use
inline_template("tomcat-<%= $config['tomcat_version_server'] %>")
On Aug 8, 2011, at 11:19 AM, Douglas Garstang wrote:
> I've got this:
>
> file {
> '/opt/sugars
On Aug 31, 2011, at 6:57 AM, jcbollinger wrote:
>
>
> On Aug 30, 9:15 am, M C wrote:
>> Hi,
>>
>> is it possible to push a file (with "source" or "content") and then add
>> lines without having Puppet to regenerate it every time it runs?
>> And, how can I add, remove or alter text lines witho
On Sep 1, 2011, at 2:01 PM, Douglas Garstang wrote:
>
> Editing files locally under /etc/puppet as an individual user is not mutually
> exclusive with editing files in a distributed working copy owned by the same
> user.
If it's not, then there's no point in asking for help: your environment
I do this with a define. In my case, I define a web application and pass in
several arrays of hosts. This expands, in turn, to a series of if
statements that check to see which array (if any) $hostname is in and then
sets appropriate variables. I use this to generate Nagios hostgroups,
assign ro
I ended up writing a custom rand_fqdn function based heavily off the
standard rand_fqdn. In my environment, we have a lot of related system
(e.g. webs001, webs002, webs003), many of which have significant startup
times. I changed the function to split an incoming hostname into a
name+numeric suff
So, I have all the nodes export their Nagios stuff, and all my Nagios hosts
then collect what they need (via tagging). The only tricks I used were to
override the file locations so that everything actually gets put into a test
directory, and then have an exec kicked by changes which runs a pre-
Technically, a hostname may not legally contain a dot. A fully qualified
domain name, OTOH, pretty much has to have (at least) one dot.
On Thu, Sep 29, 2011 at 10:59 AM, Sans wrote:
> Is it really a good idea to have a period/dot in the hostname?
> Although I do agree it should be considered as
ALso, let's not forget that "all the world is *not* linux". "hostname -s"
doesn't do what you think it does when it's not the GNU toolset.
On Sep 29, 2011, at 9:13 PM, Doug Balmer wrote:
> Our concept of 'hostname' as a fact is equivalent to hostname -s up
> until now - it doesn't mean the resu
Most of my puppet runs take ~15 seconds or so, however my Nagios servers
take up to 4 minutes to complete.
On Mon, Oct 10, 2011 at 7:00 AM, Chris Phillips wrote:
>
>
> On 10 October 2011 13:05, Jonathan Gazeley > wrote:
>
>> On 08/10/11 21:22, Chris Phillips wrote:
>>
>>> What better way to mon
In theory, as long as you are NOT auto-signing certificate requests, this is
exactly what the puppet server was designed for. However, you should note that
the server is likely to suffer lots of random probing and may be susceptible to
performance problems.
On Oct 20, 2011, at 3:13 PM, Jon Da
This is (almost) trivial.
First, create a fact that turns /var/lib/puppet/state/classes.txt into an
array. Then extract that fact from the storedconfigs DB programmatically.
Admittedly, this won't get all defined nodes, as that is somewhat meaningless
since nodes can be "default" or regular ex
Let me emphasize the beauty of running Puppet out of cron. Not only do you
not end up with resource leaks (or just simple consumption when you don't
need it), but you also get much more reliable load on your puppet masters.
Further, if you are wiling to make a trivial effort to write a
site-speci
Very nice write-up, Jo. Thanks.
On Wed, Jan 4, 2012 at 5:04 PM, Jo Rhett wrote:
> NOTE: this is a draft document, just because there are some things here
> that I'd really like to improve. Please let me know if you have a better
> way to do these things. There's also a few issues with Puppet
Does this mean that the tickets which are just awaiting merge (including all
the relevant unit tests) will get done some day soon?
On Jan 9, 2012, at 11:36 PM, James Turnbull wrote:
> Love Puppet? Hate the backlog of tickets? Want to help us out? The
> Puppet community has grown really fast and
ber and I will try and get it bumped up in priority.
>
> Daniel
>
> On Tue, Jan 10, 2012 at 10:06, Brian Gallew wrote:
>> Does this mean that the tickets which are just awaiting merge (including all
>> the relevant unit tests) will get done some day soon?
>>
>>
I would have thought that, instead of rsyncing the new machine, you'd have
used Puppet to deploy it as a Puppet master. I'm curious as to why you went
this route?
On Thu, Apr 22, 2010 at 12:22 AM, Nicolas Szalay wrote:
> - "Brian Lam" a écrit :
>
> | I apologized ahead of time if this post
(vastly trimmed code)
*manifests/site.pp:*
import "base"
*module/base/manifests/init.pp*:
import "baselines/*.pp"
import "infrastructures/*.pp"
import "nodes.pp"
*nodes.pp:
*node 'pslave1' inherits rnc {
notice($my_puppet_master)
}
*infrastructures/geographical.pp:*
node rnc inherits basenode
at nodes are so
fundamentally broken as to make node inheritance completely useless, in
which case node inheritance should be pulled.
On Tue, May 11, 2010 at 7:58 AM, Joe McDonagh
wrote:
> On 05/11/2010 02:11 AM, Brian Gallew wrote:
>
> (vastly trimmed code)
> *manifests/site.pp:*
>
rk separation), so to get there I need, you know, "basic
functionality".
On Tue, May 11, 2010 at 3:31 PM, Dan Bode wrote:
> On Tue, May 11, 2010 at 3:27 PM, Nigel Kersten wrote:
>
>> On Tue, May 11, 2010 at 3:19 PM, R.I.Pienaar wrote:
>> >
>> > - &quo
I've got a generic user "java" that owns Java applications. Due to
circumstances beyond my control, I cannot dictate a change here, so I need
to make Puppet work with the infrastructure on hand. The big problem,
though, is that java's home directory varies with the application that's
being run.
Thanks. I'll try that when I get in to the office tomorrow.
On Mon, Jun 14, 2010 at 4:00 PM, donavan wrote:
> On Jun 14, 1:14 pm, Brian Gallew wrote:
> > class jboss {
> > include users
> > User["java"]{home => "/home/app1"
> > r
First of all, if your sysadmins aren't advocates of version control (even
more so than your developers), fire them now, Now, NOW. Or at least hire a
competent senior sysadmin to train them properly.
Back to the topic at hand. We have only two environment (production and
development). Since the
Mark your exec with "refreshonly => true".
On Mon, Jul 5, 2010 at 9:53 AM, Peter Berghold wrote:
> Hi folks,
>
> I have a few rules in my manifests that take the form:
>
> file {
> some-file:
> source => "puppet://puppet/some/path",
> -- etc--
> }
>
> exec {
> sync
I have to agree with Daniel on this one. While it's annoying to build
Solaris (in my case) packages for every CPAN package you want to install,
then end result is that I can control the installed version *precisely*.
While it may never have been a problem for you, I've been bitten more than
once b
Sorry, when you use Gmail you end up top-posting whether you like it or not.
On Mon, Aug 16, 2010 at 8:45 PM, Daniel Pittman wrote:
> Brian Gallew writes:
>
> It is always nice if y'all follow the existing quoting style in mails; it
> makes it much less confusing to follow la
If you have shared storage, it's pretty trivial to collect all the
relationship files. If not, you might consider the simple expedient of scp
or curl in an exec{} to get them where you want them.
On Thu, Aug 26, 2010 at 12:47 AM, Matt Wallace
wrote:
> On Wednesday 25 Aug 2010 19:17:18 Phips wrot
The way you make the service start/stop by a specific user is to make sure
the OS-standard start/stop script do su/sudo at the correct point.
On Mon, Aug 30, 2010 at 6:43 AM, Daniel Pittman wrote:
> Matt writes:
>
> > I would like to use the type "service" to ensure that a service is
> currentl
There are two standard answers for conflicting items like this.
1) Break out the conflicting items into their own class/definition.
2) Learn to love virtual resources and realize them as necessary.
On Mon, Sep 6, 2010 at 12:30 PM, Douglas Garstang
wrote:
> On Mon, Sep 6, 2010 at 12:12 PM, Douglas
Is there any reason why you don't just do it the easy way?
host <%= users_ldap_servers.join(" ") %>
On Fri, Sep 10, 2010 at 5:50 AM, Al @ Lab42 wrote:
> Hi all,
> I've a silly problem that it's driving me crazy and I'm almost sure
> the solution is quick and easy.
> Still it doesn't seem at my
I've basically ended up with one /etc/system to rule them all (and in the
darkness bind them?). Fortunately for me, my systems are large enough to
support this and there have been no conflicting requirements. I'm sure I'm
losing some tiny bit of performance and memory, but I really can't work up
I've been thinking about this myself, and I've come up with a few
possibilities.
1) Leverage the reports on the puppet master. This could be done with a
daemon that watched /var/lib/puppet/reports, for instance.
2) Leverage the reports on the puppet clients. Each puppet run could ship
the report
Personally, I like Foreman for doing that, especially once I've patched it
to make certain Foreman-specific variables set by the report processor. In
theory Dashboard will do the same thing, though I've never been able to get
it to work reliably (incompatible gem set).
And of course, there's alwa
Before I go and write yet another custom fact, I just want to be sure that
the behavior I'm seeing is "as designed" rather than a regression.
When I ran 2.6.1, I had the following snippets working as expected:
base/manifests/minimal.pp:
class {"ssh::sshd_config": stage => post}
ssh/manifests/
Foreman's report agent, for some reason, doesn't update as many of the
Foreman DB fields as one might wish. I submitted a patch on this, but as
Mark pointed out, the approved way to do this is to run a rake periodically
to re-import all of the reports and/or classes.
If you are interested in hack
In general, "cron != vixie-cron". It turns out that most of the Unix world
pre-dates Linux and for various reasons (not the least of which are legal
issues, branding, and in-product compatibility) it is generally *extremely*
poor form to assume Linux-isms. Clearly, the cron provider should be
upd
So, once again usability is sacrificed in favor of purity.
If you are using Puppet 2.6.1, you can move evaluation of the
sshd_config.erb template to a "post" stage, and then generate your
AllowGroups stanza from the class list (which will be complete). Here's an
excerpt from my sshd_config.erb th
"You are not authorized to access this page.
On Wed, Jan 5, 2011 at 12:07 PM, Daniel Pittman wrote:
> ...ideally, that answer should be "for now", because every second
> person seems to want this feature. Which will be helped if someone
> filed a feature request. So, um, I did:
> https://proje
Since my manifests are all in Subversion, all my puppet masters run a job every
hour that updates all of the local branches (prod, dev, etc).
On Jan 25, 2011, at 8:46 AM, CraftyTech wrote:
> Hello All,
>
> For those who run multiple Puppetmasters; what's your method of syncing
> the modul
Not really. There are a couple ways to handle this:
1) Make use of includes. Have the puppet-managed file include the app-managed
file. Of course, this requires the app to be friendly to this kind of setup.
2) Add "replace=>false" so that Puppet will create the file but never update it
if it e
Not really. There are a couple ways to handle this:
1) Make use of includes. Have the puppet-managed file include the app-managed
file. Of course, this requires the app to be friendly to this kind of setup.
2) Add "replace=>false" so that Puppet will create the file but never update it
if it e
create the file but never
> update it if it exists. Of course, that breaks when you have updates
> that you really do need puppet to apply.
>
> When I need to force the update, I would simply comment out the
> 'replace" for one run? is there a better way?
>
> Moh
Interestingly enough, I wrote a custom fact to do that. In my case, I have
and sshd_config.erb where I want to set the AllowGroups stanza based on all
the classes applied to a node. With 2.6.1 I could achieve that effect
simply by moving adding a class to the "post" stage (which is run after
main
Interestingly enough, it's pretty easy to make a Solaris package. More than
that, it may well be necessary that you do so since your package would
depend on Ruby, which could be in one of several places, and your own
organization's policies on where addons go might differ from someone
else's. Als
and presents it as a csv fact value.
> This would really save me some time as I am not a ruby developer.
>
> From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On
> Behalf Of Brian Gallew
> Sent: Thursday, January 27, 2011 9:08 PM
> To: puppet-users@googlegro
On Feb 2, 2011, at 4:57 PM, John Warburton wrote:
> I would love to see that in http://docs.puppetlabs.com/guides/templating.html
> in the "Access to defined tags and classes" section. I have created a ticket
> for that -https://projects.puppetlabs.com/issues/6124
Sadly, there's also a great n
em do you tend to see with the classes array? Does it
> > look like an order dependency? Is it just a crapshoot as to whether a
> > given class is in the list, or is there a method to it?
> >
> > On Feb 2, 5:18 pm, Brian Gallew wrote:
> >
> >
> >
> >
&
While it's perfectly appropriate to have multiple exec{} or a single exec{}
with a multi-line command in your puppet manifest, once you reach a certain
level of complexity you almost invariably want to switch to a
file{"/usr/local/scripts": ...} exec{"/usr/local/scripts/doit": ...} model.
The
Add a fact that's derived from parsing /var/lib/puppet/state/classes.txt. It
will be exactly one run behind, but it will have the complete list of classes
as of the previous run and it's reliable.
On Feb 3, 2011, at 9:58 AM, Richard Crowley wrote:
> On Thursday, February 3, 2011 at 9:53 AM, Ad
On Feb 3, 2011, at 10:22 AM, Adam Gibbins wrote:
> On 3 February 2011 18:14, Brian Gallew wrote:
> Add a fact that's derived from parsing /var/lib/puppet/state/classes.txt. It
> will be exactly one run behind, but it will have the complete list of classes
> as of the prev
Yeah, fire up MySQL and alter the column to be of type TEXT instead of
VARCHAR(255). I ran into the same problem. I believe the column you are
looking for is fact_values.value.
On Feb 18, 2011, at 12:26 PM, Mark Stanislav wrote:
> So I had been smashing my head against a wall, unsure why I wa
Never forget the DHCP does NOT necessarily mean "dynamic addresses". Depending
upon your corporate culture, it may be perfectly acceptable for DHCP to hand
out statically assigned addresses to your hosts. This would allow your build
process to be easy, and you can have the host never DHCP agai
For the way you are doing thing, the easiest answer is: use templates. Here
is an example from my sshd_config.erb file that may be of use to you:
- CUT HERE -
pps = cprt_classes.split(',') rescue []
my_login_groups = ['root', 'wheel', 'sysadmin']
my_login_group
Doug, there's a command-line tool called "ack" which is an enhanced grep
replacement. It will probably do what you wat with finding your nodes.
On Mon, Feb 28, 2011 at 4:43 PM, Douglas Garstang
wrote:
>
>
> On Mon, Feb 28, 2011 at 1:17 PM, Alan Barrett wrote:
>
>> On Mon, 28 Feb 2011, Douglas G
Sadly, signs point to "no".
On Wed, Mar 2, 2011 at 5:15 AM, Martijn Grendelman wrote:
> Hi,
>
> A question for the devs. Will this:
>
> http://projects.puppetlabs.com/issues/4020
>
> make it into a release any time soon?
>
> Best regards,
> Martijn.
>
> --
> You received this message because you
nil => undef,
global => undef,
default => "${cprt_globalzone}.${my_domain}",
},
use => [ $productname ? {
"Sun Fire X4140" => "host-x4140-template",
default => "host-generic-templat
me to
> time when nodes are taken out or things are moved around and I need to
> manullay remove nagios config files and have puppet regenerate them :\
>
> On 11-03-02 09:55 AM, Martijn Grendelman wrote:
>> On 02-03-11 14:49, Brian Gallew wrote:
>>> Sadly, signs point to
The short answer is: it sucks to be you.
The longer answer is that variables are really rvalues: they are something
that you can read and test, but they are not function calls or otherwise
subject to evaluation. When you write
Cron <| tag == "a" |>
in your manifest, you are evaluating an == expre
My setup also has a worst-case propagation delay of 90 minutes. I have a
custom fact that collects all of the information in classes.txt on the
client. That, in turn, is used (for Nagios) by a custom parser function
that produces the hostgroup list for when the nagios_host resource is
exported.
A cons cell isn't actually that hard to produce in Puppet: you can use a
hash. Each key is the member of the cell you want to keep, while the value
is a throwaway. But. Puppet's non-determinate evaluation order is pretty
much guaranteed to bite you in the butt. You can really only get the "full
On Mar 11, 2011, at 7:52 AM, Nick Moffitt wrote:
>> I'm not sure what you mean by deduplicating. Puppet won't let you
>> have duplicate *anything*, exported or not. If you mean "filtering",
>> that's doable, but any non-trivial filtering rule will require to you
>> write evil Puppet functions th
On Mon, Mar 14, 2011 at 11:07 AM, VinceT wrote:
>
>
> class passwd {
>
> user { "root":
>ensure => present,
>comment => template("passwd/passwd.root.user.erb"),
>
>}
>
> passwd.root.user.erb contains:
>
> Root user on <%= hostname %>
>
>
For such a simple substitution, you
On Mon, Mar 14, 2011 at 8:12 AM, duff wrote:
> Hello, I am trying to export the latest tag of an svn repository to a
> puppet client.
> To do so, I would like to run the following command to get the latest
> tag
>/usr/bin/svn ls http://url_to_my_svn_repository/tags | /usr/bin/
> tail -1
>
> Ho
In that case I've got nothing. Sorry.
On Mar 15, 2011, at 6:37 AM, duff wrote:
> Hi Brian
>
> The problem isn't the lack of output from the puppet custom function. I have
> written some that return results.
> I used puts statements in the example to show the absence of result from the
> %x[]
It has occurred to me that another way of doing this would be to use defines
define kludge($sudo_add_rule=undef) {
node { "${name}":
class {sudoers: additional_rules => [$sudo_add_rule}}
}
}
The beauty of this is that it gets around the traditional problem of node
inherita
On Mar 21, 2011, at 1:39 PM, jcbollinger wrote:
>
> On Mar 21, 3:15 pm, Brian Gallew wrote:
>> It has occurred to me that another way of doing this would be to use defines
>>
>> define kludge($sudo_add_rule=undef) {
>> node { "${name}":
>
I think the fundamental problem here is that you see a particular piece of
metadata in your mind (this version of the file is the previous version)
which does not, in fact, exist. Since good practices dictate that your
Puppet manifests, files, and templates are all in some form of version
control,
On Tue, Apr 12, 2011 at 12:54 AM, R.I.Pienaar wrote:
> The PDL is a *much* more desirable solution than either layered classes
> or extlookup, why it has gone un-implemented I dont know and why the
> current suggestion is that layered classes somehow represents an effective
> alternative to the P
OK, I'm trying to do something (apparently) stupid. Here's the relevant
fragment of my manifest:
"/jumpstart/Begin/rootmirror.beg":
require => File["/jumpstart/Begin"],
content => template("jumpstart/standard.beg.erb");
"/jumpstart/Begin/standard.beg":
require => F
On Tue, Apr 12, 2011 at 6:39 PM, Ben Hughes wrote:
> > Sadly, my introspection-fu seems to be lacking and I'm unable to figure
> it out. Any help?
>
> Not easily. The only way I was able to find mention of it at all was
> with the horrible voodoo of a template of:
>
> <%= require 'pp' ; pp @__sc
I use it to include files which, for whatever reason, won't be auto-imported.
Specifically, I use it to includes my nodes.pp and defines.pp files, since
neither of them define any classes, and I want my defines all in one place,
usable anywhere.
On Apr 14, 2011, at 11:05 AM, Randall Hansen wro
That would undoubtedly have been a neater solution. I may well switch to
using that. Thanks!
On Fri, Apr 15, 2011 at 1:48 AM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:
> On 04/13/2011 04:24 AM, Ben Hughes wrote:
> > On Tue, Apr 12, 2011 at 07:20:24PM -0700, Bri
It depends on two things: your CA and the content of auth.conf. If you have
one CA signing all your certificates, then every host can validate the cert
on every master. If that's the case, then any host with the correct
permissions in auth.conf can issue the puppet kick command. If you have
diff
1 - 100 of 107 matches
Mail list logo
