We recently had a situation where servers weren't able to use their
auto-sign'ed certificates because their local clock was months off from
real-time. Of course, it was brand-new hardware straight off the dock and
hadn't yet had a chance to have ntp sync the clock to the correct time because,
Cobbler to load the operating system and do basic configurations. Then
> I hand off to Puppet. One thing I do with Cobbler is the initial setting of
> the system clock using ntpdate or ntpd -q
> Hope this helps
>
> -Original Message-
> From: Derek J. Balling
> To:
Is there rsync access to that repo? I'd like to mirror it behind our firewall
so our machines can access it, and HTTP mirroring is so sub-optimal.
D
On Mar 13, 2012, at 12:58 PM, Michael Stahnke wrote:
> Use the Puppet Labs repo,
>
> http://yum.puppetlabs.com it will always be updated. It
On May 3, 2012, at 1:05 PM, Pieter van de Bruggen wrote:
> As many of you may be aware, Hiera will be tightly integrated into Puppet in
> the upcoming release of Puppet 3.0.
>
What will this mean for sites that have specifically avoided using Hiera? I
would presume that this should just mean "b
On May 7, 2012, at 11:54 AM, Nigel Kersten wrote:
> Yes. If you're not planning to externalize data at all, the only difference
> you'll see is that you'll now have Hiera installed on your system when you
> install Puppet 3.0.
Cool. Was really panicking there for a moment.
I kinda like having
On May 7, 2012, at 12:47 PM, Christopher Wood wrote:
> Wrapper script (similar concept for anywhere with a yaml reader):
Still have to *write* the YAML files.
> Out of nosiness, how do you handle the edgier cases in your manifests? For
> example, how everything is a standard syslog client, exce
FWIW, we are experiencing exactly the same thing in 2.7 that you are. We used
to average 6-9 seconds for compilation time and now it's anywhere from 15 to
250 to "timed out".
D
On May 8, 2012, at 7:07 AM, Arnau Bria wrote:
> Compiled catalog for td055.pic.es in environment production in 4.25 s
Todd,
Do you have an ETA for 2.7.x RPMs in that repo by any chance?
Cheers,
D
On Jun 23, 2011, at 11:21 AM, Todd Zullinger wrote:
> Michael Stahnke wrote:
>> This release is a maintenance release of the 2.6.x series of Puppet.
>> This will likely be the last release in the 2.6.x series for Pupp
We just started testing CentOS 6.0 here, and I'm using Facter 1.6.0
If I run this command from my CentOS 5.x test machine:
[root@puppetclient.nj1:~]# facter --version
1.6.0
[root@puppetclient.nj1:~]# facter | grep lsb
lsbdistcodename => Final
lsbdistdescription => CentOS release 5.3 (Final)
lsbdi
On Aug 1, 2011, at 11:30 AM, Daniel Piddock wrote:
> You need to have the lsb_release command installed for the lsb* results
> to appear.
>
> Fedora/Redhat have it in the redhat-lsb package, so it possibly has a
> similar name under CentOS.
Thanks to you and everyone else who pointed it out. Ap
On Aug 2, 2011, at 8:35 PM, Len Rugen wrote:
> In puppet, passwd =>
> "$6$PVOar6qN$WUTN7HG838PnAdzLYCB4HHVSzE/SX100VVdsiIYlBo7TM5c79R38gx942Lkm710v1HMRmS5VnPbHZ2MwY96wt0",
Make sure to use single-quotes, or puppet will try to evaluate variables
"$PVOar", "$WUTN", etc., etc.
D
--
You received
On Jun 21, 2010, at 9:03 PM, Patrick Mohr wrote:
> Anyone have advice? I don't want to put puppet in cron if I can avoid it.
We did this:
service { puppet :
enable => true,
require => [ File['etc-sysconfig-puppet'],File['puppet.conf'] ],
subscribe => [ File['etc-sysconfig-puppet']
Has anyone had any luck in actually disabling certificates entirely. Just trust
the hostname you get from DNS and treat that info as authoritative.
I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to
happen, even though I have *no* need for the security that the certif
On Nov 11, 2010, at 6:26 PM, donavan wrote:
> From your comment in #3958 I think autosign[1] with "*.domain.tld"
> would work for you.
Nope. Because "autosign" doesn't also "auto-overwrite".
- New Host "foo001.domain.tld" is created
- Certs are exchanged for foo001 with the puppetmaster, life is
On Jan 18, 2011, at 9:38 PM, Bostjan Skufca wrote:
> Would anyone else fancy a wildcard path expansion in module path
> specification?
>
> Example:
>
> modulepath = /etc/puppet/modules/*
>
> ---[ above should expand to this
> equivalent ]--
> [ provided that repo
On Jan 28, 2011, at 2:02 PM, Daniel Pittman wrote:
> Yes. On the other hand, you will very quickly run into a problem:
>
> The puppet master uses the name in the SSL certificate that the client
> supplies as the "node" identifier. So, if you use that wildcard for
> your nodes you will not be ab
I tried looking in the language tutorial for this, but I couldn't find a
reference for how to do it, but I'm sure it must be possible.
So I've got two modules, one for "random_app" and one for "dns_config".
"dns_config" has a file resource "resolv.conf" which is just what the name
implies.
I w
> For what it is worth, for an extremely well known interface like
> /etc/resolv.conf I would subscribe to the file resource, but for most
> cases I prefer to depend on the class. So, I think both answers are
> right, and I didn't explain why I chose the apparently tighter binding
> this time arou
>size = self.logs.size
>if size == 0 then
>system "/usr/lib/nagios/eventhandlers/submit_puppet_result
> " + ip + " puppet-report 0 \"There has been no change\""
>else
>system "/usr/lib/nagios/eventhandlers/submit_puppet_result
> " + ip + " puppet-rep
On Feb 16, 2011, at 2:49 PM, donavan wrote:
> Off hand you may be interested in the metrics portion of the report.
> Something like metrics["changes"][:failed] would give you access to
> any resources that failed to apply.
> I don't recall how/if actual catalog failures are show in reports. A
> sy
On Feb 18, 2011, at 9:29 AM, Felix Frank wrote:
> Ugly workaround: Schedule the restart using atd from within the catalog
> run. (I've used "at now+2min" and it works so far).
Well, that's "less ugly" I suppose than the client just vanishing in the middle
of a catalog-run. :-)
But also my compl
On Feb 18, 2011, at 3:01 PM, Daniel Pittman wrote:
> Just to be specific: puppet doesn't do anything except use those
> standard functions, so we are not actually capable of doing anything
> portable to solve these problems. It really isn't so much "puppet
> ignores the change to..." as "the OS l
FWIW, we use our pre-existing F5s (which we've got for production traffic) so
we carved off a Puppetmaster VIP on those with no problem at all.
D
On Feb 15, 2011, at 9:30 PM, trey85stang wrote:
> while I am at it, what is the best way to load balance between
> multiple servers using passenger?
We've been tracking Bug 3360:
https://projects.puppetlabs.com/issues/3360
which controls what the puppetmaster does when it receives a new CSR for a host
that already exists. Like you and and OP, we have little to no use for the
security aspects of Puppet's CA design, and build in a completely
24 matches
Mail list logo
