Re: [Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
We're still using Puppet 2.7, but looking at our puppet-gpg config the
only major difference I see is we use :key_dir for the gpg key's instead
of the puppet users home directory. So our hiera.yaml file looks like:
# Hiera configuration file
---
:backends:
- yaml
- gpg
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
:key_dir: /srv/keyrings
:hierarchy:
- hosts/%{fqdn}
- %{environment}/hostgroups/%{hostgroup}
- hostgroups/%{hostgroup}
- %{environment}/servicegroups/%{servicegroup}
- servicegroups/%{servicegroup}
- %{environment}/%{calling_module}
- %{calling_module}
- %{environment}
- global
Of course you have to have the gpgme rpm and the gpgme ruby gem
installed on all your puppet masters. We install the same password-less
gpg private key on all the puppet masters and encrypt the yaml files
with the corresponding public key. .
JMN
On 9/3/2013 5:57 PM, Worker Bee wrote:
Has anyone been able to get this working?
For some reason, I am unable to get values decrypted via a puppet run,
despite being able to decrpyt via command line
I am starting to wonder if there is a bug or something I am missing??
I SO appreciate ANY help!
__
/etc/puppet/hiera.yaml
---
:backends: - gpg
- yaml
:logger: console
:hierarchy: - %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
Here is my init.pp file
# Class: testdecry
#
# [Remember: No empty lines between comments and class definition]
class testdecry {
$env = 'live'
$pass = hiera("rootpwd")
notify{"The value is: ${pass}":}
}
My encrypted file is in:
/etc/puppet/hieradata/live
[root@me]# ls
testdecry.gpg
___
Command line works:
[root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=testdecry env=live
rootpass
Running via puppet fails
[root@me]# puppet agent --test
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: can't convert nil into String at
/etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I am totally at a loss here
Thanks!
Bee
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Without hiera you have all those extra classes you posted below
including this very specific one. I think your classes are too
complicated to begin with regardless of where the data is, but the lack
of data separation probably sent you down that path.
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
With Hiera this is enough
include role::zabbix
You're now thinking, "How do I specify this machine is a server, in dc1,
and installing zabbix 2?" To answer we will start over and try to build
what you have with Hiera. This is a little hard to deal with in email,
but I think you'll get the idea.
node zabbixserver {
# this is a top level role for the zabbix server
include role::zabbix
}
class role::zabbix {
include profile::base
include profile::zabbixserver
}
class profile::zabbixserver {
include profile::apache
include zabbix
}
class zabbix(
$bind_ip = 127.0.0.1,
$version = present,
) {
blah blah
}
This Hiera config assumes you have a dc and role fact of some sort. This
may or may not be easy in your environment.
hiera.yaml
---
:hierarchy:
- %{fqdn}
- %{dc}
- %{role}
- %{environment}
- common
This is our role data
./hieradata/common.yaml
---
zabbix::version: '2.0'
zabbix::bind_ip: '1.1.1.1'
These are the dc bits of data
./hieradata/dc1.yaml
---
zabbix::bind_ip: '1.2.3.1'
./hieradata/dc1.yaml
---
zabbix::bind_ip: '1.4.5.1'
Your parametrized class will autolookup matching parameters from Hiera
in Puppet 3.x or you can specify them manually. Machines in dc1 get
1.2.3.1, dc2 gets 1.4.5.1, and any machine gets 1.1.1.1.
In summary we move data into Hiera and replace module::someclass::dc
with a simple module that does a lookup to a data file based on facts
that have classified the node.
Ramin
On 9/3/2013 8:49 AM, Frederiko Costa wrote:
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not
too confident of how we setup roles and profiles, specially when it
comes to add hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will
be generated using erb templated with data coming from parametized
classes. So far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip => "1.2.2.3",
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario.
Say you now have multiple data centers with different zabbix servers on
each. The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip => "1.2.2.3",
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip => "1.2.3.4",
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I
don't a straightforward way to use hiera and benefit the data
separation. I have to include the business logic in the profile. How
would I actually do that using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually
created two modules: roles and profiles. If I want to change, I have to
actually change the modules. Isn't it desirable to have these out of the
modulespath? I don't see why we have to do this way if are trying to
abstract things and avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
On 8/30/2013 3:48 PM, Frederiko Costa wrote:
> Hi everyone,
>
> Do you guys know any article/doc talking about the use of
roles/profiles
> approach with hiera?
>
> I'm particularly interested in how to organize the manifests when
having
> multiple data centers, parametized classes and wants to use hiera.
>
> Being even more specific, how to organize the code using the Craig's
> article (http://www.craigdunn.org/2012/05/239/
C
Re: [Puppet Users] Roles/profiles and hiera
Thanks Chad ...
I understand it from the syntax point of view, but my point is more of a
conceptual question in how to apply Craig's concepts using hiera with
parasitized classes ... in that case, the node definition using hiera
declares one (and only one role). The profile would define the technology
stack with all the modules.
That's what Craig's article suggests (he doesn't mention hiera in the
article). A role could specify 1+ profiles. So far, great.
The thing is, in the node definition, using hiera, I'd break what they're
proposing, because I'm actually not totally separating and externalizing
the data. The yaml file would be (the way I see).
x.y.z.w.yaml:
role::zabbix20::server::dc2
a.b.c.d.yaml:
role::zabbix20::server::dc1
Now, what I expected to have, for example, is the bind_ip parameter passed
here in hiera, not in the profile definition.
I hope I'm being clear ... :-)
-frederiko
On Tue, Sep 3, 2013 at 2:19 PM, Chad Huneycutt wrote:
> LIke this:
>
> class profile::zabbix20::server (
> bind_ip,
> ...
> ) {
> class { '::zabbix20::server':
> bind_ip => $bind_ip,
> ...
> }
> }
>
> Then your hieradata would set
>
> in a.b.c.d.yaml:
> profile::zabbix20::server::bind_ip: 1.2.2.3
>
> in x.y.z.w.yaml:
> profile::zabbix20::server::bind_ip: 1.2.3.4
>
> That way you have a single profile for all datacenters.
>
> - Chad
>
>
> On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa
> wrote:
> > Excellent.. thanks!
> >
> > And now sorry for the long email... hopefully I'm clear enough.
> >
> > I'd also to expose one example that I have here in my company. I'm not
> too
> > confident of how we setup roles and profiles, specially when it comes to
> add
> > hiera into the game.
> >
> > Say we have a module called zabbix20::agent. The configuration file will
> be
> > generated using erb templated with data coming from parametized classes.
> So
> > far, it looks good. Data separation, modules look portable, etc.
> >
> > As far as I understood going through the article is that you define the
> > technology stack in the profile, and the role as collection of profiles.
> > Well, in that case I'd say I would have something similar to this:
> >
> > class profile::zabbix20::server {
> > class { '::zabbix20::server' :
> > bind_ip => "1.2.2.3",
> > ...
> > }
> > }
> >
> > and then it would probably go to a base profile (profile::base) and
> > inherited by a base role. That fits perfectly with single site scenario.
> Say
> > you now have multiple data centers with different zabbix servers on each.
> > The way I understood ...
> >
> > class profile::zabbix20::server::dc1 {
> > class { '::zabbix20::server' :
> > bind_ip => "1.2.2.3",
> > ...
> > }
> > }
> >
> > class profile::zabbix20::server::dc2 {
> > class { '::zabbix20::server' :
> > bind_ip => "1.2.3.4",
> > ...
> > }
> >
> > include httpd
> > ...
> > }
> >
> > then the roles:
> > class role::zabbix20::server::dc1 {
> > include profile::zabbix20::server::dc1
> > }
> >
> > and the nodes ...
> >
> > node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
> > node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
> >
> > That being said ... How would I actually add hiera into the game? I
> don't a
> > straightforward way to use hiera and benefit the data separation. I have
> to
> > include the business logic in the profile. How would I actually do that
> > using hiera? Can't see a direct way.
> >
> > The other discussion I had with my co-worker is ... they actually created
> > two modules: roles and profiles. If I want to change, I have to actually
> > change the modules. Isn't it desirable to have these out of the
> modulespath?
> > I don't see why we have to do this way if are trying to abstract things
> and
> > avoiding touching modules whenever we can.
> >
> > Thanks in advance.
> >
> > On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
> >>
> >> On 8/30/2013 3:48 PM, Frederiko Costa wrote:
> >> > Hi everyone,
> >> >
> >> > Do you guys know any article/doc talking about the use of
> roles/profiles
> >> > approach with hiera?
> >> >
> >> > I'm particularly interested in how to organize the manifests when
> having
> >> > multiple data centers, parametized classes and wants to use hiera.
> >> >
> >> > Being even more specific, how to organize the code using the Craig's
> >> > article (http://www.craigdunn.org/2012/05/239/) and use hiera to
> >> > provide node specific data.
> >> >
> >> > thank you,
> >> > -fred
> >>
> >> Couple of links on the subject that I like.
> >>
> >> Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
> >> original articles, http://www.slideshare.net/PuppetLabs/roles-talk
> >>
> >> Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
> >> become a very influential presentation over the next year as generally
> >> available tooling catches up to the ideas presented. I'm surprised there
> >> hasn't been
[Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
Has anyone been able to get this working?
For some reason, I am unable to get values decrypted via a puppet run,
despite being able to decrpyt via command line
I am starting to wonder if there is a bug or something I am missing??
I SO appreciate ANY help!
__
/etc/puppet/hiera.yaml
---
:backends: - gpg
- yaml
:logger: console
:hierarchy: - %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
Here is my init.pp file
# Class: testdecry
#
# [Remember: No empty lines between comments and class definition]
class testdecry {
$env = 'live'
$pass = hiera("rootpwd")
notify{"The value is: ${pass}":}
}
My encrypted file is in:
/etc/puppet/hieradata/live
[root@me]# ls
testdecry.gpg
___
Command line works:
[root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=testdecry env=live
rootpass
Running via puppet fails
[root@me]# puppet agent --test
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
can't convert nil into String at
/etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I am totally at a loss here
Thanks!
Bee
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
LIke this:
class profile::zabbix20::server (
bind_ip,
...
) {
class { '::zabbix20::server':
bind_ip => $bind_ip,
...
}
}
Then your hieradata would set
in a.b.c.d.yaml:
profile::zabbix20::server::bind_ip: 1.2.2.3
in x.y.z.w.yaml:
profile::zabbix20::server::bind_ip: 1.2.3.4
That way you have a single profile for all datacenters.
- Chad
On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa wrote:
> Excellent.. thanks!
>
> And now sorry for the long email... hopefully I'm clear enough.
>
> I'd also to expose one example that I have here in my company. I'm not too
> confident of how we setup roles and profiles, specially when it comes to add
> hiera into the game.
>
> Say we have a module called zabbix20::agent. The configuration file will be
> generated using erb templated with data coming from parametized classes. So
> far, it looks good. Data separation, modules look portable, etc.
>
> As far as I understood going through the article is that you define the
> technology stack in the profile, and the role as collection of profiles.
> Well, in that case I'd say I would have something similar to this:
>
> class profile::zabbix20::server {
> class { '::zabbix20::server' :
> bind_ip => "1.2.2.3",
> ...
> }
> }
>
> and then it would probably go to a base profile (profile::base) and
> inherited by a base role. That fits perfectly with single site scenario. Say
> you now have multiple data centers with different zabbix servers on each.
> The way I understood ...
>
> class profile::zabbix20::server::dc1 {
> class { '::zabbix20::server' :
> bind_ip => "1.2.2.3",
> ...
> }
> }
>
> class profile::zabbix20::server::dc2 {
> class { '::zabbix20::server' :
> bind_ip => "1.2.3.4",
> ...
> }
>
> include httpd
> ...
> }
>
> then the roles:
> class role::zabbix20::server::dc1 {
> include profile::zabbix20::server::dc1
> }
>
> and the nodes ...
>
> node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
> node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
>
> That being said ... How would I actually add hiera into the game? I don't a
> straightforward way to use hiera and benefit the data separation. I have to
> include the business logic in the profile. How would I actually do that
> using hiera? Can't see a direct way.
>
> The other discussion I had with my co-worker is ... they actually created
> two modules: roles and profiles. If I want to change, I have to actually
> change the modules. Isn't it desirable to have these out of the modulespath?
> I don't see why we have to do this way if are trying to abstract things and
> avoiding touching modules whenever we can.
>
> Thanks in advance.
>
> On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
>>
>> On 8/30/2013 3:48 PM, Frederiko Costa wrote:
>> > Hi everyone,
>> >
>> > Do you guys know any article/doc talking about the use of roles/profiles
>> > approach with hiera?
>> >
>> > I'm particularly interested in how to organize the manifests when having
>> > multiple data centers, parametized classes and wants to use hiera.
>> >
>> > Being even more specific, how to organize the code using the Craig's
>> > article (http://www.craigdunn.org/2012/05/239/) and use hiera to
>> > provide node specific data.
>> >
>> > thank you,
>> > -fred
>>
>> Couple of links on the subject that I like.
>>
>> Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
>> original articles, http://www.slideshare.net/PuppetLabs/roles-talk
>>
>> Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
>> become a very influential presentation over the next year as generally
>> available tooling catches up to the ideas presented. I'm surprised there
>> hasn't been more discussion about it.
>> http://carlasouza.com/puppetconf13/#/slide1
>>
>> Hunner's github repo for his Role/Profile session at Puppet Conf.
>> https://github.com/hunner/roles_and_profiles
>>
>> My example of using role/profile. I skipped over most of the design and
>> philosophy which Craig covered quite well and dove straight into what it
>> might looks like with a complicated set of data in a real world
>> application.
>>
>> https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
>>
>> Ramin
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Chad M. Huneycutt
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.c
Re: [Puppet Users] Hiera and hiera-gpg
Ughh; and I spoke too soon for some reason, it is not decrypting when
running via puppet run/manifest (I had mistakenly left the unencrypted in
the directory and it was failing back to reading the yaml_
Thanks!
On Tue, Sep 3, 2013 at 4:03 PM, Worker Bee wrote:
> Hi Luke;
>
> So, what you said does make sense and, I did make the changes you
> explained to my manifest and it worked! :)
>
> I am confused though and I am so sorry to be so ignorant but, what
> does %{location} refer to?
>
> Thank you VERY, VERY much!
>
> bee
>
>
> On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum wrote:
>
>> I just started a big reply to your last email and it looks like you've
>> figured most of it out. At least your not still thinking "manifests" your
>> problem is in hiera.yaml ;-)
>>
>>
>> On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
>>>
>>> I am pretty sure I still have something wrong with my set up but, I just
>>> cannot seem to see what it is...
>>>
>>> Notice if I attempt to decrypt vi the command line and do not indicate
>>> "env=live", it fails..
>>> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
>>> calling_module=motd
>>> nil
>>> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
>>> calling_module=motd env=live
>>> rootpass
>>>
>>>
>> The reason that works is written in your hiera.yaml config below. You've
>> told Hiera that your Hierarchy contains the variable %{env}. Now while that
>> works fine on the command line, when the Hiera function is called during
>> catalog compilation in a manifest I'm betting that the 'env' variable does
>> not exist, which is why your key is not found. What is %{env}? Did you copy
>> it straight from Craig's blog or do you actually use it in your Hierarchy?
>>
>> From the way you've got your Hierarchy specified now, if I ran a find
>> across your hieradata directory, this is what I'd expect to find:
>>
>> /etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
>> /etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
>> /etc/puppet/hieradata/some_env/some_calling_module.yaml
>> /etc/puppet/hieradata/some_env/some_calling_module.gpg
>> /etc/puppet/hieradata/common.yaml
>> /etc/puppet/hieradata/common.gpg
>>
>> The hierarchy you've got must match the path of the Hiera data files in
>> that directory.
>>
>> When run from the command line, the %{env}, %{location} and
>> %{calling_module} variables are passed on the command line. When the hiera
>> function call is made during a Puppet catalog compilation then those
>> variables must be defined for that node ($env, $location, but
>> $calling_module is implicit), either as Facter Facts or as normal variables
>> in a Puppet manifest.
>>
>> ... That's not explained very well but I can't think of a better way to
>> phrase it yet. Does that help so far?
>>
>>
>>> __**__**
>>>
>>> [root@me puppet]# more hiera.yaml
>>> ---
>>> :backends: - yaml
>>>- gpg
>>>
>>> :logger: console
>>>
>>> :hierarchy: - %{env}/%{location}/%{calling_**module}
>>> - %{env}/%{calling_module}
>>> - common
>>>
>>>
>>> :yaml:
>>>:datadir: /etc/puppet/hieradata
>>>
>>> :gpg:
>>>:datadir: /etc/puppet/hieradata
>>>
>>> __**___
>>> my encrypted files are in /etc/puppet/hieradata/live
>>>
>>>
>>>
>>> Thanks in advance for any help!
>>> Bee
>>>
>>>
>>> On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee wrote:
>>>
Hi Guys;
I really appreciate your help and apologize for the continued
questions... however, apaprently, I am missing something here. I cannot
get this working.
I have set hiera-gpg up as per the docs I can find but, I still cannot
seem to get my manifests correct. If someone would kindly provide a smaple
manifest, I would be grateful!
Also, per Craig Dunn's blog, he is placing hieradata files in
/etc/puppet/hieradata/live. Is the "live" subdir required? Is there some
sort of environment limitation that requires the files live in this subdir?
Thank you very much!
Bee
On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs <
ri...@richburroughs.com> wrote:
> Your manifests look the same. You do a hiera lookup just as you
> would if you weren't using the GPG integration. It's just another data
> store for hiera.
>
> You do need to set that up, as other people have mentioned. But it's
> no different in the manifests.
>
>
> On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee wrote:
>
>> I am looking for some manifest examples, if anyone has any to share!
>>
>>
>> On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark
>> wrote:
>>
>>> On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
>>> > I am having a bit of difficulty implementing hiera-gpg;
>>> particularly with
>>>
Re: [Puppet Users] Hiera and hiera-gpg
Hi Luke;
So, what you said does make sense and, I did make the changes you explained
to my manifest and it worked! :)
I am confused though and I am so sorry to be so ignorant but, what
does %{location} refer to?
Thank you VERY, VERY much!
bee
On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum wrote:
> I just started a big reply to your last email and it looks like you've
> figured most of it out. At least your not still thinking "manifests" your
> problem is in hiera.yaml ;-)
>
>
> On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
>>
>> I am pretty sure I still have something wrong with my set up but, I just
>> cannot seem to see what it is...
>>
>> Notice if I attempt to decrypt vi the command line and do not indicate
>> "env=live", it fails..
>> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
>> calling_module=motd
>> nil
>> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
>> calling_module=motd env=live
>> rootpass
>>
>>
> The reason that works is written in your hiera.yaml config below. You've
> told Hiera that your Hierarchy contains the variable %{env}. Now while that
> works fine on the command line, when the Hiera function is called during
> catalog compilation in a manifest I'm betting that the 'env' variable does
> not exist, which is why your key is not found. What is %{env}? Did you copy
> it straight from Craig's blog or do you actually use it in your Hierarchy?
>
> From the way you've got your Hierarchy specified now, if I ran a find
> across your hieradata directory, this is what I'd expect to find:
>
> /etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
> /etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
> /etc/puppet/hieradata/some_env/some_calling_module.yaml
> /etc/puppet/hieradata/some_env/some_calling_module.gpg
> /etc/puppet/hieradata/common.yaml
> /etc/puppet/hieradata/common.gpg
>
> The hierarchy you've got must match the path of the Hiera data files in
> that directory.
>
> When run from the command line, the %{env}, %{location} and
> %{calling_module} variables are passed on the command line. When the hiera
> function call is made during a Puppet catalog compilation then those
> variables must be defined for that node ($env, $location, but
> $calling_module is implicit), either as Facter Facts or as normal variables
> in a Puppet manifest.
>
> ... That's not explained very well but I can't think of a better way to
> phrase it yet. Does that help so far?
>
>
>> __**__**
>>
>> [root@me puppet]# more hiera.yaml
>> ---
>> :backends: - yaml
>>- gpg
>>
>> :logger: console
>>
>> :hierarchy: - %{env}/%{location}/%{calling_**module}
>> - %{env}/%{calling_module}
>> - common
>>
>>
>> :yaml:
>>:datadir: /etc/puppet/hieradata
>>
>> :gpg:
>>:datadir: /etc/puppet/hieradata
>>
>> __**___
>> my encrypted files are in /etc/puppet/hieradata/live
>>
>>
>>
>> Thanks in advance for any help!
>> Bee
>>
>>
>> On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee wrote:
>>
>>> Hi Guys;
>>>
>>> I really appreciate your help and apologize for the continued
>>> questions... however, apaprently, I am missing something here. I cannot
>>> get this working.
>>>
>>> I have set hiera-gpg up as per the docs I can find but, I still cannot
>>> seem to get my manifests correct. If someone would kindly provide a smaple
>>> manifest, I would be grateful!
>>>
>>> Also, per Craig Dunn's blog, he is placing hieradata files in
>>> /etc/puppet/hieradata/live. Is the "live" subdir required? Is there some
>>> sort of environment limitation that requires the files live in this subdir?
>>>
>>> Thank you very much!
>>> Bee
>>>
>>> On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs >> > wrote:
>>>
Your manifests look the same. You do a hiera lookup just as you would
if you weren't using the GPG integration. It's just another data store for
hiera.
You do need to set that up, as other people have mentioned. But it's no
different in the manifests.
On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee wrote:
> I am looking for some manifest examples, if anyone has any to share!
>
>
> On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark wrote:
>
>> On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
>> > I am having a bit of difficulty implementing hiera-gpg;
>> particularly with
>> > accomplishing the deencryption in my manifests. Can anyone either
>> provide
>> > a simple example or point me to a good resource? I have searched
>> alot and
>> > am still struggling.
>> >
>> > Any help would be very appreciated!
>> >
>> > Thanks!
>> > Bee
>>
>> You just need to have the hiera-gpg gem installed, make sure that gpg
>> is
>> listed in the backends array in hiera.yaml, then
[Puppet Users] Re: Random Yum errors during provisioning
Any ideas???
On Friday, June 28, 2013 9:38:29 AM UTC-4, Glenn Poston wrote:
>
> Running Amazon Linux (which is essentially Centos5.5).
>
> Anyone seen random yum errors like this one? I don't think
> it's necessarily related to Puppet, but it randomly fails my puppet runs
> and I don't know how to fix it.
>
> Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
> /Stage[main]/Zookeeper/Package[zookeeper]/ensure: created
> Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
> /Stage[main]/Zookeeper/File[/var/lib/zookeeper/data]/ensure: created
> Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
> /Stage[main]/Zookeeper/File[/var/lib/zookeeper/data/myid]/ensure: created
> Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
> /Stage[main]/Yum_repo::Configs/File[/etc/yum.repos.d/inin-epel.repo]/ensure:
> defined content as '{md5}b94171f63e31f07b8bd75444073e301c'
> Jun 28 08:41:35 ip-10-159-65-145 run_puppet: [Notice:
> /Stage[main]/Zookeeper/File[/etc/zookeeper/zookeeper-env.sh]/content:
> content changed '{md5}cd666c7520ce5279ddbc185512b0b177' to
> '{md5}5cb59b25f5e7567d94ba14b06f6e7081'
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error: Execution of
> '/usr/bin/yum -d 0 -e 0 -y install daemonize' returned 1: Existing lock
> /var/run/yum.pid: another copy is running as pid 2502.
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently
> holding the yum lock; waiting for it to exit...
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is:
> yum
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235
> MB VSZ)
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28
> 08:41:33 2013 - 00:03 ago
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid:
> 2502
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is
> malformed
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error:
> /Stage[main]/Mcollective/Package[daemonize]/ensure: change from absent to
> present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install daemonize'
> returned 1: Existing lock /var/run/yum.pid: another copy is running as pid
> 2502.
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently
> holding the yum lock; waiting for it to exit...
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is:
> yum
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235
> MB VSZ)
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28
> 08:41:33 2013 - 00:03 ago
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid:
> 2502
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is
> malformed
> Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [mNotice:
> /Stage[main]/Zookeeper/File[/etc/zookeeper/zoo.cfg]/content: content
> changed '{md5}5c543298c5572c3caf40a3d108309019' to
> '{md5}31db609f6601a8a02561d411e98db12b'
> Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice:
> /Stage[main]/Puppet/File[/usr/local/bin/run_puppet.sh]/content: content
> changed '{md5}4e9496313a0b4152c663defce5100af5' to
> '{md5}49d78e473fa2202dea13e9b195e63575'
> Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice:
> /Stage[main]/Yum_repo::Configs/Exec[puppet_repo]/returns: executed
> successfully
> Jun 28 08:41:48 ip-10-159-65-145 run_puppet: [mNotice:
> /Stage[main]/Mcollective::Common/Package[mcollective-package-agent]/ensure:
> created
>
> The problem does not persist. Yum packages are installed by puppet before
> and after the errors. A subsequent puppet run installs the previously
> skipped packages fine.
>
> It's as if some background process creates a lock, while updating the yum
> DB, but when the lock is released, the yum DB is still in a bad state
> (momentarily).
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: How to override $::operatingsystem fact
Just for the record, this is the code I'm using:
Facter.add(:operatingsystem) do
> confine :kernel => [ 'Linux' ]
> has_weight 100
> setcode do
> if FileTest.exists?("/usr/bin/pveversion") then
> "Proxmox"
> end
> end
> end
>
> Facter.add(:operatingsystemrelease) do
> confine :kernel => [ 'Linux' ]
> has_weight 100
> setcode do
> if FileTest.exists?("/usr/bin/pveversion") then
> Facter::Util::Resolution.exec("/usr/bin/pveversion")
> end
> end
> end
>
>
On Tuesday, July 17, 2012 9:30:15 AM UTC-4, julien cosmao wrote:
>
> Hi,
>
> I want to introduce "Proxmox" as new value in $::operatingsystem.
> "Proxmox" is based on Debian, so the normal value is currently "Debian".
>
> To change that, I just write a custom fact based on the facter fact
> "operatingsystem"
>
> Facter.add(:operatingsystem) do
>> ...
>>setcode do
>>...
>>elsif FileTest.exists?("/usr/bin/pveversion")
>>"Proxmox"
>
>
> This method doesn't override the original fact.
>
> I've also tried to set $::operatingsystem = "Proxmox" directly in my node.
>
> What's the best way to do override an existing fact ?
>
> Regards,
>
> Julien
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet Agent intermittent lock, ruby crashing (windows)
Hi we're noticing in our environment intermittent windows agents becoming unresponsive and it's because of the lock file not being deleted. We are installing Puppet agent using the msi file, version 3.0.1. * Something that caught our attention is that the agents that have locked have been unchanged for a period of time. After investigating the Application event log, we are seeing the following 2 errors: Log Name: Application Source:Application Error Date: 9/3/2013 9:50:59 AM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: Description: Faulting application name: ruby.exe, version: 1.8.7.370, time stamp: 0x4fede15f Faulting module name: msvcrt-ruby18.dll, version: 1.8.7.370, time stamp: 0x4feddff4 Exception code: 0x4015 Fault offset: 0x00013152 Faulting process id: 0x938 Faulting application start time: 0x01cea8c5ae246efa Faulting application path: C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\ruby.exe Faulting module path: C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\msvcrt-ruby18.dll Log Name: Application Source:Application Error Date: 9/3/2013 9:51:00 AM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: Description: Faulting application name: ruby.exe, version: 1.8.7.370, time stamp: 0x4fede15f Faulting module name: ADVAPI32.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7b706 Exception code: 0xc005 Fault offset: 0x000149e5 Faulting process id: 0x938 Faulting application start time: 0x01cea8c5ae246efa Faulting application path: C:\Program Files (x86)\Puppet Labs\Puppet\sys\ruby\bin\ruby.exe Faulting module path: C:\Windows\syswow64\ADVAPI32.DLL Any suggestions as per what could be causing this issue and how to resolve it? BTW, if we manually delete the lock file then the agent reports back to the Puppet Master just fine. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppetdb - getting a list of specific facts for specific hosts?
Is it acceptable to do the search based on 'certname'? ie: curl -G 'http://localhost:8080/v2/facts' --data-urlencode 'query=["and",["~","certname","puppetdb?"],["or",["=","name","ipaddress"],["=","name","hostname"]]]' ken. On Mon, Sep 2, 2013 at 7:00 AM, Klavs Klavsen wrote: > This gives me the ipaddress (and hostname).. now to figure out how to filter > on hostname regex.. > > 'query=["=", "name", "ipaddress"]' > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] failed to install pkg on Solaris node
Hi everyone. I've recently started testing puppet enteprise. Puppet master is on RHEL 6.4, my node connected for test purposes is Solaris 10u10. Puppet master is 3.0.1, fresh installation. Using "Advanced tasks" I'm trying to install PKG from CSW. I'm selecting node for installation, in field for package name I'm entering package name, ie. "vim" and after pressing "Run" there is empty output for this node. I can't also find any trace in logs. Can anyone point me in right direction? How can I enable pkgutil pkg provider on my puppet master? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
Stuart, If I'm understanding your needs correctly, this may be what you're looking for: http://www.devco.net/archives/2010/03/17/scheduling_puppet_with_mcollective.php On Monday, September 2, 2013 11:01:46 AM UTC-5, Stuart Cracraft wrote: > > How can this be randomized within a range? > > I believe someone mentioned "splay" ? > > My fear is that all the boxes will request at a similar some day, by chance > and send a tidal wave over to the master. > > On Sep 1, 2013, at 10:27 PM, Rahul Khengare > > wrote: > > You can use different *runinterval *for each client. > This can be done using editing of "/etc/puppet/puppet.conf" on each > client machine. > Set the following (add a new line if it's not already present) > in the [agent] section of the file: > > runinterval=XXX > > where, XXX is the time in seconds(default is 180), > > Thanks and Regards, > Rahul Khengare, > NTT DATA OSS Center, Pune, India. > > > On Friday, August 30, 2013 2:20:36 AM UTC+5:30, rjbu...@gmail.com wrote: >> >> How do I avoid a situation where all of my Linux servers execute a >> service restart at the same time upon receiving a new configuration change >> via Puppet? I am trying to avoid any possibility that the service would be >> unavailable for any length of time. The servers are behind a load >> balancer. At least one node needs to remain available. Any idea how I >> might configure Puppet to work in this HA environment? >> >> Thank you for your feedback! >> >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users...@googlegroups.com . > To post to this group, send email to puppet...@googlegroups.com > . > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not too
confident of how we setup roles and profiles, specially when it comes to
add hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will be
generated using erb templated with data coming from parametized classes. So
far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip => "1.2.2.3",
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario.
Say you now have multiple data centers with different zabbix servers on
each. The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip => "1.2.2.3",
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip => "1.2.3.4",
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I don't a
straightforward way to use hiera and benefit the data separation. I have to
include the business logic in the profile. How would I actually do that
using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually created
two modules: roles and profiles. If I want to change, I have to actually
change the modules. Isn't it desirable to have these out of the
modulespath? I don't see why we have to do this way if are trying to
abstract things and avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
>
> On 8/30/2013 3:48 PM, Frederiko Costa wrote:
> > Hi everyone,
> >
> > Do you guys know any article/doc talking about the use of roles/profiles
> > approach with hiera?
> >
> > I'm particularly interested in how to organize the manifests when having
> > multiple data centers, parametized classes and wants to use hiera.
> >
> > Being even more specific, how to organize the code using the Craig's
> > article (http://www.craigdunn.org/2012/05/239/) and use hiera to
> > provide node specific data.
> >
> > thank you,
> > -fred
>
> Couple of links on the subject that I like.
>
> Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
> original articles, http://www.slideshare.net/PuppetLabs/roles-talk
>
> Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
> become a very influential presentation over the next year as generally
> available tooling catches up to the ideas presented. I'm surprised there
> hasn't been more discussion about it.
> http://carlasouza.com/puppetconf13/#/slide1
>
> Hunner's github repo for his Role/Profile session at Puppet Conf.
> https://github.com/hunner/roles_and_profiles
>
> My example of using role/profile. I skipped over most of the design and
> philosophy which Craig covered quite well and dove straight into what it
> might looks like with a complicated set of data in a real world
> application.
>
> https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
>
>
> Ramin
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Module team update: 2013-08-09 - 2013-09-03
Going forward I'm going to aim for this twice a month as weekly is too frequent and I forget to write them every week. This update is dedicated to blkperl who keeps me writing them by reminding me every time I forget. It's been a busy month and with Puppetconf falling in the middle of the month progress has been a bit all over the place. Our focus this month has been on connecting with the community, discussing module standards, testing, and all the stuff around the edges of modules. One piece of solid work that's come out of this is the "Beginners Guide to Modules", the very beginning piece of our drive towards having a coherent set of module documentation that covers everything from how a beginner should lay out a module to best practices for types/providers, all the way to testing frameworks. Obviously this is a new thing for us so you'll have to help us to help you by giving us awesome feedback on how to improve the guide and what information you would most like to see Puppetlabs standardize and define next. The guide is at http://links.puppetlabs.com/bgtm and we'll be working to clean it up, move it to our real documentation site and get space built for us to write more. I've already done some more work towards an Advanced guide and towards some blog posts to showcase existing modules (like stdlib) and other techniques to help you improve modules. RELEASES: Not as many releases this month, we're sort of focused on other areas and groundwork to make this easier going forward: http://forge.puppetlabs.com/puppetlabs/nodejs/0.4.0 http://forge.puppetlabs.com/puppetlabs/firewall/0.4.1 http://forge.puppetlabs.com/puppetlabs/concat/1.0.0 http://forge.puppetlabs.com/puppetlabs/gcc/0.1.0 http://forge.puppetlabs.com/puppetlabs/rabbitmq/3.0.0 http://forge.puppetlabs.com/puppetlabs/ntp/2.0.0 >From other groups: http://forge.puppetlabs.com/puppetlabs/puppetdb/1.6.0 http://forge.puppetlabs.com/puppetlabs/gce_compute/0.1.0 - from google! WORK IN PROGRESS Hunter has been working on puppetlabs-apache, merging in endless PRs and helping to improve that module even more. Alongside that he's working on "beaker", the previously named puppet-acceptance framework. We're looking to adopt it for testing modules but we're in the middle of learning about it and figuring out how to best adopt it so it's easy for community members to get going with. The earlier part of the month was taken up with Puppetconf prep for his talk (which I heard was awesome and enjoyed by all!) He also made https://github.com/hunner/roles_and_profiles as part of this, so check that out. Ken (honorary member of the module team this week!) has completely refactored puppetlabs-postgresql and has a massive pull request in completely overhauling the module. It looks fantastic and will be vastly easier to work with and ensure that we don't have weird dependency issues going forward. Ashley (me) has been in the weeds in the MySQL module for a while now. I've written some new types: mysql_user, mysql_db, mysql_grant to replace the existing ones that had a number of issues that were making working with this module difficult. The new ones can all be called with "puppet resource" allowing you to manipulate mysql via puppet without having to use manifests. They all have various improvements and will underlie the refactoring work that I plan to do in the MySQL module in the next few weeks. Puppetconf made it very clear to me that the community cares deeply about the MySQL module but many people fork it off due to the difficulty with adding your own configuration params, installation sources, and general ability to tweak the module without difficulty. One of the reasons I've been working on the providers and types is to make sure I have fresh pain in my mind before I start writing some beginner provider/types documentation for the module team. MySQL has proven to be an absolute nightmare to write these types for so I'm full of pain points to touch on to make sure the rest of you have an easier time in the future. -- Ashley Penney ashley.pen...@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
>
>
> ... That's not explained very well but I can't think of a better way to
> phrase it yet. Does that help so far?
>
Perhaps I can show you what I mean. Run these commands and look at the
debug output in what files Hiera is trying to open, see how it's
interpreting each variable you add on the command line as new sub
directories of your hieradata directory, based on how you use the %{env}
%{location} and %{calling_module} variables in hiera.yaml.
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd --debug
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live --debug
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live
location=woofwoof --debug
Once you understand that, you've got to get those variables into your
Puppet manifest before the hiera() function call. This is a very very very
bad example, but it shows how you need to have those variables present in
the manifest for Hiera to use them in a lookup:
class motd {
$env = 'live'
#$calling_module --- should be an automatic variable given to you by
Puppet's hiera() function call
$location = ''
rootpwd = hiera('rootpwd')
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the "live" subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs wrote: > Your manifests look the same. You do a hiera lookup just as you would if > you weren't using the GPG integration. It's just another data store for > hiera. > > You do need to set that up, as other people have mentioned. But it's no > different in the manifests. > > > On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee wrote: > >> I am looking for some manifest examples, if anyone has any to share! >> >> >> On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark wrote: >> >>> On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: >>> > I am having a bit of difficulty implementing hiera-gpg; particularly >>> with >>> > accomplishing the deencryption in my manifests. Can anyone either >>> provide >>> > a simple example or point me to a good resource? I have searched alot >>> and >>> > am still struggling. >>> > >>> > Any help would be very appreciated! >>> > >>> > Thanks! >>> > Bee >>> >>> You just need to have the hiera-gpg gem installed, make sure that gpg is >>> listed in the backends array in hiera.yaml, then the puppet user needs >>> to have the private key configured within it's $HOME/.gnupg -where $HOME >>> is usually /var/lib/puppet. >>> >>> By default pgp keys are encrypted with a passphrase, which would need to >>> be supplied and held in a running keyring for that user, so was >>> previously working around this by using a non-passphrase protected >>> subkey. >>> >>> I've now however moved away from hiera-gpg due to performance overhead >>> on large catalogs and moved to a git post-commit hook that decrypts any >>> .gpg files to .yaml within a dedicated hierarchy for decrypted files, >>> using that same insecure private subkey. >>> >>> >>> Cheers, >>> -- >>> Richard Clark >>> rich...@fohnet.co.uk >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To post to this group, send email to puppet-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/puppet-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I just started a big reply to your last email and it looks like you've
figured most of it out. At least your not still thinking "manifests" your
problem is in hiera.yaml ;-)
On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
>
> I am pretty sure I still have something wrong with my set up but, I just
> cannot seem to see what it is...
>
> Notice if I attempt to decrypt vi the command line and do not indicate
> "env=live", it fails..
> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
> calling_module=motd
> nil
> [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
> calling_module=motd env=live
> rootpass
>
>
The reason that works is written in your hiera.yaml config below. You've
told Hiera that your Hierarchy contains the variable %{env}. Now while that
works fine on the command line, when the Hiera function is called during
catalog compilation in a manifest I'm betting that the 'env' variable does
not exist, which is why your key is not found. What is %{env}? Did you copy
it straight from Craig's blog or do you actually use it in your Hierarchy?
>From the way you've got your Hierarchy specified now, if I ran a find
across your hieradata directory, this is what I'd expect to find:
/etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
/etc/puppet/hieradata/some_env/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_calling_module.gpg
/etc/puppet/hieradata/common.yaml
/etc/puppet/hieradata/common.gpg
The hierarchy you've got must match the path of the Hiera data files in
that directory.
When run from the command line, the %{env}, %{location} and
%{calling_module} variables are passed on the command line. When the hiera
function call is made during a Puppet catalog compilation then those
variables must be defined for that node ($env, $location, but
$calling_module is implicit), either as Facter Facts or as normal variables
in a Puppet manifest.
... That's not explained very well but I can't think of a better way to
phrase it yet. Does that help so far?
>
>
> [root@me puppet]# more hiera.yaml
> ---
> :backends: - yaml
>- gpg
>
> :logger: console
>
> :hierarchy: - %{env}/%{location}/%{calling_module}
> - %{env}/%{calling_module}
> - common
>
>
> :yaml:
>:datadir: /etc/puppet/hieradata
>
> :gpg:
>:datadir: /etc/puppet/hieradata
>
> _
> my encrypted files are in /etc/puppet/hieradata/live
>
>
>
> Thanks in advance for any help!
> Bee
>
>
> On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee
> > wrote:
>
>> Hi Guys;
>>
>> I really appreciate your help and apologize for the continued
>> questions... however, apaprently, I am missing something here. I cannot
>> get this working.
>>
>> I have set hiera-gpg up as per the docs I can find but, I still cannot
>> seem to get my manifests correct. If someone would kindly provide a smaple
>> manifest, I would be grateful!
>>
>> Also, per Craig Dunn's blog, he is placing hieradata files in
>> /etc/puppet/hieradata/live. Is the "live" subdir required? Is there some
>> sort of environment limitation that requires the files live in this subdir?
>>
>> Thank you very much!
>> Bee
>>
>> On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs
>>
>> > wrote:
>>
>>> Your manifests look the same. You do a hiera lookup just as you would
>>> if you weren't using the GPG integration. It's just another data store for
>>> hiera.
>>>
>>> You do need to set that up, as other people have mentioned. But it's no
>>> different in the manifests.
>>>
>>>
>>> On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee
>>> > wrote:
>>>
I am looking for some manifest examples, if anyone has any to share!
On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark
> wrote:
> On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
> > I am having a bit of difficulty implementing hiera-gpg; particularly
> with
> > accomplishing the deencryption in my manifests. Can anyone either
> provide
> > a simple example or point me to a good resource? I have searched
> alot and
> > am still struggling.
> >
> > Any help would be very appreciated!
> >
> > Thanks!
> > Bee
>
> You just need to have the hiera-gpg gem installed, make sure that gpg
> is
> listed in the backends array in hiera.yaml, then the puppet user needs
> to have the private key configured within it's $HOME/.gnupg -where
> $HOME
> is usually /var/lib/puppet.
>
> By default pgp keys are encrypted with a passphrase, which would need
> to
> be supplied and held in a running keyring for that user, so was
> previously working around this by using a non-passphrase protected
> subkey.
>
>
Re: [Puppet Users] Hiera and hiera-gpg
I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...
Notice if I attempt to decrypt vi the command line and do not indicate
"env=live", it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
- gpg
:logger: console
:hierarchy: - %{env}/%{location}/%{calling_module}
- %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
_
my encrypted files are in /etc/puppet/hieradata/live
Thanks in advance for any help!
Bee
On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee wrote:
> Hi Guys;
>
> I really appreciate your help and apologize for the continued questions...
> however, apaprently, I am missing something here. I cannot get this
> working.
>
> I have set hiera-gpg up as per the docs I can find but, I still cannot
> seem to get my manifests correct. If someone would kindly provide a smaple
> manifest, I would be grateful!
>
> Also, per Craig Dunn's blog, he is placing hieradata files in
> /etc/puppet/hieradata/live. Is the "live" subdir required? Is there some
> sort of environment limitation that requires the files live in this subdir?
>
> Thank you very much!
> Bee
>
> On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs wrote:
>
>> Your manifests look the same. You do a hiera lookup just as you would
>> if you weren't using the GPG integration. It's just another data store for
>> hiera.
>>
>> You do need to set that up, as other people have mentioned. But it's no
>> different in the manifests.
>>
>>
>> On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee wrote:
>>
>>> I am looking for some manifest examples, if anyone has any to share!
>>>
>>>
>>> On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark wrote:
>>>
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
> I am having a bit of difficulty implementing hiera-gpg; particularly
with
> accomplishing the deencryption in my manifests. Can anyone either
provide
> a simple example or point me to a good resource? I have searched
alot and
> am still struggling.
>
> Any help would be very appreciated!
>
> Thanks!
> Bee
You just need to have the hiera-gpg gem installed, make sure that gpg is
listed in the backends array in hiera.yaml, then the puppet user needs
to have the private key configured within it's $HOME/.gnupg -where $HOME
is usually /var/lib/puppet.
By default pgp keys are encrypted with a passphrase, which would need to
be supplied and held in a running keyring for that user, so was
previously working around this by using a non-passphrase protected
subkey.
I've now however moved away from hiera-gpg due to performance overhead
on large catalogs and moved to a git post-commit hook that decrypts any
.gpg files to .yaml within a dedicated hierarchy for decrypted files,
using that same insecure private subkey.
Cheers,
--
Richard Clark
rich...@fohnet.co.uk
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/puppet-users.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
It returns 1053. The "sc start" command prints:
[SC] StartService FAILED 1053: The service did not respond to the start
or control request in a timely fashion.
You can easily reproduce it by registering a service with a non-existing
executable:
sc create MyService binPath= C:\NotThere.exe
Then add this to a test.cmd file:
sc start MyService
echo %errorlevel%
On Tuesday, September 3, 2013 10:34:32 AM UTC-4, Rob Reynolds wrote:
>
> What does "cmd /c sc start MyService" return?
>
>
> On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger
> > wrote:
>
>> As I mentioned, I'm running into this issue when the service fails to
>> start.
>> "sc start" returns a failure, Puppet mentions it in the log file.
>>
>> The problem is that "puppet apply" returns 0 (success) to the shell when
>> "sc start" fails.
>> However, "puppet apply --detailed-exitcodes" returns a failure to the
>> shell correctly.
>>
>>
>>
>> On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
>>>
>>> Hi Igor,
>>>You can run "sc start MyService" command manually on your machine
>>> and check whether the service run correctly. Also check the environment
>>> parameters are set for that service.
>>> Can you explain your query in more detail manner.
>>>
>>> Thanks and Regards,
>>> Rahul Khengare,
>>> NTT DATA OSS Center, Pune, India.
>>>
>>>
>>> On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
Hello,
I'm running puppet agent standalone on Windows.
The last step in the manifest is "exec { 'start_service': command =>
"sc start MyService" }".
When the service has a problem and doesn't start, Puppet logs:
/Stage[main]//Exec[start_**service]/returns (err): change from notrun
to 0 failed: sc start MyService returned 29 instead of one of [0]
However, the %errorlevel% returned is still 0.
However, if I use "--detailed-exitcodes", the %errorlevel% is
correctly set to 6.
Regards,
Igor.
--
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users...@googlegroups.com .
>> To post to this group, send email to puppet...@googlegroups.com
>> .
>> Visit this group at http://groups.google.com/group/puppet-users.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> Join us at PuppetConf 2014, September 23-24 in San Francisco
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
What does "cmd /c sc start MyService" return?
On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger wrote:
> As I mentioned, I'm running into this issue when the service fails to
> start.
> "sc start" returns a failure, Puppet mentions it in the log file.
>
> The problem is that "puppet apply" returns 0 (success) to the shell when
> "sc start" fails.
> However, "puppet apply --detailed-exitcodes" returns a failure to the
> shell correctly.
>
>
>
> On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
>>
>> Hi Igor,
>>You can run "sc start MyService" command manually on your machine and
>> check whether the service run correctly. Also check the environment
>> parameters are set for that service.
>> Can you explain your query in more detail manner.
>>
>> Thanks and Regards,
>> Rahul Khengare,
>> NTT DATA OSS Center, Pune, India.
>>
>>
>> On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
>>>
>>> Hello,
>>>
>>> I'm running puppet agent standalone on Windows.
>>>
>>> The last step in the manifest is "exec { 'start_service': command => "sc
>>> start MyService" }".
>>>
>>> When the service has a problem and doesn't start, Puppet logs:
>>>
>>> /Stage[main]//Exec[start_**service]/returns (err): change from notrun
>>> to 0 failed: sc start MyService returned 29 instead of one of [0]
>>>
>>> However, the %errorlevel% returned is still 0.
>>>
>>> However, if I use "--detailed-exitcodes", the %errorlevel% is correctly
>>> set to 6.
>>>
>>> Regards,
>>> Igor.
>>>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Because you are trying out a proof of concept, there is also a chocolatey
provider that I want to mention that will handle packaging on Windows.
There is a hands on lab that you can check out -
https://github.com/chocolatey/puppet-chocolatey-handsonlab
On Tue, Sep 3, 2013 at 9:29 AM, Rob Reynolds wrote:
> Jason,
> We have the built in Windows Package provider that you can use to install
> an MSI from the network share. This looks something like this (from
> http://docs.puppetlabs.com/windows/writing.html#packagepackage):
>
> package { 'Name in Programs and Features':
> ensure => installed,
> provider=> windows,
> source => '\\server\share\msiname.msi',
> install_options => { 'INSTALLDIR' => 'C:\specialDir' },
> }
>
>
> On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew <
> jasonitconsult...@gmail.com> wrote:
>
>> Hello All,
>>
>> I am new to the Puppet world. What I"m trying to do is do a Proof of
>> Concept for puppet to see if we can use it to manage our windows nodes. I
>> have a Dev environment setup with a SLES 11 Puppet master and some windows
>> nodes (Win7,Win2k8).
>>
>> What i'm trying to do is create a "module" to install a windows MSI from
>> a network file share. Can someone share some examples of what I need from
>> the init.pp and also what settings I need to change on the fileserver.conf
>> file?
>>
>> Thanks!
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
>
> --
> Rob Reynolds
> Developer, Puppet Labs
>
> Join us at PuppetConf 2014, September 23-24 in San Francisco
>
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Jason,
We have the built in Windows Package provider that you can use to install
an MSI from the network share. This looks something like this (from
http://docs.puppetlabs.com/windows/writing.html#packagepackage):
package { 'Name in Programs and Features':
ensure => installed,
provider=> windows,
source => '\\server\share\msiname.msi',
install_options => { 'INSTALLDIR' => 'C:\specialDir' },
}
On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew
wrote:
> Hello All,
>
> I am new to the Puppet world. What I"m trying to do is do a Proof of
> Concept for puppet to see if we can use it to manage our windows nodes. I
> have a Dev environment setup with a SLES 11 Puppet master and some windows
> nodes (Win7,Win2k8).
>
> What i'm trying to do is create a "module" to install a windows MSI from a
> network file share. Can someone share some examples of what I need from
> the init.pp and also what settings I need to change on the fileserver.conf
> file?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Incorrect return code for failed exec
As I mentioned, I'm running into this issue when the service fails to start.
"sc start" returns a failure, Puppet mentions it in the log file.
The problem is that "puppet apply" returns 0 (success) to the shell when
"sc start" fails.
However, "puppet apply --detailed-exitcodes" returns a failure to the shell
correctly.
On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
>
> Hi Igor,
>You can run "sc start MyService" command manually on your machine and
> check whether the service run correctly. Also check the environment
> parameters are set for that service.
> Can you explain your query in more detail manner.
>
> Thanks and Regards,
> Rahul Khengare,
> NTT DATA OSS Center, Pune, India.
>
>
> On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
>>
>> Hello,
>>
>> I'm running puppet agent standalone on Windows.
>>
>> The last step in the manifest is "exec { 'start_service': command => "sc
>> start MyService" }".
>>
>> When the service has a problem and doesn't start, Puppet logs:
>>
>> /Stage[main]//Exec[start_service]/returns (err): change from notrun to 0
>> failed: sc start MyService returned 29 instead of one of [0]
>>
>> However, the %errorlevel% returned is still 0.
>>
>> However, if I use "--detailed-exitcodes", the %errorlevel% is correctly
>> set to 6.
>>
>> Regards,
>> Igor.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
On 2 September 2013 17:01, Stuart Cracraft wrote: > How can this be randomized within a range? > > I don't think it can; it suffers from the same issue as splay does, which I explained in some detail last week. > > My fear is that all the boxes will request at a similar some day, by chance > and send a tidal wave over to the master. > I think the only way to allay that fear is to maintain strict control over when each client (or group of clients) checks in, either using cron or mcollective. Or you could set up multiple masters in a load balanced configuration so that your puppet masters can cope with the maximum possible load that can be thrown at them. Regards, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
