Re: [Puppet Users] apache::vhost add prefix to logfiles

2014-10-24 Thread Christopher Webber 
Maybe do something with create_resources and hiera? It has been a while since I 
have done it so I don’t have code handy but it is worth looking at.

— cwebber

> On Oct 24, 2014, at 5:41 AM, Denny  wrote:
> 
> thanks, but this would be far to much work for like 100 vhosts, which I want 
> to sort into 2-3 groups of vhosts
> 
> in fact, it's probably easier to put them into different directories
> 
> Am Freitag, 24. Oktober 2014 14:27:47 UTC+2 schrieb cwebber:
> Ok,
> 
> So when you call `access_log_file => “wordpress_${access_log_file}”` puppet 
> is pulling $access_log_file from the scope in which you called apache::vhost 
> what you probably want to do is something like:
> 
> $vhost_name = ‘vhost.example.com '
> $vhost_type = ‘wordpress’
> 
> apache::vhost {$vhost_name:
>   port=> 80,
>   docroot => "/var/www/html/${vhost_name}”,
>   serveradmin => ‘ihaz...@mail.com ’,
>   access_log_file => “${vhost_type}_${vhost_name}_access.log”,
>   error_log_file  => “${vhost_type}_${vhost_name}_error.log”
> }
> 
>> On Oct 24, 2014, at 5:17 AM, Denny > wrote:
>> 
>> puppetlabs-apache (v1.1.1)
>> 
>> Am Freitag, 24. Oktober 2014 13:35:23 UTC+2 schrieb cwebber:
>> Denny,
>> 
>> Which apache module are you using?
>> 
>> — cwebber
>> 
>>> On Oct 24, 2014, at 12:32 AM, Denny > wrote:
>>> 
>>> Hi there,
>>> 
>>> this is - for sure - pretty easy to solve but I'm a bit stuck right now...
>>> 
>>> I want to add a prefix to my apache-vhost access and error logs depending 
>>> on what kind of application is installed on this vhost
>>> 
>>> Right now my config looks something like this:
>>> 
>>> apache::vhost { 'vhost.example.com ':
>>>   port=> '80',
>>>   docroot => '/var/www/html/someprettywebsite',
>>>   serveradmin => 'dontc...@example.com <>',
>>> }
>>> 
>>> which produces two log files: 
>>> /var/log/http/vhost.example.com _error.log 
>>> /var/log/http/vhost.example.com _access.log
>>> 
>>> 
>>> but what I want is something like:
>>> 
>>> /var/log/http/wordpress_vhost.example.com _error.log 
>>> /var/log/http/wordpress_vhost.example.com 
>>> _access.log
>>> 
>>> I've tried things like the example below, but didn't work :(
>>> 
>>> apache::vhost { 'vhost.example.com ':
>>>   port=> '80',
>>>   docroot => '/var/www/html/someprettywebsite',
>>>   serveradmin => 'dontc...@example.com <>',
>>>   access_log_file => "wordpress_${access_log_file}",
>>> }
>>> 
>>> 
>>> Any suggestions are welcome,
>>> 
>>> Denny
>>> 
>>> 
>>> -- 
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to puppet-users...@googlegroups.com <>.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/0931-1ab3-462a-9441-2ded4a79a879%40googlegroups.com
>>>  
>>> .
>>> For more options, visit https://groups.google.com/d/optout 
>>> .
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/298497a4-6140-4c52-b544-9c2a2c74b58c%40googlegroups.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/15880dcf-6fb8-495d-a12b-b601ea5afa5f%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/p

Re: [Puppet Users] apache::vhost add prefix to logfiles

2014-10-24 Thread Christopher Webber 
Ok,

So when you call `access_log_file => “wordpress_${access_log_file}”` puppet is 
pulling $access_log_file from the scope in which you called apache::vhost what 
you probably want to do is something like:

$vhost_name = ‘vhost.example.com'
$vhost_type = ‘wordpress’

apache::vhost {$vhost_name:
  port=> 80,
  docroot => "/var/www/html/${vhost_name}”,
  serveradmin => ‘ihazem...@mail.com’,
  access_log_file => “${vhost_type}_${vhost_name}_access.log”,
  error_log_file  => “${vhost_type}_${vhost_name}_error.log”
}

> On Oct 24, 2014, at 5:17 AM, Denny  wrote:
> 
> puppetlabs-apache (v1.1.1)
> 
> Am Freitag, 24. Oktober 2014 13:35:23 UTC+2 schrieb cwebber:
> Denny,
> 
> Which apache module are you using?
> 
> — cwebber
> 
>> On Oct 24, 2014, at 12:32 AM, Denny > 
>> wrote:
>> 
>> Hi there,
>> 
>> this is - for sure - pretty easy to solve but I'm a bit stuck right now...
>> 
>> I want to add a prefix to my apache-vhost access and error logs depending on 
>> what kind of application is installed on this vhost
>> 
>> Right now my config looks something like this:
>> 
>> apache::vhost { 'vhost.example.com ':
>>   port=> '80',
>>   docroot => '/var/www/html/someprettywebsite',
>>   serveradmin => 'dontc...@example.com ',
>> }
>> 
>> which produces two log files: 
>> /var/log/http/vhost.example.com _error.log 
>> /var/log/http/vhost.example.com _access.log
>> 
>> 
>> but what I want is something like:
>> 
>> /var/log/http/wordpress_vhost.example.com_error.log 
>> /var/log/http/wordpress_vhost.example.com 
>> _access.log
>> 
>> I've tried things like the example below, but didn't work :(
>> 
>> apache::vhost { 'vhost.example.com ':
>>   port=> '80',
>>   docroot => '/var/www/html/someprettywebsite',
>>   serveradmin => 'dontc...@example.com ',
>>   access_log_file => "wordpress_${access_log_file}",
>> }
>> 
>> 
>> Any suggestions are welcome,
>> 
>> Denny
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/0931-1ab3-462a-9441-2ded4a79a879%40googlegroups.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/298497a4-6140-4c52-b544-9c2a2c74b58c%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2B21DE26-29DC-45A9-AEFF-A213970EFF48%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] apache::vhost add prefix to logfiles

2014-10-24 Thread Christopher Webber 
Denny,

Which apache module are you using?

— cwebber

> On Oct 24, 2014, at 12:32 AM, Denny  wrote:
> 
> Hi there,
> 
> this is - for sure - pretty easy to solve but I'm a bit stuck right now...
> 
> I want to add a prefix to my apache-vhost access and error logs depending on 
> what kind of application is installed on this vhost
> 
> Right now my config looks something like this:
> 
> apache::vhost { 'vhost.example.com':
>   port=> '80',
>   docroot => '/var/www/html/someprettywebsite',
>   serveradmin => 'dontcal...@example.com',
> }
> 
> which produces two log files: 
> /var/log/http/vhost.example.com_error.log 
> /var/log/http/vhost.example.com_access.log
> 
> 
> but what I want is something like:
> 
> /var/log/http/wordpress_vhost.example.com_error.log 
> /var/log/http/wordpress_vhost.example.com_access.log
> 
> I've tried things like the example below, but didn't work :(
> 
> apache::vhost { 'vhost.example.com':
>   port=> '80',
>   docroot => '/var/www/html/someprettywebsite',
>   serveradmin => 'dontcal...@example.com',
>   access_log_file => "wordpress_${access_log_file}",
> }
> 
> 
> Any suggestions are welcome,
> 
> Denny
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/0931-1ab3-462a-9441-2ded4a79a879%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/F2F5CF40-208B-4A8D-9F94-5FB6DF89B27E%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How can Puppet query from Sybase - Facter or Hiera?

2014-10-21 Thread Christopher Webber 
Assuming the libraries to connect to sybase from ruby exist… you could just 
write a custom function. 
https://docs.puppetlabs.com/guides/custom_functions.html 


so basically you want to do something like:


$workgroup = sybase_workgroup($::hostname)

case $workgroup {

‘A’: {
$template = template(‘modulename/A/template.erb’)
}
‘B’: {
$template = template(‘modulename/B/template.erb’)
}
default: {
$template = template(‘modulename/default/template.erb’)
}
}

And then the custom function would do something like
 
require ‘an_sybase_library’

module Puppet::Parser::Functions

newfunction(:sybase_workstation) do |args|
db = sybase_db_connection
result = db.query(“SELECT workgroup FROM workgroups WHERE 
hostname = ‘#{args[0]}’”)
result[‘workgroup’]
end
end


Totally full of pseudo code, but that hopefully makes sense.

— cwebber

> On Oct 21, 2014, at 7:20 AM, Stella  wrote:
> 
> Hi Johan,
> 
> Thank you very much for the  information. 
> 
> I am not using the machine information from Sybase to do node classification 
> in puppet.  My node classification is done by Puppet Dashboard. 
> 
> My Sybase database doesn't contain any puppet class information. It contains 
> the hostname and the workgroup the host belongs to.  What I want to return 
> from my database query is: given a hostname, please tell me which workgroup 
> it belongs to, then based on the workgroup value, my puppet class will decide 
> which template to apply to this host. 
> 
> That's why I think a custom fact might do this job: I will define a custom 
> fact, which will get hostname and then connect to Sybase to determine this 
> host's workgroup. I actually already have the perl script to do this job, but 
> need to convert it to Ruby scirpt (puppet fact is defined in Ruby). 
> 
> I am still doing research to find out what is the best approach. Will let you 
> know. 
> 
> Thanks,
> Stella
> 
> On Monday, October 20, 2014 5:36:50 PM UTC-4, Johan De Wit wrote:
> Hi Stella, 
> 
> my first thought goes to implement a ENC script. Since you are already 
> keeping inventory data in a database, you could keep everything in one place. 
>  If it is possible to add puppet support, in practice, make it possible to 
> assign puppet classes to your nodes in your sybase setup.
> 
> If that is not possible, I would look at a hiera backend getting the info 
> from your sybase database.
> 
> Keep in mind that it is the puppet master that needs the info from your 
> sybase database, so facts is not really an option.  
> 
> (technically you can, but then every node needs access to your database, but 
> your master can get the needed info also, only keep in mind your master 
> identifies the nodes with the 'clientcert' or 'certname'. 
> 
> Personally, I would go for the ENC first place, hiera in second, but facts is 
> a no-go. 
> 
> hth a bit
> 
> jo   
> 
> 
> 
> On 20/10/14 19:27, Stella wrote:
>> Hi,
>> 
>> I am using Puppet 3.62. Trying to figure out what is the best way to connect 
>> to my sybase database to query machine information.
>> 
>> Which is better: 
>> 
>> 1. Define facts that will connect to my sybase and do the query.
>> 
>> 2. Use Hiera to connect to my sybase and do the query.
>> 
>> Anyone has any example to share? 
>> 
>> Thanks!
>> 
>> Stella
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/69fa9702-708a-442c-803c-1b3bead7ab2f%40googlegroups.com
>>  
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> Johan De Wit
> 
> Open Source Consultant
> 
> Red Hat Certified Engineer  (805008667232363)
> Puppet Certified Professional 2013/2014 (PCP006)
> _
>  
> Open-Future Phone +32 (0)2/255 70 70
> Zavelstraat 72  Fax   +32 (0)2/255 70 71
> 3071 KORTENBERG Mobile+32 (0)474/42 40 73
> BELGIUM http://www.open-future.be 
> 
> _
>  
> 
> Upcoming Events:
> 
> Puppet Introduction Course | 
> http://www.open-future.be/puppet-introduction-course-13th-october 
> 
> Puppet Practitioner Training | 
> http://www.open-future.be/puppet-practitioner-f

Re: [Puppet Users] Applying exec only 1x - Dell OMSA setup

2014-09-28 Thread Christopher Webber 
The simplest way is to add a `creates` parameter for the binary or directory 
the installer creates. 

-- cwebber

> On Sep 28, 2014, at 18:26, JonY  wrote:
> 
> My instructions for setting up the repo and such for Dell OpenManage start 
> with this command "wget -q -O - 
> http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash". It turns 
> out the .cgi file has some cumbersome logic in it to determine OS and so 
> forth - more so than I want to implement in a module.
> 
> So my question is - what's the proper way to apply this exec only once? I've 
> used the 'depend on changes to a dummy file' to limit execs in the past but 
> this seems like a real kludge.
> 
> Similarly - what's a better way to run this command (or achieve the same end 
> result)?
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/d8c1027d-029b-441c-a12d-fd6404971bcd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3B3D576B-D1B4-4231-8966-1C818A3841B0%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Announce Only List

2011-08-26 Thread Christopher Webber 
Is there an announce only list for Puppet at this point?

-- cwebber

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: A working firewall module

2011-07-10 Thread Christopher Webber 
I have been working on doing something similar to this. We want to abstract for 
multiple OS's and deal with the joy that is Solaris zones.

Essentially, it will be a resource that defines the fw rules in XML and then a 
script takes all of those definitions and creates a complete set of firewall 
rules.

I am waiting to hear back on our code release policy to see what it takes to 
release it once I am done.

-- cwebber

On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote:

> FYI
> I don't know it it may be useful , but I've done this:
> https://github.com/example42/puppet-modules/tree/master/iptables
> which can be used in 2 ways:
> - a "standard" iptable-save approach (set $iptables_config = "file" before to 
> enable it) with rules file defined in 
> https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp
> (here you have to add source or content arguments to mange it with static 
> files or templates according to your need)
> - an "automatic" way (default option when you include the module) that 
> dymanically builds iptables rules according to the modules you include and 
> the iptables related variables you set (see the README)
> This actually works if you use the Example42 modules (or at least the 
> firewall defines included in each one).
> It's quite nice to see it working adding or removing dynamically but, I must 
> admin, is a bit resource intensive (a puppet resoutce for each dymanic rule).
> 
> Regards
> Al @ Lab42
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Git Workflow

2011-05-03 Thread Christopher Webber 
We have a single master branch and then check various branches out into
dev. I wrote up an article about how our env works a few months back. It
may be useful to look at.

https://cwebber.ucr.edu/2011/03/multiple-environments-in-puppet/

My guess is that eventually we will have multiple dev environments to
allow different things to go on at once.

--cwebber

On 5/3/11 9:16 AM, "Stefan Schulte"  wrote:

>Hi,
>
>I would like to know how your workflow looks like when you're writing
>manifests. Currently we have the following construct:
>
>* 1 git repository with all modules
>* 3 git branches: dev, staging, prod
>* 3 puppet environments: dev, staging, prod
>
>The modulepath of each environment is a checkout of the corresponding
>branch. Writing/Editing manifests only happens in dev. If you're done
>you commit your work to a central repo. If dev is somewhat stable
>it is merged into staging (fast-forward-merge) etc.
>
>This comes with a few problems:
>* If all your systems are running prod and you change something big
>  (e.g. new filesystem layout) you only have too options: Change all your
>  machines to follow the new standard or take the machines you cannot
>  change out of puppet control.
>* There are changes I make in dev that I want to take immediate effect.
>  Example: Deploy the SSH-Key of a new employee to all machines. I can
>  add the key in dev and then cherry-pick the commit in the other
>  branches but I'm not yet sure if that is really a good idea.
>
>So how do you use environments and branches? One Repository for each
>module or one repository for all modules? Do you use git tag to tag
>certain revisions? Do you run your servers agains different "releases" of
>your manifests or do you just have one "prod" environment?
>
>-Stefan


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Testing changes before deployment

2011-03-22 Thread Christopher Webber 
I actually wrote up a post about using multiple environments for this
purpose. It includes the process flow chart as well.

http://cwebber.ucr.edu/2011/03/multiple-environments-in-puppet/

--cwebber

On 3/22/11 2:10 PM, "Thomas Bellman"  wrote:

>Giovanni Bordello wrote:
>
>> But what if I need to do a web-server specific change? And then
>> Mail-server specific change? If I had only one test client machine I
>> would have to reinstall it every time I needed to do verify a change
>>for 
>> a different group of servers. That's hardly a way to go. There must be
>>a 
>> better approach.
>> 
>> How do you guys test puppet changes before they go live?
>
>First of all, we do have multiple environments, so we can test
>new versions of the manifests before taking them into production.
>There is of course the an environment named "production" which
>clients are usually running from.  Then each sysadmin has their
>own personal environment, and some of us have multiple personal
>environments.  We do our changes in our personal environment,
>test them, and when we feel they are ready, we push them to the
>central Git repository, and then do a 'git pull' in the production
>environment.  I highly recommend this.
>
>Our approach to test machines vary a bit depending on how extensive,
>invasive and risky changes we are making.  If I'm doing something
>small and simple, like adding a member to a mail alias on the email
>server, I just do that, commit, push, pull and let puppetd on the
>email server do its job.  (Since I only run puppetd every fourth
>hour, not every thirty minutes, I might do a manual run of puppetd
>to apply my change quicker.)
>
>For somewhat larger changes, but changes where I feel the risk of
>actually harming the server is very low, I would first run puppetd
>manually in no-op mode on the live client against my environment.
>If that looks okay, I will then run puppetd again and let it do its
>changes, and then I test that my changes work as I intended.  If
>they don't, then I revert them (usually manually), and go back to
>fixing my manifests.
>
>When the risk gets higher, or if I think something will take me
>some time to implement, I install a test server.  That will usually
>be a Xen guest.  I make a new node definition in my manifests that
>is a copy of the real server I want to change, except that it has
>different hostname, IP address, and MAC address.  Then I install
>CentOS on that with kickstart (ca 5 minutes), and run Puppet on
>it (less than 15 minutes).  I have Puppet generate Xen config
>files and a kickstart file for the test machine on the Xen host,
>so it is fairly painless.  I do need to manually create the LVM
>volumes for the virtual disks, but all in all I can easily have
>a clone of server up and running in 30 minutes, including adding
>the test machine to DNS and DHCP, installing OS on it and running
>Puppet on it.
>
>When I have my test server up and running, I do all my testing
>on that.  When I'm close to finished with extensive changes, I
>often re-install my test server from scratch to check that
>everything really works.  Often I find that they don't (typically
>some missed dependencies) and have to fix that, and then I do
>a new re-install.
>
>Since virtual servers are fairly cheap (and I can often give
>them less CPU, memory and disk than the real server needs), I
>sometimes have several such test servers running, if I am doing
>work on several different features at the same time.  (That would
>typically be because I started on doing something, then some
>other change with higher priority came up and I had to put my
>original work aside for a few days or weeks.)
>
>
>Where the limit is for something you dare test directly on live
>production servers, would vary between organisations.  We can
>usually tolerate the occasional unplanned downtime if they are
>short enough, so I probably have a higher threshold than many
>others before I install a separate test machine.
>
>But regardless of how high risks you can take with your production
>machines, I heartily recommend that you make it easy to create and
>install test machines.  Virtualization is really nice for that.
>
>
>/Bellman
>
>-- 
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
>


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Exported Resources and Environments

2011-02-25 Thread Christopher Webber 
I am running 0.24.8 clients and a 2.5.5 master. When I moved to separate
environments I noticed that the exported resources did not respect
environment boundaries. For example, an exported nagios_host resource that
was exported by a node in the dev environment showed up in the production
nagios config.

Is this a feature or a bug? I can see it going both ways but don¹t want to
take advantage of this situation if that is not the case. Does this same
situation exist in 2.6.x?

Thanks.

-cwebber



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] FYI: Mac Configuration Management at the Los Alamos National Laboratory white paper

2010-06-14 Thread Christopher Webber 
I went to download this and it returned a 404. Is it still available somewhere?

-- cwebber

On Jun 4, 2010, at 4:59 PM, Marcus, Allan B wrote:

> Here's a white paper you may be interested in.
> 
> The Los Alamos National Laboratory (LANL) had a need for central 
> configuration management of non-Windows computers. LANL has three to five 
> thousand Macs and an equal number of Linux based systems. The primary goal 
> was to be able to inventory all non-windows systems and patch Mac OS X 
> systems. LANL examined a number of commercial and open source solutions and 
> ultimately selected Puppet.
> 
> This paper will discuss why we chose Puppet, how we implemented it, and some 
> lessons we learned along the way.
> 
> 
> http://www.afp548.com/filemgmt/index.php?id=108&comments=1
> 
> ---
> Thanks,
> 
> Allan Marcus
> 505-667-5666
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Apache load balancing problem with 0.25.0

2010-05-26 Thread Christopher Webber 
Was a solution to this issue ever found? I just upgraded my puppetmaster to 
0.25.5 and the only client that is having issues is the only client running 
0.25.5.

-- cwebber

On Sep 9, 2009, at 1:14 PM, martin wrote:

> 
> On Sep 9, 5:35 pm, Martin Englund  wrote:
> 
>> Inspecting the code where it fails makes me scratch my head (code
>> included at the bottom). The variable "format" is, according to the
>> error message, "text/html" - but that should have matched then when
>> clause "%r{\w+/\w+}".
>> 
> I'm one step closer: I've figured out that mime("text/html") returns
> nil, so now I need to figure out how to get my apache reverse proxy to
> let puppetd know it accepts yaml, marshal, raw & json...
> 
> cheers,
> /Martin
> 
>> puppet/network/format_handler.rb:
>> 
>> # Return a format name given:
>> #  * a format name
>> #  * a mime-type
>> #  * a format instance
>> def self.format_to_canonical_name(format)
>> case format
>> when Puppet::Network::Format
>> out = format
>> when %r{\w+/\w+}
>> out = mime(format)
>> else
>> out = format(format)
>> end
>> raise ArgumentError, "No format match the given format name or
>> mime-type
>>  (%s)" % format if out.nil?
>> out.name
>> end
>> 
> 
> --~--~-~--~~~---~--~~
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en
> -~--~~~~--~~--~--~---
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Possible options to transfer information from nodes to master?

2010-04-07 Thread Christopher Webber 
This is what facter is used for. This should get you started.
http://docs.puppetlabs.com/guides/custom_facts.html

-- cwebber

On Apr 7, 2010, at 6:57 AM, Tore wrote:

> What options does puppet provide to transfer information back to
> puppetmaster?
> 
> I just wrote a quick manifest to create files on the puppetmaster
> based on information from the nodes:
> http://pastebin.com/MyurwLrE
> 
> Then it struck me, this wont work at all since (of course) the
> configuration is compiled locally on the master, then transfered to
> the nodes. Hence, all files would have the same content, but different
> names.
> 
> I'm little stuck here, what options do I have to solve this problems?
> I have a few cases where just retrieving file X from all nodes would
> be excellent, e.g. httpd.conf, just to diff them locally to verify
> that no differences is present, before adding a manifest for handling
> that file.
> 
> Does puppet have anything in stock for me here?
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Firewall between master and client?

2009-11-19 Thread Christopher Webber 
No. The client pulls down the config, initiating the session.

-- cwebber

On Nov 19, 2009, at 7:12 AM, JoE wrote:

> I understand that puppet needs port 8140 tcp/udp open for server and
> client.
>
> Will puppet work if a firewall is set up between these two hosts that
> only allows traffic from the server to the client (server -> client),
> or is two communication required?
>
> Thanks for the help,
>
> -JoE
>
> --
>
> You received this message because you are subscribed to the Google  
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl= 
> .
>
>

--

You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=.

[Puppet Users] Re: Multihomed puppet-server Multidomain SSL Problem

2009-11-13 Thread Christopher Webber 

I would love to see an answer to this as well. I have basically ended  
up just adding an entry to /etc/hosts to make it possible to connect  
to the secondary interface.

-- cwebber

On Nov 13, 2009, at 6:40 AM, Hubert Krause wrote:

>
> Hello List,
>
> I have a problem with the CA on my Puppetmaster. This Puppetmaster is
> connected to different Networks with different sub domainnames. The  
> Puppet
> clients connecting via different Interfaces. There is no routing  
> between
> subnets. Only one subnet can connect successfully. This is because the
> subject in the Certificate is the name of this subnet. All other  
> clients get:
>
> Could not retrieve catalog: Certificates were not trusted: hostname  
> not match
> with the server certificate
>
> If I use just the hostname, no client can connect successfully. It  
> seems to
> be, that there is allways the need for a single fqdn.
>
> The puttemaster is served via Passenger and Apache2.
>
> Is there a way to use the nice to use puppetca tool in this szenario  
> or do I
> have to provide as much CAs as I have subnets and do cert signing by  
> hand? Or
> is there another solution?
>
> Any hints will be very welcome.
>
> Cheers,
>
> Hubert
> -- 
> Hubert Krause
> Risk & Fraud Division
> INFORM GmbH, Pascalstraße 23, 52076 Aachen, Germany
> Phone: +49 24 08 - 94 56 188
> E-Mail: hubert.kra...@inform-ac.com, Web: http://www.inform-ac.com
> INFORM Institut fuer Operations Research und Management GmbH
> Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Opensolaris: beyond zones

2009-11-12 Thread Christopher Webber 

Yes.

-- cwebber

On Nov 12, 2009, at 8:55 AM, windowsrefund wrote:

>
>
>
> On Nov 12, 11:32 am, Christopher Webber  wrote:
>> We treat zones like normal nodes for the most part. There is a
>> separate base class that is zone specific but otherwise we don't do
>> things any differently.
>>
>
> So each zone runs a puppet client?
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Opensolaris: beyond zones

2009-11-12 Thread Christopher Webber 

We treat zones like normal nodes for the most part. There is a  
separate base class that is zone specific but otherwise we don't do  
things any differently.

-- cwebber

On Nov 12, 2009, at 8:28 AM, windowsrefund wrote:

>
> Getting past zone creation, I'm curious to know how people are
> managing zone-specifics like users, packages, and services.
>
> Looking forward to this thread...
>
> Adam
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Workstations and Certs

2009-07-03 Thread Christopher Webber 

I am currently working on doing a very similar thing with kickstart.  
There are two ways you can deal with the hostname... have PHP do an  
nslookup for the ipaddress that is connecting (prefered for security  
reasons), or just pass it as an argument to the PHP script.

Chris

On Jul 3, 2009, at 6:12 AM, Gary Larizza wrote:

>
> I love where this thread is going, I too share in this problem.
>
> Kurt:  Puppet is still being run on the client because the client is
> using a cached config (am I right on this guys?).
>
> I love the scripted ssh key, but ALSO love the PHP script that could
> be CURL-ed from the client.  Will a PHP script be able to capture the
> hostname of a connecting client?  From there, the php script could
> call puppetca to clean the cert and create a new one...would this be
> cleaner than bundling a cert with your base-image?  Unfortunately, I'm
> not that versed in PHP to hash a script out from scratch.  Does anyone
> have a rough outline that we could steal?
>
> -Gary
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Using Puppet on Machines Where I Don't Have Root?

2009-05-26 Thread Christopher Webber 
Run puppet --genconfig and find all the parameters that would need to  
be changed to make it work. Most if not all of the important stuff can  
be modified by either args to puppet/d or via the puppet.conf

Chris

On May 26, 2009, at 10:53 PM, Brian Ferris wrote:

> I understand that I can only edit files where permissions allow.   
> But can I run puppet without a "puppet" user?
>
> Basically, after reading over the documentation, I noticed a number  
> of references to users ("puppet") and paths (/var/...) that puppet  
> needs to run that I won't be able to create / have access to because  
> I don't have root on the boxes.  But I didn't see any obvious  
> command lines options / config settings for changing those users and  
> paths.
>
> I understand if this is not how puppet was designed to be used, but  
> I figured I'd give it a shot.
>
>
> On Tue, May 26, 2009 at 10:19 PM, RijilV  wrote:
>
> 2009/5/26 Brian Ferris :
> >
> > I'd like to use puppet to manage configuration files on a couple of
> > machines.  The catch is that I don't have root on these machines.   
> Is
> > this possible?  What kind of issues am I going to run into?
> >
>
>
>
> well you can do anything with puppet the user you're running it as
> has permissions to do.  So if your user is allowed to manage whatever
> configuration files you're looking to manage, then sure.
>
> If you want to manage a resource that's not owned by your user, then
> puppet can't help you with your privilege esclation needs.
>
> .r'
>
>
>
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: LDAP Nodes, Solaris Puppetmaster and SSL/TLS

2009-03-25 Thread Christopher Webber 
I am using OpenLDAP on both ends. ldapsearch works with both start_tls  
and via ssl. It seems that the issue is directly related to the ruby- 
ldap libraries.

Chris

On Mar 25, 2009, at 1:54 PM, Rob McBroom wrote:

>
> On 2009-Mar-23, at 4:48 PM, Christopher Webber wrote:
>
>> Does anyone have a puppetmaster working on Solaris that uses LDAP
>> nodes and connects to the ldap server using SSL or TLS? I have tried
>> everything to make it happen but cant seem to find the magical
>> combination, if there is one, to get ruby-ldap compiled so that it
>> works with TLS or SSL.
>
>
> I've never tried what you're doing, but I've dealt with my share of
> Solaris/LDAP/SSL problems, so I'll try to help.
>
> I take it ldapsearch, etc. are working with SSL/TLS? Are you using
> OpenLDAP or Sun's LDAP?
>
> -- 
> Rob McBroom
> <http://www.skurfer.com/>
>
> Because it screws up the order in which people normally read text.
>
> Original message:
>
>> Why is it bad to top-post your reply?
>
>
>
>
> >


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] LDAP Nodes, Solaris Puppetmaster and SSL/TLS

2009-03-23 Thread Christopher Webber 

Does anyone have a puppetmaster working on Solaris that uses LDAP  
nodes and connects to the ldap server using SSL or TLS? I have tried  
everything to make it happen but cant seem to find the magical  
combination, if there is one, to get ruby-ldap compiled so that it  
works with TLS or SSL.

Chris

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---