[Puppet Users] Integrating puppet with etckeeper and similar tools.
G'day. We are currently looking to integrate etckeeper[1] into our puppet managed hosts, especially the legacy hosts that are still partially under manual control. etckeeper is, essentially, a wrapper around a VCS for /etc, tracking changes in file content. When I say "integrate" I mean, specifically, that we would like puppet to commit any changes using etckeeper after running, to capture all the changes into the revision history.[2] So, essentially, what I would like is to run an 'exec' command at the very end of puppet processing, after *all* other actions are complete. It there any sane way to express this in the puppet language? (We do already run puppet from a shell script, so I will integrate this there if I can't do it within the manifest, but I would rather avoid that path if I can...) Regards, Daniel Footnotes: [1] http://kitenet.net/~joey/code/etckeeper/ [2] This also allows us to push those changes to a central host, do change reporting and other similar VCS based activity. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: mailalias ... not doing anything???
yeah ... "ensure => present" helped, i must have misunderstood the doco... Also, the name does not need to be there Thanks for the help chakkerz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Log rotation and puppet clients dying
On Thu, Feb 5, 2009 at 7:47 AM, Luke Kanies wrote: > On Feb 3, 2009, at 1:01 PM, Ian Burrell wrote: >> >> We are having a problem with some of the puppet clients dying during >> the weekly log rotation reload. We are using Centos 4 with puppet >> 0.24.6. It seems to be a race condition with clients that reload when >> the puppetmaster is restarting exit. The redhat logrotate script does >> "/etc/init.d/puppetmaster condrestart" and "/etc/init.d/puppet >> reload". Reloading puppet when the puppetmaster is stopped doesn't >> seem to be a problem. My guess is that there is a period when the >> puppetmaster is starting when the puppetd fails when it contacts the >> server. Unfortunately, I don't see anything in the logs on the >> clients. >> >> Has anyone seen this problem? > > Can you get a stack trace from the clients? > > The last few releases have seen us greatly reduce the number of cases > where puppetd can exit on failure, and we might have already resolved > the one you're seeing. I know that either 0.24.6 or 0.24.7 had a > problem where if the first connection to the master failed, the client > would exit. I hope that was fixed in 0.24.7, because that could mean > your problem's already fixed. :) > There are no errors from the restarted puppetd. The redhat puppet.logrotate script redirects all the output. There are also no logs in the rotated file but it is likely that puppetd is failing before opening the logs. The last line in the old logs are: Sun Feb 01 04:02:11 -0800 2009 Puppet (notice): Restarting with '/usr/sbin/puppetd --server=edev2.rtkinternal --logdest=/var/log/puppet/puppet.log --waitforcert=500' Sun Feb 01 04:02:11 -0800 2009 Puppet (notice): Shutting down I am going to patch the logrotate script to keep all the output and send it through cron email. We are running 0.24.6. I may start upgrading to 0.24.7. - Ian --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Thoughts: Advantages of having a puppetmaster ?
On Feb 5, 2009, at 11:53 AM, Nigel Kersten wrote: > > So we've been tossing around the idea of rsyncing our puppet manifests > onto our laptop clients and always running puppet locally. > > This is primarily due to having conditional puppet manifests that > depend upon facts that may change when the clients are offline, so the > compiled catalog doesn't change until the clients can connect to the > puppetmaster(s) again. > > On the assumption that exposing the puppet manifests themselves to the > clients doesn't create any security issues, I'm interested in people's > thoughts on the advantages of having a puppetmaster for a laptop > client base. I'm thinking that you'll lose reporting and manifest delivery. On the other hand, delivery isn't that hard. And puppet reporting seems pretty bare-bones out of the box anyway. This may be a good way to more easily integrate puppet into an existing management solution that already handles delivery and reporting rather than integrate all that into puppet server. So this sounds appealing to me. Will puppet standalone continue to be supported as a first class citizen? Kyle --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
On Feb 5, 2009, at 10:36 AM, Benoit Decherf wrote: > Ok. > > About the external nodes, why doesn't it possible to use definition ? > I use definition to create an instance of tomcat for exemple. So I'd > like to be able to create a node with 2 or more instances. > Why there is this limitation ? You can use definitions, you just can't use them in your external nodes tool. Put the definitions in a class, and use the external nodes tool to specify that a node is a member of that class. -- When a man tells you that he got rich through hard work, ask him: 'Whose?' --Don Marquis - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Problem with some of my puppet clients running
> On Feb 4, 2009, at 6:49 PM, Steven Nemetz wrote: > > > All my puppet clients were running ok. > > Then 2 things happened yesterday: > > 1) I had puppet upgrade facter to 1.5.3 everywhere. Most were > > running 1.3.8 prior. > > 2) We had network problem, causing one of our datacenters to > > go offline > > > > The network problems have been fixed and was not related to the > > systems I'm having trouble with. Was a different data center. > > > > I found about a dozen systems where puppet was still running but not > > talking to the master and puppetrun gave no error triggering them, > > but they did nothing. > > Restarting puppet on most of these systems fixed the problem. But I > > still have 4 CentOS 4 systems that will load, but not process the > > config or request one from the master. > > > > Startup messages in debug mode are: > > > > debug: Creating default schedules > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/certs/admin4006.sfo.proofpoint.com.pem]: > > Autorequiring File[/var/lib/puppet/ssl/certs] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/ > > lib/puppet/state]: Autorequiring File[/var/lib/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/ > > lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/etc/ > > puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/ > > lib/puppet/lib]: Autorequiring File[/var/lib/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/var/lib/puppet/ssl/ > > certs] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/csr_admin4006.sfo.proofpoint.com.pem]: Autorequiring > > File[/var/lib/puppet/ssl] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/private_keys/admin4006.sfo.proofpoint.com.pem]: > > Autorequiring File[/var/lib/puppet/ssl/private_keys] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/ > > state] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/public_keys/admin4006.sfo.proofpoint.com.pem]: > > Autorequiring File[/var/lib/puppet/ssl/public_keys] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/ > > lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > var/log/puppet/http.log]: Autorequiring File[/var/log/puppet] > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > var/lib/puppet/state/state.yaml]: Changing mode > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > var/lib/puppet/state/state.yaml]: 1 change(s) > > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/ > > var/lib/puppet/state/state.yaml]/mode: mode changed '640' to '660' > > debug: Finishing transaction -605596728 with 1 changes > > info: Starting handler for Runner > > info: Starting server for Puppet version 0.24.4 > > info: Listening on port 8139 > > notice: Starting Puppet client version 0.24.4 > > debug: Loaded state in 0.00 seconds > > It then just sits there. All 4 systems behave the same. They are > > spread across 2 data centers, but all talk to the same puppet master. > > I've also noticed that these are very slow at exiting puppet. > > > > Anyone have any ideas what could have happened to these 4 systems? > > Might you have a fact that's broken, or something similar? That's > been the cause of 99% of the startup hangs I've seen. > > -- > It isn't necessary to have relatives in Kansas City in order to be > unhappy. -- Groucho Marx > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > The only facts that have changed are the ones that facter 1.5.3 installed. Facter will run from the command line. Only thing I've noticed since installing 1.5.3 is that if run as root facter returns all data with no errors, but if not run as root facter appears to return all data but it also returns an error on many systems. I've only seen 1 error per system, but 2
[Puppet Users] Re: shorewall module
>> [4] https://git.puppet.immerda.ch/?p=module-shorewall;a=summary
>
> as I'm involved in 1,2 and 4 I try to answer:
> 1 and 4 should be nearly identical, 1 is more or less just a mirror of 4.
> However 4 is the one which should be more uptodate.
OK, I've just tried the common and shorewall modules from 4 and the
problem persists.
> both (1,2) and 4 are active in productive environments and are working fine.
So it is something I'm doing wrong (this is good to hear but still frustrating).
> the exec referenced in you're error sounds like something wrong in the
> common module.
>
> are you importing the common and the shorewall module on top of your
> site.pp?
My site.pp begins with the following line:
import "modules"
I have a modules.pp that has the following lines:
import "common"
import "shorewall"
import "nodes"
I'm using it like so (in nodes.pp):
class firewall inherits shorewall::debian {
## base interface
shorewall::interface {
'virbr1': zone => 'net';
'virbr0': zone => 'loc';
}
...
}
node 'fw.example.com' {
include firewall
}
> which common module are you using? I would suggest to use either david's
> shorewall and david's common module together, or mine combined, but not
> mixed up.
I'm using the one from 4. Just downloaded it 5mins ago.
> can you further check if the common module is doing an alias on a exec in
> the concatenated_file that an exec named/aliased as above should be
> generated?
I believe that is what is happening. The important part of
concatenated_file.pp is:
$dir_real = $dir ? { '' => "${name}.d", default => $dir }
...
exec { "concat_${name}":
command => "/usr/bin/find ${dir_real} -maxdepth 1
-type f ! -name '*puppettmp' -print0 | sort -z | xargs -0 cat
${additional_cmd} >| ${name}",
refreshonly => true,
subscribe => [ File[$dir_real] ],
before => File[$name],
alias => [ "concat_${dir_real}"] ,
}
> I never got any answers if people got it working in the past. Would be nice
> to know what the reason for your problem have been and how it could be
> fixed.
Don't worry, I'm pretty determined to solve this problem. :) Thanks
for taking the time to help!
Scott
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Facter - the future - your input needed
On Wed, Feb 4, 2009 at 10:08 PM, Luke Kanies wrote: > There are basically three choices here, from what I see: > > * A file containing a simple value > > * An executable file that produces a value > > * A yaml/json/xml/foo-encoded file that describes metadata necessary > to determine a value. This could even include code inline, I assume. > > I like the last one best, and really, you could autodetect: If it's a > plain file name (no extension) and isn't executable, it's a value; if > it's executable, it's a script; if it has a supported extension, parse > it and interpret it internally. ++ I'm totally in favor of having all three options there, and yes, autodetection should be really easy. I hadn't thought of having files that contain a simple value, but once it was raised, I realized that we have a whole bunch of facts that could be switched over to using this method. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Thoughts: Advantages of having a puppetmaster ?
So we've been tossing around the idea of rsyncing our puppet manifests onto our laptop clients and always running puppet locally. This is primarily due to having conditional puppet manifests that depend upon facts that may change when the clients are offline, so the compiled catalog doesn't change until the clients can connect to the puppetmaster(s) again. On the assumption that exposing the puppet manifests themselves to the clients doesn't create any security issues, I'm interested in people's thoughts on the advantages of having a puppetmaster for a laptop client base. -- Nigel Kersten Systems Administrator Tech Lead - MacOps --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
Ok. About the external nodes, why doesn't it possible to use definition ? I use definition to create an instance of tomcat for exemple. So I'd like to be able to create a node with 2 or more instances. Why there is this limitation ? >> What are the 10% missing ? >> Does ldap node implements multi-inheritance as describes in the >> kinial spec ? >> > > Heh, well, I haven't looked at the kinial stuff in a long time, so I > basically made up the 90% number. > > No, ldap doesn't support multiple inheritance, although it would be > easy to add. > > Other than that, it probably does have nearly all of the > functionality. It just doesn't have all of the other stuff I wanted. > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
On Feb 5, 2009, at 9:56 AM, Trevor Vaughan wrote:
>
> So, can we officially call it a feature?
>
> I've been avoiding using it because I thought that it was a problem
> but it does get around the "can't change a variable" issue. You just
> have to be *really* careful about changing it.
Um, sure? I don't like committing to things, but...
>
> On Thu, Feb 5, 2009 at 10:55, Luke Kanies wrote:
>>
>> On Feb 5, 2009, at 9:45 AM, Trevor Vaughan wrote:
>>
>>>
>>> Benoit,
>>>
>>> If you want to globally change the value of a variable something
>>> that
>>> may either be a feature or a bug(?) is to pass it through an ERB and
>>> use a '!' ruby statement.
>>>
>>> It changes it in memory until the puppetmaster is restarted.
>>>
>>> I.e.
>>>
>>> $myvar = 'foo'
>>>
>>> define bar ($stupidvar = "nil" ) {
>>> stupidvar = template(changeglobal.erb)
>>> }
>>>
>>> --- changeglobal.erb ---
>>>
>>> <% myvar.gsub!(/^.*$/new string/) %>
>>>
>>> --- end ---
>>>
>>> It seems to work in 0.24.6, but heck if I know if it's supposed to.
>>
>> Heh, nice. Yeah, Puppet's call-by-value, so if you modify the value,
>> the modification will stick. I can't see us ever changing that.
>>
>> --
>> Don't throw away the old bucket until you know whether the new one
>> holds water. -- Swedish Proverb
>> -
>> Luke Kanies | http://reductivelabs.com | http://madstop.com
>>
>>
>>>
>>
>
> >
--
It is curious that physical courage should be so common in the world and
moral courage so rare. -- Mark Twain
-
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
So, can we officially call it a feature?
I've been avoiding using it because I thought that it was a problem
but it does get around the "can't change a variable" issue. You just
have to be *really* careful about changing it.
Trevor
On Thu, Feb 5, 2009 at 10:55, Luke Kanies wrote:
>
> On Feb 5, 2009, at 9:45 AM, Trevor Vaughan wrote:
>
>>
>> Benoit,
>>
>> If you want to globally change the value of a variable something that
>> may either be a feature or a bug(?) is to pass it through an ERB and
>> use a '!' ruby statement.
>>
>> It changes it in memory until the puppetmaster is restarted.
>>
>> I.e.
>>
>> $myvar = 'foo'
>>
>> define bar ($stupidvar = "nil" ) {
>> stupidvar = template(changeglobal.erb)
>> }
>>
>> --- changeglobal.erb ---
>>
>> <% myvar.gsub!(/^.*$/new string/) %>
>>
>> --- end ---
>>
>> It seems to work in 0.24.6, but heck if I know if it's supposed to.
>
> Heh, nice. Yeah, Puppet's call-by-value, so if you modify the value,
> the modification will stick. I can't see us ever changing that.
>
> --
> Don't throw away the old bucket until you know whether the new one
> holds water. -- Swedish Proverb
> -
> Luke Kanies | http://reductivelabs.com | http://madstop.com
>
>
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
On Feb 5, 2009, at 9:45 AM, Trevor Vaughan wrote:
>
> Benoit,
>
> If you want to globally change the value of a variable something that
> may either be a feature or a bug(?) is to pass it through an ERB and
> use a '!' ruby statement.
>
> It changes it in memory until the puppetmaster is restarted.
>
> I.e.
>
> $myvar = 'foo'
>
> define bar ($stupidvar = "nil" ) {
> stupidvar = template(changeglobal.erb)
> }
>
> --- changeglobal.erb ---
>
> <% myvar.gsub!(/^.*$/new string/) %>
>
> --- end ---
>
> It seems to work in 0.24.6, but heck if I know if it's supposed to.
Heh, nice. Yeah, Puppet's call-by-value, so if you modify the value,
the modification will stick. I can't see us ever changing that.
--
Don't throw away the old bucket until you know whether the new one
holds water. -- Swedish Proverb
-
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: "Scope" / Tags / Classes
On Feb 5, 2009, at 6:50 AM, Calimero wrote: > > Hi, > > I've stumbled across the following behavior which I don't really > understand: classes that are automatically "imported" (thanks to > modulepath, ...) are not "really/fully" included. > > If I iterate over the classes and tags variables in a template: > <% classes.each do |c| -%> > Class: <%= c %> > <% end -%> > > I won't see classes that are included but that weren't explicitly > imported. Looks like the same goes for tags. > > Is it really that way or did I miss something when writing my > manifests ? > > What's the rationale behind this ? It might just be an ordering thing - auto-imported classes certainly use exactly the same code internally that any other classes use. Check your classes.txt file on the client - I'm sure the classes are in there. We're trying to clarify some ordering issues right now. -- We are here on Earth to do good to others. What the others are here for, I don't know. -- W. H. Auden - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet && OMA-DM interoperability
On Feb 4, 2009, at 11:17 PM, Tom D. Davidson wrote: > > I'd never seen this before, so at this point Puppet definitely can't > speak OMA-DM. > > I could see the ability to do so, but someone who was an expert on > OMA- > DM would need to do the connecting. You'd probably need to push the > configs, rather than Puppet's traditional pull model, though. > > Hi Luke. > Im not understating how Puppet communicates. puppetmasterd (server) > speaks with the agent (client) using xmlprc (soon to be jason?) over > https > > what is the format of the xml payload? Currently xmlrpc over https, and the payload varies but is usually just serialized ruby objects. Future direction is REST-style https, and the payload will vary based on the content-type headers but will usually be either serialized ruby objects or exported objects (e.g., converted to json, so they're language-agnostic). > > push? from server to client? how does puppetmasterd know of agent > capabilities? Pull, from client to server. And the server does not currently have any way to respond to the client's features, other than including the client's facts during the compile process. > > still working on fitting Puppet in the bigger picture of my > project thanks for your help. -- Should I say "I believe in physics", or "I know that physics is true"? -- Ludwig Wittgenstein, On Certainty, 602. - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: mailalias ... not doing anything???
On Feb 3, 2009, at 10:14 PM, chakkerz wrote:
>
> G'day
>
> my module's init.pp:
>
> class mailaliases
> {
>if ($skip_mailaliases != "true")
>{
>mailalias
>{ "root":
> #ensure => absent,
>ensure => present,
>target => "/etc/aliases",
>recipient => "linuxroot+
> $hostn...@example.org",
>notify => Exec["newaliases"],
>}
>}
> }
>
> does nothing, my client continues to look like :
> [r...@puppetslave lenses]# grep root: /etc/aliases
> #root: marc
>
> what am i missing? from the recipes i've looked at (and the one post
> on here which i just completely failed to understand) i'm not
> gathering what the magic incantation is that's lacking.
That looks like it should work. When you run with debugging, does it
talk about rewriting the file?
--
Morgan's Second Law:
To a first approximation all appointments are canceled.
-
Luke Kanies | http://reductivelabs.com | http://madstop.com
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Log rotation and puppet clients dying
On Feb 3, 2009, at 1:01 PM, Ian Burrell wrote: > > We are having a problem with some of the puppet clients dying during > the weekly log rotation reload. We are using Centos 4 with puppet > 0.24.6. It seems to be a race condition with clients that reload when > the puppetmaster is restarting exit. The redhat logrotate script does > "/etc/init.d/puppetmaster condrestart" and "/etc/init.d/puppet > reload". Reloading puppet when the puppetmaster is stopped doesn't > seem to be a problem. My guess is that there is a period when the > puppetmaster is starting when the puppetd fails when it contacts the > server. Unfortunately, I don't see anything in the logs on the > clients. > > Has anyone seen this problem? Can you get a stack trace from the clients? The last few releases have seen us greatly reduce the number of cases where puppetd can exit on failure, and we might have already resolved the one you're seeing. I know that either 0.24.6 or 0.24.7 had a problem where if the first connection to the master failed, the client would exit. I hope that was fixed in 0.24.7, because that could mean your problem's already fixed. :) -- At my lemonade stand I used to give the first glass away free and charge five dollars for the second glass. The refill contained the antidote. -- Emo Phillips - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
Benoit,
If you want to globally change the value of a variable something that
may either be a feature or a bug(?) is to pass it through an ERB and
use a '!' ruby statement.
It changes it in memory until the puppetmaster is restarted.
I.e.
$myvar = 'foo'
define bar ($stupidvar = "nil" ) {
stupidvar = template(changeglobal.erb)
}
--- changeglobal.erb ---
<% myvar.gsub!(/^.*$/new string/) %>
--- end ---
It seems to work in 0.24.6, but heck if I know if it's supposed to.
Trevor
On Wed, Feb 4, 2009 at 14:20, benoit wrote:
>
> Hi,
>
> I was looking for a solution to change the value of a variable using
> include (http://reductivelabs.com/trac/puppet/wiki/
> CommonMisconceptions), and found an interesting solution on the kinial
> SPEC (http://reductivelabs.com/trac/puppet/wiki/KinialSpec). But I
> can't find more about this project ?
> iClassify derives from this spec, but the interesting part
> (inheritance) is not supported. So anyone has implemented kinial ?
>
> Thanks,
> Benoit
>
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Merging Directories
On Jan 29, 2009, at 4:15 PM, chakkerz wrote: > > Hello there > > I'm deploying a program which has generic and OS specific (as well as > architecture, but that's a minor issue). So in essence i'm deploying > from blah_generic/etc recursive and then blah_linux/etc . I need the > files from both operations, but was hitting some snags (I've found a > work around): As a general rule, I highly recommend against doing recursive file copies into /etc, except in rare cases where all copied files are related to the same service (e.g., copying into /etc/ssh). Instead, I recommend each file be copied by the service that uses the file. You get a couple of wins for doing this: * Your configuration file metadata is collocated with your service metadata (i.e., they're all specified in the same file) * Puppet's modules allow you to actually put the manifest and configuration file in the same module, making it easier to introspect * You don't have cross-cutting concerns where multiple services need to care about how files are copied down. If you make a service module for most/all of your configuration files, and then create classes around them to do the deployment, I think you'll find it's much easier to maintain. Yes, it's a bit more work up front, but much less in the long term. -- Ours is the age that is proud of machines that think and suspicious of men who try to. -- H. Mumford Jones - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
On Feb 5, 2009, at 4:49 AM, Benoit Decherf wrote: > On 02/05/2009 06:03 AM, Luke Kanies wrote: >> >> On Feb 4, 2009, at 1:20 PM, benoit wrote: >> >> >>> Hi, >>> >>> I was looking for a solution to change the value of a variable using >>> include (http://reductivelabs.com/trac/puppet/wiki/ >>> CommonMisconceptions), and found an interesting solution on the >>> kinial >>> SPEC (http://reductivelabs.com/trac/puppet/wiki/KinialSpec). But I >>> can't find more about this project ? >>> iClassify derives from this spec, but the interesting part >>> (inheritance) is not supported. So anyone has implemented kinial ? >>> >> As far as I know no one has implemented it, other than 90% of its >> behaviour is available if you use ldap nodes. And, actually, I think >> I've published a trival script that uses yaml storage for node >> information but still supports inheritance. I can republish if >> you're >> interested; it really is simple. >> >> > What are the 10% missing ? > Does ldap node implements multi-inheritance as describes in the > kinial spec ? Heh, well, I haven't looked at the kinial stuff in a long time, so I basically made up the 90% number. No, ldap doesn't support multiple inheritance, although it would be easy to add. Other than that, it probably does have nearly all of the functionality. It just doesn't have all of the other stuff I wanted. -- There are no such things as applied sciences, only applications of science. -- Louis Pasteur - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Proposal (what problems will puppet solve)
Zach, Chris Moates did an interesting presentation on Puppet during CPOSC a few months back. I was actually looking at his slides for a refresher the other day. You might find something useful in there as far as reasons to use Puppet. He lists quite a few and why its beneficial. You can grab a PDF of his presentation here: http://wiki.cposc.org/_media/2008:cposc2008-moates-scalableadmin.pdf Hope this helps! -- Ryan Duff web: http://www.ryanduff.net aim: ryancduff twitter: ryancduff Zach Buckholz wrote: > > This may sound like a confusing / trick question, so please bare > with me. > > What problem(s) will puppet solve? Why would I use it? > > I am trying to pitch the use of puppet in our environment and need > to follow a formal proposal model. Which means I need to start with > a problem to solve or situation to improve. > > The concept of what puppet will do needs to be explained to > non-technical business leaders. > > This is what I have come up with so far; (I wish the reductive labs > site had a wiki page for this) > > What is the problem? > Unknown configurations > Environment is not dynamic > Messy > No central model > Hard to change > No consistency > Administration overhead > Reactive instead of proactive > Unorganized > Need scripts to work with linux and solaris > Hard to scale > > Can anyone add (non-technical explanations) to the above list? > > > Zach --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] "Scope" / Tags / Classes
Hi, I've stumbled across the following behavior which I don't really understand: classes that are automatically "imported" (thanks to modulepath, ...) are not "really/fully" included. If I iterate over the classes and tags variables in a template: <% classes.each do |c| -%> Class: <%= c %> <% end -%> I won't see classes that are included but that weren't explicitly imported. Looks like the same goes for tags. Is it really that way or did I miss something when writing my manifests ? What's the rationale behind this ? Thanks! Guillaume (import !) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Overriding files specified in modules
Hi
> Can I override files specified in a module on a per-client basis?
>
> Suppose I have a module that is to be installed on a large number of
> clients, and one of the files it provides is /x/y/z. One a very small
> number of clients, that file needs to be slightly modified. What I want to
> do in the module, ideally, is something like:
>
> file { "/x/y/z":
> if (file puppet:///mymodule/$fqdn/z exists:
> source => puppet:///mymodule/$fqdn/z
> else:
> source => puppet:///mymodule/z
>
> Is there a way to achieve that?
from: http://reductivelabs.com/trac/puppet/wiki/TypeReference#file
under source:
"If you specify multiple file sources for a file, then the first
source that exists will be used. This allows you to specify what
amount to search paths for files:"
file { "/path/to/my/file":
source => [
"/nfs/files/file.$host",
"/nfs/files/file.$operatingsystem",
"/nfs/files/file"
]
}
this seems to be your solution.
cheets pete
ps: I couldn't live without that nice feature!
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Overriding files specified in modules
Can I override files specified in a module on a per-client basis?
Suppose I have a module that is to be installed on a large number of
clients, and one of the files it provides is /x/y/z. One a very small
number of clients, that file needs to be slightly modified. What I want to
do in the module, ideally, is something like:
file { "/x/y/z":
if (file puppet:///mymodule/$fqdn/z exists:
source => puppet:///mymodule/$fqdn/z
else:
source => puppet:///mymodule/z
Is there a way to achieve that?
Thanks,
Keith
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: Package conditional statement
Hi
> If this is not possible to achieve, then can the following be done with
> puppet:
>
> Make sure that the rsyslog service is NOT running, regardless of the package
> is installed or not. Using the service resource type to stop/disable a
> service gives an error if the init script doesn't exists. And I don't wish
> to run "ensure => absent" on the rsyslog package.
I think the error on an absent init script should be fixed in 0.24.6.
at least for redhat based systems.
> Please point me to the right documentation, or let me know if this is not a
> case for puppet.
>
> Btw, I see that the package resource type has some read-only parameters
> (such as status). How can these be utilized in a puppet recipe? I can't seem
> to find any documentation on this.
this would somehow sometimes be nice. However I don't think it's
possible and I event think that it isn't really needed and might lead
to many other problems, as maybe one should simply try to solve the
problem in a different way.
>> Can I use puppet conditionals to check if a package is installed/available
>> for install, and act depending on the result?
>> More precisely, this is what I'd like to do:
>>
>>1. If package rsyslog is installed or available for install, then
>>include class that configures rsyslog
>>2. Else, configure the stock sysklogd
>>
>> I'm running puppet v0.24.4.
you could write a custom fact which checks if rsyslog is avaiable to
install (which would mean that it might as well already be installed)
and then do a conditional include statement:
if $rsyslog_avaiable {
include rsyslog
} else {
include sysklogd
}
then the rsyslog class would look like:
class rsyslog {
package{'rsyslog': ensure => installed }
[...rest of your stuff...]
}
cheers pete
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---
[Puppet Users] Re: shorewall module
Hi > Does anyone have the source for a *working* shorewall module? I've > searched the list and the interwebs and it looks like a few other are > having the same problems. Namely: > > Configuration could not be instantiated: Could not find dependent Exec > [concat_/var/lib/puppet/modules/shorewall/policy.d] > > I see forks on github[1][2] and other places[3][4]. I've tried a few > but I continue to get something similar to the above error every time > (sometimes routestopped.d, sometimes policy.d). I have the common > module loaded AFAICT and the concatenated_file define seems to be > available. > > I'm running out of ideas... > Scott > --- > [1] http://github.com/duritong/puppet-shorewall/ > [2] http://github.com/puzzle/puppet-shorewall/ > [3] http://git.black.co.at/?p=module-shorewall;a=summary > [4] https://git.puppet.immerda.ch/?p=module-shorewall;a=summary as I'm involved in 1,2 and 4 I try to answer: 1 and 4 should be nearly identical, 1 is more or less just a mirror of 4. However 4 is the one which should be more uptodate. both (1,2) and 4 are active in productive environments and are working fine. the exec referenced in you're error sounds like something wrong in the common module. are you importing the common and the shorewall module on top of your site.pp? which common module are you using? I would suggest to use either david's shorewall and david's common module together, or mine combined, but not mixed up. can you further check if the common module is doing an alias on a exec in the concatenated_file that an exec named/aliased as above should be generated? these are the only problems I currently can think about. The reason while sometimes another exec might fail, is that ordering in puppet isn't always the same, if you don't define any dependecies. which aren't needed in this case. I never got any answers if people got it working in the past. Would be nice to know what the reason for your problem have been and how it could be fixed. cheers pete --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: what about kinial ?
On 02/05/2009 06:03 AM, Luke Kanies wrote: > On Feb 4, 2009, at 1:20 PM, benoit wrote: > > >> Hi, >> >> I was looking for a solution to change the value of a variable using >> include (http://reductivelabs.com/trac/puppet/wiki/ >> CommonMisconceptions), and found an interesting solution on the kinial >> SPEC (http://reductivelabs.com/trac/puppet/wiki/KinialSpec). But I >> can't find more about this project ? >> iClassify derives from this spec, but the interesting part >> (inheritance) is not supported. So anyone has implemented kinial ? >> > > As far as I know no one has implemented it, other than 90% of its > behaviour is available if you use ldap nodes. And, actually, I think > I've published a trival script that uses yaml storage for node > information but still supports inheritance. I can republish if you're > interested; it really is simple. > > What are the 10% missing ? Does ldap node implements multi-inheritance as describes in the kinial spec ? Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Package conditional statement
If this is not possible to achieve, then can the following be done with puppet: Make sure that the rsyslog service is NOT running, regardless of the package is installed or not. Using the service resource type to stop/disable a service gives an error if the init script doesn't exists. And I don't wish to run "ensure => absent" on the rsyslog package. Please point me to the right documentation, or let me know if this is not a case for puppet. Btw, I see that the package resource type has some read-only parameters (such as status). How can these be utilized in a puppet recipe? I can't seem to find any documentation on this. On 2/4/09, Kenneth Holter wrote: > > Hello list. > > > Can I use puppet conditionals to check if a package is installed/available > for install, and act depending on the result? > More precisely, this is what I'd like to do: > >1. If package rsyslog is installed or available for install, then >include class that configures rsyslog >2. Else, configure the stock sysklogd > > I'm running puppet v0.24.4. > > > Regards, > Kenneth Holter > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
