date:20090506

[Puppet Users] Tips for a new puppet setup

2009-05-06 Thread Alan Evans

Ok folks, I've read BestPractices and probably most of the wiki docs but I
am still banging my head about how to layout a new puppet deployment.
Everything is fresh, fresh repo, fresh puppet install.

We will use SVN for version control.

Here are some of my challenges.  I go back and forth on how I feel best to
solve them so I would appreciate any input.

My company manages about 200 Linux boxes mostly RHEL4 and RHEL5.  We have
four datacenters which each requires a different resolvers, ldap settings,
proxy server etc etc etc.  Additionally we have customers who sometimes have
settings that differ from that of the rest of the datacenter and further
still, host 'classes' or services, webserver, database server etc.

1. What are some good ways to organize all of this both from a file
perspective?
  Does it make sense to define defaults in classes and then override them in
datacenter classes?
i.e. resolver class has resolver::list [ '1.2.3.4' ] then a datacenter
class overrides it with Resolver::list [ '4.4.4.4' ] or maybe just append to
it.

2. What is a class and what is a module?
  classes:
datacenter
  datacenter::a
customer
  customer::one
service
  service::s_www
  service::s_sldap

  modules:
resolver
authconfig (ldap, nss_ldap)
logrotate
(basically matching the name of the package it configures)

Then a node gets a datacenter, customer and service class which rely on the
modules to make config changes.

I would like to have the option of doing things additively and not just
strictly replace values.  For example in datacenter a the resolvers might
be 1.1.1.1 and 2.2.2.2 but customer one wants to add their primary dc as the
first resolver making their resolvers 3.3.3.3, 1.1.1.1, 2.2.2.2.  But if we
update the datacenter a resolvers to 2.2.2.2, 4.4.4.4 customer one's server
in datacenter a ends up with resolvers 3.3.3.3, 2.2.2.2, 4.4.4.4.

3. How to organize subversion repo, I want to have testing and development.
  puppet/trunk - development {modules,manifests,plugins,puppet.conf,etc.}
  puppet/tags/production/{modules,manifests,plugins,puppet.conf,etc.}
  puppet/tags/testing/{modules,manifests,plugins,etc.} (no need for
puppet.conf and a few other things)

So pretend you are starting anew, what would you do differently?

Regards,
-Alan

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Puppet Reporting - ignoring reports config option?

2009-05-06 Thread Greg


Hi all,

I've gotten a fair way into implementing a pilot puppet
implementation. I have a reasonable amount of the configuration done,
and have been working on reporting.

At present, on the puppetmaster I have:

report = true -- puppetmaster is also a puppet...
reportserver = puppet
reportdir = /var/opt/csw/puppet/reports  -- Files definately being
uploaded from 2 clients.
reportfrom = i...@somewhere.com
reports = tagmail,store,log
tagmap = /etc/opt/csw/puppet/tagmail.conf

(I've chopped out the seemingly less relevant options... They are all
pretty much standard
as per puppetd --genconfig, though I have commented out the CA options
to leave them
as defaults)

in tagmail.conf I only have one line:
all: sysad...@somewhere.com

Running puppetmasterd --debug it appears to only run the 'store'
report, which of course shoves the yaml file into /var/opt/csw/puppet/
reports as its supposed to do...

Logs from puppetmasterd:
May  6 15:40:19 pmaster puppetmasterd[1802]: [ID 702911 daemon.info]
Expiring the node cache of test1
May  6 15:40:19 pmaster puppetmasterd[1802]: [ID 702911 daemon.info]
Not using expired node for test1 from cache; expired at Wed May 06
15:39:19 +1000 2009
May  6 15:40:19 pmaster puppetmasterd[1802]: [ID 702911 daemon.info]
Caching node for test1
May  6 15:40:20 pmaster puppetmasterd[1802]: [ID 702911 daemon.notice]
Compiled catalog for test1 in 1.02 seconds
May  6 15:40:54 pmaster puppetmasterd[1802]: [ID 702911 daemon.info]
Processing reports store for test1

I am guessing that Processing reports store for server indicates
which report (store) is being run, and that since I have only one log
entry that it is the only report being attempted.

I've reviewed as much of the reporting code as I can follow, but am
drawing a blank at
exactly where it reads the config option - the only Ruby I have done
is relating to
understanding Puppet...

This is all running off 0.24.7 on Solaris 10 using the latest
Blastwave packages... Any thoughts on what I'm missing would be
appreciated.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Puppet Reporting - ignoring reports config option?

2009-05-06 Thread Greg


Gah... Figured out the problem literally 5 minutes after I
posted...

Problem was that I had generated a puppet.conf using --genconfig and
forgotten to remove genconfig = true... Logs reported that the config
file
had been re-read, but obviously not true if this setting has been
left
enabled - after all --genconfig prints a config file and exits...

Obviously had I actually restarted puppetmasted I would have seen
this...

kicking self for a wasted day

Greg
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Tips for a new puppet setup

2009-05-06 Thread Greg


Alan,

One thing I found handy was to build up 2 custom facts to add into
facter: defaultroute and site.
defaultroute is used to determine which site a host is in...
Personally I found the class heirarchy
too limited since you can't inherit from multiple places... So you
would need classes like site1-webserver,
site2-webserver, site1-database, site2-database and so on... Too
annoying.

Adding in these custom facts allows you to add in config files based
on which site the node lives.
For example:

file { /etc/resolv.conf:
   source = puppet:///network/resolv.conf-$site
   owner = root, group = root, mode = 644
}

Heres the custom facts I added.
(Note: the default route is Solaris specific as I don't need to manage
any Linux boxes at my site)
(Also note: My knowledge of Ruby is *really* basic at this stage,
apologies if this code is bad)

defaultroute.rb:
Facter.add(defaultroute) do
setcode do
defroutefh = File.open(/etc/defaultrouter)
defroutefh.readline.chomp
end
end

site.rb:
Facter.add(site) do
setcode do
case Facter.value('defaultroute')
when 10.0.0.1
site1
when 10.0.0.2, 10.0.0.3
site2
else
unknown
end
end
end

Now, this makes the answer to q1 a bit easier... I have mine
modularised into groups based on what the config is about. Networking
config is in one module, sudo management in another and so on. That
way its (hopefully) more sane when you come to make changes. I guess
the granularity that you put this on is up to you.

2. I will leave this one to someone more experienced with Puppet than
me, but I use modules to group similar classes
together - kind of like a library. Its probably a very simplistic view
of things, but so far it has worked well for me...

3. My svn repository is set up as follows:

- baseline/
Main trunk - This is where most of the work gets done... Keep
your live Puppet Master config tree here...
- tags/
Contains discrete release views.
- branches/
Haven't used this yet, but I'm planning on using this for
larger changes, development work and so forth...

I'm sure I have missed out something that I'm going to need later on,
but figure its a reasonable starting point...
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] set password of root

2009-05-06 Thread 骡骡


in 1st day of each month , change passwd of root.

# vi /etc/puppet/modules/user/manifests/init.pp

class user {
exec { rootpw:
command = /usr/sbin/usermod -p $rootpw root,
onlyif = /usr/bin/test `/bin/date -d now +%d` = '01',
}
}

# vi  /etc/puppet/manifests/templates.pp
import user
node basenode {
$rootpw = Vale.com-init
include user
}



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Robin Sheat

On Wed, 06 May 2009, 骡骡 wrote:
 in 1st day of each month , change passwd of root.

 exec { rootpw:
 command = /usr/sbin/usermod -p $rootpw root,
 onlyif = /usr/bin/test `/bin/date -d now +%d` = '01',

Assuming you run puppet every 30 minutes, won't that happen ~48 times on the 
first of the month? Perhaps not too bad, but not too nice either.

-- 
Robin ro...@kallisti.net.nz JabberID: eyth...@jabber.kallisti.net.nz

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D


signature.asc
Description: This is a digitally signed message part.

[Puppet Users] Re: set password of root

2009-05-06 Thread Chad Huneycutt


I have a couple of concerns about this (at least in my environment).
First, the root password would be clearly visible (not even crypted!)
In the process listing during execution of the usermod. Second,
similarly, the root password is stored in plaintext on the
puppetmaster. Actually, would that variable be stored in each hosts
yaml cache?

Puppet has a user type that I think would be much better. I haven't
done this yet, but assuming you have installed ruby-shadow package,
you just need to specify the crypted string.

On 5/6/09, 骡骡 ken.g...@gmail.com wrote:

 in 1st day of each month , change passwd of root.

 # vi /etc/puppet/modules/user/manifests/init.pp

 class user {
   exec { rootpw:
   command = /usr/sbin/usermod -p $rootpw root,
   onlyif = /usr/bin/test `/bin/date -d now +%d` = '01',
   }
 }

 # vi  /etc/puppet/manifests/templates.pp
 import user
 node basenode {
 $rootpw = Vale.com-init
 include user
 }



 


-- 
Sent from my mobile device

Chad M. Huneycutt

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Bjørn Dyre Dyresen

2009/5/6 Chad Huneycutt chad.huneyc...@gmail.com


 I have a couple of concerns about this (at least in my environment).
 First, the root password would be clearly visible (not even crypted!)
 In the process listing during execution of the usermod. Second,
 similarly, the root password is stored in plaintext on the
 puppetmaster. Actually, would that variable be stored in each hosts
 yaml cache?

 Puppet has a user type that I think would be much better. I haven't
 done this yet, but assuming you have installed ruby-shadow package,
 you just need to specify the crypted string.


It's easy enough to just use sed in a exec to updatet the hash in shadow. I
agree that having a clear text root passord floating around is a bad idea.
That would lead it to be in the manifests, in subversion, in syslog and
probably in the yaml cache like Chad said.


Regards

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Peter Meier


Hi

 It's easy enough to just use sed in a exec to updatet the hash in shadow. I
 agree that having a clear text root passord floating around is a bad idea.
 That would lead it to be in the manifests, in subversion, in syslog and
 probably in the yaml cache like Chad said.


it's even easier to just use the password parameter of the user type and
supply an already encrypted password.

cheers pete

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Evan Hisey


On Wed, May 6, 2009 at 2:51 AM, 骡骡 ken.g...@gmail.com wrote:

 in 1st day of each month , change passwd of root.

 # vi /etc/puppet/modules/user/manifests/init.pp

 class user {
exec { rootpw:
command = /usr/sbin/usermod -p $rootpw root,
onlyif = /usr/bin/test `/bin/date -d now +%d` = '01',
}
 }

 # vi  /etc/puppet/manifests/templates.pp
 import user
 node basenode {
$rootpw = Vale.com-init
include user
 }



This just looks like a bad way to handle things. Given that you are
going to manually set the password for puppet to use any way why not
use something like this: Warning this has not been tested

class update_pw{
 user{root:
   ensure = present,
   password = generate(/opt/new_passwd.sh),
}

On the server /opt/new_passwd.sh would look like this:
#!/bin/bash
passwd=foobar
openssl passwd -crypt $passwd


This method should provide solutions to several problems with the
initial approach. You know have the password out of the manifests and
only have to secure one file. It will be handled by puppet as an
encrypted password so it will go over the wire encrypted. It will now
only change the password if the password parsed by the generate
command changes.

Evan

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Pitching puppet - how does it work question

2009-05-06 Thread LenR


I'm trying to pitch puppet to my group.  I have a test server  2
clients, things are going pretty well.  The question relates to user
password management as outlined in the recipies.  My question, if only
the hash value changes, will puppet apply that change?  Who notices
the change, the client or the server?  I need to explain how it works.

Thanks, just trying to be the salesman
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Pitching puppet - how does it work question

2009-05-06 Thread Felix Schäfer


Hi,

Am 06.05.2009 um 16:40 schrieb LenR:

 I'm trying to pitch puppet to my group.  I have a test server  2
 clients, things are going pretty well.  The question relates to user
 password management as outlined in the recipies.  My question, if only
 the hash value changes, will puppet apply that change?  Who notices
 the change, the client or the server?  I need to explain how it works.

The way I understand it, the server looks at the file when compiling  
the recipe for the client and calculates a hash value for the file.  
This hash value is the integrated in the recipe, which in turn is sent  
to the client. The client then looks at the files described in the  
recipe and checks if the hash values of the local files match the hash  
values sent by the server for those files. If they match, nothing  
happens, as the file is in the right state, if not, the client  
downloads the file from the server.

That's a least the principle. You also have some layers of caching and  
checking timestamps to see if it's even necessary to recompute a hash,  
or if you can take the hash value from a previous run, and so on.

BR,

Felix

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] FreeBSD pw user provider password management

2009-05-06 Thread Andrew Wasilczuk


Hi all,

Can someone tell me what is the reason for the pw user provider not 
supporting the password parameter?  As far as I know one can pipe an 
encrypted password string to pw and it will set it as expected.

As a workaround I'm using an exec to achieve this functionality:

define users::freebsd_user($gid, $uid, $comment, $password, $shell) {

user { $name:
ensure  = present,
comment  = $comment,
gid= $gid,
uid= $uid,
password = $password,
shell = $shell,
notify   = Exec[passwd_$name];
}

exec { passwd_$name:
path  = /bin:/sbin:/usr/bin:/usr/sbin,
command = echo '$password' | /usr/sbin/pw usermod $name -H 0,
refreshonly = true;
}
}


However it would be cleaner if the built-in type supported this.  Is 
there a technical reason why this wasn't done?


Cheers,


Andrew.

-- 
.   __/_/_  w: http://darq.com/
.  __/_/_   t: 020 7100 1447
.   / / e: supp...@darq.com


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: FreeBSD pw user provider password management

2009-05-06 Thread Peter Burkholder

Is it this issue?

http://projects.reductivelabs.com/issues/1511

You need to have ruby-shadow library and restart puppetd.

-Peter
On May 6, 2009, at 11:07 AM, Andrew Wasilczuk wrote:


 Hi all,

 Can someone tell me what is the reason for the pw user provider not
 supporting the password parameter?  As far as I know one can pipe an
 encrypted password string to pw and it will set it as expected.

 As a workaround I'm using an exec to achieve this functionality:

 define users::freebsd_user($gid, $uid, $comment, $password, $shell) {

 user { $name:
 ensure  = present,
 comment  = $comment,
 gid= $gid,
 uid= $uid,
 password = $password,
 shell = $shell,
 notify   = Exec[passwd_$name];
 }

 exec { passwd_$name:
 path  = /bin:/sbin:/usr/bin:/usr/sbin,
 command = echo '$password' | /usr/sbin/pw usermod  
 $name -H 0,
 refreshonly = true;
 }
 }


 However it would be cleaner if the built-in type supported this.  Is
 there a technical reason why this wasn't done?


 Cheers,


 Andrew.

 --
 .   __/_/_  w: http://darq.com/
 .  __/_/_   t: 020 7100 1447
 .   / / e: supp...@darq.com


 


--
Peter Burkholder
AARP | Web Strategy  Operations | 601 E Street, NW | Washington, DC  
20049
  pburkhol...@aarp.org | aim: peterbtech | ph: 202-434-3530 | cell:  
202-344-7129 |




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Bruce Richardson


On Wed, May 06, 2009 at 04:02:54PM +0200, Bj?rn Dyre Dyresen wrote:
 It's easy enough to just use sed in a exec to updatet the hash in shadow. I
 agree that having a clear text root passord floating around is a bad idea.
 That would lead it to be in the manifests, in subversion, in syslog and
 probably in the yaml cache like Chad said.

Most Linux distributions include a utility called chpasswd, which can
read username/password pairs (with the password encrypted) from stdin.
It's reasonably secure (you could, for example, push out a file with 400
permissions and then feed it to chpasswd locall6), respects login.defs
and is safer than simply running sed against the shadow file.

-- 
Bruce

Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant.  -- Roger Bacon, Doctor Mirabilis

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Automatically update host

2009-05-06 Thread Eric Gerlach


I do this using storedconfigs and virtual resources for hosts.  For example:

@@host { $hostname.private:
ip = $ipaddress_eth1,
ensure = present,
alias = $hostname
}

Host | |

What this does is when the machine first connects, it creates a virtual
resource for itself, then when another machine connects, it will realize it and
get added to the machine's /etc/hosts

Hope this helps.

Cheers,

Eric


On Thu, Apr 30, 2009 at 10:59:39AM -0700, haribole wrote:
 
 Hello Group
 
 I am trying to setup puppet so that when a new client connects to the
 server, the puppetd from the client can update a resource on the
 puppetmasted server with its IP address, fqdn and alias, so that this
 info can be distributed to all the known clients of the network.
 
 From what I understand the puppet master server would have these
 details from facter, and wonder if the above can be scripted.
 
 Thanks for any inputs.
 
 Hari
 
  

-- 
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerl...@feds.uwaterloo.ca

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Pitching Puppet - How does it work question

2009-05-06 Thread Eric Gerlach


Hi Len,

Let me take a shot at this.  I'm sure I'll be corrected if I'm wrong.

It roughly works like this:

1) Client connects to server and asks what should my configuration be?
2) Server responds with the desired configuration
3) Client then checks that configuration against what exists
4) Client fixes anything that doesn't match what the server gave it

tl;dr: If only the hash value changes, will puppet apply that change?

Yes.

Who notices the change, the client or the server?

Mu.  (It's kinda both)

Cheers,

Eric

On Tue, May 05, 2009 at 08:48:34PM -0500, Len Rugen wrote:
 I'm trying to pitch puppet to my group.  I have a test server  2 clients,
 things are going pretty well.  The question relates to user password
 management as outlined in the recipies.  My question, if only the hash value
 changes, will puppet apply that change?  Who notices the change, the client
 or the server?
 
 Thanks, just trying to be the salesman
 
  

-- 
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerl...@feds.uwaterloo.ca

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Marcin Owsiany


On Wed, May 06, 2009 at 09:24:41AM -0500, Evan Hisey wrote:
 openssl passwd -crypt $passwd
[...]
 encrypted password so it will go over the wire encrypted. It will now

But it will still show up unencrypted in processlist.

-- 
Marcin Owsiany mar...@owsiany.pl  http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
Every program in development at MIT expands until it can read mail.
  -- Unknown

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Marcin Owsiany


On Wed, May 06, 2009 at 04:02:54PM +0200, Bjørn Dyre Dyresen wrote:
 2009/5/6 Chad Huneycutt chad.huneyc...@gmail.com
 
 
  I have a couple of concerns about this (at least in my environment).
  First, the root password would be clearly visible (not even crypted!)
  In the process listing during execution of the usermod. Second,
  similarly, the root password is stored in plaintext on the
  puppetmaster. Actually, would that variable be stored in each hosts
  yaml cache?
 
  Puppet has a user type that I think would be much better. I haven't
  done this yet, but assuming you have installed ruby-shadow package,
  you just need to specify the crypted string.
 
 
 It's easy enough to just use sed in a exec to updatet the hash in shadow.

Sounds like a recipe for a race condition :-/

-- 
Marcin Owsiany mar...@owsiany.pl  http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
Every program in development at MIT expands until it can read mail.
  -- Unknown

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Bruce Richardson


On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
 
  But it will still show up unencrypted in processlist.
 
 Only on the puppetmaster server, and this would happen no matter how
 you generate the password encryption.

Not true.  There are several utilities that can read from stdin or a
file to generate an encrypted passwrd, like mkpasswd.

-- 
Bruce

Remember you're a Womble.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Evan Hisey


On Wed, May 6, 2009 at 2:25 PM, Bruce Richardson itsbr...@workshy.org wrote:

 On Wed, May 06, 2009 at 02:02:42PM -0500, Evan Hisey wrote:
 
  But it will still show up unencrypted in processlist.
 
 Only on the puppetmaster server, and this would happen no matter how
 you generate the password encryption.

 Not true.  There are several utilities that can read from stdin or a
 file to generate an encrypted passwrd, like mkpasswd.

 --
 Bruce
I was thinking about scripted creation of passwords. If you used
mkpasswd in place of oppenssl in the script it would still show up in
the list. Openssl also takes sdtin as an option. You could probably
put a lot of extra work in place and get a completely encrypted
automate path of creation. But if you need that level of protection on
a puppetmaster server then you would be best served  by manual
creation anyway. That may be best practice, on further though. Using
generate and an external file to hold the encrypted password, saves
the headache of version controlling old passwords. That way if you
have to roll back for some reason you do not accidentally rollback the
password.

Evan

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Ryan Dooley


Chad Huneycutt wrote:
 I am not sure everyone is on the same page:
 
 1. you don't want to have the root password (encrypted or not) showing
 up in the process listing of your clients.

Well, this is a policy/philosophy issue.  The question is what is an
acceptable risk for your environment?  Is it okay to have the root
password managed by puppet?  Should puppet manage any users password?

If the answer to that question is puppet should in no way manage a
password because that password is stored on disk and potentially
displayed in the process list or in a yaml file, then really you've
deleted this thread and moved on :)

I absolutely agree there are other and better ways to manage the root
password.  Heck disable the root account in its entirety and create a
proper process and policy to grant access if an SA or data center
support individual who might need access.  Or build your environment
with enough redundancy so that if a machine begins to fail it is easier
to just completely reinstall instead of diagnosing a dead machine and
never login as root.

 2. even if you are generating the password on the master, it is going
 to show up in the yaml on the client, and if that is the case, it
 would seem to me that puppet's user type would be a much more
 logical and explicit place to set it.

Doesn't the users password still exist under the user type params in
localconfig.yaml?  Not really that more secure.

 If you want puppet to manage the password, I don't think it gets any
 more secure than the user type.  I guess if you had multiple admins
 writing manifests, and you were trying to prevent them from seeing the
 encrypted string, you could store it in a file that the puppetmaster
 could read (and they could not), distribute that file via the file
 type, and then use something like chpasswd to read the file, but
 that's really only more obscure rather than secure (the manifest
 writer could just pull down the file and chown it to themselves...).

Again, this is a matter of policy, process or philosophy and what is
best for your environment.

Cheers,
Ryan

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Starting a (SMF) service on Solaris with Puppet

2009-05-06 Thread Jim Pirzyk


I believe you do not need

start = true

you may need to set the name though:

name = 'svc:/network/postfix:default'

unless 'svcadm enable postfix' works as is (I do not have postfix on  
my servers, but I can do 'svcadm enable smtp'


The enable = true means to execute the 'svcadm enable $name'

- JimP

On May 6, 2009, at 9:36 PM, Don Jackson wrote:



Hello,

I am a puppet newbie, I got a puppetmaster running on my network, and
puppetd is installed and run on new servers.

I am trying to get puppet to start postfix on a Solaris server.

The postfix package was previously installed (via jumpstart).

When the system first comes up, if I type

svcadm enable svc:/network/postfix:default

then postfix starts and runs fine.  But I want puppet to do that for
me automatically.

Here is what I put in my manifest file:

file { password:
 name = /etc/passwd,
 owner = root,
 group = $operatingsystem ? {
   OpenBSD = wheel,
   Solaris = sys,
 },
 mode = 644,
}

node 'solaristest.clark-communications.com' {
  service { postfix:
  enable = true,
  start = true,
  ensure = running,
  }
}

But that doesn't seem to work, here is what puppetd says:

/opt/csw/bin/puppetd --no-daemonize --debug
debug: Creating default schedules
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/public_keys]: Autorequiring File[/etc/opt/csw/
puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
File[/var/opt/csw/puppet/lib]: Autorequiring File[/var/opt/csw/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
File[/etc/opt/csw/puppet/ssl]: Autorequiring File[/etc/opt/csw/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/private_keys/solaristest.clark-
communications.com.pem]: Autorequiring File[/etc/opt/csw/puppet/ssl/
private_keys]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/certs]: Autorequiring File[/etc/opt/csw/puppet/
ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
File[/var/opt/csw/puppet/state/classes.txt]: Autorequiring File[/var/
opt/csw/puppet/state]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/private]: Autorequiring File[/etc/opt/csw/
puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/private_keys]: Autorequiring File[/etc/opt/csw/
puppet/ssl]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
File[/var/opt/csw/puppet/state/state.yaml]: Autorequiring File[/var/
opt/csw/puppet/state]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
File[/var/opt/csw/puppet/state]: Autorequiring File[/var/opt/csw/ 
puppet]

debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
File[/var/opt/csw/puppet/log]: Autorequiring File[/var/opt/csw/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/certs/solaristest.clark-
communications.com.pem]: Autorequiring File[/etc/opt/csw/puppet/ssl/
certs]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
File[/var/opt/csw/puppet/run]: Autorequiring File[/var/opt/csw/puppet]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
File[/

etc/opt/csw/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/opt/csw/
puppet/ssl/certs]
debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
File[/etc/opt/csw/puppet/puppet.conf]: Autorequiring File[/etc/opt/ 
csw/

puppet]
debug: Finishing transaction 69170270 with 0 changes
notice: Starting Puppet client version 0.24.8
debug: Loaded state in 0.00 seconds
debug: Retrieved facts in 3.09 seconds
debug: Retrieving catalog
debug: Calling puppetmaster.getconfig
debug: Retrieved catalog in 0.35 seconds
debug: Puppet::Type::Service::ProviderGentoo: file /sbin/rc-update
does not exist
debug: Puppet::Type::Service::ProviderDebian: file /usr/sbin/update-
rc.d does not exist
debug: Puppet::Type::Service::ProviderRunit: file /usr/bin/sv does not
exist
debug: Puppet::Type::Service::ProviderDaemontools: file /usr/bin/svc
does not exist
debug: Puppet::Type::Service::ProviderRedhat: file /sbin/service does
not exist
debug: Puppet::Type::Service::ProviderLaunchd: file /bin/launchctl
does not exist
debug: Creating default schedules
debug: Finishing transaction 74131070 with 0 changes
info: Caching catalog at /var//opt/csw/puppet/state/localconfig.yaml
notice: Starting catalog run
debug: Loaded state in 0.00 seconds
debug: Puppet::Type::Service::ProviderSmf: Executing '/usr/bin/svcs -l
postfix'
debug: Puppet::Type::Service::ProviderSmf: Executing '/usr/bin/svcs -l

[Puppet Users] Re: set password of root

2009-05-06 Thread 骡骡


Thank you !  I find my problem ! I will modify the module with user
type.

On May 6, 9:54 pm, Chad Huneycutt chad.huneyc...@gmail.com wrote:
 I have a couple of concerns about this (at least in my environment).
 First, the root password would be clearly visible (not even crypted!)
 In the process listing during execution of the usermod. Second,
 similarly, the root password is stored in plaintext on the
 puppetmaster. Actually, would that variable be stored in each hosts
 yaml cache?

 Puppet has a user type that I think would be much better. I haven't
 done this yet, but assuming you have installed ruby-shadow package,
 you just need to specify the crypted string.

 On 5/6/09, 骡骡 ken.g...@gmail.com wrote:





  in 1st day of each month , change passwd of root.

  # vi /etc/puppet/modules/user/manifests/init.pp

  class user {
 exec { rootpw:
 command = /usr/sbin/usermod -p $rootpw root,
 onlyif = /usr/bin/test `/bin/date -d now +%d` = '01',
 }
  }

  # vi  /etc/puppet/manifests/templates.pp
  import user
  node basenode {
  $rootpw = Vale.com-init
  include user
  }

 --
 Sent from my mobile device

 Chad M. Huneycutt
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Has anyone tried Puppet under Ruby 1.9?

2009-05-06 Thread neerolyte


 josb has provided a 1.9 compatibility patch, but we stupidly have not
 merged it in yet.

 It'll be in 0.25, though.

Where can we find this patch?

Or alternatively is 0.25 coming out fairly soon?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Pitching Puppet - How does it work question

2009-05-06 Thread Andrew Shafer

When you say the hash value changed, do you mean on the puppetmaster?

In the most used Puppet setup, the master compiles the config for each
client, and the client synchronizes the resources.

'Noticed' is a little ambiguous, and I might be misinterpreting, but the
client is what is going to compare the current state of the system with the
compiled config.

Does that answer the question?




On Tue, May 5, 2009 at 7:48 PM, Len Rugen lenru...@gmail.com wrote:

 I'm trying to pitch puppet to my group.  I have a test server  2 clients,
 things are going pretty well.  The question relates to user password
 management as outlined in the recipies.  My question, if only the hash value
 changes, will puppet apply that change?  Who notices the change, the client
 or the server?

 Thanks, just trying to be the salesman

 


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: set password of root

2009-05-06 Thread Chad Huneycutt


2009/5/6 Ryan Dooley ryan.doo...@gmail.com:

 Chad Huneycutt wrote:
 I am not sure everyone is on the same page:

 1. you don't want to have the root password (encrypted or not) showing
 up in the process listing of your clients.

 Well, this is a policy/philosophy issue.  The question is what is an
 acceptable risk for your environment?  Is it okay to have the root
 password managed by puppet?  Should puppet manage any users password?

 If the answer to that question is puppet should in no way manage a
 password because that password is stored on disk and potentially
 displayed in the process list or in a yaml file, then really you've
 deleted this thread and moved on :)

I would argue that displaying the password in the process list is in a
separate class from having it stored locally on the disk, since even
unprivileged users could trivially capture it, which was really my
only point.  Just good practice to avoid that as there are lots of
possible alternatives.


 I absolutely agree there are other and better ways to manage the root
 password.  Heck disable the root account in its entirety and create a
 proper process and policy to grant access if an SA or data center
 support individual who might need access.  Or build your environment
 with enough redundancy so that if a machine begins to fail it is easier
 to just completely reinstall instead of diagnosing a dead machine and
 never login as root.

I really considered this.  Why even have a root password?  We can
reboot into a rescue environment in the worst case.  In the end, the
most compelling argument for keeping the root password was to be able
to do forensics on a live, compromised box without having to reboot
(open, academic environment here, so it happens).  Convenience (for
problems during boot, etc.) came in a close second, though :)

 2. even if you are generating the password on the master, it is going
 to show up in the yaml on the client, and if that is the case, it
 would seem to me that puppet's user type would be a much more
 logical and explicit place to set it.

 Doesn't the users password still exist under the user type params in
 localconfig.yaml?  Not really that more secure.

Indeed.  My point was not that it was more secure, just that it was
more logical and explicit.  As long as the string is going to be in
the yaml anyway, might as well do it the puppet way.


-- 
Chad M. Huneycutt

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~--~~~~--~~--~--~---

[Puppet Users] Re: Starting a (SMF) service on Solaris with Puppet

2009-05-06 Thread Don Jackson



On May 6, 2009, at 6:47 PM, Jim Pirzyk wrote:

 I believe you do not need

   start = true

 you may need to set the name though:

   name = 'svc:/network/postfix:default'

 unless 'svcadm enable postfix' works as is (I do not have postfix on  
 my servers, but I can do 'svcadm enable smtp'

 The enable = true means to execute the 'svcadm enable $name'

I implemented both your suggestions, and it worked!

Thank you!

Don


 Hello,

 I am a puppet newbie, I got a puppetmaster running on my network, and
 puppetd is installed and run on new servers.

 I am trying to get puppet to start postfix on a Solaris server.

 The postfix package was previously installed (via jumpstart).

 When the system first comes up, if I type

  svcadm enable svc:/network/postfix:default

 then postfix starts and runs fine.  But I want puppet to do that for
 me automatically.

 Here is what I put in my manifest file:

 file { password:
name = /etc/passwd,
owner = root,
group = $operatingsystem ? {
  OpenBSD = wheel,
  Solaris = sys,
},
mode = 644,
 }

 node 'solaristest.clark-communications.com' {
 service { postfix:
 enable = true,
 start = true,
 ensure = running,
 }
 }

 But that doesn't seem to work, here is what puppetd says:

 /opt/csw/bin/puppetd --no-daemonize --debug
 debug: Creating default schedules
 debug: Failed to load library 'shadow' for feature 'libshadow'
 debug: Failed to load library 'ldap' for feature 'ldap'
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/public_keys]: Autorequiring File[/etc/opt/csw/
 puppet/ssl]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
 File[/var/opt/csw/puppet/lib]: Autorequiring File[/var/opt/csw/ 
 puppet]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
 File[/etc/opt/csw/puppet/ssl]: Autorequiring File[/etc/opt/csw/ 
 puppet]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/private_keys/solaristest.clark-
 communications.com.pem]: Autorequiring File[/etc/opt/csw/puppet/ssl/
 private_keys]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/certs]: Autorequiring File[/etc/opt/csw/ 
 puppet/
 ssl]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
 File[/var/opt/csw/puppet/state/classes.txt]: Autorequiring File[/var/
 opt/csw/puppet/state]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/private]: Autorequiring File[/etc/opt/csw/
 puppet/ssl]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/private_keys]: Autorequiring File[/etc/opt/ 
 csw/
 puppet/ssl]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
 File[/var/opt/csw/puppet/state/state.yaml]: Autorequiring File[/var/
 opt/csw/puppet/state]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
 File[/var/opt/csw/puppet/state]: Autorequiring File[/var/opt/csw/ 
 puppet]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
 File[/var/opt/csw/puppet/log]: Autorequiring File[/var/opt/csw/ 
 puppet]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/certs/solaristest.clark-
 communications.com.pem]: Autorequiring File[/etc/opt/csw/puppet/ssl/
 certs]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[main]/
 File[/var/opt/csw/puppet/run]: Autorequiring File[/var/opt/csw/ 
 puppet]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[ssl]/ 
 File[/
 etc/opt/csw/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/opt/ 
 csw/
 puppet/ssl/certs]
 debug: /Settings[/etc//opt/csw/puppet/puppet.conf]/Settings[puppetd]/
 File[/etc/opt/csw/puppet/puppet.conf]: Autorequiring File[/etc/opt/ 
 csw/
 puppet]
 debug: Finishing transaction 69170270 with 0 changes
 notice: Starting Puppet client version 0.24.8
 debug: Loaded state in 0.00 seconds
 debug: Retrieved facts in 3.09 seconds
 debug: Retrieving catalog
 debug: Calling puppetmaster.getconfig
 debug: Retrieved catalog in 0.35 seconds
 debug: Puppet::Type::Service::ProviderGentoo: file /sbin/rc-update
 does not exist
 debug: Puppet::Type::Service::ProviderDebian: file /usr/sbin/update-
 rc.d does not exist
 debug: Puppet::Type::Service::ProviderRunit: file /usr/bin/sv does  
 not
 exist
 debug: Puppet::Type::Service::ProviderDaemontools: file /usr/bin/svc
 does not exist
 debug: Puppet::Type::Service::ProviderRedhat: file /sbin/service does
 not exist
 debug: Puppet::Type::Service::ProviderLaunchd: file /bin/launchctl
 does not exist
 debug: Creating default schedules
 debug: Finishing transaction 74131070 with 0 changes
 info: Caching catalog at /var//opt/csw/puppet/state/localconfig.yaml
 notice: Starting catalog run
 debug: Loaded state in 0.00 seconds

[Puppet Users] Tips for a new puppet setup

[Puppet Users] Puppet Reporting - ignoring reports config option?

[Puppet Users] Re: Puppet Reporting - ignoring reports config option?

[Puppet Users] Re: Tips for a new puppet setup

[Puppet Users] set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Pitching puppet - how does it work question

[Puppet Users] Re: Pitching puppet - how does it work question

[Puppet Users] FreeBSD pw user provider password management

[Puppet Users] Re: FreeBSD pw user provider password management

[Puppet Users] Re: set password of root

[Puppet Users] Re: Automatically update host

[Puppet Users] Re: Pitching Puppet - How does it work question

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: set password of root

[Puppet Users] Re: Starting a (SMF) service on Solaris with Puppet

[Puppet Users] Re: set password of root

[Puppet Users] Re: Has anyone tried Puppet under Ruby 1.9?

[Puppet Users] Re: Pitching Puppet - How does it work question

[Puppet Users] Re: set password of root

[Puppet Users] Re: Starting a (SMF) service on Solaris with Puppet

28 matches

Site Navigation

Mail list logo

Footer information