[Puppet Users] Re: Puppet Camp Oct 1-2 at SFSU
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Schmitt wrote: > > I'm currently trying to re-activate the PuppetCommonModules[1] project > in redmine and seed it with some of my modules from > http://git.black.co.at/. I've already got positive feedback on the IRC > channel, just trying[2] to get Luke on the phone to get the "official" > side licked. I had a chat with Luke and he was supportive of the idea and I also think its a way cool move. I've also started thinking about a way to deploy the modules (welcome input here too) once we've got a central home for them and some further agreements on standardisation - many platforms/distro support in one module for example. For everyone's interest: http://reductivelabs.com/trac/puppet/wiki/ModuleStandards This documents the current thinking around standards - it's very early stages and needs more input and consensus. > Meanwhile I'm also trying to merge the various forks and advancements of > the modules. The first batch of modules can be seen on my github > account[3]. I look forward to all the people who manage module collections putting in their ten cents of approach and design. Woot! Bring on the merge fest! Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKMfy99hTGvAxC30ARAkqMAKDYUqAbMp7r3EIJ59fBaBxMkXmi5gCg0D0h 8rL0gk3VPIxI+4IgGbgt/W4= =/C9h -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Variables in definitions
DrKJam schrieb: > Hi, > > A quick "Hello" to every as this is my first post on the Puppet Users group. > > I had some training with Teyo in London recently and am busy > evaluating Puppet to replace a config engine developed for internal > use at my company. > > Question: Is it possible to refer to variables declared inside > realised definitions? > > Here's a basic example of how to refer to variables defined inside the > scope of a class that is not your own :- > > test.pp > -- > class foo { > $bar = 'baz' > } > include foo > notice("$foo::bar") > > output :- > -- > notice: Scope(Class[main]): baz > > Is there any equivalent syntax for definitions along the lines of :- > > $foo['somename']::bar > > Is it possible to do something similar with definitions or is this > just abuse of Puppet principles ;-) Currently this is not possible. > Basically what I'm trying to achieve is the set up of a bunch of > scopes with variables in them. These are then combined in various ways > to configure multiple instances of an application on a individual > system (of which there may be many). > > It's proving to be tougher than I thought ;-) > > Any thoughts or suggestions on the direction I could take from here? That's a tough question to answer without actually seeing your specific requirements. The common way would be to create a define representing application instances and using this define to setup instances: | define application($path1, $path2, $param1, $param2) { ... } Regards, DavidS -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Camp Oct 1-2 at SFSU
Hi David, *! David Lutterkort schrieb: > On Wed, 2009-06-10 at 16:59 +0100, Matt wrote: >> A few things from the top of my head: >> >> 1) What people have done in regard to node management, as well as >> dealing with nodes that do not have static DNS names such as when >> using Ec2. >> 2) Success/failures on scaling puppet out to n clients >> 3) How it's been incorporated in to development, operations, and >> infrastructure environments > > I'd be very interested in hearing anything about module reuse, both > within organizations, and from the various repos out there. Both > successes, and even more failures. In a similar vein, anything about > attempts at using modules to provide simplified config building blocks > to others. > > Maybe an in-person meeting would be a good opportunity to revive the > 'grand unified puppet module repo' idea that has been out there for a > while, but never really taken off. > > BTW, I will definitely attend if I am in town (there's a very small > chance that I might not be) I'm currently trying to re-activate the PuppetCommonModules[1] project in redmine and seed it with some of my modules from http://git.black.co.at/. I've already got positive feedback on the IRC channel, just trying[2] to get Luke on the phone to get the "official" side licked. Meanwhile I'm also trying to merge the various forks and advancements of the modules. The first batch of modules can be seen on my github account[3]. Regards, DavidS [1] http://projects.reductivelabs.com/projects/pcm [2] holidays on both sides of the pond made that a bit difficult lately ;) [3] http://github.com/DavidS -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 10:09 PM, Asif Iqbal wrote: > On Thu, Jun 11, 2009 at 7:01 PM, Luke Kanies wrote: >> >> On Jun 11, 2009, at 5:58 PM, Asif Iqbal wrote: >> >>> >>> On Thu, Jun 11, 2009 at 6:47 PM, Luke Kanies wrote: On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: > > On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies > wrote: >> >> On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: >> >>> In my puppet client I have >>> puppet.conf defined puppet server as mypuppet >>> >>> server = mypuppet.example.net >>> >>> Not sure why the puppet client puppet-test is still sending these >>> noises to the syslog >>> >>> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 >>> daemon.error] >>> Could not find server : getaddrinfo: node name or service name not >>> known >>> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 >>> daemon.error] >>> Could not request certificate: Certificate retrieval failed: Could >>> not >>> find server puppet >>> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >>> daemon.notice] >>> Starting catalog run >>> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >>> daemon.notice] >>> Finished catalog run in 0.03 seconds >>> >>> Am I hitting a but? >> >> >> Almost every time I've seen this it's a problem with a filebucket >> -- >> do you have a server-side filebucket specified to use 'puppet'? > > my puppetmaster is a ubuntu server and I do not see anything > in /var/lib/puppet/bucket dir. Is that what you are asking? sorry > I am > a puppet newbie Look for a 'filebucket' resource in your manifests. >>> >>> nothing there in puppet master >>> >>> # /etc/puppet/manifests# ls >>> classes site.pp site.pp.orig >> >> What's the output of 'grep -r filebucket *' in that directory? > > > # /etc/puppet/manifests# grep -r filebucket * > # > > Nothing found Also I am not seeing the error on puppet-test the puppet clients syslog anymore. # less /var/adm/messages [..] Jun 10 13:52:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:52:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet [...] # # date Thu Jun 11 22:12:17 EDT 2009 Jun 10 13:52:23 was the last time I saw that error No idea what changed. Oh well, at least the noise is not there anymore Thanks for your help > >> >> -- >> The people who are regarded as moral luminaries are those who forego >> ordinary pleasures themselves and find compensation in interfering >> with the pleasures of others. -- Bertrand Russell >> - >> Luke Kanies | http://reductivelabs.com | http://madstop.com >> >> >> >> >> > > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 7:01 PM, Luke Kanies wrote: > > On Jun 11, 2009, at 5:58 PM, Asif Iqbal wrote: > >> >> On Thu, Jun 11, 2009 at 6:47 PM, Luke Kanies wrote: >>> >>> On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: >>> On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies wrote: > > On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: > >> In my puppet client I have >> puppet.conf defined puppet server as mypuppet >> >> server = mypuppet.example.net >> >> Not sure why the puppet client puppet-test is still sending these >> noises to the syslog >> >> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 >> daemon.error] >> Could not find server : getaddrinfo: node name or service name not >> known >> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 >> daemon.error] >> Could not request certificate: Certificate retrieval failed: Could >> not >> find server puppet >> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >> daemon.notice] >> Starting catalog run >> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >> daemon.notice] >> Finished catalog run in 0.03 seconds >> >> Am I hitting a but? > > > Almost every time I've seen this it's a problem with a filebucket > -- > do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie >>> >>> Look for a 'filebucket' resource in your manifests. >> >> nothing there in puppet master >> >> # /etc/puppet/manifests# ls >> classes site.pp site.pp.orig > > What's the output of 'grep -r filebucket *' in that directory? # /etc/puppet/manifests# grep -r filebucket * # Nothing found > > -- > The people who are regarded as moral luminaries are those who forego > ordinary pleasures themselves and find compensation in interfering > with the pleasures of others. -- Bertrand Russell > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Managing content of state.yaml
Hi all, I have a tidy block set up to clean up old Puppet reports (older than 1 month). One side effect of this is that every file that is removed gets added into the state.yaml file. On a small scale this is not a bad thing - it keeps track of what's been culled, etc... On a larger scale (ie. Tidy is cleaning a lot of files with different filenames) the state.yaml file will grow and grow. This whole state file is read in on a regular basis by the Puppet daemon. Its probably a small one for most people, but in theory it is a persistent memory leak. What is the general best practice for managing Puppet state/config databases? Greg --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Another Redundant Puppet Master Servers Thread
Sounds sensible and straight forward. Thanks for that! chakkerz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Camp Oct 1-2 at SFSU
On Wed, 2009-06-10 at 16:59 +0100, Matt wrote: > A few things from the top of my head: > > 1) What people have done in regard to node management, as well as > dealing with nodes that do not have static DNS names such as when > using Ec2. > 2) Success/failures on scaling puppet out to n clients > 3) How it's been incorporated in to development, operations, and > infrastructure environments I'd be very interested in hearing anything about module reuse, both within organizations, and from the various repos out there. Both successes, and even more failures. In a similar vein, anything about attempts at using modules to provide simplified config building blocks to others. Maybe an in-person meeting would be a good opportunity to revive the 'grand unified puppet module repo' idea that has been out there for a while, but never really taken off. BTW, I will definitely attend if I am in town (there's a very small chance that I might not be) David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Another Redundant Puppet Master Servers Thread
2009/6/11 chakkerz : > Which leads to my two questions: > 1) how do i keep the certs on both prod hosts ? I assume they ID the > host uniquely, so just copying them across is not the way forward, > though i'm planning to use some sort of IP failover between the two > prod hosts, and i'm thinking signing against the shared IP may be > sufficient (have not tried). So, you don't need the client certs on any puppetmaster. All that is important is that the client trusts the master's cert, and that the master trusts the client's cert. Probably the easiest way of doing that is (1) just putting the same cert on both puppetmasters, or (2) including the contents of both ca.pem on all hosts, and lastly (3) creating a rootCA that all parties trust and just sign all the keys accordingly. And also fwiw, the host is only identified by its FQDN by default - its the CN in the cert. > 2) has anyone used puppet with IP failover ? My Red Hat Cluster Suite > nodes are currently intent on upsetting me so i'm inclined not to go > that way, rather i'm considering ucarp. Regardless, has anyone tried > puppet + IP failover? We did it in active-active with load balancers, which could have easily been active-passive. Its just a simple web service from the perspective of high availability. When the move to REST is complete it'll be even more simple. > I guess there is a 3: is there a way of just specifying two hosts in > the config (and what does that mean to certificates)? No, I assume the thought being high availability would be handled outside of the client. This has come up a few times now though... I think I'd rather see ordered A or SRV RRs. .r' --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
Aha! Excellent. Reference: http://reductivelabs.com/trac/puppet/wiki/ReportsAndReporting I haven't played with this piece of puppet yet, but will do so now. Thanks, Pete On Thu, Jun 11, 2009 at 3:55 PM, Luke Kanies wrote: > > On Jun 11, 2009, at 5:52 PM, Pete Emerson wrote: > > > Hrm, I'm running it with --foreground so that I know when it's > > complete, and I'm getting these execution expired messages, which I > > took to mean that puppetrun already has some sort of internal > > timeout mechanism. Is that not the case? > > > > I guess an alternative would be to run with --no-foreground. If I do > > that, is there a way to query host and see when it's last successful > > update was, in order to show that the changes have been completed? > > > > If that doesn't work, then I guess I'd have to ssh to each box and > > run puppetd there and wait for it to finish. > > I'd recommend using reports from the client to figure out when it's > done. > > -- > The truth is that there is nothing noble in being superior to somebody > else. The only real nobility is in being superior to your former self. > -- Whitney Young > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Jun 11, 2009, at 5:58 PM, Asif Iqbal wrote: > > On Thu, Jun 11, 2009 at 6:47 PM, Luke Kanies wrote: >> >> On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: >> >>> >>> On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies >>> wrote: On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: > In my puppet client I have > puppet.conf defined puppet server as mypuppet > > server = mypuppet.example.net > > Not sure why the puppet client puppet-test is still sending these > noises to the syslog > > Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 > daemon.error] > Could not find server : getaddrinfo: node name or service name not > known > Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 > daemon.error] > Could not request certificate: Certificate retrieval failed: Could > not > find server puppet > Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 > daemon.notice] > Starting catalog run > Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 > daemon.notice] > Finished catalog run in 0.03 seconds > > Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? >>> >>> my puppetmaster is a ubuntu server and I do not see anything >>> in /var/lib/puppet/bucket dir. Is that what you are asking? sorry >>> I am >>> a puppet newbie >> >> Look for a 'filebucket' resource in your manifests. > > nothing there in puppet master > > # /etc/puppet/manifests# ls > classes site.pp site.pp.orig What's the output of 'grep -r filebucket *' in that directory? -- The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others. -- Bertrand Russell - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 6:47 PM, Luke Kanies wrote: > > On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: > >> >> On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies wrote: >>> >>> On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: >>> In my puppet client I have puppet.conf defined puppet server as mypuppet server = mypuppet.example.net Not sure why the puppet client puppet-test is still sending these noises to the syslog Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not find server : getaddrinfo: node name or service name not known Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] Could not request certificate: Certificate retrieval failed: Could not find server puppet Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Starting catalog run Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] Finished catalog run in 0.03 seconds Am I hitting a but? >>> >>> >>> Almost every time I've seen this it's a problem with a filebucket -- >>> do you have a server-side filebucket specified to use 'puppet'? >> >> my puppetmaster is a ubuntu server and I do not see anything >> in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am >> a puppet newbie > > Look for a 'filebucket' resource in your manifests. nothing there in puppet master # /etc/puppet/manifests# ls classes site.pp site.pp.orig > > -- > Debugging is twice as hard as writing the code in the first place. > Therefore, if you write the code as cleverly as possible, you are, by > definition, not smart enough to debug it. > -- (attributed to) Brian W. Kernighan (unconfirmed) > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
On Jun 11, 2009, at 5:52 PM, Pete Emerson wrote: > Hrm, I'm running it with --foreground so that I know when it's > complete, and I'm getting these execution expired messages, which I > took to mean that puppetrun already has some sort of internal > timeout mechanism. Is that not the case? > > I guess an alternative would be to run with --no-foreground. If I do > that, is there a way to query host and see when it's last successful > update was, in order to show that the changes have been completed? > > If that doesn't work, then I guess I'd have to ssh to each box and > run puppetd there and wait for it to finish. I'd recommend using reports from the client to figure out when it's done. -- The truth is that there is nothing noble in being superior to somebody else. The only real nobility is in being superior to your former self. -- Whitney Young - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
Hrm, I'm running it with --foreground so that I know when it's complete, and I'm getting these execution expired messages, which I took to mean that puppetrun already has some sort of internal timeout mechanism. Is that not the case? I guess an alternative would be to run with --no-foreground. If I do that, is there a way to query host and see when it's last successful update was, in order to show that the changes have been completed? If that doesn't work, then I guess I'd have to ssh to each box and run puppetd there and wait for it to finish. Pete On Thu, Jun 11, 2009 at 8:55 AM, Luke Kanies wrote: > > On Jun 8, 2009, at 4:39 PM, Pete Emerson wrote: > > > I'm using puppet 0.24.7-4. I have a situation where I have some very > > long running puppet runs in order to do upgrades (removing > > applications from load balancers gracefully, et cetera). > > > > My puppet runs triggered via puppetrun are finishing successfully: > > > > Jun 8 20:31:29 puppetd[10178]: Finished catalog run in 345.18 seconds > > > > Puppetrun itself is timing out: > > > > err: Connection timeout calling puppetrunner.run: execution expired > > Host myhost failed: Connection Timeout > > myhost finished with exit code 2 > > > > I'm calling puppetrun with --foreground: puppetrun --host=myhost -- > > host=myhost2 --host=myhost3 --foreground --parallel > > > > However, I don't see anything in the puppetrun doco that hints at > > setting the execution exiry time. Any suggestions? > > > I'd run with --no-foreground. Or, modify puppetrun to have a timeout? > > -- > It's impossible to foresee the consequences of being clever. > -- Christopher Strachey > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Jun 11, 2009, at 11:36 AM, Asif Iqbal wrote: > > On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies wrote: >> >> On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: >> >>> In my puppet client I have >>> puppet.conf defined puppet server as mypuppet >>> >>> server = mypuppet.example.net >>> >>> Not sure why the puppet client puppet-test is still sending these >>> noises to the syslog >>> >>> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] >>> Could not find server : getaddrinfo: node name or service name not >>> known >>> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] >>> Could not request certificate: Certificate retrieval failed: Could >>> not >>> find server puppet >>> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >>> daemon.notice] >>> Starting catalog run >>> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 >>> daemon.notice] >>> Finished catalog run in 0.03 seconds >>> >>> Am I hitting a but? >> >> >> Almost every time I've seen this it's a problem with a filebucket -- >> do you have a server-side filebucket specified to use 'puppet'? > > my puppetmaster is a ubuntu server and I do not see anything > in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am > a puppet newbie Look for a 'filebucket' resource in your manifests. -- Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- (attributed to) Brian W. Kernighan (unconfirmed) - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
Rene wrote: > Does anybody know the status of that patch? > It's pushed and will be in 0.25.0. The next 0.25.0 release will be beta2 but I haven't got a date yet. Regards James Turnbull -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) signature.asc Description: OpenPGP digital signature
[Puppet Users] Another Redundant Puppet Master Servers Thread
So it looks like at least the linux side of things is sorted at my site, which means i'm approaching go-live. With CFengine we've had two servers defined in the configuration, but puppet doesn't seem to do that and there are other issues with this setup (well our current setup of cfengine anyway). My plan was this: My dev host remains that - new modules and such get built on it, and when it's tested and working we check it in to svn. My prod hosts update from svn via cron every X minutes (thinking between 5 and 15) and serve their data. Which leads to my two questions: 1) how do i keep the certs on both prod hosts ? I assume they ID the host uniquely, so just copying them across is not the way forward, though i'm planning to use some sort of IP failover between the two prod hosts, and i'm thinking signing against the shared IP may be sufficient (have not tried). 2) has anyone used puppet with IP failover ? My Red Hat Cluster Suite nodes are currently intent on upsetting me so i'm inclined not to go that way, rather i'm considering ucarp. Regardless, has anyone tried puppet + IP failover? I guess there is a 3: is there a way of just specifying two hosts in the config (and what does that mean to certificates)? Cheers chakkerz --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Variables in definitions
Hi, A quick "Hello" to every as this is my first post on the Puppet Users group. I had some training with Teyo in London recently and am busy evaluating Puppet to replace a config engine developed for internal use at my company. Question: Is it possible to refer to variables declared inside realised definitions? Here's a basic example of how to refer to variables defined inside the scope of a class that is not your own :- test.pp -- class foo { $bar = 'baz' } include foo notice("$foo::bar") output :- -- notice: Scope(Class[main]): baz Is there any equivalent syntax for definitions along the lines of :- $foo['somename']::bar Is it possible to do something similar with definitions or is this just abuse of Puppet principles ;-) Basically what I'm trying to achieve is the set up of a bunch of scopes with variables in them. These are then combined in various ways to configure multiple instances of an application on a individual system (of which there may be many). It's proving to be tougher than I thought ;-) Any thoughts or suggestions on the direction I could take from here? Regards, David Moss --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Controlling the order of execution of puppet code?
Does anybody know the status of that patch? On May 29, 10:01 am, Brice Figureau wrote: > On Fri, 2009-05-29 at 08:18 +1000, James Turnbull wrote: > > Brice Figureau wrote: > > > On Thu, 2009-05-28 at 11:55 +0200, Peter Meier wrote: > > >> Hi > > > >>> Only way I know is to make individual objects depend on other objects. > > >>> Can't do it at > > >>> class level... I think there is a feature request somewhere in the > > >>> system for this, because > > >>> I'd like it as well... > > >> hmm did I only dream that in the upcoming release there will be a > > >> require (or something like that) keyword to include a class and > > >> require it. Unfortunately I'm not able to find the appropriate bug > > >> report. > > > > I implemented it for sure, but in the end I think it was rejected: > > >http://projects.reductivelabs.com/issues/1907 > > > > Re-reading the thread I see why we rejected the bug, but not the patch. > > > I think I'll have to resubmit it. > > > Yes - had to go re-read myself. As long as we provide both functions - > > include and a stronger require - I think this is an easy +1. > > Yes, that's what my patch was doing. > I'll resurrect the patch and post it to puppet-dev this week-end. > -- > Brice Figureau > My Blog:http://www.masterzen.fr/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Alternate file source
I was wondering if anyone out there has done any work on other URI types for File "source" ? I have a few machines that need some local scripts copied over, which are stored in CVS or Subversion. It would be really helpful if, instead of having to check out the scripts into the module's files/ directory when they change, I could just provide Puppet with a http:// or svn:// URI -Jason --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Thu, Jun 11, 2009 at 11:58 AM, Luke Kanies wrote: > > On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: > >> In my puppet client I have >> puppet.conf defined puppet server as mypuppet >> >> server = mypuppet.example.net >> >> Not sure why the puppet client puppet-test is still sending these >> noises to the syslog >> >> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] >> Could not find server : getaddrinfo: node name or service name not >> known >> Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] >> Could not request certificate: Certificate retrieval failed: Could not >> find server puppet >> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] >> Starting catalog run >> Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] >> Finished catalog run in 0.03 seconds >> >> Am I hitting a but? > > > Almost every time I've seen this it's a problem with a filebucket -- > do you have a server-side filebucket specified to use 'puppet'? my puppetmaster is a ubuntu server and I do not see anything in /var/lib/puppet/bucket dir. Is that what you are asking? sorry I am a puppet newbie > > -- > Never esteem anything as of advantage to you that will make you break > your word or lose your self-respect. -- Marcus Aurelius Antoninus > - > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppetd not running on intervals
We are just putting our RHEL 4 systems in crontab On Wed, Jun 10, 2009 at 2:31 PM, Christopher wrote: > > Turns out this is a bug in facter which is fixed in 1.5.5. The rpm is > available in epel-testing. > > On Jun 10, 11:18 am, Christopher > wrote: > > I'm having the same exact problem here on quite a few el4 machines. > > Those that don't work are running puppet 0.24.8 whereas I do have one > > el4 that works and it's running 0.23.0. > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: puppet client looking for server puppet
On Jun 10, 2009, at 12:50 PM, Asif Iqbal wrote: > In my puppet client I have > puppet.conf defined puppet server as mypuppet > > server = mypuppet.example.net > > Not sure why the puppet client puppet-test is still sending these > noises to the syslog > > Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] > Could not find server : getaddrinfo: node name or service name not > known > Jun 10 13:36:23 puppet-test puppetd[10863]: [ID 702911 daemon.error] > Could not request certificate: Certificate retrieval failed: Could not > find server puppet > Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] > Starting catalog run > Jun 10 13:36:44 puppet-test puppetd[13502]: [ID 702911 daemon.notice] > Finished catalog run in 0.03 seconds > > Am I hitting a but? Almost every time I've seen this it's a problem with a filebucket -- do you have a server-side filebucket specified to use 'puppet'? -- Never esteem anything as of advantage to you that will make you break your word or lose your self-respect. -- Marcus Aurelius Antoninus - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppetrun timeout
On Jun 8, 2009, at 4:39 PM, Pete Emerson wrote: > I'm using puppet 0.24.7-4. I have a situation where I have some very > long running puppet runs in order to do upgrades (removing > applications from load balancers gracefully, et cetera). > > My puppet runs triggered via puppetrun are finishing successfully: > > Jun 8 20:31:29 puppetd[10178]: Finished catalog run in 345.18 seconds > > Puppetrun itself is timing out: > > err: Connection timeout calling puppetrunner.run: execution expired > Host myhost failed: Connection Timeout > myhost finished with exit code 2 > > I'm calling puppetrun with --foreground: puppetrun --host=myhost -- > host=myhost2 --host=myhost3 --foreground --parallel > > However, I don't see anything in the puppetrun doco that hints at > setting the execution exiry time. Any suggestions? I'd run with --no-foreground. Or, modify puppetrun to have a timeout? -- It's impossible to foresee the consequences of being clever. -- Christopher Strachey - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Puppet Certification?
On Jun 3, 2009, at 6:03 AM, paul matthews wrote: > I realise this could be a long way off as Puppet is rapidly > evolving, with development still at the forefront but are there > plans in the furture to offer a Puppet Certification exam. I know > the subject of certification is not to everyone's taste, but I find > studying for these is a good way for me to focus on learning all the > subject areas and to demonstrate some level of competence to any > would be employers. I think there would be benefits to Reductive > too, I guess mostly in the area of getting people to attend training > courses > > I'll get my flame proof suit on in anticipation for any replies We've actually had quite a few people ask for certification, for various reasons, and we plan on offering it. We hope to have a first pass available something like the end of 2009. Obviously, the more people ask for it, the faster it will get done. -- You can't wait for inspiration. You have to go after it with a club. -- Jack London - Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
Am 11.06.2009 um 17:23 schrieb Paul Nasrat: > That all should be part of libc. Try apt-get install build-essential. Actually, libc6-dev was enough. """ Architecture: x86_64 CPU(s):2 Thread(s) per core:1 Core(s) per socket:1 CPU socket(s): 2 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 2 Stepping: 3 CPU MHz: 2659.996 Hypervisor vendor ID: KVMKVMKVM Virtualization type: full """ Ubuntu guest in KVM. Regards, Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
>> gcc -o lscpu lscpu.c > > I get: > """ > lscpu.c:21:19: Fehler: ctype.h: No such file or directory > lscpu.c:22:20: Fehler: dirent.h: No such file or directory > lscpu.c:23:17: Fehler: err.h: No such file or directory > lscpu.c:24:19: Fehler: errno.h: No such file or directory > lscpu.c:25:19: Fehler: fcntl.h: No such file or directory > lscpu.c:26:20: Fehler: getopt.h: No such file or directory > lscpu.c:27:19: Fehler: stdio.h: No such file or directory > lscpu.c:28:20: Fehler: stdlib.h: No such file or directory > lscpu.c:29:20: Fehler: string.h: No such file or directory > lscpu.c:30:25: Fehler: sys/utsname.h: No such file or directory > lscpu.c:31:20: Fehler: unistd.h: No such file or directory > """ > on an ubuntu KVM guest with gcc installed. I suppose I lack some paths > in some ENV variables, can anyone point me to which ones? That all should be part of libc. Try apt-get install build-essential. Paul --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] trying to understand puppet internal
Hi all, I keep doing my own scalability test. Trying to run puppet in all nodes at once. I've started with a fresh puppet+mongrel install (4 cpus, 4 puppetmasterd). I decided to start with a simple test, copying 1MB file to 188 nodes. No node type/group. It worked really fine. Now I'm trying with new test, 100files, one rpm install and 1 service stop. No node type/group. Worked fine. Next test is my prod conf. I has many classes, some definition, host group, dependencies, etc... And here puppet crashes... So I'd like to simplify my conf, and I'm wondering how puppet evaluates a node conf, so maybe I could reduce its complexity... For example, user/group creation, I rarely add users, so I could disable that class in a dynamic way? maybe adding some condition? or adding a condition will overload puppet server? or packages, i have about 50 sepaarte packages, If I define a var with all packages, will the load down? Any tips will be appreciate, Cheers, Arnau --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
Hi, Am 11.06.2009 um 15:41 schrieb Paul Nasrat: > gcc -o lscpu lscpu.c I get: """ lscpu.c:21:19: Fehler: ctype.h: No such file or directory lscpu.c:22:20: Fehler: dirent.h: No such file or directory lscpu.c:23:17: Fehler: err.h: No such file or directory lscpu.c:24:19: Fehler: errno.h: No such file or directory lscpu.c:25:19: Fehler: fcntl.h: No such file or directory lscpu.c:26:20: Fehler: getopt.h: No such file or directory lscpu.c:27:19: Fehler: stdio.h: No such file or directory lscpu.c:28:20: Fehler: stdlib.h: No such file or directory lscpu.c:29:20: Fehler: string.h: No such file or directory lscpu.c:30:25: Fehler: sys/utsname.h: No such file or directory lscpu.c:31:20: Fehler: unistd.h: No such file or directory """ on an ubuntu KVM guest with gcc installed. I suppose I lack some paths in some ENV variables, can anyone point me to which ones? Felix --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: how do I submit a patch?
2009/6/10 Dick Davies : > > Thanks James. > > Actually it's the same fundamental issue as > > http://projects.reductivelabs.com/issues/2067 > > so i've amended that ticket. > > I won't send a patch just yet, but at least I can pick through the code > now when I get a spare hour :) Thanks for the pointers. I'm in the middle of completely rewriting the fact. On your virtual box guest can you give me the output of running lscpu: wget http://people.redhat.com/kzak/lscpu.c gcc -o lscpu lscpu.c ./lscpu Cheers Paul --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Exporting and collecting resources on the multiple hosts problem
> If you're running a version affected, upgrade to the 0.24.8 version on > your master. > Ah, that would explain it. I'm running the version that comes with OpenCSW (the solaris package repo.), which is currently at 0.24.7. I'll see if there are any plans to upgrade that in the near future, and if not, I'll see about doing a re-install from source. Thanks! Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Exporting and collecting resources on the multiple hosts problem
Hi, On which version of puppet is running on your puppetmaster? Various versions had some issues with exported/collected resources (0.24.7 was one of them, if I remember correctly). On Thu, June 11, 2009 13:44, Chris wrote: > > I'm using puppet to generate nagios configs in what I guess is the > 'usual' way; by having each host export config a files for each nagios > check using @@file {...tag=nagios...}, which are then collected onto > the nagios server with File <<|tag == 'nagios' |>> Yes, this looks like pretty standard. > I have two nagios servers, and I want each of them to collect all of > the config files. No issue, each one has to File <<||>>. > The nagios servers also define nagios checks of their own (having two > means they can check each other, which is handy). > > Now, what's strange is that the nagios servers don't appear collect > each others' checks. So each nagios server gets the checks for itself, > and for all the other non-nagios servers, but not for the other > nagios. > > Looking in the database, it seems that the nagios config file > resources, on both servers, are marked as "exported=0". So they > appear on their own server by virtue of being 'real' resources, > despite being defined with @@file... This really looks like one of the issue in 0.24.7. > I guess this is something to do with the fact that the same node is > exporting the resource and collecting it - could this somehow cause > puppet to think that, since the resource is being collected locally, > it doesn't need to be exported? > > Is there a way around this? If you're running a version affected, upgrade to the 0.24.8 version on your master. -- Brice Figureau Days of Wonder --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Exporting and collecting resources on the multiple hosts problem
Hi, I'm using puppet to generate nagios configs in what I guess is the 'usual' way; by having each host export config a files for each nagios check using @@file {...tag=nagios...}, which are then collected onto the nagios server with File <<|tag == 'nagios' |>> I have two nagios servers, and I want each of them to collect all of the config files. The nagios servers also define nagios checks of their own (having two means they can check each other, which is handy). Now, what's strange is that the nagios servers don't appear collect each others' checks. So each nagios server gets the checks for itself, and for all the other non-nagios servers, but not for the other nagios. Looking in the database, it seems that the nagios config file resources, on both servers, are marked as "exported=0". So they appear on their own server by virtue of being 'real' resources, despite being defined with @@file... I guess this is something to do with the fact that the same node is exporting the resource and collecting it - could this somehow cause puppet to think that, since the resource is being collected locally, it doesn't need to be exported? Is there a way around this? Thanks Chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
One other try: <% if classes.index('httpd') I forgot that tags weren't exposed in the ERB. Trevor On Thu, Jun 11, 2009 at 05:42, Dick Davies wrote: > > Hi Trevor, thanks for the idea. > > On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughan wrote: > >> Someone might give you a better answer, but try: >> >> <% if tags.index('httpd') && has_variable?('httpd::open_firewall') %> >> >> This *may not* work due to file parsing order, but I *think* that it will. > > I did too, but it doesn't :( > > The only reason I tried variables is because tags aren't visible > (due to scoping?). > > It seems you can't see tags (autotags or tags set explicitly with > tag('httpd') defined in > classes your class includes. > > This is a real problem from where I'm sat; it does make me wonder what > tags are actually > useful for. > > I suppose I could define the tag in the node, but that seems pretty > redundant since I'm > also including the 'httpd' class. > > > > > >> Trevor >> >> Dick Davies wrote: >>> I'm using a primitive template to build my iptables rulesets. >>> It's all in a branch on my github repo at >>> >>> http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables >>> >>> template that looks like: >>> >>> <% if has_variable?('httpd::open_firewall') %> >>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j >>> ACCEPT >>> <% end -%> >>> >>> (see >>> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb >>> ) >>> >>> i then set a variable in the httpd module like this: >>> >>> class httpd { >>> $open_firewall = 'on' >>> # rest of httpd class def. >>> } >>> >>> [ >>> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp >>> ] >>> >>> The idea being that if a node has 'include httpd', then when it runs >>> 'include iptables' >>> it'll open the right port. >>> >>> This works fine for classes that include httpd. The trouble is that i >>> get this error on >>> nodes that don't : >>> >>> [r...@node03 ~]# puppetd -tv >>> info: Retrieving plugins >>> err: Could not retrieve catalog: Failed to parse template >>> iptables/iptables.erb: Class httpd has not been evaluated so its >>> variables cannot be referenced at >>> /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie >>> warning: Not using cache on failed catalog >>> >>> >>> To my mind, that should be a warning, not an error. >>> >>> Is there any 'guard' I can put in my template to stop this blowing up? >>> >>> I did try: >>> >>> <% if has_variable?('httpd') && has_variable?('httpd::open_firewall') %> >>> >>> but the first clause is always false, even on nodes that 'include httpd'. >>> >>> >>> Sorry this has been a bit longwinded, but I'm a bit stumped here. >>> Thanks in advance for >>> any tips. >>> >>> > >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab >> hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa >> =7UvV >> -END PGP SIGNATURE- >> >> > >> > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
I've raised http://projects.reductivelabs.com/issues/2336 against this. To my mind, has_variable?('panda::blood') returning false makes more sense than throwing a parse error :) On Thu, Jun 11, 2009 at 10:42 AM, Dick Davies wrote: > Hi Trevor, thanks for the idea. > > On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughan wrote: > >> Someone might give you a better answer, but try: >> >> <% if tags.index('httpd') && has_variable?('httpd::open_firewall') %> >> >> This *may not* work due to file parsing order, but I *think* that it will. > > I did too, but it doesn't :( > > The only reason I tried variables is because tags aren't visible > (due to scoping?). > > It seems you can't see tags (autotags or tags set explicitly with > tag('httpd') defined in > classes your class includes. > > This is a real problem from where I'm sat; it does make me wonder what > tags are actually > useful for. > > I suppose I could define the tag in the node, but that seems pretty > redundant since I'm > also including the 'httpd' class. > > > > > >> Trevor >> >> Dick Davies wrote: >>> I'm using a primitive template to build my iptables rulesets. >>> It's all in a branch on my github repo at >>> >>> http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables >>> >>> template that looks like: >>> >>> <% if has_variable?('httpd::open_firewall') %> >>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j >>> ACCEPT >>> <% end -%> >>> >>> (see >>> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb >>> ) >>> >>> i then set a variable in the httpd module like this: >>> >>> class httpd { >>> $open_firewall = 'on' >>> # rest of httpd class def. >>> } >>> >>> [ >>> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp >>> ] >>> >>> The idea being that if a node has 'include httpd', then when it runs >>> 'include iptables' >>> it'll open the right port. >>> >>> This works fine for classes that include httpd. The trouble is that i >>> get this error on >>> nodes that don't : >>> >>> [r...@node03 ~]# puppetd -tv >>> info: Retrieving plugins >>> err: Could not retrieve catalog: Failed to parse template >>> iptables/iptables.erb: Class httpd has not been evaluated so its >>> variables cannot be referenced at >>> /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie >>> warning: Not using cache on failed catalog >>> >>> >>> To my mind, that should be a warning, not an error. >>> >>> Is there any 'guard' I can put in my template to stop this blowing up? >>> >>> I did try: >>> >>> <% if has_variable?('httpd') && has_variable?('httpd::open_firewall') %> >>> >>> but the first clause is always false, even on nodes that 'include httpd'. >>> >>> >>> Sorry this has been a bit longwinded, but I'm a bit stumped here. >>> Thanks in advance for >>> any tips. >>> >>> > >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.9 (GNU/Linux) >> >> iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab >> hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa >> =7UvV >> -END PGP SIGNATURE- >> >> >> >> > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Any way to stop has_variable? throwing errors?
Hi Trevor, thanks for the idea. On Thu, Jun 11, 2009 at 4:28 AM, Trevor Vaughan wrote: > Someone might give you a better answer, but try: > > <% if tags.index('httpd') && has_variable?('httpd::open_firewall') %> > > This *may not* work due to file parsing order, but I *think* that it will. I did too, but it doesn't :( The only reason I tried variables is because tags aren't visible (due to scoping?). It seems you can't see tags (autotags or tags set explicitly with tag('httpd') defined in classes your class includes. This is a real problem from where I'm sat; it does make me wonder what tags are actually useful for. I suppose I could define the tag in the node, but that seems pretty redundant since I'm also including the 'httpd' class. > Trevor > > Dick Davies wrote: >> I'm using a primitive template to build my iptables rulesets. >> It's all in a branch on my github repo at >> >> http://github.com/rasputnik/babysteps-puppet/tree/templated-iptables >> >> template that looks like: >> >> <% if has_variable?('httpd::open_firewall') %> >> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j >> ACCEPT >> <% end -%> >> >> (see >> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/iptables/templates/iptables.erb >> ) >> >> i then set a variable in the httpd module like this: >> >> class httpd { >> $open_firewall = 'on' >> # rest of httpd class def. >> } >> >> [ >> http://github.com/rasputnik/babysteps-puppet/blob/templated-iptables/modules/httpd/manifests/init.pp >> ] >> >> The idea being that if a node has 'include httpd', then when it runs >> 'include iptables' >> it'll open the right port. >> >> This works fine for classes that include httpd. The trouble is that i >> get this error on >> nodes that don't : >> >> [r...@node03 ~]# puppetd -tv >> info: Retrieving plugins >> err: Could not retrieve catalog: Failed to parse template >> iptables/iptables.erb: Class httpd has not been evaluated so its >> variables cannot be referenced at >> /etc/puppet/modules/iptables/manifests/init.pp:11 on node node03.pixie >> warning: Not using cache on failed catalog >> >> >> To my mind, that should be a warning, not an error. >> >> Is there any 'guard' I can put in my template to stop this blowing up? >> >> I did try: >> >> <% if has_variable?('httpd') && has_variable?('httpd::open_firewall') %> >> >> but the first clause is always false, even on nodes that 'include httpd'. >> >> >> Sorry this has been a bit longwinded, but I'm a bit stumped here. >> Thanks in advance for >> any tips. >> >> > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > > iEYEARECAAYFAkowedoACgkQyjMdFR1108Dh0gCfWz7tn6/5+K2w9LZK2P+ajsab > hy4An1ogD2dP3yj9wuGpn4v/Q1dKmoEa > =7UvV > -END PGP SIGNATURE- > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: Multiple version of the same package
Aurelien Degremont wrote: > Hello > > I would like to install different versions of the same package with Puppet. > > The packaging of those package is totally compatible and authorize to > have both installed in the meantime. > > # rpm -i foo-1.1 foo-2.3 > works very well. > > How declare this with Puppet? > I only found this workaround for the moment: > > package { > "foo-1": >name => "foo-1.1", >ensure => "1.1-25"; > "foo-2": >name => "foo-2.3", >ensure => "2.3-1"; > } > > Is there a better way http://projects.reductivelabs.com/issues/1720 -- Trevor Hemsley Infrastructure Engineer . * C A L Y P S O * Brighton, UK OFFICE +44 (0) 1273 666 350 FAX +44 (0) 1273 666 351 . www.calypso.com This electronic-mail might contain confidential information intended only for the use by the entity named. If the reader of this message is not the intended recipient, the reader is hereby notified that any dissemination, distribution or copying is strictly prohibited. * P * /*/ Please consider the environment before printing this e-mail /*/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Multiple version of the same package
Hello I would like to install different versions of the same package with Puppet. The packaging of those package is totally compatible and authorize to have both installed in the meantime. # rpm -i foo-1.1 foo-2.3 works very well. How declare this with Puppet? I only found this workaround for the moment: package { "foo-1": name => "foo-1.1", ensure => "1.1-25"; "foo-2": name => "foo-2.3", ensure => "2.3-1"; } Is there a better way? -- Aurelien Degremont --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---
[Puppet Users] Re: keeping some code out of the repo
Dan Bode wrote: > Hi, > > It seems like one of the barriers to the puppet production rollout that > I am working towards will be user adoption. For this purpose, I want to > manage all common tasks with UIs that autogenerate the puppet code, so > that the admins only have to go through the full build process for > custom code changes and not routine processes. > manifests/managed-server.pp (node group definitions will be an > autogenerated file) > users uses scripts (maybe a GUI later) to add hosts to a group, remove > hosts, move hosts, also used by the kickstart scripts to add hosts after > installation Use http://reductivelabs.com/trac/puppet/wiki/ExternalNodes for that. That way you can add/remove classes and set variables for nodes by letting puppet call out to a script. > To do this correctly, I need to use some of the Puppet core API for > parsing files, maybe a verfiy function or create fucntion. Can someone > point me to a good starting place for these fucntions? Also what is the > expectation for backwards compatibility when using the API internals > (very low, I assume??) Most of the functionality will just be config > files in the files dir for a module that are loaded at run time. While I haven't actually implemented something like this, I've made two designs how I think this could be implemented: 1) storeconfigs based This is pretty straight forward. First you need to define what resource you want to manage externally: | define external::something($param1, $param2) { | # ... | } Then activate storedconfigs and work with the created database: Create a "fake" host, and add the resources to the "resources" table, adding parameters into the "resourcekeep the items with exported='t' and put the params into "param_names"/"param_values". The database schema is quite straight-forward. Finally, you can just collect all the resources from the database where you need them: | External::something <<| |>> See http://reductivelabs.com/trac/puppet/wiki/ExportedResources for more details on the query syntax. 2) function based This way is more involved but would provide you with more flexibility. The point here is to create puppet functions to query your custom database while compiling the configuration for a client: | define external::something::from_db() { | $real_name = name_from_db($name) | $param1 = param1_from_db($name) | $param2 = param2_from_db($name) | external::something { | $real_name: | param1 => $param1, | param2 => $param2; | } | } And use it like that: | external::something::from_db { list_from_db(): } Where list_from_db() returns an array of primary keys, and name_from_db() and param?_from_db() return the name and the values respectivly for a certain primary key. 3) Conclusion Both of the methods avoid touching internal APIs of puppet and thus should be quite stable across releases. Regards, DavidS --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~--~~~~--~~--~--~---