Re: [Puppet Users] Storeconfigs connection pool problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kerwin wrote: > Hi list, > > i just enabled storeconfigs and cannot use puppetrun on more than 5 > hosts. When i try 6+ i get the error message: > > puppetmasterd[16209]: could not obtain a database connection within 5 > seconds. The max pool size is currently 5; consider increasing it. > > My Mysql setup allows a lot more connections (500). Any suggestions? > > Thanks, > > Daniel > Do you have the proper rubygem for mysql installed? I think on deb/ubuntu it's something like libmysql-ruby1.8. - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt05xoACgkQRkBieEaRmubRKACglFzvJCGtN1rChmbuZqfJKN7/ yYUAn1/KdvVfD8DURsk+lzc+/VAxb1fG =lPum -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] satellite sites management
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nat wrote: > Hi, > > We have got puppet set up and running at our main office with no > issues. > We are using an external node classifier instead of directly creating > node definition files. > > We would like to manage our remote offices using puppet also. A little > about our set up. From our main site we have VPN links out to a remote > site. each site is generally identical with the same number of servers > and roughly the same services running on each server. Essentially > the only differences at each remote site the subnet and related IP > addresses. > > Since we are using an external node classifier we do not explicitly > have node definition so we can not inherit a class and override a > default value. > Is there a way to do this using node classifiers? > > > An example will probably show this better > > Site1: > + location UK > + subnet 192.168.1.0/24 > + gateway 192.168.1.254 (acts also as nameserver and local > dns etc >for all servers at site > 1, for example ntp will >use the closest time > source geographically) > + sever1 ip - 192.168.1.1 gateway of 192.168.1.254 > + sever2 ip - 192.168.1.2 gateway of 192.168.1.254 > Site 2: > + location US > + subnet 192.168.2.0/24 > + gateway 192.168.2.254 (acts also as nameserver and local > dns etc >for all servers at site > 2, for example ntp will >use the closest time > source geographically) > + sever1 ip - 192.168.2.1 gateway of 192.168.2.254 > + sever2 ip - 192.168.2.2 gateway of 192.168.2.254 > > As you can see most details are identical between sites except for a > few > network and geographical differences. > > Has there been any consensus within the community on the best way to > manage situations like this? > Well, I think a large portion of users have discovered that RI Pienaar's (Volcane on IRC) extlookup.rb add on is good for this sort of stuff. It's basically a function that looks up data in a csv file. So say your locations are domains like us.yourcompany.com. You can have a file called us.yourcompany.com.csv in a directory under /etc/puppet, or you set a location some other way you can have a us.csv file in the directory. I call my external lookup directory 'extdata', and it looks up in the order of something like fqdn, domain, location, common (if it fails to find one csv, it moves on to the next). Then inside your manifest you set variables like: $something = extlookup("something") It's really got so many uses I encourage you to use it. It was the only way I could solve a lot of puppet problems I ran into. Here is the page: http://www.devco.net/?s=extlookup - -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkt05q4ACgkQRkBieEaRmuZWDgCfdk89Fk1eyC9ichJIbjN9Jldj z1wAn0lUYhjxeqAinqjSZuS7MqkG+hnp =SZh3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Error 400 on SERVER: private method `gsub' called for nil:NilClass
I am seeing the same thing. On the puppet master, the http log shows: DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. [2010-02-11 18:51:13] xxx1076.xx.com - - [11/Feb/2010:18:51:13 PST] "GET /production/file_metadatas/modules/faban2/benchmarks? &&links=manage&recurse=true HTTP/1.1" 400 45 [2010-02-11 18:51:13] - -> /production/file_metadatas/modules/faban2/ benchmarks?&&links=manage&recurse=true [2010-02-11 18:51:13] DEBUG close: xx.xx.xx.xx:37585 [2010-02-11 18:51:13] DEBUG accept: xx.xx.xx.xx:37586 Notice that the URL twice has '' where you would expect to see name=value parameters: /production/file_metadatas/modules/faban2/benchmarks? &&links=manage&recurse=true Is this perhaps the nil value that puppet complains it can't call gsub on? Dan On Feb 9, 6:44 am, eblack wrote: > Thanks for the response. I did try putting in the subdirectory path as > well, but the same thing occurs. I continued to play around with it > and the error message disappears if I remove the recurse parameter. > The trace dump is below, but I can't find the problem from it (I don't > know ruby): > > /usr/lib/ruby/1.8/webrick/httprequest.rb:342:in `parse_query' > /usr/lib/ruby/1.8/webrick/httprequest.rb:122:in `query' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick/rest.rb:16:in > `params' > /usr/lib/site_ruby/1.8/puppet/network/http/handler.rb:64:in `process' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick/rest.rb:23:in > `service' > /usr/lib/ruby/1.8/webrick/httpserver.rb:92:in `service' > /usr/lib/ruby/1.8/webrick/httpserver.rb:54:in `run' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:45:in `listen' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `call' > /usr/lib/ruby/1.8/webrick/server.rb:151:in `start_thread' > /usr/lib/ruby/1.8/webrick/server.rb:145:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:145:in `start_thread' > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:89:in `each' > /usr/lib/ruby/1.8/webrick/server.rb:89:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:79:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:79:in `start' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `initialize' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:38:in > `synchronize' > /usr/lib/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen' > /usr/lib/site_ruby/1.8/puppet/network/server.rb:131:in `listen' > /usr/lib/site_ruby/1.8/puppet/network/server.rb:146:in `start' > /usr/lib/site_ruby/1.8/puppet/daemon.rb:128:in `start' > /usr/lib/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in > `main' > /usr/lib/site_ruby/1.8/puppet/application/puppetmasterd.rb:80:in > `main' > /usr/lib/site_ruby/1.8/puppet/application.rb:226:in `send' > /usr/lib/site_ruby/1.8/puppet/application.rb:226:in `run_command' > /usr/lib/site_ruby/1.8/puppet/application.rb:217:in `run' > /usr/lib/site_ruby/1.8/puppet/application.rb:217:in `exit_on_fail' > /usr/lib/site_ruby/1.8/puppet/application.rb:217:in `run' > /usr/sbin/puppetmasterd:66 > err: private method `gsub' called for nil:NilClass > > On Feb 8, 5:20 pm, Daniel wrote:> You are missing > the path to sync. The full path may be something like > > "puppet://$server/modules/dev_oracle_dev_tools/the_tools_folder > > dev_oracle_dev_tools just identifies the module > > > On Mon, Feb 8, 2010 at 11:13 PM, eblack wrote: > > > Hi all, > > > > I'm new to puppet and I can't seem to figure out how to get rid of > > > this error on the client or to get the recursive copy of files to the > > > client: > > > > err: //dev_oracle_dev_tools::install/File[/tmp/oracle_dev_tools]: > > > Failed to generate additional resources using 'eval_generate': Error > > > 400 on SERVER: private method `gsub' called for nil:NilClass > > > > My module is called 'dev_oracle_dev_tools' and it is defined as: > > > > class dev_oracle_dev_tools { > > > include dev_oracle_dev_tools::install > > > } > > > > class dev_oracle_dev_tools::install { > > > file { "/tmp/oracle_dev_tools": > > > recurse => "true", > > > ensure => "directory", > > > group => "root", > > > owner => "eblack", > > > mode => 750, > > > source => "puppet://$server/modules/ > > > dev_oracle_dev_tools", > > > } > > > } > > > > And I call it like: > > > > node "file01.eblack.dev.gg.net" { > > > include "dev_oracle_dev_tools" > > > } > > > > All the other file parameters directives are followed on the client; > > > ie: directory is created if it doesn't exist and mode, group, owner > > > are set. > > > > The error goes away if I comment out the 'source' parameter. > > > > Hoping someone can help me because I've spent
[Puppet Users] satellite sites management
Hi, We have got puppet set up and running at our main office with no issues. We are using an external node classifier instead of directly creating node definition files. We would like to manage our remote offices using puppet also. A little about our set up. From our main site we have VPN links out to a remote site. each site is generally identical with the same number of servers and roughly the same services running on each server. Essentially the only differences at each remote site the subnet and related IP addresses. Since we are using an external node classifier we do not explicitly have node definition so we can not inherit a class and override a default value. Is there a way to do this using node classifiers? An example will probably show this better Site1: + location UK + subnet 192.168.1.0/24 + gateway 192.168.1.254 (acts also as nameserver and local dns etc for all servers at site 1, for example ntp will use the closest time source geographically) + sever1 ip - 192.168.1.1 gateway of 192.168.1.254 + sever2 ip - 192.168.1.2 gateway of 192.168.1.254 Site 2: + location US + subnet 192.168.2.0/24 + gateway 192.168.2.254 (acts also as nameserver and local dns etc for all servers at site 2, for example ntp will use the closest time source geographically) + sever1 ip - 192.168.2.1 gateway of 192.168.2.254 + sever2 ip - 192.168.2.2 gateway of 192.168.2.254 As you can see most details are identical between sites except for a few network and geographical differences. Has there been any consensus within the community on the best way to manage situations like this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Exec doesn't work with Ubuntu Server 10.04 (Lucid Lynx) 64bit
I've reported this bug to Ubuntu. The solution is to rebuild ruby1.8 without pthreads, unless ruby fixes the bug upstream which causes the hang. https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/520715 Joel On Feb 10, 2:42 pm, Nigel Kersten wrote: > On Wed, Feb 10, 2010 at 11:48 AM, Nigel Kersten wrote: > > On Tue, Feb 9, 2010 at 5:06 AM, kai.steverding > > wrote: > >> I installed ruby on the above server and tried with a simple exec- > >> test : > > >> class testmodule { > >> exec {"TEST-EXEC" : > >> cwd => "/tmp/", > >> command =>"/usr/bin/touch /tmp/ >/tmp/123 2>&1", > >> timeout => 5, > >> logoutput=> on_failure > >> } > >> } > > >> This simple thing gets the following output from "puppet --debug -- > >> test" > > >> debug: Loaded state in 0.00 seconds > >> info: Applying configuration version '1265719507' > >> debug: //testmodule/Exec[TEST-EXEC]: Changing returns > >> debug: //testmodule/Exec[TEST-EXEC]: 1 change(s) > >> debug: //testmodule/Exec[TEST-EXEC]: Executing '/usr/bin/touch /tmp/ > >> ' > >> debug: Executing '/usr/bin/touch /tmp/' > >> err: //testmodule/Exec[TEST-EXEC]/returns: change from notrun to 0 > >> failed: Command exceeded timeout at /etc/puppet/modules/testmodule/ > >> manifests/init.pp:6 > >> debug: Finishing transaction 69914685668640 with 1 changes > >> debug: Storing state > >> debug: Stored state in 0.01 seconds > >> debug: Format pson not supported for Puppet::Transaction::Report; has > >> not implemented method 'from_pson' > >> debug: Format s not supported for Puppet::Transaction::Report; has not > >> implemented method 'from_s' > > >> What can I do ? Did i make a mistake, or is exec broken ? > > > Kai, something is definitely broken in Lucid. > > > We're seeing all sorts of process exec issues. > > > Have you nailed this down at all? > > So Kai, we've been doing some experimenting here today, and have > reproduced these hangs in all the Debian Ruby1.8 packages back to > 1.8.7.174-2. > > 1.8.7.174-1 we've been unable to reproduce it on though. > > From the changelog I'm wondering if the first entry under 174-2 is > responsible. Note this was later removed after upstream integrated it. > > ruby1.8 (1.8.7.174-2) unstable; urgency=medium > > [ akira yamada ] > * Added debian/patches/090811_thread_and_select.dpatch: threads may hangup > when IO.select called from two or more threads. > * Added debian/patches/090812_finalizer_at_exit.dpatch: finalizers should > be > run at exit (Closes: #534241) > * Added debian/patches/090812_class_clone_segv.dpatch: avoid segv when an > object cloned. (Closes: #533329) > * Added debian/patches/090812_eval_long_exp_segv.dpatch: fix segv when eval > a long expression. (Closes: #510561) > * Added debian/patches/090812_openssl_x509_warning.dpatch: suppress warning > from OpenSSL::X509::ExtensionFactory. (Closes: #489443) > > [ Lucas Nussbaum ] > * Removed Fumitoshi UKAI from Uploaders. Thanks a > lot for the past help! Closes: #541037 > > [ Daigo Moriwaki ] > * debian/fixshebang.sh: skip non-text files, which works around hanging of > sed on scanning gif images. > * Bumped up Standards-Version to 3.8.2. > > -- > nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?
Modified the puppet.conf but no joy still. # puppetrun -d --host client.mydomain.com debug: Parsing /etc/puppet/puppet.conf Finished I dont see the changes pushed to client.mydomain.com box. I wonder if LDAP is required component for puppetrun? Thanks, grg350 On Thu, Feb 11, 2010 at 12:44 PM, Iain Sutton wrote: > Hi, > > We are able to successfully invoke puppetrun from the puppetmaster. The two > main differences between our configuration and what is posted below are: > > a) the line 'server=puppet.mydomain.com' is in the [puppetd] section on > the client, not in the [main] section > b) we don't have a namespaceauth.conf on the puppetmaster at all, since > when we had this in place, all clients would receive a '500 Internal Server > Error' when they checked in. I haven't revisited this recently. > > We're running puppet 0.24.8 on CentOS/RHEL on client and server. > > Hope this helps, > > Iain > > > On 11 February 2010 13:49, grg350 wrote: > >> Don, looks like you are able to run puppetrun to configure clients. >> Its not working for me. >> My config files goes: >> >> On Client: >> cat puppet.conf >> [main] >> server=puppetmaster.mydomain.com >> logdir=/var/log/puppet >> vardir=/var/lib/puppet >> ssldir=/var/lib/puppet/ssl >> rundir=/var/run/puppet >> factpath=$vardir/lib/facter >> pluginsync=true >> >> [puppetd] >> listen=true >> >> cat namespaceauth.conf >> [puppetrunner] >>allow puppetmaster.mydomain.com >> >> On puppetmaster: >> cat namespaceauth.com >> [fileserver] >>allow *.mydomain.com >> [puppetmaster] >>allow *.mydomain.com >> [puppetrunner] >>allow *.mydomain.com >> >> I ran puppetrun with >> #puppetrun --host client.mydomain.com >> >> But it doesn't looks like the client get updated and exits with >> "Failed to load ruby LDAP library. LDAP functionality will not be >> available >> Finished" >> >> Also, I dont see any traffic on port 8139 and 8140 while running >> tcpdump.Those two machines are on same LAN and no firewall between >> them. Not sure what I have been missing. any help would be >> appreciated. >> >> Thanks, >> grg350 >> >> On Jan 31, 4:28 pm, Dan Bode wrote: >> > On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson < >> > >> > >> > >> > >> > >> > puppet-us...@clark-communications.com> wrote: >> > >> > > Hello, >> > >> > > I am attempting to get my machines configured properly so I can use >> > > puppetrun on my puppetmaster to get clients to update themselves >> during my >> > > development/testing of new recipes. >> > >> > > I understand about listen = true in the puppetd.conf file, and I also >> have >> > > learned about the namespaceauth.conf file, >> > > where I put stuff like: >> > >> > >[puppetrunner] >> > >allow puppet.mydomain.com >> > >> > > This was all I needed to get machines on the same LAN as my >> puppetmaster to >> > > work, but it didn't work across firewalls to machines in a colo. >> > >> > > From router/firewall logs, it appears that the puppetmaster needs to >> > > connect to port 8139 of the machine running puppetd. >> > >> > that is correct, when using puppetrun, the authorized host needs to >> initiate >> > a connection with the client on port 8139, then that host will initiate >> a >> > request with its puppetmaster on 8140. >> > >> > You can change the puppetd listen port with the puppetport option. >> > >> > -Dan >> > >> > >> > >> > > I wasn't able to find this clearly documented, hence this email. >> > >> > > Regards, >> > >> > > Don >> > >> > > -- >> > > You received this message because you are subscribed to the Google >> Groups >> > > "Puppet Users" group. >> > > To post to this group, send email to puppet-us...@googlegroups.com. >> > > To unsubscribe from this group, send email to >> > > puppet-users+unsubscr...@googlegroups.com >> >> > > . >> > > For more options, visit this group at >> > >http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- "Nothing comes easy that is done well." -Harry F. Banks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visi
Re: [Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?
Hi, We are able to successfully invoke puppetrun from the puppetmaster. The two main differences between our configuration and what is posted below are: a) the line 'server=puppet.mydomain.com' is in the [puppetd] section on the client, not in the [main] section b) we don't have a namespaceauth.conf on the puppetmaster at all, since when we had this in place, all clients would receive a '500 Internal Server Error' when they checked in. I haven't revisited this recently. We're running puppet 0.24.8 on CentOS/RHEL on client and server. Hope this helps, Iain On 11 February 2010 13:49, grg350 wrote: > Don, looks like you are able to run puppetrun to configure clients. > Its not working for me. > My config files goes: > > On Client: > cat puppet.conf > [main] > server=puppetmaster.mydomain.com > logdir=/var/log/puppet > vardir=/var/lib/puppet > ssldir=/var/lib/puppet/ssl > rundir=/var/run/puppet > factpath=$vardir/lib/facter > pluginsync=true > > [puppetd] > listen=true > > cat namespaceauth.conf > [puppetrunner] >allow puppetmaster.mydomain.com > > On puppetmaster: > cat namespaceauth.com > [fileserver] >allow *.mydomain.com > [puppetmaster] >allow *.mydomain.com > [puppetrunner] >allow *.mydomain.com > > I ran puppetrun with > #puppetrun --host client.mydomain.com > > But it doesn't looks like the client get updated and exits with > "Failed to load ruby LDAP library. LDAP functionality will not be > available > Finished" > > Also, I dont see any traffic on port 8139 and 8140 while running > tcpdump.Those two machines are on same LAN and no firewall between > them. Not sure what I have been missing. any help would be > appreciated. > > Thanks, > grg350 > > On Jan 31, 4:28 pm, Dan Bode wrote: > > On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson < > > > > > > > > > > > > puppet-us...@clark-communications.com> wrote: > > > > > Hello, > > > > > I am attempting to get my machines configured properly so I can use > > > puppetrun on my puppetmaster to get clients to update themselves during > my > > > development/testing of new recipes. > > > > > I understand about listen = true in the puppetd.conf file, and I also > have > > > learned about the namespaceauth.conf file, > > > where I put stuff like: > > > > >[puppetrunner] > > >allow puppet.mydomain.com > > > > > This was all I needed to get machines on the same LAN as my > puppetmaster to > > > work, but it didn't work across firewalls to machines in a colo. > > > > > From router/firewall logs, it appears that the puppetmaster needs to > > > connect to port 8139 of the machine running puppetd. > > > > that is correct, when using puppetrun, the authorized host needs to > initiate > > a connection with the client on port 8139, then that host will initiate a > > request with its puppetmaster on 8140. > > > > You can change the puppetd listen port with the puppetport option. > > > > -Dan > > > > > > > > > I wasn't able to find this clearly documented, hence this email. > > > > > Regards, > > > > > Don > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to puppet-us...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > puppet-users+unsubscr...@googlegroups.com > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] "What is Puppet?" Presentation
John Arundel wrote: Do they like badly hand-drawn cartoons? If so, feel free to use mine: Thanks, I quite like yours! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
the way we solved it is by setting up an additional service which compiles and set the driver (main reason for that was that network gets restarted which might disturb the puppet run) an example can be found here: http://theforeman.org/repositories/entry/foreman/app/views/unattended/snippets/_vmware.erb On Thu, Feb 11, 2010 at 5:55 PM, slune wrote: > hi, i am trying to run /usr/bin/vmware-config-tools.pl -d, but i was > end with exec timeout. I cannot find any think on google. Have anyone > experience with this? > It works, when I run it normally from shell. > > this is my exec resource. > > { "vmwaretools_config": > subscribe => [ Package["VMwareTools"] ], > refreshonly => true, > path=> "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/ > local/bin", > command => "/usr/bin/vmware-config-tools.pl -d"; } > > Thx > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using (possibly) undefined out of scope variables in an erb template
you might be hitting - http://projects.reductivelabs.com/issues/2309 Ohad On Thu, Feb 11, 2010 at 1:09 AM, Oded wrote: > I'm trying to use (possibly) undefined variables that are not in the > scope of my class in an erb template. > How do I combine this : > > <% if has_variable?("myvar") then %> > myvar has <%= myvar %> value > <% end %> > > with this : > <%= scope.lookupvar(myclass::myvar) %> > > > The idea is to get the iptables template to go through all the classes > assigned to a machine and add lines on relevant classes only(by > searching for a specific variable in that class),this way I will not > be forced to edit the iptables template/class every time another > module needs to change its iptable settings. > > Without checking for undefined variables my code looks like this : > > <% classes.each do |current_class| -%> > <% scope.lookupvar(current_class::iptables_input_tags) %> > <% end -%> > > > > Oded > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
Hi, May I recommend that you have a look at the ext directory for puppetlisten/puppetrun[1], this two scripts I wrote a while ago reuse puppet certificate infrastructure to trigger remote runs. additionally, I've created a query interface in foreman[2], which could probably give you some ideas of how integration can be done. by combining this two solutions, I think that you will have a very powerful solution. one thing to keep in mind is that many puppet users are using it via cron, because of the high memory footprint. thanks, Ohad *1 http://github.com/ohadlevy/puppet/tree/puppetlisten/ext/puppetlisten/ *2 http://theforeman.org/wiki/foreman/Query_Interface On Thu, Feb 11, 2010 at 1:45 AM, Michael DeHaan wrote: > Teyo, Bruce, and I were bouncing around some ideas resently for an > simple but enhanced puppetrun. > > Basically the idea is merging the ideas behind Func and Puppetrun. > Obviously other tools like mcollective have various other advantaged > features so this will be fairly primative by comparison, though it > won't require a message bus. If you want something more advanced > obviously try out those tools, this is covering a much smaller use case. > > This is something I am going to take a crack at this in the coming > weeks.This would be something pretty simple and lightweight, and > could > probably fix a lot of the use cases around making puppetrun (or > staggering large sets of hosts) a lot easier. > > Features I'm thinking of: > > Requires no additonal ports, setup, or config files -- use existing > puppet listening capability and puppetca, just a /usr/bin app > Be able to query dashboard DB to run against tagged nodes or hosts > that have certain data there (or in storeconfigs???) > Be able to run against wildcarded nodes based on what certs are > present on the puppetmaster (we know the hostnames) > Be able to be used easily from an API perspective from any ruby application > Be able to invoke ralsh remotely for querying things (and for debug, > and one off tasks) > Be able to run shell commands for things that are one offs (emergency > security power down now) > > Example syntax: > > punc --hosts *.example.org --puppetize # get new catalog and run > punc --hosts *.example.org --ralsh "service name=foo ensure=running" > # perform an action through ralsh > punc --hosts *.example.org --shell "/bin/emergency_script" # run a > shell script... for the one-off cases > punc --hosts foo.*.example.org --ralsh "service name=foo" > --format=json # query something with ralsh and generate a report > punc --hosts foo.*.example.org --facter fact --format=json # similarly > generate a facter report > punc --tags webservers [...ditto...] > punc --critiera "fact==foo" [..ditto...] > punc --critiera "fact==foo" [some operation to run only if fact > matches] [...ditto...] > > So for example we could choose to reboot all the servers that match a > given fact, etc. > > It should also allow easier staged deployments and environment usage > from apps that want to use the API. > > Additional ideas for stuff you would like to see? > > --Michael > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetrun doesn't update the clients
I am trying to configure puppetrun to configure clients from the puppetmaster. But for some reason, its not working for me. My config files goes: On Client: cat puppet.conf [main] server=puppetmaster.mydomain.com logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true [puppetd] listen=true cat namespaceauth.conf [puppetrunner] allow puppetmaster.mydomain.com On puppetmaster: cat namespaceauth.com [fileserver] allow *.mydomain.com [puppetmaster] allow *.mydomain.com [puppetrunner] allow *.mydomain.com I ran puppetrun with #puppetrun --host client.mydomain.com But it doesn't looks like the client get updated and exits with "Failed to load ruby LDAP library. LDAP functionality will not be available Finished" I saw in some posts that the ports 8139 and 8140 needs to be opened on firewall. In our scenario, those two machines are on same LAN and no firewall betweenthem. Not sure what I have been missing?? any help would be appreciated. *I am running 0.24.5-3 version of puppet/puppetmaster on lenny systems. Thanks, grg350 -- "Nothing comes easy that is done well." -Harry F. Banks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Missing facts
Hi, When puppet master compiles catalog for the client( x.x.x.x ), I get this message in my logs - Feb 11 19:11:02 domU-12-31-39-0A-5D-54 puppetmasterd[2039]: Could not find facts for x.x.x.x; you probably have a discrepancy between the node and fact names Feb 11 19:11:03 domU-12-31-39-0A-5D-54 puppetmasterd[2039]: Compiled catalog for x.x.x.x in 0.70 seconds There are no other messages after this in the logs. How do I find out the discrepancy or missing facts ? Puppet version - 0.24.6 Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
Alan Barrett wrote: On Wed, 10 Feb 2010, Michael DeHaan wrote: We're attempting to provide a reason to not use cron :) I have a requirement that puppet may not change anything on a production host without change control approval in advance. It would be nice if a new version of puppet had better support for this use case. Of course there are change control procedures for getting the manifests updated on the puppetmaster, but that's not enough; it's also necessary to run the puppet client only when specifically authorised. For example, the manifest update and a --noop mode client puppet run might happen during working hours, but the --no-noop client puppet run might happen during a maintenance window after hours. As far as I am aware, the existing combination of "puppetd --listen" on each client, and "puppetrun" on a central server, does not handle this use case, so I run "puppetd --onetime --noop" or "puppetd --onetime --no-noop" via ssh. --apb (Alan Barrett) So let me get this straight: You run --noop throughout the day, aggregate the changes that need to be made, and then have a EOD/EOW "change control" meeting to go over them and determine if you need to run puppet without --noop ? -scott -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] "What is Puppet?" Presentation
On Wed, Feb 10, 2010 at 10:50 PM, Avi Miller wrote: >> Might be something to mine here :) >> http://reductivelabs.com/trac/puppet/wiki/PuppetPresentations > > That's exactly what I was looking for. Go go crowd-surfed Google searching. Do they like badly hand-drawn cartoons? If so, feel free to use mine: http://bitfieldconsulting.com/agile-sysadmin J -- Bitfield Consulting: we make software that makes things work http://bitfieldconsulting.com/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
Filip Slunecko wrote: I stopped process after 30 minutes (99% CPU whole time). It looks like it's stuck somewhere. But I don't know how to realize what is wrong. Filip On Thu, Feb 11, 2010 at 2:40 PM, Marc Fournier wrote: should be without asking. When I run it in the bash It ends in a minute, without asking any thing. Ok, I suppose this is the part where it compiles a kernel module, which can indeed take a while. You have a "timeout" parameter which can be used in this case: exec { "/usr/bin/vmware-config-tools.pl -d": timeout => "-1" } I found only this bug (http://photographersofficeonline.com/issues/910), but it's old one and is closed (solved?). I wonder why redmine is suddenly reachable through photographersofficeonline.com ? Is this new ? It seems like an error. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I've seen behavior like this in scripts that expect a TTY, yet there is not one... I'm not sure exactly how to handle that... -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
I stopped process after 30 minutes (99% CPU whole time). It looks like it's stuck somewhere. But I don't know how to realize what is wrong. Filip On Thu, Feb 11, 2010 at 2:40 PM, Marc Fournier wrote: > >> should be without asking. When I >> run it in the bash It ends in a minute, without asking any thing. > > Ok, I suppose this is the part where it compiles a kernel module, which > can indeed take a while. You have a "timeout" parameter which can be > used in this case: > > exec { "/usr/bin/vmware-config-tools.pl -d": > timeout => "-1" } > >> I found only this bug >> (http://photographersofficeonline.com/issues/910), but it's old one >> and is closed (solved?). > > I wonder why redmine is suddenly reachable through > photographersofficeonline.com ? Is this new ? It seems like an error. > > Marc > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
Marc Fournier wrote: should be without asking. When I run it in the bash It ends in a minute, without asking any thing. Ok, I suppose this is the part where it compiles a kernel module, which can indeed take a while. You have a "timeout" parameter which can be used in this case: exec { "/usr/bin/vmware-config-tools.pl -d": timeout => "-1" } I found only this bug (http://photographersofficeonline.com/issues/910), but it's old one and is closed (solved?). I wonder why redmine is suddenly reachable through photographersofficeonline.com ? Is this new ? It seems like an error. Marc Wow I never knew about this option to vmware tools, thanks. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Failed to retrieve current state of resource: Error 400 on SERVER: Permission denied
On Wed, Feb 10, 2010 at 5:10 PM, jcbollinger wrote: > > On Feb 10, 3:21 pm, Anchi Zhang wrote: > > [...] > > > file { "/etc/shadow": > > source => "puppet:///solaris//etc/shadow", > > } > > [...] > > > I get the following errors unless the source is world readable. > > > > On puppetmaster, > > > > err: Permission denied - /etc/puppet/manifests/solaris/etc/shadow > > [...] > > The puppetmasterd process needs to be able to read file to serve it. > You shouldn't need to make it world-readable, however, if you change > the file so that the puppetmasterd process's user owns it. In other > words, if the puppetmasterd is running as user "puppet" then change > the source file to be owned by puppet. > > You could work a similar trick by changing the file's group and making > it group readable. > Thank you for the pointers. My thinking was that if puppetd was allowed to do "owner => root" puppetmasterd should be able to read files owned by root, without realizing puppetd was running as root. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth problem
> Awesome, thanks. > > I've got to muck up the module now because I want to be able to stick my key > in as root so that I can do some automated ssh loop stuff, but it defaults > to dealing with /home/$user and /root doesn't fit with that. :) Yes, I do that too. That's what the home parameter is for: ssh::auth::key { root: home => /root } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth problem
Awesome, thanks. I've got to muck up the module now because I want to be able to stick my key in as root so that I can do some automated ssh loop stuff, but it defaults to dealing with /home/$user and /root doesn't fit with that. :) On Thu, Feb 11, 2010 at 4:01 AM, Andrew Schulman < google-groups-and...@sneakemail.com> wrote: > > The docs mention this requirement at > > > http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth#detailed-usage > > , but looking at it now I see that it's probably not as clear as I > thought. > > Sorry about that. I'll make it more explicit. > > OK, I've made this clearer in the docs, and added the "Could not find > class/resource type" error message to the list there. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
> should be without asking. When I > run it in the bash It ends in a minute, without asking any thing. Ok, I suppose this is the part where it compiles a kernel module, which can indeed take a while. You have a "timeout" parameter which can be used in this case: exec { "/usr/bin/vmware-config-tools.pl -d": timeout => "-1" } > I found only this bug > (http://photographersofficeonline.com/issues/910), but it's old one > and is closed (solved?). I wonder why redmine is suddenly reachable through photographersofficeonline.com ? Is this new ? It seems like an error. Marc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
/usr/bin/vmware-config-tools.pl -d should be without asking. When I run it in the bash It ends in a minute, without asking any thing. I found only this bug (http://photographersofficeonline.com/issues/910), but it's old one and is closed (solved?). Filip On Thu, Feb 11, 2010 at 1:10 PM, Marc Fournier wrote: > Hello, > >> hi, i am trying to run /usr/bin/vmware-config-tools.pl -d, but i was >> end with exec timeout. I cannot find any think on google. Have anyone >> experience with this? > > I don't know what the -d switch is for, but AFAIK vmware-config-tools.pl is > an interactive script which waits for user input. This could be the reason > for the timeout you're having. > > This doesn't answer your question, but I use openvmtools¹ instead because I > found vmware-tools to be much of a pain to maintain (with or without > puppet). I just pushed onto github[²] the module I use for debian and > redhat. Maybe you'll find it useful. > > Marc > > [¹] http://open-vm-tools.sourceforge.net/ > [²] http://github.com/camptocamp/puppet-openvmtools > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Storeconfigs connection pool problem
Hi list, i just enabled storeconfigs and cannot use puppetrun on more than 5 hosts. When i try 6+ i get the error message: puppetmasterd[16209]: could not obtain a database connection within 5 seconds. The max pool size is currently 5; consider increasing it. My Mysql setup allows a lot more connections (500). Any suggestions? Thanks, Daniel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] vmwaretools
Hello, > hi, i am trying to run /usr/bin/vmware-config-tools.pl -d, but i was > end with exec timeout. I cannot find any think on google. Have anyone > experience with this? I don't know what the -d switch is for, but AFAIK vmware-config-tools.pl is an interactive script which waits for user input. This could be the reason for the timeout you're having. This doesn't answer your question, but I use openvmtools¹ instead because I found vmware-tools to be much of a pain to maintain (with or without puppet). I just pushed onto github[²] the module I use for debian and redhat. Maybe you'll find it useful. Marc [¹] http://open-vm-tools.sourceforge.net/ [²] http://github.com/camptocamp/puppet-openvmtools -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet 0.25.4 and Facter 1.5.7 debs available in debian unstable.
Hey, On 10 feb, 01:57, Nigel Kersten wrote: > $ rmadison -u debian {puppet,facter} | grep unstable > puppet | 0.25.4-1 | unstable | source, all > facter | 1.5.7-1 | unstable | source, all I've been running these for a little while now (compiled from git) and I just upgraded to the version in unstable on my Lenny machine. However, I'm noticing some strangeness. I'm use storeconfigs in MySQL and have rails and libmysql-ruby installed. It looks like the puppetmaster is opening a new connection with the database every time a client connects and leaves old connections open. This tends to pile up, so I had reached my max_connections within a day. Is this a Lenny problem, a problem in the package or a puppetmaster problem? Also, is anyone else seeing this? Please let me know if there's anything I can do to assist in debugging this. -- Kind regards, Tim -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] virtual resource realizing by require?
On Thu, Feb 11, 2010 at 10:42 AM, Alan Barrett wrote: > On Tue, 09 Feb 2010, Frederik Wagner wrote: >> I just tried using the define, and hit a problem which I would avoid >> (and actually need to avoid) by using the not implemented feature. >> Realizing the virtual define across modules forces me to give the >> namespace of the define explicitly, i.e. creating the virtual define >> @mymount in a class nas-1::virtual (in the Module nas-1) forces me to >> realize it in a second module as Nas-1::Virtual::Mymount<| |>, instead >> of just Mymount<| |>. > > Could you put the define in a common module, rather than a NAS-specific > module? For example: > >/* In the "util" module */ > >define mymount ($mountpoint) { >realize File[$mountpoint] >mount { $mountpoint: require => File[$mountpoint], } >} > >/* In the nas-1::virtual class */ > >@util::mymount { "foo": } > >/* Wherever you want to instantiate the mount: */ > >include nas-1::virtual >realize Util::Mymount["foo"] yes, in principle, if it wouldn't be just for this generic Mymount definition. Mymount is somehow just an extended redifinition of mount where all parameters are passed. But besides the required file resource some very nas-1 specific editing in /etc/sysctl.conf etc. (via augeas) should be done. Therefore any Mymount (there are multiple mountspoint on that filer) should also realize an augeas resource which defenitly can not go into the Util module. Do you see what I mean? The nas-1 module would be like: @augeas{ very specifig editing } @file{ mountpoint } @mount{ mountpoint: require => [realize Augeas, realize File] } where - like you said - mount+file have a generic form which can end up in a definition in "Util" but augeas has to stay in "nas-1". As far as I see - and I was thinking quite a while about it - I really end up needing the realization by require feature :-( or it's going to be a intermodule dependency mess. Thanks a lot, Frederik > > --apb (Alan Barrett) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Port 8139 needs to be open between machine running puppetrun and a client puppetd machine, correct?
Don, looks like you are able to run puppetrun to configure clients. Its not working for me. My config files goes: On Client: cat puppet.conf [main] server=puppetmaster.mydomain.com logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter pluginsync=true [puppetd] listen=true cat namespaceauth.conf [puppetrunner] allow puppetmaster.mydomain.com On puppetmaster: cat namespaceauth.com [fileserver] allow *.mydomain.com [puppetmaster] allow *.mydomain.com [puppetrunner] allow *.mydomain.com I ran puppetrun with #puppetrun --host client.mydomain.com But it doesn't looks like the client get updated and exits with "Failed to load ruby LDAP library. LDAP functionality will not be available Finished" Also, I dont see any traffic on port 8139 and 8140 while running tcpdump.Those two machines are on same LAN and no firewall between them. Not sure what I have been missing. any help would be appreciated. Thanks, grg350 On Jan 31, 4:28 pm, Dan Bode wrote: > On Sun, Jan 31, 2010 at 12:11 PM, Don Jackson < > > > > > > puppet-us...@clark-communications.com> wrote: > > > Hello, > > > I am attempting to get my machines configured properly so I can use > > puppetrun on my puppetmaster to get clients to update themselves during my > > development/testing of new recipes. > > > I understand about listen = true in the puppetd.conf file, and I also have > > learned about the namespaceauth.conf file, > > where I put stuff like: > > > [puppetrunner] > > allow puppet.mydomain.com > > > This was all I needed to get machines on the same LAN as my puppetmaster to > > work, but it didn't work across firewalls to machines in a colo. > > > From router/firewall logs, it appears that the puppetmaster needs to > > connect to port 8139 of the machine running puppetd. > > that is correct, when using puppetrun, the authorized host needs to initiate > a connection with the client on port 8139, then that host will initiate a > request with its puppetmaster on 8140. > > You can change the puppetd listen port with the puppetport option. > > -Dan > > > > > I wasn't able to find this clearly documented, hence this email. > > > Regards, > > > Don > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > groups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] vmwaretools
hi, i am trying to run /usr/bin/vmware-config-tools.pl -d, but i was end with exec timeout. I cannot find any think on google. Have anyone experience with this? It works, when I run it normally from shell. this is my exec resource. { "vmwaretools_config": subscribe => [ Package["VMwareTools"] ], refreshonly => true, path=> "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:/usr/ local/bin", command => "/usr/bin/vmware-config-tools.pl -d"; } Thx -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 0.25.4 and Facter 1.5.7 debs available in debian unstable.
On Tue, Feb 09, 2010 at 07:59:08PM -0500, Joe McDonagh wrote: > Nigel Kersten wrote: > > packages.debian.org is lagging in terms of what it's showing, but > > > > $ rmadison -u debian {puppet,facter} | grep unstable > > puppet | 0.25.4-1 | unstable | source, all > > facter |1.5.7-1 | unstable | source, all > > > > they're both up there now. > > > > -- > > nigel > > > What is rmadison??? $ whatis rmadison rmadison (1) - - Remotely query the Debian archive database about packages $ dpkg -S `which rmadison` devscripts: /usr/bin/rmadison -- Marcin Owsiany http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 "Every program in development at MIT expands until it can read mail." -- Unknown -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] virtual resource realizing by require?
On Tue, 09 Feb 2010, Frederik Wagner wrote: > I just tried using the define, and hit a problem which I would avoid > (and actually need to avoid) by using the not implemented feature. > Realizing the virtual define across modules forces me to give the > namespace of the define explicitly, i.e. creating the virtual define > @mymount in a class nas-1::virtual (in the Module nas-1) forces me to > realize it in a second module as Nas-1::Virtual::Mymount<| |>, instead > of just Mymount<| |>. Could you put the define in a common module, rather than a NAS-specific module? For example: /* In the "util" module */ define mymount ($mountpoint) { realize File[$mountpoint] mount { $mountpoint: require => File[$mountpoint], } } /* In the nas-1::virtual class */ @util::mymount { "foo": } /* Wherever you want to instantiate the mount: */ include nas-1::virtual realize Util::Mymount["foo"] --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth problem
> The docs mention this requirement at > http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth#detailed-usage > , but looking at it now I see that it's probably not as clear as I thought. > Sorry about that. I'll make it more explicit. OK, I've made this clearer in the docs, and added the "Could not find class/resource type" error message to the list there. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth problem
> I had include ssh:auth in ssh/manifests/init.pp at first but that didn't > work. then I put it in my baseclass that is included in all nodes but > that wouldn't work and finally I added it to the node{} statement. I'm > a little confused because my ssh module is included on all machines in > the baseclass, isn't that enough for puppet? It seems a pain to have to > list it in every node{} rather than baseclass. No, agreed that you shouldn't have to include it more than once. Try putting 'include ssh::auth' in the Puppet global scope, i.e. outside of all of your node definitions and class invocations in manifests/site.pp. The docs mention this requirement at http://www.reductivelabs.com/trac/puppet/wiki/Recipes/ModuleSSHAuth#detailed-usage , but looking at it now I see that it's probably not as clear as I thought. Sorry about that. I'll make it more explicit. All ssh::auth does is to define a bunch of classes and defines. If Puppet can't find them, then they're not in an enclosing scope to where you're using them. HTH, Andrew. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Building a better puppetrun and related ideas
On Wed, 10 Feb 2010, Michael DeHaan wrote: > We're attempting to provide a reason to not use cron :) I have a requirement that puppet may not change anything on a production host without change control approval in advance. It would be nice if a new version of puppet had better support for this use case. Of course there are change control procedures for getting the manifests updated on the puppetmaster, but that's not enough; it's also necessary to run the puppet client only when specifically authorised. For example, the manifest update and a --noop mode client puppet run might happen during working hours, but the --no-noop client puppet run might happen during a maintenance window after hours. As far as I am aware, the existing combination of "puppetd --listen" on each client, and "puppetrun" on a central server, does not handle this use case, so I run "puppetd --onetime --noop" or "puppetd --onetime --no-noop" via ssh. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.