Re: [Puppet Users] ssh::auth server dependency on ~/.ssh and a scoping question
On Thu, 25 Feb 2010, Marcello de Sousa wrote: IF homedir exists = deploy .ssh/authorized_keys , else do nothing If you don't mind errors when you attempt to apply the manifest and the homedir does not exist, then you could make the authorized_keys file depend on something that fails if the homedir does not exist. Here's an untested example: # If the directory exists, then the unless clause in the exec # is satisfied, so the command does not run; but the overall # exec resource behaves as if it was successful, and anything that # requires this exec is happy. # # If the directory does not exist, then the unless fails, so the # command runs; but the command is /bin/false, so the command # reports a failure, the overall exec resource fails, and anything # that requires this exec will have a failed dependency and will # therefore not be evaluated. # exec { fail if $homedir does not exist: command = /bin/false, unless = /usr/bin/test -d $homedir, } file { $homedir/.ssh/authorized_keys: source = puppet:///wherever, require = Exec[fail if $homedir does not exist], } --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Issue with '|'
On Thursday 25 Feb 2010 23:19:33 Andrew Hamilton wrote: unlessIf this parameter is set, then this exec will run unless the command returns 0 I interpret this to be the return value of the command and not the output of the command. So if the return value of my command is 0 then the command will not run, yet I can verify that the return value of the command is 0, yet it still runs. Unless I have this backwards and my interpretations are incorrect. Yes, that's right, it's the return value that matters. And since grep returns 0 if match was found and 1 otherwise, this really should work. For reference here's how my exec for creating users looks like (after expanding some parameters): exec { psql:${name}: command = psql -c \CREATE ROLE \\\${name}\\\, unless = psql -P format=unaligned -tc '\\du ${name}' |grep '^ *${name}', user = 'postgres', path = ['/bin', '/sbin', '/usr/bin', '/usr/sbin', '/usr/local/bin', '/usr/local/sbin'], logoutput = on_failure, require = [Service['postgresql'], User['postgres'], } Basically '-P format=unaligned' makes psql print tuples without spaces used to align their width, it uses the default separator (|) but that can be changed with fieldsep option. And the '-t' option makes it print tuples only (without headers and footer). That should produce exactly one line if the user already exists or none otherwise, the grep is mostly used to get that return value right. If that doesn't work for you, maybe try changing the field separator (i.e. '-P fieldsep=,' or sth) and see if you can work with that. Regards, Michael -- Michael Gliwinski Henderson Group Information Services 9-11 Hightown Avenue, Newtownabby, BT36 4RT Phone: 028 9034 3319 ** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to the email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement leter or contract. If you have received this email in error please notify supp...@henderson-group.com John Henderson (Holdings) Ltd Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland, BT36 4RT. Registered in Northern Ireland Registration Number NI010588 Vat No.: 814 6399 12 * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Magazine article comparing CPU usage of Puppet vs. Cfengine
The version of CFEngine he is running is 3.0.1b3 (released ??? Jan or Feb '09, sometime, maybe?) The version of Puppet he is running is 0.24.7 (released 16-Dec-2008) So, even though this article was just released, I think it was written a year ago. The author said these were the latest stable versions at the time of writing. The author also mentions that: In Puppet a server component is mandatory [...] (probably he missed out the puppet interpreter) but that Cfengine’s configuration agent is independent of a server component. I suppose the benchmarks were made on a machine running puppetmaster + puppetd, but cfengine was run in stand-alone mode. Probably puppet would have performed a bit better if the manifests would have been run in stand-alone mode too. Marc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh::auth server dependency on ~/.ssh and a scoping question
That sounds like a path to solution indeed :) Thanks for the tip. I'll also be testing it on CentOS 5, hopefully shortly, I'll get back when I have some feedback. On Thursday 25 Feb 2010 23:02:51 Marcello de Sousa wrote: Dant, The ssh_config trick could be indeed the key for a workaround: AuthorizedKeysFile/etc/ssh/authorized_keys/%u But I've tested it with a Centos 5 machine and it didn't work. I suspect the problem is the expansion of %u to the username (our usernames have the mydomain\myuser format). I wonder how I can debug that and see what's trying to find as user name. I've tried the following names without success: /etc/ssh/authorized_keys/myuser /etc/ssh/authorized_keys/mydomain\myuser /etc/ssh/authorized_keys/MYDOMAIN\myuser I'm still curious though if someone has a 'native' puppet workaround for this 'conditional' situation, just in case this doesn't work on a specific OS/ssh version or we face a similar problem in the future. I also wonder if there's a way to use a user list instead of one hardcoded class per user. Thanks a lot for the tip! Cheers, Marcello -Original Message- From: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] On Behalf Of dan trainor Sent: donderdag 25 februari 2010 23:16 To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] ssh::auth server dependency on ~/.ssh and a scoping question On Thu, Feb 25, 2010 at 12:52 PM, Patrick kc7...@gmail.com wrote: On Feb 25, 2010, at 11:23 AM, Marcello de Sousa wrote: Patrick, If you do that you would put all the public keys together, wouldn't you ? That means users would be able to login as any other user. That is of course not what you want. We need to deploy a single specific public key per user. Gr, Marcello I guess I misunderstood your question. I thought you had a really strange setup where you were doing just that. Hi, Guys - I've been following this thread for a bit here, and I was faced with a similar problem. Since we only have a small admin team for some 400+ machines, this worked out well for us. However, your mileage certainly will vary. This is assuming that you're already pulling auth information from LDAP, as well. What I've done is, maintained /etc/ssh/sshd_config with a few choice options, namely the AuthorizedKeyFile directive. Here's an excerpt from sshd_config, which is a template in my puppet config - you'll see why, down at the bottom: Port 22 ... PermitRootLogin without-password (or no, depending on the machine) ... RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile/etc/ssh/authorized_keys/%u PermitEmptyPasswords no PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes ... DenyGroupsall AllowGroups Domain?Admins wheel % if environment == 'dev' % Domain?Users % end % ClientAliveInterval300 I then have a manifest like this: class sshd::config { File { require= Class[sshd::install], notify= Class[sshd::service] } file { /etc/ssh/sshd_config: owner= root, group= root, mode= 440, #source= puppet:///sshd/sshd_config, content= template('sshd/sshd_config') } file { /etc/ssh/authorized_keys: ensure = directory, owner = root, group = root, mode= 0755, require= Class[ldap] } } Further, I maintain that /etc/ssh/authorized_keys/dtrainor file (my key) with a class similar to this: class sshd::users::dtrainor { include sshd file { /etc/ssh/authorized_keys/dtrainor: owner= 2690, // pulled from LDAP group= root, mode= 0600, source= puppet:///sshd/authorized_keys/dtrainor, require= Class[sshd::config] } } Now, I'm no programmer, and I'm certainly not a Puppet expert. But I've gotten around the chicken-and-the-egg problem by just being able to apply sshd::users::dtrainor to a node that this key should be implemented on, and there it is. Of course I'm open to suggestion and would appreciate some feedback, but moreover I hope this gets you pointed in the right direction. sshd_config has many options - unfortunately RHEL uses an older sshd version that even limits those :) Thanks -dant -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send
Re: [Puppet Users] ensuring a file is copied in before evaluating another class.
I dont think there's a way to enforce this because you need to reload puppetd to activate the changes. If you use puppetrun you could distribute only the tag for your puppet module and restart the service. Hope this helps On Fri, Feb 26, 2010 at 12:53 AM, Greg Retkowski g...@rage.net wrote: Thanks! That sounds like the right way to do it! How to I ensure puppet copies out a new puppet.conf with the changes before evaluating the class that uses 'case $customfact'? Cheers, -- Greg Daniel wrote: Don't distribute your facter plugin via manifest. Use puppet's sync which is described her: http://reductivelabs.com/trac/puppet/wiki/PluginsInModules This will distribute your facter addons at the beginning of your run and you can use them in like any normal fact. On Thu, Feb 25, 2010 at 10:25 PM, Greg Retkowski g...@rage.net wrote: Hello Everyone, I have a case where I'm depending on custom facter rules in my puppet config, and those custom facter rules come from a ruby library that puppet installs. I need to know how I can ensure that library is installed by puppet before classes that depend on those facts are evaluated.. To illustrate... class facter_rules { file { /usr/lib/ruby/site_ruby/1.8/facter/custom.rb: source = puppet://$server/dist/custom.rb; } } class sitestuff { include facter_rules case $customfact { value-a: { # do stuff } value-b: { # do other stuff } } } ... Using this, often class sitestuff gets evaluated before my facter_rules file copy is done - which results in puppet exiting without putting custom.rb in place. I'm using puppet vers. 0.24.4. I've considered using 'before =' in my facter_rules file definition, but class 'sitestuff' may be defined or not defined depending on what services/classes are defined on the host. Any ideas on how I can get around this chicken and egg problem? Cheers, -- Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Cheers, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts
On Feb 24, 2010, at 6:32 PM, David Lutterkort wrote: On Tue, 2010-02-23 at 14:02 -0500, Rob McBroom wrote: I’d love to hear there’s a way (in 0.24.8). I'd wager that the problem was that you were missing an onlyif that would keep the changes from being applied when the entries are there already. I know that, and in theory you’re right. But bug #2141 has prevented so many of my `onlyif`s from working in 0.24.8 that I don’t even bother trying. I’m basically waiting until EPEL gets 0.25.x to really use Augeas. -- Rob McBroom http://www.skurfer.com/ Because it screws up the order in which people normally read text. Original message: Why is it bad to top-post your reply? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Foreman environments vs. Puppet Environments
Does anybody know or have a Howto on how to use Foreman environments and their relationship and interaction with puppet environments ? If they are not related, is there a way to assign a machine to a puppet environment via Foreman's interface ? Cheers, Marcello -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using --no-client option in puppet.conf
Hey, is there a way to use the puppetd command line option --no-client in the puppet.conf file? Things like no-client = true or noclient = true don't seem to work...just want to get rid off the mandatory puppet run after restarting the daemon. christian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Y[es] on Upgrade whith puppet
Hi everyone, I'm newer in use of puppet. I have installed the puppet-master with this manifest site.pp *class update_class { Exec { path = /usr/bin:/bin:/usr/sbin:/sbin } exec { aptitude update aptitude upgrade -s | mail -s 'Puppet master-update on $mycomputer' tatatat...@yahoo.com: } } node puppet-client.localhost.loc { $mycomputer=Calavero Development workstation include update_class }* What I would like to understand is: 1. Why my client (puppet-client) run periodicly the command *puppetd --test *? Does someone know how to desactivate it or where can I configure this. [I do not have any cron scheduled on puppet-client]. 2. The client *send me an email: * *Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... The following packages will be upgraded: foomatic-filters libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libpurple-bin libpurple0 linux-firmware openoffice.org-base-core openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-draw openoffice.org-emailmerge openoffice.org-gnome openoffice.org-gtk openoffice.org-impress openoffice.org-math openoffice.org-style-human openoffice.org-writer python-uno ttf-opensymbol uno-libs3 ure 24 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 74.6MB of archives. After unpacking 8192B will be used.* *Do you want to continue? [Y/n/?] Abort. 2. Question: How can I do to tell [Y] to puppet-master or to the puppet-client to install these packages. Thx for your help! Ghislain. * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using --no-client option in puppet.conf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/02/10 5:58 AM, christian wrote: Hey, is there a way to use the puppetd command line option --no-client in the puppet.conf file? Things like no-client = true or noclient = true don't seem to work...just want to get rid off the mandatory puppet run after restarting the daemon. - --client ==client=true - --no-client ==client=false http://docs.reductivelabs.com/references/stable/configuration.html Regards James Turnbull - -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS4gApSFa/lDkFHAyAQKWVggAqMHoezgxXUBuoNUKeXAp5oGPZrZb4f+g fotbaLUEXsctDooeY/2sB7c/H4X/8LcExEScuDM9vCAgBgVAELGREwQSnkEf5Ujk VWdyXQWJgcFrbGm3J+I4ABeXysMEfdauMpOZ4VJsMS3GgiyTaDu718D9IB9olIap 7oiCII9UhpaRIyn+BARBf++7ROfY67+da2zlXALdQiXrr+OG8b21aacGXoOOhPGP 7QFVo70dXIrvLzPHyVUa3Nvw3L5qes8qeyXvuey6Tv1dyjPldUb9GEUd4PJhJcyY EchJVXYGl4d+JNtf+RNTcr2jOSwnjtR5ju9ERQotm0ceaLBMHQAnhQ== =89NE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using tags in custom classes, and their scope
Hey, Hope someone can help shed some light on this. I'm written a class that installs various software packages that we use in our organisation, and configures them to how we like. I'm trying to use a tag to determine which type of config to apply, so we can just tag a load of nodes with one thing, and have the right software and config automatically applied. The class is structured like so (simplified): class my_class { class my_software { if tagged(my_tag_1) { notify{Tagged as my_tag_1: } Install config A } else if tagged(my_tag_2) { notify{Tagged as my_tag_2: } Install config B } else { notify{Not tagged: } Install default config } } } Then on a node you'd do the following to have a particular software package installed and configured based on the tag: In site.pp node 'servername.com' inherits default { tag(my_tag_1) include my_class::my_software } After running Puppet through a catalog, the software is installed correctly Now the software installs properly, but it logs that it is using the default config, so the tag being assigned in the site.pp is obviously not being detected right? If anyone can shed any light on this that would be really appreciated :) Thanks in advance! Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to conditionally include classes based on environment?
On Feb 25, 10:01 am, ascodemus ascode...@gmail.com wrote: I thought also before that this could do the trick, but as indicated on the web (http://docs.reductivelabs.com/references/stable/ function.html#generate) the generate executes a command on the puppet MASTER-server (not on the client), so this does not work as such - Indeed. All the information the Puppetmaster has about any client comes ultimately from the facts that client presents to it and the manifests you write. Even if you use storeconfigs to retain and share client information, that information is still originally derived from those same sources. If you want the Puppetmaster to know about the result of running a command on the client, then you need to write a custom fact. Tim already referred you to some docs on that. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Foreman environments vs. Puppet Environments
Foreman can manage puppet environment assignments to hosts if you use external nodes mode (http://theforeman.org/wiki/foreman/External_Nodes). Foreman can scan your existing modules assigning the right classes to the relevant environments. there is another environment settings in foreman (e.g. if you start the server in the command line) - this is rails environment and is not related to puppet at all. hope this helps, Ohad On Fri, Feb 26, 2010 at 6:56 PM, Marcello de Sousa li...@area151.comwrote: Does anybody know or have a Howto on how to use Foreman environments and their relationship and interaction with puppet environments ? If they are not related, is there a way to assign a machine to a puppet environment via Foreman's interface ? Cheers, Marcello -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to determine what puppetmasterd is using its memory on?
Does anyone have any pointers on how to determine where puppetmasterd 0.24.9 is using the bulk of its memory? A couple of gigs of RAM usage is getting a bit excessive. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using tags in custom classes, and their scope
while its possible to use tags, I would recommend you using variables (either with external nodes or extlookup). cheers, Ohad On Fri, Feb 26, 2010 at 7:23 PM, RyanC r...@rjc.cc wrote: Hey, Hope someone can help shed some light on this. I'm written a class that installs various software packages that we use in our organisation, and configures them to how we like. I'm trying to use a tag to determine which type of config to apply, so we can just tag a load of nodes with one thing, and have the right software and config automatically applied. The class is structured like so (simplified): class my_class { class my_software { if tagged(my_tag_1) { notify{Tagged as my_tag_1: } Install config A } else if tagged(my_tag_2) { notify{Tagged as my_tag_2: } Install config B } else { notify{Not tagged: } Install default config } } } Then on a node you'd do the following to have a particular software package installed and configured based on the tag: In site.pp node 'servername.com' inherits default { tag(my_tag_1) include my_class::my_software } After running Puppet through a catalog, the software is installed correctly Now the software installs properly, but it logs that it is using the default config, so the tag being assigned in the site.pp is obviously not being detected right? If anyone can shed any light on this that would be really appreciated :) Thanks in advance! Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to determine what puppetmasterd is using its memory on?
Thats the main reason why people use passenger (IMHO) that doesnt allow the processes to grow too much; the other alternative is to use something to restart the process if they grow too much (e.g. monit), if you are interested in the internals a bit more, you can read a bit here - http://www.masterzen.fr/2010/01/28/puppet-memory-usage-not-a-fatality/ cheers, Ohad On Fri, Feb 26, 2010 at 8:00 PM, Trevor Vaughan tvaug...@onyxpoint.comwrote: Does anyone have any pointers on how to determine where puppetmasterd 0.24.9 is using the bulk of its memory? A couple of gigs of RAM usage is getting a bit excessive. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ensuring a file is copied in before evaluating another class.
I also tried this in my top-level puppet config: if $defined_after_bootstrap_var { import definitions/*.pp } else { import bootstrap.pp } However it looks like the 'import definitions/*.pp' is still evaluated even though $defined_after_bootstrap_var isn't defined. Is there a way to conditionally use import? -- Greg Daniel wrote: I dont think there's a way to enforce this because you need to reload puppetd to activate the changes. If you use puppetrun you could distribute only the tag for your puppet module and restart the service. Hope this helps -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to determine what puppetmasterd is using its memory on?
Thanks Ohad. I've been meaning to look at Passenger but I haven't had the time. Trevor On Fri, Feb 26, 2010 at 1:27 PM, Ohad Levy ohadl...@gmail.com wrote: Thats the main reason why people use passenger (IMHO) that doesnt allow the processes to grow too much; the other alternative is to use something to restart the process if they grow too much (e.g. monit), if you are interested in the internals a bit more, you can read a bit here - http://www.masterzen.fr/2010/01/28/puppet-memory-usage-not-a-fatality/ cheers, Ohad On Fri, Feb 26, 2010 at 8:00 PM, Trevor Vaughan tvaug...@onyxpoint.com wrote: Does anyone have any pointers on how to determine where puppetmasterd 0.24.9 is using the bulk of its memory? A couple of gigs of RAM usage is getting a bit excessive. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Y[es] on Upgrade whith puppet
HiGhislain, On Fri, Feb 26, 2010 at 5:37 AM, Ghislain Mokolomboka mokolomb...@gmail.com wrote: Hi everyone, I'm newer in use of puppet. I have installed the puppet-master with this manifest site.pp *class update_class { Exec { path = /usr/bin:/bin:/usr/sbin:/sbin } exec { aptitude update aptitude upgrade -s | mail -s 'Puppet master-update on $mycomputer' tatatat...@yahoo.com: } } node puppet-client.localhost.loc { $mycomputer=Calavero Development workstation include update_class }* What I would like to understand is: 1. Why my client (puppet-client) run periodicly the command *puppetd --test *? Does someone know how to desactivate it or where can I configure this. [I do not have any cron scheduled on puppet-client]. --test implies --one-time which means that puppet should run one time and exit. this should not fire off puppet as a daemon. Most likely you previously ran without this option. I would kill the running puppet process, run with --test again, and verify with `ps` that a process does not start in the background. 2. The client *send me an email: * *Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... The following packages will be upgraded: foomatic-filters libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libpurple-bin libpurple0 linux-firmware openoffice.org-base-core openoffice.org-calc openoffice.org-common openoffice.org-core openoffice.org-draw openoffice.org-emailmerge openoffice.org-gnome openoffice.org-gtk openoffice.org-impress openoffice.org-math openoffice.org-style-human openoffice.org-writer python-uno ttf-opensymbol uno-libs3 ure 24 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 74.6MB of archives. After unpacking 8192B will be used.* *Do you want to continue? [Y/n/?] Abort. 2. Question: How can I do to tell [Y] to puppet-master or to the puppet-client to install these packages. Thx for your help! Ghislain. * I had a look at the man page for aptitude, there is a -y option that should fix this. You can always try piping the linux command `yes` to the command, its a little hackish, but its another option. hope this helps, Dan ** -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Correct user management across modules
On Feb 25, 6:37 am, Michael Gliwinski michael.gliwin...@henderson- group.com wrote: Do you define your virtual users in global scope? I.e. in site.pp or in some module/class? The reason I'm asking is because I had some trouble overriding parameters of resources (even virtual) declared in another class or especially a define. To the best of my knowledge, you can only override resource parameters in a subclass of the class that declares the resource. Perhaps you can also override properties of resources declared at global scope, but I don't generally recommend global resources, even virtual ones. You might be able to achieve what you want something like this (completely untested): # A class containing virtual declarations of all your users class user::virtual { # ... @user { apache: uid = 48, gid = 48, groups = apache, } # ... } # A class in your nagios module that # exists solely to override User[apache] class nagios::apache::user inherits user::virtual { User[apache] { groups + nagios } } # Apache-related nagios settings class nagios::apache { include nagios::apache::user realize User[apache] # ... } Good luck, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key - same key, different accounts?
Puppet 0.24.8... I am trying to use ssh_authorized_key to create passwordless logins for a couple of accounts. The important thing to note is I'm trying to get the source (r...@somehost below) as part of the key, and the same key needs to be added to two different accounts on the system. It appears that the resource name is the only place I can set the originating source (whatever the correct term is) for the key. ssh_authorized_key { r...@somehost: ensure = present, type= ssh-rsa, target = '/home/xx/.ssh/authorized_keys', key = ' removed for brevity xxx', user= xx, require = User[xx] } So the above will create an authorized_keys value like: ssh-rsa removed for brevity xxx r...@somehost But if I need the same key installed for a different user, I'm stuck -- I can't use the same resource name to create the r...@somehost restriction. And I can't see another way to specify that value. Is there any way to accomplish this, without abandoning ssh_authorized_key? Thanks in advance. -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key - same key, different accounts?
On Fri, Feb 26, 2010 at 11:58 AM, Alan Sparks aspa...@doublesparks.net wrote: Puppet 0.24.8... I am trying to use ssh_authorized_key to create passwordless logins for a couple of accounts. The important thing to note is I'm trying to get the source (r...@somehost below) as part of the key, and the same key needs to be added to two different accounts on the system. It appears that the resource name is the only place I can set the originating source (whatever the correct term is) for the key. ssh_authorized_key { r...@somehost: ensure = present, type = ssh-rsa, target = '/home/xx/.ssh/authorized_keys', key = ' removed for brevity xxx', user = xx, require = User[xx] } So the above will create an authorized_keys value like: ssh-rsa removed for brevity xxx r...@somehost But if I need the same key installed for a different user, I'm stuck -- I can't use the same resource name to create the r...@somehost restriction. And I can't see another way to specify that value. Is there any way to accomplish this, without abandoning ssh_authorized_key? Thanks in advance. -Alan Abandon ssh_authorized_key - it is terrible. My $.02 Regards, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] tidy -- ignoring sockets?
I've a tidy resource for /tmp under 0.24.8, which throws errors each run due to a socket file created by xfs under /tmp/.font-unix/. It's relatively harmless, but it fills the logs with error messages... /var/log/messages.4:Jan 31 04:01:34 vm03 puppetd[15362]: (//Node[vm03]/Tidy::Olderthan[/tmp]/Tidy[/tmp/.font-unix/fs7100]/ensure) change from /tmp/.font-unix/fs7100(age)1264176925 to anything failed: Cannot tidy files of type socket Since tidy does not have a parameter for directories or files to ignore, and there's no option to specify the types of files to consider, is there any way short of hacking the code to eliminate these errors? -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Foreman environments vs. Puppet Environments
Hi Ohad, On your forum I've posted a bit more extensive question (http://theforeman.org/boards/2/topics/show/119) just in case this is a bit offtopic here. I'm already using Foreman for a while with external node mode. But I've configured now puppet with environments like this: == (...) [development] modulepath = /etc/puppet/development/modules:/etc/puppet/modules [testing] modulepath = /etc/puppet/testing/modules:/etc/puppet/modules == But I don't see these environments showing up on the Foreman interface. I've also tried to create an environment inside foreman and assign it to a host, but I don't see it having any effect on the class assignment. In other words, foreman's environments are not working here and not relating to puppet's, and I can't find documentation about it in foreman's wiki or anywhere. It might be worth mentioning that I'm not using foreman to deploy new machines yet. I'm managing existing machines and now they are all assigned to production, and I would like now to assign some of them to development and testing to be able to develop and deploy new modules/classes to them without affecting production. Pls Help ? :) Thanks! Cheers, Marcello -Original Message- From: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] On Behalf Of Ohad Levy Sent: vrijdag 26 februari 2010 18:55 To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Foreman environments vs. Puppet Environments Foreman can manage puppet environment assignments to hosts if you use external nodes mode (http://theforeman.org/wiki/foreman/External_Nodes). Foreman can scan your existing modules assigning the right classes to the relevant environments. there is another environment settings in foreman (e.g. if you start the server in the command line) - this is rails environment and is not related to puppet at all. hope this helps, Ohad On Fri, Feb 26, 2010 at 6:56 PM, Marcello de Sousa li...@area151.com wrote: Does anybody know or have a Howto on how to use Foreman environments and their relationship and interaction with puppet environments ? If they are not related, is there a way to assign a machine to a puppet environment via Foreman's interface ? Cheers, Marcello -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet- us...@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com mailto:puppet- users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet certificate problems
i have puppet distributed site: [*] separate puppet-ca, [*] puppet-master rules distribution point, [*] puppet-master file-server [*] puppet reports and noticed the following : 1. client does not re-requests new certificate on certificate revocation\expiration 2. puppetmaster on rules distrubution point does not recognize client's revoked certificate until puppetmaster is restarted (CRL is syncronized) i want the puppetd do following: 1) client generation new CSR on certificate expiration\revokation (optionally by config file) including new key pair 2) client autocleaning\moving expired\revoked certificates (including keys) to revoked folder on the client 3) client automatic re-requesting new certificate from puppet- CA on certificate revocation\expiration (optionally by config file option) is there any version supports these features? i'm currently running puppet version 0.24.4 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Finding the source of errors
Hello, How are people locating the host that is having problems? Is everyone getting reports via email? I'm only using store, log and unfortunately the log messages don't identify the source host (I haven't investigated the stored reports yet). Curious how others are solving this problem. --Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.