[Puppet Users] Re: Puppet's call to /sbin/service somehow different than calling from the command line?
On Mar 1, 2:14 pm, Brian Ferris bdfer...@gmail.com wrote: For what it's worth, I finally debugged this issue. Great! Hopefully this will help if anyone ever runs into a similar issue down the road. Thanks for that. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Strange Problem with ldap Systems
On the System we have defined the user auser as: /etc/passwd: auser:x:300:300:auser User:/application/home/auser:/bin/bash /etc/group: agroup:x:126:auser So id auser gives: uid=300(auser) gid=300(auser) groups=126(agroup),300(auser) In the LDAP we have: #getent passwd auser auser:x:300:300:auser User:/application/home/auser:/bin/bash and #getent group agroup agroup:x:126:auser Basically the same definition. Now everytime I run puppet I get: notice: //Node[default]/oracle/users::db/User[auser]/groups: groups changed 'agroup,agroup' to 'agroup' This is really strange. Does anybody know what the problem is here. Does Puppet Merge the groups from local and ldap? Any hint is appreciated. BR, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Nagios based on David Schmitt's Complete Config : variables are empty
Hello !
I'm trying to implement a Nagios solution based on David Schmitt's
Complete Config. But I the following error when running puppetd -t -
v :
notice: Starting catalog run
err: //Node[monitoring]/nagios::target/Nagios::Host[]/File[/conf.d/
_host.cfg]/ensure: change from absent to present failed: Could not set
present on ensure: No such file or directory - /conf.d/
_host.cfg.puppettmp at /etc/puppet/modules/nagios/manifests/init.pp:40
notice: Finished catalog run in 3.91 seconds
As far as I understand, the problem comes from :
define host($ip= $fqdn, $short_alias = $fqdn) {
@@file {
${nagios_cfgdir}/conf.d/${name}_host.cfg:
ensure = present,
content = template( nagios/host.erb ),
mode = 644,
owner = root,
group = root,
tag = 'nagios',
}
}
When this definition is run, it seems that ${nagios_cfgdir} and $
{name} are undefined. I am probably missing something quite simple,
but I cant put my finger on it ... Any help ?
My Nagios class is as follow :
class nagios {
$nagios_cfgdir = '/etc/nagios3'
include apache
package {
nagios3 :
alias = 'nagios',
ensure = latest;
[ 'nagios3-common', 'nagios-plugins-basic' ]:
ensure = installed,
before = Package['nagios'];
}
service {
'nagios3':
alias = 'nagios',
ensure = running,
hasstatus = true,
hasrestart = true,
}
file {
$nagios_cfgdir/htpasswd.users:
content = admin:QqtpoTN5OGzmA,
mode = 0640,
owner = root,
group = www-data,
}
File | tag == 'nagios' |
define host($ip= $fqdn, $short_alias = $fqdn) {
@@file {
${nagios_cfgdir}/conf.d/${name}_host.cfg:
ensure = present,
content = template( nagios/host.erb ),
mode = 644,
owner = root,
group = root,
tag = 'nagios',
}
}
class target {
debug ( $fqdn has $nagios_parent as parent )
nagios::host { $fqdn: }
}
}
And my nodes.pp :
node 'monitoring' inherits basenode {
include apache
include nagios
$nagios_parent = generic-host
include nagios::target
}
Thanks a lot !
Guillaume
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetrun as non root
Hi all, Trying to get puppetrun executed from a php app and have hit a wall with permissions. If I run it as root it works fine, and if I run the .php file as root it also works. But executing under apache causes a authentication error on the puppet client. puppet clients namespaceauth.conf [puppetrunner] allow puppet.local [puppetbucket] allow *.local [puppetreports] allow *.local [resource] allow puppet.local puppetd --version - 0.25.1 notice: Denying unauthenticated client puppet.local(192.168.0.2) access to puppetrunner.run Any idea how I can get the client to trust the puppetmaster when puppetrun is run as a user other than root? Thanks, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios based on David Schmitt's Complete Config : variables are empty
gehel wrote:
Hello !
I'm trying to implement a Nagios solution based on David Schmitt's
Complete Config. But I the following error when running puppetd -t -
v :
notice: Starting catalog run
err: //Node[monitoring]/nagios::target/Nagios::Host[]/File[/conf.d/
_host.cfg]/ensure: change from absent to present failed: Could not set
present on ensure: No such file or directory - /conf.d/
_host.cfg.puppettmp at /etc/puppet/modules/nagios/manifests/init.pp:40
notice: Finished catalog run in 3.91 seconds
As far as I understand, the problem comes from :
define host($ip= $fqdn, $short_alias = $fqdn) {
@@file {
${nagios_cfgdir}/conf.d/${name}_host.cfg:
ensure = present,
content = template( nagios/host.erb ),
mode = 644,
owner = root,
group = root,
tag = 'nagios',
}
}
When this definition is run, it seems that ${nagios_cfgdir} and $
{name} are undefined. I am probably missing something quite simple,
but I cant put my finger on it ... Any help ?
My Nagios class is as follow :
class nagios {
$nagios_cfgdir = '/etc/nagios3'
include apache
package {
nagios3 :
alias = 'nagios',
ensure = latest;
[ 'nagios3-common', 'nagios-plugins-basic' ]:
ensure = installed,
before = Package['nagios'];
}
service {
'nagios3':
alias = 'nagios',
ensure = running,
hasstatus = true,
hasrestart = true,
}
file {
$nagios_cfgdir/htpasswd.users:
content = admin:QqtpoTN5OGzmA,
mode = 0640,
owner = root,
group = www-data,
}
File | tag == 'nagios' |
define host($ip= $fqdn, $short_alias = $fqdn) {
@@file {
${nagios_cfgdir}/conf.d/${name}_host.cfg:
ensure = present,
content = template( nagios/host.erb ),
mode = 644,
owner = root,
group = root,
tag = 'nagios',
}
}
class target {
debug ( $fqdn has $nagios_parent as parent )
nagios::host { $fqdn: }
}
}
And my nodes.pp :
node 'monitoring' inherits basenode {
include apache
include nagios
$nagios_parent = generic-host
include nagios::target
}
Thanks a lot !
Guillaume
Unfortunately, the variable is out of scope. I ran into this problem too
and sadly ended up hard coding the value all over the place because it
would have been difficult to set it in one proper spot, short of
site.pp. Which I may end up doing, since I hate repeating myself. That
project got put on the back burner but I will be re visiting fairly soon.
--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L'ennui est contre-révolutionnaire
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun as non root
Trying this now Ohad :-S On 2 March 2010 15:57, Ohad Levy ohadl...@gmail.com wrote: sudo puppetrun for apache? :) On Tue, Mar 2, 2010 at 11:27 PM, Matt mattmora...@gmail.com wrote: Hi all, Trying to get puppetrun executed from a php app and have hit a wall with permissions. If I run it as root it works fine, and if I run the .php file as root it also works. But executing under apache causes a authentication error on the puppet client. puppet clients namespaceauth.conf [puppetrunner] allow puppet.local [puppetbucket] allow *.local [puppetreports] allow *.local [resource] allow puppet.local puppetd --version - 0.25.1 notice: Denying unauthenticated client puppet.local(192.168.0.2) access to puppetrunner.run Any idea how I can get the client to trust the puppetmaster when puppetrun is run as a user other than root? Thanks, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Strange Problem with ldap Systems
Hi Tony
Thanks for the quick answer.
Yes the group is defined in the LDAP too with the same GID. And here
the definition:
@user { auser:
comment = 'Some user',
ensure = present,
gid = somegid,
uid = 300,
groups = 'agroup',
home= '/application/home/auser',
shell = '/bin/bash',
require = [ Group['auser'], Group['agroup'] ],
}
I have no idea what is going wrong.
On Mar 2, 4:53 pm, Tony G. tony...@gmail.com wrote:
Hi Rene,
Couple of things you might check:
Do you have the agroup defined in LDAP too? If so that ldap group might
have a differente gid as the local one.
How looks the definition of the user in users::db?
On Tue, Mar 2, 2010 at 8:44 AM, Rene rene.zbin...@gmail.com wrote:
On the System we have defined the user auser as:
/etc/passwd:
auser:x:300:300:auser User:/application/home/auser:/bin/bash
/etc/group:
agroup:x:126:auser
So id auser gives:
uid=300(auser) gid=300(auser) groups=126(agroup),300(auser)
In the LDAP we have:
#getent passwd auser
auser:x:300:300:auser User:/application/home/auser:/bin/bash
and
#getent group agroup
agroup:x:126:auser
Basically the same definition.
Now everytime I run puppet I get:
notice: //Node[default]/oracle/users::db/User[auser]/groups: groups
changed 'agroup,agroup' to 'agroup'
This is really strange.
Does anybody know what the problem is here. Does Puppet Merge the
groups from local and ldap?
Any hint is appreciated.
BR, Rene
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Tony
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using Puppet for application deployment
I'm using puppet to deploy new versions of our application to our server instances. I do this by having a custom puppet node classifier that talks to a database that defines what version of an application is supposed to be on a particular node: parameters: application: webapp, webapp_version: 0.5, webapp_config: 123, webapp_symlink: 0.4 My puppet recipe then makes sure that webapp version 0.5 is installed (via yum and rpms), makes sure the right versioned configuration files are in place, and makes sure that the current symlink points at 0.4 so that we can roll to a different version by flipping a symlink. The puppet recipe has a lot of requires to make sure that the upgrade of the application is graceful and does things in the right order. My upgrade then goes like this, all controlled via a custom web interface: 1) Insert a jobgroup for the upgrade and a job for each server instance into a db 2) A job processor then takes the first group of machines to upgrade, changes their webapp version to the new version, and runs puppet on them 3) Lather, rinse, repeat step 2 until complete (roll the application out to prevent downtime), although if there is a puppet failure, all pending jobs get cancelled. Given that there are so many ways to skin the same cat, I'm wondering how others are doing their application deployments using Puppet. Or, if you are using Puppet but do your app deployments via some other mechanism, how do you do it, and why aren't you using Puppet to do it? Pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Strange Problem with ldap Systems
Hi Rene,
I tried to replicate the behavior without luck.
Reading again your email I noticed that you used getent passwd to pull the
LDAP data, but that does not guarantee you are pulling from LDAP as it
depends on the order in your nsswitch.conf file.
Here nsswitch.conf has files before ldap(I created locally auser and agroup
as you)
$ id auser
uid=999(auser) gid=999(auser) groups=999(auser),666(agroup)
$ getent passwd auser
auser:*:999:999:Some user:/home/auser:/bin/bash
Here ldap is before nsswitch.conf (I created in ldap auser and agroup)
$ id auser
uid=999(auser) gid=*888*(auser) groups=*888*(auser),666(agroup)
$ getent passwd auser
auser:*:999:*888*:auser test:/home/auser:/bin/bash
So the change you see *changed 'agroup,agroup' to 'agroup' *sounds like
auser has two agroup groups(with diff gid) and changing to have only one
agroup. I might be wrong with this, but the issue should be around there.
I've tried to avoid having same groups/users in ldap and locally to avoid
similar issues.
Hope that helps.
On Tue, Mar 2, 2010 at 10:13 AM, Rene rene.zbin...@gmail.com wrote:
Hi Tony
Thanks for the quick answer.
Yes the group is defined in the LDAP too with the same GID. And here
the definition:
@user { auser:
comment = 'Some user',
ensure = present,
gid = somegid,
uid = 300,
groups = 'agroup',
home= '/application/home/auser',
shell = '/bin/bash',
require = [ Group['auser'], Group['agroup'] ],
}
I have no idea what is going wrong.
On Mar 2, 4:53 pm, Tony G. tony...@gmail.com wrote:
Hi Rene,
Couple of things you might check:
Do you have the agroup defined in LDAP too? If so that ldap group might
have a differente gid as the local one.
How looks the definition of the user in users::db?
On Tue, Mar 2, 2010 at 8:44 AM, Rene rene.zbin...@gmail.com wrote:
On the System we have defined the user auser as:
/etc/passwd:
auser:x:300:300:auser User:/application/home/auser:/bin/bash
/etc/group:
agroup:x:126:auser
So id auser gives:
uid=300(auser) gid=300(auser) groups=126(agroup),300(auser)
In the LDAP we have:
#getent passwd auser
auser:x:300:300:auser User:/application/home/auser:/bin/bash
and
#getent group agroup
agroup:x:126:auser
Basically the same definition.
Now everytime I run puppet I get:
notice: //Node[default]/oracle/users::db/User[auser]/groups: groups
changed 'agroup,agroup' to 'agroup'
This is really strange.
Does anybody know what the problem is here. Does Puppet Merge the
groups from local and ldap?
Any hint is appreciated.
BR, Rene
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
puppet-users%2bunsubscr...@googlegroups.compuppet-users%252bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Tony
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Tony
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] The Foreman Mailing List Topics
Hey guys, I'm really glad tools like the Foreman exist and are part of the Puppet ecosystem, but I don't use it and I'd kinda like to keep the Puppet list about... Puppet. Sorry to be the jerk here, but doesn't the Foreman have it's own mailing list? Thanks, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key - same key, different accounts?
On Mon, Mar 1, 2010 at 9:13 AM, Marc Fournier marc.fourn...@camptocamp.com wrote: Paul: why do you think ssh_authorized_key is terrible ? Do you think the behaviour should be different ? 1) Lots of intermittent bugs that are hard to reproduce, harder to track down, and yet at scale show up often enough to cause problems. 2) Poorly designed. I've moved on to just using generate() to manage the content of my .ssh/authorized_keys files. Simple, always works. --Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
