[Puppet Users] Re: Puppet's call to /sbin/service somehow different than calling from the command line?
On Mar 1, 2:14 pm, Brian Ferris bdfer...@gmail.com wrote: For what it's worth, I finally debugged this issue. Great! Hopefully this will help if anyone ever runs into a similar issue down the road. Thanks for that. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Strange Problem with ldap Systems
On the System we have defined the user auser as: /etc/passwd: auser:x:300:300:auser User:/application/home/auser:/bin/bash /etc/group: agroup:x:126:auser So id auser gives: uid=300(auser) gid=300(auser) groups=126(agroup),300(auser) In the LDAP we have: #getent passwd auser auser:x:300:300:auser User:/application/home/auser:/bin/bash and #getent group agroup agroup:x:126:auser Basically the same definition. Now everytime I run puppet I get: notice: //Node[default]/oracle/users::db/User[auser]/groups: groups changed 'agroup,agroup' to 'agroup' This is really strange. Does anybody know what the problem is here. Does Puppet Merge the groups from local and ldap? Any hint is appreciated. BR, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Nagios based on David Schmitt's Complete Config : variables are empty
Hello ! I'm trying to implement a Nagios solution based on David Schmitt's Complete Config. But I the following error when running puppetd -t - v : notice: Starting catalog run err: //Node[monitoring]/nagios::target/Nagios::Host[]/File[/conf.d/ _host.cfg]/ensure: change from absent to present failed: Could not set present on ensure: No such file or directory - /conf.d/ _host.cfg.puppettmp at /etc/puppet/modules/nagios/manifests/init.pp:40 notice: Finished catalog run in 3.91 seconds As far as I understand, the problem comes from : define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } When this definition is run, it seems that ${nagios_cfgdir} and $ {name} are undefined. I am probably missing something quite simple, but I cant put my finger on it ... Any help ? My Nagios class is as follow : class nagios { $nagios_cfgdir = '/etc/nagios3' include apache package { nagios3 : alias = 'nagios', ensure = latest; [ 'nagios3-common', 'nagios-plugins-basic' ]: ensure = installed, before = Package['nagios']; } service { 'nagios3': alias = 'nagios', ensure = running, hasstatus = true, hasrestart = true, } file { $nagios_cfgdir/htpasswd.users: content = admin:QqtpoTN5OGzmA, mode = 0640, owner = root, group = www-data, } File | tag == 'nagios' | define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } class target { debug ( $fqdn has $nagios_parent as parent ) nagios::host { $fqdn: } } } And my nodes.pp : node 'monitoring' inherits basenode { include apache include nagios $nagios_parent = generic-host include nagios::target } Thanks a lot ! Guillaume -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetrun as non root
Hi all, Trying to get puppetrun executed from a php app and have hit a wall with permissions. If I run it as root it works fine, and if I run the .php file as root it also works. But executing under apache causes a authentication error on the puppet client. puppet clients namespaceauth.conf [puppetrunner] allow puppet.local [puppetbucket] allow *.local [puppetreports] allow *.local [resource] allow puppet.local puppetd --version - 0.25.1 notice: Denying unauthenticated client puppet.local(192.168.0.2) access to puppetrunner.run Any idea how I can get the client to trust the puppetmaster when puppetrun is run as a user other than root? Thanks, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios based on David Schmitt's Complete Config : variables are empty
gehel wrote: Hello ! I'm trying to implement a Nagios solution based on David Schmitt's Complete Config. But I the following error when running puppetd -t - v : notice: Starting catalog run err: //Node[monitoring]/nagios::target/Nagios::Host[]/File[/conf.d/ _host.cfg]/ensure: change from absent to present failed: Could not set present on ensure: No such file or directory - /conf.d/ _host.cfg.puppettmp at /etc/puppet/modules/nagios/manifests/init.pp:40 notice: Finished catalog run in 3.91 seconds As far as I understand, the problem comes from : define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } When this definition is run, it seems that ${nagios_cfgdir} and $ {name} are undefined. I am probably missing something quite simple, but I cant put my finger on it ... Any help ? My Nagios class is as follow : class nagios { $nagios_cfgdir = '/etc/nagios3' include apache package { nagios3 : alias = 'nagios', ensure = latest; [ 'nagios3-common', 'nagios-plugins-basic' ]: ensure = installed, before = Package['nagios']; } service { 'nagios3': alias = 'nagios', ensure = running, hasstatus = true, hasrestart = true, } file { $nagios_cfgdir/htpasswd.users: content = admin:QqtpoTN5OGzmA, mode = 0640, owner = root, group = www-data, } File | tag == 'nagios' | define host($ip= $fqdn, $short_alias = $fqdn) { @@file { ${nagios_cfgdir}/conf.d/${name}_host.cfg: ensure = present, content = template( nagios/host.erb ), mode = 644, owner = root, group = root, tag = 'nagios', } } class target { debug ( $fqdn has $nagios_parent as parent ) nagios::host { $fqdn: } } } And my nodes.pp : node 'monitoring' inherits basenode { include apache include nagios $nagios_parent = generic-host include nagios::target } Thanks a lot ! Guillaume Unfortunately, the variable is out of scope. I ran into this problem too and sadly ended up hard coding the value all over the place because it would have been difficult to set it in one proper spot, short of site.pp. Which I may end up doing, since I hate repeating myself. That project got put on the back burner but I will be re visiting fairly soon. -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun as non root
Trying this now Ohad :-S On 2 March 2010 15:57, Ohad Levy ohadl...@gmail.com wrote: sudo puppetrun for apache? :) On Tue, Mar 2, 2010 at 11:27 PM, Matt mattmora...@gmail.com wrote: Hi all, Trying to get puppetrun executed from a php app and have hit a wall with permissions. If I run it as root it works fine, and if I run the .php file as root it also works. But executing under apache causes a authentication error on the puppet client. puppet clients namespaceauth.conf [puppetrunner] allow puppet.local [puppetbucket] allow *.local [puppetreports] allow *.local [resource] allow puppet.local puppetd --version - 0.25.1 notice: Denying unauthenticated client puppet.local(192.168.0.2) access to puppetrunner.run Any idea how I can get the client to trust the puppetmaster when puppetrun is run as a user other than root? Thanks, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Strange Problem with ldap Systems
Hi Tony Thanks for the quick answer. Yes the group is defined in the LDAP too with the same GID. And here the definition: @user { auser: comment = 'Some user', ensure = present, gid = somegid, uid = 300, groups = 'agroup', home= '/application/home/auser', shell = '/bin/bash', require = [ Group['auser'], Group['agroup'] ], } I have no idea what is going wrong. On Mar 2, 4:53 pm, Tony G. tony...@gmail.com wrote: Hi Rene, Couple of things you might check: Do you have the agroup defined in LDAP too? If so that ldap group might have a differente gid as the local one. How looks the definition of the user in users::db? On Tue, Mar 2, 2010 at 8:44 AM, Rene rene.zbin...@gmail.com wrote: On the System we have defined the user auser as: /etc/passwd: auser:x:300:300:auser User:/application/home/auser:/bin/bash /etc/group: agroup:x:126:auser So id auser gives: uid=300(auser) gid=300(auser) groups=126(agroup),300(auser) In the LDAP we have: #getent passwd auser auser:x:300:300:auser User:/application/home/auser:/bin/bash and #getent group agroup agroup:x:126:auser Basically the same definition. Now everytime I run puppet I get: notice: //Node[default]/oracle/users::db/User[auser]/groups: groups changed 'agroup,agroup' to 'agroup' This is really strange. Does anybody know what the problem is here. Does Puppet Merge the groups from local and ldap? Any hint is appreciated. BR, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Tony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using Puppet for application deployment
I'm using puppet to deploy new versions of our application to our server instances. I do this by having a custom puppet node classifier that talks to a database that defines what version of an application is supposed to be on a particular node: parameters: application: webapp, webapp_version: 0.5, webapp_config: 123, webapp_symlink: 0.4 My puppet recipe then makes sure that webapp version 0.5 is installed (via yum and rpms), makes sure the right versioned configuration files are in place, and makes sure that the current symlink points at 0.4 so that we can roll to a different version by flipping a symlink. The puppet recipe has a lot of requires to make sure that the upgrade of the application is graceful and does things in the right order. My upgrade then goes like this, all controlled via a custom web interface: 1) Insert a jobgroup for the upgrade and a job for each server instance into a db 2) A job processor then takes the first group of machines to upgrade, changes their webapp version to the new version, and runs puppet on them 3) Lather, rinse, repeat step 2 until complete (roll the application out to prevent downtime), although if there is a puppet failure, all pending jobs get cancelled. Given that there are so many ways to skin the same cat, I'm wondering how others are doing their application deployments using Puppet. Or, if you are using Puppet but do your app deployments via some other mechanism, how do you do it, and why aren't you using Puppet to do it? Pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Strange Problem with ldap Systems
Hi Rene, I tried to replicate the behavior without luck. Reading again your email I noticed that you used getent passwd to pull the LDAP data, but that does not guarantee you are pulling from LDAP as it depends on the order in your nsswitch.conf file. Here nsswitch.conf has files before ldap(I created locally auser and agroup as you) $ id auser uid=999(auser) gid=999(auser) groups=999(auser),666(agroup) $ getent passwd auser auser:*:999:999:Some user:/home/auser:/bin/bash Here ldap is before nsswitch.conf (I created in ldap auser and agroup) $ id auser uid=999(auser) gid=*888*(auser) groups=*888*(auser),666(agroup) $ getent passwd auser auser:*:999:*888*:auser test:/home/auser:/bin/bash So the change you see *changed 'agroup,agroup' to 'agroup' *sounds like auser has two agroup groups(with diff gid) and changing to have only one agroup. I might be wrong with this, but the issue should be around there. I've tried to avoid having same groups/users in ldap and locally to avoid similar issues. Hope that helps. On Tue, Mar 2, 2010 at 10:13 AM, Rene rene.zbin...@gmail.com wrote: Hi Tony Thanks for the quick answer. Yes the group is defined in the LDAP too with the same GID. And here the definition: @user { auser: comment = 'Some user', ensure = present, gid = somegid, uid = 300, groups = 'agroup', home= '/application/home/auser', shell = '/bin/bash', require = [ Group['auser'], Group['agroup'] ], } I have no idea what is going wrong. On Mar 2, 4:53 pm, Tony G. tony...@gmail.com wrote: Hi Rene, Couple of things you might check: Do you have the agroup defined in LDAP too? If so that ldap group might have a differente gid as the local one. How looks the definition of the user in users::db? On Tue, Mar 2, 2010 at 8:44 AM, Rene rene.zbin...@gmail.com wrote: On the System we have defined the user auser as: /etc/passwd: auser:x:300:300:auser User:/application/home/auser:/bin/bash /etc/group: agroup:x:126:auser So id auser gives: uid=300(auser) gid=300(auser) groups=126(agroup),300(auser) In the LDAP we have: #getent passwd auser auser:x:300:300:auser User:/application/home/auser:/bin/bash and #getent group agroup agroup:x:126:auser Basically the same definition. Now everytime I run puppet I get: notice: //Node[default]/oracle/users::db/User[auser]/groups: groups changed 'agroup,agroup' to 'agroup' This is really strange. Does anybody know what the problem is here. Does Puppet Merge the groups from local and ldap? Any hint is appreciated. BR, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com puppet-users%2bunsubscr...@googlegroups.compuppet-users%252bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Tony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Tony -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] The Foreman Mailing List Topics
Hey guys, I'm really glad tools like the Foreman exist and are part of the Puppet ecosystem, but I don't use it and I'd kinda like to keep the Puppet list about... Puppet. Sorry to be the jerk here, but doesn't the Foreman have it's own mailing list? Thanks, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key - same key, different accounts?
On Mon, Mar 1, 2010 at 9:13 AM, Marc Fournier marc.fourn...@camptocamp.com wrote: Paul: why do you think ssh_authorized_key is terrible ? Do you think the behaviour should be different ? 1) Lots of intermittent bugs that are hard to reproduce, harder to track down, and yet at scale show up often enough to cause problems. 2) Poorly designed. I've moved on to just using generate() to manage the content of my .ssh/authorized_keys files. Simple, always works. --Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.