[Puppet Users] Choosing the web server

[Smain Kahlouch]

Hi everybody,

I just want to know what is the best web server between passenger and
mongrel.
I don't understand what are the benefits of each solution.

Do you have a part of the answer please?

Regards.
Grifith

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] I'm make a chinese wiki

[huangming...@gmail.com]

hello,guys
   is there any body com from china ? i had just start a
chinese wiki for puppet.  http://puppet.wikidot.com.

如果有兴趣,可以一起把wiki做起来,把puppet推荐给更多的中国的系统管理员.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] seg fault after client upgrade

[Ohad Levy]

this breaks because puppet still uses YAML for the local catalog cache.

the best way to solve it now is by upgrading your ruby (or installing a
newer ruby next to the old one).

I do it for RHE3 machines, seems like it also must be done for RHEL4 as its
seems low prio for RL.

cheers,
Ohad

On Tue, Mar 16, 2010 at 3:47 AM, Todd Zullinger  wrote:

> Len Rugen wrote:
> > We updated our server last week to 25.4 and have updated a few clients.
> > I've got one now that is irritated:
> >
> > info: Caching catalog for 
> > /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG] Segmentation fault
> > ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
> >
> > Any thoughts?
>
> Yuck.  This is http://projects.reductivelabs.com/issues/2604
>
> We'll have to get some sort of work-around into the EPEL packages.
> Seems no one reported this after a month or so in epel-testing. :/
>
> --
> ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
> ~~
> I honor and express all facets of my being, regardless of federal,
> state and local laws.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] disable ssl

[Isaac Christoffersen]

If you're using Red Hat/Fedora flavors of Linux, you can use Kanarip's 
Repository to get mod_passenger and other rubygem rpm repackagings - 
http://www.kanarip.com/custom/


On 3/15/10 6:14 PM, Christopher Johnston wrote:
Yes, I am aware that by going with mongrel/passenger as it will be 
handled by mod_ssl.  I setup mongrel in my lab today, didn't take much 
to get going (puppet wiki was VERY helpful).  Unfortunately passenger 
doesn't look to be packaged up other then in a gem (didn't investigate 
further then a quick check).


I am not sure option 1) would be the best thing for me to use 
considering I have very diverse environment that scales out to quite a 
few datacenters.  That seems like it would be a single point of 
failure for me in the event the SSL server cannot be reached (network 
outage, power, etc).  I run a stateless environment that has a pretty 
big production dependency on puppet.


I think I may look into option 2) with a CA chain hierarchy (using the 
wiki centralised puppet infrastructure setup on the wiki).  More to 
come tomorrow if I get stuck!


-Chris



On Mon, Mar 15, 2010 at 11:26 AM, Ohad Levy > wrote:


ssl has nothing to do with mongrel or passenger, as ssl is handled
in apache (or ngnix).

as far as it goes for SSL, you have two options:
1. a single CA
2. CA chain hierarchy.

the first option is simple, one of your puppetmasters will be your
CA, and every sign will run on it, you would require it for any
new certs that are introduced to your setup.

the second option works as well, and is described at
http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Scalability
under  Centralised_Puppet_Infrastructure

if you can afford using a single machine for signing your certs, I
would recommend you going to option 1 (as someone using option 2
for a few years now).

Cheers,
Ohad

On Mon, Mar 15, 2010 at 11:10 PM, Christopher Johnston
mailto:chjoh...@gmail.com>> wrote:

I will keep that in mind, ideally I would like to keep SSL in
place for security purposes I was really looking for a quick
hack/slash to disable SSL for the time being just to get past
some auth issues.

Longer term though from a scalability POV, I will in the end
have over 24-30 puppetmasters across my environment in various
datacenters so SSL management, redundancy and performance are
some big concerns.

What is the preferred approach to handling this?  Seems
mongrel is the preferred setup? or passenger?

-Chris


On Sun, Mar 14, 2010 at 8:16 PM, Trevor Vaughan
mailto:tvaug...@onyxpoint.com>> wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

If you front Puppet with Apache per the Mongrel
instructions and set the
SSLCipherSuite to 'NULL' in Apache, then it will turn off
all encryption.

Trevor

On 03/12/2010 05:57 PM, Dan Bode wrote:
>
>
> On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston
> mailto:chjoh...@gmail.com>
>>
wrote:
>
> Is there a way to disable SSL all together for testing?
>
>
> I would use the puppet executable for
testing/evaluation. It removes the
> need to even have a server.
>
>
> -Chris
>
> --
> You received this message because you are subscribed
to the Google
> Groups "Puppet Users" group.
> To post to this group, send email to
puppet-users@googlegroups.com

> >.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com

> >.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to
the Google
> Groups "Puppet Users" group.
> To post to this group, send email to
puppet-users@googlegroups.com
.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com

Re: [Puppet Users] disable ssl

[Christopher Johnston]

Yes, I am aware that by going with mongrel/passenger as it will be handled
by mod_ssl.  I setup mongrel in my lab today, didn't take much to get going
(puppet wiki was VERY helpful).  Unfortunately passenger doesn't look to be
packaged up other then in a gem (didn't investigate further then a quick
check).

I am not sure option 1) would be the best thing for me to use considering I
have very diverse environment that scales out to quite a few datacenters.
 That seems like it would be a single point of failure for me in the event
the SSL server cannot be reached (network outage, power, etc).  I run a
stateless environment that has a pretty big production dependency on puppet.


I think I may look into option 2) with a CA chain hierarchy (using the wiki
centralised puppet infrastructure setup on the wiki).  More to come tomorrow
if I get stuck!

-Chris



On Mon, Mar 15, 2010 at 11:26 AM, Ohad Levy  wrote:

> ssl has nothing to do with mongrel or passenger, as ssl is handled in
> apache (or ngnix).
>
> as far as it goes for SSL, you have two options:
> 1. a single CA
> 2. CA chain hierarchy.
>
> the first option is simple, one of your puppetmasters will be your CA, and
> every sign will run on it, you would require it for any new certs that are
> introduced to your setup.
>
> the second option works as well, and is described at
> http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Scalabilityunder
>   Centralised_Puppet_Infrastructure
>
> if you can afford using a single machine for signing your certs, I
> would recommend you going to option 1 (as someone using option 2 for a few
> years now).
>
> Cheers,
> Ohad
>
> On Mon, Mar 15, 2010 at 11:10 PM, Christopher Johnston  > wrote:
>
>> I will keep that in mind, ideally I would like to keep SSL in place for
>> security purposes I was really looking for a quick hack/slash to disable SSL
>> for the time being just to get past some auth issues.
>>
>> Longer term though from a scalability POV, I will in the end have over
>> 24-30 puppetmasters across my environment in various datacenters so SSL
>> management, redundancy and performance are some big concerns.
>>
>> What is the preferred approach to handling this?  Seems mongrel is the
>> preferred setup? or passenger?
>>
>> -Chris
>>
>>
>> On Sun, Mar 14, 2010 at 8:16 PM, Trevor Vaughan 
>> wrote:
>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA1
>>>
>>> If you front Puppet with Apache per the Mongrel instructions and set the
>>> SSLCipherSuite to 'NULL' in Apache, then it will turn off all encryption.
>>>
>>> Trevor
>>>
>>> On 03/12/2010 05:57 PM, Dan Bode wrote:
>>> >
>>> >
>>> > On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston
>>> > mailto:chjoh...@gmail.com>> wrote:
>>> >
>>> > Is there a way to disable SSL all together for testing?
>>> >
>>> >
>>> > I would use the puppet executable for testing/evaluation. It removes
>>> the
>>> > need to even have a server.
>>> >
>>> >
>>> > -Chris
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> > Groups "Puppet Users" group.
>>> > To post to this group, send email to puppet-users@googlegroups.com
>>> > .
>>> > To unsubscribe from this group, send email to
>>> > 
>>> > puppet-users+unsubscr...@googlegroups.com
>>> > 
>>> > >> >.
>>> > For more options, visit this group at
>>> > http://groups.google.com/group/puppet-users?hl=en.
>>> >
>>> >
>>> > --
>>> > You received this message because you are subscribed to the Google
>>> > Groups "Puppet Users" group.
>>> > To post to this group, send email to puppet-us...@googlegroups.com.
>>> > To unsubscribe from this group, send email to
>>> > puppet-users+unsubscr...@googlegroups.com
>>> .
>>> > For more options, visit this group at
>>> > http://groups.google.com/group/puppet-users?hl=en.
>>>
>>> - --
>>> Trevor Vaughan
>>>  Vice President, Onyx Point, Inc.
>>>  email: tvaug...@onyxpoint.com
>>>  phone: 410-541-ONYX (6699)
>>>
>>> - -- This account not approved for unencrypted sensitive information --
>>> -BEGIN PGP SIGNATURE-
>>> Version: GnuPG v1.4.9 (GNU/Linux)
>>>
>>> iEYEARECAAYFAkudfGEACgkQyWMIJmxwHpRC1ACg2Bz+PgFGW5JAXb5xL1TG7eHD
>>> 6FUAnigOX+2aMYlenFxSDnNAPvfqlDD7
>>> =qTaN
>>> -END PGP SIGNATURE-
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>>

Re: [Puppet Users] seg fault after client upgrade

[Trevor Hemsley]

http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Red_Hat_Centos

Len Rugen wrote:
I only had ruby, ruby-dev & ruby-libs, after installing those, pupport 
works except it seems to have lost the ruby-shadow function:
 
info: /User[root]: Provider useradd does not support features 
manages_passwords; not managing attribute password


On Mon, Mar 15, 2010 at 3:54 PM, Trevor Hemsley 
mailto:trevor.hems...@codefarm.com>> wrote:


I think this might be a ruby problem due to that being such an
ancient version. There are Centos 4 packages for ruby 1.8.5 which
might help.

$ ls /var/www/cobbler/localmirror/ruby/
ruby-1.8.5-5.el4.centos.1.i386.rpm  
ruby-mode-1.8.5-5.el4.centos.1.i386.rpm
ruby-irb-1.8.5-5.el4.centos.1.i386.rpm  
ruby-rdoc-1.8.5-5.el4.centos.1.i386.rpm

ruby-libs-1.8.5-5.el4.centos.1.i386.rpm

Len Rugen wrote:

Will the fix be on the client or server side?

On Mon, Mar 15, 2010 at 3:07 PM, Len Rugen mailto:lenru...@gmail.com> >> wrote:

   Who tests on old rhel4 systems :-)
Thanks

   On Mon, Mar 15, 2010 at 2:47 PM, Todd Zullinger
mailto:t...@pobox.com>
   >> wrote:

   Len Rugen wrote:
   > We updated our server last week to 25.4 and have
updated a
   few clients.
   > I've got one now that is irritated:
   >
   > info: Caching catalog for 
   > /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG]
   Segmentation fault
   > ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
   >
   > Any thoughts?

   Yuck.  This is
http://projects.reductivelabs.com/issues/2604

   We'll have to get some sort of work-around into the
EPEL packages.
   Seems no one reported this after a month or so in
epel-testing. :/

   --
   ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL:
   www.pobox.com/~tmz/pgp



 
 ~~

   I honor and express all facets of my being, regardless
of federal,
   state and local laws.



-- 
You received this message because you are subscribed to the

Google Groups "Puppet Users" group.
To post to this group, send email to
puppet-users@googlegroups.com
.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 


Trevor Hemsley
Infrastructure Engineer
.
* C A L Y P S O
* 4th Floor, Tower Point,
44 North Road,
Brighton, BN1 1YR, UK  
OFFICE  +44 (0) 1273 666 350

FAX +44 (0) 1273 666 351

.
www.calypso.com 

This electronic-mail might contain confidential information
intended only for the use by the entity named. If the reader of
this message is not the intended recipient, the reader is hereby
notified that any dissemination, distribution or copying is
strictly prohibited.

* P * /*/ Please consider the environment before printing this
e-mail /*/

-- 
You received this message because you are subscribed to the Google

Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.

To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


--

Trevor Hemsley
Infrastructure Engineer
.
* C A L Y P S O
* 4th Floor, Tower Point,
44 North Road,
Brighton, BN1 1YR, UK   


OFFICE  +44 (0) 1273 666 350
FAX +44 (0) 1273 666 351

.
www.calypso.com

This electronic-mail might contain confidential information intended 
only for the use by the entity n

Re: [Puppet Users] seg fault after client upgrade

[Len Rugen]

I only had ruby, ruby-dev & ruby-libs, after installing those, pupport works
except it seems to have lost the ruby-shadow function:

info: /User[root]: Provider useradd does not support features
manages_passwords; not managing attribute password

On Mon, Mar 15, 2010 at 3:54 PM, Trevor Hemsley  wrote:

> I think this might be a ruby problem due to that being such an ancient
> version. There are Centos 4 packages for ruby 1.8.5 which might help.
>
> $ ls /var/www/cobbler/localmirror/ruby/
> ruby-1.8.5-5.el4.centos.1.i386.rpm
> ruby-mode-1.8.5-5.el4.centos.1.i386.rpm
> ruby-irb-1.8.5-5.el4.centos.1.i386.rpm
> ruby-rdoc-1.8.5-5.el4.centos.1.i386.rpm
> ruby-libs-1.8.5-5.el4.centos.1.i386.rpm
>
> Len Rugen wrote:
>
>> Will the fix be on the client or server side?
>>
>> On Mon, Mar 15, 2010 at 3:07 PM, Len Rugen > lenru...@gmail.com>> wrote:
>>
>>Who tests on old rhel4 systems :-)
>> Thanks
>>
>>On Mon, Mar 15, 2010 at 2:47 PM, Todd Zullinger >> wrote:
>>
>>Len Rugen wrote:
>>> We updated our server last week to 25.4 and have updated a
>>few clients.
>>> I've got one now that is irritated:
>>>
>>> info: Caching catalog for 
>>> /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG]
>>Segmentation fault
>>> ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
>>>
>>> Any thoughts?
>>
>>Yuck.  This is http://projects.reductivelabs.com/issues/2604
>>
>>We'll have to get some sort of work-around into the EPEL packages.
>>Seems no one reported this after a month or so in epel-testing. :/
>>
>>--
>>ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL:
>>www.pobox.com/~tmz/pgp 
>> >
>>
>>
>>
>>  ~~
>>I honor and express all facets of my being, regardless of federal,
>>state and local laws.
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
>
> Trevor Hemsley
> Infrastructure Engineer
> .
> * C A L Y P S O
> * 4th Floor, Tower Point,
> 44 North Road,
> Brighton, BN1 1YR, UK
> OFFICE  +44 (0) 1273 666 350
> FAX +44 (0) 1273 666 351
>
> .
> www.calypso.com
>
> This electronic-mail might contain confidential information intended only
> for the use by the entity named. If the reader of this message is not the
> intended recipient, the reader is hereby notified that any dissemination,
> distribution or copying is strictly prohibited.
>
> * P * /*/ Please consider the environment before printing this e-mail /*/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Package Providers for OD X Server

[Gary Larizza Jr.]

On Mar 15, 2010, at 4:20 PM, Nigel Kersten wrote:

> We always create our own pkg installs. It's well worth it.
> 
> Have you look at Luggage Gary? It's the open source project for our
> internal tool we use for Makefiles to build packages.
> 
> http://luggage.apesseekingknowledge.net/

I've definitely used it, but not for anything large (just packaging up some 
commonly used python scripts).  I was hoping someone would say "or" and 
have another easy method that I hadn't thought of, but I don't think that's 
going to happen :)  Fortunately with puppet, I only ever have to create these 
packages once.

-Gary

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] seg fault after client upgrade

[Trevor Hemsley]

I think this might be a ruby problem due to that being such an ancient 
version. There are Centos 4 packages for ruby 1.8.5 which might help.


$ ls /var/www/cobbler/localmirror/ruby/
ruby-1.8.5-5.el4.centos.1.i386.rpm   
ruby-mode-1.8.5-5.el4.centos.1.i386.rpm
ruby-irb-1.8.5-5.el4.centos.1.i386.rpm   
ruby-rdoc-1.8.5-5.el4.centos.1.i386.rpm

ruby-libs-1.8.5-5.el4.centos.1.i386.rpm

Len Rugen wrote:

Will the fix be on the client or server side?

On Mon, Mar 15, 2010 at 3:07 PM, Len Rugen > wrote:


Who tests on old rhel4 systems :-)
 
Thanks


On Mon, Mar 15, 2010 at 2:47 PM, Todd Zullinger mailto:t...@pobox.com>> wrote:

Len Rugen wrote:
> We updated our server last week to 25.4 and have updated a
few clients.
> I've got one now that is irritated:
>
> info: Caching catalog for 
> /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG]
Segmentation fault
> ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
>
> Any thoughts?

Yuck.  This is http://projects.reductivelabs.com/issues/2604

We'll have to get some sort of work-around into the EPEL packages.
Seems no one reported this after a month or so in epel-testing. :/

--
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL:
www.pobox.com/~tmz/pgp 
~~
I honor and express all facets of my being, regardless of federal,
state and local laws.



--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.

To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


--

Trevor Hemsley
Infrastructure Engineer
.
* C A L Y P S O
* 4th Floor, Tower Point,
44 North Road,
Brighton, BN1 1YR, UK   


OFFICE  +44 (0) 1273 666 350
FAX +44 (0) 1273 666 351

.
www.calypso.com

This electronic-mail might contain confidential information intended 
only for the use by the entity named. If the reader of this message is 
not the intended recipient, the reader is hereby notified that any 
dissemination, distribution or copying is strictly prohibited.


* P * /*/ Please consider the environment before printing this e-mail /*/

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] seg fault after client upgrade

[Len Rugen]

Will the fix be on the client or server side?

On Mon, Mar 15, 2010 at 3:07 PM, Len Rugen  wrote:

> Who tests on old rhel4 systems :-)
>
> Thanks
>
>   On Mon, Mar 15, 2010 at 2:47 PM, Todd Zullinger  wrote:
>
>>  Len Rugen wrote:
>> > We updated our server last week to 25.4 and have updated a few clients.
>> > I've got one now that is irritated:
>> >
>> > info: Caching catalog for 
>> > /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG] Segmentation fault
>> > ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
>> >
>> > Any thoughts?
>>
>> Yuck.  This is http://projects.reductivelabs.com/issues/2604
>>
>> We'll have to get some sort of work-around into the EPEL packages.
>> Seems no one reported this after a month or so in epel-testing. :/
>>
>> --
>> ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
>> ~~
>> I honor and express all facets of my being, regardless of federal,
>> state and local laws.
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Package Providers for OD X Server

[Nigel Kersten]

On Mon, Mar 15, 2010 at 1:12 PM, Gary Larizza Jr.  wrote:
> Hi Everyone,
> I'm curious to see how many people are running puppetmasterd on OS X Server.
>  I'm trying to cement a recipe for my puppetmasters (10.5 Servers), and I'm
> finding that many modules port over well but certain things fall short due
> to the Mac's package providers.
>
> Visiting here
> --> http://docs.reductivelabs.com/references/stable/type.html#package  It
> looks like appdmg, pkgdmg, and darwinport are the most viable providers for
> OS X.  Appdmg and pkgdmg are great for .pkg or application-encapsulated disk
> images - but what are people doing when they need to install something from
> source - such as Nagios or NRPE?  Are you using the darwinport provider and
> pulling NRPE from there?  Maybe creating your own custom .pkg installer?
>  Pulling an NRPE tarball from a puppetmaster and running a series of execs?

We always create our own pkg installs. It's well worth it.

Have you look at Luggage Gary? It's the open source project for our
internal tool we use for Makefiles to build packages.

http://luggage.apesseekingknowledge.net/


>
> Before I experiment, I'm interested to see how others have tackled that
> question.  Thanks!
> -Gary
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
nigel

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Package Providers for OD X Server

[Gary Larizza Jr.]

Hi Everyone,
I'm curious to see how many people are running puppetmasterd on OS X 
Server.  I'm trying to cement a recipe for my puppetmasters (10.5 Servers), and 
I'm finding that many modules port over well but certain things fall short due 
to the Mac's package providers.

Visiting here --> 
http://docs.reductivelabs.com/references/stable/type.html#package  It looks 
like appdmg, pkgdmg, and darwinport are the most viable providers for OS X.  
Appdmg and pkgdmg are great for .pkg or application-encapsulated disk images - 
but what are people doing when they need to install something from source - 
such as Nagios or NRPE?  Are you using the darwinport provider and pulling NRPE 
from there?  Maybe creating your own custom .pkg installer?  Pulling an NRPE 
tarball from a puppetmaster and running a series of execs?

Before I experiment, I'm interested to see how others have tackled that 
question.  Thanks!
-Gary

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] seg fault after client upgrade

[Len Rugen]

Who tests on old rhel4 systems :-)

Thanks

On Mon, Mar 15, 2010 at 2:47 PM, Todd Zullinger  wrote:

>  Len Rugen wrote:
> > We updated our server last week to 25.4 and have updated a few clients.
> > I've got one now that is irritated:
> >
> > info: Caching catalog for 
> > /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG] Segmentation fault
> > ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
> >
> > Any thoughts?
>
> Yuck.  This is http://projects.reductivelabs.com/issues/2604
>
> We'll have to get some sort of work-around into the EPEL packages.
> Seems no one reported this after a month or so in epel-testing. :/
>
> --
> ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
> ~~
> I honor and express all facets of my being, regardless of federal,
> state and local laws.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] seg fault after client upgrade

[Todd Zullinger]

Len Rugen wrote:
> We updated our server last week to 25.4 and have updated a few clients.
> I've got one now that is irritated:
>
> info: Caching catalog for 
> /usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG] Segmentation fault
> ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]
>
> Any thoughts?

Yuck.  This is http://projects.reductivelabs.com/issues/2604

We'll have to get some sort of work-around into the EPEL packages.
Seems no one reported this after a month or so in epel-testing. :/

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
I honor and express all facets of my being, regardless of federal,
state and local laws.



pgpug10C4Ae5A.pgp
Description: PGP signature

[Puppet Users] seg fault after client upgrade

[Len Rugen]

We updated our server last week to 25.4 and have updated a few clients.
I've got one now that is irritated:

info: Caching catalog for 
/usr/lib64/ruby/1.8/yaml/rubytypes.rb:315: [BUG] Segmentation fault
ruby 1.8.1 (2003-12-25) [x86_64-linux-gnu]

Any thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] disable ssl

[Patrick]

On Mar 15, 2010, at 8:26 AM, Ohad Levy wrote:

> ssl has nothing to do with mongrel or passenger, as ssl is handled in apache 
> (or ngnix).
> 
> as far as it goes for SSL, you have two options:
> 1. a single CA
> 2. CA chain hierarchy.
> 
> the first option is simple, one of your puppetmasters will be your CA, and 
> every sign will run on it, you would require it for any new certs that are 
> introduced to your setup.
> 
> the second option works as well, and is described at 
> http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Scalability 
> under  Centralised_Puppet_Infrastructure

What about creating one certificate authority using puppet and then manually 
copying to all the servers as a temporary solution?  The two problems I see are:
1) The CRL doesn't work due to duplicate serial numbers.
2) Not having the server's real name in the root might be a problem if all your 
clients don't use just puppet for the hostname.

Is this actually likely to work?

> if you can afford using a single machine for signing your certs, I would 
> recommend you going to option 1 (as someone using option 2 for a few years 
> now).
> 
> Cheers,
> Ohad

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Apps that are using facter as a library or shell out to facter?

[Michael DeHaan]

> Yeah that's certainly one of the things I want to do, as is if we're
> calling out to a command to parse it and can cache/process it in one
> time as opposed to calling a billion ifconfig/dmidecodes that'd be
> good too.

Yep, if you're shelling out or executing 'puppet' without the daemon,
in memory caching doesn't work.  (But how slow are we really?)

Cache dir would be simple though...

You could simply stat the file and see when the last fact storage run
happened, and each module could set (or not set) a timeout on a
case-by-case basis.
No timeout would mean don't cache, so it would automatically work with
any existing facts, and the facts wouldn't have to implement the
caching
themselves.

Things like OS version are inexpensive but wouldn't have to be checked
too frequently, I'd bet :)

--Michael

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Apps that are using facter as a library or shell out to facter?

[Paul Nasrat]

On 15 March 2010 17:26, R.I.Pienaar  wrote:
> 'lo,
>
> - "Michael DeHaan"  wrote:
>
>> Do you have a script/application that shells out to facter or uses it
>> from as a Ruby library to collect information?   (I'm aware of
>> mcollective supporting facter, but that's about it).
>
> my biggest hassle with it is that it's quite slow.  Though I guess that's to 
> be expected given what it does.
>
> It would be good if facts can mark themselves volatile or not, and that 
> Facter.reset (or a similar call) could only affect the facts that have marked 
> themselves as subject to frequent changes.

Yeah, not sure how this would look in the current api though, I guess
something comparable to confine to allow timeouts and also
ttl/expiry/cache-control type things on the fact. Again this probably
comes after having configuration (so as to set a state dir, default
policy, etc).

> Looking through my factlist things like architecture hardwareisa, 
> hardwaremodel - most things that came from dmidecode - kernel version, lsb* 
> and a fair few more should be fixed and not reset as often.  Though it's true 
> that in newer virtualized environments things like ram size, cpu count etc 
> can change on the fly.

Yeah that's certainly one of the things I want to do, as is if we're
calling out to a command to parse it and can cache/process it in one
time as opposed to calling a billion ifconfig/dmidecodes that'd be
good too.

Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Apps that are using facter as a library or shell out to facter?

[R.I.Pienaar]

'lo,

- "Michael DeHaan"  wrote:

> Do you have a script/application that shells out to facter or uses it
> from as a Ruby library to collect information?   (I'm aware of
> mcollective supporting facter, but that's about it).

my biggest hassle with it is that it's quite slow.  Though I guess that's to be 
expected given what it does.

It would be good if facts can mark themselves volatile or not, and that 
Facter.reset (or a similar call) could only affect the facts that have marked 
themselves as subject to frequent changes.

Looking through my factlist things like architecture hardwareisa, hardwaremodel 
- most things that came from dmidecode - kernel version, lsb* and a fair few 
more should be fixed and not reset as often.  Though it's true that in newer 
virtualized environments things like ram size, cpu count etc can change on the 
fly.

This will mean things like mcollective that is quite time critical can suffer a 
bit less at the hands of facter.

-- 
R.I.Pienaar

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Tons of "configuration version" reports

[Kent Rankin]

I nearly forgot to write in that we removed the puppet client (EPEL)
and reinstalled, and the --verbose went away.  We never did figure out
where it was coming from, though.  Thanks for everyone's help.


On Tue, Mar 9, 2010 at 5:34 PM, Todd Zullinger  wrote:
> Kent Rankin wrote:
>> [r...@ ~]# rpm -V puppet
>> S.5T  c /etc/puppet/puppet.conf
>> [r...@ ~]# grep verbose /etc/init.d/puppet
>> [r...@ ~]# grep verbose /etc/sysconfig/puppet
>> [r...@ ~]# cat /etc/sysconfig/puppet
>> # The puppetmaster server
>> #PUPPET_SERVER=puppet
>>
>> # If you wish to specify the port to connect to do so here
>> #PUPPET_PORT=8140
>>
>> # Where to log to. Specify syslog to send log messages to the system log.
>> #PUPPET_LOG=/var/log/puppet/puppet.log
>>
>> # You may specify other parameters to the puppet client here
>> #PUPPET_EXTRA_OPTS=--waitforcert=500
>>
>> I'm not really seeing anything giving it the verbose option...
>> nothing's been modified from EPEL other than the
>> /etc/puppet/puppetd.conf line:
>>
>>     report = true
>
> I don't know where this would be coming from then.  I can't reproduce
> it on a stock CentOS-5.4 system with the EPEL packages.  You might
> want to try running the init script via sh -x /etc/init.d/puppet start
> and see if you see where it picks up the --verbose option.
>
> If anyone sees this with the EPEL packages, I'd be interested to know
> about it.
>
> --
> Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
> ~~
> I always wanted to be a procrastinator, never got around to it.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Failed to generate additional resources using 'eval_generate': end of file reached

[Kent Rankin]

We keep getting a variety of these from a random set during each Puppet run:

Sat Mar 13 23:46:42 -0500 2010 //cups/File[/etc/cups] (err): Failed to
generate additional resources using 'eval_generate': end of file
reached

It seems like there is a 30% chance of a host providing this on any
given manifest that distributes files.  It's only started since we
went from 0.24 to 0.25 of the EPEL puppet distribution.  Things "seem"
to be working, but it's producing a maddening string of reports every
30 minutes.


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Wiki Migrated from Trac to Redmine

[Derek Yarnell]

All I want to say is thanks, I found Trac and its searching to be such a 
PITA.


This was such a pleasant surprise :)

--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] push file once

[Jon Fautley]

On Sun, 14 Mar 2010 19:11:26 +0100
Peter Meier  wrote:

> have a look at the replace option of the file resource:   
> http://docs.reductivelabs.com/references/stable/type.html#file

I've done similar things with custom facts sent from the client at
system build time. i.e. during the initial puppet run in the kickstart
%post, I'll export FACTER_BUILDING=true and then test for that fact in
the manifests. If it's present, it'll overwrite the file, otherwise
it'll just leave it be. It's not elegant, but it works :)

Cheers,

Jon
-- 
Jon Fautley RHCE, RHCDS, RHCX, RHCA  email: jfaut...@redhat.com
Senior Consultantcell : +44 7841 558683
Global Professional Services
Red Hat UK, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP


signature.asc
Description: PGP signature

Re: [Puppet Users] Re: Exec doesn't work with Ubuntu Server 10.04 (Lucid Lynx) 64bit

[Silviu Paragina]

On 12.03.2010 22:34, Nigel Kersten wrote:

For those people following along at home on this issue, Lucas Nussbaum
chased it up on behalf of Debian and has just gotten a patch uploaded
to Debian that resolves this problem.

http://redmine.ruby-lang.org/issues/show/2739

   

Kudos for Lucas and thanks for the heads up :)


Silviu

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] disable ssl

[Ohad Levy]

ssl has nothing to do with mongrel or passenger, as ssl is handled in apache
(or ngnix).

as far as it goes for SSL, you have two options:
1. a single CA
2. CA chain hierarchy.

the first option is simple, one of your puppetmasters will be your CA, and
every sign will run on it, you would require it for any new certs that are
introduced to your setup.

the second option works as well, and is described at
http://projects.reductivelabs.com/projects/puppet/wiki/Puppet_Scalabilityunder
 Centralised_Puppet_Infrastructure

if you can afford using a single machine for signing your certs, I
would recommend you going to option 1 (as someone using option 2 for a few
years now).

Cheers,
Ohad

On Mon, Mar 15, 2010 at 11:10 PM, Christopher Johnston
wrote:

> I will keep that in mind, ideally I would like to keep SSL in place for
> security purposes I was really looking for a quick hack/slash to disable SSL
> for the time being just to get past some auth issues.
>
> Longer term though from a scalability POV, I will in the end have over
> 24-30 puppetmasters across my environment in various datacenters so SSL
> management, redundancy and performance are some big concerns.
>
> What is the preferred approach to handling this?  Seems mongrel is the
> preferred setup? or passenger?
>
> -Chris
>
>
> On Sun, Mar 14, 2010 at 8:16 PM, Trevor Vaughan wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> If you front Puppet with Apache per the Mongrel instructions and set the
>> SSLCipherSuite to 'NULL' in Apache, then it will turn off all encryption.
>>
>> Trevor
>>
>> On 03/12/2010 05:57 PM, Dan Bode wrote:
>> >
>> >
>> > On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston
>> > mailto:chjoh...@gmail.com>> wrote:
>> >
>> > Is there a way to disable SSL all together for testing?
>> >
>> >
>> > I would use the puppet executable for testing/evaluation. It removes the
>> > need to even have a server.
>> >
>> >
>> > -Chris
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Puppet Users" group.
>> > To post to this group, send email to puppet-users@googlegroups.com
>> > .
>> > To unsubscribe from this group, send email to
>> > 
>> > puppet-users+unsubscr...@googlegroups.com
>> > 
>> > > >.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Puppet Users" group.
>> > To post to this group, send email to puppet-us...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscr...@googlegroups.com
>> .
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>>
>> - --
>> Trevor Vaughan
>>  Vice President, Onyx Point, Inc.
>>  email: tvaug...@onyxpoint.com
>>  phone: 410-541-ONYX (6699)
>>
>> - -- This account not approved for unencrypted sensitive information --
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.9 (GNU/Linux)
>>
>> iEYEARECAAYFAkudfGEACgkQyWMIJmxwHpRC1ACg2Bz+PgFGW5JAXb5xL1TG7eHD
>> 6FUAnigOX+2aMYlenFxSDnNAPvfqlDD7
>> =qTaN
>> -END PGP SIGNATURE-
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] disable ssl

[Christopher Johnston]

I will keep that in mind, ideally I would like to keep SSL in place for
security purposes I was really looking for a quick hack/slash to disable SSL
for the time being just to get past some auth issues.

Longer term though from a scalability POV, I will in the end have over 24-30
puppetmasters across my environment in various datacenters so SSL
management, redundancy and performance are some big concerns.

What is the preferred approach to handling this?  Seems mongrel is the
preferred setup? or passenger?

-Chris

On Sun, Mar 14, 2010 at 8:16 PM, Trevor Vaughan wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> If you front Puppet with Apache per the Mongrel instructions and set the
> SSLCipherSuite to 'NULL' in Apache, then it will turn off all encryption.
>
> Trevor
>
> On 03/12/2010 05:57 PM, Dan Bode wrote:
> >
> >
> > On Fri, Mar 12, 2010 at 2:53 PM, Christopher Johnston
> > mailto:chjoh...@gmail.com>> wrote:
> >
> > Is there a way to disable SSL all together for testing?
> >
> >
> > I would use the puppet executable for testing/evaluation. It removes the
> > need to even have a server.
> >
> >
> > -Chris
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com
> > .
> > To unsubscribe from this group, send email to
> > 
> > puppet-users+unsubscr...@googlegroups.com
> > 
> >  >.
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com
> .
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
>
> - --
> Trevor Vaughan
>  Vice President, Onyx Point, Inc.
>  email: tvaug...@onyxpoint.com
>  phone: 410-541-ONYX (6699)
>
> - -- This account not approved for unencrypted sensitive information --
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkudfGEACgkQyWMIJmxwHpRC1ACg2Bz+PgFGW5JAXb5xL1TG7eHD
> 6FUAnigOX+2aMYlenFxSDnNAPvfqlDD7
> =qTaN
> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] disable ssl

[Christopher Johnston]

Yea right now I am not using environments, I would like to move to either
passenger or mongrel for a more scalable setup (although I have heard
mongrel has issue with memory leaks).

On Sun, Mar 14, 2010 at 1:53 PM, Nigel Kersten wrote:

> On Sat, Mar 13, 2010 at 11:33 AM, Christopher Johnston
>  wrote:
> > No I am not using environments with this setup, curious on how that would
> > make a difference if the module base is identical for all of my
> production
> > hosts.
>
> This probably explains it better.
>
> http://projects.reductivelabs.com/issues/1557
>
> The point is exactly that the module base isn't the same for different
> environments.
>
> >
> > By using a subject altname on the cert would that allow for a distributed
> > certificate for all my hosts in that specific environment.  Since each
> > datacenter has its own two puppetmasters  they also have their own dns
> > domain suffix so that could work.
>
>
>
> >
> > On Sat, Mar 13, 2010 at 11:47 AM, Nigel Kersten 
> wrote:
> >>
> >> On Sat, Mar 13, 2010 at 8:43 AM, Christopher Johnston
> >>  wrote:
> >> > Sorry for the late response.  That feature looks attractive, but not
> >> > feasible at this state.  I am still running .24 version of puppet
> which
> >> > is
> >> > working great (although performance could be slightly better!) and I
> >> > wasn't
> >> > looking to do an upgrade to .25 for at least a month or two as bugs
> iron
> >> > out.
> >> >
> >> > Essentially my setup consists of a central git server and a
> puppetmaster
> >> > in
> >> > our main site.  In my remote locations I have two puppetmasters
> running
> >> > in a
> >> > cluster using a VIP for its IP address.  Since the physical hostname
> >> > could
> >> > potentially change during a failover situation along with the keys not
> >> > being
> >> > there (I could put the ssl certs on shared storage or sync them from
> >> > hostA
> >> > to hostB via rsnapshot via cron) I will end up running into issues
> with
> >> > the
> >> > certs.
> >>
> >> Are you using environments with this setup? You're going to have
> >> undesirable side effects if you are with 0.24.x and a VIP.
> >>
> >>
> >> > The question I have is what is the best way to manage SSL certs in a
> >> > more
> >> > distributed fashion by using a shared certificate.  I don't want to
> rely
> >> > on
> >> > a single instance of puppetmasterd to provide certs as that is a SPOF
> to
> >> > me
> >> > and since my remote sites are distant on the network my preference is
> to
> >> > use
> >> > the local hostA and hostB servers as puppetmasters and ssl servers
> with
> >> > direct git clones (git pull when a major commit is tested in
> >> > development/lab).  I also use autosign so certs get created on demand.
> >>
> >> Is a subject altname on the SSL cert with wildcards for your domain
> >> acceptable?
> >>
> >> >
> >> > -Chris
> >> >
> >> > On Sat, Mar 13, 2010 at 5:50 AM, Alan Barrett 
> wrote:
> >> >>
> >> >> On Fri, 12 Mar 2010, Christopher Johnston wrote:
> >> >> > Reason I am asking is I am having a bunch of SSL issues in
> production
> >> >> > right
> >> >> > now, I need to disable SSL until I get things fixed.
> >> >>
> >> >> As a workaround, perhaps you could use the
> >> >> standalone compile/apply feature (new in 0.25); see
> >> >>
> >> >>
> >> >> <
> http://reductivelabs.com/trac/puppet/wiki/ReleaseNotes#command-line-compile-apply
> >.
> >> >>
> >> >> --apb (Alan Barrett)
> >> >>
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> >> >> Groups
> >> >> "Puppet Users" group.
> >> >> To post to this group, send email to puppet-us...@googlegroups.com.
> >> >> To unsubscribe from this group, send email to
> >> >> puppet-users+unsubscr...@googlegroups.com
> .
> >> >> For more options, visit this group at
> >> >> http://groups.google.com/group/puppet-users?hl=en.
> >> >>
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Puppet Users" group.
> >> > To post to this group, send email to puppet-us...@googlegroups.com.
> >> > To unsubscribe from this group, send email to
> >> > puppet-users+unsubscr...@googlegroups.com
> .
> >> > For more options, visit this group at
> >> > http://groups.google.com/group/puppet-users?hl=en.
> >> >
> >>
> >>
> >>
> >> --
> >> nigel
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Puppet Users" group.
> >> To post to this group, send email to puppet-us...@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >> puppet-users+unsubscr...@googlegroups.com
> .
> >> For more options, visit this group at
> >> http://groups.google.com/group/puppet-users?hl=en.
> >>
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com

Re: [Puppet Users] Re: migating from 0.24.8 to 0.25.0rc1

[Gustavo Soares]

sorry for the late reply :)

but yes, I have switched to passenger.

Gus

On Tue, Sep 29, 2009 at 5:22 PM, Chris Westin  wrote:

>
> I'm getting similar messages about cacrl, even though I haven't set
> it.  Did switching to passenger fix the problem?  Or did you find
> another way to fix it?
>
> I'm using webrick and don't want to complicate things further for now
> if I don't have to.
>
> Chris
>
> --~--~-~--~~~---~--~~
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en
> -~--~~~~--~~--~--~---
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Using Puppet for application deployment

[Michael DeHaan]

> that are very much procedural while Puppet manifest are more
> useful on a description of required software level.

Sort of.

The long story is that we don't have a really native feeling way to
model multinode deployments and workflow now, but we can think of
modeling it based on a set of checkpoint conditions.

Meanwhile you can see a bit of a preview here:

http://github.com/reductivelabs/puppet-external-resource

external_resource { "some remote condition":
frequency => 1,
timeout => 30,
check => "/some/external/script/that/will/return/true"
}

The trick is of course that the remote check software does not exist
as part of anything in Puppet core, yet, so that would be up to you.

However blocking until a database is present on a remote server is
actually possible now.   (Provided you write the script to check for
it).

I would agree that the concept of taking a node out of a load balanced
configuration and modelling that configuration is more difficult to do
intelligently, as the system needs to understand a fair amount of
context
about your HA environment.

It's not so much of an issue of declarative vs procedural, but more so
a question of can the system model your configuration.   Right now,
those systems today that are 'procedural' don't model at all, they are
more of raw code.

--Michael

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Apps that are using facter as a library or shell out to facter?

[Michael DeHaan]

As we're pondering future enhancements to facter, it seems useful to
better understand things (other than Puppet) that are using facter.

Do you have a script/application that shells out to facter or uses it
from as a Ruby library to collect information?   (I'm aware of
mcollective supporting facter, but that's about it).

If so, can you tell us a little more about it?What does it do?

Also, are their other datasources you would like to see in the core
'facts' out of the box (without having to write your own), that aren't
there presently?

--Michael

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Rebuilding machines from foreman

[LOhit]

Hi,

Sure, we can take it up on the irc channel. However, just for the record,
sudo permission is fine, it was a   working setup prior to upgrade. And the
user the foreman runs as, can execute "puppetca", I tested it from the
command line to make sure.

Best regards,
-LOhit

On Mon, Mar 15, 2010 at 3:11 PM, Ohad Levy  wrote:

> Hi,
>
> I would assume that you cant execute puppetca (e.g. sudo permissions etc),
> can you double check if there is nothing in the log files?
>
> probably its best to continue this discussion at foreman users or
> #theforeman on irc.
>
> cheers,
> Ohad
>
>
> On Mon, Mar 15, 2010 at 4:51 PM, LOhit  wrote:
>
>> After upgrading to 0.1-4, I ran into the same problem.  *"Failed to
>> enable hostname_here for installation"*
>> *
>> *
>> But, this time around, I don't see any messages/logs regarding the error.
>> Link gets created in the TFTP directory, but nothing else. I have gone
>> through the change log, I even tried changing the lines back to pre 0.1-4
>>  version, but to no avail.
>>
>> Best regards,
>> *-LOhit
>> *
>>
>> On Mon, Feb 22, 2010 at 5:17 PM, Ohad Levy  wrote:
>>
>>> :)
>>>
>>> Lets start with feature requests for anything in your wishlist
>>> Ohad
>>>
>>>
>>>
>>> On Mon, Feb 22, 2010 at 1:09 PM, LOhit  wrote:
>>>
 Ahhh!!! I thought those files would be generated automatically. One
 more item added to my foreman wishlist. :)

 Please let me know if I can contribute in any way.


 -LOhit


 On Mon, Feb 22, 2010 at 4:23 PM, Ohad Levy  wrote:

> Hi,
>
> Thats correct, but you still need to generate the config file (e.g. as
> in the examples) per OS.
>
> I guess that in the near future (some code already exist on some github
> branch) that will auto copy the kernel / ramdisks and create the pxefiles
> directly.
>
> cheers,
> Ohad
>
>
> On Mon, Feb 22, 2010 at 12:30 PM, LOhit  wrote:
>
>> Hi,
>>
>> Yes, I did. And this is what I understand,
>>
>> 1) Clicking the "Build" button creates a pxe config file in the
>> directory specified in "settings.yaml"
>>
>> 2) After the machine is rebuilt, this file/link is removed.
>>
>> Please correct me if I am wrong.
>>
>> Best regards,
>> -LOhit
>>
>>
>> On Mon, Feb 22, 2010 at 2:54 PM, Ohad Levy wrote:
>>
>>> Hi,
>>>
>>> did you read
>>> http://theforeman.org/wiki/foreman/Unattended_installations#How-does-Foreman-manages-TFTP
>>>
>>> cheers,
>>> Ohad
>>>
>>>
>>> On Mon, Feb 22, 2010 at 11:02 AM, LOhit  wrote:
>>>
 Hi,

 I have hit one more dead end :(. After I click on the "Build"
 button, I get the message "Host xxx enabled for installation boot 
 away". And
 I can see a link created in "/tftpboot/linux-install/pxelinux.cfg" 
 with the
 MAC address of the machine being rebuilt.

 However, the symlink points to a non-existent destination in the
 same directory. Example.

 *lrwxrwxrwx 1 puppet puppet 15 Feb 22 11:15 01-00-1b-78-32-44-90 ->
 RedHat-4-x86_64*

 Any help?

 Regards,
 -LOhit


 On Fri, Feb 19, 2010 at 5:26 PM, LOhit  wrote:

> Hi Ohad, You are a genius..!!! I owe you a beer. :)
>
> My SSL directory is "/etc/puppet/ssl". I wasted one whole day
> trying to figure it out.
>
> Thanks a bunch.
>
>
> On Fri, Feb 19, 2010 at 4:03 PM, Ohad Levy wrote:
>
>> the real error message is generated here:
>> http://theforeman.org/repositories/entry/foreman/vendor/plugins/proxy/lib/proxy.rb#L80
>>
>> which basically tests if the ca directory is available and
>> puppetca can be found.
>> I'm guessing one of these two are missing (or in a non standard
>> location).
>>
>> cheers,
>> Ohad
>>
>>
>>
>> On Fri, Feb 19, 2010 at 6:14 AM, LOhit  wrote:
>>
>>> Hi,
>>>
>>> Actually, I have built custom RPMs of  Puppet & Facter tailored
>>> to meet the requirements of my environment. So, when I install 
>>> these RPMs,
>>> the binaries go into "/usr/sbin" including "puppetca"
>>> And Pupept & Foreman are started by root. Initially, I too
>>> thought that foreman was not able to find the "puppetca" binary, 
>>> but then I
>>> wasn't sure.
>>>
>>> I couldn't find much info anywhere, so thought of taking look at
>>> the code.
>>>
>>>  *def setBuild
>>> host = Host.find params[:id]
>>> if host.setBuild != false (if I set this to true, I get the
>>> right message in the web UI but, obviously that doesn't solve the 
>

Re: [Puppet Users] multiple environments different manifests not working: solved!

[Hubert Krause]

Hello James,

Am Friday 12 March 2010 21:49:02 schrieb James Turnbull:
> > the reason for ignoring the different manifests was a setting
> > in /etc/sysconfig/puppetmaster. The settings name is
> > "PUPPETMASTER_MANIFEST" and was set to my "production" site.pp. Because
> > of my switch back to webbrick while upgrading puppet the Problem occurs
> > in conjunction with the update.

[..]

> Is this a default RH/Fedora etc setting on one your site had set
> yourself?

No. Default is is:
#PUPPETMASTER_MANIFEST=/etc/puppet/manifests/site.pp

Every Setting is a comment by default. The Problem was made by myself.

Cheers,

Hubert
-- 
Hubert Krause
Risk & Fraud Division
INFORM GmbH, Pascalstraße 23, 52076 Aachen, Germany
Phone: +49 24 08 - 94 56 5145
E-Mail: hubert.kra...@inform-ac.com, Web: http://www.inform-ac.com
INFORM Institut fuer Operations Research und Management GmbH
Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] managing secondary groups

[Bruce Richardson]

On Mon, Mar 15, 2010 at 09:31:54AM +, Dick Davies wrote:
> Offhand, does anyone know the difference between the 2
> constructs below to manage secondary groups ?
> This is the 'groupadd' provider I think (CentOS).
> Think I'd prefer the  former if the result is the same

The result will be the same.  How did you think it might be different?
The path to execution within Puppet will be different, which may or may
not matter to you.

-- 
Bruce

Remember you're a Womble.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Rebuilding machines from foreman

[Ohad Levy]

Hi,

I would assume that you cant execute puppetca (e.g. sudo permissions etc),
can you double check if there is nothing in the log files?

probably its best to continue this discussion at foreman users or
#theforeman on irc.

cheers,
Ohad

On Mon, Mar 15, 2010 at 4:51 PM, LOhit  wrote:

> After upgrading to 0.1-4, I ran into the same problem.  *"Failed to
> enable hostname_here for installation"*
> *
> *
> But, this time around, I don't see any messages/logs regarding the error.
> Link gets created in the TFTP directory, but nothing else. I have gone
> through the change log, I even tried changing the lines back to pre 0.1-4
>  version, but to no avail.
>
> Best regards,
> *-LOhit
> *
>
> On Mon, Feb 22, 2010 at 5:17 PM, Ohad Levy  wrote:
>
>> :)
>>
>> Lets start with feature requests for anything in your wishlist
>> Ohad
>>
>>
>>
>> On Mon, Feb 22, 2010 at 1:09 PM, LOhit  wrote:
>>
>>> Ahhh!!! I thought those files would be generated automatically. One
>>> more item added to my foreman wishlist. :)
>>>
>>> Please let me know if I can contribute in any way.
>>>
>>>
>>> -LOhit
>>>
>>>
>>> On Mon, Feb 22, 2010 at 4:23 PM, Ohad Levy  wrote:
>>>
 Hi,

 Thats correct, but you still need to generate the config file (e.g. as
 in the examples) per OS.

 I guess that in the near future (some code already exist on some github
 branch) that will auto copy the kernel / ramdisks and create the pxefiles
 directly.

 cheers,
 Ohad


 On Mon, Feb 22, 2010 at 12:30 PM, LOhit  wrote:

> Hi,
>
> Yes, I did. And this is what I understand,
>
> 1) Clicking the "Build" button creates a pxe config file in the
> directory specified in "settings.yaml"
>
> 2) After the machine is rebuilt, this file/link is removed.
>
> Please correct me if I am wrong.
>
> Best regards,
> -LOhit
>
>
> On Mon, Feb 22, 2010 at 2:54 PM, Ohad Levy  wrote:
>
>> Hi,
>>
>> did you read
>> http://theforeman.org/wiki/foreman/Unattended_installations#How-does-Foreman-manages-TFTP
>>
>> cheers,
>> Ohad
>>
>>
>> On Mon, Feb 22, 2010 at 11:02 AM, LOhit  wrote:
>>
>>> Hi,
>>>
>>> I have hit one more dead end :(. After I click on the "Build" button,
>>> I get the message "Host xxx enabled for installation boot away". And I 
>>> can
>>> see a link created in "/tftpboot/linux-install/pxelinux.cfg" with the 
>>> MAC
>>> address of the machine being rebuilt.
>>>
>>> However, the symlink points to a non-existent destination in the same
>>> directory. Example.
>>>
>>> *lrwxrwxrwx 1 puppet puppet 15 Feb 22 11:15 01-00-1b-78-32-44-90 ->
>>> RedHat-4-x86_64*
>>>
>>> Any help?
>>>
>>> Regards,
>>> -LOhit
>>>
>>>
>>> On Fri, Feb 19, 2010 at 5:26 PM, LOhit  wrote:
>>>
 Hi Ohad, You are a genius..!!! I owe you a beer. :)

 My SSL directory is "/etc/puppet/ssl". I wasted one whole day trying
 to figure it out.

 Thanks a bunch.


 On Fri, Feb 19, 2010 at 4:03 PM, Ohad Levy wrote:

> the real error message is generated here:
> http://theforeman.org/repositories/entry/foreman/vendor/plugins/proxy/lib/proxy.rb#L80
>
> which basically tests if the ca directory is available and puppetca
> can be found.
> I'm guessing one of these two are missing (or in a non standard
> location).
>
> cheers,
> Ohad
>
>
>
> On Fri, Feb 19, 2010 at 6:14 AM, LOhit  wrote:
>
>> Hi,
>>
>> Actually, I have built custom RPMs of  Puppet & Facter tailored to
>> meet the requirements of my environment. So, when I install these 
>> RPMs, the
>> binaries go into "/usr/sbin" including "puppetca"
>> And Pupept & Foreman are started by root. Initially, I too thought
>> that foreman was not able to find the "puppetca" binary, but then I 
>> wasn't
>> sure.
>>
>> I couldn't find much info anywhere, so thought of taking look at
>> the code.
>>
>>  *def setBuild
>> host = Host.find params[:id]
>> if host.setBuild != false (if I set this to true, I get the
>> right message in the web UI but, obviously that doesn't solve the 
>> problem)
>>   flash[:foreman_notice] = "Enabled #{host.name} for
>> installation boot away"
>> else
>>   flash[:foreman_error] = "Failed to enable #{host.name} for
>> installation"
>> end
>> redirect_to :back
>>   end*
>>
>>
>> So, the conditions are not being met to enable the host for
>> installation.
>>
>>
>> *PS: THIS IS A TEST SETUP, SO,

[Puppet Users] managing secondary groups

[Dick Davies]

Offhand, does anyone know the difference between the 2
constructs below to manage secondary groups ?
This is the 'groupadd' provider I think (CentOS).
Think I'd prefer the  former if the result is the same
(I create these users in a definition and it's simpler to not touch it).


group { "foo":
   members => [ "eeny", "meeny", "miney" ]
}

and

user { "eeny":
  ...
  groups => ["foo"]
  ...
}

user { "meeny":
  ...
  groups => ["foo"]
  ...
}
user { "miney":
  ...
  groups => ["foo"]
  ...
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Rebuilding machines from foreman

[LOhit]

After upgrading to 0.1-4, I ran into the same problem.  *"Failed to enable
hostname_here for installation"*
*
*
But, this time around, I don't see any messages/logs regarding the error.
Link gets created in the TFTP directory, but nothing else. I have gone
through the change log, I even tried changing the lines back to pre 0.1-4
 version, but to no avail.

Best regards,
*-LOhit
*
On Mon, Feb 22, 2010 at 5:17 PM, Ohad Levy  wrote:

> :)
>
> Lets start with feature requests for anything in your wishlist
> Ohad
>
>
>
> On Mon, Feb 22, 2010 at 1:09 PM, LOhit  wrote:
>
>> Ahhh!!! I thought those files would be generated automatically. One
>> more item added to my foreman wishlist. :)
>>
>> Please let me know if I can contribute in any way.
>>
>>
>> -LOhit
>>
>>
>> On Mon, Feb 22, 2010 at 4:23 PM, Ohad Levy  wrote:
>>
>>> Hi,
>>>
>>> Thats correct, but you still need to generate the config file (e.g. as in
>>> the examples) per OS.
>>>
>>> I guess that in the near future (some code already exist on some github
>>> branch) that will auto copy the kernel / ramdisks and create the pxefiles
>>> directly.
>>>
>>> cheers,
>>> Ohad
>>>
>>>
>>> On Mon, Feb 22, 2010 at 12:30 PM, LOhit  wrote:
>>>
 Hi,

 Yes, I did. And this is what I understand,

 1) Clicking the "Build" button creates a pxe config file in the
 directory specified in "settings.yaml"

 2) After the machine is rebuilt, this file/link is removed.

 Please correct me if I am wrong.

 Best regards,
 -LOhit


 On Mon, Feb 22, 2010 at 2:54 PM, Ohad Levy  wrote:

> Hi,
>
> did you read
> http://theforeman.org/wiki/foreman/Unattended_installations#How-does-Foreman-manages-TFTP
>
> cheers,
> Ohad
>
>
> On Mon, Feb 22, 2010 at 11:02 AM, LOhit  wrote:
>
>> Hi,
>>
>> I have hit one more dead end :(. After I click on the "Build" button,
>> I get the message "Host xxx enabled for installation boot away". And I 
>> can
>> see a link created in "/tftpboot/linux-install/pxelinux.cfg" with the MAC
>> address of the machine being rebuilt.
>>
>> However, the symlink points to a non-existent destination in the same
>> directory. Example.
>>
>> *lrwxrwxrwx 1 puppet puppet 15 Feb 22 11:15 01-00-1b-78-32-44-90 ->
>> RedHat-4-x86_64*
>>
>> Any help?
>>
>> Regards,
>> -LOhit
>>
>>
>> On Fri, Feb 19, 2010 at 5:26 PM, LOhit  wrote:
>>
>>> Hi Ohad, You are a genius..!!! I owe you a beer. :)
>>>
>>> My SSL directory is "/etc/puppet/ssl". I wasted one whole day trying
>>> to figure it out.
>>>
>>> Thanks a bunch.
>>>
>>>
>>> On Fri, Feb 19, 2010 at 4:03 PM, Ohad Levy wrote:
>>>
 the real error message is generated here:
 http://theforeman.org/repositories/entry/foreman/vendor/plugins/proxy/lib/proxy.rb#L80

 which basically tests if the ca directory is available and puppetca
 can be found.
 I'm guessing one of these two are missing (or in a non standard
 location).

 cheers,
 Ohad



 On Fri, Feb 19, 2010 at 6:14 AM, LOhit  wrote:

> Hi,
>
> Actually, I have built custom RPMs of  Puppet & Facter tailored to
> meet the requirements of my environment. So, when I install these 
> RPMs, the
> binaries go into "/usr/sbin" including "puppetca"
> And Pupept & Foreman are started by root. Initially, I too thought
> that foreman was not able to find the "puppetca" binary, but then I 
> wasn't
> sure.
>
> I couldn't find much info anywhere, so thought of taking look at
> the code.
>
>  *def setBuild
> host = Host.find params[:id]
> if host.setBuild != false (if I set this to true, I get the
> right message in the web UI but, obviously that doesn't solve the 
> problem)
>   flash[:foreman_notice] = "Enabled #{host.name} for
> installation boot away"
> else
>   flash[:foreman_error] = "Failed to enable #{host.name} for
> installation"
> end
> redirect_to :back
>   end*
>
>
> So, the conditions are not being met to enable the host for
> installation.
>
>
> *PS: THIS IS A TEST SETUP, SO, I CAN TRY OUT DIFFERENT THINGS,
> PLEASE FEEL FREE TO SUGGEST FIXES. :)*
>
> Thanks,
>
>
> On Thu, Feb 18, 2010 at 11:37 PM, Ohad Levy wrote:
>
>> hmm.. another option, do you use a non-standard directory for
>> puppet binaries ?
>>
>> Ohad
>>
>>
>> On Thu, Feb 18, 2010 at 4:21 PM, Ohad Levy wrote:
>>
>>> Hi,
>>>
>>> Forema