[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
And I want to say something like (pseudo code) if network_* = 10.55.12.0 then static route magic here From this example you're trying to detect it any interface is on the 10.55.12.0 network, correct? Are you also trying to match a set of networks (10.55.12.0, 10.55.13.0, etc) with different behaviour for each network? Are you looking for a custom fact that will report a magic keyword? What Ashley posted is, conceptually, the same as a 'location' fact I made for work. It maps the nodes primary ipaddress to a string physical location. Extending that to check if any interface matches is pretty trivial. You could also assign the output of a template to a variable, then evaluate that. There are examples in Puppet_Templating on the wiki that seem pretty similar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Exported resources doesn't seem to work
After giving this some rest, today i started the puppetqd daemon in debug mode and it with every puppetrun i get this messages: info: Connecting to mysql database: puppet err: Could not save queued catalog for keto- puppetweb.backyard.wlwonline.de: Access denied for user 'puppet'@'localhost' (using password: YES) notice: Processing queued catalog for keto- puppetweb.backyard.wlwonline.de in 0.00 seconds info: Loaded queued catalog in 0.07 seconds So this seems to be a permission problem and not a bug... But I can't really figure out why access is denied. I granted all privileges on the puppet db with: grant all privileges on puppet.* to pup...@localhost identified by 'password'; When I log into the database with mysql -u puppet -p there are no permission problems. In mysql.db I can see that user puppet has all privileges except grant on the db puppet... During a puppetrun the mysql query log shows this: 100326 10:47:53 19 Connect pup...@localhost on puppet 19 Query SET SQL_AUTO_IS_NULL=0 19 Statistics 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `fact_values` WHERE (`fact_values`.host_id = 1) -- snip -- more SELECT and INSERT INTO `fact_values` follow 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 20 ConnectAccess denied for user 'puppet'@'localhost' (using password: YES) Does someone see the possible mistake on my side? Thanks in advance, christian On 23 Mrz., 14:04, christian christ...@cust.in wrote: Hey, I'm trying to use the simple ssh known host example in the puppet wiki to getexportedresources working...but somehow it fails. I'd say my problem is similar to this one:http://groups.google.com/group/puppet-users/browse_thread/thread/ec35... But that one was nearly one year ago and seemed to be fixed... I'm using Version 0.25.4 on OpenSuse 11.1 and I run into the same problems...I have entries in fact_names. fact_values and hosts but the other tables like resources are empty. Puppetmasterd reports: debug: Scope(Class[allgemein::knownhost]): Collected 1 Sshkey resource in 0.00 seconds debug: Scope(Class[allgemein::knownhost]): Collected 0 Sshkey resources in 0.00 seconds debug: Scope(Class[allgemein::knownhost]): Collected 0 Sshkey resources in 0.00 seconds I followed step by step the manual to configure stored configs, etc... I use mysql as database and this are the packages I installed via repository: libmysqlclient_r15-5.0.67-12.16.1 libmysqlclient15-5.0.67-12.16.1 mysql-client-5.0.67-12.16.1 mysql-5.0.67-12.16.1 ruby-mysql-2.7.4-1.101 I'm rather new to puppet so I can't tell that in previous versionsexportedresources worked for me. When i ran puppetmaster in debug mode I also saw this warning: This method is deprecated and will be removed on the next release. Use 'publish' instead But I can't tell where that comes from...Maybe the message shows up because I'm using the ssh::auth module? I appreciate any help christian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Exported resources doesn't seem to work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, nice monologue I'm having here :D But the problem seems to be solvedI changed the password for puppet to just puppet, updated puppet.conf and restarted the master, now everything works fine. Before this the pw containd capital letters and numbers. Is it possible that puppet can't handle such strings? No, I use a password generated with `pwgen 32`. So the problem have to be buried somewhere else. cheers pete. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkusjwYACgkQbwltcAfKi38diQCffA9x3QFX70snnOObB/Wq8yvD DtsAnjAD2CHEUuNoiu+yuteTAVLgI4zA =/QkS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet host alias problem
Hi,
I've got the following resource:
host { host.domain.com:
alias = [ host, alias ],
ip = 1.2.3.4,
ensure = present,
}
The resulting line in my /etc/hosts file is:
1.2.3.4 host.domain.com
Any alias definitions seem to be ignored?
What am I doing wrong?
Best regards,
Dieter
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet host alias problem
On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote:
Hi,
I've got the following resource:
host { host.domain.com:
alias = [ host, alias ],
ip = 1.2.3.4,
ensure = present,
}
it was changed from alias to host_aliases in ... I think .25.3. Alias is
already a metaparam that we were overloading by accident.
The resulting line in my /etc/hosts file is:
1.2.3.4 host.domain.com
Any alias definitions seem to be ignored?
What am I doing wrong?
Best regards,
Dieter
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet host alias problem
This seems to be incorrect in the documentation:
http://docs.reductivelabs.com/guides/types/host.html
Might cause confusion!
On Mar 26, 1:04 pm, Dan Bode d...@reductivelabs.com wrote:
On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote:
Hi,
I've got the following resource:
host { host.domain.com:
alias = [ host, alias ],
ip = 1.2.3.4,
ensure = present,
}
it was changed from alias to host_aliases in ... I think .25.3. Alias is
already a metaparam that we were overloading by accident.
The resulting line in my /etc/hosts file is:
1.2.3.4 host.domain.com
Any alias definitions seem to be ignored?
What am I doing wrong?
Best regards,
Dieter
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet host alias problem
On Fri, Mar 26, 2010 at 5:31 AM, DieterVDW dieter...@gmail.com wrote:
This seems to be incorrect in the documentation:
http://docs.reductivelabs.com/guides/types/host.html
Might cause confusion!
thanks!
On Mar 26, 1:04 pm, Dan Bode d...@reductivelabs.com wrote:
On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote:
Hi,
I've got the following resource:
host { host.domain.com:
alias = [ host, alias ],
ip = 1.2.3.4,
ensure = present,
}
it was changed from alias to host_aliases in ... I think .25.3. Alias is
already a metaparam that we were overloading by accident.
The resulting line in my /etc/hosts file is:
1.2.3.4 host.domain.com
Any alias definitions seem to be ignored?
What am I doing wrong?
Best regards,
Dieter
--
You received this message because you are subscribed to the Google
Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
puppet-users%2bunsubscr...@googlegroups.compuppet-users%252bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Calling a function from a template
On Mar 26, 10:59 am, Michael DeHaan mich...@puppetlabs.com wrote: Does scope.function_echo([temp]) work instead? That did it! Thanks a lot! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
On Fri, 26 Mar 2010, Daniel Pittman wrote:
The prospect of putting the secret key into our revision control
system has ... well, little appeal is probably being fair: we could
certainly do it, but it suddenly means that a whole bunch of extra
data has to be treated as high security rather than low security.[2]
I configure puppet to print an error message that explains the
situation:
# util::manually_copied_file -- set permissions on a manually-copied
# file, and print an error message if the file is missing.
#
# usage:
# util::manually_copied_file { /dirname/filename:
# message = where to copy it from, or why it's not in puppet,
# owner = root,
# group = bin,
# mode = 0400,
# }
#
define util::manually_copied_file($message, $owner, $group, $mode)
{
# If the file exists and has a size 0, then do nothing.
# Otherwise, print an error message and fail.
exec { util::manually_copied_file check $name:
unless = /bin/test -s $name,
command = /bin/cat 'EOF'; /bin/false
Please copy ${name} manually - ${message}
EOF
,
logoutput = true,
before = File[$name],
require = [],
}
# Set the ownership and permissions, but do not modify the content
file { $name:
ensure = file,
replace = false,
owner = $owner,
group = $group,
mode = $mode,
}
}
So, on the whole my feeling is that an automatic key distribution
service that was accessible to puppet but (mostly) not to people
would be ideal.
That would be nice.
--apb (Alan Barrett)
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
Michael DeHaan wrote:
One way to handle this would be by keeping confidential information in a
seperate version control repository (not public), rather than in your
main one. Puppet has a system of module paths so you could keep your
confidential info seperate from the content you would want to give to
everyone who would normally be working with Puppet, and check *both* of
these out on the Puppet server. For development systems/testing, you
could just check out a copy of a different repo, with testing/stage
credentials in the modules instead.
You could also use a custom function to pull this information from other
sources for accessing a keystore server side, though I'd be curious to
what those other services might be.
How is everyone else handling this?
We have a filerserving module named private that is defined like
[private]
path/config/private/%h
allow *
in fileserver.conf. Each client gets its own subdirectory
/config/private/client1, /config/private/client2, and so on.
In there we stuff things like SSH host keys, X.509 host certificates,
license keys, and other secret data, and let Puppet install them via
file {
/etc/ssh/ssh_host_rsa_key:
source = puppet:///private/ssh_host_rsa_key, ...;
}
We currently don't have /config/private under version control, but
if we did it would definitely be in a separate repository from
our manifests.
/Bellman
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
From this example you're trying to detect it any interface is on the
10.55.12.0 network,
That's correct. I have 4 specific subnet's I'm looking for in this
example. A host may have zero interfaces on one of the specific
subnets or just 1. I was wanting to return the ipaddress that the
host has on one of the specific subnets.
Are you looking for a custom fact that will report a magic keyword?
I was hoping I would be able to ask facter for the information as it
already contains it. I just couldn't even figure out how to begin
formulating such a question (like trying to decide where to bite into
an oversized submarine sandwich!). After Ashley's response and lack
of other ideas I put together the following custom fact which will
return the ipaddress the host has on the specific subnet's (if the
host has one). I've not ventured down the custom fact road before so
this should be an little adventure.
Facter.add(nsd_gateway) do
setcode do
# Get the array of ip's on the machine
output = %x{/sbin/ifconfig -a}
ip = []
# Put the ip addresses into the ip array
output.each_line do |s|
ip.push($1) if s =~ /inet\s+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/
end
ip.grep(/(14.1.22.|19.7.28.|15.0.8.)/)
end
end
You could also assign the output of a template to a variable, then
evaluate that.
Thanks for the alternate idea on using templating to solve the
problem. I had not thought of that approach!
Thanks! Derek
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Calling a function from a template
On Fri, Mar 26, 2010 at 11:08 AM, Mike mruncie...@gmail.com wrote: On Mar 26, 10:59 am, Michael DeHaan mich...@puppetlabs.com wrote: Does scope.function_echo([temp]) work instead? That did it! Thanks a lot! Great, I'll add some info to our docs about this. If anyone else has suggestions on similar tricks/things that are not covered with respect to custom functions, types/providers, etc, let me know! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
host has one). I've not ventured down the custom fact road before so
this should be an little adventure.
Your version certainly will work. I think this is how I might take a
stab at it though:
require 'facter'
require 'ipaddr'
require 'yaml'
Facter.add(nsd_gateway) do
setcode do
begin
interfaces = Facter.value(:interfaces).split(',')
nsd_gateway = nil
interfaces.each do |iface|
next unless (address =
Facter.value(ipaddress_#{iface}))
YAML::load(File.open('/usr/local/etc/config.yml'))
['nsd_networks'].each do |net|
net = IPAddr.new(net)
nsd_gateway = address if net.include?(address)
end
end
nsd_gateway
end
end
end
Where your '/usr/local/etc/config.yml' file contains a definition of
your nsd_networks:
---
nsd_networks:
- 14.1.22.0/24
- 19.7.28.0/24
- 15.0.8.0/24
Thanks for the alternate idea on using templating to solve the
problem. I had not thought of that approach!
No problem. I can't envision it offhand, but you *might* also be able
to do it in a define. But youve already solved it for now.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
