[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
And I want to say something like (pseudo code) if network_* = 10.55.12.0 then static route magic here From this example you're trying to detect it any interface is on the 10.55.12.0 network, correct? Are you also trying to match a set of networks (10.55.12.0, 10.55.13.0, etc) with different behaviour for each network? Are you looking for a custom fact that will report a magic keyword? What Ashley posted is, conceptually, the same as a 'location' fact I made for work. It maps the nodes primary ipaddress to a string physical location. Extending that to check if any interface matches is pretty trivial. You could also assign the output of a template to a variable, then evaluate that. There are examples in Puppet_Templating on the wiki that seem pretty similar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Exported resources doesn't seem to work
After giving this some rest, today i started the puppetqd daemon in debug mode and it with every puppetrun i get this messages: info: Connecting to mysql database: puppet err: Could not save queued catalog for keto- puppetweb.backyard.wlwonline.de: Access denied for user 'puppet'@'localhost' (using password: YES) notice: Processing queued catalog for keto- puppetweb.backyard.wlwonline.de in 0.00 seconds info: Loaded queued catalog in 0.07 seconds So this seems to be a permission problem and not a bug... But I can't really figure out why access is denied. I granted all privileges on the puppet db with: grant all privileges on puppet.* to pup...@localhost identified by 'password'; When I log into the database with mysql -u puppet -p there are no permission problems. In mysql.db I can see that user puppet has all privileges except grant on the db puppet... During a puppetrun the mysql query log shows this: 100326 10:47:53 19 Connect pup...@localhost on puppet 19 Query SET SQL_AUTO_IS_NULL=0 19 Statistics 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `fact_values` WHERE (`fact_values`.host_id = 1) -- snip -- more SELECT and INSERT INTO `fact_values` follow 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 19 Query SELECT * FROM `hosts` WHERE (`hosts`.`name` = 'keto-puppetdns.backyard.wlwonline.de') LIMIT 1 19 Query SELECT * FROM `resources` WHERE (host_id != 1 AND (exported=1 AND restype='Sshkey')) 20 ConnectAccess denied for user 'puppet'@'localhost' (using password: YES) Does someone see the possible mistake on my side? Thanks in advance, christian On 23 Mrz., 14:04, christian christ...@cust.in wrote: Hey, I'm trying to use the simple ssh known host example in the puppet wiki to getexportedresources working...but somehow it fails. I'd say my problem is similar to this one:http://groups.google.com/group/puppet-users/browse_thread/thread/ec35... But that one was nearly one year ago and seemed to be fixed... I'm using Version 0.25.4 on OpenSuse 11.1 and I run into the same problems...I have entries in fact_names. fact_values and hosts but the other tables like resources are empty. Puppetmasterd reports: debug: Scope(Class[allgemein::knownhost]): Collected 1 Sshkey resource in 0.00 seconds debug: Scope(Class[allgemein::knownhost]): Collected 0 Sshkey resources in 0.00 seconds debug: Scope(Class[allgemein::knownhost]): Collected 0 Sshkey resources in 0.00 seconds I followed step by step the manual to configure stored configs, etc... I use mysql as database and this are the packages I installed via repository: libmysqlclient_r15-5.0.67-12.16.1 libmysqlclient15-5.0.67-12.16.1 mysql-client-5.0.67-12.16.1 mysql-5.0.67-12.16.1 ruby-mysql-2.7.4-1.101 I'm rather new to puppet so I can't tell that in previous versionsexportedresources worked for me. When i ran puppetmaster in debug mode I also saw this warning: This method is deprecated and will be removed on the next release. Use 'publish' instead But I can't tell where that comes from...Maybe the message shows up because I'm using the ssh::auth module? I appreciate any help christian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Exported resources doesn't seem to work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, nice monologue I'm having here :D But the problem seems to be solvedI changed the password for puppet to just puppet, updated puppet.conf and restarted the master, now everything works fine. Before this the pw containd capital letters and numbers. Is it possible that puppet can't handle such strings? No, I use a password generated with `pwgen 32`. So the problem have to be buried somewhere else. cheers pete. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkusjwYACgkQbwltcAfKi38diQCffA9x3QFX70snnOObB/Wq8yvD DtsAnjAD2CHEUuNoiu+yuteTAVLgI4zA =/QkS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet host alias problem
Hi, I've got the following resource: host { host.domain.com: alias = [ host, alias ], ip = 1.2.3.4, ensure = present, } The resulting line in my /etc/hosts file is: 1.2.3.4 host.domain.com Any alias definitions seem to be ignored? What am I doing wrong? Best regards, Dieter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet host alias problem
On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote: Hi, I've got the following resource: host { host.domain.com: alias = [ host, alias ], ip = 1.2.3.4, ensure = present, } it was changed from alias to host_aliases in ... I think .25.3. Alias is already a metaparam that we were overloading by accident. The resulting line in my /etc/hosts file is: 1.2.3.4 host.domain.com Any alias definitions seem to be ignored? What am I doing wrong? Best regards, Dieter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet host alias problem
This seems to be incorrect in the documentation: http://docs.reductivelabs.com/guides/types/host.html Might cause confusion! On Mar 26, 1:04 pm, Dan Bode d...@reductivelabs.com wrote: On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote: Hi, I've got the following resource: host { host.domain.com: alias = [ host, alias ], ip = 1.2.3.4, ensure = present, } it was changed from alias to host_aliases in ... I think .25.3. Alias is already a metaparam that we were overloading by accident. The resulting line in my /etc/hosts file is: 1.2.3.4 host.domain.com Any alias definitions seem to be ignored? What am I doing wrong? Best regards, Dieter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet host alias problem
On Fri, Mar 26, 2010 at 5:31 AM, DieterVDW dieter...@gmail.com wrote: This seems to be incorrect in the documentation: http://docs.reductivelabs.com/guides/types/host.html Might cause confusion! thanks! On Mar 26, 1:04 pm, Dan Bode d...@reductivelabs.com wrote: On Fri, Mar 26, 2010 at 5:02 AM, DieterVDW dieter...@gmail.com wrote: Hi, I've got the following resource: host { host.domain.com: alias = [ host, alias ], ip = 1.2.3.4, ensure = present, } it was changed from alias to host_aliases in ... I think .25.3. Alias is already a metaparam that we were overloading by accident. The resulting line in my /etc/hosts file is: 1.2.3.4 host.domain.com Any alias definitions seem to be ignored? What am I doing wrong? Best regards, Dieter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com puppet-users%2bunsubscr...@googlegroups.compuppet-users%252bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Calling a function from a template
On Mar 26, 10:59 am, Michael DeHaan mich...@puppetlabs.com wrote: Does scope.function_echo([temp]) work instead? That did it! Thanks a lot! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
On Fri, 26 Mar 2010, Daniel Pittman wrote: The prospect of putting the secret key into our revision control system has ... well, little appeal is probably being fair: we could certainly do it, but it suddenly means that a whole bunch of extra data has to be treated as high security rather than low security.[2] I configure puppet to print an error message that explains the situation: # util::manually_copied_file -- set permissions on a manually-copied # file, and print an error message if the file is missing. # # usage: # util::manually_copied_file { /dirname/filename: # message = where to copy it from, or why it's not in puppet, # owner = root, # group = bin, # mode = 0400, # } # define util::manually_copied_file($message, $owner, $group, $mode) { # If the file exists and has a size 0, then do nothing. # Otherwise, print an error message and fail. exec { util::manually_copied_file check $name: unless = /bin/test -s $name, command = /bin/cat 'EOF'; /bin/false Please copy ${name} manually - ${message} EOF , logoutput = true, before = File[$name], require = [], } # Set the ownership and permissions, but do not modify the content file { $name: ensure = file, replace = false, owner = $owner, group = $group, mode = $mode, } } So, on the whole my feeling is that an automatic key distribution service that was accessible to puppet but (mostly) not to people would be ideal. That would be nice. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
Michael DeHaan wrote: One way to handle this would be by keeping confidential information in a seperate version control repository (not public), rather than in your main one. Puppet has a system of module paths so you could keep your confidential info seperate from the content you would want to give to everyone who would normally be working with Puppet, and check *both* of these out on the Puppet server. For development systems/testing, you could just check out a copy of a different repo, with testing/stage credentials in the modules instead. You could also use a custom function to pull this information from other sources for accessing a keystore server side, though I'd be curious to what those other services might be. How is everyone else handling this? We have a filerserving module named private that is defined like [private] path/config/private/%h allow * in fileserver.conf. Each client gets its own subdirectory /config/private/client1, /config/private/client2, and so on. In there we stuff things like SSH host keys, X.509 host certificates, license keys, and other secret data, and let Puppet install them via file { /etc/ssh/ssh_host_rsa_key: source = puppet:///private/ssh_host_rsa_key, ...; } We currently don't have /config/private under version control, but if we did it would definitely be in a separate repository from our manifests. /Bellman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
From this example you're trying to detect it any interface is on the 10.55.12.0 network, That's correct. I have 4 specific subnet's I'm looking for in this example. A host may have zero interfaces on one of the specific subnets or just 1. I was wanting to return the ipaddress that the host has on one of the specific subnets. Are you looking for a custom fact that will report a magic keyword? I was hoping I would be able to ask facter for the information as it already contains it. I just couldn't even figure out how to begin formulating such a question (like trying to decide where to bite into an oversized submarine sandwich!). After Ashley's response and lack of other ideas I put together the following custom fact which will return the ipaddress the host has on the specific subnet's (if the host has one). I've not ventured down the custom fact road before so this should be an little adventure. Facter.add(nsd_gateway) do setcode do # Get the array of ip's on the machine output = %x{/sbin/ifconfig -a} ip = [] # Put the ip addresses into the ip array output.each_line do |s| ip.push($1) if s =~ /inet\s+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/ end ip.grep(/(14.1.22.|19.7.28.|15.0.8.)/) end end You could also assign the output of a template to a variable, then evaluate that. Thanks for the alternate idea on using templating to solve the problem. I had not thought of that approach! Thanks! Derek -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Calling a function from a template
On Fri, Mar 26, 2010 at 11:08 AM, Mike mruncie...@gmail.com wrote: On Mar 26, 10:59 am, Michael DeHaan mich...@puppetlabs.com wrote: Does scope.function_echo([temp]) work instead? That did it! Thanks a lot! Great, I'll add some info to our docs about this. If anyone else has suggestions on similar tricks/things that are not covered with respect to custom functions, types/providers, etc, let me know! --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
host has one). I've not ventured down the custom fact road before so this should be an little adventure. Your version certainly will work. I think this is how I might take a stab at it though: require 'facter' require 'ipaddr' require 'yaml' Facter.add(nsd_gateway) do setcode do begin interfaces = Facter.value(:interfaces).split(',') nsd_gateway = nil interfaces.each do |iface| next unless (address = Facter.value(ipaddress_#{iface})) YAML::load(File.open('/usr/local/etc/config.yml')) ['nsd_networks'].each do |net| net = IPAddr.new(net) nsd_gateway = address if net.include?(address) end end nsd_gateway end end end Where your '/usr/local/etc/config.yml' file contains a definition of your nsd_networks: --- nsd_networks: - 14.1.22.0/24 - 19.7.28.0/24 - 15.0.8.0/24 Thanks for the alternate idea on using templating to solve the problem. I had not thought of that approach! No problem. I can't envision it offhand, but you *might* also be able to do it in a define. But youve already solved it for now. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.