Re: [Puppet Users] Best practises for managing secret keys with puppet?
Joe McDonagh writes: > Daniel Pittman wrote: > > Hey Daniel, your puppet SSL keys can be used for other services as well. *nod* Sadly, we need a whole bunch of different public SSL services, including SSL services on host names and domains that we operate on the behalf of clients. It was, in fact, mostly services like that which I was considering when I asked the initial question. So, while reuse of the puppet keys would be occasionally convenient for low value stuff, it doesn't solve my bigger problem. [...] > How do you currently manage your puppet keys? Entirely manually, using the puppet CA, because it just works, and because we don't have any significant cross-over between the internal CA we use and the places that we run puppet. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
Daniel Pittman wrote: G'day. Hey Daniel, your puppet SSL keys can be used for other services as well. I successfully used them as authentication for Splunk's SSL receiver when I was piloting the software. IDK if this helps you, but I feel like this tidbit may get overlooked sometimes. How do you currently manage your puppet keys? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
> interfaces = Facter.value(:interfaces).split(',') > nsd_gateway = nil I like the idea of accessing this information through facter instead of needlessly running ifconfig again. > interfaces.each do |iface| > next unless (address = > Facter.value("ipaddress_#{iface}")) > YAML::load(File.open('/usr/local/etc/config.yml')) Is their any "standard" location to put a config.yml file like in your above example? Or just where ever I happen to store config files at my location? I think i'll extend your example for default gateway lookups. Thanks again for the additional ideas on how to approach this problem! Derek -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom fact works on command line but not in puppet
My custom fact is not being used during a puppet run, but I can see it when I run puppet manually. This is quite similar to http://projects.reductivelabs.com/issues/1918 except my fact works on the command line but not from within puppet. This is the first time I have tried adding a fact so it is possible I have made a mistake somewhere. I have read everything I can find on adding facts and I am pretty sure it is set up correctly. Lots of info follows if anyone could give me some tips on what could be going wrong I would appreciate it. Thanks, Mike http://pastie.org/892038 [r...@test01 puppet]# puppetd --version 0.25.4 [r...@test01 puppet]# facter --version 1.5.7 [r...@test01 puppet]# puppet --configprint libdir /var/lib/puppet/lib [r...@test01 puppet]# ls -al $(puppet --configprint libdir)/facter total 12 drwxr-xr-x 2 root root 4096 Mar 25 18:28 . drwxr-xr-x 3 root root 4096 Mar 25 07:23 .. -rw-r--r-- 1 root root 86 Mar 25 18:28 testfact.rb [r...@test01 puppet]# cat $(puppet --configprint libdir)/facter/ testfact.rb require 'facter' Facter.add("testfact") do setcode do "yep" end end [r...@test01 puppet]# facter | grep testfact [r...@test01 puppet]# facter --puppet | grep testfact testfact => yep [r...@test01 puppet]# echo $RUBYLIB /var/lib/puppet/lib [r...@test01 puppet]# echo $FACTERLIB /var/lib/puppet/lib/facter So it seems as if every works correctly, but when I try and access this fact in a node definition nothing happens: [r...@test01 puppet]# cat manifests/nodes/test.pp node 'test01.example.com' { notice("testfact: $testfact") } [r...@test01 puppet]# puppetd --no-daemonize --debug --verbose -t In another terminal: [r...@test01 ~]# puppetmasterd -d --no-daemonize -v --trace notice: Scope(Node[test01.example.com]): testfact: notice: Compiled catalog for test01.example.com in 0.01 seconds stracing the puppet daemon shows that the testfact.rb file is being opened after a number of failed attempts to find it: [r...@test01 puppet]# strace -o trace -ff puppetd --no-daemonize -- debug --verbose -t [r...@test01 puppet]# grep testfact * | grep ENOENT | wc -l #show failed attempts at opening 40 [r...@test01 puppet]# grep testfact * | grep RDONLY | wc -l #show successful attempts at writing 13 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: London meetup during Training days
London is calling, wednesday 31 is approaching... where and at what hour are we going to meet up? Londoners decide... possibly not too far from County House, Conway Mews. Looking forward to live the feeling of a british pub :-) On 3 Mar, 21:46, Julian Simpson wrote: > The Green Man was our local until I left $DAYJOB last Friday. Should be > fine on a Wednesday unless we have a huge group. > > On 3 March 2010 17:21, Paul Nasrat wrote: > > > > > On 3 March 2010 17:11, Dan Bode wrote: > > > > On Wed, Mar 3, 2010 at 2:37 AM, Al @ Lab42 wrote: > > > >> Hei all, > > >> In London, UK from March 29 to April 2 there are 2 Puppet training > > >> classes: > > >http://reductivelabs.com/training/london-puppet-training/?x_lf_kt=2&_... > > > >> I'm personally seriously evaluating the possibility to attend the > > >> developer one, the 1st and 2nd, but in any case considering the active > > >> Puppet London scene and this specific occasion, it would be nice to > > >> organize a meetup in those days. > > >> The idea has been raised on IRC and can be better discussed here... > > >> Who is interested? > > > > I'm in. > > > You're only invited if you come bearing goodies ;) > > > > Wednesday is good for me. > > > Fine, Wednesday it is. Guess that's the end of the one course and pre > > developer course. I'll have to go scouting. ISTR us doing The Green > > Man, Riding House St which is a Cider pub before. Else can find some > > decent real ale pubs in the area that have space. > > > Paul > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. > > -- > Julian Simpson > Software Build and > Deploymenthttp://www.build-doctor.comhttp://twitter.com/builddoctor -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] err: Got an uncaught exception of type ArgumentError: Field 'value' is required
Hello, I wrote a custom type for managing sshd configuration file Type: module Puppet newtype(:sshd_param) do @doc = "Manages parameters of sshd" ensurable newparam(:name) do desc "The name of the parameter." isnamevar end newproperty(:target) do desc "Location of sshd configuration file" defaultto { if @resource.class.defaultprovider.ancestors.include? Puppet::Provider::ParsedFile @resource.class.defaultprovider.default_target else nil end } end newparam(:value) do desc "The value to set" end end end Provider: require 'puppet/provider/parsedfile' conf = "/etc/ssh/sshd_config" Puppet::Type.type(:sshd_param).provide( :parsed, :parent => Puppet::Provider::ParsedFile, :default_target => conf, :filetype => :flat ) do confine :exists => conf text_line :comment, :match => /^#/ text_line :blank, :match => /^\s*$/ record_line :parsed, :fields => %w{name value}, :separator => /\s*\ \s*|#.*|\s*$/, :joiner => ' ' end Define: define ssh::set_value($value, $target = "/etc/ssh/sshd_config") { include ssh::server sshd_param { $name: value => $value, target => $target, notify => Service[sshd_server], require => Package[sshd_package] } } Package sshd_package and Service sshd_server are defined in ssh::server In manifest file I have: ssh::set_value { "PermitRootLogin": value => "yes", target => "/etc/ssh/sshd_config" } And at every run I get: err: Got an uncaught exception of type ArgumentError: Field 'value' is required Does anyone know how to fix this issue ? OS: RHEL 5.4 PUPPET_VER: 0.25.4 PUPPET_MASTER_VER: 0.25.4 Thank you. -- Maxim Ianoglo -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.