Re: [Puppet Users] Best practises for managing secret keys with puppet?
Joe McDonagh writes: > Daniel Pittman wrote: > > Hey Daniel, your puppet SSL keys can be used for other services as well. *nod* Sadly, we need a whole bunch of different public SSL services, including SSL services on host names and domains that we operate on the behalf of clients. It was, in fact, mostly services like that which I was considering when I asked the initial question. So, while reuse of the puppet keys would be occasionally convenient for low value stuff, it doesn't solve my bigger problem. [...] > How do you currently manage your puppet keys? Entirely manually, using the puppet CA, because it just works, and because we don't have any significant cross-over between the internal CA we use and the places that we run puppet. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practises for managing secret keys with puppet?
Daniel Pittman wrote: G'day. Hey Daniel, your puppet SSL keys can be used for other services as well. I successfully used them as authentication for Splunk's SSL receiver when I was piloting the software. IDK if this helps you, but I feel like this tidbit may get overlooked sometimes. How do you currently manage your puppet keys? -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: facter or ifconfig to find hosts with ip on certain subnet
> interfaces = Facter.value(:interfaces).split(',')
> nsd_gateway = nil
I like the idea of accessing this information through facter instead
of needlessly running ifconfig again.
> interfaces.each do |iface|
> next unless (address =
> Facter.value("ipaddress_#{iface}"))
> YAML::load(File.open('/usr/local/etc/config.yml'))
Is their any "standard" location to put a config.yml file like in
your above example? Or just where ever I happen to store config files
at my location? I think i'll extend your example for default gateway
lookups.
Thanks again for the additional ideas on how to approach this
problem!
Derek
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom fact works on command line but not in puppet
My custom fact is not being used during a puppet run, but I can see it
when I run puppet manually. This is quite similar to
http://projects.reductivelabs.com/issues/1918 except my fact works on
the command line but not from within puppet.
This is the first time I have tried adding a fact so it is possible I
have made a mistake somewhere. I have read everything I can find on
adding facts and I am pretty sure it is set up correctly.
Lots of info follows if anyone could give me some tips on what
could be going wrong I would appreciate it.
Thanks,
Mike
http://pastie.org/892038
[r...@test01 puppet]# puppetd --version
0.25.4
[r...@test01 puppet]# facter --version
1.5.7
[r...@test01 puppet]# puppet --configprint libdir
/var/lib/puppet/lib
[r...@test01 puppet]# ls -al $(puppet --configprint libdir)/facter
total 12
drwxr-xr-x 2 root root 4096 Mar 25 18:28 .
drwxr-xr-x 3 root root 4096 Mar 25 07:23 ..
-rw-r--r-- 1 root root 86 Mar 25 18:28 testfact.rb
[r...@test01 puppet]# cat $(puppet --configprint libdir)/facter/
testfact.rb
require 'facter'
Facter.add("testfact") do
setcode do
"yep"
end
end
[r...@test01 puppet]# facter | grep testfact
[r...@test01 puppet]# facter --puppet | grep testfact
testfact => yep
[r...@test01 puppet]# echo $RUBYLIB
/var/lib/puppet/lib
[r...@test01 puppet]# echo $FACTERLIB
/var/lib/puppet/lib/facter
So it seems as if every works correctly, but when I try and access
this fact in a node definition nothing happens:
[r...@test01 puppet]# cat manifests/nodes/test.pp
node 'test01.example.com' {
notice("testfact: $testfact")
}
[r...@test01 puppet]# puppetd --no-daemonize --debug --verbose -t
In another terminal:
[r...@test01 ~]# puppetmasterd -d --no-daemonize -v --trace
notice: Scope(Node[test01.example.com]): testfact:
notice: Compiled catalog for test01.example.com in 0.01 seconds
stracing the puppet daemon shows that the testfact.rb file is being
opened after a number of failed attempts to find it:
[r...@test01 puppet]# strace -o trace -ff puppetd --no-daemonize --
debug --verbose -t
[r...@test01 puppet]# grep testfact * | grep ENOENT | wc -l #show
failed attempts at opening
40
[r...@test01 puppet]# grep testfact * | grep RDONLY | wc -l #show
successful attempts at writing
13
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: London meetup during Training days
London is calling, wednesday 31 is approaching... where and at what hour are we going to meet up? Londoners decide... possibly not too far from County House, Conway Mews. Looking forward to live the feeling of a british pub :-) On 3 Mar, 21:46, Julian Simpson wrote: > The Green Man was our local until I left $DAYJOB last Friday. Should be > fine on a Wednesday unless we have a huge group. > > On 3 March 2010 17:21, Paul Nasrat wrote: > > > > > On 3 March 2010 17:11, Dan Bode wrote: > > > > On Wed, Mar 3, 2010 at 2:37 AM, Al @ Lab42 wrote: > > > >> Hei all, > > >> In London, UK from March 29 to April 2 there are 2 Puppet training > > >> classes: > > >http://reductivelabs.com/training/london-puppet-training/?x_lf_kt=2&_... > > > >> I'm personally seriously evaluating the possibility to attend the > > >> developer one, the 1st and 2nd, but in any case considering the active > > >> Puppet London scene and this specific occasion, it would be nice to > > >> organize a meetup in those days. > > >> The idea has been raised on IRC and can be better discussed here... > > >> Who is interested? > > > > I'm in. > > > You're only invited if you come bearing goodies ;) > > > > Wednesday is good for me. > > > Fine, Wednesday it is. Guess that's the end of the one course and pre > > developer course. I'll have to go scouting. ISTR us doing The Green > > Man, Riding House St which is a Cider pub before. Else can find some > > decent real ale pubs in the area that have space. > > > Paul > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com > > . > > For more options, visit this group at > >http://groups.google.com/group/puppet-users?hl=en. > > -- > Julian Simpson > Software Build and > Deploymenthttp://www.build-doctor.comhttp://twitter.com/builddoctor -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] err: Got an uncaught exception of type ArgumentError: Field 'value' is required
Hello,
I wrote a custom type for managing sshd configuration file
Type:
module Puppet
newtype(:sshd_param) do
@doc = "Manages parameters of sshd"
ensurable
newparam(:name) do
desc "The name of the parameter."
isnamevar
end
newproperty(:target) do
desc "Location of sshd configuration file"
defaultto {
if
@resource.class.defaultprovider.ancestors.include?
Puppet::Provider::ParsedFile
@resource.class.defaultprovider.default_target
else
nil
end
}
end
newparam(:value) do
desc "The value to set"
end
end
end
Provider:
require 'puppet/provider/parsedfile'
conf = "/etc/ssh/sshd_config"
Puppet::Type.type(:sshd_param).provide(
:parsed,
:parent => Puppet::Provider::ParsedFile,
:default_target => conf,
:filetype => :flat
) do
confine :exists => conf
text_line :comment,
:match => /^#/
text_line :blank,
:match => /^\s*$/
record_line :parsed,
:fields => %w{name value},
:separator => /\s*\ \s*|#.*|\s*$/,
:joiner => ' '
end
Define:
define ssh::set_value($value,
$target = "/etc/ssh/sshd_config")
{
include ssh::server
sshd_param
{
$name:
value => $value,
target => $target,
notify => Service[sshd_server],
require => Package[sshd_package]
}
}
Package sshd_package and Service sshd_server are defined in
ssh::server
In manifest file I have:
ssh::set_value
{
"PermitRootLogin":
value => "yes",
target => "/etc/ssh/sshd_config"
}
And at every run I get:
err: Got an uncaught exception of type ArgumentError: Field 'value' is
required
Does anyone know how to fix this issue ?
OS: RHEL 5.4
PUPPET_VER: 0.25.4
PUPPET_MASTER_VER: 0.25.4
Thank you.
--
Maxim Ianoglo
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
