[Puppet Users] Re: Yum provider using version-release as version?

2010-04-09 Thread Ken 
FYI - this still behaves like this in 0.25.4

[r...@obelisk ~]# puppetd -t --environment=prod
info: Retrieving plugin
info: Caching catalog for obelisk.usr.bob.sh
info: Applying configuration version '1270859745'
err: //Node[obelisk.usr.bob.sh]/Package[git]/ensure: change from
1.6.6.1-1.fc12 to 1.6.6.1 failed: Could not update: Failed to update
to version 1.6.6.1, got version 1.6.6.1-1.fc12 instead at /etc/puppet/
prod/manifests/nodes_usr.pp:14
notice: Finished catalog run in 3.39 seconds
[r...@obelisk ~]# puppet --version
0.25.4
[r...@obelisk ~]#

I wonder Tony if a regexp would be nice for providing the most
flexible version selection criteria. Thoughts?

ken.

On Apr 9, 8:52 pm, "Tony G."  wrote:
> Hi,
>
> I'm using yum as our package provider and having an issue. Puppet is
> complaining of the version, this is the code I'm trying to implement:
>
> $snmp_version = "5.3.2.2"
> package { "net-snmp": ensure => "${snmp_version}"; }
>
> On the client I got:
> debug: //Node[client.example.com]/snmp::base/Package[net-snmp]: Changing
> ensure
> debug: //Node[client.example.com]/snmp::base/Package[net-snmp]: 1 change(s)
> debug: Package[net-snmp](provider=yum): Ensuring => 5.3.2.2
> debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/yum -d 0 -e 0
> -y install net-snmp-5.3.2.2' *(1)*
> debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -q net-snmp
> --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
> %{RELEASE} %{ARCH}
> ' *(2)*
> err: //Node[client.example.com]/snmp::base/Package[net-snmp]/ensure: change
> from 5.3.2.2-7.el5_4.2 to 5.3.2.2 failed: Could not update: Failed to update
> to version *5.3.2.2*, got version *5.3.2.2-7.el5_4.2* instead at
> /opt/git/development/modules/snmp/manifests/init.pp:26
> notice: //Node[client.example.com]/snmp::base/File[/etc/snmp/snmpd.conf]:
> Dependency package[net-snmp] has 1 failures
> warning: 
> //Node[labtest40-v3.ea-colo.ea.com]/snmp::base/File[/etc/snmp/snmpd.conf]:
> Skipping because of failed dependencies
>
> The package is installed*(1)* but the error is still shown at the time of
> validation*(2)*.
>
> Looking at the code I found:
>
> in .../provider/package/yum.rb:
> def install
>  chop lines ---
>
> *    is = self.query*
>     unless is
>         raise Puppet::Error, "Could not find package %s" % self.name
>     end
>
>     # FIXME: Should we raise an exception even if should == :latest
>     # and yum updated us to a version other than @param_hash[:ensure] ?
>     if should && should != is[:ensure]
>         raise Puppet::Error, "Failed to update to version #{*should*}, got
> version #{*is[:ensure]*} instead"
>     end
>
> in .../provider/package/rpm.rb the query define comment says it will provide
> the "version-release"
> # Find the fully versioned package name and the version alone. Returns
> # a hash with entries :instance => fully versioned package name, and
> #* :ensure => version-release*
> *def query*
>
> The validation is made on what is provided in the ensure
> attribute($snmp_version) against "version-release" installed.  I think it
> makes sense when somebody defines something like ensure =>
> "${snmp_version}-${snmp-release}", but not in my use case.
>
> I would like to hear comments of my use case as it could probably would be a
> valid feature request.
>
> Thanks!
>
> I'm Running(still) 0.24.8 on client and master.
>
> --
> Tony

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Custom facts for a puppetmasterless environment

2010-04-09 Thread Thomas A. McGonagle 
I also like to embed facts with bash logic using bash startup files in
/etc/profile.d/puppet.sh

The puppet labs FAQ has a write up on it.
Can I access environmental variables with Facter?

Not directly no but Facter has a special types of facts that can be set from
environment variables. Any environment variable with a prefix of
FACTER will
be taken by Facter and converted into a fact, for example:

$ FACTER_FOO="bar"
$ export FACTER_FOO
$ facter | grep 'foo'
  foo => bar

The value of the FACTER_FOO environmental variable would now be available in
your Puppet manifests as $foo with a value of ‘bar’.
-Tom

Thomas A. McGonagle
t...@dataero.com
Google Voice: 617-229-5185



On Fri, Apr 9, 2010 at 1:38 PM, Pete Emerson  wrote:

> On Apr 9, 9:04 am, Pete Emerson  wrote:
> > I see the instructions for creating custom facter recipes here:
> >
> > http://projects.reductivelabs.com/projects/puppet/wiki/Adding_Facts
> >
> > and in this thread, James Turnbull suggests that Facter might some day
> > support other languages besides ruby:
> >
> > http://groups.google.com/group/puppet-users/browse_thread/thread/8c12...
> >
> > He writes:
> > > Agreed.  That'd be a useful feature and if we'd probably do it like
> > > Nagios plug-ins do - doesn't matter what the language is as long as
> they
> > > output data that the Facter API can parse into facts - Perl, Python, C,
> > > Rexx (*coughs*), etc.
> >
> > Has such a feature been released in the latest versions of facter /
> puppet ?
> >
> > I'm experimenting with puppet with no puppetmaster, but need to add
> > facts that my puppet_node_classifier usually provides. I assume using
> > facter is the way to go (I have not played with facter yet). Is there
> > an alternate solution for getting my own facts into a puppet node
> > without a puppetmaster?
> >
> > Pete
>
> Okay, I think I got it. Pretty exciting, especially given I don't know
> ruby at all. Comments appreciated, for sure, as I'm not positive that
> I might be trying to fit a square peg into a round hole.
>
> I've made a fact that loads results from a perl script.
>
> 1) The sample perl script gives output just like a puppet node
> classifier would using YAML
> 2) The ruby parses the output of the perl script and generates facts.
>
> ### /usr/local/bin/facter.pl
> #!/usr/bin/perl -w
>
> print < ---
> parameters:
>  dongle: "special_dongle_value"
> END
>
> ### /var/lib/puppet/lib/facter/classifier.rb
>
> require "yaml"
>
> yaml_obj = YAML::load(%x{/usr/local/bin/facter.pl})
> yaml_obj['parameters'].each { |key, value|
>Facter.add(key) do
>setcode do
>value
>end
>end
> }
>
>  Manual run
>
> # export FACTERLIB=/var/lib/puppet/lib/facter ; facter | grep dongle
> dongle => special_dongle_value
>
>  /etc/puppet/puppet.conf additions
> pluginsync = true
> factpath = $vardir/lib/facter
>
>
>  test.pp
>
> exec { "dongle":
>command => "/bin/echo '$dongle' > /tmp/dongle.txt"
> }
>
> ## Puppet run
>
> # puppet -v test.pp
> info: Loading facts in classifier
> info: Applying configuration version '1270834249'
> notice: //Exec[dongle]/returns: executed successfully
> # cat /tmp/dongle.txt
> special_dongle_value
>
> ##
>
> Pete
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Yum provider using version-release as version?

2010-04-09 Thread Tony G. 
Hi,

I'm using yum as our package provider and having an issue. Puppet is
complaining of the version, this is the code I'm trying to implement:

$snmp_version = "5.3.2.2"
package { "net-snmp": ensure => "${snmp_version}"; }

On the client I got:
debug: //Node[client.example.com]/snmp::base/Package[net-snmp]: Changing
ensure
debug: //Node[client.example.com]/snmp::base/Package[net-snmp]: 1 change(s)
debug: Package[net-snmp](provider=yum): Ensuring => 5.3.2.2
debug: Puppet::Type::Package::ProviderYum: Executing '/usr/bin/yum -d 0 -e 0
-y install net-snmp-5.3.2.2' *(1)*
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -q net-snmp
--nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
%{RELEASE} %{ARCH}
' *(2)*
err: //Node[client.example.com]/snmp::base/Package[net-snmp]/ensure: change
from 5.3.2.2-7.el5_4.2 to 5.3.2.2 failed: Could not update: Failed to update
to version *5.3.2.2*, got version *5.3.2.2-7.el5_4.2* instead at
/opt/git/development/modules/snmp/manifests/init.pp:26
notice: //Node[client.example.com]/snmp::base/File[/etc/snmp/snmpd.conf]:
Dependency package[net-snmp] has 1 failures
warning: 
//Node[labtest40-v3.ea-colo.ea.com]/snmp::base/File[/etc/snmp/snmpd.conf]:
Skipping because of failed dependencies

The package is installed*(1)* but the error is still shown at the time of
validation*(2)*.

Looking at the code I found:

in .../provider/package/yum.rb:
def install
 chop lines ---

*is = self.query*
unless is
raise Puppet::Error, "Could not find package %s" % self.name
end

# FIXME: Should we raise an exception even if should == :latest
# and yum updated us to a version other than @param_hash[:ensure] ?
if should && should != is[:ensure]
raise Puppet::Error, "Failed to update to version #{*should*}, got
version #{*is[:ensure]*} instead"
end

in .../provider/package/rpm.rb the query define comment says it will provide
the "version-release"
# Find the fully versioned package name and the version alone. Returns
# a hash with entries :instance => fully versioned package name, and
#* :ensure => version-release*
*def query*

The validation is made on what is provided in the ensure
attribute($snmp_version) against "version-release" installed.  I think it
makes sense when somebody defines something like ensure =>
"${snmp_version}-${snmp-release}", but not in my use case.

I would like to hear comments of my use case as it could probably would be a
valid feature request.

Thanks!

I'm Running(still) 0.24.8 on client and master.

-- 
Tony

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] broken image links on puppet-dashboard tour documentation

2010-04-09 Thread Rein Henrichs 
This probably happened in the course of the move. Thanks for letting us
know!

Rein Henrichs
http://reductivelabs.com


On Fri, Apr 9, 2010 at 11:48 AM, Gustavo Soares wrote:

> Hi!
>
> I don't know if here is the right place to say this, but the
> puppet-dashboard
> tour webpage (
> http://www.puppetlabs.com/blog/a-tour-of-puppet-dashboard-0-1-0/)
> seems to have some broken image links.
>
> Thanks in advance,
> Gus
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] broken image links on puppet-dashboard tour documentation

2010-04-09 Thread Gustavo Soares 
Hi!

I don't know if here is the right place to say this, but the
puppet-dashboard
tour webpage (
http://www.puppetlabs.com/blog/a-tour-of-puppet-dashboard-0-1-0/)
seems to have some broken image links.

Thanks in advance,
Gus

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Custom facts for a puppetmasterless environment

2010-04-09 Thread Pete Emerson 
On Apr 9, 9:04 am, Pete Emerson  wrote:
> I see the instructions for creating custom facter recipes here:
>
> http://projects.reductivelabs.com/projects/puppet/wiki/Adding_Facts
>
> and in this thread, James Turnbull suggests that Facter might some day
> support other languages besides ruby:
>
> http://groups.google.com/group/puppet-users/browse_thread/thread/8c12...
>
> He writes:
> > Agreed.  That'd be a useful feature and if we'd probably do it like
> > Nagios plug-ins do - doesn't matter what the language is as long as they
> > output data that the Facter API can parse into facts - Perl, Python, C,
> > Rexx (*coughs*), etc.
>
> Has such a feature been released in the latest versions of facter / puppet ?
>
> I'm experimenting with puppet with no puppetmaster, but need to add
> facts that my puppet_node_classifier usually provides. I assume using
> facter is the way to go (I have not played with facter yet). Is there
> an alternate solution for getting my own facts into a puppet node
> without a puppetmaster?
>
> Pete

Okay, I think I got it. Pretty exciting, especially given I don't know
ruby at all. Comments appreciated, for sure, as I'm not positive that
I might be trying to fit a square peg into a round hole.

I've made a fact that loads results from a perl script.

1) The sample perl script gives output just like a puppet node
classifier would using YAML
2) The ruby parses the output of the perl script and generates facts.

### /usr/local/bin/facter.pl
#!/usr/bin/perl -w

print < special_dongle_value

 /etc/puppet/puppet.conf additions
pluginsync = true
factpath = $vardir/lib/facter


 test.pp

exec { "dongle":
command => "/bin/echo '$dongle' > /tmp/dongle.txt"
}

## Puppet run

# puppet -v test.pp
info: Loading facts in classifier
info: Applying configuration version '1270834249'
notice: //Exec[dongle]/returns: executed successfully
# cat /tmp/dongle.txt
special_dongle_value

##

Pete

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] is puppet the right tool for me?

2010-04-09 Thread Steven VanDevender 
Daniel Pittman writes:
 > Dmitry V'yal  writes:
 > > Evan Hisey wrote:
 > >> You forgot a biggy bonus of puppet, no matter what size you support. I
 > >> have several small ( as in 1-3) groups  of very different machines,
 > >> and with puppet I can rebuild them very quickly on when they need to
 > >> be replaced or upgraded. doing it by hand takes most of a day or 2.
 > >
 > > That's great! And what to do with various passwords, private keys and so 
 > > on?
 > > Should I put them in manifest?
 > 
 > That is a hard call, and there is probably no single answer.
 > 
 > For what it is worth, we decided that this was an acceptable security risk in
 > some places (database passwords containing unclassified data only), and
 > unacceptable in others (SSL certificate private keys).
 > 
 > We presently distribute the later set, the keys, only through manual action,
 > although you can use puppet-specific restrictions to serve them up safely 
 > from
 > external files.

What we decided to do at our site was create a separate version control
repository for secure data (passwords, certificate keys, private ssh
keys) that is not network-accessible and resides only on the
puppetmaster host.  The repository is checked out under
/etc/puppet/secure and mounted as a separate module in fileserver.conf,
so that manifests can refer to files using specifications like
"puppet:///secure/foo.key".  Then Puppet can automatically distribute
the security-sensitive files but they don't live in the main repository
which is widely distributed (working copies live on all the admin
workstations, for example).  The minor disadvantage is that you have to
log in to the puppetmaster host to actually change anything in the
secure repository, but things don't change in there very often.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Custom facts for a puppetmasterless environment

2010-04-09 Thread Pete Emerson 
I see the instructions for creating custom facter recipes here:

http://projects.reductivelabs.com/projects/puppet/wiki/Adding_Facts

and in this thread, James Turnbull suggests that Facter might some day
support other languages besides ruby:

http://groups.google.com/group/puppet-users/browse_thread/thread/8c127ae8898d3bcf/c5ca551b77c4eb67?lnk=gst&q=facter+perl#c5ca551b77c4eb67

He writes:

> Agreed.  That'd be a useful feature and if we'd probably do it like
> Nagios plug-ins do - doesn't matter what the language is as long as they
> output data that the Facter API can parse into facts - Perl, Python, C,
> Rexx (*coughs*), etc.

Has such a feature been released in the latest versions of facter / puppet ?

I'm experimenting with puppet with no puppetmaster, but need to add
facts that my puppet_node_classifier usually provides. I assume using
facter is the way to go (I have not played with facter yet). Is there
an alternate solution for getting my own facts into a puppet node
without a puppetmaster?

Pete

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet 0.25.5 - Release Candidate 1 available!

2010-04-09 Thread Gustavo Soares 
Hi,

I would like confirm if the bug #3182 will be solved in the 0.25.5 final
release (I am asking this because I didn't saw it in the changelog of the
RC1).

Thanks in advance,
Gus

On Thu, Apr 1, 2010 at 3:22 AM, James Turnbull wrote:

> Welcome back to the Puppet release cycle - brought to you by the newly
> minted Puppet Labs.
>
> The 0.25.5 release is a maintenance release in the
> 0.25.x branch. It contains a number of bug fixes but also some performance
> enhancements including speed-ups to Puppet's graphing.
>
> The release candidate is available at:
>
> http://puppetlabs.com/downloads/puppet/puppet-0.25.5rc1.tar.gz
>
> Please note that all final releases of Puppet are signed with the
> Reductive Labs key (we'll issue a new, improved Puppet Labs key after the
> Rowlf release).
>
> See the Verifying Puppet Download section at
> http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
>
> Please test this release candidate and report feedback via the
> Puppet Labs Redmine site:
>
> http://projects.puppetlabs.com
>
> Please select an affected version of 0.25.5rc1.
>
> RELEASE NOTES
>
> The default location for Puppet's dynamic files, the $vardir option, has
> changed from /var/puppet to /var/lib/puppet. This is already the default for
> the Fedora EPEL and Debian/Ubuntu packages and brings Puppet into FHS
> compliance.
>
> You can now specify checksum => none in the file type to disable file
> check-summing.
>
> CHANGELOG
>
> 57ae381  Modify SuSE spec file for 0.25.x and correct shebang lines for
> puppetd/puppetmasterd
> d90ec79  Fixes #3460 - Makes Puppet FHS compliant by moving /var/puppet to
> /var/lib/puppet
> ae0b0bf  Fix for #3101 (bug in MRI 1.8.7)
> 9db066b  Fixes #3419. OS X 10.6 Ruby doesn't set supplementary groups
> 306d082  Revert the guts of #2890
> 4eea77a  Fail gracefully on packages that don't have the HOMEPAGE variable
> set (e.g. dev-lang/php).
> f5b8494  Fixed #3443 - Typo in mount type
> b0ef2c6  Fixes #3135 - darwin doesn't support 'mount -o remount'
> 7018cf5  Adding :catalog_terminus setting
> 978ab8a  fixing obsolete comment in puppetd
> 6d13d0d  Adding support for only using cached catalogs
> bc28715  Refactoring Configurer to enable the next feature
> ba43d7b  Fix for #3366 - --tags '' treated as boolean 'true'
> 5ab5e8a  Supressing warnings (not really failures) in test/unit
> e4df0b0  Fix test using wrong Puppet util filesetting group
> eeb3d74  Mock user in SUIDManager tests
> 9ea27db  Removing resources generate tests
> 218e3e9  Removing old test for service/debian provider
> 1556938  Replace test/unit file write test with spec
> 2defc00  Fix for #3424 and tests to prove it.
> 44798b9  Fixed changelog Rake task
> 5d10f65  Fix #3155 - prevent error when using two matching regex in cascade
> fbedb99  Fixing #3148 Settings#without_noop when run with no noop setting
> 389c77b  Another trivial follow-up fix for #2604: invalid path to zaml.rb
> 56b5753  Fix inefficient SimpleGraph#matching_edge
> 4b2b9eb  Fix #3229 - use original value in case/selector regex matching
> 19863c0  Fix #2929 - Allow checksum to be "none"
> fd76142  Fixed puppetlast typo
> 3b4e782  Follow up for #2604, debug msg left behind.
> e44430b  Fix for #2604 Pure Ruby yaml generation
> 74cd55f  Fixes #3113 - When importing a manifest puppet needs to chill
> 7ec50a7  Fixes #3387 - Handle path elements with ticks and spaces
> d561a98  Fix for #3412 install.rb should not put "." first in the tmp_dirs
> 751df45  Fix #3186 - require function set relationship only on the last
> class
> a1d216c  Fixed the return types were valid, and removed the copy paste
> error with the exception logic
> d532e6d  Fixing #3185 Rakefile is loading puppet.rb twice
> 5aa596c  Fix #3150 - require function doesn't like ::class syntax
> 3457b87  Added time module to tagmail report
> 71653a7  Fixed #3162 - tidy does not remove empty files when "size => 0" is
> set
> efd0f76  Fixed #3128 - Updated man pages and moved puppet.conf.8 to
> puppet.conf.5
> ad4f94a  Add version number to puppetlast display.
> 0533cea  Forgot fakedata called in spec
> 6416f91  Fixing #2669 puppetmasterd integration has leaky state
> 8a3a205  Fix for #2327, check the return types from augeas and fail where
> appropriate
> 2ae7516  2047: Add a not_include into match
> 55f6239  Minor unit test fixes
> b7b7a1c  vim: Improve function matching when functions contain ')'
> b3c363c  vim: puppetDefArguments is contained by puppetDefine
> f9e05a8  Fix for #3094 (libdir should take ":" delimited path)
> b473264  Fix #1842 Net::HTTP#enable_post_connection_check doesn't work
> anymore
> 9419c2b  Fix for #3035 (redhat services use init for source)
> 10becce  Fix for #3077 (unit tests broken in 0.25.1-->0.25.4)
> 49a7185  Fix for #3085 (user_role_add pulls from same source as useradd)
> 1f086c2  Fix for #3114 (ruby's arbitrary limit on process groups too low)
>
> Regards
>
> James Turnbull
>
> --
> Author of:
> * Pro Linux System Administration (http://tinyurl

Re: [Puppet Users] Re: Puppet commands giving nothing but a stack trace

2010-04-09 Thread Bruce Richardson 
On Fri, Apr 09, 2010 at 08:56:39AM -0400, Rob McBroom wrote:
> 
> Bingo. Someone had set it to 128 for all users (without my knowledge).
> I changed it to only affect the relevant users and Puppet fires right
> up. Thanks.

You're running Puppet and somebody changed the ulimit config on the box
without telling you?  There's ironic and there's plain contrary.

-- 
Bruce

Explota!: miles de lemmings no pueden estar equivocados.


signature.asc
Description: Digital signature

Re: [Puppet Users] Re: Puppet commands giving nothing but a stack trace

2010-04-09 Thread Rob McBroom 
On Apr 8, 2010, at 5:48 PM, Ken wrote:

> I don't suppose its your stack size? Whats the output of 'ulimit -a'
> on your box (as the user you were trying to run those command as of
> course). Mine is 8192 kb.

Bingo. Someone had set it to 128 for all users (without my knowledge). I 
changed it to only affect the relevant users and Puppet fires right up. Thanks.

-- 
Rob McBroom


Don't try to tell me a thing is important to you if the whole of your “support” 
entails forcing others to spend time and money on it.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] is puppet the right tool for me?

2010-04-09 Thread Peter Meier 

That's great! And what to do with various passwords, private keys and so on?
Should I put them in manifest?


That is a hard call, and there is probably no single answer.

For what it is worth, we decided that this was an acceptable security risk in
some places (database passwords containing unclassified data only), and
unacceptable in others (SSL certificate private keys).

We presently distribute the later set, the keys, only through manual action,
although you can use puppet-specific restrictions to serve them up  
safely from

external files.

I hope to have some acceptable solution that keeps both my needs (no manual
setup) and the needs of our auditors (keep things secure) in balance, but
don't presently have one.



we lookup passwords via an external source, which is only located on  
the master. so in the manifests you find only the lookup statement.  
ssl-keys are managed by puppet but stored in a module which is  
seperated from all the other modules and which resists only on the  
master within a local git repository.


so far we see this as comfortable as possible with the best (?)  
possible security you can have in such a centralized setup.


cheers pete

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Author system management books- Packt Publishing.

2010-04-09 Thread Kshipra Singh 
Hi Puppet Users,

I am writing to you for Packt Publishing, the publishers of computer
related books.

We are planning to extend our catalogue of books on Open Source System
and Network Administration softwares & are currently inviting experts
to write for us. So, if you love Puppet and fancy writing a book,
please write to us with your book ideas at aut...@packtpub.com.  Even
if you don't have a book idea and are simply interested in writing, we
are still keen to hear from you.

More details about the opportunity can be read at:
http://authors.packtpub.com/content/calling-open-source-system-and-network-administration-experts-write-packt

Thanks
Kshipra Singh
Author Relationship Manager
Packt Publishing
www.PacktPub.com

Skype: kshiprasingh15
Twitter: http://twitter.com/kshipras

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] is puppet the right tool for me?

2010-04-09 Thread Daniel Pittman 
Dmitry V'yal  writes:
> Evan Hisey wrote:
>>> Regardless of if puppet is intended to manage multiple similar hosts, it is
>>> still useful when you have a smaller number of unique hosts.
>>>
>>> If every host is completely unique then you get one some benefits of puppet:
>>>  * you have a single place to review your configuration
>>>  * you can make changes without having to do it by hand
>>>  * puppet checks nothing has changed, and puts it back if something has
>>>
>>> However, I bet that all your hosts are a *lot* more alike than you think:
>>>  * you probably use the same web server (apache, or so), and *mostly* have 
>>> it
>>>   set up the same way on each machine, right?
>>>  * you probably use the same MTA on most machines
>>>  * you probably use the same log watching and checking stuff on 'em all
>>>  * you probably have similar needs for installing PHP and some extra PHP
>>>   modules, which are usually configured more or less the same.[1]
>>>  * you probably do a bunch of "install mysql, configure like this" stuff the
>>>   same on each host.
>>>
>>
>> You forgot a biggy bonus of puppet, no matter what size you support. I
>> have several small ( as in 1-3) groups  of very different machines,
>> and with puppet I can rebuild them very quickly on when they need to
>> be replaced or upgraded. doing it by hand takes most of a day or 2.
>
> That's great! And what to do with various passwords, private keys and so on?
> Should I put them in manifest?

That is a hard call, and there is probably no single answer.

For what it is worth, we decided that this was an acceptable security risk in
some places (database passwords containing unclassified data only), and
unacceptable in others (SSL certificate private keys).

We presently distribute the later set, the keys, only through manual action,
although you can use puppet-specific restrictions to serve them up safely from
external files.

I hope to have some acceptable solution that keeps both my needs (no manual
setup) and the needs of our auditors (keep things secure) in balance, but
don't presently have one.

Daniel
-- 
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
   ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] is puppet the right tool for me?

2010-04-09 Thread Dmitry V'yal 

Evan Hisey wrote:

Regardless of if puppet is intended to manage multiple similar hosts, it is
still useful when you have a smaller number of unique hosts.

If every host is completely unique then you get one some benefits of puppet:
 * you have a single place to review your configuration
 * you can make changes without having to do it by hand
 * puppet checks nothing has changed, and puts it back if something has

However, I bet that all your hosts are a *lot* more alike than you think:
 * you probably use the same web server (apache, or so), and *mostly* have it
  set up the same way on each machine, right?
 * you probably use the same MTA on most machines
 * you probably use the same log watching and checking stuff on 'em all
 * you probably have similar needs for installing PHP and some extra PHP
  modules, which are usually configured more or less the same.[1]
 * you probably do a bunch of "install mysql, configure like this" stuff the
  same on each host.



You forgot a biggy bonus of puppet, no matter what size you support. I
have several small ( as in 1-3) groups  of very different machines,
and with puppet I can rebuild them very quickly on when they need to
be replaced or upgraded. doing it by hand takes most of a day or 2.



That's great! And what to do with various passwords, private keys and so 
on? Should I put them in manifest?


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.