[Puppet Users] Re: dashboard: rake install fails (Solaris10)
Meanwhile I have made a little progress when I removed authlogic-2.1.2 from vendor/gems. But came not too far... Can someone please point me into the right direction? Many Thanks in advance Lutz Now I get: bash-3.00# rake install --trace (in /opt/reductivelabs-puppet-dashboard-v1.0.0rc2-0-gd5918df) ** Invoke install (first_time) ** Invoke copy_config (first_time) ** Invoke config/database.yml (first_time, not_needed) ** Invoke config/database.yml.example (first_time, not_needed) ** Execute copy_config ** Invoke db:create (first_time) ** Invoke db:load_config (first_time) ** Invoke rails_env (first_time) ** Execute rails_env ** Execute db:load_config ** Execute db:create dashboard_development already exists ** Invoke db:schema:load (first_time) ** Invoke environment (first_time) ** Execute environment ** Execute db:schema:load -- create_table(assignments, {:force=true}) - 0.0315s -- create_table(node_class_memberships, {:force=true}) - 0.0202s -- create_table(node_classes, {:force=true}) - 0.0166s -- create_table(node_group_class_memberships, {:force=true}) - 0.0153s -- create_table(node_group_edges, {:force=true}) - 0.0180s -- create_table(node_group_memberships, {:force=true}) - 0.0184s -- create_table(node_groups, {:force=true}) - 0.0189s -- create_table(nodes, {:force=true}) - 0.0170s -- create_table(parameters, {:force=true}) - 0.0166s -- create_table(reports, {:force=true}) - 0.0192s -- add_index(reports, [node_id], {:name=index_reports_on_node_id}) - 0.0211s -- add_index(reports, [time], {:name=index_reports_on_time}) - 0.0247s -- create_table(services, {:force=true}) - 0.0179s -- create_table(timeline_events, {:force=true}) - 0.0207s -- create_table(users, {:force=true}) - 0.0391s -- initialize_schema_migrations_table() - 0.0006s -- assume_migrated_upto_version(20100318131825) - 0.0010s ** Invoke db:seed (first_time) ** Invoke environment ** Execute db:seed rake aborted! undefined method `generate!' for #Class:0x9b30264 /usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.4/lib/active_record/ base.rb:1959:in `method_missing_without_paginate' /usr/local/lib/ruby/gems/1.8/gems/will_paginate-2.3.12/lib/ will_paginate/finder.rb:170:in `method_missing' /opt/reductivelabs-puppet-dashboard-v1.0.0rc2-0-gd5918df/db/seeds.rb:1 /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/ active_support/dependencies.rb:145:in `load_without_new_constant_marking' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/ active_support/dependencies.rb:145:in `load' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/ active_support/dependencies.rb:521:in `new_constants_in' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.4/lib/ active_support/dependencies.rb:145:in `load' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.4/lib/tasks/databases.rake: 215 /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:636:in `call' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:636:in `execute' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:631:in `each' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:631:in `execute' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:597:in `invoke_with_call_chain' /usr/local/lib/ruby/1.8/monitor.rb:242:in `synchronize' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:590:in `invoke_with_call_chain' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:607:in `invoke_prerequisites' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:604:in `each' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:604:in `invoke_prerequisites' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:596:in `invoke_with_call_chain' /usr/local/lib/ruby/1.8/monitor.rb:242:in `synchronize' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:590:in `invoke_with_call_chain' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:583:in `invoke' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2051:in `invoke_task' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `top_level' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `each' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `top_level' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2068:in `standard_exception_handling' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2023:in `top_level' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2001:in `run' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2068:in `standard_exception_handling' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:1998:in `run' /usr/local/lib/ruby/gems/1.8/gems/rake-0.8.7/bin/rake:31 /usr/local/bin/rake:19:in `load' /usr/local/bin/rake:19 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to
[Puppet Users] Puppet EC2: Attach an EBS volume at boot?
Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Default Gateway facter problems
Hi all: El Miércoles, 21 de Abril de 2010 06:55:29, Daniel Pittman escribió: donavan dona...@desinc.net writes: [...] When I made up my sites broadcast fact I solved it in a manner like interfaces.rb. Essentially there are multiple broadcast_$interface facts, and while creating these the interface associated with ipaddress also sets the broadcast fact as primary. What do you do about an interface like this: 2: eth0: BROADCAST,MULTICAST,UP,1 mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:30:48:97:59:ae brd ff:ff:ff:ff:ff:ff inet 192.168.10.11/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.130/24 brd 192.168.10.255 scope global secondary eth0:0 inet 192.168.10.131/24 brd 192.168.10.255 scope global secondary eth0:1 inet 192.168.10.132/24 brd 192.168.10.255 scope global secondary eth0:2 (Actually, that one is easy as all the extra addresses are in the same segment. We have other machines where they are not...) Moving on to the gateway fact; I think a trivial solution is to use your array of gateways to create a series of gateway_$n[1] facts. ...by gateway do you mean default route, or just gateway — we have hosts that have a dozen different routes, and sometimes no default route at all, that act inside the network. *Or* even multiple default gateways since a default gateway is nothing but one that allows routing to 0/0. When more that one is defined, provided they have the same metric, the first one is always used unless fail is detected in which case the second one is tried in turn, etc. Cheers. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetd stops
Hi all, The last 2 weeks we have been having problems with puppetd just randomly stopping. The only thing the log shows is: snip Apr 21 12:14:59 relay puppetd[1376]: Finished catalog run in 4.78 seconds Apr 21 12:30:07 relay puppetd[1376]: Finished catalog run in 4.76 seconds Apr 21 12:45:20 relay puppetd[1376]: Finished catalog run in 4.61 seconds /snip There is no pattern when the process stops but its usually between 15 min and 5 hours (And 'only' on about 50 nodes). Running a strace on the puppetd gives that puppetd recieves a SIGINT and then exits .. I have tried to disable most modules (We do have a few we cannot disable) but still the processes stops. We are running version 0.25.4-2 on both master and slave with a haproxy frontend since we have 2 servers (But one is disabled in the search for this random error) haproxy has been configured with high timeouts since it can take up til 177 seconds to process a node from haproxy.cfg contimeout 35000 clitimeout 35 srvtimeout 35 / the apache configuration of passenger has the following values: from apache.vhost PassengerPoolIdleTime 900 PassengerMaxPoolSize 30 PassengerUseGlobalQueue on PassengerHighPerformance on RackAutoDetect On / I have asked on #pup...@freenode if anyone had an idea on how to track this down since its becomming more of a pain to start puppetd every 15 minutes. I haven't been able to get the timeout when running with --debug --trace Our suspicion comes down to its a problem with a timeout since usually it stops after a high catalog run time. So ... Any idea on how to track this down ? _any_ input is welcome /Kim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetd stops
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Our suspicion comes down to its a problem with a timeout since usually it stops after a high catalog run time. So ... Any idea on how to track this down ? _any_ input is welcome No except, that I see the problem as well: http://projects.reductivelabs.com/issues/2888 http://projects.reductivelabs.com/issues/2661 I assume it is related to timeout issues, however those are as you said very hard to track... cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvO56IACgkQbwltcAfKi38cagCglNb6v2ICEB/gRxXxHVneEv6x 2D4AoIHUl3lO09RQw5ykiAlDMJ5bu2/A =usNn -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? The mounting should normally be done by your os - ie. put the entry in /etc/fstab. However - puppet can manage the /etc/fstab file with the 'mount' resource if you wanted: http://docs.puppetlabs.com/references/stable/type.html#mount But - I'm guessing your problem is that you don't want to re-create your EBS/AMI image every time you change /etc/fstab right? If you didn't want to save the entry in fstab and do the whole 'snapshot' image thing (to persist your /etc/fstab entry in your EBS/ AMI image) you could have puppet always start at bootup and let puppet do the mounting. Puppet will mount the file-system at any time quite happily in this regard. Just need to make sure that your ensure line is 'mounted'. For example: mount {/mnt/point: device = /dev/sdc1, ensure = mounted, ... } Just make sure you getting your ordering right - as most people would be used to mounts appearing quite early in any boot sequence ... if you manage your service starts in puppet as well, you can let puppet do the ordering for you. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
Thanks for the reply. I think the mounting part should be straight forward. My main problem is defining in puppet the name of the EBS volume to attach, and having the puppet client on the EC2 instance actually *attach* the volume after it has spun-up. On Apr 21, 1:07 pm, Ken k...@bob.sh wrote: Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? The mounting should normally be done by your os - ie. put the entry in /etc/fstab. However - puppet can manage the /etc/fstab file with the 'mount' resource if you wanted: http://docs.puppetlabs.com/references/stable/type.html#mount But - I'm guessing your problem is that you don't want to re-create your EBS/AMI image every time you change /etc/fstab right? If you didn't want to save the entry in fstab and do the whole 'snapshot' image thing (to persist your /etc/fstab entry in your EBS/ AMI image) you could have puppet always start at bootup and let puppet do the mounting. Puppet will mount the file-system at any time quite happily in this regard. Just need to make sure that your ensure line is 'mounted'. For example: mount {/mnt/point: device = /dev/sdc1, ensure = mounted, ... } Just make sure you getting your ordering right - as most people would be used to mounts appearing quite early in any boot sequence ... if you manage your service starts in puppet as well, you can let puppet do the ordering for you. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetd stops
More data is needed I think. Can you run puppetd --no-daemonize --debug in 'screen' or by piping the output somewhere? It may give you a better clue. On Apr 21, 12:39 pm, Kim Gert Nielsen k...@netgroup.dk wrote: Hi all, The last 2 weeks we have been having problems with puppetd just randomly stopping. The only thing the log shows is: snip Apr 21 12:14:59 relay puppetd[1376]: Finished catalog run in 4.78 seconds Apr 21 12:30:07 relay puppetd[1376]: Finished catalog run in 4.76 seconds Apr 21 12:45:20 relay puppetd[1376]: Finished catalog run in 4.61 seconds /snip There is no pattern when the process stops but its usually between 15 min and 5 hours (And 'only' on about 50 nodes). Running a strace on the puppetd gives that puppetd recieves a SIGINT and then exits .. I have tried to disable most modules (We do have a few we cannot disable) but still the processes stops. We are running version 0.25.4-2 on both master and slave with a haproxy frontend since we have 2 servers (But one is disabled in the search for this random error) haproxy has been configured with high timeouts since it can take up til 177 seconds to process a node from haproxy.cfg contimeout 35000 clitimeout 35 srvtimeout 35 / the apache configuration of passenger has the following values: from apache.vhost PassengerPoolIdleTime 900 PassengerMaxPoolSize 30 PassengerUseGlobalQueue on PassengerHighPerformance on RackAutoDetect On / I have asked on #pup...@freenode if anyone had an idea on how to track this down since its becomming more of a pain to start puppetd every 15 minutes. I haven't been able to get the timeout when running with --debug --trace Our suspicion comes down to its a problem with a timeout since usually it stops after a high catalog run time. So ... Any idea on how to track this down ? _any_ input is welcome /Kim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
Having the ebs vol id as a parameter in the node manifest works for us $ebsvol = xxx Then use the Mount type with that variable in your manifest file. We've observed an issue when mounting EBS volumes in EC2 on our CentOS 5 AMI though - puppetd seems to hang when executing the mount command. Occurs if I use the puppet Mount type, or just call mount via exec/bash script. Seems related to the amount of data on the EBS vols (40GB+) Running in debug provides no extra info - running 0.25.4 Thanks, Matt On 21 April 2010 13:44, Phillip B Oldham phillip.old...@gmail.com wrote: Thanks for the reply. I think the mounting part should be straight forward. My main problem is defining in puppet the name of the EBS volume to attach, and having the puppet client on the EC2 instance actually *attach* the volume after it has spun-up. On Apr 21, 1:07 pm, Ken k...@bob.sh wrote: Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? The mounting should normally be done by your os - ie. put the entry in /etc/fstab. However - puppet can manage the /etc/fstab file with the 'mount' resource if you wanted: http://docs.puppetlabs.com/references/stable/type.html#mount But - I'm guessing your problem is that you don't want to re-create your EBS/AMI image every time you change /etc/fstab right? If you didn't want to save the entry in fstab and do the whole 'snapshot' image thing (to persist your /etc/fstab entry in your EBS/ AMI image) you could have puppet always start at bootup and let puppet do the mounting. Puppet will mount the file-system at any time quite happily in this regard. Just need to make sure that your ensure line is 'mounted'. For example: mount {/mnt/point: device = /dev/sdc1, ensure = mounted, ... } Just make sure you getting your ordering right - as most people would be used to mounts appearing quite early in any boot sequence ... if you manage your service starts in puppet as well, you can let puppet do the ordering for you. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group athttp:// groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] err: Could not retrieve catalog; skipping run
I recently upgraded puppet on my client machine to 0.25.4 (using the package from EPEL). However I'm not getting this error: debug: Finishing transaction 23575711646920 with 0 changes debug: Using cached certificate for ca, good until Sun Feb 01 09:38:22 UTC 2015 debug: Using cached certificate for sl5build.hq.eso.org, good until Sun Feb 01 13:51:41 UTC 2015 debug: Loaded state in 0.00 seconds debug: Using cached certificate for ca, good until Sun Feb 01 09:38:22 UTC 2015 debug: Using cached certificate for sl5build.hq.eso.org, good until Sun Feb 01 13:51:41 UTC 2015 debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run The command I'm running is puppetd --test --server acmp10.hq.eso.org - d Anyone have any ideas because I can't see anything appearing in the logs on the server and there are no logs on the client? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
My main problem is defining in puppet the name of the EBS volume to attach, and having the puppet client on the EC2 instance actually *attach* the volume after it has spun-up. Is this because you want to be able to convert the EBS id to a /dev/ sdX device? So the EBS volume id is what you reference in your configuration ...? ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
I didn't seen this myself Matt. I was using 200g EBS volumes. Can you see the mount command in action while its blocking and try to replicate manually it with all command line options etc. I found the provided and community Centos images where a bit poor - and rolled my own from scratch because I wanted to use EBS volumes. I also wanted it to be 'clean' without someone else's customisations as well :-). ken. On Apr 21, 3:42 pm, Matt mattmora...@gmail.com wrote: Having the ebs vol id as a parameter in the node manifest works for us $ebsvol = xxx Then use the Mount type with that variable in your manifest file. We've observed an issue when mounting EBS volumes in EC2 on our CentOS 5 AMI though - puppetd seems to hang when executing the mount command. Occurs if I use the puppet Mount type, or just call mount via exec/bash script. Seems related to the amount of data on the EBS vols (40GB+) Running in debug provides no extra info - running 0.25.4 Thanks, Matt On 21 April 2010 13:44, Phillip B Oldham phillip.old...@gmail.com wrote: Thanks for the reply. I think the mounting part should be straight forward. My main problem is defining in puppet the name of the EBS volume to attach, and having the puppet client on the EC2 instance actually *attach* the volume after it has spun-up. On Apr 21, 1:07 pm, Ken k...@bob.sh wrote: Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? The mounting should normally be done by your os - ie. put the entry in /etc/fstab. However - puppet can manage the /etc/fstab file with the 'mount' resource if you wanted: http://docs.puppetlabs.com/references/stable/type.html#mount But - I'm guessing your problem is that you don't want to re-create your EBS/AMI image every time you change /etc/fstab right? If you didn't want to save the entry in fstab and do the whole 'snapshot' image thing (to persist your /etc/fstab entry in your EBS/ AMI image) you could have puppet always start at bootup and let puppet do the mounting. Puppet will mount the file-system at any time quite happily in this regard. Just need to make sure that your ensure line is 'mounted'. For example: mount {/mnt/point: device = /dev/sdc1, ensure = mounted, ... } Just make sure you getting your ordering right - as most people would be used to mounts appearing quite early in any boot sequence ... if you manage your service starts in puppet as well, you can let puppet do the ordering for you. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@google groups.com . For more options, visit this group athttp:// groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@google groups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Zenoss joint partnership announcement
Hi folks, See a recent post on our blog that we're pretty excited about: http://www.puppetlabs.com/blog/zenoss-and-puppet-labs-partner-to-deliver-integrated-it-monitoring-and-automation-for-next-generation-datacenters/ If you're interested in using Zenoss and Puppet together, we can now more easily work together to help you with your infrastructure. Integration with other management tools is going to be a big theme for Puppet in the future, whether from setting up monitoring, being monitored, integrating with logging systems, virtualization systems, etc.Look for more of this sort of thing in the future. --Michael -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] revoked host can't be re-added?
I have a problem I can't figure out. I was having cert problems with a host - it seemed to have multiple host names (mot likely from dns changes in the past) and all the certs were valid. Although it was giving an error about a cert I could not identify. So I tried: puppetca --revoke hostname puppetca --clean hostname restart puppetmaster puppetca --list --all (host does not show up - good) On client re-issue puppetd --server puppet --waitforcert 30 --test Error is : err: Could not retrieve catalog: Certificates were not trusted: sslv3 alert certificate revoked So how do I get rid of it? I can't find a cert anywhere with either a valid cert or revoked.. Did I do this wrong? How do you remove and re- add a host? thanks ~J~ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
On Apr 21, 2010, at 2:51 PM, Ken wrote: More data is needed I think. Can you run puppetd --no-daemonize --debug in 'screen' or by piping the output somewhere? It may give you a better clue. Well I partly got something info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/puppet/puppet.conf(f855be601e533a86b2c86a1e48e40281) info: //puppet::client/File[/etc/puppet/puppet.conf]: Filebucketed /etc/puppet/puppet.conf to main with sum f855be601e533a86b2c86a1e48e40281 debug: //puppet::client/File[/etc/puppet/puppet.conf]/checksum: Replacing /etc/puppet/puppet.conf checksum {md5}f855be601e533a86b2c86a1e48e40281 with {md5}caeae0319caee30f24bb280916242f29 notice: //puppet::client/File[/etc/puppet/puppet.conf]/content: content changed '{md5}f855be601e533a86b2c86a1e48e40281' to 'unknown checksum' info: //puppet::client/File[/etc/puppet/puppet.conf]: Scheduling refresh of Service[puppet] debug: Format pson not supported for Puppet::FileServing::Metadata; has not implemented method 'from_pson' debug: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s' debug: Service[puppet](provider=debian): Executing 'ps -ef' debug: Service[puppet](provider=debian): PID is 29733 notice: //puppet/Service[puppet]: Triggering 'refresh' from 1 dependencies debug: Service[puppet](provider=debian): Executing 'ps -ef' debug: Service[puppet](provider=debian): PID is 29733 debug: Service[puppet](provider=debian): Executing '/etc/init.d/puppet restart' notice: Caught TERM; calling stop so it see an update to puppet.conf and runs a restart .. then it stops .. then I guess the hack with 1 sec delay is not enough /Kim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] revoked host can't be re-added?
On Wed, 21 Apr 2010, Jewels wrote: puppetca --revoke hostname puppetca --clean hostname You added the old cert's serial number to a revocation list, and then removed the cert from puppetca. The cert might or might not still exist on the client. On client re-issue puppetd --server puppet --waitforcert 30 --test Error is : err: Could not retrieve catalog: Certificates were not trusted: sslv3 alert certificate revoked OK, the cert did still exist on the client; the client puppetd tried to use it, the server noticed that its serial number was in the revocation list, and the server refused to do anything more. So how do I get rid of it? I can't find a cert anywhere with either a valid cert or revoked.. Did I do this wrong? How do you remove and re- add a host? Stop puppetd, and rm -rf /etc/puppet/ssl on the client. Next time you start puppetd, it will generate a new key for itself, generate a new certificate signing request for that key, and send the request to the server. --apb (Alan Barrett) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
nevermind .. someone actually made a change so it restartet just as it should leavning my screen killed /Kim On Apr 21, 2010, at 8:43 PM, Kim Gert Nielsen wrote: info: Filebucket[/var/lib/puppet/clientbucket]: Adding /etc/puppet/puppet.conf(f855be601e533a86b2c86a1e48e40281) info: //puppet::client/File[/etc/puppet/puppet.conf]: Filebucketed /etc/puppet/puppet.conf to main with sum f855be601e533a86b2c86a1e48e40281 debug: //puppet::client/File[/etc/puppet/puppet.conf]/checksum: Replacing /etc/puppet/puppet.conf checksum {md5}f855be601e533a86b2c86a1e48e40281 with {md5}caeae0319caee30f24bb280916242f29 notice: //puppet::client/File[/etc/puppet/puppet.conf]/content: content changed '{md5}f855be601e533a86b2c86a1e48e40281' to 'unknown checksum' info: //puppet::client/File[/etc/puppet/puppet.conf]: Scheduling refresh of Service[puppet] debug: Format pson not supported for Puppet::FileServing::Metadata; has not implemented method 'from_pson' debug: Format s not supported for Puppet::FileServing::Metadata; has not implemented method 'from_s' debug: Service[puppet](provider=debian): Executing 'ps -ef' debug: Service[puppet](provider=debian): PID is 29733 notice: //puppet/Service[puppet]: Triggering 'refresh' from 1 dependencies debug: Service[puppet](provider=debian): Executing 'ps -ef' debug: Service[puppet](provider=debian): PID is 29733 debug: Service[puppet](provider=debian): Executing '/etc/init.d/puppet restart' notice: Caught TERM; calling stop -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
On Apr 21, 2010, at 11:43 AM, Kim Gert Nielsen wrote: On Apr 21, 2010, at 2:51 PM, Ken wrote: More data is needed I think. Can you run puppetd --no-daemonize --debug in 'screen' or by piping the output somewhere? It may give you a better clue. debug: Service[puppet](provider=debian): Executing 'ps -ef' debug: Service[puppet](provider=debian): PID is 29733 debug: Service[puppet](provider=debian): Executing '/etc/init.d/puppet restart' notice: Caught TERM; calling stop so it see an update to puppet.conf and runs a restart .. then it stops .. then I guess the hack with 1 sec delay is not enough Is restarting puppet using itself supported? I had always assumed it wasn't. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: revoked host can't be re-added?
That was it... I kept forgetting the client. So stupid. I kept thinking it was based on the server. My bad. THANK YOU FOR THE QUICK RESPONSE! I am back in operation again... Yay! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
On Apr 21, 2010, at 8:50 PM, Patrick wrote: Is restarting puppet using itself supported? I had always assumed it wasn't. I got the example long time ago from example42 and they just added a service for it. It has worked before but if its unsupported then it might be the problem I have :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
On Apr 21, 2010, at 5:51 AM, Ken wrote: More data is needed I think. Can you run puppetd --no-daemonize --debug in 'screen' or by piping the output somewhere? It may give you a better clue. First, it think your saying that the client is crashing or hanging. My advice would be to do this with most of you computers: Use puppet to push out a cron job that will either fix puppet, or run puppet. ie either have it just run puppet in cron, or have it run a command to make sure puppet's running fine every hour. Then setup a few you can watch for debugging. I'd do something like puppetd --no-daemonize --verbose --debug --trace | tee /root/puppet.log. As Ken said, running it in screen would help if you get disconnected. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
On Apr 21, 2010, at 12:01 PM, Kim Gert Nielsen wrote: On Apr 21, 2010, at 8:50 PM, Patrick wrote: Is restarting puppet using itself supported? I had always assumed it wasn't. I got the example long time ago from example42 and they just added a service for it. It has worked before but if its unsupported then it might be the problem I have :) I have no idea if it's supported. I just always assumed it was a bad idea. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Odd behavior for clients with trailing dot in their FQDN
All, I'm just getting started with puppet, so excuse any lack of vocabulary in this email. I've got a server (CentOS 5.4) running with a little more than the example puppet configuration. Importantly, I'm using the supplied auth.conf, and the relevant portion looks like this: path ~ ^/catalog/([^/]+)$ method find allow $1 I just created a new VM as a puppet client (also CentOS 5.4), which calls itself ib3stage.domainI. (with trailing dot). When it tries to sync for the first time, I get this on the client: -bash-3.2# puppetd --waitforcert 60 --test --server puppet.domainB. err: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: ib3stage.domainI.(10.0.12.15) access to / catalog/ib3stage.domainI. [find] authenticated at line 0 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run The server shows this: info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: access[^/catalog/([^/]+)$]: defaulting to no access for ib3stage.domainB. warning: Denying access: Forbidden request: ib3stage.domainI. (10.0.12.15) access to /catalog/ib3stage.domainI. [find] authenticated at line 52 err: Forbidden request: ib3stage.domainI.(10.0.12.15) access to / catalog/ib3stage.domainI. [find] authenticated at line 52 If I convince the client that it is ib3stage.domainI (no dot), everything works as expected. Likewise, if I change the third line of my auth.conf stanza from above to allow*, it works, though I don't want to continue to run like that. Can any of you reproduce this? Discussion in IRC was that this seemed like a bug, but I'd like a sanity check before I file one. It was suggested that a fix to facter could help with this (to strip trailing dot?), but I would guess that this is a server-side thing. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: getting a list of rules out of iptables
Ken k...@bob.sh writes: What scope did you define that code in? Try it in your /etc/puppet/ manifests/site.pp file. I tried it in both the iptables module and the site.pp file. But, I like your module more. http://github.com/kbarber/puppet-iptables Its a mod to the camptocamp code. It persists iptables with iptables- save without requiring an external exec notify. It also stores the resource name as a comment using iptables --comment This is awesome. It's just what I needed. Thanks so much for writing it. It was only tested on RHEL5.x - your mileage may vary. I found a couple problems on my ubuntu machines. I forked it to http://github.com/directionless/puppet-iptables I think you probably want to pull some of my patches up, I sent you a thing through github. seph -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: getting a list of rules out of iptables
Hehehe - cool bananas. Happy to merge - just one small problem. I'm guessing that syntax is how you persist rules in Ubuntu? I run Ubuntu at work now but I'm a newb: /sbin/iptables-save /etc/iptables.rules Using that will break fedora - so we need a facter if/then. Do you have the time to add and test something like this? persist_cmd = case Facter.value(:operatingsystem) when /(Fedora|Redhat|Centos)/ then /sbin/service iptables save when /(Ubuntu|Debian)/ then /sbin/iptables-save /etc/ iptables.rules else nil end system(persist_cmd) We should probably take this dev discussion off-thread to not create too much mail noise. Feel free to email me or get me on xmpp/google talk (same addy as my email address). ken. On Apr 21, 9:52 pm, seph s...@directionless.org wrote: Ken k...@bob.sh writes: What scope did you define that code in? Try it in your /etc/puppet/ manifests/site.pp file. I tried it in both the iptables module and the site.pp file. But, I like your module more. http://github.com/kbarber/puppet-iptables Its a mod to the camptocamp code. It persists iptables with iptables- save without requiring an external exec notify. It also stores the resource name as a comment using iptables --comment This is awesome. It's just what I needed. Thanks so much for writing it. It was only tested on RHEL5.x - your mileage may vary. I found a couple problems on my ubuntu machines. I forked it tohttp://github.com/directionless/puppet-iptablesI think you probably want to pull some of my patches up, I sent you a thing through github. seph -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Overriding a resource created in a define
I'm using the resolv.conf pattern described here: http://projects.puppetlabs.com/projects/puppet/wiki/Resolv_Conf_Patterns In my node templates I have a base class that does all of the housekeeping chores to set up a basic server (install preferred editors, subversion, etc.). I added a call to the resolv_conf define to set up the standard /etc/resolv.conf file used by 95% of our systems. Of course, there are exceptions. I can't call the resolv_conf define again in a specific node to generate a new config. Any suggested approaches? Thanks! -Ben -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet EC2: Attach an EBS volume at boot?
Hi Ken, Were those 200GB populated with 50GB+ of data? Yes it can be mounted with the same options on the command line fine. Also if the EBS vol is already mounted it still hangs when it gets to it (remount thingy). iostat shows high I/O on the volume when this happens, so I thought it was due to puppet trying to back it up - but file ( backup = false } or changing it to a mkdir -p on the directory it gets mounted on made no difference. I thought it could be related to EBS volumes created from snapshots (i.e. the EBS vol isn't populated fully yet) but it doesn't appear to. I agree re the community CentOS images, we also rolled our own AMI to keep in sync with our bare metal repo. It doesn't hang on most of our EBS mounts, but I know we have a few in live where we have to kill puppet and finish the catalogue manually. I couldn't think of any other way to try and narrow it down to provide any more info. Matt On 21 April 2010 18:09, Ken k...@bob.sh wrote: I didn't seen this myself Matt. I was using 200g EBS volumes. Can you see the mount command in action while its blocking and try to replicate manually it with all command line options etc. I found the provided and community Centos images where a bit poor - and rolled my own from scratch because I wanted to use EBS volumes. I also wanted it to be 'clean' without someone else's customisations as well :-). ken. On Apr 21, 3:42 pm, Matt mattmora...@gmail.com wrote: Having the ebs vol id as a parameter in the node manifest works for us $ebsvol = xxx Then use the Mount type with that variable in your manifest file. We've observed an issue when mounting EBS volumes in EC2 on our CentOS 5 AMI though - puppetd seems to hang when executing the mount command. Occurs if I use the puppet Mount type, or just call mount via exec/bash script. Seems related to the amount of data on the EBS vols (40GB+) Running in debug provides no extra info - running 0.25.4 Thanks, Matt On 21 April 2010 13:44, Phillip B Oldham phillip.old...@gmail.com wrote: Thanks for the reply. I think the mounting part should be straight forward. My main problem is defining in puppet the name of the EBS volume to attach, and having the puppet client on the EC2 instance actually *attach* the volume after it has spun-up. On Apr 21, 1:07 pm, Ken k...@bob.sh wrote: Is it possible, using puppet, to configure an EC2 instance so that when it boots it attaches mounts an EBS volume? If so, what steps would one take to achieve this? The mounting should normally be done by your os - ie. put the entry in /etc/fstab. However - puppet can manage the /etc/fstab file with the 'mount' resource if you wanted: http://docs.puppetlabs.com/references/stable/type.html#mount But - I'm guessing your problem is that you don't want to re-create your EBS/AMI image every time you change /etc/fstab right? If you didn't want to save the entry in fstab and do the whole 'snapshot' image thing (to persist your /etc/fstab entry in your EBS/ AMI image) you could have puppet always start at bootup and let puppet do the mounting. Puppet will mount the file-system at any time quite happily in this regard. Just need to make sure that your ensure line is 'mounted'. For example: mount {/mnt/point: device = /dev/sdc1, ensure = mounted, ... } Just make sure you getting your ordering right - as most people would be used to mounts appearing quite early in any boot sequence ... if you manage your service starts in puppet as well, you can let puppet do the ordering for you. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com puppet-users%2bunsubscr...@google groups.com . For more options, visit this group athttp:// groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com puppet-users%2bunsubscr...@google groups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options,
Re: [Puppet Users] Re: getting a list of rules out of iptables
Seph, Ken, Thanks for your patches on this module ! I love the --comment idea. I will definitely pull this asap. You shouldn't need the 'before' in the 'iptables' resource. Not quite sure why its not executing, but how about this ... I do know why it's not executing: unfortunately this iptables type isn't able to notify other resources. I wasn't able to figure out quickly how this should be done, and never really got back to it... I'm not too comfortable with the idea of directly calling iptables-save in the ruby code and saving the output into a file. IMHO, the point of saving the output to a file is to be able to load the firewall at boot time, and the way this is done is distribution specific. I think this should be left out of the ruby part, and maybe put in some puppet class which does the right thing for each distribution. But of course, notify needs to be fixed first... Any pointer on this is very welcome: what sort of magic must be put in a puppet type to allow it to send notification to other resources once it has run ? Thanks ! Marc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] scaling up puppetmasterd by cloning puppetmasterd
I apologized ahead of time if this post shouldn't go here but I having been knocking my heading for the last two days trying to get over the following error while trying to clone my primary puppetmasterd because we have outgrown one puppetmasterd setup. I have basically set up a 2nd instance of our primary puppetmasterd and rsync'ed over /var/lib/puppet/ssl/ from the primary to the secondary puppetmasterd. The client ran to completion (and recorded the log in /var/lib/puppet/report/) but the file copying statement were failing: (see log below) Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate I am sorta desperate at this point and am thinking of trying to hack the libraries Any advice would be appreciate. I am running 0.24.6-1. Thanks in advance. EQX r...@xen-pup-dash:/etc/puppet# puppetd -vt info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Retrieving facts notice: /File[/var/lib/puppet/facts]/checksum: checksum changed '{mtime}Sat Jan 30 16:44:27 -0800 2010' to '{mtime}Sat Jan 30 16:44:28 -0800 2010' info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to retrieve current state of resource: Certificates were not trusted: hostname was not match with the server certificate Could not describe / files/server-configs/eqx-sv2/common/home/scripts: Certificates were not trusted: hostname was not match with the server certificate at / etc/puppet/manifests/eqx-sv2/production/classes/common.pp:251 notice: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Dependency file[/home/scripts] has 1 failures warning: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Skipping because of failed dependencies ... ... ... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scaling up puppetmasterd by cloning puppetmasterd
On Apr 21, 2010, at 3:59 PM, Brian Lam wrote: I apologized ahead of time if this post shouldn't go here but I having been knocking my heading for the last two days trying to get over the following error while trying to clone my primary puppetmasterd because we have outgrown one puppetmasterd setup. I have basically set up a 2nd instance of our primary puppetmasterd and rsync'ed over /var/lib/puppet/ssl/ from the primary to the secondary puppetmasterd. The client ran to completion (and recorded the log in /var/lib/puppet/report/) but the file copying statement were failing: (see log below) Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate I am sorta desperate at this point and am thinking of trying to hack the libraries Any advice would be appreciate. I am running 0.24.6-1. Thanks in advance. EQX r...@xen-pup-dash:/etc/puppet# puppetd -vt info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Retrieving facts notice: /File[/var/lib/puppet/facts]/checksum: checksum changed '{mtime}Sat Jan 30 16:44:27 -0800 2010' to '{mtime}Sat Jan 30 16:44:28 -0800 2010' info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to retrieve current state of resource: Certificates were not trusted: hostname was not match with the server certificate Could not describe / files/server-configs/eqx-sv2/common/home/scripts: Certificates were not trusted: hostname was not match with the server certificate at / etc/puppet/manifests/eqx-sv2/production/classes/common.pp:251 notice: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Dependency file[/home/scripts] has 1 failures warning: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Skipping because of failed dependencies ... ... ... I'm pretty sure that the server name that the clients see doesn't match the name on the certificate the server is using to authenticate. I'm not sure what the best way around this is. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: scaling up puppetmasterd by cloning puppetmasterd
I wonder if there is any way to hack to turn off ssl because I need to really get this to work. We are running puppet w/i our internal network so I can give up security / ssl to get it to work. Maybe I need to modify puppetmaster client / server to just pass a true at this pt. On Apr 21, 7:07 pm, Patrick kc7...@gmail.com wrote: On Apr 21, 2010, at 3:59 PM, Brian Lam wrote: I apologized ahead of time if this post shouldn't go here but I having been knocking my heading for the last two days trying to get over the following error while trying to clone my primary puppetmasterd because we have outgrown one puppetmasterd setup. I have basically set up a 2nd instance of our primary puppetmasterd and rsync'ed over /var/lib/puppet/ssl/ from the primary to the secondary puppetmasterd. The client ran to completion (and recorded the log in /var/lib/puppet/report/) but the file copying statement were failing: (see log below) Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate I am sorta desperate at this point and am thinking of trying to hack the libraries Any advice would be appreciate. I am running 0.24.6-1. Thanks in advance. EQX r...@xen-pup-dash:/etc/puppet# puppetd -vt info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Retrieving facts notice: /File[/var/lib/puppet/facts]/checksum: checksum changed '{mtime}Sat Jan 30 16:44:27 -0800 2010' to '{mtime}Sat Jan 30 16:44:28 -0800 2010' info: Loading fact kernelrelease info: Loading fact disk_facts info: Loading fact facts info: Loading fact www_pool info: Caching catalog at /var/lib/puppet/localconfig.yaml notice: Starting catalog run warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate warning: Certificate validation failed; consider using the certname configuration option err: //Node[xen-pup-dash]/common/File[/home/scripts]: Failed to retrieve current state of resource: Certificates were not trusted: hostname was not match with the server certificate Could not describe / files/server-configs/eqx-sv2/common/home/scripts: Certificates were not trusted: hostname was not match with the server certificate at / etc/puppet/manifests/eqx-sv2/production/classes/common.pp:251 notice: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Dependency file[/home/scripts] has 1 failures warning: //Node[xen-pup-dash]/common/Remote_file[/home/scripts/ update.whoami.sh]/File[/home/scripts/update.whoami.sh]: Skipping because of failed dependencies ... ... ... I'm pretty sure that the server name that the clients see doesn't match the name on the certificate the server is using to authenticate. I'm not sure what the best way around this is. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] scaling up puppetmasterd by cloning puppetmasterd
Brian, Login to your second puppetmaster and try the following: - backup your /var/lib/puppet and /etc/puppet dirs - stop your puppetmaster and puppetd processes - rm -rf /var/lib/puppet/ssl - edit your /etc/puppet.conf - under the [main] section add: ca = false ca_server = fqdn of your first puppetmaster - on your first puppet master do puppetca --clean fqdn of second puppetmaster - run puppetd on this machine - e.g. - puppetd -t --server fqdn of your first puppetmaster - sign the certificate on the first puppetmaster - start puppetmaster Hope this helps, Ohad On Thu, Apr 22, 2010 at 10:18 AM, Brian L. brianc...@gmail.com wrote: I am stomped. I wonder if there is any way to hack to turn off ssl because I need to really get this to work for the my company before the first puppetmasterd kneel over. We are running puppet w/i our internal network so I can give up security / ssl to get it to work. I am desperate enough to start hacking. Any pointers where to start? I will revisit the ssl cert at a later time. Brian L. On Wed, Apr 21, 2010 at 6:04 PM, Brian L. brianc...@gmail.com wrote: Markus, thank you. Let me give that a try and let you know. So sorry for all the typo. Brian L. On Wed, Apr 21, 2010 at 5:23 PM, Markus Roberts mar...@puppetlabs.comwrote: Brian -- It isn't trusting it because the second puppetmaster is claiming to be the first puppetmaster, which it isn't (the same way a bank would squawk if you tried to cash a check with a copy of someone else's ID). Have it generate a certificate for the second puppetmaster (probably using the first as the CA) and see if that fixes it. -- Markus -- You received this message because you are subscribed to the Google Groups Puppet Developers group. To post to this group, send email to puppet-...@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.compuppet-dev%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Developers group. To post to this group, send email to puppet-...@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.compuppet-dev%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetd stops
puppet will re-parse its config file if it is changing, so usually no need to restart the daemon. saying that, imho, its much better to run puppet via a cron. Ohad On Thu, Apr 22, 2010 at 3:48 AM, Patrick kc7...@gmail.com wrote: On Apr 21, 2010, at 12:01 PM, Kim Gert Nielsen wrote: On Apr 21, 2010, at 8:50 PM, Patrick wrote: Is restarting puppet using itself supported? I had always assumed it wasn't. I got the example long time ago from example42 and they just added a service for it. It has worked before but if its unsupported then it might be the problem I have :) I have no idea if it's supported. I just always assumed it was a bad idea. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] variable interpolation weirdness
Can someone please explain what's happening here? Let me know if you need more info. Thanks in advance for your time. I have a module called abc. This is the init.pp for that module. ### $ cat modules/production/abc/manifests/init.pp # Puppet Module: abc # class abc { package { maatkit: ensure = present } } class abc::base inherits abc { exec { testvars: command = /bin/echo 'java_version=${java_version}', logoutput = true; } } class abc::test { $java_version = jdk1.6.0_14 include abc::base } ### I accidently assigned both the abc and abc::test class to a host and noticed that the variable java_version no longer gets interpolated. E.g. here's the puppet run log. # puppetd -t notice: Ignoring --listen on onetime run info: Retrieving plugin info: Caching catalog for abc1.staging.pp.com info: Applying configuration version '1271906581' notice: //abc::base/Exec[testvars]/returns: java_version= notice: //abc::base/Exec[testvars]/returns: executed successfully warning: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (marshal) notice: Finished catalog run in 3.21 seconds But If I only assign the host the abc::test class, everything works ok like so: # puppetd -t notice: Ignoring --listen on onetime run info: Retrieving plugin info: Caching catalog for abc1.staging.pp.com info: Applying configuration version '1271906581' notice: //abc::base/Exec[testvars]/returns: java_version=jdk1.6.0_14 notice: //abc::base/Exec[testvars]/returns: executed successfully warning: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (marshal) notice: Finished catalog run in 3.21 seconds So I obviously know what to do to fix the problem but would love to understand what's happening here. Regards, Sukh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] RE: variable interpolation weirdness
Forgot to mention that I am running version puppet-0.25.4-1 on both sides on centos 5.4. -Original Message- From: Sukh Khehra Sent: Wednesday, April 21, 2010 8:39 PM To: 'puppet-users@googlegroups.com' Subject: variable interpolation weirdness Can someone please explain what's happening here? Let me know if you need more info. Thanks in advance for your time. I have a module called abc. This is the init.pp for that module. ### $ cat modules/production/abc/manifests/init.pp # Puppet Module: abc # class abc { package { maatkit: ensure = present } } class abc::base inherits abc { exec { testvars: command = /bin/echo 'java_version=${java_version}', logoutput = true; } } class abc::test { $java_version = jdk1.6.0_14 include abc::base } ### I accidently assigned both the abc and abc::test class to a host and noticed that the variable java_version no longer gets interpolated. E.g. here's the puppet run log. # puppetd -t notice: Ignoring --listen on onetime run info: Retrieving plugin info: Caching catalog for abc1.staging.pp.com info: Applying configuration version '1271906581' notice: //abc::base/Exec[testvars]/returns: java_version= notice: //abc::base/Exec[testvars]/returns: executed successfully warning: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (marshal) notice: Finished catalog run in 3.21 seconds But If I only assign the host the abc::test class, everything works ok like so: # puppetd -t notice: Ignoring --listen on onetime run info: Retrieving plugin info: Caching catalog for abc1.staging.pp.com info: Applying configuration version '1271906581' notice: //abc::base/Exec[testvars]/returns: java_version=jdk1.6.0_14 notice: //abc::base/Exec[testvars]/returns: executed successfully warning: Value of 'preferred_serialization_format' (pson) is invalid for report, using default (marshal) notice: Finished catalog run in 3.21 seconds So I obviously know what to do to fix the problem but would love to understand what's happening here. Regards, Sukh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: [Puppet-dev] scaling up puppetmasterd by cloning puppetmasterd
On Apr 21, 2010, at 7:34 PM, Ohad Levy wrote: Brian, Login to your second puppetmaster and try the following: backup your /var/lib/puppet and /etc/puppet dirs stop your puppetmaster and puppetd processes rm -rf /var/lib/puppet/ssl edit your /etc/puppet.conf under the [main] section add: ca = false ca_server = fqdn of your first puppetmaster on your first puppet master do puppetca --clean fqdn of second puppetmaster run puppetd on this machine - e.g. puppetd -t --server fqdn of your first puppetmaster sign the certificate on the first puppetmaster start puppetmaster Hope this helps, Ohad Cool. Will this passthrough CA requests? Here's an example: Lets call the first puppetmaster CA. Call the second puppetmaster Backup. A client with a default puppet.conf that doesn't have a valid cert connects to Backup. Will the client get a valid cert that will work on both masters? -Patrick -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue after upgrading to 0.25.4
We're seeing this periodically from client machines: Apr 21 16:31:09 blumfrub puppetd[31154]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: undefined method `collect' for nil:NilClass http://projects.reductivelabs.com/issues/2863 seems to suggest this was fixed in 0.25.2, but we're clearly seeing it in 0.25.4. Any ideas on a fix? Thanks -jeremy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issue after upgrading to 0.25.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22/04/10 1:37 PM, Jeremy Hansen wrote: We're seeing this periodically from client machines: Apr 21 16:31:09 blumfrub puppetd[31154]: (/File[/var/lib/puppet/lib]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: undefined method `collect' for nil:NilClass http://projects.reductivelabs.com/issues/2863 seems to suggest this was fixed in 0.25.2, but we're clearly seeing it in 0.25.4. Jeremy I am not sure that's the same issue as the one you're having. Can you log a ticket with --trace --debug output from the client and the master? Thanks James Turnbull - -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS8/fyCFa/lDkFHAyAQL4UQgAuTLNLHb+68+tmk46Y2/beTxdpAZ9yIXE fwquPvZVroe5O5IP/9BwPmmz1LAd2nj1DZq8Wtv+Bkrt0lphO/Gzl3/xp5V0a9xt OhTyF/yWNs5BteGlh9rlEyJJYvbw6vQKQhAUiBzFYpNQ6/GHsLZPDoBvuj1s4NKl BsXJTw0h/IxwPlT/vdRu6SmvjA6N/Bcd0c0STa+bGDWIni8ieI/X7b1Cqd/GoyF1 p8wub9VEfooLjuJKReIs6VuYzrytvZwUAblsWsQX3s8xYWACS2m8EF0k2bIELkhm JkEzl3i3Y5s0ADEEu4VzpZX7/DT9c7aOswyRiAfXgONIXOyTzEDMtQ== =OICQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.