Re: [Puppet Users] Have I found a bug with variables in nodes?
On Fri, May 14, 2010 at 6:01 PM, Nigel Kersten wrote: > > > On Fri, May 14, 2010 at 1:42 PM, Paul Lathrop wrote: > >> >>> Assuming the client has puppeted at least once against that server. >> This >> >>> won't work for bootstrapping a client though will it? >> >> >> >> it does, the facts yaml file is created before the external node >> >> classifier is called ;) >> > >> > Whoa. This should be called out in the external node docs, as I simply >> > assumed this happened after the node classifier is called. >> >> +1000 >> >> > I did some tests as I didn't quite trust this :) and it's absolutely true. > > So my plan is for my external node provider > do you mean node classifier? Are you using provider in the traditional Puppet sense? > to redirect clients that haven't provided facts to a "bootstrap" > environment that contains the bare minimum facts that are required to work > out what environment they should be in, and then my puppetd wrapper scripts > to detect that a bootstrap run has occurred (probably a file set to be > present on the bootstrap run and absent on all other runs) and re-run. > Nigel, I think this answers your question: write a fact that returns the current environment. during provisioning, set environment to 'bootstrap'. in your classifier, set a parameter called $puppet_environment that is used in your puppet class to update environment in puppet.conf. > How could we achieve the same functionality within puppetd itself? I can't > think of a way this could be done right now with it running as a daemon. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Have I found a bug with variables in nodes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/05/10 6:42 AM, Paul Lathrop wrote: Assuming the client has puppeted at least once against that server. This won't work for bootstrapping a client though will it? >>> >>> it does, the facts yaml file is created before the external node >>> classifier is called ;) >> >> Whoa. This should be called out in the external node docs, as I simply >> assumed this happened after the node classifier is called. > > +1000 I've updated the External Nodes documentation with this and it'll appear when I next push the site. Regards James Turnbull - -- Author of: * Pro Linux System Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS+35siFa/lDkFHAyAQIaagf7B5DsWLLNxAa+m3mZ5NWSNqpSIcPqP+zw u7cvjoF82SCBhWvgwwQBuy1H/9KWMpd814Oo7BiCYH6KQqs6lI6v+A8FO7G4m3bB 96Yd27v7c8xMc2J5PZ3H6UIT0bekPGWpLYsKb/rzwpqCo4ZqdDpm+rabAnhuF1SZ MKcP1kkPJR33p2HyzNhn//hg8bk0sQrB9lXUNk4aPpZb09+CL3bUhbD3giN717XJ 0HGbmu4OaIpMl4FpiksBAgeHrabOGTNmBRh+3hBpcZV/YaF9uhrJubc5Kf/5F5hS f8gYQQuNsFww1pFXGOzNwR9HXeB2t8Q8E95bfqFnqf+TkYJDu8EBwg== =7EAj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Unable to retrieve files from puppet server (Errror 400)
On Fri, May 14, 2010 at 5:11 PM, josbal wrote: > Hi Nigel, > > Yes i am using environments. I have a production (default) > environement and a testing environment. > > All my hosts us the production environment currently. > > Here is what my puppetmasterd puppet.conf file looks like: > > [main] ># Where Puppet stores dynamic and growing data. ># The default value is '/var/puppet'. >vardir = /var/lib/puppet > ># The Puppet log directory. ># The default value is '$vardir/log'. >logdir = /var/log/puppet > ># Where Puppet PID files are kept. ># The default value is '$vardir/run'. >rundir = /var/run/puppet > ># Where SSL certificates are kept. ># The default value is '$confdir/ssl'. >ssldir = $vardir/ssl > ># Manifest Files for production servers >manifest = /etc/puppet/default/site.pp >modulepath = /etc/puppet/default/modules > >pluginsync = true >factpath = $vardir/lib/facter > > [puppetd] ># The file in which puppetd stores a list of the classes ># associated with the retrieved configuratiion. Can be loaded in ># the separate ``puppet`` executable using the ``--loadclasses`` ># option. ># The default value is '$confdir/classes.txt'. >classfile = $vardir/classes.txt > ># Where puppetd caches the local configuration. An ># extension indicating the cache format is added automatically. ># The default value is '$confdir/localconfig'. >localconfig = $vardir/localconfig > ># Allow puppetrunner to start catalogue run. >listen = true > ># Reporting for catalogue run. >report = true > > [puppetmasterd] >reports = store >storeconfigs = true >dbadapter = mysql >dbname = puppet >dbuser = puppet >dbpassword = puppet >dbserver = localhost >dbsocket = /var/lib/mysql/mysql.sock > >ssl_client_header = SSL_CLIENT_S_DN >ssl_client_verify_header = SSL_CLIENT_VERIFY > > # Testing Environment > [testing] > ># Manifest Files for testing environment >manifest = /etc/puppet/testing/site.pp >modulepath = /etc/puppet/testing/modules > > > > Do you mean if im using production environment i should put > environment=production in to the client puppet.conf file, rather then > let puppet select that environment as the default? > So my experience may not be useful here, as I've come across some bugs when you have one environment specified in the config file and another environment is returned by a fact called 'environment'. I haven't had time to nail them down into a bug report, and since I worked out external node providers can access the client facts, I'm going to move towards the provider setting the environment. Anyway, does this get resolved if you pass --environment production on the command line or put it in the client config file? If so, then we're probably both tickling the same bug. I don't see an actual production environment defined there though... > > > On May 15, 1:55 am, Nigel Kersten wrote: > > On Thu, May 13, 2010 at 7:55 PM, josbal > wrote: > > > Have you found a solution to this problem? I am having the same issue > > > after upgrading to puppet 0.25.4 and passenger. > > > > > The error message im getting is: Error 400 on SERVER: Not authorized > > > to call find on /file_metadata/hp_psp/opsywnsr0099.aus.optiver.com.pem > > > Could not retrieve file metadata for > > > puppet:///hp_psp/opsywnsr0099.aus.optiver.com.pem > > > > > This will intermittently be reported on client's puppet runs and then > > > the next run may work correctly. > > > > > Any help with this would be appreciated. > > > > Are you both using environments? How are you specifying the client > > environment? If you specify it on the command line or in the config file > > (assuming you aren't already) does this problem go away? > > > > > > > > > > > > > > > > > On Apr 11, 9:57 pm, Mark Nelson wrote: > > > > Hello > > > > > > I am using the following software - > > > > > > *Operating System: > > > > > > *Scientific Linux SL release 5.3 (Boron), Scientific Linux is a > rebuild > > > > of Redhat Enterprise > > > > > > *Ruby version:* > > > > > > ruby-shadow-1.4.1-7.el5.x86_64 > > > > ruby-irb-1.8.5-5.el5_3.7.x86_64 > > > > grub-0.97-13.2.x86_64 > > > > ruby-libs-1.8.5-5.el5_3.7.x86_64 > > > > ruby-rdoc-1.8.5-5.el5_3.7.x86_64 > > > > ruby-1.8.5-5.el5_3.7.x86_64 > > > > ruby-augeas-0.3.0-1.el5.x86_64 > > > > ruby-ldap-0.9.7-3.el5.x86_64 > > > > > > *Puppet Version: > > > > > > *puppet-0.25.4-1.el5.noarch > > > > puppet-server-0.25.4-1.el5.noarch > > > > > > I am getting an "Error 400 message" when I try to download a file > from > > > > the puppet server I'm getting the following error when running puppet > > > > --test -dv > > > > > > err: //dns/File[/etc/resolv.conf]: Failed to retrieve current state > of > > > > resource: Error 400 on SERVER: Not authorized to call find on > > > > /file_metadata/common/etc/resolv.conf Could not retrieve file > metadata > > > > for puppet://
Re: [Puppet Users] Have I found a bug with variables in nodes?
On Fri, May 14, 2010 at 1:42 PM, Paul Lathrop wrote: > >>> Assuming the client has puppeted at least once against that server. > This > >>> won't work for bootstrapping a client though will it? > >> > >> it does, the facts yaml file is created before the external node > >> classifier is called ;) > > > > Whoa. This should be called out in the external node docs, as I simply > > assumed this happened after the node classifier is called. > > +1000 > > I did some tests as I didn't quite trust this :) and it's absolutely true. So my plan is for my external node provider to redirect clients that haven't provided facts to a "bootstrap" environment that contains the bare minimum facts that are required to work out what environment they should be in, and then my puppetd wrapper scripts to detect that a bootstrap run has occurred (probably a file set to be present on the bootstrap run and absent on all other runs) and re-run. How could we achieve the same functionality within puppetd itself? I can't think of a way this could be done right now with it running as a daemon. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Unable to retrieve files from puppet server (Errror 400)
Hi Nigel, Yes i am using environments. I have a production (default) environement and a testing environment. All my hosts us the production environment currently. Here is what my puppetmasterd puppet.conf file looks like: [main] # Where Puppet stores dynamic and growing data. # The default value is '/var/puppet'. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl # Manifest Files for production servers manifest = /etc/puppet/default/site.pp modulepath = /etc/puppet/default/modules pluginsync = true factpath = $vardir/lib/facter [puppetd] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig # Allow puppetrunner to start catalogue run. listen = true # Reporting for catalogue run. report = true [puppetmasterd] reports = store storeconfigs = true dbadapter = mysql dbname = puppet dbuser = puppet dbpassword = puppet dbserver = localhost dbsocket = /var/lib/mysql/mysql.sock ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY # Testing Environment [testing] # Manifest Files for testing environment manifest = /etc/puppet/testing/site.pp modulepath = /etc/puppet/testing/modules Do you mean if im using production environment i should put environment=production in to the client puppet.conf file, rather then let puppet select that environment as the default? On May 15, 1:55 am, Nigel Kersten wrote: > On Thu, May 13, 2010 at 7:55 PM, josbal wrote: > > Have you found a solution to this problem? I am having the same issue > > after upgrading to puppet 0.25.4 and passenger. > > > The error message im getting is: Error 400 on SERVER: Not authorized > > to call find on /file_metadata/hp_psp/opsywnsr0099.aus.optiver.com.pem > > Could not retrieve file metadata for > > puppet:///hp_psp/opsywnsr0099.aus.optiver.com.pem > > > This will intermittently be reported on client's puppet runs and then > > the next run may work correctly. > > > Any help with this would be appreciated. > > Are you both using environments? How are you specifying the client > environment? If you specify it on the command line or in the config file > (assuming you aren't already) does this problem go away? > > > > > > > > > On Apr 11, 9:57 pm, Mark Nelson wrote: > > > Hello > > > > I am using the following software - > > > > *Operating System: > > > > *Scientific Linux SL release 5.3 (Boron), Scientific Linux is a rebuild > > > of Redhat Enterprise > > > > *Ruby version:* > > > > ruby-shadow-1.4.1-7.el5.x86_64 > > > ruby-irb-1.8.5-5.el5_3.7.x86_64 > > > grub-0.97-13.2.x86_64 > > > ruby-libs-1.8.5-5.el5_3.7.x86_64 > > > ruby-rdoc-1.8.5-5.el5_3.7.x86_64 > > > ruby-1.8.5-5.el5_3.7.x86_64 > > > ruby-augeas-0.3.0-1.el5.x86_64 > > > ruby-ldap-0.9.7-3.el5.x86_64 > > > > *Puppet Version: > > > > *puppet-0.25.4-1.el5.noarch > > > puppet-server-0.25.4-1.el5.noarch > > > > I am getting an "Error 400 message" when I try to download a file from > > > the puppet server I'm getting the following error when running puppet > > > --test -dv > > > > err: //dns/File[/etc/resolv.conf]: Failed to retrieve current state of > > > resource: Error 400 on SERVER: Not authorized to call find on > > > /file_metadata/common/etc/resolv.conf Could not retrieve file metadata > > > for puppet://puppet/common/etc/resolv.conf: Error 400 on SERVER: Not > > > authorized to call find on /file_metadata/common/etc/resolv.conf at > > > /etc/puppet/manifests/classes/dns.pp:8 > > > > Running the puppermasterd in debug mode produces the following error > > > message > > > > info: mount[files]: allowing * access > > > err: Not authorized to call find on /file_metadata/common/etc/resolv.conf > > > > Both the client and the server are running on the same machine. There > > > are references to similar issues in puppet 0.25.1 I'm not sure if these > > > issues are fixed in 0.25.4 > > > > My configuration files are as follows - > > > > *Auth.conf * > > > > # inconditionnally allow access to all files services > > > # which means in practice that fileserver.conf will > > > # still be used > > > path /file > > > allow * > > > > *Fileserver.conf > > > > *[files] > > > path /etc/puppet/files > > > #allow *.int.t
[Puppet Users] Re: Cannot make autosign works
Ok, I may got what went wrong. Since I'm using puppet in a ubuntu distro, I installed it from repositories, which setup everything to run with puppet user, including file permissions. But after installing it, I only run the puppetmaster it with sudo and --no-daemonize to see messages and stuff. My guess that this prevented puppetmaster to properly access CA files, and hence produced the error. From that point on I just make everything worse by playing around with puppetca --clean --all. Could that be it? Anyway, since I'm just playing with it I thrown away the instances and start from scratch. After installing it I just edit the autosign.conf and did not run puppetmasterd by hand, running it as daemon, and everything worked fine. Since my goal is to learn puppet, I would like to ask for some help from you guys with the following questions: * The explanation abaove makes sense? * Since puppetmasterd runs under puppet user account, and everything located in /etc/puppet/* is by default setted for user root, should I change permissions to make it work? Thanks again for all the help. I also did not reply all answers individually, but I have read them all and all referenced documents (I'm doing my homework :)). Thanks all!! Best regards -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Puppet Servers
On May 14, 1:39 pm, Ken wrote: > Also I just realised - if the client does it using SRV with weights > and priorities - you get global server load balancing built in. Cool > bananas. > > ken. That exact functionality is actually a big benefit to me. As an example we have multiple geo locations, with each location having 1+ room. Getting the global availability is very nice. I'd certainly like to avoid the tricks that can be played with Anycast and dynamic DNS views. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: External Nodes
Speaking of external nodes.. Any decent tutorials out there for someone that has no idea where to start? ;) -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Ken Sent: Friday, May 14, 2010 4:28 PM To: Puppet Users Subject: [Puppet Users] Re: External Nodes > What you gain is truly node-scoped variables (AWESOME). Contrary to > Ken's assertion about global variables, instead you have your external > node script place variables into the output YAML; these variables are > then available to all the classes and resources that apply to that > node. I apologise for the semantic confusion :-). I meant 'variables of global scope' in the sense you have stated here - ie. scoped to the node and its imported classes/resources. My use of Puppet DSL was to show the functional equivalent of what effect you get in external nodes - I was hoping with an example it would explain what I meant :-). Although I believe using external nodes places class/variables at 'top scope' which is one level above a node ... kind of like stuffing your imported external node config into site.pp for each node run dynamically (hehehe - I hope that makes sense). > External nodes is 100% awesome, I think you just haven't taken the > time to really understand it. Agreed. Douglas - further to the spirit of what Paul is getting at - you shouldn't abandon the idea of using external nodes until you give it a go. I believe it is possible to mix your existing config with external nodes so you can try it out and see if you like it. We are moving to external nodes due to the sheer number of nodes we have to support. Using a text file with puppet DSL is no longer viable - large changes are slow to perform - and even with some performance tuning the files take half a minute to parse. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: External Nodes
> What you gain is truly node-scoped variables (AWESOME). Contrary to > Ken's assertion about global variables, instead you have your external > node script place variables into the output YAML; these variables are > then available to all the classes and resources that apply to that > node. I apologise for the semantic confusion :-). I meant 'variables of global scope' in the sense you have stated here - ie. scoped to the node and its imported classes/resources. My use of Puppet DSL was to show the functional equivalent of what effect you get in external nodes - I was hoping with an example it would explain what I meant :-). Although I believe using external nodes places class/variables at 'top scope' which is one level above a node ... kind of like stuffing your imported external node config into site.pp for each node run dynamically (hehehe - I hope that makes sense). > External nodes is 100% awesome, I think you just haven't taken the > time to really understand it. Agreed. Douglas - further to the spirit of what Paul is getting at - you shouldn't abandon the idea of using external nodes until you give it a go. I believe it is possible to mix your existing config with external nodes so you can try it out and see if you like it. We are moving to external nodes due to the sheer number of nodes we have to support. Using a text file with puppet DSL is no longer viable - large changes are slow to perform - and even with some performance tuning the files take half a minute to parse. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Have I found a bug with variables in nodes?
>>> Assuming the client has puppeted at least once against that server. This >>> won't work for bootstrapping a client though will it? >> >> it does, the facts yaml file is created before the external node >> classifier is called ;) > > Whoa. This should be called out in the external node docs, as I simply > assumed this happened after the node classifier is called. +1000 --Paul -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Puppet Servers
> I've been waiting forhttp://projects.puppetlabs.com/issues/1866 > (Support for specification of multiple servers). 3669 looks to > duplicate a lot of the functionality. The obvious difference being > static config or SRV records providing the list of available hosts. > Personally I'd be pleased with either one. Agreed. Looks like the features are tied. To deliver all the failover-style discussed functionality of 3669 you would have to provide the underlying hooks to 1866 anyway. You liking this scope creep yet James? :-). DK> Shouldn't your load balancing take care of that, then? True. My own problem is that it requires another team to implement LB which adds time and effort. The problem is not technical but logistical/ procedural. Also I just realised - if the client does it using SRV with weights and priorities - you get global server load balancing built in. Cool bananas. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: External Nodes
You are getting a bunch of misguided answers to this. I'm also
perplexed by your assertion that external nodes requires you to write
custom scripts to parse node manifests.
No, you cannot put resources directly into nodes when you are using
external nodes. In practice, this hasn't mattered; you wrap your
resources in a class, done.
What you gain is truly node-scoped variables (AWESOME). Contrary to
Ken's assertion about global variables, instead you have your external
node script place variables into the output YAML; these variables are
then available to all the classes and resources that apply to that
node.
You don't have to do any parsing of manifests at all. Here's Digg's
external node script:
http://github.com/digg/clusto/blob/master/src/scripts/clusto-puppet-node
It does no parsing of manifests. It also demonstrates some other
things you get using external nodes; the ability to enforce
environments on your clients, for example (useful if you want it), or
the ability to determine your own model of node inheritance (actually
not very obvious in that code, but we manage inheritance using clusto
pools, so the attributes a node end up with are usually defined at the
pool level rather than on the individual node).
External nodes is 100% awesome, I think you just haven't taken the
time to really understand it.
--Paul
On Thu, May 13, 2010 at 10:04 AM, Douglas Garstang
wrote:
> On Thu, May 13, 2010 at 9:53 AM, Ken wrote:
>> Yes your write - you can only really do the equiv of:
>>
>> node foo {
>> $bar = "bleah"
>> include some_class
>> }
>>
>> No resources. So really your left using a swarm of global vars that
>> can passed down to the resources you have show above which are stored
>> in a class. So something like:
>
> OMG. That's absolutely awful!
>
>>
>> node foo {
>> $software1_version = "t.981-1"
>> $software1_addons = "1.6-1"
>> include my_software
>> }
>>
>> Which works - but is less then ideal because your muddy you have a
>> muddy global namespace.
>>
>> However - one solution is being addressed in Rowlf with parameterized
>> classes I believe - which at least allow you to group vars as apposed
>> to using global vars. So something like:
>>
>> node foo {
>> include some_class {
>> param1 => "foo",
>> param2 => "bar",
>> }
>> }
>>
>> Will be possible using external nodes I believe. I seem to recall
>> Puppet Dashboard (the gui that provides external node support) also
>> being able to support this.
>>
>> ken.
>
> Back to parsing the node manifest until external nodes mature a bit.
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Cannot make autosign works
Hmm Does this thread help you? We should fix the error message, also, IMHO. http://markmail.org/message/aydpf243lu6uub5a#query:uninitialized%20constant%20Puppet%3A%3ANetwork%3A%3AAuthStore+page:1+mid:lelvuzkis2xzruyc+state:results --Michael On Thu, May 13, 2010 at 7:15 PM, Eric wrote: > Thanks all. > > I've removed the entire ssl dir as suggested and started puppetmaster > again but got the following error: > > ubu...@domu-12-31-39-00-65-47:~$ sudo rm -rf /var/lib/puppet/ssl > ubu...@domu-12-31-39-00-65-47:~$ sudo puppetmasterd --verbose --no- > daemonize > info: Creating a new SSL key for ca > info: Creating a new SSL certificate request for ca > notice: Signed certificate request for ca > notice: Rebuilding inventory file > info: Creating a new certificate revocation list > info: Creating a new SSL key for > domu-12-31-39-00-65-47.compute-1.internal > info: Creating a new SSL certificate request for > domu-12-31-39-00-65-47.compute-1.internal > notice: domu-12-31-39-00-65-47.compute-1.internal has a waiting > certificate request > /usr/lib/ruby/1.8/puppet/ssl/certificate_authority.rb:91:in > `autosign_store': uninitialized constant Puppet::Network::AuthStore > (NameError) > from /usr/lib/ruby/1.8/puppet/ssl/certificate_authority.rb:67:in > `autosign' > from /usr/lib/ruby/1.8/puppet/ssl/certificate_request.rb:48:in `save' > from /usr/lib/ruby/1.8/puppet/ssl/host.rb:147:in > `generate_certificate_request' > from /usr/lib/ruby/1.8/puppet/ssl/host.rb:175:in `generate' > from /usr/lib/ruby/1.8/puppet/ssl/host.rb:27:in `init_localhost' > from /usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `send' > from /usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `cached_value' > from /usr/lib/ruby/1.8/puppet/util/cacher.rb:46:in `localhost' > from /usr/lib/ruby/1.8/puppet/application/puppetmasterd.rb:93:in > `main' > from /usr/lib/ruby/1.8/puppet/application.rb:226:in `send' > from /usr/lib/ruby/1.8/puppet/application.rb:226:in `run_command' > from /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' > from /usr/lib/ruby/1.8/puppet/application.rb:306:in `exit_on_fail' > from /usr/lib/ruby/1.8/puppet/application.rb:217:in `run' > from /usr/sbin/puppetmasterd:66 > ubu...@domu-12-31-39-00-65-47:~$ > > Thanks for all the help. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
Somewhere in the 20-40 minute range. I don't think it's been quite decided yet. On Fri, May 14, 2010 at 1:49 PM, Joe McDonagh wrote: > On 05/14/2010 01:21 PM, Michael DeHaan wrote: >> >> The afternoon during the USENIX Configuration Management workshop is >> going to be for set user talks + a barcamp format. >> Currently the organizers are looking for folks to do some user topics, >> such as "How I used X to do Foo", or "Automating a Blarg" or ... maybe >> you've got something more exciting :) >> >> If you were planning on going and interested, let me know, and I'll >> hook you up with the organizers. >> >> (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so >> I hope to see lots of Puppet people in Boston, one way or the other!) >> >> http://www.usenix.org/event/config10/ >> >> --Michael >> >> > > How long are the time-slots? > > -- > -- > Joe McDonagh > Operations Engineer > AIM: YoosingYoonickz > IRC: joe-mac on freenode > "When the going gets weird, the weird turn pro." > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple Puppet Servers
On Fri, May 14, 2010 at 2:26 PM, Kinzel, David wrote: >>Hi, >> >>Is there any way to define multiple puppet servers in client >>configuration so that if my one puppet server is down then my >>production config changes can be applied from other puppet server. I >>am using apache and Mongrel for puppet load balancing. >> > > Shouldn't your load balancing take care of that, then? *yes* .. that, or as mentioned round robin DNS works, provided you have your trust set up correctly. We recommend using just one host as the certificate authority though, and then you just make sure the same puppet manifests are checked out on all nodes. IMHO we need better docs on setting up trust in the those configurations on our web site -- pointers on how people are doing it today would be good to include. --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Multiple Puppet Servers
>Hi, > >Is there any way to define multiple puppet servers in client >configuration so that if my one puppet server is down then my >production config changes can be applied from other puppet server. I >am using apache and Mongrel for puppet load balancing. > Shouldn't your load balancing take care of that, then? This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Join AD using Likewise
Just to put my $0.02 in... the 'exec' command is similar in my setup -
but I do a little bit of maintenance as well (like a customized
lsassd.conf file) - Note I also unwrapped the .rpm files so I could
put them in a serviced repo... :
class likewise {
$rpmlist = [ "likewise-lwio",
"likewise-pstore",
"likewise-domainjoin",
"likewise-lwreg",
"likewise-rpc",
"likewise-eventlog",
"likewise-mod-auth-kerb",
"likewise-sqlite",
"likewise-krb5",
"likewise-netlogon",
"likewise-srvsvc",
"likewise-libxml2",
"likewise-openldap",
"likewise-lsass",
"likewise-passwd",
"likewise-base"]
package { $rpmlist :
ensure => latest ,
notify => Exec["joindomain"]
}
file { "/etc/likewise/lsassd.conf" :
owner => "root",
group => "root",
mode => 444,
source => "puppet:///modules/likewise/lsassd.conf",
notify => Service["lsassd"]
}
exec { "joindomain" :
path => "/usr/bin:/usr/sbin:/bin:/opt/likewise/bin",
command => "domainjoin-cli join redacted.net
DOMAINADMIN DOMAINPASSWORD",
refreshonly => true,
}
service { lsassd:
ensure => running
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Jobs: TomTom recruiting at Puppet Camp Europe
(As there is no puppet-jobs list) TomTom Services & Delivery is currently looking for new staff with Puppet experience at all levels from operations to architecture. Our Technical Operations team is based in Amsterdam in the Netherlands and manages a large environment of Red Hat servers. A few of my colleagues and I will be at Puppet Camp Europe at the end of the month and would like talk to passionate Linux engineers with knowledge and experience of configuration management systems who would be interested in working for TomTom. If you are interested and will be at the event please get in touch before hand so we can arrange a meeting. If you're not going to Puppet Camp but are still think you're the sort of person we're looking for then we would certainly like to hear from you as well. A full listing of our job openings can be found at http://www.tomtom.com/about/jobs/index.php?ID=3&Language=1 Best regards, -- Douglas Fraser | Systems Engineer Technical Operations | TomTom S&D -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Join AD using Likewise
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/10 23:40, Taylor wrote:
> Hi All,
>
> I'm reading the docs and various references available for Puppet but
> can't seem to find a better way of accomplishing my goal of binding my
> Linux Servers to Active Directory. (Please don't berate me for the
> premise.)
>
> class likewise{
> file { likewise-preseed:
> path => "/var/cache/debconf/likewise.preseed"
> owner => root,
> group => root,
> mode => 400,
> source => "puppet:///likewise/likewise.preseed"
> }
>
> package{
> likewise-open: ensure => latest,
> responsefile => "/var/cache/debconf/likewise.preseed",
> require => file[likewise-preseed]
Hi,
Thanks for this manifest, I'm going to use this.
One quick question, What did you have in your likewise.preseed file as
debconf-show is telling me there are no preseedable options for it?
Thanks.
Regards,
Tom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvtib0ACgkQOZBvfQY8NVrvBQCgj8wWLS4StOXoRGSH1AuN+XWs
JF0An2He+5dZyHLoBuXTkJjRVVZMPX4x
=Jwa2
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
On 05/14/2010 01:21 PM, Michael DeHaan wrote: The afternoon during the USENIX Configuration Management workshop is going to be for set user talks + a barcamp format. Currently the organizers are looking for folks to do some user topics, such as "How I used X to do Foo", or "Automating a Blarg" or ... maybe you've got something more exciting :) If you were planning on going and interested, let me know, and I'll hook you up with the organizers. (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so I hope to see lots of Puppet people in Boston, one way or the other!) http://www.usenix.org/event/config10/ --Michael How long are the time-slots? -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode "When the going gets weird, the weird turn pro." -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Want to talk at the USENIX Configuration Workshop (Boston, Thursday, June 24)
The afternoon during the USENIX Configuration Management workshop is going to be for set user talks + a barcamp format. Currently the organizers are looking for folks to do some user topics, such as "How I used X to do Foo", or "Automating a Blarg" or ... maybe you've got something more exciting :) If you were planning on going and interested, let me know, and I'll hook you up with the organizers. (Note: we'll also be presenting at Red Hat Summit on Wednesday -- so I hope to see lots of Puppet people in Boston, one way or the other!) http://www.usenix.org/event/config10/ --Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: multiple OS support conventions?
On May 12, 1:03 am, Rohan McGovern wrote:
> I've been doing it like this, for an example module
> named "baselayout":
>
> modules/baselayout/manifests/init.pp:
>
> import "*"
> class baselayout {
> case $operatingsystem {
> Darwin: { include baselayout::mac }
> OpenSuSE: { include baselayout::suse }
> }
> }
>
> modules/baselayout/manifests/mac.pp:
>
> class baselayout::mac {
> ...
> }
>
> modules/baselayout/manifests/suse.pp:
>
> class baselayout::suse {
> ...
> }
>
> ... etc. I've just started, so there could be problems with this I
> haven't hit yet.
+1 on this method. I handle it pretty much the same way. The
difference would be using a modulename::base class for all of the
common setup. Depending on the specific child classes they can then
inherit modulename::base or include it. A simple exmaple can be seen
in the Camp to Camp augeas module[1]. In general I try to avoid using
parameter selectors for this type of customization.
[1]
http://github.com/camptocamp/puppet-augeas/blob/master/manifests/classes/augeas.pp
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Puppet Servers
On May 13, 10:53 pm, Abhishek wrote: > Hi, > > Is there any way to define multiple puppet servers in client > configuration so that if my one puppet server is down then my > production config changes can be applied from other puppet server. I > am using apache and Mongrel for puppet load balancing. I've been waiting for http://projects.puppetlabs.com/issues/1866 (Support for specification of multiple servers). 3669 looks to duplicate a lot of the functionality. The obvious difference being static config or SRV records providing the list of available hosts. Personally I'd be pleased with either one. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 0.25.5 - Release Candidate 3 available!
James Turnbull wrote: > The release candidate is available at: > > http://puppetlabs.com/downloads/puppet/puppet-0.25.5rc3.tar.gz For thoae using Fedora or RHEL/CentOS, I've updated the yum repos at: http://tmz.fedorapeople.org/repo/puppet/ Packages for EL 4 - 6 and Fedora 11 - 13 are available for testing. Add the puppet.repo file from either the epel or fedora directories to /etc/yum.repos.d to enable. -- ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Reason obeys itself; and ignorance does whatever is dictated to it. -- Thomas Paine pgpfUVNe3x0fl.pgp Description: PGP signature
Re: [Puppet Users] Re: Unable to retrieve files from puppet server (Errror 400)
On Thu, May 13, 2010 at 7:55 PM, josbal wrote: > Have you found a solution to this problem? I am having the same issue > after upgrading to puppet 0.25.4 and passenger. > > The error message im getting is: Error 400 on SERVER: Not authorized > to call find on /file_metadata/hp_psp/opsywnsr0099.aus.optiver.com.pem > Could not retrieve file metadata for > puppet:///hp_psp/opsywnsr0099.aus.optiver.com.pem > > This will intermittently be reported on client's puppet runs and then > the next run may work correctly. > > Any help with this would be appreciated. > Are you both using environments? How are you specifying the client environment? If you specify it on the command line or in the config file (assuming you aren't already) does this problem go away? > > On Apr 11, 9:57 pm, Mark Nelson wrote: > > Hello > > > > I am using the following software - > > > > *Operating System: > > > > *Scientific Linux SL release 5.3 (Boron), Scientific Linux is a rebuild > > of Redhat Enterprise > > > > *Ruby version:* > > > > ruby-shadow-1.4.1-7.el5.x86_64 > > ruby-irb-1.8.5-5.el5_3.7.x86_64 > > grub-0.97-13.2.x86_64 > > ruby-libs-1.8.5-5.el5_3.7.x86_64 > > ruby-rdoc-1.8.5-5.el5_3.7.x86_64 > > ruby-1.8.5-5.el5_3.7.x86_64 > > ruby-augeas-0.3.0-1.el5.x86_64 > > ruby-ldap-0.9.7-3.el5.x86_64 > > > > *Puppet Version: > > > > *puppet-0.25.4-1.el5.noarch > > puppet-server-0.25.4-1.el5.noarch > > > > I am getting an "Error 400 message" when I try to download a file from > > the puppet server I'm getting the following error when running puppet > > --test -dv > > > > err: //dns/File[/etc/resolv.conf]: Failed to retrieve current state of > > resource: Error 400 on SERVER: Not authorized to call find on > > /file_metadata/common/etc/resolv.conf Could not retrieve file metadata > > for puppet://puppet/common/etc/resolv.conf: Error 400 on SERVER: Not > > authorized to call find on /file_metadata/common/etc/resolv.conf at > > /etc/puppet/manifests/classes/dns.pp:8 > > > > Running the puppermasterd in debug mode produces the following error > > message > > > > info: mount[files]: allowing * access > > err: Not authorized to call find on /file_metadata/common/etc/resolv.conf > > > > Both the client and the server are running on the same machine. There > > are references to similar issues in puppet 0.25.1 I'm not sure if these > > issues are fixed in 0.25.4 > > > > My configuration files are as follows - > > > > *Auth.conf * > > > > # inconditionnally allow access to all files services > > # which means in practice that fileserver.conf will > > # still be used > > path /file > > allow * > > > > *Fileserver.conf > > > > *[files] > > path /etc/puppet/files > > #allow *.int.tardis.cx > > allow * > > #deny *.examp > > > > Thanks > > > > Mark. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- nigel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Provisioning VM in Xen via Puppet - Howto??
On 12 May 2010 16:13, Thomas Bellman wrote:
> [..]
> I don't create the logical volumes automatically, nor do I
> partition or create filesystems on them automatically, to lessen
> the risk of destroying important data.
Good info. I do much the same - logical vols are managed by hand first.
Then initial booting of the domU is handled automatically with notify's to
some exec{}'s so I don't have to log back in. Like:
exec { "xm_create_${domu_name}":
command => "/usr/sbin/xm create /etc/xen/auto/${domu_name}",
unless => "/usr/sbin/xm list ${domu_name} > /dev/null",
refreshonly => true,
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple Puppet Servers
On Thu, 2010-05-13 at 22:53 -0700, Abhishek wrote: > Hi, > > Is there any way to define multiple puppet servers in client > configuration so that if my one puppet server is down then my > production config changes can be applied from other puppet server. I > am using apache and Mongrel for puppet load balancing. > > Multiple A records and Round Robin DNS? (Caveat: I've never tried this but in theory it should work! :) ) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-module-apache
On 5/12/2010 2:15 AM, Paul Lathrop wrote: Hey all, I've open-sources Digg's apache module: http://github.com/plathrop/puppet-module-apache I know this isn't much more advanced than what I've seen a lot of people using. Here's my proposition, though. Let's get all the disparate "apache" modules out there merged together into One Awesome Module. What do you think? Thanks for starting this! Here's my refined version of one of the "original" implementations: http://github.com/puppet-modules/puppet-apache This modules was started by Tim Stoop "back when". Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
