[Puppet Users] Re: firewall type
The firewall type is an experimental feature I was pondering about. It's supposed to work as the monitor and backup types in Example42 modules, that try to standardize the way you can define what to backup and monitor in a module, whatever the module(s) you may use for that. But, contrary to them, there's not yet a working implementation of the firewall type. I'm sorry for the misunderstanding. If there's is a demand for that I can try to write a sample implementation. Thanks for the notice, best regards, Al On Jun 5, 7:24 pm, Peter Berghold wrote: > I am in the process of using some of Example 42's modules and ran into a > small snag. Quite a few of them call out for a "firewall" type which does > not exist for puppet out of the box (unless i'm missing something.) > > It's not immediately apparent to me as to where to get this type, which I > assume is a plugin. Anybody steer me in the right direction? > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Where do I untar forman tarball?
Hi Mohamed, You can also try the puppet module which installs and configures Foreman - http://github.com/ohadlevy/puppet-foreman cheers, Ohad On Mon, Jun 7, 2010 at 12:33 PM, Mohamed wrote: > Please ignore.. I had skipped this somewhat relevant page: > http://theforeman.org/projects/foreman/wiki/Puppet_Reports > and I guess foreman can be unpacked anywhere! > > Mohamed. > > > On Jun 7, 12:15 am, Mohamed wrote: > > I am trying the various ways of installing as described in the wiki > > page, without much success... > > The closest I got is using a tar ball version... but when I start > > pupetmaster, I get the error: > > > > puppetmasterd[3570]: No report named 'foreman' > > > > My question is where should the tarball be expanded/installed, so ruby/ > > puppetmaster could find it? > > > > Thanks a lot. > > Mohamed. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Where do I untar forman tarball?
Please ignore.. I had skipped this somewhat relevant page: http://theforeman.org/projects/foreman/wiki/Puppet_Reports and I guess foreman can be unpacked anywhere! Mohamed. On Jun 7, 12:15 am, Mohamed wrote: > I am trying the various ways of installing as described in the wiki > page, without much success... > The closest I got is using a tar ball version... but when I start > pupetmaster, I get the error: > > puppetmasterd[3570]: No report named 'foreman' > > My question is where should the tarball be expanded/installed, so ruby/ > puppetmaster could find it? > > Thanks a lot. > Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Where do I untar forman tarball?
I am trying the various ways of installing as described in the wiki page, without much success... The closest I got is using a tar ball version... but when I start pupetmaster, I get the error: puppetmasterd[3570]: No report named 'foreman' My question is where should the tarball be expanded/installed, so ruby/ puppetmaster could find it? Thanks a lot. Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] firewall type
Was wondering about that too the README file says: Some research and sperimentation is done on: - Definition and use of enhanced abstraction classes such as backup, monitor, firewall But I could not find where it is defined or included! On Sat, Jun 5, 2010 at 1:24 PM, Peter Berghold wrote: > I am in the process of using some of Example 42's modules and ran into a > small snag. Quite a few of them call out for a "firewall" type which does > not exist for puppet out of the box (unless i'm missing something.) > > It's not immediately apparent to me as to where to get this type, which I > assume is a plugin. Anybody steer me in the right direction? > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- " Logic merely sanctions the conquests of the intuition." Jacques Hadamard -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: External Nodes Examples
Am 06.06.2010 09:53, schrieb Douglas Garstang: Just how is that going to help? If you define a default external node, the error will go away, but since your internal node is now defined as a default external node that does nothing, any future changes to the internal nodes until they are cut over and going to be ignored. Nice... nice... 1) Convert all nodes in your manifests into classes: s/^node/class/g 2) For each regexp node you encountered in step 1, replace the regexp with a descriptive name and put the regexp into your default node handler of step 3. 3) Let your default node from EN include $hostname and/or $fqdn and/or RE-label as needed. Best Regards, Da"stop bitchin', start thinkin'"vid -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Simple config question
Am 04.06.2010 18:34, schrieb Dan: Most of my machines are pretty cookie-cutter, so I have one class and config file setup for different services. For example, pretty much have one hosts.allow that goes out everywhere. However, there are always exceptions. So I have 3 hosts that have similar configs but have more things open, so what's the 'best practice' way to centralize those? Do I really need to create a whole new class and assign that one config file to it for one host? The simplest way would be to use class inheritance and override the source of the file: class extended inherits base { File["/etc/hosts.allow"]{source => ...} } A more maintainable way would be to manage the file's content more fine-grained than that. Look into the "augeas" type whether there is a lens to manage that syntax. Then you could use a simple define to wrap this all nicely into a resource you can use: define hosts_allow(...) { augeas {...} } class base { hosts_allow { ... } } class other_stuff { hosts_allow { ... } } Best Regards, David -- dasz.at OG Tel: +43 (0)664 2602670 Web: http://dasz.at Klosterneuburg UID: ATU64260999 FB-Nr.: FN 309285 g FB-Gericht: LG Korneuburg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am So den 6. Jun 2010 um 13:00 schrieb Joe McDonagh: > > But is there a way to collect both keys of a machine, the rsa _and_ the > > dss key (and maybe the rsa1 too)? I didn't find a way to solve this as > > the key is the machine name and it have to be unique. [...] > Klaus, do you all your machines by defualt actually have both DSA and > rsa types? Sure. And they get collected by facter without problems. But I am only able to disperse one of them to all hosts. > regardless, you can collect like this > > Ssh_authorized_key <<| type => "rsa" ||> > Ssh_authorized_key <<| type => "dsa" ||> Oh, seems to be a misunderstanding. I do not mean the authorized keys I do mean the host keys of the machines. (The ones found in /etc/ssh/ssh_host_{rsa,dsa}_key.pub.) Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAvRF5+OKpjRpO3lAQr7XQf7BJLkXQbPtVXDjua0ycIO49Zobg5Mpe4X td+GGONOUGfmysqr9A/jYPV01j3QueRv/i/RqqAfV6BiFQX3CWzvsJ5uP1KMoVQ4 T5GNL7ZJ3GNeuq/rgrmLLSvEc8wbgTxfaZNTHi4VYbGNsQ7vhkC67usYM6uW4WPl mBbnfibIZRpb8zOf3Aq2g9RclORxHPYgpS139AtId8NTn6uUFWHEFJLkR+K9+hGq ONx7No5S/fJKGLJkCXpQwzG5DPUeYen5FP2DsqujVMgavXVUWaaV9r5RoBcSd5hj G/zWF1H0Cjh8eZ6b16MdqWT8M203LdSvsPjwuhUumOubQUpZ2XjToA== =WRG1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 08:00 AM, Joe McDonagh wrote: > On 06/06/2010 06:16 AM, Klaus Ethgen wrote: >> Hello, >> >> I read and find a way (well, there seems to be several equal >> implementations) to collect the ssh keys of machines. However they all >> give only the choice to choose between the key formats. >> >> But is there a way to collect both keys of a machine, the rsa _and_ the >> dss key (and maybe the rsa1 too)? I didn't find a way to solve this as >> the key is the machine name and it have to be unique. >> >> Regards >>Klaus Ethgen > Klaus, do you all your machines by defualt actually have both DSA and > rsa types? regardless, you can collect like this > > Ssh_authorized_key <<| type => "rsa" ||> > Ssh_authorized_key <<| type => "dsa" ||> Slight typo there enclosed inside those little brackets it's <<| |>> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: External Nodes Examples
On Sun, Jun 6, 2010 at 3:53 AM, Douglas Garstang wrote: > > I was just doing a little research on the best way to switch over to > external nodes. It seems like you can't use a combination of the two > systems. Apparently if the external node tool can't find an external > node (because it hasn't been cut over yet), then that's a failure. > This makes moving from 'internal' nodes to external nodes BLOODY > difficult. This is currently killing me too. I also heavily used definitions in nodes for things that didn't really seem to belong in modules (one offs, mount points for admins to rummage around on the command line, the odd tweak here and there) and the inability to slowly migrate into an external node tool is infuriating because of how hard things are to test. I suppose my best bet is to back everything up, switch over and try it but that's an awkward situation. I plan to shut puppetd down on all nodes and then retest each of them by hand to ensure that things work as expected (because I've had to revamp various modules to account for how things are done with no definitions on the nodes and to change my networking too.) It's definitely an ugly solution and I can honestly see this being unfeasible for someone with a larger network than me. If I had double the hosts I simply wouldn't move to an external node classifer, no matter the benefits. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Collecting _all_ ssh keys
On 06/06/2010 06:16 AM, Klaus Ethgen wrote: > Hello, > > I read and find a way (well, there seems to be several equal > implementations) to collect the ssh keys of machines. However they all > give only the choice to choose between the key formats. > > But is there a way to collect both keys of a machine, the rsa _and_ the > dss key (and maybe the rsa1 too)? I didn't find a way to solve this as > the key is the machine name and it have to be unique. > > Regards >Klaus Ethgen Klaus, do you all your machines by defualt actually have both DSA and rsa types? regardless, you can collect like this Ssh_authorized_key <<| type => "rsa" ||> Ssh_authorized_key <<| type => "dsa" ||> -- Joe McDonagh AIM: YoosingYoonickz IRC: joe-mac on freenode L'ennui est contre-révolutionnaire -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Collecting _all_ ssh keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, I read and find a way (well, there seems to be several equal implementations) to collect the ssh keys of machines. However they all give only the choice to choose between the key formats. But is there a way to collect both keys of a machine, the rsa _and_ the dss key (and maybe the rsa1 too)? I didn't find a way to solve this as the key is the machine name and it have to be unique. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTAt1iZ+OKpjRpO3lAQpLMQf+Py9qYeIy4oYlY4Mx1LFkYIohfefYmchV 7HkUIZLsNr8MKXMLZfqB5svixYaC0T8ZC6Ap6WyVK8Y1YfkMw4hiw6u0WZjHtek2 iAeFA/m17ZcPyAtji6lSjJOHTVG8LT4GN+9dfAKmmXEGpRlZ1TQxQXH7jqE916ud Hd4xll0GgxhFPaVXeC4fLzDHQwcYjPwaoov1ULDd5xF+7jpN0/hfJyDnT7FnC2Qw xTDCpYeQPSvjB5GvjsqOvdFz+v7RLCUktdeRUq3Q+xMlcpj/aftm/w6v8CjhFL1L 6Flsx0MFLM9Y+cZ+3up3ds3tigRASN43qtYsCyWCvX4tvtbTAKMLNw== =lCF5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: FYI: Mac Configuration Management at the Los Alamos National Laboratory white paper
Hello, - "Patrick" a écrit : | On Jun 5, 2010, at 2:31 PM, Chuck wrote: | | > I am currently worried about scalability as the number of modules | and | > clients on my puppet server increases. I am planning on locating | at | > least one puppet server in each of the 4 data centers. | | I've found that very bad things Why ? I know some people here do it, with some real success. Having your master near your clients is, to me, a good thing. Use a central master to configure satellite ones. The only problem is about SSL chaining that can drive you crazy :p | > I am not finding any information on what to expect and to design | into | > my infrastructure as it matures so I don't run into any unexpected | > surprises. It sounds like some people are using puppet in large | > environments and I would like to know what the issues that have | been | > run into and if there is a way to design the environment to avoid | > these issues. I have been reading through the puppet mailing | lists, | > wiki, and documentation which has gotten me to my current use of | > apache/passenger. | | I'm not exactly sure what you want, but here's some general scaling | advice: | | If you are using storeconfigs, take a look at | http://www.masterzen.fr/2009/03/18/omg-storedconfigs-killed-my-database/ | | You probably want to use the "splay" option. Normally it won't help | much, but it will help make sure that the puppet clients don't all get | "in sync" and all try to connect to the server at once. | | I've heard that using RubyEE or JRuby can help reduce the amount of | ram you need. There's a queue daemon now, you should take a look at this -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: External Nodes Examples
Hello, - "Douglas Garstang" a écrit : | I was just doing a little research on the best way to switch over to | external nodes. It seems like you can't use a combination of the two | systems. Apparently if the external node tool can't find an external | node (because it hasn't been cut over yet), then that's a failure. | This makes moving from 'internal' nodes to external nodes BLOODY | difficult. Yup, lookup is done only in one system : node file or external nodes. | I saw this old thread where someone else was in a similar situation: | "> Well, we're trying to switch from one to the other, and was hoping | to | > not have to fully populate the external tool all at once and use it | > everywhere. | " | | And a certain person, who shall remain nameless, seems somewhat | detached from reality, when his response to that issue was: | "Then add support for a default node." | | Just how is that going to help? If you define a default external | node, | the error will go away, but since your internal node is now defined | as | a default external node that does nothing, any future changes to the | internal nodes until they are cut over and going to be ignored. | Nice... nice... I leave nodes without a definition fail but you can also setup a class that reports that this node has no entry in the external node definitions with tag or an exported file. Nico. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: External Nodes Examples
On Sat, Jun 5, 2010 at 11:53 PM, Douglas Garstang wrote: > Can someone point me to some good examples of external node use? The > documentation is pretty sparse. > > We used to pass a bunch of settings back to our modules from > definitions on the node manifests. Since external nodes don't support > definitions, I presume these definitions have go get pushed back into > a module and a class somewhere, and then included in the external > node. You effectively then include the node's class (where the > definition are) in the external node. This seems completely > counter-intuitive to me, and I must have it wrong, so I was hoping to > see some real world examples. I was just doing a little research on the best way to switch over to external nodes. It seems like you can't use a combination of the two systems. Apparently if the external node tool can't find an external node (because it hasn't been cut over yet), then that's a failure. This makes moving from 'internal' nodes to external nodes BLOODY difficult. I saw this old thread where someone else was in a similar situation: "> Well, we're trying to switch from one to the other, and was hoping to > not have to fully populate the external tool all at once and use it > everywhere. " And a certain person, who shall remain nameless, seems somewhat detached from reality, when his response to that issue was: "Then add support for a default node." Just how is that going to help? If you define a default external node, the error will go away, but since your internal node is now defined as a default external node that does nothing, any future changes to the internal nodes until they are cut over and going to be ignored. Nice... nice... Doug. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.