Re: [Puppet Users] A WTF moment brought to you by Puppet + [confused] nscd

[Trevor Vaughan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Some admins that I have known in the past would change root to something
else and have a different account with UID=0.

The UID is all that matters, you could have the account bob52 be UID 0
if you wanted to.

Trevor

On 07/20/2010 01:07 PM, Rob McBroom wrote:
> On Jul 20, 2010, at 10:40 AM, Jonathan Share wrote:
> 
>> Any reason for not specifying the uid parameter for the user?
> 
> Well, just that I’m not looking to “change” the UID so I shouldn’t need to 
> mention it at all. After what happened yesterday though, I’m considering it.
> 

- -- 
Trevor Vaughan
 Vice President, Onyx Point, Inc.
 email: tvaug...@onyxpoint.com
 phone: 410-541-ONYX (6699)
 pgp: 0x6C701E94

- -- This account not approved for unencrypted sensitive information --
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJMRlSMAAoJECNCGV1OLcyppF8H/0bap/hY/8/ksjz3unzFKjdD
w0DprOYSmtQQ5RCHcWNSX5nwmdAIJFFCwWbHjfbEjqGDofTo/TBrqff7rwnKxatI
Nz1yUkXuhcyFR5hYnRka9QuWTOS4ScKxJhkInE6732Ox2QzdQlXAcK5FLvq/ItpB
9qT5GpM0ixy3GKn4mqtCh7LHy+wbI1ZF5VIkpC+ujFB2NsgZBq9R5dx7T0ef8ZE3
CfLPoZytxlrht5Lx3a3WQXrCksUofQpX0Fm96oL0gaFGQQnZmQXJexETqlKXtp7i
bUC/gVpCsFuNckHLzyQUWRbd21jMpTfz0BX3BT02SfeRUsaK7V6H7WRVlf431M4=
=2RMM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

<>

Re: [Puppet Users] Re: Distributing passwd/group/shadow

[Daniel Pittman]

Rob McBroom  writes:
> On Jul 20, 2010, at 9:15 AM, noob-puppeteer wrote:
>
>> In the case of LDAP, how would this work? Would you store your entire
>> puppet config in LDAP or just the user information?

You can do both — nodes in LDAP, at least — but I meant only the user and
group information.

>> I am looking documentation for storing all puppet info in LDAP, and that is
>> a bit unwieldy, since all configuration is stored as key-value pairs. Its
>> almost another language on top of puppet.

I don't use it, because I don't much like it either. :)

> I think he was referring to using LDAP to define users and groups centrally,
> which doesn’t really have anything to do with Puppet other than simplifying
> your manifests and speeding up each run.

Well, not strictly, although I would suggest you configure hosts to use LDAP
through puppet.  It does answer the question of how I would do this with
puppet though — I wouldn't. ;)

> Some advice though: Set up multiple LDAP servers with replication and
> failover right away. We ran with just one for a while based on capacity
> needs alone, but you’d be amazed at all the unexpected things that go to
> hell when LDAP becomes unavailable.

FWIW, once you have puppet working it isn't too hard to have every host acting
as an LDAP slave, so you don't have cross-machine dependencies.  If you really
need that level of capability.

Regards,
Daniel

-- 
✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707
   ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Massaging Puppet around parallel ruby installs hackery on CentOS 5.5

[Eric Sorenson]

On Jul 20, 2010, at 4:19 PM, Ramin K wrote:

> My question is there a way to have Puppet gem install into 1.8.7 while
> running on top 1.8.5? I'm testing with  package { "mysql": provider =>
> gem, ensure => "2.7", } and getting the error " Could not match ruby
> 1.8.5 (2006-08-25) [x86_64-linux] Jul 20 15:59:02 webapp01
> puppetd[4451]: (//application_rubygems/Package[mysql]) Failed to
> retrieve current state of resource: Provider gem is not functional on
> this platform"

These are determined at runtime by the PATH environment variable inherited by 
the puppetd process, so if you manipulate the path in you startup scripts to 
put /usr/local/bin/ first, this should work.


 - Eric Sorenson - N37 17.255 W121 55.738  - http://twitter.com/ahpook  -

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Massaging Puppet around parallel ruby installs hackery on CentOS 5.5

[Ramin K]

I've installed Puppet 0.25.5 and ruby-1.8.5 through the usual EPEL and
CentOS channels. However I also have a local built ruby-1.8.7
installed into /usr/local which keeps it somewhat separate from the
system ruby in /usr. It's not ideal, but it does seem to work. 1.8.7
is for the rails, rack, passenger application running on these
servers.

My question is there a way to have Puppet gem install into 1.8.7 while
running on top 1.8.5? I'm testing with  package { "mysql": provider =>
gem, ensure => "2.7", } and getting the error " Could not match ruby
1.8.5 (2006-08-25) [x86_64-linux] Jul 20 15:59:02 webapp01
puppetd[4451]: (//application_rubygems/Package[mysql]) Failed to
retrieve current state of resource: Provider gem is not functional on
this platform"

I'm starting to suspect that I should either exec the gem installs or
remove ruby 1.8.5. I do think figuring out a clean way to do this
would be useful to me when it's time to move to ruby 1.9.

Ramin K

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Management of MySQL grant tables?

[steve .]

Hmmm:

> info: Loading facts in mysql
> sh: Syntax error: Bad fd number
> debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using
> pson

Any insight as to what could be causing that syntax error?  Perhaps
Puppet's/Facter's attempts at shelling out to run the MySQL
command-line client is failing for some reason.  Could it be getting
installed somewhere the provider's not expecting?  What do you get
when you `which mysql` on the mysql node?

On Tue, Jul 20, 2010 at 2:34 AM, Bram Enning  wrote:
> Hi Steve,
>
> I started all over again, below are the steps I took:
>
> On a Mac I created a VirtualBox-instance with Ubuntu Lucid and just a basic
> install;
>
> sudo aptitude install puppet puppetmaster puppet-common ssh git-core pwgen;
>
> git clone http://github.com/camptocamp/puppet-mysql.git;
> git clone http://github.com/camptocamp/puppet-common.git;
> git clone http://github.com/camptocamp/puppet-augeas.git;
>
> mv ./puppet-mysql /etc/puppet/modules/mysql;
> mv ./puppet-common /etc/puppet/modules/common;
> mv ./puppet-augeas /etc/puppet/modules/augeas;
>
> created "modules.pp" containing:
>    import "common"
>
> and "site.pp" containing:
> 
>    import "modules.pp"
>    Exec { path =>
> "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" }
>
>    node 'mysql' {
>    include augeas
>        include mysql::server
>    mysql::rights{"Set rights for puppet database":
>          ensure   => present,
>          database => "puppet",
>          user => "puppet",
>          password => "puppet"
>     }
>  mysql::database{"mydb":
>           ensure   => present
>     }
> }
> 
>
> In "/etc/hosts" I added:
>    192.168.1.29 mysql
>
> Then I issued:
>    /etc/init.d/puppetmaster stop
>    /etc/init.d/puppet stop
>    puppetmasterd --mkusers
>    puppetd --waitforcert 60 --verbose -- server mysql
>    puppetd --test --debug --server mysql
>
> And once again MySQL gets installed BUT NOT THE DB's AND GRANTS
> GRRR^&&*%$^%$#^
> mysql-client gets installed.
>
> I checked the existince of the augeas and mysql libs in /var/lib/puppet/lib.
> They are there but are not executable, but I don't think that's necessary.
>
> This is my debug-info:
>
>
> ===
> r...@mysql:/var/lib/puppet/lib/puppet/parser/functions# puppetd --test
> --server mysql --debug
> debug: Failed to load library 'selinux' for feature 'selinux'
> debug: Puppet::Type::User::ProviderPw: file pw does not exist
> debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does
> not exist
> debug: Puppet::Type::User::ProviderLdap: true value when expecting false
> debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not
> exist
> debug: Failed to load library 'ldap' for feature 'ldap'
> debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
> debug: /File[/var/lib/puppet/clientbucket]: Autorequiring
> File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/ssl/certs/mysql.pem]: Autorequiring
> File[/var/lib/puppet/ssl/certs]
> debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/state/graphs]: Autorequiring
> File[/var/lib/puppet/state]
> debug: /File[/var/lib/puppet/ssl/public_keys/mysql.pem]: Autorequiring
> File[/var/lib/puppet/ssl/public_keys]
> debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring
> File[/var/lib/puppet/ssl/certs]
> debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/state/classes.txt]: Autorequiring
> File[/var/lib/puppet/state]
> debug: /File[/var/run/puppet/puppetd.pid]: Autorequiring
> File[/var/run/puppet]
> debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/client_yaml]: Autorequiring
> File[/var/lib/puppet]
> debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/ssl/private]: Autorequiring
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/ssl/private_keys/mysql.pem]: Autorequiring
> File[/var/lib/puppet/ssl/private_keys]
> debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring
> File[/var/lib/puppet/state]
> debug: Finishing transaction -610902358 with 0 changes
> debug: Using cached certificate for ca, good until Fri Jul 17 20:12:29 UTC
> 2015
> debug: Using cached certificate for mysql, good until Fri Jul 17 20:12:29
> UTC 2015
> debug: Loaded state in 0.00 seconds
> info: Retrieving plugin
> debug: Using cached certificate for ca, good u

Re: [Puppet Users] Failing to install Packages

[Todd Zullinger]

Douglas Garstang wrote:
> After going through some dependency hell trying to get the
> rpmforge-release package installed before the RPMforge repo, which
> contains the GPG key for RPMforge packages, now I find that when
> puppet tries to install this package, this happens:
>
> Jul 20 10:20:04 slog01 puppetd[2753]:
> (//yum::client/Package[rpmforge-release]/ensure) change from absent to
> present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install
> rpmforge-release' returned 1: warning: rpmts_HdrFromFdno: Header V3
> DSA signature: NOKEY, key ID 6b8d79e6
>
> The package actually installs, but since it's flagging a warning, and
> it's exit code is 1, AND just about everything else relies on this
> repository being there, puppet fails everything else after it. It
> would be really nice if puppet could ignore the warnings. Now I need
> to find a way to install this rpm outside of puppet, probably in the
> %post section of the kickstart.

You may need to install the gpg key for the the rpmfoge-release
package first.  That might be something like:

exec { 'install-rpmforge-gpg-key':
# http URL's work too, but would't be as secure as veryfying the key first.
command => 'rpm --import /path/to/rpmforge-key',
unless  => 'rpm -q --quiet gpg-pubkey-6b8d79e6',
}

package { 'rpmforge-release':
ensure  => installed,
require => Exec['install-rpmforge-gpg-key'],
}

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Those who have been intoxicated with power... can never willingly
abandon it.
-- Edmund Burke



pgpCGkmAZEWt1.pgp
Description: PGP signature

Re: [Puppet Users] Puppet 2.6 Installation

[Todd Zullinger]

Douglas Garstang wrote:
> I just grabbed puppet 2.6, and I'm wondering if there's a way to
> install it to an alternative root location. The docs at
> http://docs.puppetlabs.com/guides/installation.html talk about how to
> set an alternate binary path etc, but nothing about specifying an
> alternative root location for all of it. I know this is probably a
> ruby question.
>
> I want to be able to wrap this in an rpmbuild process, which means
> specifying a different root install location, you know, for those that
> have to install this on a production system.

Why not take a look at the existing spec file included in the puppet
package, since we do just that?

The parameter you're looking for is --destdir.  The spec I am
referring to is conf/redhat/puppet.spec.

Or, for one that is updated for 2.6.0 (very minor changes versus what
is in the tarball), see:


http://tmz.fedorapeople.org/repo/puppet/epel/5/SRPMS/puppet-2.6.0-0.7.el5.src.rpm

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Start every day with a smile and get it over with.
-- W.C. Fields



pgpnK2XJXTUnQ.pgp
Description: PGP signature

Re: Puppet on Windows (was Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!)

[steve .]

I (unfortunately) have some experience in throwing together NSIS and
WISE installers and would be willing to contribute towards such a
packaging effort ...

*if only I could get it to work in the first place!*

On Tue, Jul 20, 2010 at 12:47 AM, James Turnbull  wrote:
> Rohan McGovern wrote:
>> James Turnbull said:
>>> The journey was long and arduous and many fell along the way but Puppet
>>> Labs is proud to announce the 2.6.0 release!
>>>
>>
>> Is anyone aware of an attempt to package up a complete (puppet + all
>> prereqs) installer for Windows?  Either official, or by someone in the
>> community?
>>
>> And, asking from the other direction: would anyone else be interested in
>> such a thing?
>>
>> I would be, because setting up puppet on Windows seems pretty tough
>> right now.  I also have no need for Ruby on my Windows boxes except
>> for the usage of puppet.
>
> Rohan
>
> There isn't such an attempt so far - we've got it on the cards to do -
> but any progress in that direction would be awesome.
>
> We've got some basic notes at:
>
> http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows
>
> Regards
>
> James Turnbull
>
> --
> Puppet Labs - http://www.puppetlabs.com
> C: 503-734-8571
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo

[Patrick Mohr]

On Tue, Jul 20, 2010 at 5:23 AM, Tore  wrote:

> We use Satellite to kickstart our nodes. Have you tried to do this
> after %post?
>
> kickstart-file, I've removed a few lines:
>
> install
> text
> []
> %packages
> @ Base
>
> %pre
> $kickstart_start
> $SNIPPET('pre_install_network_config')
>
> %post --nochroot
> mkdir /mnt/sysimage/tmp/ks-tree-copy
> [...]
> cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg /
> mnt/sysimage/root
>
> %post
> ( # Log %post errors
>  # --Begin RHN Satellite command section--
> [...]
> # --End RHN Satellite command section--
>
> [...]
> ) >> /root/ks-post.log 2>&1
> $SNIPPET('post_install_network_config')
>
> $SNIPPET('spacewalk/1/install_and_config_puppet')
>
> $SNIPPET('post_install_kernel_options')
> $SNIPPET('koan_environment')
> $kickstart_done
>
>
> I have no idea if that will work for you, its strange that /proc/
> cpuinfo isn't available since I assume anaconda uses that information
> during installation.
>

I don't remember much about the redhat install process, but are you
chrooting before you run puppet?  If so, the probably is probably that /proc
is not mounted inside of the chroot environment?

On 16 Jul, 13:39, Harihara Vinayakaram  wrote:
> > Hi
> >I have been trying to get puppet working with kickstart.  I am
> > trying to install Hadoop on the nodes.  Installing puppet from
> > kickstart work and when the machine restarts, certificates are pulled
> > down and hadoop user is created and files are extracted.
> >
> >I want all the user creation etc to be done before the machine
> > reboots so that I can set up init.d scripts to do a start of hadoop .
> > So I run the puppetd --server ... --one-time  --no-daemonize  as part
> > of the late_command with a chroot /target .
> >
> >But this fails saying cannot find local fact /proc/cpuinfo  .  I
> > tried to a mount /proc in the script but the machine hangs.  Is this a
> > known problem
> >
> > http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3...
> > has a solution but it does not work . The only difference I can see is
> > that it runs the puppetd as -in-target instead of a chroot . Any ideas
> > will be helpful
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Failing to install Packages

[Douglas Garstang]

After going through some dependency hell trying to get the
rpmforge-release package installed before the RPMforge repo, which
contains the GPG key for RPMforge packages, now I find that when
puppet tries to install this package, this happens:

Jul 20 10:20:04 slog01 puppetd[2753]:
(//yum::client/Package[rpmforge-release]/ensure) change from absent to
present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install
rpmforge-release' returned 1: warning: rpmts_HdrFromFdno: Header V3
DSA signature: NOKEY, key ID 6b8d79e6

The package actually installs, but since it's flagging a warning, and
it's exit code is 1, AND just about everything else relies on this
repository being there, puppet fails everything else after it. It
would be really nice if puppet could ignore the warnings. Now I need
to find a way to install this rpm outside of puppet, probably in the
%post section of the kickstart.

Doug.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] A WTF moment brought to you by Puppet + [confused] nscd

[Rob McBroom]

On Jul 20, 2010, at 10:40 AM, Jonathan Share wrote:

> Any reason for not specifying the uid parameter for the user?

Well, just that I’m not looking to “change” the UID so I shouldn’t need to 
mention it at all. After what happened yesterday though, I’m considering it.

-- 
Rob McBroom



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: Puppet on Windows (was Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!)

[Gabriel Filion]

On 2010-07-20 01:47, James Turnbull wrote:
> Rohan McGovern wrote:
>> James Turnbull said:
>>> The journey was long and arduous and many fell along the way but Puppet
>>> Labs is proud to announce the 2.6.0 release!
>>>
>>
>> Is anyone aware of an attempt to package up a complete (puppet + all
>> prereqs) installer for Windows?  Either official, or by someone in the
>> community?
>>
>> And, asking from the other direction: would anyone else be interested in
>> such a thing?
>>
>> I would be, because setting up puppet on Windows seems pretty tough
>> right now.  I also have no need for Ruby on my Windows boxes except
>> for the usage of puppet.
> 
> Rohan
> 
> There isn't such an attempt so far - we've got it on the cards to do -
> but any progress in that direction would be awesome.
> 
> We've got some basic notes at:
> 
> http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows
> 

Oh, I didn't see your reply before I sent my last message. thanks for
the link.

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!

[Gabriel Filion]

On 2010-07-20 01:40, Rohan McGovern wrote:
> And, asking from the other direction: would anyone else be interested in
> such a thing?
> 

I know the company I work for would be very interested in having it
packaged for Windows.

The last time I asked on IRC, the Windows support was coming along but
was not quite there yet.
What features are currently working properly and what are the ones that
are lacking?

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: Puppet on Windows (was Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!)

[Evan Hisey]

James-
  Will you be updating your book with info on Windows management? Our
Windows side likes books, and after the success I have had with Puppet
they are wanting to look at it now that it supports Windows.

Evan

On Tue, Jul 20, 2010 at 12:47 AM, James Turnbull  wrote:
> Rohan McGovern wrote:
>> James Turnbull said:
>>> The journey was long and arduous and many fell along the way but Puppet
>>> Labs is proud to announce the 2.6.0 release!
>>>
>>
>> Is anyone aware of an attempt to package up a complete (puppet + all
>> prereqs) installer for Windows?  Either official, or by someone in the
>> community?
>>
>> And, asking from the other direction: would anyone else be interested in
>> such a thing?
>>
>> I would be, because setting up puppet on Windows seems pretty tough
>> right now.  I also have no need for Ruby on my Windows boxes except
>> for the usage of puppet.
>
> Rohan
>
> There isn't such an attempt so far - we've got it on the cards to do -
> but any progress in that direction would be awesome.
>
> We've got some basic notes at:
>
> http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Windows
>
> Regards
>
> James Turnbull
>
> --
> Puppet Labs - http://www.puppetlabs.com
> C: 503-734-8571
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.6 Installation

[Alan Barrett]

On Tue, 20 Jul 2010, Douglas Garstang wrote:
> I just grabbed puppet 2.6, and I'm wondering if there's a way to
> install it to an alternative root location.

To install to a different root:

   ruby ./install.rb --destdir=/tmp/altroot

This means that things that belong in /usr/local/lib at run time will
be placed in /tmp/altroot/usr/local/lib at install time.

--apb (Alan Barrett)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Collecting _all_ ssh keys

[Peter Meier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

>> This will prevent duplicate resource definitions.
> 
> That was my idea too. But then it complies that there is a duplicated
> alias.

too bad.

> As it seems there is no way at the moment to get both. Man has to choose
> between them. :-(

I think this should be possible in 2.6, with the combined resource
identifiers.

cheers pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxFyWQACgkQbwltcAfKi39opwCcC1BfaBB+xQDDzJpRHIWCD6dR
Q+QAoKrXStLa3obCQ7eqWmGj/DwaUnUH
=UVgh
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] A WTF moment brought to you by Puppet + [confused] nscd

[Peter Meier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> Yesterday, `nscd` on one of our Puppet nodes lost its frakking mind
> and decided there were no users on the box. Puppet comes along,
> looking to make sure the comment for root has the correct value, and
> sees that there’s no such user… so it adds it. I don’t know the exact
> command Puppet used (since it didn’t fail) but either `useradd` or
> `usermod` was somehow aware of the next available UID and that root
> already existed, so root had its UID (and home directory) changed.

if you look into the provider code, you'll see that it uses useradd, BUT
afair puppet tries to predict the next available UID for you and passes
that to useradd as well. This might be the reason that it was
successfull as useradd didn't choke, hence puppet ran successful.

In general there are some parts of a system which I still fear to touch
automatically. The root user is one of the last remaining parts, but as
Jonathan mentioned, setting uid => 0, might have helped.

cheers pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxFyL0ACgkQbwltcAfKi39IJgCaAjDfgA8uUibXbzpcpp0Nc8Ef
3WUAn3KBeoOiUPpXLqrUOjHh2ex83mz8
=fkMT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet 2.6 Installation

[Douglas Garstang]

I just grabbed puppet 2.6, and I'm wondering if there's a way to
install it to an alternative root location. The docs at
http://docs.puppetlabs.com/guides/installation.html talk about how to
set an alternate binary path etc, but nothing about specifying an
alternative root location for all of it. I know this is probably a
ruby question.

I want to be able to wrap this in an rpmbuild process, which means
specifying a different root install location, you know, for those that
have to install this on a production system.

Doug.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] A WTF moment brought to you by Puppet + [confused] nscd

[Jonathan Share]

Any reason for not specifying the uid parameter for the user?

   user { "root":
 uid => 0,
 comment => "$hostname",
   }

Regards,

Jonathan

On 20 July 2010 16:28, Rob McBroom  wrote:
> To start with, I don’t think Puppet did anything wrong here. I’ll pin this 
> mainly on `nscd`, but it’s something you might want to know about if you’re 
> using both services. I’ll skip the long story of discovery, panic, and 
> investigation.
>
> For historical reasons that don’t matter, we do the following on each system:
>
>    user { "root":
>      comment => "$hostname",
>    }
>
> Yesterday, `nscd` on one of our Puppet nodes lost its frakking mind and 
> decided there were no users on the box. Puppet comes along, looking to make 
> sure the comment for root has the correct value, and sees that there’s no 
> such user… so it adds it. I don’t know the exact command Puppet used (since 
> it didn’t fail) but either `useradd` or `usermod` was somehow aware of the 
> next available UID and that root already existed, so root had its UID (and 
> home directory) changed.
>
> That was a fun afternoon. “Why is root’s home set to `/home/root`? Holy shit! 
> Why is its UID 1273?!” And of course, though I was able to log in as root, I 
> didn’t have permission to examine most log files since its UID wasn’t 0.
>
> Thankfully, the Puppet client was still up and running with UID 0, so I was 
> able to throw in a temporary rule to set root’s UID back to 0. After 30 
> minutes, I was able to get in and figure out what happened.
>
> Like I said, Puppet didn’t do anything wrong, but I wonder: If its internal 
> logic leads it to conclude that it needs to create new user named “root”, 
> should it maybe think twice?
>
> --
> Rob McBroom
> 
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] A WTF moment brought to you by Puppet + [confused] nscd

[Rob McBroom]

To start with, I don’t think Puppet did anything wrong here. I’ll pin this 
mainly on `nscd`, but it’s something you might want to know about if you’re 
using both services. I’ll skip the long story of discovery, panic, and 
investigation.

For historical reasons that don’t matter, we do the following on each system:

user { "root":
  comment => "$hostname",
}

Yesterday, `nscd` on one of our Puppet nodes lost its frakking mind and decided 
there were no users on the box. Puppet comes along, looking to make sure the 
comment for root has the correct value, and sees that there’s no such user… so 
it adds it. I don’t know the exact command Puppet used (since it didn’t fail) 
but either `useradd` or `usermod` was somehow aware of the next available UID 
and that root already existed, so root had its UID (and home directory) changed.

That was a fun afternoon. “Why is root’s home set to `/home/root`? Holy shit! 
Why is its UID 1273?!” And of course, though I was able to log in as root, I 
didn’t have permission to examine most log files since its UID wasn’t 0.

Thankfully, the Puppet client was still up and running with UID 0, so I was 
able to throw in a temporary rule to set root’s UID back to 0. After 30 
minutes, I was able to get in and figure out what happened.

Like I said, Puppet didn’t do anything wrong, but I wonder: If its internal 
logic leads it to conclude that it needs to create new user named “root”, 
should it maybe think twice?

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: subscribing a service to multiple files ?

[Daniel Maher]

On 07/20/2010 02:10 PM, Tore wrote:

You could also do:
class httpd {
...
file { '/etc/monit.d/httpd.conf':
  ...
 notify =>  Service['monit']
}

}

But I would rather do it on the service, since then you can with ease
read one line to find out what that service response to.


I suppose it comes down to where the perceived responsibility for the 
configuration file lies :


Since it's a Monit configuration file, one could make the argument that 
should it be part of the monit class (or a sub-class thereof).  On the 
other hand, since the configuration snippet in question relates solely 
to the HTTPd service, and wouldn't exist on a system that didn't have 
said service, then it could easily be part of the httpd class.


User preference, ultimately.


--
Daniel Maher 
"The Internet is completely over." -- Prince

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: defrouter in zone resource

[John Lyman]

> Without noodling on it too long it would appear to be a job for exec
> currently.

Thanks for confirming.  I created a feature request:
http://projects.reductivelabs.com/issues/4296

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Distributing passwd/group/shadow

[Rob McBroom]

On Jul 20, 2010, at 9:15 AM, noob-puppeteer wrote:

> In the case of LDAP, how would this work? Would you store your entire
> puppet config in LDAP or just the user information? I am looking
> documentation for storing all puppet info in LDAP, and that is a bit
> unwieldy, since all configuration is stored as key-value pairs. Its
> almost another language on top of puppet.

I think he was referring to using LDAP to define users and groups centrally, 
which doesn’t really have anything to do with Puppet other than simplifying 
your manifests and speeding up each run. Some advice though: Set up multiple 
LDAP servers with replication and failover right away. We ran with just one for 
a while based on capacity needs alone, but you’d be amazed at all the 
unexpected things that go to hell when LDAP becomes unavailable. Contact me 
off-list if you want more information.

As for using LDAP to configure Puppet, you don’t have to store everything 
there. As a general rule, you just assign classes to nodes in LDAP, then define 
the class in your manifests to do XYZ to those nodes. You can use all of the 
other LDAP attributes to make decisions and you can assign variables, but I’ve 
been able to do most of what I need just using classes.

-- 
Rob McBroom



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Distributing passwd/group/shadow

[noob-puppeteer]

>
> Usually I find that putting user accounts in version control is a good idea.
>
> Unless you have a reason not to, I would just create the user accounts and 
> group accounts using puppet's "user" and "group" resources.  Any reason not 
> to?

I wouldnt want to put the shadow file in vcs. We dont have access
restrictions in our vcs and anyone with an account can see the entire
repo, so they would have access to the shadow file too.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Distributing passwd/group/shadow

[noob-puppeteer]

> Use LDAP, or maybe NIS, to distribute the data.  No, seriously, that usually
> fits in about point three or four of the usual infrastructure building
> checklist, right after getting puppet installed and the manifests in version
> control.

In the case of LDAP, how would this work? Would you store your entire
puppet config in LDAP or just the user information? I am looking
documentation for storing all puppet info in LDAP, and that is a bit
unwieldy, since all configuration is stored as key-value pairs. Its
almost another language on top of puppet.

> Sure: you can use the functions that grab stuff externally, like 'generate',
> to do this.  That will run a command and process it externally.
>
> Alternately, a template is erb code run on the *puppetmaster* system, not on
> the client.  So, that can do anything Ruby can do, including filtering stuff
> out rather than adding it in, during the run.
>

Thanks, will also look into functions and templates.

Regards,
Rahul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Release Candidate 4 available!

[Jasper Poppe]

> Jasper
>
> Patch available now:
>

Thanks, also fixed in final :) Tested fine now..

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Stages in Puppet 2.6

[Jasper Poppe]

Hi,

I'm playing with the new 2.6 features. And I can not get stages
working properly.

Code I've used (just like the example in the release notes):

stage { pre: before => Stage[main] }

class prestage()  {
notify { 'prestage': }
}

class blaat() {
class { 'prestage': stage => pre }
notify { 'mainstage': }
}

include blaat

Result:
r...@cs-ops001b:~# puppet stagetest.pp
Could not find class blaat at /home/seedpimp/stagetest.pp:19 on node
cs-ops001b...
r...@cs-ops001b:~#

As soon as I remove the following line:
class { 'prestage': stage => pre }

I don't get any errors but no staging :( I've tried many combinations
but no proper result..


Pleas help me ;)

Greetings,

Jasper Poppe

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Installping puppet with kickstart -- Cannot find local fact /proc/cpuinfo

[Tore]

We use Satellite to kickstart our nodes. Have you tried to do this
after %post?

kickstart-file, I've removed a few lines:

install
text
[]
%packages
@ Base

%pre
$kickstart_start
$SNIPPET('pre_install_network_config')

%post --nochroot
mkdir /mnt/sysimage/tmp/ks-tree-copy
[...]
cp `awk '{ if ($1 ~ /%include/) {print $2}}' /tmp/ks.cfg` /tmp/ks.cfg /
mnt/sysimage/root

%post
( # Log %post errors
 # --Begin RHN Satellite command section--
[...]
# --End RHN Satellite command section--

[...]
) >> /root/ks-post.log 2>&1
$SNIPPET('post_install_network_config')

$SNIPPET('spacewalk/1/install_and_config_puppet')

$SNIPPET('post_install_kernel_options')
$SNIPPET('koan_environment')
$kickstart_done


I have no idea if that will work for you, its strange that /proc/
cpuinfo isn't available since I assume anaconda uses that information
during installation.

On 16 Jul, 13:39, Harihara Vinayakaram  wrote:
> Hi
>    I have been trying to get puppet working with kickstart.  I am
> trying to install Hadoop on the nodes.  Installing puppet from
> kickstart work and when the machine restarts, certificates are pulled
> down and hadoop user is created and files are extracted.
>
>    I want all the user creation etc to be done before the machine
> reboots so that I can set up init.d scripts to do a start of hadoop .
> So I run the puppetd --server ... --one-time  --no-daemonize  as part
> of the late_command with a chroot /target .
>
>    But this fails saying cannot find local fact /proc/cpuinfo  .  I
> tried to a mount /proc in the script but the machine hangs.  Is this a
> known problem
>
> http://groups.google.com/group/puppet-users/browse_thread/thread/b2e3...
> has a solution but it does not work . The only difference I can see is
> that it runs the puppetd as -in-target instead of a chroot . Any ideas
> will be helpful

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: subscribing a service to multiple files ?

[Luke Schierer]

service { "httpd":

subscribe   => [File['one'],File['two']],
}

should work

Luke

On Jul 20, 2010, at 08:10 EDT, Tore wrote:

> You could also do:
> class httpd {
>   ...
>   file { '/etc/monit.d/httpd.conf':
> ...
>notify => Service['monit']
>   }
> 
> }
> 
> But I would rather do it on the service, since then you can with ease
> read one line to find out what that service response to.
> 
> On 16 Jul, 18:48, phrawzty  wrote:
>> Hello,
>> 
>> I am currently expanding on the Monit recipes that are available on
>> the Wiki (as well as github).  One of the oft-used features of Monit
>> is the ability to load arbitrary configuration files at runtime (i.e.
>> include /etc/monit.d/*.conf).  This seems like it could be a good fit
>> for integrating service configs with their respective Monit configs in
>> Puppet ; however, consider the following :
>> 
>> class httpd {
>>...
>>file { '/etc/monit.d/httpd.conf':
>>  ...
>>}
>> 
>> }
>> 
>> class monit {
>>file { '/etc/monit.conf':
>>   ...
>>}
>>service { 'monit':
>>   subscribe => File["/etc/monit.conf"]
>>   ...
>>}
>> 
>> }
>> 
>> The problem here is that Monit only reads its config files when it is
>> (re)started ; based on the subscribe relationship described above,
>> Monit will be restarted when /etc/monit.conf changes, but not when /
>> etc/monit.d/httpd.conf changes (or appears for the first time, as the
>> case may be).
>> 
>> Thus the question : is it possible / advisable to subscribe a service
>> to multiple files, and if so, how would it be done ?
>> 
>> Alternatively, i may be taking entirely the wrong approach here, in
>> which case the question would be : what would be the best way to
>> trigger a Monit reload from outside of the Monit class ?  Would it be
>> advisable to, for example, define a service-subscribe relationship in
>> every class that has a Monit config file (i imagine scoping is an
>> issue here).
>> 
>> Thank you all for your time and consideration on this topic.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: subscribing a service to multiple files ?

[Tore]

You could also do:
class httpd {
   ...
   file { '/etc/monit.d/httpd.conf':
 ...
notify => Service['monit']
   }

}

But I would rather do it on the service, since then you can with ease
read one line to find out what that service response to.

On 16 Jul, 18:48, phrawzty  wrote:
> Hello,
>
> I am currently expanding on the Monit recipes that are available on
> the Wiki (as well as github).  One of the oft-used features of Monit
> is the ability to load arbitrary configuration files at runtime (i.e.
> include /etc/monit.d/*.conf).  This seems like it could be a good fit
> for integrating service configs with their respective Monit configs in
> Puppet ; however, consider the following :
>
> class httpd {
>    ...
>    file { '/etc/monit.d/httpd.conf':
>      ...
>    }
>
> }
>
> class monit {
>    file { '/etc/monit.conf':
>       ...
>    }
>    service { 'monit':
>       subscribe => File["/etc/monit.conf"]
>       ...
>    }
>
> }
>
> The problem here is that Monit only reads its config files when it is
> (re)started ; based on the subscribe relationship described above,
> Monit will be restarted when /etc/monit.conf changes, but not when /
> etc/monit.d/httpd.conf changes (or appears for the first time, as the
> case may be).
>
> Thus the question : is it possible / advisable to subscribe a service
> to multiple files, and if so, how would it be done ?
>
> Alternatively, i may be taking entirely the wrong approach here, in
> which case the question would be : what would be the best way to
> trigger a Monit reload from outside of the Monit class ?  Would it be
> advisable to, for example, define a service-subscribe relationship in
> every class that has a Monit config file (i imagine scoping is an
> issue here).
>
> Thank you all for your time and consideration on this topic.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Nagios allowed hosts, how would you do it?

[Tore]

Hi,

We currently have a module `nagios` which install nrpe and nagios
plugins for all nodes. The default node have this module included.

Currently we have a customer who wants to monitor their own services.
We will still monitor them, but they want to do their own checks, fair
enough.

How would you do this? This is what I have now:

node default {
[...]
   include nagios
   $nagios_allowed_hosts = ["ip1", "ip2"]
[...]
}

But we don't want to add their source IP to this list, so thought this
would do:
Keep current default node, add this:

node special_customer inherits default {
$nagios_allowed_hosts += "ip"
}

And then inherit all of their nodes from this rather than default.

What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Collecting _all_ ssh keys

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mo den 19. Jul 2010 um 21:34 schrieb Jeff McCune:
> The name attribute is the namevar and as such must also be unique in
> the catalog.
> 
> Try this:
> 
> @@sshkey {
>   "${fqdn}-dsa":
> host_aliases => "${fqdn}",
> key => "${sshdsakey}";
>   "${fqdn}-rsa":
> host_aliases => "${fqdn}",
> key => "${sshrsakey}";
> }
> 
> Sshkey <<||>>
> 
> This will prevent duplicate resource definitions.

That was my idea too. But then it complies that there is a duplicated
alias.

As it seems there is no way at the moment to get both. Man has to choose
between them. :-(

Regards
   Klaus
- -- 
Klaus Ethgenhttp://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen 
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTEVT55+OKpjRpO3lAQo2jwf/UcNvTebz53RTKYt6RCENyWfaMvgHgeik
oO0n3Vy32Cusonft5PdGgoOpOi0AvZuXDpoOIPFeuHFfbyxEJ6JtWsfOFnrBxVNE
Lc6Li1oXX++PfPzOKoIQoYrkwHm8gL5IdDz57alEiL5RVp+VoFg3CgLUigJw5Ayr
1yU5yIklV2768bg4EfMxl44OQ3qSx/uiaEBFewP7wwgsd2EonCNXme+gu4OaJIpG
6IWKF7TUJwO2TxAzaGO++duazCkn9M0FtZnueb/aiJuUz7rGqAr7zyepZ4nD89AC
Zdxlrj/8CvIIxAeEsW2FKUdgipGqK+aeX7eYOQULCuOjTNFJXZD8bg==
=meg+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.