Re: [Puppet Users] Re: Management of MySQL grant tables?

[David Schmitt]

On 7/28/2010 12:41 AM, Christopher Johnston wrote:

David,

Curious on how you handle doing a grant of *.* (all attributes) I looked
through your puppet type and I see you are individually listing every
type out but you are missing event_priv and trigger_priv as grant types.


I haven't worked on those types in a while and it is possible, that 
those privs only exist in a later version of mysql?



Best Regards, David
--
dasz.at OG  Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999

   FB-Nr.: FN 309285 g  FB-Gericht: LG Korneuburg

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Conary support

[Yushu Yao]

Hi Users,

Does anyone happen to have a conary backend of puppet? (Conary is the RPM
equivalent in rPath-generated systems).

 rPath claim of supporting puppet back in March, but they went silent after
that.

Thanks a lot!

-Yushu

+-+
| Yushu Yao
| Ph:1-510-486-4690
|
| Lawrence Berkeley National Lab
| Mailstop 50B-6222
| 1 Cyclotron Road
| Berkeley CA 94720-8147 - USA
+-+

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New To Puppet - Two Questions

[Carla Araujo]

Hello Krisread!

On Tue, Jul 27, 2010 at 20:42, krisread  wrote:

>  could I write custom
> extensions or modules to do things like list all of our customers who
> have accounts on a server, add/remove customers from our database,
> enable/disable logins to our web app, etc?
>

You can write your custom modules to perform those operations. You can see a
guide for building a new custom module at Puppet's documentation:
http://docs.puppetlabs.com/guides/modules.html and
http://docs.puppetlabs.com/guides/custom_types.html


-- Carla

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] New To Puppet - Two Questions

[Dan Bode]

On Tue, Jul 27, 2010 at 4:42 PM, krisread  wrote:

> New to Puppet, heard about it for the first time at OSCON.
>
> Two quick questions:
>
> 1.  Is there a web interface?   This is really key to our company
> since we have some dev/ops people but also some customer service
> people (not command-line savvy) who need to do things.
>

the Puppet Dashboard will be able to support rbac rules in the near future
to support this use case.


> 2.  Does it just manage server configuration or could I write custom
> extensions or modules to do things like list all of our customers who
> have accounts on a server,


try:
>ralsh user
this command lists all users on a machine


> add/remove customers from our database,
>

this can be supported, but you will probably have to write your own
types/providers


> enable/disable logins to our web app, etc?


as long as this can be scripted, it can be done with puppet.


> These would be more like
> "business operations" not "it/server management operations".
>
> -K.R.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] New To Puppet - Two Questions

[krisread]

New to Puppet, heard about it for the first time at OSCON.

Two quick questions:

1.  Is there a web interface?   This is really key to our company
since we have some dev/ops people but also some customer service
people (not command-line savvy) who need to do things.

2.  Does it just manage server configuration or could I write custom
extensions or modules to do things like list all of our customers who
have accounts on a server, add/remove customers from our database,
enable/disable logins to our web app, etc?   These would be more like
"business operations" not "it/server management operations".

-K.R.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] manage_internal_file_permissions, /etc/sysconfig, and/or command line startup...

[Tom]

Okay, maybe I'm being dense...but I'm missing something here.

First off, using puppet 2.6 on centos 5.5.

I want to store /etc/puppet and /var/lib/puppet elsewhere...but have
symbolic links for /etc/puppet and /var/lib/puppet that point to the
actual directories.  Puppet obviously rewrites those symlinks when I
start it up.

So I read, and saw "manage_internal_file_permissions" - looks like
just what I want.  But setting it in /etc/puppet/puppet.conf isn't
working - it's rewritten before it's checked.

So then I tried setting it on the command line by editing /etc/
sysconfig/puppetmaster and setting PUPPETMASTER_EXTRA_OPTS to "--
manage_internal_file_permissions false", but that's not working.  So I
also tried setting it to "--no-manage_internal_file_permissions", but
that's not working either.

What the heck am I doing wrong?

Thanks-

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Nagios allowed hosts, how would you do it?

[Gabriel Filion]

On 20/07/10 08:06 AM, Tore wrote:
> Hi,
> 
> We currently have a module `nagios` which install nrpe and nagios
> plugins for all nodes. The default node have this module included.
> 
> Currently we have a customer who wants to monitor their own services.
> We will still monitor them, but they want to do their own checks, fair
> enough.
> 
> How would you do this? This is what I have now:
> 
> node default {
> [...]
>include nagios
>$nagios_allowed_hosts = ["ip1", "ip2"]
> [...]
> }
> 
> But we don't want to add their source IP to this list, so thought this
> would do:
> Keep current default node, add this:
> 
> node special_customer inherits default {
> $nagios_allowed_hosts += "ip"
> }
> 
> And then inherit all of their nodes from this rather than default.
> 

It may look a bit nasty but you could possibly do it with a global variable:

$nagios_allowed_hosts = ['ip1', 'ip2']

node default {
import nagios
// ...
}

node special_customer inherits default {
$nagios_allowed_hosts += ['ip3']
}

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Management of MySQL grant tables?

[Christopher Johnston]

David,

Curious on how you handle doing a grant of *.* (all attributes) I looked
through your puppet type and I see you are individually listing every type
out but you are missing event_priv and trigger_priv as grant types.

-Chris

On Mon, Jun 21, 2010 at 11:51 AM, David Schmitt  wrote:

> On 5/19/2010 5:44 PM, Ken wrote:
>
>> I found a github reference to a package that might do it
>>> (http://github.com/camptocamp/puppet-mysql) but I can't understand
>>> what it is, how it works, or even what to do with it.
>>>
>>
>> Hmm. How familiar are you with puppet modules? Not quite clear how
>> detailed we need to be here :-). Here is a doc that outlines them:
>> http://docs.puppetlabs.com/guides/modules.html
>>
>> Ordinarily you would drop this code into your 'module path' (by
>> default this is often /etc/puppet/modules). This would make it
>> available then for use in other code/manifests.
>>
>> Assuming you are already okay with these aspects of puppet - here is
>> a sample manifest on how to use it for 1 system. I have a fork of
>> that code (its been around - I'm not even clear who wrote it first -
>> could have been David Schmidt:
>> http://git.black.co.at/?p=module-mysql;a=summary) so it may not work
>> exactly the same :-).
>>
>
>
> Indeed, the mysql_* types were originially written by me.
>
>
> Best Regards, David
> --
> dasz.at OG  Tel: +43 (0)664 2602670 Web: http://dasz.at
> Klosterneuburg UID: ATU64260999
>
>   FB-Nr.: FN 309285 g  FB-Gericht: LG Korneuburg
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Help with setting facts for MySQL replication

[Matthew Macdonald-Wallace]

Hi all,

I'm trying to work on a solution to setting up mysql in a semi-automated
fashion using facts to populate a puppet template.

I'm using Cobbler as my build system and I was hoping to pass the values
needed for replicate_do_db and server_id as ksmeta information, however
it's looking increasingly unlikely that will work.

Can anyone share how they configure MySQL for this kind of thing using
puppet given that multiple servers may be replicating different
databases and all servers require a unique ID?

Thanks in advance,

Matt
-- 
Matthew Macdonald-Wallace
li...@truthisfreedom.org.uk
http://www.threedrunkensysadsonthe.net/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Struggling with syntax

[Erinn Looney-Triggs]

An option I like is a source like this:
source => "puppet://$servername/modules/audit/$architecture/
audit.rules"

Place your audit.rules in x86_64 and whatever 32-bit is (sorry don't
have any of those).

-Erinn


On Jul 27, 8:32 am, David Schmitt  wrote:
> +1, although it just works for the source parameter.
>
> On 7/26/2010 5:57 PM, Andrew Forgue wrote:
>
>
>
>
>
> > On Jul 26, 12:20 am, David Schmitt  wrote:
>
> >> Write instead:
>
> >> file {
> >>          "audit.rules":
> >>                  owner =>    "root",
> >>                  group =>    "root",
> >>                  mode  =>    "600",
> >>                  path  =>    $operatingsystem ? {
> >>                          default =>    "/etc/audit.rules",
> >>                  },
>
> >> }
>
> >> case $hardwaremodel {
> >>          "x86_64": { File["audit.rules"] { source =>
> >> "puppet:///modules/audit/audit.rules.64" } },
> >>          default:  { File["audit.rules"] { source =>
> >> "puppet:///modules/audit/audit.rules.32" } },
>
> >> }
>
> > I have to say I don't like this at all.  I think a far more clearer
> > definition would be like this:
>
> > file {
> >          "audit.rules":
> >                  owner =>    "root",
> >                  group =>    "root",
> >                  mode  =>    "600",
> >                  path  =>    "/etc/audit.rules,
> >                  source =>  [
> >                      "puppet:///modules/audit/audit.rules.
> > $hardwaremodel",
> >                      "puppet:///modules/audit/audit.rules"
> >                  ]
> > }
>
> > Then you just create a audit/files/audit.rules.x86_64 and anything
> > else will fall through to audit.rules.
>
> >> Best Regards, David
> >> --
> >> dasz.at OG              Tel: +43 (0)664 2602670     Web:http://dasz.at
> >> Klosterneuburg                                         UID: ATU64260999
>
> >>          FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg
>
> --
> dasz.at OG              Tel: +43 (0)664 2602670     Web:http://dasz.at
> Klosterneuburg                                         UID: ATU64260999
>
>         FB-Nr.: FN 309285 g          FB-Gericht: LG Korneuburg

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Augeas working inconsistently

[Rob McBroom]

I’ve got this define.

define sudoentry ($user, $host = "ALL", $command = "ALL", $tag = false, 
$runas = "ALL") {
  $sudo_changes = $tag ? {
false => [
  "set spec[user = '$user']/user $user",
  "set spec[user = '$user']/host_group/host $host",
  "set spec[user = '$user']/host_group/command '$command'",
  "remove spec[user = '$user']/host_group/command/tag",
  "set spec[user = '$user']/host_group/command/runas_user $runas",
],
# this isn't a real tag, but a sneaky hack to remove entries
DELETE => "remove spec[user = '$user']",
default => [
  "set spec[user = '$user']/user $user",
  "set spec[user = '$user']/host_group/host $host",
  "set spec[user = '$user']/host_group/command '$command'",
  "set spec[user = '$user']/host_group/command/tag $tag",
  "set spec[user = '$user']/host_group/command/runas_user $runas",
],
  }
  augeas { "sudo-$user":
context => "/files/etc/sudoers",
changes => $sudo_changes,
  }
}

And I see the following.

If the entry isn’t in `sudoers` at all, this will add it:

sudoentry { "rob":
  user => "rmcbroom”,
}

If the entry is already there, this will add the “tag” to it:

sudoentry { "rob":
  user => "rmcbroom",
  tag => "NOPASSWD",
}

But if the user doesn’t exist and you try to add the entry with “tag” set to 
something, it fails:

err: //Sudoentry[rob]/Augeas[sudo-rmcbroom]/returns: change from 
need_to_run to 0 failed: Save failed with return code false

Any guesses? Am I missing something?

(I realize with the define as written, there are potential uniqueness problems 
for users with multiple entries, etc. It’s a work in progress.)

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Bootstrapping Puppet on Mac OS X

[Trevor Menagh]

On Jul 27, 8:51 am, Trevor Menagh  wrote:
> > I'd suggest getting a bug report in about mkusers on OS X, or chiming
> > in on an existing one, as this has confused a lot of people, and we
> > can do better.
>
> Good call, I will submit one today.

Submitted:
http://projects.puppetlabs.com/issues/4382

Trevor

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Bootstrapping Puppet on Mac OS X

[Trevor Menagh]

On Jul 27, 8:51 am, Trevor Menagh  wrote:
> > I'd suggest getting a bug report in about mkusers on OS X, or chiming
> > in on an existing one, as this has confused a lot of people, and we
> > can do better.
>
> Good call, I will submit one today.

Submitted:
http://projects.puppetlabs.com/issues/4382

Trevor

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Foreman / External Nodes -- Node Not found

[CraftyTech]

Update:
It looks like the culprit is the external node classifier:  This
is the error from the server:

err: Could not find node 'client.dev.domain.com'; cannot compile
err: Failed to find client.dev.domain.com via exec: Execution of '/etc/
puppet/external_node.rb client.dev.domain.com' returned 1: /usr/lib/
ruby/1.8/net/http.rb:2022:in `read_status_line': wrong status line: "" (Net::HTTPBadResponse)
from /usr/lib/ruby/1.8/net/http.rb:2009:in `read_new'
from /usr/lib/ruby/1.8/net/http.rb:1050:in `request'
from /etc/puppet/external_node.rb:14
from /usr/lib/ruby/1.8/net/http.rb:543:in `start'
from /usr/lib/ruby/1.8/net/http.rb:440:in `start'
from /etc/puppet/external_node.rb:13

err: Could not find node 'client.dev.domain.com'; cannot compile


This is the Node Classifier:
#!/bin/ruby
# a simple script which fetches external nodes from Foreman
# you can basically use anything that knows how to get http data, e.g.
wget/curl etc.

# Foreman url
foreman_url="http://server:443";

require 'net/http'

foreman_url += "/node/#{ARGV[0]}?format=yml"
url = URI.parse(foreman_url)
req = Net::HTTP::Get.new(foreman_url)
res = Net::HTTP.start(url.host, url.port) { |http|
  http.request(req)
}

case res
when Net::HTTPOK
  puts res.body
else
  $stderr.puts "Error retrieving node %s: %s" % [ARGV[0], res.class]



What node classifier do you guys use with Apache/Passenger config?

Thanks,


On Jul 27, 11:13 am, CraftyTech  wrote:
> So this is where I'm at now:
>
> Step 3)
> From Server:
> RAILS_ENV=production rake db:migrate; RAILS_ENV=production rake
> puppet:import:hosts_and_facts; rake puppet:import:puppet_classes --
> trace RAILS_ENV=production
>
> from client's command line:
> Step 2)
> curl  -khttps://server/node/client.dev.domain.com?format=yml
> ---
> parameters:
>   puppetmaster: puppet
>   domainname: dev.domain.com
> classes:
> - basic
> environment: production
>
> Step 3)
>
> puppetd -t
> notice: Ignoring --listen on onetime run
> err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Could not find node 'client.dev.domain.com'; cannot compile
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
>
> The crazy thing is that with webrick, I just point the node classifier
> to server:port and it works just fine.  The issue is the passenger/
> apache config, which yields a result when queried via curl command..
> so I'm at a lost here... can anyone think of a way to trace the apache/
> passenger interaction to see where it dies out?  right now I have the
> foreman_url pointed to "https://server"; ( I also triedhttps://server:443
> andhttp://server:443).
>
> If you guys have a working Apache/Passenger with Foreman working, do
> you mind sharing your vhost.conf?
>
> Thanks,
>
> On Jul 26, 8:50 am, CraftyTech  wrote:
>
>
>
> > It was an issue with the FQDN value.  Since it was a VM that was
> > testing, I had the hostname value on /etc/sysconfig/network set to
> > hostname only, as opposed to FQDN.  Once I took care of that and value
> > took in, then I could query the node via classifier/fqdn.
>
> > On Jul 24, 2:14 am, Ohad Levy  wrote:
>
> > > Hi,
>
> > > Foreman returns 404 if a node is not found, if you want puppet do to
> > > something for undefined nodes, you would need to create a default node
> > > statement.
>
> > > what was your original problem? hostnames were not in fqdn?
>
> > > Ohad
>
> > > On Fri, Jul 23, 2010 at 11:53 PM, CraftyTech  wrote:
> > > > Now I'm getting some results (Some progress finally !!):
>
> > > > ---
> > > > parameters:
> > > >  puppetmaster: puppet
> > > >  domainname: dev.x.com
> > > > classes:
> > > > - basic
> > > > environment: puppetmasterd
>
> > > > But I still get: "server: Error 400 on SERVER: Could not find node
> > > > 'nodename'".  Does this mean that I have define a default node and
> > > > include it in the site.pp?  From the forums I see mixed reviews; some
> > > > saying what with external nodes you need a default node definition,
> > > > and others saying that you don't need any node definition and that
> > > > everything should rely on the external node classifier.. any thoughts
> > > > or suggestions?
>
> > > > Thanks,
>
> > > > On Jul 23, 7:57 am, CraftyTech  wrote:
> > > > > Small correction: "if I edit the host via Foreman web interface, I
> > > > > can't no longer
> > > > > see it from "curl  -khttps://foreman/node/nodename?format=yml";; I'd
> > > > > get message "404 Not Found" from the command line" --> I'd have to re-
> > > > > run puppetd -t, to be able to get a result from "curl
> > > >  -khttps://foreman/node/nodename?format=yml"; again.. after that --> I'd
> > > > > have two nodes of the same name listed in Foreman web interface..
>
> > > > > On Jul 23, 7:14 am, CraftyTech  wrote:
>
> > > > > > Thanks for the reply Ohad.  Actually, that's part of the issue as
> > > > > > well; If I edit the host via Foreman web interface, I can't no 
> > > > > > 

Re: [Puppet Users] User/Password management in 2.6

[Peter Meier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> I don't know if it's default behaviour since 2.6 but in 0.25.4
> passwords were only created once.
> Is this worth a bug report or just a problem with my manifest?

If you can replicate it with that simple manifest, it's definitely a bug.

cheers pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxPEB0ACgkQbwltcAfKi39L7ACgtyUYA4UAvhIvON3ltTa3BBJ6
6zwAmwQmsk63Pwk08SBOdAXD7tOY4OVv
=JeUA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Catching failure with templates

[Rob McBroom]

So, I’m using templates for the first time and I wanted to test the case where 
the values used by the template don’t exist. I get an error like this:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse template slapd_replication.erb: Could not find value for 
'slapd_consumer_rid' at /etc/puppet/manifests/experimental/services/ldap.pp:141 
on node t-corp-ldap-03
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

That’s fine. I want it to fail and not touch the target file (which is what 
happens), but I also want to *know* it failed. The report in Puppet Dashboard 
shows a successful run. I imagine the report only counts something as a failure 
if it attempts to do it, but since the template can’t even be parsed, it’s not 
trying. Is there some clever thing I can do to make it fail in a way that will 
get reported?

One possibility I’ve considered is to check for the variable in the template 
and set an invalid default if it’s missing, which will kill LDAP services on 
that node. While that would certainly get noticed, I’d prefer something less 
extreme.

And a related question: I’d like to store templates in the same directory that 
'puppet://puppet/files/' points to, but I don’t want to hard-code the path in 
my manifests. Is there a variable that refers to that path? (Yeah, I know. 
Modules. I’m not using them and not planning to any time soon, so any other 
ideas would be appreciated.)

Thanks.

-- 
Rob McBroom


Don't try to tell me something is important to you if the whole of your 
“support” entails getting Congress to force *others* to spend time and money on 
it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Foreman / External Nodes -- Node Not found

[CraftyTech]

So this is where I'm at now:

Step 3)
>From Server:
RAILS_ENV=production rake db:migrate; RAILS_ENV=production rake
puppet:import:hosts_and_facts; rake puppet:import:puppet_classes --
trace RAILS_ENV=production

from client's command line:
Step 2)
curl  -k https://server/node/client.dev.domain.com?format=yml
---
parameters:
  puppetmaster: puppet
  domainname: dev.domain.com
classes:
- basic
environment: production

Step 3)

puppetd -t
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find node 'client.dev.domain.com'; cannot compile
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

The crazy thing is that with webrick, I just point the node classifier
to server:port and it works just fine.  The issue is the passenger/
apache config, which yields a result when queried via curl command..
so I'm at a lost here... can anyone think of a way to trace the apache/
passenger interaction to see where it dies out?  right now I have the
foreman_url pointed to "https://server"; ( I also tried https://server:443
and http://server:443).

If you guys have a working Apache/Passenger with Foreman working, do
you mind sharing your vhost.conf?

Thanks,




On Jul 26, 8:50 am, CraftyTech  wrote:
> It was an issue with the FQDN value.  Since it was a VM that was
> testing, I had the hostname value on /etc/sysconfig/network set to
> hostname only, as opposed to FQDN.  Once I took care of that and value
> took in, then I could query the node via classifier/fqdn.
>
> On Jul 24, 2:14 am, Ohad Levy  wrote:
>
>
>
> > Hi,
>
> > Foreman returns 404 if a node is not found, if you want puppet do to
> > something for undefined nodes, you would need to create a default node
> > statement.
>
> > what was your original problem? hostnames were not in fqdn?
>
> > Ohad
>
> > On Fri, Jul 23, 2010 at 11:53 PM, CraftyTech  wrote:
> > > Now I'm getting some results (Some progress finally !!):
>
> > > ---
> > > parameters:
> > >  puppetmaster: puppet
> > >  domainname: dev.x.com
> > > classes:
> > > - basic
> > > environment: puppetmasterd
>
> > > But I still get: "server: Error 400 on SERVER: Could not find node
> > > 'nodename'".  Does this mean that I have define a default node and
> > > include it in the site.pp?  From the forums I see mixed reviews; some
> > > saying what with external nodes you need a default node definition,
> > > and others saying that you don't need any node definition and that
> > > everything should rely on the external node classifier.. any thoughts
> > > or suggestions?
>
> > > Thanks,
>
> > > On Jul 23, 7:57 am, CraftyTech  wrote:
> > > > Small correction: "if I edit the host via Foreman web interface, I
> > > > can't no longer
> > > > see it from "curl  -khttps://foreman/node/nodename?format=yml";; I'd
> > > > get message "404 Not Found" from the command line" --> I'd have to re-
> > > > run puppetd -t, to be able to get a result from "curl
> > >  -khttps://foreman/node/nodename?format=yml"; again.. after that --> I'd
> > > > have two nodes of the same name listed in Foreman web interface..
>
> > > > On Jul 23, 7:14 am, CraftyTech  wrote:
>
> > > > > Thanks for the reply Ohad.  Actually, that's part of the issue as
> > > > > well; If I edit the host via Foreman web interface, I can't no longer
> > > > > see it from "curl  -khttps://foreman/node/nodename?format=yml";; I'd
> > > > > get message "404 Not Found" from the command line.  On the flip side,
> > > > > I'd have two nodes of the same name listed in Foreman web interface;
> > > > > 1) A new one that get's created when I run puppetd -t, and 2) The one
> > > > > that I edited via the web interface  I know it sounds confusing,
> > > > > but that's exactly what's happening... It seems that the foreman
> > > > > environment, and puppet environment see two different nodes, even
> > > > > thought there's only one host.yaml file..
>
> > > > > On Jul 23, 1:46 am, Ohad Levy  wrote:
>
> > > > > > Hi,
>
> > > > > > The output you get from external nodes means that the host was not
> > > allocated
> > > > > > to any class or puppet environment, make sure you edit the host
> > > details
> > > > > > first in foreman.
>
> > > > > > Ohad
>
> > > > > > On Fri, Jul 23, 2010 at 4:22 AM, CraftyTech 
> > > wrote:
> > > > > > > Hello All,
>
> > > > > > >     So I finally got around to start to cut over node definitions
> > > > > > > from standard flat files to external nodes (foreman), and getting
> > > > > > > error message: "Error 400 on SERVER: Could not find node
> > > 'nodename';
> > > > > > > cannot compile" - So basically it can't pick up the node from the
> > > > > > > external node config.
>
> > > > > > > When I test the fetching of the yaml file it seems to work as I 
> > > > > > > get
> > > a
> > > > > > > result back: i.g:
> > > > > > > curl  -khttps://foreman/node/nodename?format=yml
>
> > > > > > > ---
> > > > > > > parameters:
> > > > > > >  puppetma

Re: [Puppet Users] Re: Can't get simplest client / server connection to work still

[David Dyer-Bennet]

On Mon, July 26, 2010 18:27, DaveQB wrote:
> Try messing with the:
> certname=
>
> value in the
>
> [puppetd]
>
> Stanza.
>
> Other than that, there is a way to see what the name on the cert is. I
> have used that but can't recall the openssl command for that. Search
> for it.

Ah, that's useful, thanks.  A pointer to something that should eventually
get me more information!

This is the first thing I've really done with certificates, so I don't
know the tools there very well.

-- 
David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/
Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/
Photos: http://dd-b.net/photography/gallery/
Dragaera: http://dragaera.info

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Struggling with syntax

[David Schmitt]

+1, although it just works for the source parameter.

On 7/26/2010 5:57 PM, Andrew Forgue wrote:



On Jul 26, 12:20 am, David Schmitt  wrote:


Write instead:

file {
 "audit.rules":
 owner =>"root",
 group =>"root",
 mode  =>"600",
 path  =>$operatingsystem ? {
 default =>"/etc/audit.rules",
 },

}

case $hardwaremodel {
 "x86_64": { File["audit.rules"] { source =>
"puppet:///modules/audit/audit.rules.64" } },
 default:  { File["audit.rules"] { source =>
"puppet:///modules/audit/audit.rules.32" } },

}



I have to say I don't like this at all.  I think a far more clearer
definition would be like this:

file {
 "audit.rules":
 owner =>"root",
 group =>"root",
 mode  =>"600",
 path  =>"/etc/audit.rules,
 source =>  [
 "puppet:///modules/audit/audit.rules.
$hardwaremodel",
 "puppet:///modules/audit/audit.rules"
 ]
}

Then you just create a audit/files/audit.rules.x86_64 and anything
else will fall through to audit.rules.





Best Regards, David
--
dasz.at OG  Tel: +43 (0)664 2602670 Web:http://dasz.at
Klosterneuburg UID: ATU64260999

 FB-Nr.: FN 309285 g  FB-Gericht: LG Korneuburg





--
dasz.at OG  Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999

   FB-Nr.: FN 309285 g  FB-Gericht: LG Korneuburg

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] storeconfigs stores wrong fact value in facts_values table

[Jonathon Anderson]

Sometimes (with variable frequency) storeconfigs stores the wrong data
in the fact_values table.  This has the end result that exported
resources, when collected, have invalid configuration.

The most recent example: the "hostname" fact for one of our nodes got,
in stead, the value that should have gone in the "processorcount"
fact.  The had the end result that the node's nagios configuration
started trying to monitor a host "8" rather than "cn19", and ssh keys
for cn19 were collected at other nodes as "8,8.example.com "
in stead of "cn19,cn19.example.com ".  The hostname fact is
the only destination that I've noticed the corrupted data in, but the
source has been swapfree/swapsize, processor[n], operatingsystem,
operatingsystemrelease, kernelrelease, and others.

I realize that I don't have much of a "simple, repeatable, minimal"
test case here, but I've been trying to figure it out for months to no
avail.  I had hoped that an upgrade to 2.6 would make this problem go
away, but no:  we've just now experienced it again.  For the record,
we've seen it since sometime in the 0.24.x branch (when we started
using it).

It might have something to do with an appropriately high load on
storeconfigs.  I ran it for 2 days with nodes exporting data (but not
collecting) to see if it would happen again, and I didn't notice any
corruption.  Then, today, I enabled collection (e.g., ssh_known_hosts)
on all (~138) hosts, and soon after found a corrupt nagios
configuration.  (Then again, it might just be that it's more probably
with more nodes doing the collection.)

I've never seen the actual facter command return one of these bits of
misplaced data: the furthest back I've been able to trace it is to the
facts_values table.

We're using a single puppet master, with storeconfigs storing to a
postgresql database on a different host from the puppet master host.
Everything works in the majority of cases, but fails just often enough
to make it really, really annoying.

Any help anyone can provide, including insight into where I might look
to track down the cause even further, would be much appreciated.
Thanks.

~jon

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: rollback from 2.6...

[CraftyTech]

For me, it broke my HTTP/SSL config, thus damaging my Apache/Passenger
config.  Also, some(or most?) of the settings that you use on
puppet.conf are deprecated, and you'll have to start using the new
settings/variables.  IF you're an experienced puppet user, I'm sure
you'll be fine, but since I'm not, I'm holding off on that upgrade for
now.

Hope it helps,



On Jul 26, 2:54 pm, Gustavo Soares  wrote:
> What problem did you have with foreman after migrating to 2.6?
>
> I am concerned about this.. since I am running a 0.25.x branch o puppet with
> foreman and I am planning to migrate to 2.6...
>
> Thanks in advance,
> Gus
>
> On Mon, Jul 26, 2010 at 2:06 PM, Thomas A. McGonagle 
> wrote:
>
>
>
> > Thanks Jeff,
> >  Super helpful!
> > -Tom
> > On Jul 26, 2010, at 9:03 AM, CraftyTech wrote:
>
> > > Thanks Jeff, that worked out just fine.
>
> > > Cheers,
>
> > > Henry
>
> > > On Jul 25, 4:33 pm, Jeff McCune  wrote:
> > >> On Fri, Jul 23, 2010 at 4:50 PM, CraftyTech  wrote:
> > >>> Hello,
>
> > >>>     If I installed from source (install.rb), is there a "by the book"
> > >>> method for rolling back to 25.4?  I installed 2.6 and it broke my
> > >>> foreman config and ssl certs, not to mention most of the variables
> > >>> from puppet.conf which are deprecated in the latest version  Any
> > >>> suggestions?
>
> > >> Remove puppet.rb and puppet/ from the ruby library "site_ruby"
> > directory.
>
> > >> On an enterprise linux based machine, this is:
> > >> /usr/lib/ruby/site_ruby/1.8
>
> > >> You'll also want to remove the puppet executable from /usr/bin, or
> > >> wherever it got installed to.
>
> > >> Hope this helps,
> > >> --
> > >> Jeff McCunehttp://www.puppetlabs.com/
>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > > To post to this group, send email to puppet-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com > groups.com>
> > .
> > > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com > groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Bootstrapping Puppet on Mac OS X

[Trevor Menagh]

On Jul 25, 10:56 pm, Nigel Kersten  wrote:
> "open" isn't the best way in the world to install packages in OS X.
> installer -pkg facter-1.5.7.pkg -target /
> does a proper command line based install.

Thanks for the tip. I'll use that from now on.

> I'd suggest getting a bug report in about mkusers on OS X, or chiming
> in on an existing one, as this has confused a lot of people, and we
> can do better.

Good call, I will submit one today.

> Do you really need to set up fileserver.conf? I never touch it
> anymore, and just use modules for everything, which automatically
> create mountpoints.

I was just following another person's instructions online. I just
tried it without the fileserver.conf and it worked just fine. Thanks
for the tip.

> Did you need to make all those directories by hand? Puppet should do
> that for you, and if not, I'd put in bug reports if that's not working
> on OS X.

I just retried, and the only thing it looks like I need is /etc/puppet/
puppet.conf with the following:
[main]
  user = 0
  group = 0

And that seems to work, using the root user (although it might not be
the best practice).

> The aim should be for you to not have to do any of the stuff you've
> done in your postinstall script I reckon.

Agreed. I'll see what they say at Puppet Labs about it. Thanks Nigel.

Yours,
Trevor

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] User/Password management in 2.6

[Christian Casar]

Hey there,
I recently updated to 2.6.
Part of puppet's assignment is to manage users and their passwords.
Since the update every puppetrun reports that passwords for every user
were created although they've already been set in previous runs.

debug: User[root](provider=useradd): Executing '/usr/sbin/usermod -p
imagine-encrypted-password
root'
notice: /Stage[main]/Allgemein::User/User[root]/password: created
password

user {"root":
ensure  => present,
uid =>
"0",
password => 'imagine-encrypted-
password',
gid =>
"0",
comment => "Root $hostname",
home=> "/root",
shell   => "/bin/bash"
}

I don't know if it's default behaviour since 2.6 but in 0.25.4
passwords were only created once.
Is this worth a bug report or just a problem with my manifest?

I'm using OpenSuse 11.3 and as you can see the provider used is
useradd.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: 0.25.4 caching problem with custom function

[Monachus]

On Jul 27, 8:40 am, Tore  wrote:
> Could it be that when you change "nagios_name.rb" file on
> pupptermaster A, there is an event triggered so that Apache reloads
> this file? But since this event isn't passed over to nfs in any way,
> this doesn't happend to puppetmaster B?

NFS caching was one of the things that I looked at.  NFS stats the
file to determine if it needs to be reloaded, and I've adjusted this
to as aggressive as possible.  I know that the puppetmasters reload
other files immediately on change (manifests, modules, other file
resources being pushed to the clients) - it's only the function that
is having an issue, and only _this_ function, which is even weirder.
That's why I posted the function on pastebin - maybe there's some ruby
shortcut in there which makes Puppet barf when it's between 1 and 3 in
the afternoon and the moon is between 36% and 42% full on any of the
last 4 Tuesdays.

> Have you tried to restart every component after you change a file,
> just to verify that it is read correct by all components?

I have.  When I had the problem the other day on one puppetmaster and
not the other, I went through a battery of tests including bouncing
Apache and thus puppetmasterd (since it runs under Passenger).  In an
earlier iteration I even put the entire NFS datastore on local storage
and removed NFS from the equation.  It doesn't help.  The only thing
that helps is if I physically change the nagios_name.rb file somehow.
It's like there's a cache somewhere that isn't obvious - some place
where puppetmasterd is storing the functions in a serialized form for
quick reload, maybe?

> Have no idea if this is to any help but its better than nothing.

Thanks for the thoughts - any and all help is appreciated.  It's a
weird weird bug to try and track down.  I'm pleased that my workaround
is holding, though I'd like to know that a long-term fix is possible.

Adrian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Collecting _all_ ssh keys

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Am Di den 27. Jul 2010 um  2:54 schrieb Jeff McCune:
> > However, it doesn't matter for this particular problem as it doesn't
> > work either.
> Hrm...  Could you be more specific about what's not working?  The two
> resources I posted should manage both the DSA and RSA keys on all of
> your systems.

I still wrote it. It complies about duplicate host alias (or that the
alias ist still defined, I do not know exactly anymore).

> What's the error you're getting?

If you need the correct error message I have to do the test once more.

Regards
   Klaus
- -- 
Klaus Ethgenhttp://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen 
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEVAwUBTE6Pw5+OKpjRpO3lAQqH1wf/VknAy+vhZErA/i0MfFushl4JWGZNJ9Sm
6IfJGsWy+5/CpnNNcRMqICcIAPn91fplw5j87sSpeig31nJsMBniLqprWxViTDBL
iaHcfc9isV5OuWX3lR6rCSgi6ZQp2tEkGOci/HkKu3mnc/FZH6yz3awIftTigsXR
dqt40Gp1ZW8gEO8MqGem3FQ56sZQJ96rMCcrvID68fVLMaalKlzzXimHfM8oRcrU
OPb8xebHBVB4w/P0KajhdqF0HqiKcyQQekj/HjUe0xv+dbaXF7jGmNylNrXKsoM8
HAcxclWQG9855vnDIDLJIqHkJ5ve/v8sybNd+DOE/wdi19uU8fbwng==
=wkF/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.