[Puppet Users] Re: puppet 2.6.0 vs apache/mod_passenger

2010-08-06 Thread Rustler
Ok - What am I missing... I applied the patch referenced above to the
2.6.1rc1 and did an install over 2.6.0 (which was not working)

Server - RH5 64Bit

puppet 2.6.1rc1
ruby 1.8.5
passenger 2.2.15
rack 1.2.1

[Fri Aug 06 22:03:22 2010] [notice] Apache/2.2.3 (Red Hat) configured
-- resuming
normal operations
*** Exception TypeError in PhusionPassenger::Rack::ApplicationSpawner
(can't conve
rt Array into String) (process 7593):
from /usr/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/utils.rb:138:in
`unio
n'
from /usr/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/utils.rb:138
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`gem_ori
ginal_require'
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`require
'
from /usr/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/request.rb:1
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`gem_ori
ginal_require'
from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`require
'


On Aug 5, 2:31 am, Nicolas Brisac  wrote:
> I've just had a similar issue, although no crash this time.
>
> The recent patches provided by Brice have fixed my issues with file serving 
> in 2.6.0 as long as there's only one source/content.
> However, If multiple "contents" are defined it will:
>
> - Evaluate all templates: The logs on the master show "Interpolated template 
>  in 0.00 seconds" and "Bound template variables for  path> in 0.00 seconds" for each template. Shouldn't it happen only for the 
> first one it finds?
>
> - Set the content of the local file to the last template evaluated.
>
> If the local file is identical to the first template in the array (once 
> filled in), no file is transferred, as expected, proof that the diff actually 
> happens I guess .
>
> Also, I couldn't see any error/warning in the logs.
>
> I can easily replicate:
>
> file { "/tmp/bla": content => [ template("module/blabla.erb"), 
> template("module/hehe.erb") ] }
>
> with blabla.erb --> "bla bla"
> and hehe.erb --> "he he"
>
> if /tmp/bla has "bla bla" all is fine, but if it has only "bla" then its 
> content gets replaced by "he he".
>
> With "sources" though, the first one in the array is being used.
>
> Any reason for that?
>
> Nico
>
> On 08/02/2010 11:46 AM, Thorsten Biel wrote:
>
>
>
> > Hi,
>
> > On Mon, Aug 2, 2010 at 7:38 PM, Russell Jackson  wrote:
>
> >> On 08/02/2010 10:35 AM, Christopher Johnston wrote:
> >>> Looks good from what I can tell, did you setup the config.ru?
>
> >> Can I take this to mean that you have a working passenger installation
> >> of 2.6.0? Knowing that it can work would at least narrow it down to a
> >> local installation issue rather than a bug in puppet.
>
> > I have a working installation with 2.6.1 (actually, 2.6.0 and the RCs before
> > that worked, too).
> > This on Ubuntu 10.4 with mod_passenger 2.2.15 installed via gem.
> > Also, I had to upgrade rack from 1.0.1 to 1.2.1, notably removing all
> > traces of the old rack version.
> > With rack 1.0.1 the master actually did work, but would crash with
> > manifests using the file type with more than one source.
>
> Confirmed.
>
> It just happens that the node I was using to test against had a such a
> manifest. Tested against a node that didn't, and I didn't get the error.
>
> --
> Russell A Jackson 
> Network Analyst
> California State University, Bakersfield
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: ERB / Tagging...

2010-08-06 Thread CraftyTech
Can anyone share how they do their /etc/hosts population from
storeconfigs?

Thanks,

On Aug 6, 11:50 am, CraftyTech  wrote:
> Sounds pretty interesting, specially since I always had store configs
> running...  I'm now able to circle back to this issue and re-focus on
> automatically generating my /etc/hosts file.  So, should the exporting
> of the necessary values be done in the same class as the collection,
> or should I just outline it on my default node definition.  Here's
> what I have so far (and it's not working):
>
> class hostsfile {
>       @@host { "$fqdn": ip_address => $ipaddress, tags =>
> "webserver" }
>       Host <<| tag == "webserver" |>>
>       file { "/etc/hosts": ensure => present}
>       }
>
> Another thing, how do I ensure that the contents of "file" are what
> was collected via the "Host" collection?  If someone has a similar
> scenario running, please share your ideas...
>
> Thanks,
>
> On Jul 12, 12:06 pm, Jeff McCune  wrote:
>
>
>
> > As Patrick mentions, one solution i recommend is to enable storeconfigs and
> > have each node export a host entry for itself tagged with the tag you want
> > other hosts to collect.
>
> > For example, each node may export it's host entry with:
> > @@host { "$fqdn": ip_address => $ipaddress, tags => "webserver" }
>
> > The cluster may collect these resources to build the hosts file with:
>
> > Host <<|| tag == "webserver" ||>>
>
> > On my phone, so parameter names may not be perfect.
>
> > Hope this helps,
> > --
> > Jeff McCune - (+1-503-208-4484)
>
> > On Jul 12, 2010, at 8:54 AM, Patrick Mohr  wrote:
>
> > Take a look athttp://docs.puppetlabs.com/guides/exported_resources.html.  I
> > think this will give you what you want.  *It will only work if you turn on
> > storeconfigs.*
>
> > On Jul 12, 2010, at 5:43 AM, CraftyTech wrote:
>
> > Thanks for the feedback Jeff.  Interesting feature that I had
> > unfortunately overlooked until now, but the basic question still
> > remains; how would I then generate specific hostfiles based on nodes
> > of the same tag? For instance, a web server to only have host entries
> > for items tagged webserver only, and not one large on-size-fits-all
> > file.  Thanks,
>
> > On Jul 2, 9:39 pm, Jeff McCune  wrote:
>
> > On Wed, Jun 30, 2010 at 10:40 AM, CraftyTech  wrote:
>
> > Hello All,
>
> >     Can someone point me in the right direction here.  I'm trying to
>
> > create anerbtemplate for my /etc/hosts file, so that when executed,
>
> > it populates the /etc/hosts file only with entries that are tag
>
> > relevant.  For instance, if a server is tagged apache, only the apache
>
> > tagged entries would be populated into the /etc/hosts file.  Thanks in
>
> > advance for you help.
>
> > I recommend using the built in host type to model and manage entries
>
> > in /etc/hosts rather than a template.
>
> > Modeling your configuration using a type rather than a file will allow
>
> > you to declare the resources as virtual, then simply realize them if
>
> > they're tagged with the tag you care about.  In addition, you'll
>
> > receive a bunch of additional features "for free" like the
>
> > relationship graph, meta-parameters, reporting, etc...
>
> > For example:
>
> > class apache {
>
> >   @host { "zaphod": ip => "1.2.3.4" }
>
> > }
>
> > # Realize host entries tagged with "apache"
>
> > Host <| tag == "apache" |>
>
> > --
>
> > Jeff McCunehttp://www.puppetlabs.com/
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/puppet-users?hl=en.
>
> >  --
> > You received this message because you are subscribed to the Google Groups
> > "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread mohit chawla
oops, nano. In the above code,

creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","/etc/ldap/server.pem"]

On Sat, Aug 7, 2010 at 9:22 AM, mohit chawla
wrote:

> Also, I have something like this for creating the certificates, works just
> about fine, and helps in not being paranoid about drawbacks of using
> puppet's certs:
>
> class certs{
>
>
> package  {"openssl":
>
>
> ensure=>present,
>
>  }
>
> file
> {"/var/local/certificates/certs.sh":
> ensure=>"present",
>
> content=>template("certs.erb"),
> owner=>"puppet",
> group=>"puppet",
> mode=>"755",
>
> require=>Package["openssl"],
> }
>
> exec {"sh certs.sh":
>
> cwd=>"/var/local/certificates",
>
> creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","$
>
> path=>"/usr/bin:/usr/sbin:/bin:/sbin",
>
> require=>File["/var/local/certificates/certs.sh"],
> }
>
> }
>
>
> certs.erb:
>
> #!/bin/sh
>
> openssl req -new -x509 -nodes -days 1826 \
>  -out /etc/ldap/server.crt \
>  -keyout /etc/ldap/server.key  \
>  -subj /CN=<%= fqdn %>
>
> # Generate the .pem file
> cat /etc/ldap/server.crt \
>  /etc/ldap/server.key \
>  > /etc/ldap/server.pem
>
> chown openldap:openldap /etc/ldap/server.pem
> chown openldap:openldap /etc/ldap/server.crt
> chown openldap:openldap /etc/ldap/server.key
>
>
> I could just add a few lines of copying certs to other locations and set
> the required permissions.
>
> On Fri, Aug 6, 2010 at 11:45 PM, Richard Crowley  wrote:
>
>> I use Puppet's certs to setup stunnels and do all other private
>> communication through those. I also reference them directly rather
>> than copying them around.  I haven't gone through the whole firedrill
>> yet but this at least seems like it won't make moving services between
>> hosts more painful.
>>
>> Rich
>> (iPhoned it in.)
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread mohit chawla
Also, I have something like this for creating the certificates, works just
about fine, and helps in not being paranoid about drawbacks of using
puppet's certs:

class certs{


package  {"openssl":


ensure=>present,

 }

file
{"/var/local/certificates/certs.sh":
ensure=>"present",

content=>template("certs.erb"),
owner=>"puppet",
group=>"puppet",
mode=>"755",

require=>Package["openssl"],
}

exec {"sh certs.sh":

cwd=>"/var/local/certificates",

creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","$

path=>"/usr/bin:/usr/sbin:/bin:/sbin",

require=>File["/var/local/certificates/certs.sh"],
}

}


certs.erb:

#!/bin/sh

openssl req -new -x509 -nodes -days 1826 \
 -out /etc/ldap/server.crt \
 -keyout /etc/ldap/server.key  \
 -subj /CN=<%= fqdn %>

# Generate the .pem file
cat /etc/ldap/server.crt \
 /etc/ldap/server.key \
 > /etc/ldap/server.pem

chown openldap:openldap /etc/ldap/server.pem
chown openldap:openldap /etc/ldap/server.crt
chown openldap:openldap /etc/ldap/server.key


I could just add a few lines of copying certs to other locations and set the
required permissions.

On Fri, Aug 6, 2010 at 11:45 PM, Richard Crowley  wrote:

> I use Puppet's certs to setup stunnels and do all other private
> communication through those. I also reference them directly rather
> than copying them around.  I haven't gone through the whole firedrill
> yet but this at least seems like it won't make moving services between
> hosts more painful.
>
> Rich
> (iPhoned it in.)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Re: Problems with require inside a definition

2010-08-06 Thread Jason Koppe
Just in case anyone searches on some keywords in this thread, I feel it only
appropriate to put the final, working manifests here.  Note that the
environment variable in Exec['install supervisor'] changed to lower case and
the set for $id/process in the define uses quotes around the value since the
value provided has a space.

  1 # class to install supervisor
  2 class supervisor {
  3 include inittab
  4
  5 # pre-requisites
  6 package{"python-setuptools":
  7 ensure => installed,
  8 }
  9
 10 # install supervisor
 11 # this will resolve some python dependencies
 12 # also, ausprod probably needs the http_proxy
 13 exec{"install supervisor":
 14 command => "/usr/bin/easy_install supervisor",
 15 environment => $hostname ? {
 16 /^ind/ => 'http_proxy=http://proxyservice:3128',
 17 default => '',
 18 },
 19 require => Package['python-setuptools'],
 20 creates => '/usr/local/bin/supervisord',
 21 logoutput => "on_failure",
 22 }
 23
 24 # default supervisord.conf for supervisord and supervisordctl
should not be readable by world
 25 file{"/etc/supervisord.conf":
 26 owner => 'root',
 27 group => 'root',
 28 mode => '600',
 29 source =>
"puppet:///modules/supervisor/supervisord.conf",
 30 }
 31
 32 # running 'init a' will start supervisord -- should be called at
the end of /etc/init.d/Indeed to start tomcats after slaving/caching
 33 inittab::conf{"supervisor":
 34 id => 'supe',
 35 runlevels => 'a',
 36 action => 'respawn',
 37 process => '/usr/local/bin/supervisord -n',
 38 require => Exec["install supervisor"],
 39 }
...


  1 # generic class to allow /etc/inittab management
  2 class inittab {
  3 define conf (
  4 $id,
  5 $runlevels = '123456',
  6 $action = 'respawn',
  7 $process
  8 ) {
  9
 10 augeas {"inittab_$id":
 11 context => "/files/etc/inittab",
 12 force => "true",
 13 require => $require,
 14 changes => [
 15 "set $id/runlevels $runlevels",
 16 "set $id/action $action",
 17 "set $id/process '$process'",
 18 ],
 19 }
 20 }
 21
 22 }



On Fri, Aug 6, 2010 at 6:31 PM, Jason Koppe wrote:

> I ended up getting this syntax to work:
>
> Here is the class calling the define:
>
>   2 class supervisor {
> ...
>  13 exec{"install supervisor":
> ...
>  32
>  33 # running 'init a' will start supervisord -- should be called
> at the end of /etc/init.d/Indeed to start tomcats after slaving/caching
>  34 inittab::conf{"supervisor":
>  35 id => 'supe',
>  36 runlevels => 'a',
>  37 action => 'respawn',
>  38 process => '/usr/local/bin/supervisord -n',
>  39 require => Exec["install supervisor"],
>  40 }
>
>
> Here is the inittab module with the define:
>
>
>   1 # generic class to allow /etc/inittab management
>   2 class inittab {
>   3 define conf (
>   4 $id,
>   5 $runlevels = '123456',
>   6 $action = 'respawn',
>   7 $process
>   8 ) {
>   9
>  10 augeas {"inittab_$id":
>  11 context => "/files/etc/inittab",
>  12 force => "true",
>  13 require => $require,
>  14 changes => [
>  15 "set $id/runlevels $runlevels",
>  16 "set $id/action $action",
>  17 "set $id/process $process",
>  18 ],
>  19 }
>  20 }
>  21
>  22 }
>
>
>
>
> On Fri, Aug 6, 2010 at 6:21 PM, Jason Koppe 
> wrote:
>
>> If you just mean this:
>>
>>   1 # generic class to allow /etc/inittab management
>>   2 class inittab {
>>   3 define conf (
>>   4 $id,
>>   5 $runlevels = '123456',
>>   6 $action = 'respawn',
>>   7 $process
>>   8 ) {
>>   9 $require
>>  10
>>  11 augeas {"inittab_$id":
>>  12 context => "/files/etc/inittab",
>>  13 changes => [
>>  14 "set $id/runlevels $runlevels",
>>  15 "set $id/action $ac

Re: [Puppet Users] Re: Problems with require inside a definition

2010-08-06 Thread Jason Koppe
I ended up getting this syntax to work:

Here is the class calling the define:

  2 class supervisor {
...
 13 exec{"install supervisor":
...
 32
 33 # running 'init a' will start supervisord -- should be called at
the end of /etc/init.d/Indeed to start tomcats after slaving/caching
 34 inittab::conf{"supervisor":
 35 id => 'supe',
 36 runlevels => 'a',
 37 action => 'respawn',
 38 process => '/usr/local/bin/supervisord -n',
 39 require => Exec["install supervisor"],
 40 }


Here is the inittab module with the define:

  1 # generic class to allow /etc/inittab management
  2 class inittab {
  3 define conf (
  4 $id,
  5 $runlevels = '123456',
  6 $action = 'respawn',
  7 $process
  8 ) {
  9
 10 augeas {"inittab_$id":
 11 context => "/files/etc/inittab",
 12 force => "true",
 13 require => $require,
 14 changes => [
 15 "set $id/runlevels $runlevels",
 16 "set $id/action $action",
 17 "set $id/process $process",
 18 ],
 19 }
 20 }
 21
 22 }



On Fri, Aug 6, 2010 at 6:21 PM, Jason Koppe wrote:

> If you just mean this:
>
>   1 # generic class to allow /etc/inittab management
>   2 class inittab {
>   3 define conf (
>   4 $id,
>   5 $runlevels = '123456',
>   6 $action = 'respawn',
>   7 $process
>   8 ) {
>   9 $require
>  10
>  11 augeas {"inittab_$id":
>  12 context => "/files/etc/inittab",
>  13 changes => [
>  14 "set $id/runlevels $runlevels",
>  15 "set $id/action $action",
>  16 "set $id/process $process",
>  17 ],
>  18 }
>  19 }
>  20
>  21 }
>
>
> Now, I'm getting this error:
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not parse for environment jkoppe: Syntax error at 'augeas'; expected
> '}' at
> /home/jkoppe/svn/production/puppet/modules/inittab/manifests/init.pp:11 on
> node indtst5
>
>
>
> On Fri, Aug 6, 2010 at 6:13 PM, Jason Koppe 
> wrote:
>
>> I'm having similar problems, should it be:
>>
>> class inittab {
>> define conf (
>> $id,
>> $runlevels = '123456',
>> $action = 'respawn',
>> $process
>> ) {
>> $require {
>> $require
>> }
>>
>> augeas {"inittab_$id":
>> context => "/files/etc/inittab",
>> changes => [
>> "set $id/runlevels $runlevels",
>> "set $id/action $action",
>> "set $id/process $process",
>> ],
>>
>>
>> }
>> }
>>
>> }
>>
>> With that, I get:
>> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
>> Could not parse for environment jkoppe: Syntax error at '{'; expected '}' at
>> /home/jkoppe/svn/production/puppet/modules/inittab/manifests/init.pp:10 on
>> node indtst5
>>
>>
>> On Mon, Jul 12, 2010 at 6:48 AM, Tim  wrote:
>>
>>> Thanks, that fixed it.
>>>
>>> On Jul 9, 5:10 pm, Alan Barrett  wrote:
>>> > On Fri, 09 Jul 2010, Tim wrote:
>>> > > # Generic config file
>>> > > define config-file ($fullpath, $source) {
>>> > > if $require {
>>> > > require $require
>>> > > }
>>> > > file { $fullpath:
>>> > > source => 
>>> > > "puppet://puppet.hq.eso.org/modules/${source}
>>> ",
>>> > > backup => mainbackup,
>>> > > mode => 644,
>>> > > ensure => file,
>>> > > group => root,
>>> > > owner => root
>>> > > }
>>> > > }
>>> >
>>> > Just delete the "if" statement and the explicit "require" statement,
>>> and
>>> > the right thing should happen.  Any "require" passed to your definition
>>> > should propagate to the "file" resource insuide the definition
>>> > automatically.
>>> >
>>> > --apb (Alan Barrett)
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>

Re: [Puppet Users] Re: Problems with require inside a definition

2010-08-06 Thread Jason Koppe
If you just mean this:

  1 # generic class to allow /etc/inittab management
  2 class inittab {
  3 define conf (
  4 $id,
  5 $runlevels = '123456',
  6 $action = 'respawn',
  7 $process
  8 ) {
  9 $require
 10
 11 augeas {"inittab_$id":
 12 context => "/files/etc/inittab",
 13 changes => [
 14 "set $id/runlevels $runlevels",
 15 "set $id/action $action",
 16 "set $id/process $process",
 17 ],
 18 }
 19 }
 20
 21 }


Now, I'm getting this error:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not parse for environment jkoppe: Syntax error at 'augeas'; expected
'}' at
/home/jkoppe/svn/production/puppet/modules/inittab/manifests/init.pp:11 on
node indtst5


On Fri, Aug 6, 2010 at 6:13 PM, Jason Koppe wrote:

> I'm having similar problems, should it be:
>
> class inittab {
> define conf (
> $id,
> $runlevels = '123456',
> $action = 'respawn',
> $process
> ) {
> $require {
> $require
> }
>
> augeas {"inittab_$id":
> context => "/files/etc/inittab",
> changes => [
> "set $id/runlevels $runlevels",
> "set $id/action $action",
> "set $id/process $process",
> ],
>
>
> }
> }
>
> }
>
> With that, I get:
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not parse for environment jkoppe: Syntax error at '{'; expected '}' at
> /home/jkoppe/svn/production/puppet/modules/inittab/manifests/init.pp:10 on
> node indtst5
>
>
> On Mon, Jul 12, 2010 at 6:48 AM, Tim  wrote:
>
>> Thanks, that fixed it.
>>
>> On Jul 9, 5:10 pm, Alan Barrett  wrote:
>> > On Fri, 09 Jul 2010, Tim wrote:
>> > > # Generic config file
>> > > define config-file ($fullpath, $source) {
>> > > if $require {
>> > > require $require
>> > > }
>> > > file { $fullpath:
>> > > source => 
>> > > "puppet://puppet.hq.eso.org/modules/${source}
>> ",
>> > > backup => mainbackup,
>> > > mode => 644,
>> > > ensure => file,
>> > > group => root,
>> > > owner => root
>> > > }
>> > > }
>> >
>> > Just delete the "if" statement and the explicit "require" statement, and
>> > the right thing should happen.  Any "require" passed to your definition
>> > should propagate to the "file" resource insuide the definition
>> > automatically.
>> >
>> > --apb (Alan Barrett)
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> Jason Koppe
> jason.robert.ko...@gmail.com
> Cell (210) 445-8242
>



-- 
Jason Koppe
jason.robert.ko...@gmail.com
Cell (210) 445-8242

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Re: Problems with require inside a definition

2010-08-06 Thread Jason Koppe
I'm having similar problems, should it be:

class inittab {
define conf (
$id,
$runlevels = '123456',
$action = 'respawn',
$process
) {
$require {
$require
}

augeas {"inittab_$id":
context => "/files/etc/inittab",
changes => [
"set $id/runlevels $runlevels",
"set $id/action $action",
"set $id/process $process",
],


}
}

}

With that, I get:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not parse for environment jkoppe: Syntax error at '{'; expected '}' at
/home/jkoppe/svn/production/puppet/modules/inittab/manifests/init.pp:10 on
node indtst5

On Mon, Jul 12, 2010 at 6:48 AM, Tim  wrote:

> Thanks, that fixed it.
>
> On Jul 9, 5:10 pm, Alan Barrett  wrote:
> > On Fri, 09 Jul 2010, Tim wrote:
> > > # Generic config file
> > > define config-file ($fullpath, $source) {
> > > if $require {
> > > require $require
> > > }
> > > file { $fullpath:
> > > source => 
> > > "puppet://puppet.hq.eso.org/modules/${source}
> ",
> > > backup => mainbackup,
> > > mode => 644,
> > > ensure => file,
> > > group => root,
> > > owner => root
> > > }
> > > }
> >
> > Just delete the "if" statement and the explicit "require" statement, and
> > the right thing should happen.  Any "require" passed to your definition
> > should propagate to the "file" resource insuide the definition
> > automatically.
> >
> > --apb (Alan Barrett)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Jason Koppe
jason.robert.ko...@gmail.com
Cell (210) 445-8242

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] ANNOUNCE: Puppet 2.6.0 - Final release!

2010-08-06 Thread Douglas Garstang
On Mon, Jul 19, 2010 at 10:23 PM, James Turnbull  wrote:
> The journey was long and arduous and many fell along the way but Puppet
> Labs is proud to announce the 2.6.0 release!
>
> The 2.6.0 release is a major feature release and includes a huge variety
> of new features, fixes, updates and enhancements.  These include the
> complete cut-over from XMLRPC to the REST API, numerous language
> enhancements, a complete rewrite of the events and reporting system, an
> internal Ruby DSL, a single binary, Windows support, a new HTTP report
> processor, and a myriad of other enhancements.
>
> We've included release notes below that you can also see at:
>
> http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes

Cool. Did autoloaded module names in parameterized classes get fixed?
Ie, in the 2.6 rc I tried using, you couldn't go:

class { syslog::server: version => "1.3.13" }

Also, seems like a lot of people where having trouble getting
parameterized classes to work at all. Curious to see if that works
now.

Doug.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Module/Class Naming/Organization Best Practices

2010-08-06 Thread Douglas Garstang
On Fri, Aug 6, 2010 at 8:16 AM, Marc Zampetti  wrote:
>  All,
>
> Can anyone point me to some best practices for how one should name/organize
> classes and modules. I know that I should use modules for everything, and
> that I can references classes in one module from another class in another
> module. And I know about the class inheritance stuff.
>
> What I'm a little confused about is I've seen references to ::install and
> ::remove and stuff like that. In fact, I'm not sure if the "::" is anything
> more then naming convention, or if it means something to Puppet. Also, is
> the "modules" directory a flat directory, or can I have sub dirs? If so, how
> do I reference things in the sub dirs, or is it all just "magic".
>
> Any help is appreciated.

Marc,

I think the '::' is a naming convention, but I'm not sure since I
haven't seen it documented anywhere. Also, you can create modules in
subdirs and qualify them with '::'. For example
facility::palo_alto::appserver would be in
/etc/puppet/modules/facility/palo_alto/appserver.pp. Haven't seen that
documented either, but it works.

Doug.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: RHEL4 puppet-dashboard 1.0.3

2010-08-06 Thread George Bobeck


On Aug 6, 8:59 am, ScubaDude  wrote:
> Has anyone got dashborad-1.03 working on RHEL 4?
>
>   I'm struggling to find the ruby / rubygem RPMs for RHEL4...
>
> Thanks

While not exactly the newest versions, I was getting my Ruby RPMs from
http://rubyworks.rubyforge.org/redhat/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] define help

2010-08-06 Thread Douglas Wilson

I'm trying to create a simple CPAN type and started with the code from
this page:
http://www.windley.com/archives/2008/10/using_puppet_and_cpan.shtml

I've tried all versions of code from that page, and what I'd like to
do is:

class perl {
  define install-cpan () {
exec { "cpan_load_${name}":
  command => "perl -I.cpan -MCPAN -e '\$ENV{PERL_MM_USE_DEFAULT}
=1; install $name'",
  cwd => "/root",
  path => "/usr/bin:/usr/sbin:/bin:/sbin",
  unless => "perl -M$name -e 1",
}
  }
  package { 'perl': ensure => installed }
}

perl::install-cpan { "Bundle::CPAN": }

No matter what I try, I get an error:
err: Could not retrieve catalog from remote server: Could not intern
from pson: Could not convert from pson: Could not find relationship
target "Perl::Install-cpan[Bundle::CPAN]"

What am I doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] A lens for mucking with puppet content / modules

2010-08-06 Thread Aaron Lippold
Hi All,

I had a thought - while I was saying that I would like for all my
modules to be 'taged' x - does augeas have a lens that would allow me
to say.

Use CASE:

If I have comments where I have 'tagged' my modules, could I loop
though, look at the comments, if I find , add the label to
the class.

More generally, this may lead to thoughts of introspection, puppet
content to make puppet content or 'relative' puppet code/content.

Just a thought,

Aaron

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: purging a managed directory and exported resources

2010-08-06 Thread seph
Oh, this is 0.25.4

seph

seph  writes:

> I'm trying to use puppet to manage a directory full of files. Files are
> each a collected resource. In my case, they're part of nagios. But I
> can't really get it to work. The purge on the directory doesn't take
> into account the collected resources, so they end up racing.
>
> My code is basically:
>
> class server {
>   Nagios_service <<||>>
>
>   file { "/etc/naginator/services.d":
> ensure  => directory,
> recurse => true,
> replace => true,
> purge   => true,
> require => File["/etc/naginator"],
>   }
> }
>
> class target {
>   @@nagios_service { "check_ping-${hostname}":
> ensure=> present,
> check_command => "check_ping!100.0,20%!500.0,60%",
> use   => "generic-service",
> host_name => "$fqdn",
> target=> "/etc/naginator/services.d/ping-$fqdn.cfg",
>}
> }
>
> I see a couple of threads from last year about this, but no really
> satisfying conclusions. It sounds like most people end up adding a
> dependency which causes everything to purge and then be recreated
> anew. Which feels like a lot of churn.
>
> Do folks have a nice solution for this?
>
> seph
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: Nagios allowed hosts, how would you do it?

2010-08-06 Thread seph
FWIW When I hit this awhile ago I opened a bug
(http://projects.puppetlabs.com/issues/3720). Annoying, it was
rejected.

seph

Tore  writes:

> I just realized that this wont work, since the variable allready is
> defined. The variable must also be defined before the include, since
> it is used by the module.
>
> One way to solve this would be creating a top node which contains
> vars, which is inhereted by a subnode which have includes, which again
> is inherited by nodes.
>
> node top {
>   vars[...]
> }
>
> node second inherits {
>   includes[...]
> }
>
> node 'actual-node.example.com' inherits seconds {
>
> }
>
> Then I could create a special tree for customers, which inherits the
> right one.
>
> Hm, while I'm writing this I see that maybe I should rather make
> classes out of this rather than using nodes for this. It would make
> more sense to make a class for variabels, then a class for includes,
> then I'm able to change variabels in the middle.
>
> Any toughts`?
>
>
> On 20 Jul, 14:06, Tore  wrote:
>> Hi,
>>
>> We currently have a module `nagios` which install nrpe and nagios
>> plugins for all nodes. The default node have this module included.
>>
>> Currently we have a customer who wants to monitor their own services.
>> We will still monitor them, but they want to do their own checks, fair
>> enough.
>>
>> How would you do this? This is what I have now:
>>
>> node default {
>> [...]
>>    include nagios
>>    $nagios_allowed_hosts = ["ip1", "ip2"]
>> [...]
>>
>> }
>>
>> But we don't want to add their source IP to this list, so thought this
>> would do:
>> Keep current default node, add this:
>>
>> node special_customer inherits default {
>>     $nagios_allowed_hosts += "ip"
>>
>> }
>>
>> And then inherit all of their nodes from this rather than default.
>>
>> What do you think?
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] purging a managed directory and exported resources

2010-08-06 Thread seph
I'm trying to use puppet to manage a directory full of files. Files are
each a collected resource. In my case, they're part of nagios. But I
can't really get it to work. The purge on the directory doesn't take
into account the collected resources, so they end up racing.

My code is basically:

class server {
  Nagios_service <<||>>

  file { "/etc/naginator/services.d":
ensure  => directory,
recurse => true,
replace => true,
purge   => true,
require => File["/etc/naginator"],
  }
}

class target {
  @@nagios_service { "check_ping-${hostname}":
ensure=> present,
check_command => "check_ping!100.0,20%!500.0,60%",
use   => "generic-service",
host_name => "$fqdn",
target=> "/etc/naginator/services.d/ping-$fqdn.cfg",
   }
}

I see a couple of threads from last year about this, but no really
satisfying conclusions. It sounds like most people end up adding a
dependency which causes everything to purge and then be recreated
anew. Which feels like a lot of churn.

Do folks have a nice solution for this?

seph

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Puppet + OpenVZ

2010-08-06 Thread Rein Henrichs
Excerpts from Matthew Cluver's message of Thu Aug 05 21:48:21 -0700 2010:
> Hi Everyone,
> 
> I'm working on developing what would be an openly available module for
> puppet, to allow for the development and manipulation of virtual
> containers on OpenVZ host nodes.
> 
> Here it is on google code: http://code.google.com/p/puppet-openvz/
> 
> If you have been working on the same thing and have any code that
> you'd like to contribute it would certainly be appreciated!
> 
> Cheers & best regards,
> 
> Matt
> 

Hi Matt,

I see that you've commented on Facter bug #4156[1]. Is there any consensus
on the correct way to fix this bug? I'd like to get it resolved for
1.5.8, especially if it's affecting your work on an OpenVZ module.

[1] http://projects.reductivelabs.com/issues/4156
-- 
Rein Henrichs
http://puppetlabs.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread Richard Crowley
I use Puppet's certs to setup stunnels and do all other private
communication through those. I also reference them directly rather
than copying them around.  I haven't gone through the whole firedrill
yet but this at least seems like it won't make moving services between
hosts more painful.

Rich
(iPhoned it in.)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread Tony G.
Hi Bob,

Doing the same for LDAP+TLS, it gives me the advantage of not creating
another set of cert/key per machine, besides they are distributed with
puppet, at the beginning I was tempted to use only symlnks to them but later
I decided to make a copy of them and I've started to use like that without
issues so far.

Thanks.

On Fri, Aug 6, 2010 at 9:47 AM, Bob Belnap  wrote:

> Hello,
>
> As I've been building up my puppet infrastructure, I've started using
> puppet certs for all of my services that require ssl.  Usually this is
> in the form of links:
>
>
>file {
>"/opt/syslog-ng/etc/ca.d/b2457b50.0":
>require => Package["syslog-ng"],
>ensure => link,
>target => "/var/lib/puppet/ssl/certs/ca.pem";
>}
>
> Or copying file contents:
>
>
>file { ["/var/lib/pgsql/data/server.crt",
>"/home/postgres/.postgresql/postgresql.crt",
>"/root/.postgresql/postgresql.crt",
>]:
>source  => "/var/lib/puppet/ssl/certs/$fqdn.pem",
>owner   => postgres,
>group   => postgres,
>mode=> 600,
>}
>
>file { ["/var/lib/pgsql/data/server.key",
>"/home/postgres/.postgresql/postgresql.key",
>"/root/.postgresql/postgresql.key",
>]:
>source  => "/var/lib/puppet/ssl/private_keys/$fqdn.pem",
>owner   => postgres,
>group   => postgres,
>mode=> 600,
>}
>
>file { "/var/lib/pgsql/data/root.crt":
>source  => "/var/lib/puppet/ssl/certs/ca.pem",
>owner   => postgres,
>group   => postgres,
>mode=> 600,
>}
>
> Now pretty much any time I have a service that uses ssl, I just use
> puppet certs/keys.
>
> The advantages I see:
> * It saves me from having to maintain my own separate CA system.
> * I don't have to store sensitive certs/keys in manifests
>
> Is anyone else doing this?  Is it a good idea?  What are the potential
> pitfalls?
>
> --Bob
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Tony
http://blog.tonyskapunk.net

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] RHEL4 puppet-dashboard 1.0.3

2010-08-06 Thread Rein Henrichs
Excerpts from ScubaDude's message of Fri Aug 06 06:59:21 -0700 2010:
> Has anyone got dashborad-1.03 working on RHEL 4?
> 
>   I'm struggling to find the ruby / rubygem RPMs for RHEL4...
> 
> Thanks
> 

The packages you need should be in EPEL. Have you tried the instructions
for CentOS 5.5 in the README[1]?

[1] http://github.com/puppetlabs/puppet-dashboard/blob/master/README.markdown
-- 
Rein Henrichs
http://puppetlabs.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Puppet + OpenVZ

2010-08-06 Thread Matt Robinson
There's a Google Summer of Code student working on a libvirt module
for us right now.  It's currently alpha stage and only supports Xen
and KVM right now, not OpenVZ, but might be worth following the
progress or contributing to the code or providing feedback.

http://github.com/carlasouza/puppet-virt

Matt

On Thu, Aug 5, 2010 at 10:24 PM, Yushu Yao  wrote:
> Hi Matt,
>
> That look really cool.
> Are you planning make something similar for libvirt host node? I think 
> libvirt and OpenVZ share the same structure. If the libvirt one is done, it 
> can control OpenVZ and other VMMs
>
>
> On Aug 5, 2010, at 9:48 PM, Matthew Cluver wrote:
>
>> Hi Everyone,
>>
>> I just wanted to shoot a quick post out there,hope everyone is doing
>> well. I've been searching for people sharing this type of code, and it
>> seemed to be lacking so I decided to jump in.
>>
>> I'm working on developing what would be an openly available module for
>> puppet, to allow for the development and manipulation of virtual
>> containers on OpenVZ host nodes.
>>
>> Here it is on google code: http://code.google.com/p/puppet-openvz/
>>
>> If you have been working on the same thing and have any code that
>> you'd like to contribute it would certainly be appreciated!
>>
>> Cheers & best regards,
>>
>> Matt
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: ANNOUNCE: Puppet Dashboard 1.0.3 released

2010-08-06 Thread Ben Tullis
Hi there,

> All previous versions of Dashboard needed write access to the "db",
> "log" and "tmp" directories. Writing to the "public" directory is new to
> this version.
>

I can report that it now also needs write access to the "config"
directory.

Our dashboard has just been updated and the database migrated, but I
struggled with this error as well.
I've been using the Debian/Ubuntu packages from http://apt.puppetlabs.com
so I've had to set the permissions manually on directories within /usr/
share/puppet-dashboard

Many thanks,
Ben

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: ERB / Tagging...

2010-08-06 Thread CraftyTech
Sounds pretty interesting, specially since I always had store configs
running...  I'm now able to circle back to this issue and re-focus on
automatically generating my /etc/hosts file.  So, should the exporting
of the necessary values be done in the same class as the collection,
or should I just outline it on my default node definition.  Here's
what I have so far (and it's not working):

class hostsfile {
  @@host { "$fqdn": ip_address => $ipaddress, tags =>
"webserver" }
  Host <<| tag == "webserver" |>>
  file { "/etc/hosts": ensure => present}
  }

Another thing, how do I ensure that the contents of "file" are what
was collected via the "Host" collection?  If someone has a similar
scenario running, please share your ideas...

Thanks,




On Jul 12, 12:06 pm, Jeff McCune  wrote:
> As Patrick mentions, one solution i recommend is to enable storeconfigs and
> have each node export a host entry for itself tagged with the tag you want
> other hosts to collect.
>
> For example, each node may export it's host entry with:
> @@host { "$fqdn": ip_address => $ipaddress, tags => "webserver" }
>
> The cluster may collect these resources to build the hosts file with:
>
> Host <<|| tag == "webserver" ||>>
>
> On my phone, so parameter names may not be perfect.
>
> Hope this helps,
> --
> Jeff McCune - (+1-503-208-4484)
>
> On Jul 12, 2010, at 8:54 AM, Patrick Mohr  wrote:
>
> Take a look athttp://docs.puppetlabs.com/guides/exported_resources.html.  I
> think this will give you what you want.  *It will only work if you turn on
> storeconfigs.*
>
> On Jul 12, 2010, at 5:43 AM, CraftyTech wrote:
>
> Thanks for the feedback Jeff.  Interesting feature that I had
> unfortunately overlooked until now, but the basic question still
> remains; how would I then generate specific hostfiles based on nodes
> of the same tag? For instance, a web server to only have host entries
> for items tagged webserver only, and not one large on-size-fits-all
> file.  Thanks,
>
> On Jul 2, 9:39 pm, Jeff McCune  wrote:
>
> On Wed, Jun 30, 2010 at 10:40 AM, CraftyTech  wrote:
>
> Hello All,
>
>     Can someone point me in the right direction here.  I'm trying to
>
> create an erb template for my /etc/hosts file, so that when executed,
>
> it populates the /etc/hosts file only with entries that are tag
>
> relevant.  For instance, if a server is tagged apache, only the apache
>
> tagged entries would be populated into the /etc/hosts file.  Thanks in
>
> advance for you help.
>
> I recommend using the built in host type to model and manage entries
>
> in /etc/hosts rather than a template.
>
> Modeling your configuration using a type rather than a file will allow
>
> you to declare the resources as virtual, then simply realize them if
>
> they're tagged with the tag you care about.  In addition, you'll
>
> receive a bunch of additional features "for free" like the
>
> relationship graph, meta-parameters, reporting, etc...
>
> For example:
>
> class apache {
>
>   @host { "zaphod": ip => "1.2.3.4" }
>
> }
>
> # Realize host entries tagged with "apache"
>
> Host <| tag == "apache" |>
>
> --
>
> Jeff McCunehttp://www.puppetlabs.com/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/puppet-users?hl=en.
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group 
> athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread David Schmitt

On 8/6/2010 4:47 PM, Bob Belnap wrote:

Is anyone else doing this?  Is it a good idea?  What are the potential
pitfalls?


me too.

An important consideration is that if you distribute secrets (db 
passwords etc) with puppet, every application using puppet's key can 
also access them.



Another drawback is that you bind the service to the identity of your 
server and your shop to puppet's CA. This reduces your flexibility to 
move services between machines and it doesn't help if you need a 
customer-facing certificate from an official CA.



Best Regards, David
--
dasz.at OG  Tel: +43 (0)664 2602670 Web: http://dasz.at
Klosterneuburg UID: ATU64260999

   FB-Nr.: FN 309285 g  FB-Gericht: LG Korneuburg

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Module/Class Naming/Organization Best Practices

2010-08-06 Thread Marc Zampetti

 All,

Can anyone point me to some best practices for how one should 
name/organize classes and modules. I know that I should use modules for 
everything, and that I can references classes in one module from another 
class in another module. And I know about the class inheritance stuff.


What I'm a little confused about is I've seen references to ::install 
and ::remove and stuff like that. In fact, I'm not sure if the "::" is 
anything more then naming convention, or if it means something to 
Puppet. Also, is the "modules" directory a flat directory, or can I have 
sub dirs? If so, how do I reference things in the sub dirs, or is it all 
just "magic".


Any help is appreciated.

Marc Zampetti

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread mohit chawla
I would also like to know the same, are there any drawbacks of doing this ?

On Fri, Aug 6, 2010 at 8:41 PM, Joe McDonagh wrote:

> On 08/06/2010 10:47 AM, Bob Belnap wrote:
>
>> Hello,
>>
>> As I've been building up my puppet infrastructure, I've started using
>> puppet certs for all of my services that require ssl.  Usually this is
>> in the form of links:
>>
>>
>>
> Bob, you're absolutely right it's a big win. I didn't even use links, I
> just pointed Splunk at the puppet ssl certs.
>
> --
> --
> Joe McDonagh
> Operations Engineer
> AIM: YoosingYoonickz
> IRC: joe-mac on freenode
> "When the going gets weird, the weird turn pro."
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread Joe McDonagh

On 08/06/2010 10:47 AM, Bob Belnap wrote:

Hello,

As I've been building up my puppet infrastructure, I've started using
puppet certs for all of my services that require ssl.  Usually this is
in the form of links:

   
Bob, you're absolutely right it's a big win. I didn't even use links, I 
just pointed Splunk at the puppet ssl certs.


--
--
Joe McDonagh
Operations Engineer
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] using puppet ssl certs for other applications

2010-08-06 Thread Bob Belnap
Hello,

As I've been building up my puppet infrastructure, I've started using
puppet certs for all of my services that require ssl.  Usually this is
in the form of links:


file {
"/opt/syslog-ng/etc/ca.d/b2457b50.0":
require => Package["syslog-ng"],
ensure => link,
target => "/var/lib/puppet/ssl/certs/ca.pem";
}

Or copying file contents:


file { ["/var/lib/pgsql/data/server.crt",
"/home/postgres/.postgresql/postgresql.crt",
"/root/.postgresql/postgresql.crt",
]:
source  => "/var/lib/puppet/ssl/certs/$fqdn.pem",
owner   => postgres,
group   => postgres,
mode=> 600,
}

file { ["/var/lib/pgsql/data/server.key",
"/home/postgres/.postgresql/postgresql.key",
"/root/.postgresql/postgresql.key",
]:
source  => "/var/lib/puppet/ssl/private_keys/$fqdn.pem",
owner   => postgres,
group   => postgres,
mode=> 600,
}

file { "/var/lib/pgsql/data/root.crt":
source  => "/var/lib/puppet/ssl/certs/ca.pem",
owner   => postgres,
group   => postgres,
mode=> 600,
}

Now pretty much any time I have a service that uses ssl, I just use
puppet certs/keys.

The advantages I see:
* It saves me from having to maintain my own separate CA system.
* I don't have to store sensitive certs/keys in manifests

Is anyone else doing this?  Is it a good idea?  What are the potential
pitfalls?

--Bob

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] RHEL4 puppet-dashboard 1.0.3

2010-08-06 Thread ScubaDude
Has anyone got dashborad-1.03 working on RHEL 4?

  I'm struggling to find the ruby / rubygem RPMs for RHEL4...

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] "ensure => running" an init script that isn't actually a service ?

2010-08-06 Thread Rob McBroom
On Aug 6, 2010, at 6:56 AM, Daniel Maher wrote:

> Which is what we want, but i'm curious as to _why_ this is so, given (again) 
> that we're talking about an init script, and not a particular service that 
> sits in memory.  Granted, the effects of the script can be known - is puppet 
> smart enough to figure out what effect "service network *" ultimately has on 
> the system, or is this sort of a happy accident, or yet something else 
> entirely ?

This is just guessing from behavior I’ve witnessed, but I think Puppet calls 
`service whatever status` and looks at the exit status. 0 means “running” and 
everything else means not running.

`service network status` exits with 0 on my RHEL5 systems.

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] "ensure => running" an init script that isn't actually a service ?

2010-08-06 Thread Daniel Maher

Hello all,

Based on this post from July :
http://www.mailinglistarchive.com/html/puppet-users@googlegroups.com/2010-07/msg00124.html

The OP has this snippet running on an RHEL system :

file { "network":
...
notify => Service[network]
}

service { network:
ensure => "running",
hasstatus => "true",
hasrestart => "true",
restart => "/etc/init.d/network restart",
}

Clearly the idea is to trigger a network restart if the given file 
changes ; however, "network" isn't really a service, it's an init 
script, which means that it's not generally "running".


On a given CentOS machine, ralsh says :

$ ralsh service network
service { 'network':
enable => 'true',
ensure => 'running'
}

Which is what we want, but i'm curious as to _why_ this is so, given 
(again) that we're talking about an init script, and not a particular 
service that sits in memory.  Granted, the effects of the script can be 
known - is puppet smart enough to figure out what effect "service 
network *" ultimately has on the system, or is this sort of a happy 
accident, or yet something else entirely ?


Thank you.


--
Daniel Maher 
"The Internet is completely over." -- Prince

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] First report run fails

2010-08-06 Thread ScubaDude
Hi Guys,

  I'm getting the following error from syslog the first time a node
tries to send a report to puppet-master:

Report store failed: Got 1 failure(s) while initializing: change from
absent to directory failed: Failed to set owner to '0': Operation not
permitted - /var/log/puppet/reports/

  It creates the directories ok, puppet:puppet mode 750, but I assume
is stopping becasue of the error above.
  Although I'm not sure why it would be trying to set the owner to
root?

  puppet v 2.6.0 on RHEL 4.8

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Wacky environment column in puppet.hosts

2010-08-06 Thread Jason Koppe
http://projects.puppetlabs.com/issues/4487

On Fri, Aug 6, 2010 at 3:44 AM, James Turnbull  wrote:

> Jason Koppe wrote:
> > I installed puppet 2.6 on my master and increased dbconnections in hopes
> > that it would get me past some 0.25.5 hurdles (one described in
> >
> http://groups.google.com/group/puppet-users/browse_thread/thread/7ac829c7cb3b2d18/a58f9c8472f2dd8f
> )
> > -- the upgrade definitely helped because puppetmasterd is updating more
> > in the puppet database without a max connections limit, but I'm seeing
> > some other fun stuff.
> >
> > Below I null out the environment column, show that it's null for a
> > particular host, then run puppetd a few times on the host.
> >
> > mysql for r...@localhost on indadm1> update hosts set environment =
> NULL;
> > Query OK, 1 row affected (0.01 sec)
> > Rows matched: 99  Changed: 1  Warnings: 0
> >
>
> Jason
>
> That's a bug - can you please log a ticket.
>
> Thanks
>
> James Turnbull
>
> --
> Puppet Labs - http://www.puppetlabs.com
> C: 503-734-8571
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Jason Koppe
jason.robert.ko...@gmail.com
Cell (210) 445-8242

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Wacky environment column in puppet.hosts

2010-08-06 Thread James Turnbull
Jason Koppe wrote:
> I installed puppet 2.6 on my master and increased dbconnections in hopes
> that it would get me past some 0.25.5 hurdles (one described in
> http://groups.google.com/group/puppet-users/browse_thread/thread/7ac829c7cb3b2d18/a58f9c8472f2dd8f)
> -- the upgrade definitely helped because puppetmasterd is updating more
> in the puppet database without a max connections limit, but I'm seeing
> some other fun stuff.
> 
> Below I null out the environment column, show that it's null for a
> particular host, then run puppetd a few times on the host.
> 
> mysql for r...@localhost on indadm1> update hosts set environment = NULL;
> Query OK, 1 row affected (0.01 sec)
> Rows matched: 99  Changed: 1  Warnings: 0
> 

Jason

That's a bug - can you please log a ticket.

Thanks

James Turnbull

-- 
Puppet Labs - http://www.puppetlabs.com
C: 503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Wacky environment column in puppet.hosts

2010-08-06 Thread Jason Koppe
I installed puppet 2.6 on my master and increased dbconnections in hopes
that it would get me past some 0.25.5 hurdles (one described in
http://groups.google.com/group/puppet-users/browse_thread/thread/7ac829c7cb3b2d18/a58f9c8472f2dd8f)
-- the upgrade definitely helped because puppetmasterd is updating more in
the puppet database without a max connections limit, but I'm seeing some
other fun stuff.

Below I null out the environment column, show that it's null for a
particular host, then run puppetd a few times on the host.

mysql for r...@localhost on indadm1> update hosts set environment = NULL;
Query OK, 1 row affected (0.01 sec)
Rows matched: 99  Changed: 1  Warnings: 0

mysql for r...@localhost on indadm1> select * from hosts where name like
'iad-web2%';
++-+---+-+-+-+-+-++-+
| id | name| ip| environment |
last_compile| last_freshcheck | last_report | updated_at  |
source_file_id | created_at  |
++-+---+-+-+-+-+-++-+
|  9 | iad-web2.indeed.net | 10.24.186.136 | NULL| 2010-08-06
03:31:23 | NULL| NULL| 2010-08-06 03:31:23 |
NULL | 2010-06-08 19:47:22 |
++-+---+-+-+-+-+-++-+
1 row in set (0.00 sec)

mysql for r...@localhost on indadm1> select * from hosts where name like
'iad-web2%';
++-+---++-+-+-+-++-+
| id | name| ip| environment|
last_compile| last_freshcheck | last_report | updated_at  |
source_file_id | created_at  |
++-+---++-+-+-+-++-+
|  9 | iad-web2.indeed.net | 10.24.186.136 | --- production | 2010-08-06
03:31:23 | NULL| NULL| 2010-08-06 03:32:42 |
NULL | 2010-06-08 19:47:22 |
++-+---++-+-+-+-++-+
1 row in set (0.00 sec)

mysql for r...@localhost on indadm1> select * from hosts where name like
'iad-web2%';
++-+---+--+-+-+-+-++-+
| id | name| ip| environment  |
last_compile| last_freshcheck | last_report | updated_at  |
source_file_id | created_at  |
++-+---+--+-+-+-+-++-+
|  9 | iad-web2.indeed.net | 10.24.186.136 | --- "--- production" |
2010-08-06 03:32:50 | NULL| NULL| 2010-08-06 03:32:50
|   NULL | 2010-06-08 19:47:22 |
++-+---+--+-+-+-+-++-+
1 row in set (0.00 sec)


-- 
Jason Koppe
jason.robert.ko...@gmail.com
Cell (210) 445-8242

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.