[Puppet Users] Re: How to change the node's class or groups
follow is the log
Processing NodesController#update (for 10.1.41.81 at 2010-08-19 13:45:53) [PUT]
Parameters: {"node"=>{"name"=>"puppet.timo.com",
"node_group_names"=>[" "], "parameter_attributes"=>[{"value"=>"",
"key"=>""}], "node_class_names"=>[" "], "description"=>""},
"action"=>"update", "_method"=>"put",
"authenticity_token"=>"sV1FfxR5EAatq+BW/ApH7/JPEK9LLwmKCtBEDIvYmQI=",
"id"=>"puppet.timo.com", "controller"=>"nodes"}
Redirected to http://10.10.83.193:3000/nodes/puppet.timo.com
Completed in 40ms (DB: 0) | 302 Found
[http://10.10.83.193/nodes/puppet.timo.com]
###
Best regards
Timo Seven
blog: http://zauc.wordpress.com
twitter: http://twitter.com/zauc
Linux System Admin & MySQL DBA
在 2010年8月19日 上午11:50,Timo Seven 写道:
> Hi all:
>
> I install puppet version 2.6 and puppet dashboard 1.0.3.
>
> When I change one node's class or groups, it is invalid。 I also can
> add new class and groups. But no nodes can be in these class or
> groups.
>
> So I insert a node in a class under mysql like "insert into
> node_class_memberships values (1,1,1,'2010-08-17','2010-08-17');",
> Then I can see the first node has been in the first class.
>
>
>
>
> ###
>
> Best regards
> Timo Seven
> blog: http://zauc.wordpress.com
> twitter: http://twitter.com/zauc
> Linux System Admin & MySQL DBA
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to change the node's class or groups
Hi all: I install puppet version 2.6 and puppet dashboard 1.0.3. When I change one node's class or groups, it is invalid。 I also can add new class and groups. But no nodes can be in these class or groups. So I insert a node in a class under mysql like "insert into node_class_memberships values (1,1,1,'2010-08-17','2010-08-17');", Then I can see the first node has been in the first class. ### Best regards Timo Seven blog: http://zauc.wordpress.com twitter: http://twitter.com/zauc Linux System Admin & MySQL DBA -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Downloading files to Puppet clients from HTTP Server
* Ahmed El Gamil [2010/08/18 17:17]:
> I was working on some puppet recipe and came to the need where i
> want to download a file from an HTTP server, usually i use the
> "file" resource type with the "source" parameter to push files to
> the clients, but in this situation i just need to download the
> file directly from the HTTP server to the puppet client.
>
> By any chance, does the "source" parameter supports HTTP URLs, if
> not then how can i do that in Puppet ?
I use a simple define + wget for this kind of thing:
define download ($uri, $timeout = 300) {
exec {
"download $uri":
command => "wget -q '$uri' -O $name",
creates => $name,
timeout => $timeout,
require => Package[ "wget" ],
}
}
Use it like:
download {
"/tmp/tomcat.tar.gz":
uri =>
"http://www.ibiblio.org/pub/mirrors/apache/tomcat/tomcat-5/v5.5.30/bin/apache-tomcat-5.5.30.tar.gz";,
timeout => 900;
}
--
It's a damn poor mind that can only think of one way to spell a word.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Downloading files to Puppet clients from HTTP Server
Hi, I was working on some puppet recipe and came to the need where i want to download a file from an HTTP server, usually i use the "file" resource type with the "source" parameter to push files to the clients, but in this situation i just need to download the file directly from the HTTP server to the puppet client. By any chance, does the "source" parameter supports HTTP URLs, if not then how can i do that in Puppet ? Thanks in advance -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Immediate puppetrun with splay
Just to clarify - the "--onetime" is for testing. On Aug 18, 4:16 pm, Rustler wrote: > Add --onetime > > That works for me. > > On Aug 17, 9:42 am, Bernhard Miklautz > wrote: > > > Hi, > > > when splay is enabled on a client and a run is triggered with puppetrun, > > a new random time is picked before the run is started (second last and > > last line): > > > puppetd --no-daemonize --verbose > > info: Loading fact nrpe_collect > > info: Loading fact envname > > info: Loading fact want_ntp > > info: Loading fact hnhostname > > info: Starting handler for Runner > > info: Starting server for Puppet version 0.24.8 > > info: Listening on port 8139 > > notice: Starting Puppet client version 0.24.8 > > info: Sleeping for 1605 seconds (splay is enabled) > > > > notice: puppetmaster.test.local(10.0.0.12) triggered run > > info: Sleeping for 1486 seconds (splay is enabled) > > > Is there a way I can tell the client to start the run immediately? > > > Thank you. > > Best regards, > > Bernhard > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Immediate puppetrun with splay
Add --onetime That works for me. On Aug 17, 9:42 am, Bernhard Miklautz wrote: > Hi, > > when splay is enabled on a client and a run is triggered with puppetrun, > a new random time is picked before the run is started (second last and > last line): > > puppetd --no-daemonize --verbose > info: Loading fact nrpe_collect > info: Loading fact envname > info: Loading fact want_ntp > info: Loading fact hnhostname > info: Starting handler for Runner > info: Starting server for Puppet version 0.24.8 > info: Listening on port 8139 > notice: Starting Puppet client version 0.24.8 > info: Sleeping for 1605 seconds (splay is enabled) > > notice: puppetmaster.test.local(10.0.0.12) triggered run > info: Sleeping for 1486 seconds (splay is enabled) > > Is there a way I can tell the client to start the run immediately? > > Thank you. > Best regards, > Bernhard -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] info: Retrieving plugin, err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': undefined method `closed?' for nil:NilClass
I'm not really sure the problem is a Plugin problem!! Note than a puppet client was installed, i change the setting of ip/hosname and try to re inscription the node to puppetmaster. I would like to understand what happen. The errors/warnings messages are not very easy to understand and sometime i'm lost. thank you for you advice. Eric Puppet version: 0.25.4-2ubuntu6 "Lucid Ubuntu distrib x64" The puppetmaster had signed the puppetclient amn-srv- linux.amn.fu.int.DOMAIN :OK When i launch the command: puppetd --server puppetmaster.DOMAIN --test -v I get this message: warning: peer certificate won't be verified in this SSL session info: Caching certificate for amn-srv-linux.DOMAIN info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': undefined method `closed?' for nil:NilClass err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: undefined method `closed?' for nil:NilClass Could not retrieve file metadata for puppet://puppetmaster.DOMAIN: undefined method `closed?' for nil:NilClass err: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run --- The same message on debug mode: --- puppetd --server puppetmaster.DOMAIN --test -d debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderLdap: true value when expecting false debug: Failed to load library 'ldap' for feature 'ldap' debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/ lib/puppet] debug: /File[/var/lib/puppet/ssl/public_keys/amn-srv- linux.amn.DOMAIN.pem]: Autorequiring File[/var/lib/puppet/ssl/ public_keys] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/ var/lib/puppet/ssl/certs] debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/ lib/puppet/state] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys/amn-srv- linux.amn.DOMAIN.pem]: Autorequiring File[/var/lib/puppet/ssl/ private_keys] debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/certs/amn-srv-linux.amn.DOMAIN.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: Finishing transaction 70308735731240 with 0 changes debug: Using cached certificate for ca, good until Fri Jul 10 16:01:22 UTC 2015 debug: Using cached certificate for amn-srv-linux.amn.DOMAIN, good until Sun Aug 16 19:09:29 UTC 2015 info: Retrieving plugin debug: Using cached certificate for ca, good until Fri Jul 10 16:01:22 UTC 2015 debug: Using cached certificate for amn-srv-linux.amn.DOMAIN, good until Sun Aug 16 19:09:29 UTC 2015 err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': undefined method `closed?' for nil:NilClass debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: undefined method `closed?' for nil:NilClass Could not retrieve file metadata for puppet://puppetmaster.DOMAIN/plugins: undefined method `closed?' for nil:NilClass debug: Finishing transaction 70308735417700 with 0 changes debug: Executing '/etc/puppet/etckeeper-commit-pre' debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml; using pson err: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run debug: Executing '/etc/puppet/etckeeper-commit-post' -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegro
Re: [Puppet Users] custom functions from a module in a different environment
This feature is not supported until 2.6 (and I have seen some issues with 2.6 http://projects.puppetlabs.com/issues/4409) . I would recommend either: 1. trying your use case with 2.6 2. keep a single copy of your plugins in the puppetmaster's modulepath. hope this helps, Dan On Wed, Aug 18, 2010 at 3:38 AM, Darren Worrall wrote: > Hey folks, > > I have just created a puppet environment called testing by adding the > following to puppet.conf on the puppetmaster: > > [testing] >manifest = /etc/puppet/testing/manifests/site.pp >modulepath = /etc/puppet/testing/modules > > We are collecting all our customisations into a module, lets say > mymodule, and I'm writing a custom function within that, and it lives > in /etc/puppet/testing/modules/mymodule/lib/puppet/parser/functions/ > myfunc.rb > > When call that function, on a host in that environment, puppet throws > an error ( Error 400 on SERVER: Unknown function myfunc at /etc/puppet/ > testing/modules/mymodule/manifests/classes/manifestfile.pp:29 ). If I > copy myfunc.rb to the same location in the live module path, it works. > > So, I'm getting the manifests from the testing environment, but the > functions from live :/ The documentation for custom functions says > that the search path for them in $modulepath/, and > $modulepath is set correctly in puppet.conf (indeed I'm getting the > correct manifest files). I imagine I'm missing a config file directive > - any pointers? > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] nginx - mongrel - fair proxy balancer
On Wed, 2010-08-18 at 14:55 +0200, Peter Meier wrote: > I recently came across > http://www.brainspl.at/articles/2007/11/09/a-fair-proxy-balancer-for-nginx-and-mongrel > and wanted to share the experience with it: > > I tested it on my nginx-mongrel setup and it improved the speed of my > client runs heavily. If you have a look at how the improved balancer is > working then this balancer is what you should use for an > nginx->puppetmaster setup: > > Puppet clients are asking masters for: > > * catalogs (rather long and big requests) > * file metadata (rather small and fast requests) > * file sources (can be offloaded to nginx or apache thanks to the new > rest interface and on 2.6 it's also "faster") > > Furthermore, they PUT "reports" on the master. > > I think these points cover more or less all relevant parts of the > communication between client and master. This is a nice (and correct) summary of the client/master interactions. You can add to this list the remote file-bucket, certificates signing and a few other esoterical interactions. > During a pupet client run, there are first a bunch of file > metadata/sources (plugins/facts) request, then the catalog request, then > a lot of file metadata requests and probably some file source requests. > At the end the reports (if configured) are PUT on the server. > > The default load balancer of nginx is just round-robin, which means more > or less that the the first requests goes to the first backend server, > the second to the second and so on. This is fine in most cases. However > as catalogs requests can lost for more than a couple dozen seconds the > mongrel distance dealing with the catalog request is busy compiling and > not responding to any other requests. This means that if one client is > asking for a catalog every 4th probably small and fast request will be > stuck in the queue for the busy instance. If there are currently 2 > clients asking for catalogs every second request gets already stuck. > etc. This means that clients asking for metadata are slowed down, > because their requests get stuck in the busy queue. The whole issue is that ruby threading model is really poor (ie green threads). Mongrel accepts the downstream connections, create a new ruby thread and let it run. Unfortunately the ruby interpreter doesn't schedule this one, since another thread (the compilation one) is still using the CPU (and by definition green threads are not preempted). So this new thread just waits the other to finish. > The fair proxy scheduler tries to keep track of the busy instances and > does redirect requests to other (probably more free) instances, hence > the requests are served much faster. For further discussion have a look > at http://www.ruby-forum.com/topic/132604 Yes, but that's just a cure of a symptom that really shouldn't exist. Using JRuby (and its native threading) instead of MRI you should be able to serve several compilations and file metadatas/sources at the same time (indeed improving the concurrency). You can try puppet-load (in 2.6) to measure the concurrency of your master. > Before using the fair proxy scheduler I had a lot of clients that were > just sitting there and waiting for something. If your ran them with > debug, you could see that they were often waiting for file metadata > requests. Using the fair proxy scheduler I could more or less get rid > off these waiting requests and the client runs pass now much faster and > without getting stucked. I think you might also see better concurrency with Nginx+Unicorn (even with the regular nginx load balancer). > I have added a paragraph about the fair proxy scheduler to the wiki page > about the nginx-mongrel setup. If you have any comments or further > notes, just add them. Thanks. -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] nginx - mongrel - fair proxy balancer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I recently came across http://www.brainspl.at/articles/2007/11/09/a-fair-proxy-balancer-for-nginx-and-mongrel and wanted to share the experience with it: I tested it on my nginx-mongrel setup and it improved the speed of my client runs heavily. If you have a look at how the improved balancer is working then this balancer is what you should use for an nginx->puppetmaster setup: Puppet clients are asking masters for: * catalogs (rather long and big requests) * file metadata (rather small and fast requests) * file sources (can be offloaded to nginx or apache thanks to the new rest interface and on 2.6 it's also "faster") Furthermore, they PUT "reports" on the master. I think these points cover more or less all relevant parts of the communication between client and master. During a pupet client run, there are first a bunch of file metadata/sources (plugins/facts) request, then the catalog request, then a lot of file metadata requests and probably some file source requests. At the end the reports (if configured) are PUT on the server. The default load balancer of nginx is just round-robin, which means more or less that the the first requests goes to the first backend server, the second to the second and so on. This is fine in most cases. However as catalogs requests can lost for more than a couple dozen seconds the mongrel distance dealing with the catalog request is busy compiling and not responding to any other requests. This means that if one client is asking for a catalog every 4th probably small and fast request will be stuck in the queue for the busy instance. If there are currently 2 clients asking for catalogs every second request gets already stuck. etc. This means that clients asking for metadata are slowed down, because their requests get stuck in the busy queue. The fair proxy scheduler tries to keep track of the busy instances and does redirect requests to other (probably more free) instances, hence the requests are served much faster. For further discussion have a look at http://www.ruby-forum.com/topic/132604 Before using the fair proxy scheduler I had a lot of clients that were just sitting there and waiting for something. If your ran them with debug, you could see that they were often waiting for file metadata requests. Using the fair proxy scheduler I could more or less get rid off these waiting requests and the client runs pass now much faster and without getting stucked. I have added a paragraph about the fair proxy scheduler to the wiki page about the nginx-mongrel setup. If you have any comments or further notes, just add them. cheers pete -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxr2DgACgkQbwltcAfKi3+E/QCgmvAIFroqFdA4eTyJDV2BW/ZZ zD0AnAwvrkR1yniZh9x3Xg+IpK20JEx5 =5hKX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf in puppet 2.6 with Apache + Passenger
Ah, cool. That kind of information is good to know. I have to redo all this
anyway (this is our dev build) so under the hood info is great. Thanks
again!
On Wed, Aug 18, 2010 at 6:28 PM, Patrick Mohr wrote:
>
> On Aug 17, 2010, at 9:51 PM, Sven Schott wrote:
>
> The config file said those were only used with mongrel so I didn't
> uncomment them. However, after fiddling for while I found that I had missed
> the exact same thing on the apache virtual hosts config. The following lines
> were missing:
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> which *are* in the instructions on the puppet wiki but not on the
> instructions I had. Once I added that to the virtual hosts config,
> everything went peachy. Thanks for the reply anyways. I appreciate it.
>
>
> That's half true. Basically, apache and puppet use different header names
> for the same thing be default, so you can either tell apache to name them
> differently, or tell puppet to look for different header.
>
> On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr wrote:
>
>> I think you might have missed this bit:
>>
>> *Setup your puppet.conf*
>>
>> *Make sure you have the following set in your puppetmaster’s puppet.conf:
>> *
>>
>> *[puppetmasterd]*
>>
>> *ssl_client_header = SSL_CLIENT_S_DN*
>>
>> *ssl_client_verify_header = SSL_CLIENT_VERIFY*
>>
>>
>> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott wrote:
>>
>>> Hi everyone
>>>
>>> I'm having a problem with a clean install of puppet (2.6.0) on a Mac
>>> server (Mac OS 10.5.8). I set up puppet initially with MySQL and the
>>> puppetmaster standalone (Webrick) and that works fine. Clients can connect
>>> and there are no problems. But when I configured it to use Apache and
>>> Passenger, the client responds that the request is forbidden.
>>>
>>> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
>>> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/
>>> XXX.XXX.XXX [find] at line 97
>>>
>>> So after going through the mailing lists and google I've found that the
>>> auth.conf file is the problem. I have stock standard auth.conf which looks
>>> like this:
>>>
>>> http://pastie.org/1098939
>>>
>>> And yes, adding auth no to the first four methods does make it work, but
>>> I know that's not the problem (or the solution). Am I missing something? Is
>>> it a bug or PEBKAC?
>>>
>>> Some of the relevant puppet.conf entries
>>>
>>> vardir = /var/lib/puppet
>>> confdir = /etc/puppet
>>> puppetdlog = '$logdir/puppetd.log'
>>> logdir = '$vardir/log'
>>> rest_authconfig = '$confdir/auth.conf'
>>> masterlog = '$logdir/puppetmaster.log'
>>>
>>> The Gem versions I am using:
>>>
>>> facter (1.5.7)
>>> mongrel (1.1.5)
>>> passenger (2.2.15)
>>> puppet (2.6.0)
>>> rack (1.2.1, 1.1.0)
>>> ruby-mysql (2.9.3)
>>>
>>> The backtrace on the server is:
>>>
>>> http://pastie.org/1098964
>>>
>>> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>>>
>>> Virtualhost entry in apache looks like this:
>>>
>>> http://pastie.org/1098973
>>>
>>> and the config.ru file looks like this:
>>>
>>> http://pastie.org/1098974
>>>
>>> The client and server certs are fine (standalone works fine) and there
>>> are no connectivity problems between the client and server.
>>>
>>> Anyone seen this or have any ideas? Any help would be greatly
>>> appreciated.
>>>
>>> Regards
>>>
>>> Sven Schott
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-us...@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com
>>> .
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] custom functions from a module in a different environment
Hey folks, I have just created a puppet environment called testing by adding the following to puppet.conf on the puppetmaster: [testing] manifest = /etc/puppet/testing/manifests/site.pp modulepath = /etc/puppet/testing/modules We are collecting all our customisations into a module, lets say mymodule, and I'm writing a custom function within that, and it lives in /etc/puppet/testing/modules/mymodule/lib/puppet/parser/functions/ myfunc.rb When call that function, on a host in that environment, puppet throws an error ( Error 400 on SERVER: Unknown function myfunc at /etc/puppet/ testing/modules/mymodule/manifests/classes/manifestfile.pp:29 ). If I copy myfunc.rb to the same location in the live module path, it works. So, I'm getting the manifests from the testing environment, but the functions from live :/ The documentation for custom functions says that the search path for them in $modulepath/, and $modulepath is set correctly in puppet.conf (indeed I'm getting the correct manifest files). I imagine I'm missing a config file directive - any pointers? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] auth.conf in puppet 2.6 with Apache + Passenger
On Aug 17, 2010, at 9:51 PM, Sven Schott wrote:
> The config file said those were only used with mongrel so I didn't uncomment
> them. However, after fiddling for while I found that I had missed the exact
> same thing on the apache virtual hosts config. The following lines were
> missing:
>
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> which are in the instructions on the puppet wiki but not on the instructions
> I had. Once I added that to the virtual hosts config, everything went peachy.
> Thanks for the reply anyways. I appreciate it.
That's half true. Basically, apache and puppet use different header names for
the same thing be default, so you can either tell apache to name them
differently, or tell puppet to look for different header.
> On Wed, Aug 18, 2010 at 1:19 PM, Patrick Mohr wrote:
> I think you might have missed this bit:
>
> Setup your puppet.conf
>
> Make sure you have the following set in your puppetmaster’s puppet.conf:
>
> [puppetmasterd]
>
> ssl_client_header = SSL_CLIENT_S_DN
>
> ssl_client_verify_header = SSL_CLIENT_VERIFY
>
>
>
> On Tue, Aug 17, 2010 at 5:59 PM, Sven Schott wrote:
> Hi everyone
>
> I'm having a problem with a clean install of puppet (2.6.0) on a Mac server
> (Mac OS 10.5.8). I set up puppet initially with MySQL and the puppetmaster
> standalone (Webrick) and that works fine. Clients can connect and there are
> no problems. But when I configured it to use Apache and Passenger, the client
> responds that the request is forbidden.
>
> err: Could not retrieve catalog from remote server: Error 403 on SERVER:
> Forbidden request: XXX.XXX.XXX(xx.xx.xx.xx) access to /catalog/XXX.XXX.XXX
> [find] at line 97
>
> So after going through the mailing lists and google I've found that the
> auth.conf file is the problem. I have stock standard auth.conf which looks
> like this:
>
> http://pastie.org/1098939
>
> And yes, adding auth no to the first four methods does make it work, but I
> know that's not the problem (or the solution). Am I missing something? Is it
> a bug or PEBKAC?
>
> Some of the relevant puppet.conf entries
>
> vardir = /var/lib/puppet
> confdir = /etc/puppet
> puppetdlog = '$logdir/puppetd.log'
> logdir = '$vardir/log'
> rest_authconfig = '$confdir/auth.conf'
> masterlog = '$logdir/puppetmaster.log'
>
> The Gem versions I am using:
>
> facter (1.5.7)
> mongrel (1.1.5)
> passenger (2.2.15)
> puppet (2.6.0)
> rack (1.2.1, 1.1.0)
> ruby-mysql (2.9.3)
>
> The backtrace on the server is:
>
> http://pastie.org/1098964
>
> Ruby version is : ruby 1.8.7 (2009-06-12 patchlevel 174)
>
> Virtualhost entry in apache looks like this:
>
> http://pastie.org/1098973
>
> and the config.ru file looks like this:
>
> http://pastie.org/1098974
>
> The client and server certs are fine (standalone works fine) and there are no
> connectivity problems between the client and server.
>
> Anyone seen this or have any ideas? Any help would be greatly appreciated.
>
> Regards
>
> Sven Schott
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
