[Puppet Users] Re: SLES11 facter problems
Disregard my question, for some reason I already had an old version of puppet and facter on my new SLES11 machines. After removing the old version it worked flawlessly. On Oct 21, 3:29 pm, Andreas Paul a.p...@enbw.com wrote: I installed the 2.6.2 puppet and facter 1.5.8 gems and tried to run puppet, but it failed with the following message: err: Could not run Puppet configuration client: Could not retrieve local facts: uninitialized constant Facter::IPAddress Then I tried running facter alone: # facter /usr/lib64/ruby/vendor_ruby/1.8/facter/ipmess.rb:19: uninitialized constant Facter::IPAddress (NameError) After that I tried commenting lines 17-46 from /usr/lib64/ruby/ vendor_ruby/1.8/facter/ipmess.rb but to no avail: # facter /usr/lib64/ruby/gems/1.8/gems/facter-1.5.8/lib/facter/util/ manufacturer.rb:36:in `dmi_find_system_info': undefined method `each_pair' for Type::String (NoMethodError) Is this a known bug? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] FreeBSD puppetd CSRs being ignored by puppetmaster
On 10/21/2010 03:01 AM, sasepp wrote: Hi, I'm trying to deploy puppetd 0.25.4 (from ports) on two servers running FreeBSD 8.0-RELEASE and 8.1-RELEASE. Are you sure you installed this from ports? Ports currently has version 2.6.2. -- Russell A. Jackson r...@csub.edu Network Analyst California State University, Bakersfield -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] problem w/ puppet augeus : xinetd.d/rsync server_args value
On Oct 22, 2010, at 6:09 AM, Daniel Maher wrote: I would like to have the following line (among others) in my /etc/xinetd.d/rsync file : server_args = --daemon --address=ipaddress_eth0 --log-file=/var/log/rsyncd.log To this end, i am using the camptocamp rsyncd module available from git. Everything works except this line. I thought it was, perhaps, a questions of spaces (this has been discussed on the list before), but according to the documentation here : http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas All that i should need to do is to enclose the space-filled value in quotes, like so : set server_args/value '--daemon --address=$ipaddress_eth0 --log-file=/var/log/rsyncd.log' That looks more or less correct. Have you experimented with augtool to see if anything works there? Some quick poking around makes me think value won't work. You might need to say value[1] or value[last()] or something. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ANNOUNCE: Puppet Dashboard 1.0.4 released!
I cloned the git repository and it checked out v1.0.3 without me noticing. After git pull I had the v1.0.4 source code. On Oct 20, 11:02 pm, Igal Koshevoy i...@pragmaticraft.com wrote: Andreas, This error message indicates that the Puppet Dashboard won't start because your application version is older than your database schema. Specifically, your Puppet Dashboard code is expecting the schema shipped with v1.0.3 (schema 20100726070117), but your actual database schema is the one used by v1.0.4rc2 and v1.0.4 (schema 20100916183948). I strongly suspect that you have two different copies of the Puppet Dashboard installed: the v1.0.4 that you ran `rake db:migrate` against, and the v1.0.3 that Apache is configured to use. Please check the paths your webserver is using to ensure that they point to the expected version by checking the VERSION file in the Puppet Dashboard directory. At the very least, you should be able to go into the Puppet Dashboard directory, confirm that it's v1.0.4, and then run `./script/server -e production` to get it running again until you figure out what's going on with your webserver. -igal On Wed, Oct 20, 2010 at 4:42 AM, Andreas Paul a.p...@enbw.com wrote: I get the following error: Database isn't the current migration version: expected 20100726070117, got 20100916183948 You must either run 'rake db:migrate' or set environmental variable NO_MIGRATION_CHECK I upgraded from 1.0.4rc2 and did run 'rake RAILS_ENV=production db:migrate' before restarting apache. On Oct 20, 1:59 am, James Turnbull ja...@puppetlabs.com wrote: We're pleased to announce the availability of Puppet Dashboard 1.0.4! This is a maintenance release, it fixes a number of bugs, improves the user interface, significantly boosts performance and includes better RPM and DEB packages. The source code of 1.0.4 is identical to 1.0.4rc2. Please upgrade to this stable release and let us know about any issues on the mailing list (http://groups.google.com/group/puppet-users/), or in the ticket tracker with an Affected Version of 1.0.4 (http://projects.puppetlabs.com/projects/dashboard/). If you're interested in what we're hoping to work on next, please see our roadmap (http://projects.puppetlabs.com/projects/dashboard/roadmap/). We would also appreciate it if you watched and commented on those tickets that are important to you. INSTALLING AND UPGRADING: New installation and upgrading instructions are available in the included README, which you can also read online at: http://github.com/puppetlabs/puppet-dashboard/blob/v1.0.4/README.mark... IMPORTANT: This release involves database migrations. Please see the README.markdown for instructions on applying them. USING RPM AND DEB PACKAGES: Install an the software using packages, which will put the files into your /usr/share/puppet-dashboard directory: Install the RPM package for CentOS or RHEL 5.5 by running: sudo sh -c rpm -Uvhhttp://yum.puppetlabs.com/base/puppetlabs-repo-3.0-2.noarch.rpm;\ rpm -Uvhhttp://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.no... \ yum install puppet-dashboard Or install the DEB package for Ubuntu 10.04: 1. Put the following in your /etc/apt/sources.list.d/puppet-labs.list file: debhttp://apt.puppetlabs.com/ubuntulucidmain deb-srchttp://apt.puppetlabs.com/ubuntulucidmain 2. Run the command: sudo sh -c wget -q -O -http://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs|sudo apt-key add - \ apt-get update apt-get install puppet-dashboard USING THE SOURCE: You can download the release candidate from: http://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.0.4.tgz Or check it out using git: git clone git://github.com/puppetlabs/puppet-dashboard.git \ cd puppet-dashboard \ git checkout v1.0.4 RELEASE NOTES: v1.0.4 -- * MIGRATION: Fixed truncation of long reports and deleted these invalid records. Please reimport your reports (see README) after migrating to readd these deleted reports. * MIGRATION: Fixed slow database queries and improved table indexes to speed up the home page, reports listing page, site-wide sidebar, nodes counts, and selection of nodes over time. * MIGRATION: Fixed orphaned records left behind when classes or groups were deleted, and removed these orphans from the database. * MIGRATION: Fixed duplicate membership records by removing them and preventing new ones from being added, e.g. a node belongs to the same class or group multiple times. * Fixed user interface for specifying classes and groups to work with standards-compliant browsers, autocomplete on keystroke rather than submitting, etc. * Fixed default node search, it was incorrectly using the ever failed node query rather than the all nodes query. * Fixed .rpm and .deb packages to include all required files, declare all dependencies,
Re: [Puppet Users] problem w/ puppet augeus : xinetd.d/rsync server_args value
On Oct 22, 2010, at 8:33 AM, Rob McBroom wrote: Some quick poking around makes me think value won't work. You might need to say value[1] or value[last()] or something. Looking further, here's an example from `tftp`: /files/etc/xinetd.d/tftp/tftp/server_args /files/etc/xinetd.d/tftp/tftp/server_args/value[1] = -s /files/etc/xinetd.d/tftp/tftp/server_args/value[2] = /tftpboot You might need to assign each one individually, like value[1] '--daemon' value[2] '--address=$ipaddress_eth0' value[3] '--log-file=/var/log/rsyncd.log' -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem overriding file resource in 2.6.x
On Oct 21, 7:54 am, Arnaud Gomes-do-Vale arnaud.go...@ircam.fr wrote: class ssh::server { [...] file { /etc/ssh/sshd_config: source = puppet:///modules/ssh/sshd_config, owner = root, group = root, mode = 0400, notify = Service[$servicename], } } class ssh::server::forceip inherits ssh::server { File[/etc/ssh/sshd_config] { content = template(ssh/sshd_config.erb), source = undef, } } Everything works as intended with 0.25.x clients (with 0.25.x or 2.6.x puppetmaster). I have a test puppetmaster running 2.6.x (both client and server, I use RPM packages from tmz-puppet repo: puppet{,-server}-2.6.3-0.2.rc1.el5). This host includes the ssh::server::forceip class. From time to time, the sshd_config file from the ::forceip class gets overwritten by the generic one, then comes back on the next run. I can't see anything changing between runs; the ssh::server::forceip class is still in classes.txt. What am I doing wrong? Are you sure that your sshd_config.erb template is not to blame? That is, could it under some circumstances produce output that looks like the generic file? If the template is not the problem then I would suspect the fact that you are using both the 'source' and the 'content' properties of the file (but if that's it, then I'd account it a Puppet bug). Even though ::sourceip overrides 'source' to undef, it would be cleaner either for both to use 'source' or for both to use 'content'. Converting a static source file to a template should be trivial. You might consider, however, doing away with the ::forceip subclass altogether, relying instead on a single template to handle all nodes. The template would probably be a bit more complicated than your current one, but you would get rid of an entire class and an entire static file from you configuration -- probably a win overall. Cheers, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] show dependency tree?
On Thu, Oct 21, 2010 at 5:12 PM, Matt Wise w...@wiredgeek.net wrote: I'd really like to see puppet-dashboard do this dynamically show you these graphs by pointing puppet dashboard to a local copy of your puppet configs... Thoughts? I'm not sure dashboard is the right place for this, but I think we all would like to some visualisation tools that run against the local catalog with a bit more detail than the current graph output. On Oct 20, 2010, at 11:39 AM, Mohit Chawla wrote: You can do that by enabling graphs to be generated, in puppet.conf or as an argument to the client daemon. On Wed, Oct 20, 2010 at 9:34 PM, jb jeffb...@gmail.com wrote: Is there a way to view the resource relationship tree for a class (or all classes)? I'd like an easy way for our admins to see things like what classes refer to the same resource, which classes require another class, etc. thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Accessing Facter in other languages than Ruby?
Hi all, We're writing a few scripts at the moment that could really make use of Facter, however the vast majority of them team (including my self!) are not proficient in Ruby, however they are highly proficient in other languages such as (dare I say it!) Python. Is there (or are there any plans to!) release bindings for other languages to enable facts to be used in scripts other than puppet. Kind regards, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Accessing Facter in other languages than Ruby?
On Fri, Oct 22, 2010 at 8:41 AM, Matt Wallace li...@truthisfreedom.org.ukwrote: Hi all, We're writing a few scripts at the moment that could really make use of Facter, however the vast majority of them team (including my self!) are not proficient in Ruby, however they are highly proficient in other languages such as (dare I say it!) Python. Is there (or are there any plans to!) release bindings for other languages to enable facts to be used in scripts other than puppet. This is on the Facter roadmap, but I don't have a rough date for you. http://projects.puppetlabs.com/issues/2157 is the bug you should watch if you want to help out or just keep up to date on progress. Feedback in that bug log more than appreciated. Kind regards, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Accessing Facter in other languages than Ruby?
We're writing a few scripts at the moment that could really make use of Facter, however the vast majority of them team (including my self!) are not proficient in Ruby, however they are highly proficient in other languages such as (dare I say it!) Python. Many of the facts already fork so wiring in the command-line facter tool might not be a bad idea and is certainly possible right now. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Upgrade to 2.6: Cannot use class name as tag anymore?
Daniel Kerwin wrote: i just upgraded some servers to Puppet 2.6.2 and it seems like it's not possible to use class names as tags anymore. I haven't found any documentation about this except a bug for 2.6.1 that should be fixed (http://projects.puppetlabs.com/issues/4631). # ~ # puppet agent --test --noop --tags main::firewall Have you tried using just --tags firewall? I've never tested with main:: prefixed. But using the classname works for me with 2.6.3rc1. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Unquestionably, there is progress. The average American now pays out twice as much in taxes as he formerly got in wages. -- H. L. Mencken pgpjWqIpkzbrU.pgp Description: PGP signature
Re: [Puppet Users] Accessing Facter in other languages than Ruby?
* Richard Crowley r at rcrowley.org [2010/10/22 08:57]: We're writing a few scripts at the moment that could really make use of Facter, however the vast majority of them team (including my self!) are not proficient in Ruby, however they are highly proficient in other languages such as (dare I say it!) Python. Many of the facts already fork so wiring in the command-line facter tool might not be a bad idea and is certainly possible right now. I was thinking that, too: import os facts = {} for fact in os.popen(facter).readlines(): n, v = fact.split( = ) facts[ n ] = v.rstrip() That gives you the facts as a dictionary. -- If not for coffee, I'd have no use for water at all. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Training in the UK
Hi all, I've asked my company to send me on the training in London at the end of November, however owing to budget restraints I've been asked to investigate training next year instead. Does anyone know when the next round of training will be in the UK after November? Thanks, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pulling in a Hash from an external data source?
Hello Richard, Am 22.10.2010 02:41, schrieb Richard Crowley: On Thu, Oct 21, 2010 at 5:17 PM, Matt Wise w...@wiredgeek.net wrote: I have a scenario where I'd like to pull in a hash table from an external file (really, a generate() function.. but for testing purposes, a file will do)... is there any way to do that? You probably want the extlookup function: http://docs.puppetlabs.com/references/latest/function.html#extlookup i do not think that extlookup is the solution we are looking for, because it is not powerful enough. For some kind of modules you will need the relation between host an ip, or host an service. At the moment, i am using a bunch of if/else cases, but a hash or function which is parsing a *.yaml file would be more powerful. The Debian project has found a nice way to handle this. http://git.debian.org/?p=mirror/dsa-puppet.git;a=blob_plain;f=manifests/site.pp;hb=HEAD http://git.debian.org/?p=mirror/dsa-puppet.git;a=tree;f=files/etc/puppet/lib/puppet/parser/functions;hb=HEAD Regards, Dennis signature.asc Description: OpenPGP digital signature
[Puppet Users] autosign by IP address range
Hello All. I read in an earlier post at http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results that as of puppet v24.4, autosigning did not support IP addresses. I am running v25.5. Is this still the case? Cheers, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet-zenoss plugin
Hello All, I'm testing the puppet-zenoss plugin: http://github.com/mamba/puppet-zenoss I'm able to export and collect host properly. I however, can't get the provider to work. I can't see much of the provider or type from running puppetmaster in debug/verbose mode. Are there any tools to test out a provider and/type? Also, if anyone has this module working, please share your init, provider and type files... Thanks, Henry -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] autosign by IP address range
On Oct 22, 2010, at 10:39 AM, dagrundy wrote: Hello All. I read in an earlier post at http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results that as of puppet v24.4, autosigning did not support IP addresses. I am running v25.5. Is this still the case? I don't think this is supported. How do you want it to work? Are you saying that any certificate request from a given range should be autosigned, or are you saying that the ipaddress should be made into the certificate name? The first sounds like a huge security hole to me, and the second isn't very hard to do if you manually set certname (on the client) before the first startup. Then you use that name in your autosign.conf. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pulling in a Hash from an external data source?
Agreed... I use extlookup for our external arrays — but I cannot use it for hash's. Hashes are sometimes the only sane way to go, so I'm hoping to see more advanced hash support soon. Really we have a case where we're going to be pulling live data from a SQL database during each run, and dumping it out in a hash format of some kind is the best thing for our use-case. —Matt On Oct 22, 2010, at 9:50 AM, Dennis Hoppe wrote: Hello Richard, Am 22.10.2010 02:41, schrieb Richard Crowley: On Thu, Oct 21, 2010 at 5:17 PM, Matt Wise w...@wiredgeek.net wrote: I have a scenario where I'd like to pull in a hash table from an external file (really, a generate() function.. but for testing purposes, a file will do)... is there any way to do that? You probably want the extlookup function: http://docs.puppetlabs.com/references/latest/function.html#extlookup i do not think that extlookup is the solution we are looking for, because it is not powerful enough. For some kind of modules you will need the relation between host an ip, or host an service. At the moment, i am using a bunch of if/else cases, but a hash or function which is parsing a *.yaml file would be more powerful. The Debian project has found a nice way to handle this. http://git.debian.org/?p=mirror/dsa-puppet.git;a=blob_plain;f=manifests/site.pp;hb=HEAD http://git.debian.org/?p=mirror/dsa-puppet.git;a=tree;f=files/etc/puppet/lib/puppet/parser/functions;hb=HEAD Regards, Dennis -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Pulling in a Hash from an external data source?
- Matt Wise w...@wiredgeek.net wrote: Agreed... I use extlookup for our external arrays — but I cannot use it for hash's. Hashes are sometimes the only sane way to go, so I'm hoping to see more advanced hash support soon. Really we have a case where we're going to be pulling live data from a SQL database during each run, and dumping it out in a hash format of some kind is the best thing for our use-case. I've patched the 2.6.x extlookup to support hashes but people dont seem to keen on the idea, feel free to vote on the ticket http://projects.puppetlabs.com/issues/4433 —Matt On Oct 22, 2010, at 9:50 AM, Dennis Hoppe wrote: Hello Richard, Am 22.10.2010 02:41, schrieb Richard Crowley: On Thu, Oct 21, 2010 at 5:17 PM, Matt Wise w...@wiredgeek.net wrote: I have a scenario where I'd like to pull in a hash table from an external file (really, a generate() function.. but for testing purposes, a file will do)... is there any way to do that? You probably want the extlookup function: http://docs.puppetlabs.com/references/latest/function.html#extlookup i do not think that extlookup is the solution we are looking for, because it is not powerful enough. For some kind of modules you will need the relation between host an ip, or host an service. At the moment, i am using a bunch of if/else cases, but a hash or function which is parsing a *.yaml file would be more powerful. The Debian project has found a nice way to handle this. http://git.debian.org/?p=mirror/dsa-puppet.git;a=blob_plain;f=manifests/site.pp;hb=HEAD http://git.debian.org/?p=mirror/dsa-puppet.git;a=tree;f=files/etc/puppet/lib/puppet/parser/functions;hb=HEAD Regards, Dennis -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] autosign by IP address range
Thanks Patrick. I was just gathering information. I had to give an overview of puppet and our test implementation to our operations manager. Just wanted to make sure I had an answer. It seems like a non issue from here anyway. Cheers, David On Fri, Oct 22, 2010 at 2:35 PM, Patrick kc7...@gmail.com wrote: On Oct 22, 2010, at 10:39 AM, dagrundy wrote: Hello All. I read in an earlier post at http://markmail.org/search/?q=autosign+issues#query:autosign%20issues+page:1+mid:we6jrbn7hdjnhrie+state:results that as of puppet v24.4, autosigning did not support IP addresses. I am running v25.5. Is this still the case? I don't think this is supported. How do you want it to work? Are you saying that any certificate request from a given range should be autosigned, or are you saying that the ipaddress should be made into the certificate name? The first sounds like a huge security hole to me, and the second isn't very hard to do if you manually set certname (on the client) before the first startup. Then you use that name in your autosign.conf. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] namespaceauth.conf
Hello I know this should be easy but read docs, searched and still not able the master to kick the client This in a cloud env where we run our own DNS, so reverse and forward DNS all work the client can do 'dig host' or dig '172.27.0.100' and it will resolve to the puppet server puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file but when I do a 'puppet kick blueducks.cloud.aws' im getting the following error master : Triggering blueducks.cloud.aws Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 blueducks.cloud.aws finished with exit code 2 Failed: blueducks.cloud.aws client: Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 in namespaceauth.conf i have this [puppetrunner] allow puppet.cloud.aws the CA certs says the host/master is puppet (ca.pem file) Subject: CN=puppet What do I do wrong ? Thanks! -- -ls -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetrun failing with Error 403?
Can you please show the namespaceouth,conf file? I having the same problem :( mine looks like this [puppetrunner] path /run auth any allow noc01.cloud.aws thanks -ls On Sep 10, 3:13 am, matonb brett.ma...@googlemail.com wrote: Hi Dou ZQ, I added the puppetmaster hostname to the path / section: path / allow puppetmaster auth any Probably not the most secure option, but solved my problems. Brett On Sep 10, 3:25 am, Dou ZQ douzl0...@gmail.com wrote: Hi, What you add in the auth.conf? The hostname of puppetmaster or others? I got the sameerrorand didn't know how to resolve yet. Thanks and expect your reply! On Aug 24, 6:10 pm, matonb brett.ma...@googlemail.com wrote: Hi Patrick, I figured it out by adding --verbose when starting the client listener. Turns out I had to add the puppetmaster to auth.conf. I'm sure that it's probably documented somewhere. Be damned if I could find anything useful on kick though. Thanks, for your help all the same. On Aug 24, 9:37 am, matonb brett.ma...@googlemail.com wrote: Errormessages have changed slightly (not sure when though) I didn't notice the Denying access before: Aug 24 09:31:26 puppet-agent[6724]: Denying access: Forbidden request: my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] authenticated atline93 Aug 24 09:31:26 puppet-agent[6724]: Forbidden request: my_fqdn_puppetmaster(192.168.x.x) access to /run/my_fqdn_host [save] authenticated atline93 just checked /etc/puppet/namespaceauth.conf on the client node which now only contains: [puppetrunner] allow * [kick] allow * On Aug 24, 9:28 am, matonb brett.ma...@googlemail.com wrote: Sigh, Still a no-go. I tried adding a [kick] section to namespaceauth.conf and then with one in puppet.conf. Niether worked, still getting the403forbidden message On Aug 23, 8:05 pm, matonb brett.ma...@googlemail.com wrote: I'll give it ago in the morning, fingers crossed :-) On Aug 23, 5:26 pm, Patrick kc7...@gmail.com wrote: On Aug 23, 2010, at 2:10 AM, matonb wrote: Hi Patrick, The client and server are both version 2.6.0 I am runningpuppetrunas root on the puppet master server. And yes, a test run completes successfully Thanks for your help, Brett Puppet.conf had it's section names changed in 2.6.0 (see below). I'm wondering if the namespaceauth.conf could have had it's section names changed in 2.6.0. You might want to add a section for kick and test it. This is just a shot in the dark though because I'm running out of ideas. On Jul 18, 2010, at 8:31 PM, James Turnbull wrote: Single Binary Puppet is now available as a single binary with sub-arguments for the functions previously provided by the seperate binaries (the existing binaries remain for backwards compatibility). This includes renaming several Puppet functions to better fit an overall model. List of binary changes puppetmasterd – puppet master puppetd – puppet agent puppet – puppet apply puppetca – puppet cert ralsh – puppet resource puppetrun– puppet kick puppetqd – puppet queue filebucket – puppet filebucket puppetdoc – puppet doc pi – puppet describe This also results in a change in the puppet.conf configuration file. The sections, previously things like [puppetd], now should be renamed to match the new binary names. So [puppetd] becomes [agent]. You will be prompted to do this when you start Puppet with a log message for each section that needs to be renamed. This is merely a warning - existing configuration file will work unchanged. On Aug 23, 9:31 am, Patrick kc7...@gmail.com wrote: Here are a couple more things: What version is your client? What version is your server? Make sure you'rerunningpuppetrunas root. Make sure that running puppetd --test --verbose as root on the client actually works. On Aug 23, 2010, at 12:53 AM, matonb wrote: Didn't help unfortunaltely. Still getting the sameerror(s)! On Aug 20, 4:07 pm, Patrick kc7...@gmail.com wrote: On Aug 20, 2010, at 6:05 AM, matonb wrote: I'm trying to push client configurations from the puppetmaster instead of having scheduled runs on each client. I thinkpuppetrunis what I'm after but I can't get it to work! Try replacing thelinein puppetrunner with allow * and work back from there. If that doesn't work, try replacing everylinewith allow *. -- You received
Re: [Puppet Users] namespaceauth.conf
If this is 2.6.x, then under auth.conf, you should have something like this: path /run method save allow puppet.master puppet.master is your master's fqdn. On Sat, Oct 23, 2010 at 6:57 AM, Luc Suryo lsu...@gmail.com wrote: Hello I know this should be easy but read docs, searched and still not able the master to kick the client This in a cloud env where we run our own DNS, so reverse and forward DNS all work the client can do 'dig host' or dig '172.27.0.100' and it will resolve to the puppet server puppet is a CNAME of noc01 and is also hard-coded in /etc/hosts file but when I do a 'puppet kick blueducks.cloud.aws' im getting the following error master : Triggering blueducks.cloud.aws Host blueducks.cloud.aws failed: Error 403 on SERVER: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 blueducks.cloud.aws finished with exit code 2 Failed: blueducks.cloud.aws client: Oct 22 18:16:48 blueducks puppet-agent[2512]: Denying access: Forbidden request: noc01.cloud.aws(172.27.0.100) access to /run/blueducks.cloud.aws [save] authenticated at line 0 in namespaceauth.conf i have this [puppetrunner] allow puppet.cloud.aws the CA certs says the host/master is puppet (ca.pem file) Subject: CN=puppet What do I do wrong ? Thanks! -- -ls -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.