[Puppet Users] Problem with modules
Hello. I use puppet 2.6.3-rc2 Now I try move my classes to modules. But I got a problem that Puppet does not sees modules. in puppet.conf: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl libdir = /opt/puppet-dashboard/lib/puppet modulepath=$confdir/modules In nodes : node postgres { include basesystem include postgres } In modules/postgresql/manifests/init.pp : class postgres { $packagelist = [postgresql84, postgresql84-server, postgresql84-libs, postgresql84-contrib] package { $packagelist: ensure = installed, } service { postgresql: enable = true, ensure = running, hasstatus = true, require = Package[postgresql84-server], restart = true, } } But when I try to apply this I get: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class postgres at /etc/puppet/manifests/nodes/ db.pp:4 on node postgres.comsoft What's my mistake? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with modules
Try rename: modules/postgresql/ to: modules/postgres/ so it matches the name of your class. On Nov 11, 8:54 am, Leonko the.leo...@gmail.com wrote: Hello. I use puppet 2.6.3-rc2 Now I try move my classes to modules. But I got a problem that Puppet does not sees modules. in puppet.conf: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl libdir = /opt/puppet-dashboard/lib/puppet modulepath=$confdir/modules In nodes : node postgres { include basesystem include postgres } In modules/postgresql/manifests/init.pp : class postgres { $packagelist = [postgresql84, postgresql84-server, postgresql84-libs, postgresql84-contrib] package { $packagelist: ensure = installed, } service { postgresql: enable = true, ensure = running, hasstatus = true, require = Package[postgresql84-server], restart = true, } } But when I try to apply this I get: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class postgres at /etc/puppet/manifests/nodes/ db.pp:4 on node postgres.comsoft What's my mistake? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom facts in current and old environments
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, Am Mi den 10. Nov 2010 um 17:22 schrieb Nigel Kersten: My problem is that I have to serve clients with different versions of puppet. The systems running ubuntu with 0.25.4 work perfect but I have problems to bring custom facts to the systems running silly SLES 11.1 with puppet version 0.24.8. There were some major changes between the two versions in this regard. I know. But there must be a way to solve the documented problems with both. Are you using environments? Yes. Are you using plugins in modules to deliver facts? Yes. And the funny think is that I also have a custom provider for packagemanagement (zypper) under .../plugins/puppet/provider/package that work well with all versions I tested. But the facts do not although they are organized the same way. Regards Klaus Ethgen - -- Klaus Ethgenhttp://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTNu37J+OKpjRpO3lAQreBAf/ReeszRMO3xAiY3e5yDO4srrTs6qmcXpr Vrp2JnopiP23C2nsU7Fafy074On3D+jSeUChsgjLUvGdafqpwTCuQdDow1dBz5Z0 EXAJKC7ewwsKybWmYqDWWN6zY8izDDqs4dC0gStFVIpIK1gKhb4oHjnlYpf+WklU +p7gIzBx7JDtXbd/VTgfYINk3v31H3VxXq7xfDvHgxRAGvrg8PGDacq4+1h4f1nQ eMRWxjO5gngBh/E+l7jK7qBVe6AGB0kO+QEy7LLTIGPbXL0BX7emMfzmcAfmQNeT Rf2/mXfbYG4nVDywOEp+tmBZn2CVEyiA5twmitLLRg39GkM/GE64sw== =xC1A -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem with modules
Thank you. Now it's work. But why in documentation is nothing about it? Leonid S. Batizhevsky On Thu, Nov 11, 2010 at 12:02, luke.bigum luke.bi...@fasthosts.co.uk wrote: Try rename: modules/postgresql/ to: modules/postgres/ so it matches the name of your class. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Default ownership for static files
On 10.11.10 22:02, Douglas Garstang wrote: When no owner or group is specified for the file, the default owner and group on the target system seems to default to the same as the owner and group on the puppetmaster, if that user exists on the target system. Ie, all our files under /etc/puppet are owned by the puppet user, and if I don't specify a use/group on a file, they end up being owned by puppet on the target. Yes, but only if the user puppet has the same uid/gid on both puppetmaster and target and thats not a safe assumption. -- Best Regards, Markus Falb signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] Default ownership for static files
On 11.11.10 10:44, Markus Falb wrote: On 10.11.10 22:02, Douglas Garstang wrote: When no owner or group is specified for the file, the default owner and group on the target system seems to default to the same as the owner and group on the puppetmaster, if that user exists on the target system. Ie, all our files under /etc/puppet are owned by the puppet user, and if I don't specify a use/group on a file, they end up being owned by puppet on the target. Yes, but only if the user puppet has the same uid/gid on both puppetmaster and target and thats not a safe assumption. And even if the uids were in sync, you cannot safely assume that the files on puppetmaster are owned by user puppet. I dont want puppetmaster to be able to change manifests, it needs only read access. So I run puppetmaster as user puppet, but the files belongs to another user. Thats convinient in another way because if the manifests-owning user has shell access you can edit the manifests in-place (development branch only of course ;-) -- Best Regards, Markus Falb signature.asc Description: OpenPGP digital signature
[Puppet Users] Re: Managing private key files; content=file vs. binary content.
In the general case, even completely legitimate (and common) Latin-1 text files can cause Puppet problems because some Latin-1 bytes are not valid UTF-8. In my opinion, the content parameter of a file resource should be able to handle these cases. I think you should file a bug then. I've raised http://projects.puppetlabs.com/issues/5261 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem with modules
Leonko the.leo...@gmail.com writes: I think it is mentioned obliquely a few times, but there certainly isn't anywhere super-obvious that explains this feature of manifest auto-loading. It would be great if you could file a bug report about that, so that this can be fixed and avoid someone else hitting the same issue: http://projects.puppetlabs.com/projects/puppet Regards, Daniel Thank you. Now it's work. But why in documentation is nothing about it? On Thu, Nov 11, 2010 at 12:02, luke.bigum luke.bi...@fasthosts.co.uk wrote: Try rename: modules/postgresql/ to: modules/postgres/ so it matches the name of your class. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Process to upgrade from 0.24.8 to 2.6.x ?
On Wed, 10 Nov 2010 02:30:02 -0800 (PST) nemo nemo wrote: Hello, Hi, [...] Hence what should be the best approach to upgrade ? For information, servers run centos 5.5 64bit We did same upgrade in our nodes. The most importnat thing is that we used some test host first because some syntax has changed between versions. So, test your code before upgrading (parseonly is enough. it will prevent big errors) after that, upgrade server, upgrade clients. * We used vxargs for the upgrade, but I'm sure that puppet is able to upgrade itself. Sincerly, ThomaS HTH, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Monitor puppet runs on clients with nagios
Hi, I was wondering how people here monitor puppet runs on the clients. For puppet 0.25.x I enabled reporting and then wrote a nagios plugin to parse the YAML report files that each client returned after a run. Specifically I was looking for any 'failures' or 'failed_restarts'. Unfortunately with 2.6.2 the format of those YAML files has not only changed but also varies hugely for different hosts depending on how the run went. Plus the sheer size of these files now means it takes too long for PyYAML to parse them (even for only 40 odd hosts). In fact, I don't understand what the YAML reports are useful for - they don't appear to realistically be either human or machine readable. Anyway what other approaches are there? I'd like to simply see 2 things: 1) If there were any failures during the puppet run on the client 2) When the last puppet run on each client was (ie. if it was more than 50 mins ago raise a warning) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Monitor puppet runs on clients with nagios
- Tim tedwa...@eso.org wrote: Hi, I was wondering how people here monitor puppet runs on the clients. For puppet 0.25.x I enabled reporting and then wrote a nagios plugin to parse the YAML report files that each client returned after a run. Specifically I was looking for any 'failures' or 'failed_restarts'. for detailed monitoring right now the reports are the only option unfortunately. Ideally http://projects.puppetlabs.com/issues/4339 would get implemented so we can do this better and on the node but alas no joy yet. 1) If there were any failures during the puppet run on the client 2) When the last puppet run on each client was (ie. if it was more than 50 mins ago raise a warning) You can check the ages of the localconfig cache or the state file. The state file will get touched on every run so that will indicate if its running while the local config cache will get updated on each compile so that will show you if the node is getting new catalogs - there arent any obvious syntax errors and your master is up etc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Monitor puppet runs on clients with nagios
On Thu, Nov 11, 2010 at 4:09 PM, Tim tedwa...@eso.org wrote: Hi, I was wondering how people here monitor puppet runs on the clients. For puppet 0.25.x I enabled reporting and then wrote a nagios plugin to parse the YAML report files that each client returned after a run. Specifically I was looking for any 'failures' or 'failed_restarts'. Unfortunately with 2.6.2 the format of those YAML files has not only changed but also varies hugely for different hosts depending on how the run went. Plus the sheer size of these files now means it takes too long for PyYAML to parse them (even for only 40 odd hosts). In fact, I don't understand what the YAML reports are useful for - they don't appear to realistically be either human or machine readable. Anyway what other approaches are there? I'd like to simply see 2 things: 1) If there were any failures during the puppet run on the client 2) When the last puppet run on each client was (ie. if it was more than 50 mins ago raise a warning) Some users of foreman, already utilize its API [1] to provide that same information to nagios. Ohad [1] -http://theforeman.org/projects/foreman/wiki/API -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetrun + notice: Denying unauthenticated .... access to puppetrunner.run
hi all, i am in trouble with running puppetrun... i m able to run puppetd ... which successfully get configuration from master and made changes on client side and following are senario i m using to run puppetrun there is no issue on port i had opened ports . 8140 : on master 8139 : on client and added following file /etc/puppet/namespaceauth.conf on client.. [puppetrunner] allow * on master : === $ puppetrun --all --debug Triggering dmb-1289455541.puppet.com warning: peer certificate won't be verified in this SSL session Host dmb-1289455541.puppet.com failed: HTTP-Error: 500 Internal Server Error dmb-1289455541.puppet.com finished with exit code 2 on client : === $ puppetd --verbose --no-daemonize --listen --debug .. . . notice: Finished catalog run in 19.93 seconds debug: Using cached certificate for ca debug: Using cached certificate for dmb-1289455541.puppet.com debug: Using cached certificate for ca debug: Using cached certificate_revocation_list for ca notice: Denying unauthenticated client 184-106-208-159.static.cloud- ips.com(184.106.208.159) access to puppetrunner.run a lot googling is done and gone through various blogs and documentation.., i had logined as root on both side (master and client) question : 1) Can any budy tell me what is exactly d problem ? 2) or Is there any extra configuration required with puppetrun? 3) How is puppetmaster is authentication on puppetclient ? U r all pleased to solve this problem. any help wll be appreciated . Thanks Regards : Sanjiv Singh (iLabs ) Impetus Infotech (India) . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom facts in current and old environments
On Thu, Nov 11, 2010 at 1:31 AM, Klaus Ethgen klaus+pup...@ethgen.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, Am Mi den 10. Nov 2010 um 17:22 schrieb Nigel Kersten: My problem is that I have to serve clients with different versions of puppet. The systems running ubuntu with 0.25.4 work perfect but I have problems to bring custom facts to the systems running silly SLES 11.1 with puppet version 0.24.8. There were some major changes between the two versions in this regard. I know. But there must be a way to solve the documented problems with both. Are you using environments? Yes. Are you using plugins in modules to deliver facts? Yes. And the funny think is that I also have a custom provider for packagemanagement (zypper) under .../plugins/puppet/provider/package that work well with all versions I tested. But the facts do not although they are organized the same way. Are you using the wiki suggestion of a module called facts and enabling factsync on your 0.24.x clients? Regards Klaus Ethgen - -- Klaus Ethgen http://www.ethgen.de/ pub 2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de Fingerprint: D7 67 71 C4 99 A6 D4 FE EA 40 30 57 3C 88 26 2B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBTNu37J+OKpjRpO3lAQreBAf/ReeszRMO3xAiY3e5yDO4srrTs6qmcXpr Vrp2JnopiP23C2nsU7Fafy074On3D+jSeUChsgjLUvGdafqpwTCuQdDow1dBz5Z0 EXAJKC7ewwsKybWmYqDWWN6zY8izDDqs4dC0gStFVIpIK1gKhb4oHjnlYpf+WklU +p7gIzBx7JDtXbd/VTgfYINk3v31H3VxXq7xfDvHgxRAGvrg8PGDacq4+1h4f1nQ eMRWxjO5gngBh/E+l7jK7qBVe6AGB0kO+QEy7LLTIGPbXL0BX7emMfzmcAfmQNeT Rf2/mXfbYG4nVDywOEp+tmBZn2CVEyiA5twmitLLRg39GkM/GE64sw== =xC1A -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten - Puppet Labs - http://www.puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] client won't use remote file bucket
On Tue, Oct 19, 2010 at 5:31 PM, luke.bigum luke.bi...@fasthosts.co.uk wrote: Hi all, I'm having a stupid moment getting a remote file bucket working. My client only file buckets locally, not remotely. I have this site.pp: * filebucket { main: server = puppet } File { backup = main } node 'default' { include test } * I have pretty much the same config stolen from the example in the puppet docs and also get no bucketing on the master. agent trace log: debug: Finishing transaction 23620811645560 info: FileBucket adding /etc/rc.d/init.d/ibe as {md5}bc5a527cdb18f4e7030b72f30bc67786 info: /Stage[main]/Ibe::Config/File[/etc/rc.d/init.d/ibe]: Filebucketed /etc/rc.d/init.d/ibe to main with sum bc5a527cdb18f4e7030b72f30bc67786 It says it backs it up to main but nothing's received on the master. Likewise, masterhttp.log have nothing but report PUTs in it. server bucket is empty. No errors anywhere. Centos5, 2.6.2. Same behaviour on previous 0.2x.x versions. -- Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun + notice: Denying unauthenticated .... access to puppetrunner.run
if you are using puppet 2.6.x you need to adjust your auth.conf too see http://theforeman.org/projects/foreman/wiki/puppetrun for an example Ohad On Thu, Nov 11, 2010 at 5:04 PM, sanjiv.singh sanjiv.si...@impetus.co.inwrote: hi all, i am in trouble with running puppetrun... i m able to run puppetd ... which successfully get configuration from master and made changes on client side and following are senario i m using to run puppetrun there is no issue on port i had opened ports . 8140 : on master 8139 : on client and added following file /etc/puppet/namespaceauth.conf on client.. [puppetrunner] allow * on master : === $ puppetrun --all --debug Triggering dmb-1289455541.puppet.com warning: peer certificate won't be verified in this SSL session Host dmb-1289455541.puppet.com failed: HTTP-Error: 500 Internal Server Error dmb-1289455541.puppet.com finished with exit code 2 on client : === $ puppetd --verbose --no-daemonize --listen --debug .. . . notice: Finished catalog run in 19.93 seconds debug: Using cached certificate for ca debug: Using cached certificate for dmb-1289455541.puppet.com debug: Using cached certificate for ca debug: Using cached certificate_revocation_list for ca notice: Denying unauthenticated client 184-106-208-159.static.cloud- ips.com(184.106.208.159) access to puppetrunner.run a lot googling is done and gone through various blogs and documentation.., i had logined as root on both side (master and client) question : 1) Can any budy tell me what is exactly d problem ? 2) or Is there any extra configuration required with puppetrun? 3) How is puppetmaster is authentication on puppetclient ? U r all pleased to solve this problem. any help wll be appreciated . Thanks Regards : Sanjiv Singh (iLabs ) Impetus Infotech (India) . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] When do modules get auto-imported
My understanding was that at the beginning of each run the puppetmaster imports all modules so that any includes at the top level are applied directly. However, I am not so sure anymore. I've been tracing how this works and it seems like modules are included more lazily. In other words, when able_to_import is called seems like when the magic happens, rather than up front when the run starts. Could I get some clarification on when all the modules get imported and what part of them gets loaded? Thanks. -eric -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] When do modules get auto-imported
- Eric Snow es...@verio.net wrote: My understanding was that at the beginning of each run the puppetmaster imports all modules so that any includes at the top level are applied directly. However, I am not so sure anymore. I've been tracing how this works and it seems like modules are included more lazily. In other words, when able_to_import is called seems like when the magic happens, rather than up front when the run starts. Could I get some clarification on when all the modules get imported and what part of them gets loaded? Thanks. my understanding is that it's lazy and on demand. Why does it matter in general use that should be fine, so curious what your use is -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
Trying to track down why all the modules in my production environment are auto-loaded at the beginning of a run for a node that is in my development environment. The run fails because it cannot find the modules in my development environment which are named differently from production. Makes me think that the wrong ones are getting auto- loaded, or that it is looking for the development modules in the wrong place. -eric On Nov 11, 9:14 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: My understanding was that at the beginning of each run the puppetmaster imports all modules so that any includes at the top level are applied directly. However, I am not so sure anymore. I've been tracing how this works and it seems like modules are included more lazily. In other words, when able_to_import is called seems like when the magic happens, rather than up front when the run starts. Could I get some clarification on when all the modules get imported and what part of them gets loaded? Thanks. my understanding is that it's lazy and on demand. Why does it matter in general use that should be fine, so curious what your use is -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: When do modules get auto-imported
- Eric Snow es...@verio.net wrote: Trying to track down why all the modules in my production environment are auto-loaded at the beginning of a run for a node that is in my development environment. The run fails because it cannot find the modules in my development environment which are named differently from production. Makes me think that the wrong ones are getting auto- loaded, or that it is looking for the development modules in the wrong place. would be best if you showed how its set up, file names classes etc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
-- puppet.conf -- [main] modulepath = /usr/share/puppet/production/modules [development] modulepath = /usr/share/puppet/development/modules/settings [testing] modulepath = /usr/share/puppet/testing/modules [production] modulepath = /usr/share/puppet/production/modules -- /usr/share/puppet/development/modules/settings -- settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, } } -- output -- /usr/sbin/puppetd --logdest console --test --noop info: Caching catalog for HOSTNAME info: Applying configuration version '1289493629' notice: Finished catalog run in 0.51 seconds The httpd service is enabled and running when this run happens so it should report the noop. As well, neither the notice nor the notify happens. This is a simplification, but represents our situation. -eric On Nov 11, 9:26 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: Trying to track down why all the modules in my production environment are auto-loaded at the beginning of a run for a node that is in my development environment. The run fails because it cannot find the modules in my development environment which are named differently from production. Makes me think that the wrong ones are getting auto- loaded, or that it is looking for the development modules in the wrong place. would be best if you showed how its set up, file names classes etc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
On the puppetmaster: info: Caching node for HOSTNAME info: Could not find class hosttypes::unassigned for HOSTNAME notice: Compiled catalog for dHOSTNAME in 0.01 seconds info: Caching catalog for HOSTNAME -eric On Nov 11, 9:44 am, Eric Snow es...@verio.net wrote: -- puppet.conf -- [main] modulepath = /usr/share/puppet/production/modules [development] modulepath = /usr/share/puppet/development/modules/settings [testing] modulepath = /usr/share/puppet/testing/modules [production] modulepath = /usr/share/puppet/production/modules -- /usr/share/puppet/development/modules/settings -- settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, } } -- output -- /usr/sbin/puppetd --logdest console --test --noop info: Caching catalog for HOSTNAME info: Applying configuration version '1289493629' notice: Finished catalog run in 0.51 seconds The httpd service is enabled and running when this run happens so it should report the noop. As well, neither the notice nor the notify happens. This is a simplification, but represents our situation. -eric On Nov 11, 9:26 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: Trying to track down why all the modules in my production environment are auto-loaded at the beginning of a run for a node that is in my development environment. The run fails because it cannot find the modules in my development environment which are named differently from production. Makes me think that the wrong ones are getting auto- loaded, or that it is looking for the development modules in the wrong place. would be best if you showed how its set up, file names classes etc -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: When do modules get auto-imported
- Eric Snow es...@verio.net wrote: -- puppet.conf -- [main] modulepath = /usr/share/puppet/production/modules [development] modulepath = /usr/share/puppet/development/modules/settings [testing] modulepath = /usr/share/puppet/testing/modules [production] modulepath = /usr/share/puppet/production/modules -- /usr/share/puppet/development/modules/settings -- settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, } } -- output -- /usr/sbin/puppetd --logdest console --test --noop info: Caching catalog for HOSTNAME info: Applying configuration version '1289493629' notice: Finished catalog run in 0.51 seconds The httpd service is enabled and running when this run happens so it should report the noop. As well, neither the notice nor the notify happens. This is a simplification, but represents our situation. are you sure the node {} is being loaded? add a notify in the node block to confirm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: When do modules get auto-imported
- Eric Snow es...@verio.net wrote: On the puppetmaster: info: Caching node for HOSTNAME info: Could not find class hosttypes::unassigned for HOSTNAME notice: Compiled catalog for dHOSTNAME in 0.01 seconds info: Caching catalog for HOSTNAME ok, disregard previous mail. if you're including hosttypes::unassigned you need to put the file in either: modulepath/hosttypes/manifests/init.pp or modulepath/hosttypes/manifests/unassigned.pp you cant just put them in any files, it has to know where to find them. settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
Thanks for the feedback. My understanding is that when you have an init.pp with import * in it, it will be able to find the rest of the manifests in the module. However, I was operating under the assumption that all the modules in the environment get auto-imported at the beginning of the run (otherwise how are top-level includes found). So is there no way then to have several manifests with their own namespaces bound together in the same module? The alternative (splitting them into their own modules) makes my maintenance duties that much messier. Thanks. -eric On Nov 11, 9:52 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: On the puppetmaster: info: Caching node for HOSTNAME info: Could not find class hosttypes::unassigned for HOSTNAME notice: Compiled catalog for dHOSTNAME in 0.01 seconds info: Caching catalog for HOSTNAME ok, disregard previous mail. if you're including hosttypes::unassigned you need to put the file in either: modulepath/hosttypes/manifests/init.pp or modulepath/hosttypes/manifests/unassigned.pp you cant just put them in any files, it has to know where to find them. settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: When do modules get auto-imported
- Eric Snow es...@verio.net wrote: Thanks for the feedback. My understanding is that when you have an init.pp with import * in it, it will be able to find the rest of the manifests in the module. However, I was operating under the assumption that all the modules in the environment get auto-imported at the beginning of the run (otherwise how are top-level includes found). If you dont comply to the module naming conventions - you should - then you have to make import statements in your site.pp or a file directly imported by site.pp to import those files. Else the master just wont know where to find your files. So if class foo is in /some/other/dir/bar.pp you need to have an import statement that specifically hits that file. So is there no way then to have several manifests with their own namespaces bound together in the same module? The alternative (splitting them into their own modules) makes my maintenance duties that much messier. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: When do modules get auto-imported
On Thu, Nov 11, 2010 at 9:27 AM, Eric Snow es...@verio.net wrote: Thanks for the feedback. My understanding is that when you have an init.pp with import * I would say that in general, if you have to use the import function, it means that you are not organizing things correctly. If modules are used and classes are namespaced and organized correctly, you will never have to use import. in it, it will be able to find the rest of the manifests in the module. However, I was operating under the assumption that all the modules in the environment get auto-imported at the beginning of the run (otherwise how are top-level includes found). So is there no way then to have several manifests with their own namespaces bound together in the same module? The alternative (splitting them into their own modules) makes my maintenance duties that much messier. Thanks. -eric On Nov 11, 9:52 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: On the puppetmaster: info: Caching node for HOSTNAME info: Could not find class hosttypes::unassigned for HOSTNAME notice: Compiled catalog for dHOSTNAME in 0.01 seconds info: Caching catalog for HOSTNAME ok, disregard previous mail. if you're including hosttypes::unassigned you need to put the file in either: modulepath/hosttypes/manifests/init.pp or modulepath/hosttypes/manifests/unassigned.pp you cant just put them in any files, it has to know where to find them. settings |-- all |-- manifests |-- init.pp |-- hosttypes.pp -- node (in development) -- node test { include hosttypes::unassigned } -- init.pp -- import * -- hosttypes.pp -- class hosttypes::unassigned { notify {hosttypes::unassigned : } notice(hosttypes::unassigned ) service {httpd: enable = false, ensure = stopped, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple CA / Puppet master environment
Hi, On Thu, Nov 11, 2010 at 9:17 AM, luke.bigum luke.bi...@fasthosts.co.ukwrote: Hi, Does anyone know if this document is up to date (besides the comment at the top saying it's not): http://projects.puppetlabs.com/projects/1/wiki/Multiple_Certificate_Authorities Or does anyone who has a load balanced multi puppet master with some kind of shared CA confirm that the procedure is accurate? I would not follow this document unless you need to use chained CAs (which is a huge pain to get working), if you just need some instructions for configuring multiple puppetmasters to share a single CA, I have written some instructions here: http://bodepd.com/wordpress/?p=7 -Dan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
Thanks for the explanation. Sounds like I was way off. -eric On Nov 11, 10:33 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: Thanks for the feedback. My understanding is that when you have an init.pp with import * in it, it will be able to find the rest of the manifests in the module. However, I was operating under the assumption that all the modules in the environment get auto-imported at the beginning of the run (otherwise how are top-level includes found). If you dont comply to the module naming conventions - you should - then you have to make import statements in your site.pp or a file directly imported by site.pp to import those files. Else the master just wont know where to find your files. So if class foo is in /some/other/dir/bar.pp you need to have an import statement that specifically hits that file. So is there no way then to have several manifests with their own namespaces bound together in the same module? The alternative (splitting them into their own modules) makes my maintenance duties that much messier. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: When do modules get auto-imported
Okay, so I realized that I had my init.pp file disabled. Once I reenabled it everything worked the way I expected. Once I added more directories to my modulepath then it started having issues again (regardless of the order in my modulepath). Anyway, after this discussion I realized that I need to have an environment specific site.pp and run my settings from there rather than from a module. Thanks for all the feedback. -eric On Nov 11, 10:58 am, Eric Snow es...@verio.net wrote: Thanks for the explanation. Sounds like I was way off. -eric On Nov 11, 10:33 am, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: Thanks for the feedback. My understanding is that when you have an init.pp with import * in it, it will be able to find the rest of the manifests in the module. However, I was operating under the assumption that all the modules in the environment get auto-imported at the beginning of the run (otherwise how are top-level includes found). If you dont comply to the module naming conventions - you should - then you have to make import statements in your site.pp or a file directly imported by site.pp to import those files. Else the master just wont know where to find your files. So if class foo is in /some/other/dir/bar.pp you need to have an import statement that specifically hits that file. So is there no way then to have several manifests with their own namespaces bound together in the same module? The alternative (splitting them into their own modules) makes my maintenance duties that much messier. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Large hierarchy of files?
Hey guys, I have a large hierarchy of files that are set up to recursively copy from my puppet master. It takes a long while to copy these files over to the clients - roughly 1 hour. Only 1 or 2 files in the hierarchy will ever change. Is there a better way to do what I'm doing? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Disabling Certificates
Has anyone had any luck in actually disabling certificates entirely. Just trust the hostname you get from DNS and treat that info as authoritative. I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to happen, even though I have *no* need for the security that the certificates theoretically provide and they get in my way far more often than any alleged help. Has anyone managed to just obliterate the whole certificate-nightmare from Puppet? Is there anyone else who thinks they add way more complications than they are worth? Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Emulating Debians tasksel
Hi gents, i have some Debian hosts that should get a standard desktop and it will be Puppets job to make sure the packages are installed. However, it seems ,,package'' only installs packages, not Debian tasks. Right i have to get a list of packages manually, like this: tasksel -t --task-packages gnome-desktop --task-packages german- desktop --task-packages desktop I get a list of 55 packages, wich i then use like this: package { [epiphany-browser,gnome,openoffice.org-gnome ... and 52 more packages]: ensure = installed } However, what if the selection of packages changes? Is there a more clever way to install tasks with tasksel, without listing each and every package the tasksel task is made of? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] User type password_max_age not working
I have a virtual user (mqm) in puppet (v2.6.2 on CentOS 5.5 with Ruby 1.8.6.383-6) @user { mqm: ensure = present, uid = 300, gid = 300, comment = Functional user, home = /home/mqm, password_max_age = 9, shell= /bin/bash, managehome = true; } # End user and it does get created on the server when I realze it, but each time I run puppet again, it reports the max_age is not set notice: /Stage[main]/User::Virtual/User[mqm]/password_max_age: is absent, should be 9 (noop) notice: Finished catalog run in 0.14 seconds but this is not true as the system reports the user to created correctly # chage -l mqm Last password change: Nov 11, 2010 Password expires: never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 9 Number of days of warning before password expires : 7 NOTE: I have also tried the latest versions of puppet (2.6.3-0.3.rc2), but no change. please help Regards, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] preferred directory structure for multiple environments
Hello All, Moving from 2.5 to 2.6.2 and I was wondering if there is a preferred directory structure for using multiple environments? Does it work much different in 2.6 than in 2.5? When I made the move I assumed (I know) that my current structure and configurations would just roll over but that isn't the case. Thanks, Jim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with modules
On Nov 11, 2010, at 12:54 AM, Leonko wrote: Hello. I use puppet 2.6.3-rc2 Now I try move my classes to modules. But I got a problem that Puppet does not sees modules. in puppet.conf: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl libdir = /opt/puppet-dashboard/lib/puppet modulepath=$confdir/modules In nodes : node postgres { include basesystem include postgres } In modules/postgresql/manifests/init.pp : class postgres { $packagelist = [postgresql84, postgresql84-server, postgresql84-libs, postgresql84-contrib] package { $packagelist: ensure = installed, } service { postgresql: enable = true, ensure = running, hasstatus = true, require = Package[postgresql84-server], restart = true, } } But when I try to apply this I get: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class postgres at /etc/puppet/manifests/nodes/ db.pp:4 on node postgres.comsoft What's my mistake? Run this command as root. What is the output? puppet --genconf | grep confdir = What is the absolute path to the modules directory? What is the absolute path to puppet.conf? Are you using environments? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Query facter 'facts' from webapp
donavan wrote: Pieter, It's not a solution today but it sounds like you're looking for the Inventory Service[1]. The basic idea is to collect, and export, the client facts using a REST interface from a central service. There's a push to get this in to 2.7[2], so some of your work may be done for you already. We just demo'ed the Inventory Service internally this morning and it works brilliantly - support for it will be in 2.7.0 and in Dashboard 1.0.5. Regards James Turnbull -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with modules
Problem is solved. Leonid S. Batizhevsky On Thu, Nov 11, 2010 at 22:00, Patrick kc7...@gmail.com wrote: On Nov 11, 2010, at 12:54 AM, Leonko wrote: Hello. I use puppet 2.6.3-rc2 Now I try move my classes to modules. But I got a problem that Puppet does not sees modules. in puppet.conf: [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl libdir = /opt/puppet-dashboard/lib/puppet modulepath=$confdir/modules In nodes : node postgres { include basesystem include postgres } In modules/postgresql/manifests/init.pp : class postgres { $packagelist = [postgresql84, postgresql84-server, postgresql84-libs, postgresql84-contrib] package { $packagelist: ensure = installed, } service { postgresql: enable = true, ensure = running, hasstatus = true, require = Package[postgresql84-server], restart = true, } } But when I try to apply this I get: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class postgres at /etc/puppet/manifests/nodes/ db.pp:4 on node postgres.comsoft What's my mistake? Run this command as root. What is the output? puppet --genconf | grep confdir = What is the absolute path to the modules directory? What is the absolute path to puppet.conf? Are you using environments? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] using puppet to restore root access to a box
Hey all, I'm pretty new to puppet; I'm coming from a cfengine background. Anyway, so far I like puppet well enough. I've got a dilemma I'm hoping this list can help with. I've lost root access to a postgres master running on an ec2 instance. It's running a 0.24.x client that's checking into my puppet master which runs 2.6.3. All I'd like to do is have the puppet agent pull down a sudoers file, but I'm seeing that 0.24.x clients don't support stages and some other errors that seem totally work-around-able. Nov 11 19:38:01 ip-address puppet-master[3885]: Could not call: Fileset paths must be fully qualified Nov 11 19:38:01 ip-address puppet-master[3885]: Compiled catalog for postgres-master in environment development in 0.02 seconds Nov 11 19:38:01 ip-address puppet-master[3885]: Stages are not supported by 0.24.x client; stage(s) Stage[main] will be ignored Nov 11 19:38:01 ip-address puppet-master[3885]: Could not call: Mounts without paths are not usable I've stripped site.pp down to bare bones in hopes to have it pull the sudoers file: (the puppet master's hostname is 'puppet') node default { file { /etc/sudoers: owner = root, group = root, mode = 440, source= puppet://puppet/modules/users/sudoers } } I'm guessing that I need to somehow serve up a catalog in a non-staged way, but I have no idea how to do that. Any tips? Should I just install a 0.24.x master temporarily? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Disabling Certificates
Hi Derek, In our setup, the certificates pose also more problems than they add functionality. I would love to hear of a solution to get rid of the certificates, but until now I did not find or heard of any solution. Peter On 11 Nov 2010, at 04:42, Derek J. Balling dr...@megacity.org wrote: Has anyone had any luck in actually disabling certificates entirely. Just trust the hostname you get from DNS and treat that info as authoritative. I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to happen, even though I have *no* need for the security that the certificates theoretically provide and they get in my way far more often than any alleged help. Has anyone managed to just obliterate the whole certificate-nightmare from Puppet? Is there anyone else who thinks they add way more complications than they are worth? Cheers, D -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] syntax for class names
How do you dynamically create classes? For instance, I have a bunch of users to make. I have all their usernames. Each is the same as the others except for the username and one other value. I don't want to have to spell out a User for each, but would rather set up them up dynamically, in a much cleaner way (and more maintainable). It looks like parameterized classes would mostly do it, but is the syntax for including a parameterized class the same everywhere? Can a parameterized class be virtual? As well, I was hoping to set up some defines in the dynamically created user so that they could be used from the class's namespace. The alternative is to do them separately and pass in the same information that I already passed in to the class, which seems messier than just providing them from the class's namespace. Thanks. -eric -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Disabling Certificates
Peter De Cleyn wrote: Hi Derek, In our setup, the certificates pose also more problems than they add functionality. I would love to hear of a solution to get rid of the certificates, but until now I did not find or heard of any solution. Peter On 11 Nov 2010, at 04:42, Derek J. Balling dr...@megacity.org mailto:dr...@megacity.org wrote: Has anyone had any luck in actually /disabling/ certificates entirely. Just trust the hostname you get from DNS and treat that info as authoritative. I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to happen, even though I have *no* need for the security that the certificates theoretically provide and they get in my way far more often than any alleged help. Has anyone managed to just obliterate the whole certificate-nightmare from Puppet? Is there anyone else who thinks they add way more complications than they are worth? For a lot of environments the security introduced with SSL is crucial to them using Puppet, for example there is no way a financial is going to run Puppet with appropriate encryption and authentication. That being said we have discussed alternative mechanisms - see http://projects.puppetlabs.com/issues/3958 for example - but this is not something we're currently actively pursuing. You're welcome to put your thoughts into that ticket or contact us directly if you'd like to pay us to develop the feature. Regards James -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppet to restore root access to a box
On Thu, Nov 11, 2010 at 11:52:26AM -0800, birdsong wrote: I'm guessing that I need to somehow serve up a catalog in a non-staged way, but I have no idea how to do that. Any tips? Should I just install a 0.24.x master temporarily? If coyping is the problem, don't copy the file; write it. So do content = file( whatever ) rather than source = 'puppet:///whatever' -- Bruce Remember you're a Womble. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppet to restore root access to a box
On Thu, Nov 11, 2010 at 1:33 PM, Bruce Richardson itsbr...@workshy.org wrote: On Thu, Nov 11, 2010 at 11:52:26AM -0800, birdsong wrote: I'm guessing that I need to somehow serve up a catalog in a non-staged way, but I have no idea how to do that. Any tips? Should I just install a 0.24.x master temporarily? If coyping is the problem, don't copy the file; write it. So do content = file( whatever ) rather than source = 'puppet:///whatever' that's the thing, not sure if it's the copy that is the problem--though this appears to remove one of the failed steps. it's this line that i was thinking indicates the outer most scope of the problem: Nov 11 19:38:01 ip-address puppet-master[3885]: Stages are not supported by 0.24.x client; stage(s) Stage[main] will be ignored i infer Stage[main] is everything, therefore File {} will never be applied on the agent. (still learning the right words to describe puppet actions..) -- Bruce Remember you're a Womble. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using puppet to restore root access to a box
On Thu, Nov 11, 2010 at 01:46:50PM -0800, David Birdsong wrote: problem--though this appears to remove one of the failed steps. it's this line that i was thinking indicates the outer most scope of the problem: Nov 11 19:38:01 ip-address puppet-master[3885]: Stages are not supported by 0.24.x client; stage(s) Stage[main] will be ignored i infer Stage[main] is everything, therefore File {} will never be applied on the agent. (still learning the right words to describe puppet actions..) Ah, right. You may find this useful: http://www.mail-archive.com/puppet-...@googlegroups.com/msg08787.html If there's a version of 2.6 where that fix has gone in, you need that version. If not, you could try applying the patch yourself ;) -- Bruce Bitterly it mathinketh me, that I spent mine wholle lyf in the lists against the ignorant. -- Roger Bacon, Doctor Mirabilis signature.asc Description: Digital signature
Re: [Puppet Users] syntax for class names
On Thu, Nov 11, 2010 at 12:50:02PM -0800, Eric Snow wrote: How do you dynamically create classes? You don't. 2.6 has parameterized classes but that's not quite what you mean. For instance, I have a bunch of users to make. I have all their usernames. Each is the same as the others except for the username and one other value. I don't want to have to spell out a User for each, but would rather set up them up dynamically, in a much cleaner way (and more maintainable). You can use resource defaults to take out most of the drudgery User { managed = true, shell = '/bin/bash' } Then you only need type out the varying properties of each user. It looks like parameterized classes would mostly do it, but is the syntax for including a parameterized class the same everywhere? Can a parameterized class be virtual? No. Resources can be virtual but not classes. If you were hoping to be able to create all of these users by iterating through a hash, or something similar, then Puppet really doesn't support that. Puppet's DSL is declaritive and can't be treated like some OO language (I wish Luke had chosen a name other than class for Puppet's classes; it only confuses people). Have you noticed that Puppet has arrays and hashes but doesn't have a keys() function? You *could* have a hash of users and their properties $users = { john = { shell = '/bin/bash', uid = '501' }, david = { shell = '/bin/tcsh', uid = '501' } and have a define which consulted that hash, as in define hash_user ( $user_hash ) { user { $name: ensure = 'present', managed = true, shell = $users[$name][shell], uid = $user_hash[$name][uid] } } But since there is no keys function, you can't do hash_user { [ keys($users) ]: user_hash = $users } You have to do hash_user { [ 'john', 'david' ]: user_hash = $users } which isn't really saving you a lot. Bluntly, Puppet wants you to declare your resources explicitly. As well, I was hoping to set up some defines in the dynamically created user so that they could be used from the class's namespace. The alternative is to do them separately and pass in the same information that I already passed in to the class, which seems messier than just providing them from the class's namespace. I think there may be a misplaced word in there; it doesn't seem to make entire sense. -- Bruce Get thee behind me, Stan: for it is written, thou hast gotten me into another fine mess. -- Oliver 4:8 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] User type password_max_age not working
rvlinden rene.vanderlinde...@gmail.com writes: I have a virtual user (mqm) in puppet (v2.6.2 on CentOS 5.5 with Ruby 1.8.6.383-6) [...] and it does get created on the server when I realze it, but each time I run puppet again, it reports the max_age is not set notice: /Stage[main]/User::Virtual/User[mqm]/password_max_age: is absent, should be 9 (noop) notice: Finished catalog run in 0.14 seconds [...] please help Mmmm. It looks to me like the adduser provider requires the Ruby 'shadow' library to be able to get the age field - or it unconditionally returns absent without any additional information. Which would explain your problem. Can you verify my guess, please? 1. Install the ruby shadow library, confirm if the problem goes away. 2. If so, file a bug complaining that isn't entirely reasonable. (At least, not silently. :) http://projects.puppetlabs.com/projects/puppet Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] preferred directory structure for multiple environments
techn0gichida jgloui...@gmail.com writes: Moving from 2.5 to 2.6.2 and I was wondering if there is a preferred directory structure for using multiple environments? Does it work much different in 2.6 than in 2.5? Not really substantially, no. When I made the move I assumed (I know) that my current structure and configurations would just roll over but that isn't the case. It would be super-great if you could let us know what the problems were. (Perhaps you have in other messages, but better to ask twice than never hear what problems folks are hitting, I figure. :) Regards, Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syntax for class names
Eric Snow es...@verio.net writes: How do you dynamically create classes? You pretty much can't: puppet is aimed at being a deterministic system, and so it wants to have a non-programmatic state to achieve.[1] For instance, I have a bunch of users to make. I have all their usernames. Each is the same as the others except for the username and one other value. I don't want to have to spell out a User for each, but would rather set up them up dynamically, in a much cleaner way (and more maintainable). The conventional way would be this: define my::user () { user { $name: whatever = 'foo' } } my::user { [one, two, red, blue]: } Puppet will create all those resources nicely. [...] As well, I was hoping to set up some defines in the dynamically created user so that they could be used from the class's namespace. The alternative is to do them separately and pass in the same information that I already passed in to the class, which seems messier than just providing them from the class's namespace. I strongly suspect that a worked example of what you want to do, but that is failing, would help make the whole thing a lot clearer... Anyhow, my final bit of (now unsolicited) advice here: Don't do that anyhow. Use LDAP, or some other network directory service, to manage your user accounts. It hurts way less than trying to do this at scale, once you start to discover needs for things like consistent UIDs, etc. Regards, Daniel Footnotes: [1] Like the English language, puppet isn't that pure, and you can work around this in a whole bunch of ways. Pure-ruby manifests in 2.6 might be a way to do that, for example. -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syntax for class names
On Fri, Nov 12, 2010 at 09:32:16AM +1100, Daniel Pittman wrote: Footnotes: [1] Like the English language, puppet isn't that pure, and you can work around this in a whole bunch of ways. Pure-ruby manifests in 2.6 might be a way to do that, for example. Oh, I knew somebody was going to say that. I don't much like the idea of ruby manifests; it seems to turn Puppet's design upside down. I try to reduce the direct use of Ruby in my puppet configurations to an absolute minimum. -- Bruce It is impolite to tell a man who is carrying you on his shoulders that his head smells. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New Foreman Release
Hello All, I'm happy to announce a new release of Foreman, top 3 highlights for this release includes: * Full Role based authorizations (RBAC) * Support for Puppet 2.6.x * Easy to use REST API This release is packaged with goodies, around 100 tickets were closed Release notes can be found here: http://theforeman.org/projects/foreman/wiki/ReleaseNotes Full change log can be found here: http://theforeman.org/versions/show/8 As usually many many thanks to all contributors and users Have fun, Ohad -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax for class names
Thanks. On Nov 11, 3:21 pm, Bruce Richardson itsbr...@workshy.org wrote: On Thu, Nov 11, 2010 at 12:50:02PM -0800, Eric Snow wrote: How do you dynamically create classes? You don't. 2.6 has parameterized classes but that's not quite what you mean. For instance, I have a bunch of users to make. I have all their usernames. Each is the same as the others except for the username and one other value. I don't want to have to spell out a User for each, but would rather set up them up dynamically, in a much cleaner way (and more maintainable). You can use resource defaults to take out most of the drudgery User { managed = true, shell = '/bin/bash' } Then you only need type out the varying properties of each user. It looks like parameterized classes would mostly do it, but is the syntax for including a parameterized class the same everywhere? Can a parameterized class be virtual? No. Resources can be virtual but not classes. If you were hoping to be able to create all of these users by iterating through a hash, or something similar, then Puppet really doesn't support that. Puppet's DSL is declaritive and can't be treated like some OO language (I wish Luke had chosen a name other than class for Puppet's classes; it only confuses people). Have you noticed that Puppet has arrays and hashes but doesn't have a keys() function? You *could* have a hash of users and their properties $users = { john = { shell = '/bin/bash', uid = '501' }, david = { shell = '/bin/tcsh', uid = '501' } and have a define which consulted that hash, as in define hash_user ( $user_hash ) { user { $name: ensure = 'present', managed = true, shell = $users[$name][shell], uid = $user_hash[$name][uid] } } But since there is no keys function, you can't do hash_user { [ keys($users) ]: user_hash = $users } You have to do hash_user { [ 'john', 'david' ]: user_hash = $users } which isn't really saving you a lot. Bluntly, Puppet wants you to declare your resources explicitly. As well, I was hoping to set up some defines in the dynamically created user so that they could be used from the class's namespace. The alternative is to do them separately and pass in the same information that I already passed in to the class, which seems messier than just providing them from the class's namespace. I think there may be a misplaced word in there; it doesn't seem to make entire sense. -- Bruce Get thee behind me, Stan: for it is written, thou hast gotten me into another fine mess. -- Oliver 4:8 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] syntax for class names
Bruce Richardson itsbr...@workshy.org writes: On Thu, Nov 11, 2010 at 12:50:02PM -0800, Eric Snow wrote: [...] If you were hoping to be able to create all of these users by iterating through a hash, or something similar, then Puppet really doesn't support that. Puppet's DSL is declaritive and can't be treated like some OO language (I wish Luke had chosen a name other than class for Puppet's classes; it only confuses people). Have you noticed that Puppet has arrays and hashes but doesn't have a keys() function? You *could* have a hash of users and their properties It really wouldn't be a terribly hard extension to write one, however. :) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] qualified names
I know that you can qualify variable names from inside a class. How about qualifying a variable inside a nested class: class module::class_a { class module::class_a::class_b { $variable = test } } notice $module::class_a::class_b::variable Are classes and variables the only things you can qualify? What about defines? Thanks. -eric -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] qualified names
- Eric Snow es...@verio.net wrote: I know that you can qualify variable names from inside a class. How about qualifying a variable inside a nested class: class module::class_a { class module::class_a::class_b { $variable = test } } notice $module::class_a::class_b::variable you've created $module::module::class. you really should just put classes each in their own files it makes it all more obvious. same applies to defines -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: qualified names
Thanks for the response. I'm afraid I don't see the relationship between resolving the qualified variable and moving classes into their own manifests. Even if class_a were in its own manifest I would have the same problem. I appreciate your help. I expect that I have misunderstood. Thanks. -eric On Nov 11, 4:40 pm, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: I know that you can qualify variable names from inside a class. How about qualifying a variable inside a nested class: class module::class_a { class module::class_a::class_b { $variable = test } } notice $module::class_a::class_b::variable you've created $module::module::class. you really should just put classes each in their own files it makes it all more obvious. same applies to defines -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: qualified names
- Eric Snow es...@verio.net wrote: Thanks for the response. I'm afraid I don't see the relationship between resolving the qualified variable and moving classes into their own manifests. Even if class_a were in its own manifest I would have the same problem. I appreciate your help. I expect that I have misunderstood. Thanks. you would not, class module::class_a { } and in another file class module::class_a::class_b { } that's what you would have and that would create the module layout you'd expect its just harder to make the mistake you made which is: class a { class b { } } this creates classes a and a::b now look at your naming. Nesting them also messes around the autloader. -eric On Nov 11, 4:40 pm, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: I know that you can qualify variable names from inside a class. How about qualifying a variable inside a nested class: class module::class_a { class module::class_a::class_b { $variable = test } } notice $module::class_a::class_b::variable you've created $module::module::class. you really should just put classes each in their own files it makes it all more obvious. same applies to defines -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: qualified names
I gotta say that was unexpected. Thanks for the clarification. I am finding that scoping in puppet is pretty unusual. Thanks. -eric On Nov 11, 4:59 pm, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: Thanks for the response. I'm afraid I don't see the relationship between resolving the qualified variable and moving classes into their own manifests. Even if class_a were in its own manifest I would have the same problem. I appreciate your help. I expect that I have misunderstood. Thanks. you would not, class module::class_a { } and in another file class module::class_a::class_b { } that's what you would have and that would create the module layout you'd expect its just harder to make the mistake you made which is: class a { class b { } } this creates classes a and a::b now look at your naming. Nesting them also messes around the autloader. -eric On Nov 11, 4:40 pm, R.I.Pienaar r...@devco.net wrote: - Eric Snow es...@verio.net wrote: I know that you can qualify variable names from inside a class. How about qualifying a variable inside a nested class: class module::class_a { class module::class_a::class_b { $variable = test } } notice $module::class_a::class_b::variable you've created $module::module::class. you really should just put classes each in their own files it makes it all more obvious. same applies to defines -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
Puppet 0.25.3-2 I accidentally removed puppet (didn't notice that removing ruby also removes puppet, yes stupid). And I re-installed. All the files are the same. That includes classes and configuration. However I can't seem to get things working again. here is what I done removed /var/lib/puppet/ssl on puppetmaster and on all guests re-installed puppet and older version of ruby checked certificates, hostname, time. I am still getting following errors: Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON! and on puppetmaster: ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `accept' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in `listen' /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in `listen' /usr/lib/ruby/1.8/thread.rb:135:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen' /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:128:in `start' /usr/lib/ruby/site_ruby/1.8/puppet/application/puppetmasterd.rb:122:in `main' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:226:in `run_command' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:306:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:217:in `run' /usr/sbin/puppetmasterd:66 I am lost at the moment occasionally I am also getting following on client: -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Emulating Debians tasksel
On Thu, Nov 11, 2010 at 9:28 AM, tecneeq tecn...@googlemail.com wrote: However, what if the selection of packages changes? Is there a more clever way to install tasks with tasksel, without listing each and every package the tasksel task is made of? Have you tried the meta-package gnome-desktop-environment? -- $ echo kpfmAdpoofdufevq/dp/vl | perl -pe 's/(.)/chr(ord($1)-1)/ge' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Disabling Certificates
On Nov 10, 7:42 pm, Derek J. Balling dr...@megacity.org wrote: Has anyone had any luck in actually disabling certificates entirely. Just trust the hostname you get from DNS and treat that info as authoritative. I'm in the Puppet BoF @ LISA, and (essentially) was told that's never going to happen, even though I have *no* need for the security that the certificates theoretically provide and they get in my way far more often than any alleged help. Has anyone managed to just obliterate the whole certificate-nightmare from Puppet? Is there anyone else who thinks they add way more complications than they are worth? Derek, From your comment in #3958 I think autosign[1] with *.domain.tld would work for you. There are more complicated methods of supporting transient hosts, such as in the cloud, where not even the hostname is consistent. I suspect that may be more work than you're looking for. [1] http://projects.puppetlabs.com/projects/puppet/wiki/Certificates_And_Security -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: syntax for class names
On Nov 11, 2:21 pm, Bruce Richardson itsbr...@workshy.org wrote: (I wish Luke had chosen a name other than class for Puppet's classes; it only confuses people). Wondering off topic, but my favorite alternate term so far is containers. Doesn't confuse people with programming backgrounds as much. Also implies that they're singletons, to me at least. And I think we're getting to a point in the DSL where the difference between definitions and classes is just the singleton aspect. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem with modules
On Nov 11, 2:15 am, Daniel Pittman dan...@rimspace.net wrote: Leonko the.leo...@gmail.com writes: I think it is mentioned obliquely a few times, but there certainly isn't anywhere super-obvious that explains this feature of manifest auto-loading. Yes, +1 to an issue for documenting it. That said #5044 is the best explanation of how autoloading currently works that I've seen. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda chro...@gmail.com wrote: Puppet 0.25.3-2 I accidentally removed puppet (didn't notice that removing ruby also removes puppet, yes stupid). And I re-installed. All the files are the same. That includes classes and configuration. However I can't seem to get things working again. here is what I done removed /var/lib/puppet/ssl on puppetmaster and on all guests Does /var/lib/puppet/ssl/ca exist? If not, restart the puppetmaster. A new CA should be created. -- Teyo Tyree :: www.puppetlabs.com:: +1.503.208.4475 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ANNOUNCE: Puppet 2.6.3 - Release Candidate 3 available!
We're back with a maintenance release: 2.6.3. This release addresses some issues in the 2.6.2 release. 2.6.3 is a maintenance release in the 2.6.x branch and it contains only bug fixes and no new features. The third release candidate is available for download at: http://puppetlabs.com/downloads/puppet/puppet-2.6.3rc3.tar.gz We're hoping this is going to be the last RC so please test it! Please note that only final releases of Puppet are signed with the Puppet Labs key. See the Verifying Puppet Download section at http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Report feedback via the Puppet Labs Redmine site: http://projects.puppetlabs.com Please select an affected version of 2.6.3rc3. CHANGELOG since 2.6.2 b15231d Fix for #4299 -- Don't require which ea435a4 Fix #5020 - Prefer finding node name from REST uri over certname a097b93 Fix for #4894 -- retry tests if port is in use ee61b4e Fix for #4955 -- Race condition memory leak in Puppet::Util f57425d Fix #4921 - race condition in Parser Functions creation 9604f1c Fix #5252 - line number mis-attribution during parsing cc5224c Maint. fix for test broken by 00eedac5 5f7d0fb Fix for #2568 -- Add a dbconnections option to set AR pool size ba4d22b Maint. Removing code for which no CLA has been signed 4a3d5d7 Reimplementation of functionality removed by prior commit 235d641 Refactor for CLA 9ba0c8a Fix #4923 - close process race when truncating existing file cb16d3d Puppet-load: better and safer error reporting 1d26742 Fix #5023 - puppet-load multiple nodes support 00eedac capture stderr from exec resources 4cbceab (#4573) FreeBSD service provider now supports versions 7 and 8 06c8748 Fix #3808 - puppetdoc should use --force-update only if RDoc supports it 6e6712b [#4813] Remove dead code from puppet/rails/host.rb 956296a Fix #4911 - Do not generate doc for standard RDoc parser generated object 4fa24bb Fix #5127 - error when accessing array elements abb8c66 (#5242) Fix schedule specs that fail near daylight savings ec667fd Kludge for #5206 -- port of fix for #3536 to yaml 9a3b584 (#5062) Add envpuppet helper script to ext/ aad7008 [#5225] Fix spec failure that depended on time change 21db472 (#5233) Randomize tmp dir paths 244213c Updated CHANGELOG for 2.6.3rc2 76ac1f8 Fixed #5112 - Launchd Service broke in 2.6.2 with OS X 10.4 Clients. 776ea2a Fixed #5137 - Removed no longer required TOC references 31118fe Kludge for #5048 -- serialization compatibility with 0.25.x 65ef24e (#4534/#4778) -- Normalize parameterized classes 3b53bfc Fix for #5022 -- Escaped newlines should be elided e3fc5b9 Updated CHANGELOG and version for 2.6.3rc1 3c56705 Fix for #4832 -- Making PSON handle arbitrary binary data e232770 Minimal fix for #4975 -- only call chage when managing password age rules a090e86 Fix for #4963 -- Use correct commands for password expiry on solaris Regards James Turnbull -- Puppet Labs - http://www.puppetlabs.com C: 503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca
new SSL has been created I confirmed it and tested it. From: Teyo Tyree Sent: Thursday, November 11, 2010 9:09 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] ERROR OpenSSL::SSL::SSLError: tlsv1 alert unknown ca On Thu, Nov 11, 2010 at 4:56 PM, Marek Dohojda chro...@gmail.com wrote: Puppet 0.25.3-2 I accidentally removed puppet (didn't notice that removing ruby also removes puppet, yes stupid). And I re-installed. All the files are the same. That includes classes and configuration. However I can't seem to get things working again. here is what I done removed /var/lib/puppet/ssl on puppetmaster and on all guests Does /var/lib/puppet/ssl/ca exist? If not, restart the puppetmaster. A new CA should be created. -- Teyo Tyree :: www.puppetlabs.com:: +1.503.208.4475 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetrun + notice: Denying unauthenticated .... access to puppetrunner.run
hi Ohad, thanks for reply i m using puppet version 0.25.X on both side (client master)... and edited and added following file /etc/puppet/auth.conf on client ... path /run method save allow * , but still problem is not resolved. On Nov 11, 8:23 pm, Ohad Levy ohadl...@gmail.com wrote: if you are using puppet 2.6.x you need to adjust your auth.conf too seehttp://theforeman.org/projects/foreman/wiki/puppetrunfor an example Ohad On Thu, Nov 11, 2010 at 5:04 PM, sanjiv.singh sanjiv.si...@impetus.co.inwrote: hi all, i am in trouble with running puppetrun... i m able to run puppetd ... which successfully get configuration from master and made changes on client side and following are senario i m using to run puppetrun there is no issue on port i had opened ports . 8140 : on master 8139 : on client and added following file /etc/puppet/namespaceauth.conf on client.. [puppetrunner] allow * on master : === $ puppetrun --all --debug Triggering dmb-1289455541.puppet.com warning: peer certificate won't be verified in this SSL session Host dmb-1289455541.puppet.com failed: HTTP-Error: 500 Internal Server Error dmb-1289455541.puppet.com finished with exit code 2 on client : === $ puppetd --verbose --no-daemonize --listen --debug .. . . notice: Finished catalog run in 19.93 seconds debug: Using cached certificate for ca debug: Using cached certificate for dmb-1289455541.puppet.com debug: Using cached certificate for ca debug: Using cached certificate_revocation_list for ca notice: Denying unauthenticated client 184-106-208-159.static.cloud- ips.com(184.106.208.159) access to puppetrunner.run a lot googling is done and gone through various blogs and documentation.., i had logined as root on both side (master and client) question : 1) Can any budy tell me what is exactly d problem ? 2) or Is there any extra configuration required with puppetrun? 3) How is puppetmaster is authentication on puppetclient ? U r all pleased to solve this problem. any help wll be appreciated . Thanks Regards : Sanjiv Singh (iLabs ) Impetus Infotech (India) . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.- Hide quoted text - - Show quoted text - -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Realizing wrong ssh key for the wrong user
On Nov 9, 2:47 pm, Tobias Lott tl...@ebel-syste.ms wrote: Problem isn't Directories not getting created but every user is getting ALL ssh keys I see the error messages appearing to indicate attempts to distribute keys to users who should not have them. The attempts seem not to be successful, however. Do the correct keys successfully get distributed to the correct users, or do all key distribution attempts fail? Are there circumstances under which Puppet genuinely does install keys for users that should not have them? Only the correct keys are actually distributed, however this Problem occurs only on some Machines weather its Ubuntu (10.10) 32 or 64 Bit. Additionally the authorized_key files are being flooded with the same keys over and over again. F.e. if one user has only 1 Key its appended almost every run, whats the problem there? I've tried to remove the file and let puppet create it, but its still the same. I can imagine that the provider for ssh_authorized_keys may boneheadedly attempt to read authorized_keys files that it doesn't actually need to read (or write). If you have Puppet installed in a manner that prevents puppetd from successfully accessing those files, then the error messages may simply signal inefficiency, rather than a bona fide attempt to distribute keys incorrectly. Note also that there appears to be a typo in your manifest fragment: key peto is assigned to user petov (not peto). It would be very strange, but within the realm of possibility, if your problem disappeared after you correct that. True was a typo, but didn't fix it. Regards, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Disabling Certificates
On Nov 11, 2010, at 6:26 PM, donavan wrote: From your comment in #3958 I think autosign[1] with *.domain.tld would work for you. Nope. Because autosign doesn't also auto-overwrite. - New Host foo001.domain.tld is created - Certs are exchanged for foo001 with the puppetmaster, life is good, autosigned - Host foo001.domain.tld is retired - Replacement Host foo001.domain.tld is created - foo001 tries to talk to puppetmaster, presenting brand new certs. They don't match what the master has for that host. It tells foo001 to pound-sand. At that point, I have to manually log into the CA and clean out the certificates for foo001. I also have to go out to foo001, and blow away all ITS certs, since it's been given a cert it has no idea what to do with. It's just ugly. Like I said in my ticket notes, I'll concede that for some people, it's a necessity, but there's clearly also a set of people for whom it is just unnecessary pain and suffering. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.