[Puppet Users] puppetmaster 100%cpu usage on 2.6 (not on 0.24)

[Chris]

Hi

I recently upgraded my puppet masters (and clients) from 0.24.8 to
2.6.4

Previously, my most busy puppet master would hover around about 0.9
load  average, after the upgrade, its load hovers around 5

I am running passenger and mysql based stored configs.

Checking my running processes, ruby (puppetmasterd) shoots up to 99%
cpu load and stays there for a few seconds before dropping again.
Often there are 4 of these running simultaneously, pegging each core
at 99% cpu.

It seems that there has been a serious performance regression between
0.24 and 2.6 for my configuration

I hop the following can help work out where...

I ran puppetmasterd through a profiler to find the root cause of this
(http://boojum.homelinux.org/profile.svg).  The main problem appears
to be in /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast/resource.rb, in
the evaluate function.

I added a few timing commands around various sections of that function
to find the following breakdown of times spent inside it, and the two
most intensive calls are
---
paramobjects = parameters.collect { |param|
  param.safeevaluate(scope)
}
---

and
---
resource_titles.flatten.collect { |resource_title|
  exceptwrap :type => Puppet::ParseError do
resource = Puppet::Parser::Resource.new(
  fully_qualified_type, resource_title,
  :parameters => paramobjects,
  :file => self.file,
  :line => self.line,
  :exported => self.exported,
  :virtual => virt,
  :source => scope.source,
  :scope => scope,
  :strict => true
)

if resource.resource_type.is_a? Puppet::Resource::Type
  resource.resource_type.instantiate_resource(scope, resource)
end
scope.compiler.add_resource(scope, resource)
scope.compiler.evaluate_classes([resource_title],scope,false)
if fully_qualified_type == 'class'
resource
  end
}.reject { |resource| resource.nil? }
---


Unfortunately, that is about the limit of my current ruby skills.
What else can be looked at to speed 2.6 back up to the performance of
0.24?



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Custom Functions that runs on the Client?

[Martijn Grendelman]

Hi,

> On Mon, Dec 13, 2010 at 12:56 PM, Yushu Yao  > wrote:
> 
> Another though:
> 
> Can I do something like
> if $(return value of an Exec resource)==0 {
> } else {}
> 
> I.e. I want to run an shell command first, and do something depend on
> the output of the command.
> 
> 
> You probably want to make the shell command a fact, and then case on the
> fact inside your manifests on the server.


What about 'onlyif' and 'unless'?

But I also have custom facts that -for example- check if a local directory
or its contents have changed before I run an Exec or a Concat...

Best regards,
Martijn.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Running puppet as non-root user

[Jesús Couto]

Ok, so, not as strange and uncommon practice as I thought :-P

So what do you do in your manifests? I mean, do you code the manifest so you
never, ever get to any place Puppet is going to croak due to not being root
(that would mean, probably, just exporting template and config files under
your accounts), or do you do and then use the error as a way to report the
failed dependencies to whoever its in charge of fixing them? (The "root
Puppet" in Martin case, or just the "operating system" team in general)

It looks to me like it will cut a lot of the advantages of having your
machine configuration inside a tool that can replicate it at will, but
sometimes the difficult problems are not technical but political :-/
--

Jesús Couto F.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: service - explicit stats command

[luke.bigum]

On Dec 14, 3:15 am, "russell.fulton"  wrote:
> I now  have my service status command that does a kill -0 on all the
> pid and return 1 if all the processes are running.  I have this class/
> service definition:

Russell,

That might be a typo in what you've written above but your script
should be returning zero if everything is all right, not 1. 1 would
indicate a problem and thus Puppet is trying to restart your service.

>    class snort($master) {
>       service{
>         "snort.$master":
>              start => "sudo -u snort /home/snort/bin/restart-snort
> $master" ,
>             restart => "sudo -u snort /home/snort/bin/restart-snort
> $master" ,
>             stop => "sudo -u snort /home/snort/bin/restart-snort -stop
> $master",
>             status => "sudo -u snort /home/snort/bin/restart-snort -
> status $master",
>             ensure => running,
>             subscribe => [ File[ "/home/snort/conf/$master/snort.conf", "/
> home/snort/conf/$master/barnyard.conf"]],
>         }
>    }
>
> but puppet always decides that the process is not running and tries to
> start it.
>
> notice: /Stage[post]/Monitor::Snort/Service[snort.dmzi]/ensure: ensure
> changed 'stopped' to 'running'
>
> Is there any way I can get more diagnostics than that returned by --
> test?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet updating from relative directories or chroot

[Felix Frank]

On 12/14/2010 12:19 AM, Daniel Pittman wrote:
> On Tue, Dec 14, 2010 at 10:15, Patrick Mohr  wrote:
>> On Mon, Dec 13, 2010 at 2:39 PM, Daniel Pittman  wrote:
>>> On Fri, Dec 3, 2010 at 22:41, Geoff  wrote:
> 
>>> I didn't respond earlier, as I imagine most people didn't, because we
>>> hoped someone would actually come along and have some experience that
>>> could help you out here.  Even if they don't, though, posting a new
>>> message with "bump" in the content doesn't work like a web forum - it
>>> just sends out a new message with that one line in it to everyone
>>> subscribed.  I had to dig back through the archives to see what you
>>> were having trouble with so I could respond.
>>
>> I was able to see the whole question because he either replied to himself or
>> because he copied and pasted.  Could your email client be hiding quoted
>> text?
> 
> Oh, the embarrassment.  Um, yes, he did, and it did.  *ahem*  Thanks.

Muphry's Law. Hardly something to be actually embarrassed about :-)

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Unknown protocol since migration to Passenger

[Pieter Baele]

On Tue, Dec 14, 2010 at 08:28, Pieter Baele  wrote:
>
> With a web browser:
> An error occurred during a connection to server_fqdn:8140.
>
> SSL received a record that exceeded the maximum permissible length.
>
> (Error code: ssl_error_rx_record_too_long)


If I change the virtual host directive from *:8140 to
fqdnhostname:8140 the other puppetclients work,
but the client on the puppetmaster itself fails then,  it also gives
problems with other applications...

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: File not found during puppet fileserving

[Iain Sutton]

We have just stumbled across this having moved to external nodes using
Foreman.

Our dev environment is where we make quick changes to manifests (and
nominally only affect dev nodes), but sometimes those changes are only
relevant to production nodes. In those scenarios, on production nodes we
used to run:

puppetd --test --noop --environment=dev

and that would help validate that what we were about to tag would actually
work once it made it to production. Once our dev manifests were correct, we
would make an svn tag and release that to production.

I've quickly read through the below bug and I can see good arguments for and
against client nodes being able to set the environment, so I'm not sure how
I'd vote.

How are others approaching this scenario or has everyone just managed to
avoid it?

Thanks,

Iain


On 11 December 2010 12:59, Nigel Kersten  wrote:

> On Fri, Dec 10, 2010 at 12:55 PM, Eric Snow  wrote:
> > The issue was that I was not passing the --environment flag during my
> > puppet run.  Apparently it ignores the environment returned by the
> > external node classifier.  Thanks for all the feedback.
>
> Ahah. I was wondering if you'd perhaps hit that bug.
>
> http://projects.puppetlabs.com/issues/3910
>
> Feel free to watch it to help us prioritize.
>
> >
> > -eric
> >
> > On Dec 7, 10:15 am, Stefan Schulte 
> > wrote:
> >> On Mon, Dec 06, 2010 at 03:55:20PM -0800, Eric Snow wrote:
> >> > Thanks for the reply.  The modules mount is okay:
> >>
> >> > [modules]
> >> >   allow *
> >>
> >> Although a short test with your snippet in my fileserver.conf worked for
> me:
> >> can you try again with an empty fileserver.conf?
> >>
> >> -Stefan
> >>
> >>  application_pgp-signature_part
> >> < 1KViewDownload
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> > To post to this group, send email to puppet-us...@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
> >
>
>
>
> --
> Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Error after signing certificate step

[Paul Willis]

Hi

I'm trying puppet for the first time and attempting to get it working in Amazon 
EC2 with Ubuntu 10.04 using the default puppet 0.25.4-2ubuntu4, I've read the 
'Pulling Strings' book and tried following various tutorials found on the net 
to set up it but each time I get as far as signing the certificate before 
getting this error

info: Caching certificate for ip-10-243-6-14.ec2.internal
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 
'eval_generate': undefined method `closed?' for nil:NilClass
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: 
undefined method `closed?' for nil:NilClass Could not retrieve file metadata 
for puppet://puppet.mydomain.com/plugins: undefined method `closed?' for 
nil:NilClass
err: Could not retrieve catalog from remote server: undefined method `closed?' 
for nil:NilClass
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run


(I've edited puppet.mydomain.com but mydomain.com would actually be my real 
domain)

Searching Google for the error message brings up a few people having the same 
problem but no solution. It seems many of the puppet error messages are very 
similar so it makes it harder to pin down what I'm doing wrong. There is one 
suggestion that it might be a Ruby bug but if possible I'd like to use the 
default LTS packages. Of course if something is broken I may have no option but 
I find it hard to believe nobody is using the default install I assume I'm 
making some basic error here.



Here's my process...

I boot 2 x t1-micro instances in US-East from ami-480df921 Canonical's Ubuntu 
10.04 LTS Lucid EBS boot

They both have the 'default' firewall which allows all tcp/udp traffic between 
them

SSH in and on the first one I'm using as the puppetmaster I run...

sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install puppetmaster

and on the second instance which will be my client I run...

sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install puppet

They get their IPs automatically from AWS which will be something like...

puppetmaster
Private DNS: ip-10-203-66-29.ec2.internal
Private IP Address: 10.203.66.29

puppetclient
Private DNS: ip-10-243-6-14.ec2.internal
Private IP Address: 10.243.6.14

So in /etc/hosts on both I add...

10.203.66.29 puppet.mydomain.com puppet
10.243.6.14 pclient.mydomain.com pclient

I create a basic site.pp manifest on the master and restart it.

Then on the client I run...

sudo puppetd --server puppet.mydomain.com --waitforcert 60 --test

On the master I run...

sudo puppetca --list

I see the client request and sign it.

Back on the client I see it gets the cert but then I get the 'plugin' error 
message...

warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for ip-10-243-6-14.ec2.internal
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ip-10-243-6-14.ec2.internal
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 
'eval_generate': undefined method `closed?' for nil:NilClass
err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: 
undefined method `closed?' for nil:NilClass Could not retrieve file metadata 
for puppet://puppet.mydomain.com/plugins: undefined method `closed?' for 
nil:NilClass
err: Could not retrieve catalog from remote server: undefined method `closed?' 
for nil:NilClass
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

=

What am I doing wrong?

Regards

Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Error after signing certificate step

[Patrick]

On Dec 14, 2010, at 3:18 AM, Paul Willis wrote:

> Hi
> 
> I'm trying puppet for the first time and attempting to get it working in 
> Amazon EC2 with Ubuntu 10.04 using the default puppet 0.25.4-2ubuntu4, I've 
> read the 'Pulling Strings' book and tried following various tutorials found 
> on the net to set up it but each time I get as far as signing the certificate 
> before getting this error
> 
> info: Caching certificate for ip-10-243-6-14.ec2.internal
> info: Retrieving plugin
> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
> using 'eval_generate': undefined method `closed?' for nil:NilClass
> err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of 
> resource: undefined method `closed?' for nil:NilClass Could not retrieve file 
> metadata for puppet://puppet.mydomain.com/plugins: undefined method `closed?' 
> for nil:NilClass
> err: Could not retrieve catalog from remote server: undefined method 
> `closed?' for nil:NilClass
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> 
> 
> (I've edited puppet.mydomain.com but mydomain.com would actually be my real 
> domain)
> 
> Searching Google for the error message brings up a few people having the same 
> problem but no solution. It seems many of the puppet error messages are very 
> similar so it makes it harder to pin down what I'm doing wrong. There is one 
> suggestion that it might be a Ruby bug but if possible I'd like to use the 
> default LTS packages. Of course if something is broken I may have no option 
> but I find it hard to believe nobody is using the default install I assume 
> I'm making some basic error here.



> undefined method `closed?' for nil:NilClass

This error is a bug that is fixes in later versions of puppet.  It means, 
something went wrong (this might be your fault) and the cleanup code failed 
(this part isn't your fault).

More information at:
http://projects.puppetlabs.com/issues/3101

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Custom Functions that runs on the Client?

[Felix Frank]

On 12/13/2010 07:59 PM, Yushu Yao wrote:
> Thanks Eric,
> 
> I am trying to implement some function tests. E.g. in my catalog for
> node B there is LDAP client, however, I would like to do a test to see
> if the LDAP server is already up and running. And decide if I want to
> apply the LDAP Client or not. (This is a test on remote resource, I
> might also need to test a resource local to the client, e.g. existence
> of a file, a service is running, etc).

This is actually an interesting problem I've been wondering about myself
recently.

Specifically, it passed my mined to exploit stored configs, i.e. I can
tell puppet to only generate client catalogues if the corresponding
server has been set up by puppet already. (LDAP is not a good example
for this, I picture NFS setups etc. instead, with n servers known to
puppet and k*n clients.)

Any thoughts?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] SSL_connect SYSCALL returned=5

[Kikanny]

I keep getting the following error when I do a catalog run:

err: Could not request certificate: SSL_connect SYSCALL returned=5
errno=0 state=SSLv2/v3 read server hello A

No idea why its giving me this error. Any help would be appreciated.
Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: SSL_connect SYSCALL returned=5

[Kikanny]

I'm using webrick but I also have apache installed on the master
because I need it for something else. Could it be because apache is
also using ssl or something like that is causing the problem?

On Dec 14, 8:17 am, Kikanny  wrote:
> I keep getting the following error when I do a catalog run:
>
> err: Could not request certificate: SSL_connect SYSCALL returned=5
> errno=0 state=SSLv2/v3 read server hello A
>
> No idea why its giving me this error. Any help would be appreciated.
> Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Using one fact to make another fact

[Peter Meier]

>> Facter.add("username") do
>>  setcode do
>>$username = Facter.hostname
> 
> Facter.value(:hostname)
> 
>>$username.sub!(/notebook/, 'user')
>>puts $username

and no need to puts, facter expects $username to be returned. But beware
that $username is a global variable and you should avoid that one, hence
you just write it without $

~pete

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet updating from relative directories or chroot

[Geoff]

Cheers all.
I suspected it was going to be too hard. Thought no-one had seen the
email as it was sent close to the weekend ;)

On Dec 13, 11:19 pm, Daniel Pittman  wrote:
> On Tue, Dec 14, 2010 at 10:15, Patrick Mohr  wrote:
> > On Mon, Dec 13, 2010 at 2:39 PM, Daniel Pittman  wrote:
> >> On Fri, Dec 3, 2010 at 22:41, Geoff  wrote:
> >> I didn't respond earlier, as I imagine most people didn't, because we
> >> hoped someone would actually come along and have some experience that
> >> could help you out here.  Even if they don't, though, posting a new
> >> message with "bump" in the content doesn't work like a web forum - it
> >> just sends out a new message with that one line in it to everyone
> >> subscribed.  I had to dig back through the archives to see what you
> >> were having trouble with so I could respond.
>
> > I was able to see the whole question because he either replied to himself or
> > because he copied and pasted.  Could your email client be hiding quoted
> > text?
>
> Oh, the embarrassment.  Um, yes, he did, and it did.  *ahem*  Thanks.
>
> Daniel
>
> Pass me that brown paper bag.
> --
> ✣ Daniel Pittman            ✉ dan...@rimspace.net            ☎ +61 401 155 707
>               ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: File not found during puppet fileserving

[Nigel Kersten]

Client nodes can set the environment, so long as the server doesn't.
On Dec 14, 2010 3:21 AM, "Iain Sutton"  wrote:
> We have just stumbled across this having moved to external nodes using
> Foreman.
>
> Our dev environment is where we make quick changes to manifests (and
> nominally only affect dev nodes), but sometimes those changes are only
> relevant to production nodes. In those scenarios, on production nodes we
> used to run:
>
> puppetd --test --noop --environment=dev
>
> and that would help validate that what we were about to tag would actually
> work once it made it to production. Once our dev manifests were correct,
we
> would make an svn tag and release that to production.
>
> I've quickly read through the below bug and I can see good arguments for
and
> against client nodes being able to set the environment, so I'm not sure
how
> I'd vote.
>
> How are others approaching this scenario or has everyone just managed to
> avoid it?
>
> Thanks,
>
> Iain
>
>
> On 11 December 2010 12:59, Nigel Kersten  wrote:
>
>> On Fri, Dec 10, 2010 at 12:55 PM, Eric Snow  wrote:
>> > The issue was that I was not passing the --environment flag during my
>> > puppet run. Apparently it ignores the environment returned by the
>> > external node classifier. Thanks for all the feedback.
>>
>> Ahah. I was wondering if you'd perhaps hit that bug.
>>
>> http://projects.puppetlabs.com/issues/3910
>>
>> Feel free to watch it to help us prioritize.
>>
>> >
>> > -eric
>> >
>> > On Dec 7, 10:15 am, Stefan Schulte 
>> > wrote:
>> >> On Mon, Dec 06, 2010 at 03:55:20PM -0800, Eric Snow wrote:
>> >> > Thanks for the reply. The modules mount is okay:
>> >>
>> >> > [modules]
>> >> > allow *
>> >>
>> >> Although a short test with your snippet in my fileserver.conf worked
for
>> me:
>> >> can you try again with an empty fileserver.conf?
>> >>
>> >> -Stefan
>> >>
>> >> application_pgp-signature_part
>> >> < 1KViewDownload
>> >
>> > --
>> > You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> > To post to this group, send email to puppet-us...@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com

>
>> .
>> > For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>> >
>> >
>>
>>
>>
>> --
>> Nigel Kersten - Puppet Labs - http://www.puppetlabs.com
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com

>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] PluginModule issue

[Justin Ellis]

Good Morning!

I'm working on implementing the glassfish module from ModuleForge so that we
can use a Resource Type in our manifests instead of execs, but am getting an
odd error on the client.

Glassfish[domain1]: Failed to retrieve current state of resource: No ability
to determine if glassfish exists

Here is the relevant output from a debug/trace - http://pastie.org/1376256

Provider:
glassfish/asadmin.rb - http://pastie.org/1376225
systemproperty/asadmin.rb - http://pastie.org/1376242

Type:
type/glassfish.rb - http://pastie.org/1376249
type/systemproperty.rb - http://pastie.org/1376250

Anyone have any ideas?  I'm sort of lost as to what the issue is, was hoping
someone here might be able to point me in the right direction.

Thanks!
Justin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Environment specified by external nodes ignored

[Rameses Mss]

My custom external nodes script sets the environment variable, but Puppet
ignores it.

For testing, I have a manifest that deploys this template to a file:
environment = <%= environment %>

The output from my external nodes script:
---
classes:
- devhost
environment: development
parameters:
  memcached_memory: '32'

But running "puppetd --test" results in the file's contents:
environment = production

Why is my external nodes environment being ignored?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Environment specified by external nodes ignored

[Rameses Mss]

Oops, this is Puppet 0.25.5 on Ubuntu 10.04 LTS.

On Tue, Dec 14, 2010 at 10:39 AM, Rameses Mss  wrote:

> My custom external nodes script sets the environment variable, but Puppet
> ignores it.
>
> For testing, I have a manifest that deploys this template to a file:
> environment = <%= environment %>
>
> The output from my external nodes script:
> ---
> classes:
> - devhost
> environment: development
> parameters:
>   memcached_memory: '32'
>
> But running "puppetd --test" results in the file's contents:
> environment = production
>
> Why is my external nodes environment being ignored?
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] n00b questions - verbosity of config????

[Tim Watts]

Hi,

I'm learning puppet as that is what they use at my current work, though 
that could change...




Question 1:

Last place of work, we wrote our own perl based system which was 
extremely simple and concise to drive - eg to distribute a file, we 
would put it in:


/noarch/dist/etc/syslog-ng/syslog-ng.conf/  # which means create 
a file /etc/syslog-ng/syslog-ng.conf on the target


The contents of the file would be derived from a class based system, eg, 
in the above  the following might exist:


BASE
SERVER
CLIENT
somehost

each with a copy of syslog-ng.conf applicable to that class of host.

Each host would be in one or more classes, where a class was also a 
class member - until you hit the root class, eg:


somewebserver [isin] WEBSERVER [isin] SERVER [isin] BASE
somelabpc [isin] LAB1PC [isin] LABPC [isin] CLIENT [isin] BASE

Order matters and the class list for a host deterministically resolves 
to an ordered list.


So for the example of somewebserver (the host name), it would pick up
/etc/syslog-ng/syslog-ng.conf from

/noarch/dist/etc/syslog-ng/syslog-ng.conf/SERVER

as that is the most specific applicable class.

Everything would by default use

/noarch/dist/etc/syslog-ng/syslog-ng.conf/BASE

unless a more specific case existed.

It is trivially possible to add a per host exception for myhost just by 
adding a new file called "myhost" into

/noarch/dist/etc/syslog-ng/syslog-ng.conf/

[We had a simple way of dealing with file modes etc which I'll leave out 
for brevity]


In Puppet I seem to have to write a module/whatever.pp to set up the 
fact a file is managed. OK, fair enough - I "get" that part of the model.


I also see some sort of linear class inheritance scheme in nodes.pp/

What I don't get is how to leverage that inheritance scheme...

Are there any magic variables that allow me to do something like:

source => [ "puppet:///files/resolv.conf/$mostspecificclass
"puppet:///files/resolv.conf/BASE"
]

Note my use of "class" differs from puppets, so please work around that 
- I don't know the correct terminology but it is the on ebased on the 
inheritance scheme in nodes.pp which seems sensible.




Question 2

Related:

In a simple case as per documentation:

class syslog {
file { "/etc/syslog-ng/syslog-ng.conf":
path => "/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
}
}

is there no variable for the first instance of
"/etc/syslog-ng/syslog-ng.conf"
???

Mentioning a string 3 times or more strikes me as unnecessarily verbose 
and likely to lead to typos.


Question 3

###

What if /etc/syslog-ng doesn't exist?

I had to resolve that with this syslog.pp :

class syslog {
file { "/etc/syslog-ng":
path => "/tmp/etc/syslog-ng",
ensure => directory,
mode => 755,
owner => root,
group => root,
}
file { "/etc/syslog-ng/syslog-ng.conf":
path => "/tmp/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
}
}

or with a recurse:

class syslog {
file { "/etc/syslog-ng/syslog-ng.conf":
path => "/tmp/etc/syslog-ng",
recurse => true,
mode => 644,
owner => root,
group => root,
source => "puppet:///files/etc/syslog-ng"
}
}

First case is verbose again (yuk).

Second case is probably OK but if we have two modules that might want to 
create files in a common directory that may or may not exist it's a bit 
horrible.


Is there a simple way to say "just create any directories you need to 
with default modes"?


I had a quick look at some of the source but couldn't spot any...


##

At first glance puppet seems extremely verbose (though I do like the 
certificate handling). To my mind a config management system should be 
solid in its code but simple in its managemnet and I'm not getting the 
"simple in its management" right now.


I am open minded but the documentation is a bit scattered (I even bought 
the book "Pulling Strings with Puppet" and I'm going off it right now 
even to the point of re-implementing the last system I thought was good.


But I would welcome anyone telling me I'm wrong!

Look forward to people's thoughts.

Cheers

Tim

--
Tim Watts
Personal Email

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.

Re: [Puppet Users] Environment specified by external nodes ignored

[Nigel Kersten]

On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss  wrote:

> My custom external nodes script sets the environment variable, but Puppet
> ignores it.
>
> For testing, I have a manifest that deploys this template to a file:
> environment = <%= environment %>
>
> The output from my external nodes script:
> ---
> classes:
> - devhost
> environment: development
> parameters:
>   memcached_memory: '32'
>
> But running "puppetd --test" results in the file's contents:
> environment = production
>
> Why is my external nodes environment being ignored?
>

http://projects.puppetlabs.com/issues/3910




>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Rameses Mss]

General suggestions:
- Try not to fight Puppet. It's good but does require a certain way of
thinking. Work with it and you'll get where you want to go.
- Verbosity is not necessarily a bad thing in relatively static
configuration files. Perlophiles usually hate verbosity, I know, but it has
its place.
- To reduce verbosity, look into resource defaults. They're handy.

More specifics inline.

On Tue, Dec 14, 2010 at 10:33 AM, Tim Watts  wrote:

> Hi,
>
> I'm learning puppet as that is what they use at my current work, though
> that could change...
>
>
>
> Question 1:
>
> Last place of work, we wrote our own perl based system which was extremely
> simple and concise to drive - eg to distribute a file, we would put it in:
>
> /noarch/dist/etc/syslog-ng/syslog-ng.conf/  # which means create a
> file /etc/syslog-ng/syslog-ng.conf on the target
>
> The contents of the file would be derived from a class based system, eg, in
> the above  the following might exist:
>
> BASE
> SERVER
> CLIENT
> somehost
>
> each with a copy of syslog-ng.conf applicable to that class of host.
>
> Each host would be in one or more classes, where a class was also a class
> member - until you hit the root class, eg:
>
> somewebserver [isin] WEBSERVER [isin] SERVER [isin] BASE
> somelabpc [isin] LAB1PC [isin] LABPC [isin] CLIENT [isin] BASE
>
> Order matters and the class list for a host deterministically resolves to
> an ordered list.
>
> So for the example of somewebserver (the host name), it would pick up
> /etc/syslog-ng/syslog-ng.conf from
>
> /noarch/dist/etc/syslog-ng/syslog-ng.conf/SERVER
>
> as that is the most specific applicable class.
>
> Everything would by default use
>
> /noarch/dist/etc/syslog-ng/syslog-ng.conf/BASE
>
> unless a more specific case existed.
>
> It is trivially possible to add a per host exception for myhost just by
> adding a new file called "myhost" into
> /noarch/dist/etc/syslog-ng/syslog-ng.conf/
>
> [We had a simple way of dealing with file modes etc which I'll leave out
> for brevity]
>

This is not the way Puppet works.


>
> In Puppet I seem to have to write a module/whatever.pp to set up the fact a
> file is managed. OK, fair enough - I "get" that part of the model.
>
> I also see some sort of linear class inheritance scheme in nodes.pp/
>
> What I don't get is how to leverage that inheritance scheme...
>
> Are there any magic variables that allow me to do something like:
>
> source => [ "puppet:///files/resolv.conf/$mostspecificclass
>"puppet:///files/resolv.conf/BASE"
> ]
>
> Note my use of "class" differs from puppets, so please work around that - I
> don't know the correct terminology but it is the on ebased on the
> inheritance scheme in nodes.pp which seems sensible.
>

There aren't magic variables for that, no. But you can use environments,
facter variables, parameters provided by a custom nodes script or
extlookup() source to accomplish the same thing. You'll also want to look up
selectors and other conditionals in
http://docs.puppetlabs.com/guides/language_tutorial.html.

Finally, it's usually better to use ERB templates for files that differ
slightly than it is to use totally separate files.


>
> 
> Question 2
>
> Related:
>
> In a simple case as per documentation:
>
> class syslog {
>file { "/etc/syslog-ng/syslog-ng.conf":
>path => "/etc/syslog-ng/syslog-ng.conf",
>ensure => file,
>mode => 644,
>owner => root,
>group => root,
>notify => Service[syslog],
>source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
>}
> }
>
> is there no variable for the first instance of
> "/etc/syslog-ng/syslog-ng.conf"
> ???
>
> Mentioning a string 3 times or more strikes me as unnecessarily verbose and
> likely to lead to typos.
>

There's no variable for it, but you only need one of them. If undefined,
"path" defaults to the name of the resource --
"/etc/syslog-ng/syslog-ng.conf" -- so you can just leave path out.

Source can be pared down to "puppet:syslog-ng.conf" In your
file structure, that file would be located in
/
> Question 3
>
> ###
>
> What if /etc/syslog-ng doesn't exist?
>

Things will blow up.

I had to resolve that with this syslog.pp :
>
> class syslog {
>file { "/etc/syslog-ng":
>path => "/tmp/etc/syslog-ng",
>ensure => directory,
>mode => 755,
>owner => root,
>group => root,
>}
>file { "/etc/syslog-ng/syslog-ng.conf":
>path => "/tmp/etc/syslog-ng/syslog-ng.conf",
>ensure => file,
>mode => 644,
>owner => root,
>group => root,
>notify => Service[syslog],
>source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
>}
> }
>
> or with a recurse:
>
> class syslog {
>file { "/etc/sys

Re: [Puppet Users] Environment specified by external nodes ignored

[Rameses Mss]

On Tue, Dec 14, 2010 at 11:22 AM, Nigel Kersten wrote:

>
>
> On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss  wrote:
>
>> My custom external nodes script sets the environment variable, but Puppet
>> ignores it.
>>
>> For testing, I have a manifest that deploys this template to a file:
>> environment = <%= environment %>
>>
>> The output from my external nodes script:
>> ---
>> classes:
>> - devhost
>> environment: development
>> parameters:
>>   memcached_memory: '32'
>>
>> But running "puppetd --test" results in the file's contents:
>> environment = production
>>
>> Why is my external nodes environment being ignored?
>>
>
> http://projects.puppetlabs.com/issues/3910
>

My client is not specifying an environment.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] PluginModule issue

[Felix Frank]

On 12/14/2010 04:30 PM, Justin Ellis wrote:
> Good Morning!
> 
> I'm working on implementing the glassfish module from ModuleForge so
> that we can use a Resource Type in our manifests instead of execs, but
> am getting an odd error on the client.
> 
> Glassfish[domain1]: Failed to retrieve current state of resource: No
> ability to determine if glassfish exists
> 
> Here is the relevant output from a debug/trace - http://pastie.org/1376256
> 
> Provider:
> glassfish/asadmin.rb - http://pastie.org/1376225
> systemproperty/asadmin.rb - http://pastie.org/1376242
> 
> Type:
> type/glassfish.rb - http://pastie.org/1376249
> type/systemproperty.rb - http://pastie.org/1376250
> 
> Anyone have any ideas?  I'm sort of lost as to what the issue is, was
> hoping someone here might be able to point me in the right direction.

Hi,

I have next to no knowledge of ruby, but my guess is that the type is
lacking an :exists? method.
See lib/puppet/property.rb for reference.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment specified by external nodes ignored

[Ohad Levy]

On Tue, Dec 14, 2010 at 6:39 PM, Rameses Mss  wrote:

> On Tue, Dec 14, 2010 at 11:22 AM, Nigel Kersten wrote:
>
>>
>>
>> On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss  wrote:
>>
>>> My custom external nodes script sets the environment variable, but Puppet
>>> ignores it.
>>>
>>> For testing, I have a manifest that deploys this template to a file:
>>> environment = <%= environment %>
>>>
>>> The output from my external nodes script:
>>> ---
>>> classes:
>>> - devhost
>>> environment: development
>>> parameters:
>>>   memcached_memory: '32'
>>>
>>> But running "puppetd --test" results in the file's contents:
>>> environment = production
>>>
>>> Why is my external nodes environment being ignored?
>>>
>>
>> http://projects.puppetlabs.com/issues/3910
>>
>
> My client is not specifying an environment.
>
The problem here is that the puppet client request the catalog from a the
master and encode the environment in the url, if none is defined, it fall
backs to default = "production"

Ohad

>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment specified by external nodes ignored

[Rameses Mss]

On Tue, Dec 14, 2010 at 12:01 PM, Ohad Levy  wrote:

>
> On Tue, Dec 14, 2010 at 6:39 PM, Rameses Mss  wrote:
>
>> On Tue, Dec 14, 2010 at 11:22 AM, Nigel Kersten wrote:
>>
>>>
>>>
>>> On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss wrote:
>>>
 My custom external nodes script sets the environment variable, but
 Puppet ignores it.

 For testing, I have a manifest that deploys this template to a file:
 environment = <%= environment %>

 The output from my external nodes script:
 ---
 classes:
 - devhost
 environment: development
 parameters:
   memcached_memory: '32'

 But running "puppetd --test" results in the file's contents:
 environment = production

 Why is my external nodes environment being ignored?

>>>
>>> http://projects.puppetlabs.com/issues/3910
>>>
>>
>> My client is not specifying an environment.
>>
> The problem here is that the puppet client request the catalog from a the
> master and encode the environment in the url, if none is defined, it fall
> backs to default = "production"
>
> Ohad
>

Ah. So if using external nodes, I don't get to use the environment variable
in my templates. Ick.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[psyber]

On 12/14/2010 7:33 AM, Tim Watts wrote:


Question 2

Related:

In a simple case as per documentation:

class syslog {
file { "/etc/syslog-ng/syslog-ng.conf":
path => "/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
}
}

is there no variable for the first instance of
"/etc/syslog-ng/syslog-ng.conf"
???

Mentioning a string 3 times or more strikes me as unnecessarily 
verbose and likely to lead to typos.
Yeah your a perl guy, I do the same thing, it's force of habit.  The 
example doesn't do a great job of highlighting that that string is 
actually 3 completely different things so why not use 3 different names?


class syslog {
file { "syslog":
path => "/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/base_syslog.conf"
}
}



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment specified by external nodes ignored

[Nigel Kersten]

On Tue, Dec 14, 2010 at 9:05 AM, Rameses Mss  wrote:

> On Tue, Dec 14, 2010 at 12:01 PM, Ohad Levy  wrote:
>
>>
>> On Tue, Dec 14, 2010 at 6:39 PM, Rameses Mss  wrote:
>>
>>> On Tue, Dec 14, 2010 at 11:22 AM, Nigel Kersten wrote:
>>>


 On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss wrote:

> My custom external nodes script sets the environment variable, but
> Puppet ignores it.
>
> For testing, I have a manifest that deploys this template to a file:
> environment = <%= environment %>
>
> The output from my external nodes script:
> ---
> classes:
> - devhost
> environment: development
> parameters:
>   memcached_memory: '32'
>
> But running "puppetd --test" results in the file's contents:
> environment = production
>
> Why is my external nodes environment being ignored?
>

 http://projects.puppetlabs.com/issues/3910

>>>
>>> My client is not specifying an environment.
>>>
>> The problem here is that the puppet client request the catalog from a the
>> master and encode the environment in the url, if none is defined, it fall
>> backs to default = "production"
>>
>> Ohad
>>
>
> Ah. So if using external nodes, I don't get to use the environment variable
> in my templates. Ick.
>

No, you just need to set the environment client-side and not in the
classifier.

There are ways around this bug, it's just really annoying. How do you make
the environment determination now?

-- 
Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment specified by external nodes ignored

[Rameses Mss]

On Tue, Dec 14, 2010 at 12:09 PM, Nigel Kersten wrote:

>
>
> On Tue, Dec 14, 2010 at 9:05 AM, Rameses Mss  wrote:
>
>> On Tue, Dec 14, 2010 at 12:01 PM, Ohad Levy  wrote:
>>
>>>
>>> On Tue, Dec 14, 2010 at 6:39 PM, Rameses Mss wrote:
>>>
 On Tue, Dec 14, 2010 at 11:22 AM, Nigel Kersten 
 wrote:

>
>
> On Tue, Dec 14, 2010 at 7:39 AM, Rameses Mss wrote:
>
>> My custom external nodes script sets the environment variable, but
>> Puppet ignores it.
>>
>> For testing, I have a manifest that deploys this template to a file:
>> environment = <%= environment %>
>>
>> The output from my external nodes script:
>> ---
>> classes:
>> - devhost
>> environment: development
>> parameters:
>>   memcached_memory: '32'
>>
>> But running "puppetd --test" results in the file's contents:
>> environment = production
>>
>> Why is my external nodes environment being ignored?
>>
>
> http://projects.puppetlabs.com/issues/3910
>

 My client is not specifying an environment.

>>> The problem here is that the puppet client request the catalog from a the
>>> master and encode the environment in the url, if none is defined, it fall
>>> backs to default = "production"
>>>
>>> Ohad
>>>
>>
>> Ah. So if using external nodes, I don't get to use the environment
>> variable in my templates. Ick.
>>
>
> No, you just need to set the environment client-side and not in the
> classifier.
>
> There are ways around this bug, it's just really annoying. How do you make
> the environment determination now?
>
> --
> Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com
>

It's stored in a database on the puppetmaster that's used as the source for
a bunch of other scripts. The client doesn't have access to the information,
sadly.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Tim Watts]

On 14/12/10 17:07, psyber wrote:

On 12/14/2010 7:33 AM, Tim Watts wrote:


Question 2

Related:

In a simple case as per documentation:

class syslog {
file { "/etc/syslog-ng/syslog-ng.conf":
path => "/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/etc/syslog-ng/syslog-ng.conf"
}
}

is there no variable for the first instance of
"/etc/syslog-ng/syslog-ng.conf"
???

Mentioning a string 3 times or more strikes me as unnecessarily
verbose and likely to lead to typos.


Hi, and thanks for the reply...


Yeah your a perl guy,


Yep!


 I do the same thing, it's force of habit. The
example doesn't do a great job of highlighting that that string is
actually 3 completely different things so why not use 3 different names?

class syslog {
file { "syslog":
path => "/etc/syslog-ng/syslog-ng.conf",
ensure => file,
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
source => "puppet:///files/base_syslog.conf"
}
}


OK - I did work out that the "path" is optional if the file block "name"
is the same,

I'm not in agreement with the abbreviated source line though - I like my 
files to be in the same basic tree as the target so I can find stuff and 
naming is fully deterministic - force of habit but I like that habit(!).


I presume, if I really wanted to, I could implement a new "file" module 
with a slightly different name to follow my preferred logic? I like the 
puppet "outer skeleton" but I'm not digging the file handling...


Have to learn ruby though...

Cheers

tim


--
Tim Watts
Personal Email

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] source /etc/profile

[Adrian]

Hello ,

There is a way to source /etc/profile inside puppet on demand?

My problem is that I install Java, afterwards I set JAVA_HOME variable
in /etc/profile.

After Java is installed, a gem which depends on Java starts to
install ... but as it needs JAVA_HOME environment to be set, it fails.

I am not sure what can I do ...

Thank you,

Adrian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Felix Frank]

> OK - I did work out that the "path" is optional if the file block "name"
> is the same,
> 
> I'm not in agreement with the abbreviated source line though - I like my
> files to be in the same basic tree as the target so I can find stuff and
> naming is fully deterministic - force of habit but I like that habit(!).
> 
> I presume, if I really wanted to, I could implement a new "file" module
> with a slightly different name to follow my preferred logic? I like the
> puppet "outer skeleton" but I'm not digging the file handling...

I believe most people are bound to write this define sooner or later:

define my_file() {
  file { "$name":
source => "puppet:///files/$name",
}

It's a bit trickier to add support for all of file's options, but once
that's in, it's a huge advantage.

You should try and use modules, BTW. It saves pain down the road.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Tim Watts]

Hi and thanks for the detailed reply :)

On 14/12/10 16:38, Rameses Mss wrote:

General suggestions:
- Try not to fight Puppet. It's good but does require a certain way of
thinking. Work with it and you'll get where you want to go.
- Verbosity is not necessarily a bad thing in relatively static
configuration files. Perlophiles usually hate verbosity, I know, but it has
its place.
- To reduce verbosity, look into resource defaults. They're handy.


OK - I shall do that.


More specifics inline.

On Tue, Dec 14, 2010 at 10:33 AM, Tim Watts  wrote:


Hi,

I'm learning puppet as that is what they use at my current work, though
that could change...



Question 1:

Last place of work, we wrote our own perl based system which was extremely
simple and concise to drive - eg to distribute a file, we would put it in:

/noarch/dist/etc/syslog-ng/syslog-ng.conf/  # which means create a
file /etc/syslog-ng/syslog-ng.conf on the target

The contents of the file would be derived from a class based system, eg, in
the above  the following might exist:

BASE
SERVER
CLIENT
somehost

each with a copy of syslog-ng.conf applicable to that class of host.

Each host would be in one or more classes, where a class was also a class
member - until you hit the root class, eg:

somewebserver [isin] WEBSERVER [isin] SERVER [isin] BASE
somelabpc [isin] LAB1PC [isin] LABPC [isin] CLIENT [isin] BASE

Order matters and the class list for a host deterministically resolves to
an ordered list.

So for the example of somewebserver (the host name), it would pick up
/etc/syslog-ng/syslog-ng.conf from

/noarch/dist/etc/syslog-ng/syslog-ng.conf/SERVER

as that is the most specific applicable class.

Everything would by default use

/noarch/dist/etc/syslog-ng/syslog-ng.conf/BASE

unless a more specific case existed.

It is trivially possible to add a per host exception for myhost just by
adding a new file called "myhost" into
/noarch/dist/etc/syslog-ng/syslog-ng.conf/

[We had a simple way of dealing with file modes etc which I'll leave out
for brevity]



This is not the way Puppet works.


Right. Now I'm not sure I see further down a solution unless it falls 
out of one of the environment or selector bits - I'll offer a standard 
"problem" and ask what the "puppet way" is if I may...


OK - /etc/ssh/sshd_config - it's very common on a large uni site to have 
several versions - one for servers, one for staff PCs, another for 
student PCs, another for a "really secure server" and also to have 
ad-hoc exceptions on odd named PCs.


If you don't like sshd_config, then mentally substitute /root/.k5login

How does one handle this cleanly and concisely in puppet, based on the 
node inheritance scheme?






In Puppet I seem to have to write a module/whatever.pp to set up the fact a
file is managed. OK, fair enough - I "get" that part of the model.

I also see some sort of linear class inheritance scheme in nodes.pp/

What I don't get is how to leverage that inheritance scheme...

Are there any magic variables that allow me to do something like:

source =>  [ "puppet:///files/resolv.conf/$mostspecificclass
"puppet:///files/resolv.conf/BASE"
]

Note my use of "class" differs from puppets, so please work around that - I
don't know the correct terminology but it is the on ebased on the
inheritance scheme in nodes.pp which seems sensible.



There aren't magic variables for that, no. But you can use environments,
facter variables, parameters provided by a custom nodes script or



extlookup() source


That sounds interesting.


to accomplish the same thing. You'll also want to look up
selectors and other conditionals in
http://docs.puppetlabs.com/guides/language_tutorial.html.

Finally, it's usually better to use ERB templates for files that differ
slightly than it is to use totally separate files.



OK - will look into these.




Question 2

Related:

In a simple case as per documentation:

class syslog {
file { "/etc/syslog-ng/syslog-ng.conf":
path =>  "/etc/syslog-ng/syslog-ng.conf",
ensure =>  file,
mode =>  644,
owner =>  root,
group =>  root,
notify =>  Service[syslog],
source =>  "puppet:///files/etc/syslog-ng/syslog-ng.conf"
}
}

is there no variable for the first instance of
"/etc/syslog-ng/syslog-ng.conf"
???

Mentioning a string 3 times or more strikes me as unnecessarily verbose and
likely to lead to typos.



There's no variable for it, but you only need one of them. If undefined,
"path" defaults to the name of the resource --
"/etc/syslog-ng/syslog-ng.conf" -- so you can just leave path out.


ah yes - I did figure that out in the meantime - one line down, good.


Source can be pared down to "puppet:syslog-ng.conf" In your
file structure, that file would be located in
/

It's personal taste - I prefer to mirror my sources with my targets - 
when you eventually get into a 100+ fil

Re: [Puppet Users] PluginModule issue

[Stefan Schulte]

On Tue, Dec 14, 2010 at 09:30:37AM -0600, Justin Ellis wrote:
> Good Morning!
> 
> I'm working on implementing the glassfish module from ModuleForge so that we
> can use a Resource Type in our manifests instead of execs, but am getting an
> odd error on the client.
> 
> Glassfish[domain1]: Failed to retrieve current state of resource: No ability
> to determine if glassfish exists
> 
> Here is the relevant output from a debug/trace - http://pastie.org/1376256
> 
> Provider:
> glassfish/asadmin.rb - http://pastie.org/1376225
> 
> Type:
> type/glassfish.rb - http://pastie.org/1376249

you did used the right paths?
type/glassfish.rb
provider/glassfish/asadmin.rb

And the command asadmin is present on you machine? My guess is that Puppet 
cannot
find your provider and because there is none, the type cannot call the
exists? method on your provider and then tries to use the exists?
method of your type. But your type does not have an exists? method (and
thats correct)

While you can write a type with no provider (the type must do all the retrieve,
insync, etc.) you shouldn't to that. But
you have to make sure that your provider gets loaded

BTW:
You defined portbase, profile etc as parameters. Puppet will not check
if these are in sync, if the glassfish domain is already there. Is this
intentional?

When you want to parse output of a command there already are some helper
functions like execpipe in util.rb you can use. You may also want to look
in the exectype how the change owner work. I personally dont like
su - user in scripts

-Stefan


pgpNAguEfLQOp.pgp
Description: PGP signature

Re: [Puppet Users] n00b questions - verbosity of config????

[Tim Watts]

On 14/12/10 17:54, Felix Frank wrote:

OK - I did work out that the "path" is optional if the file block "name"
is the same,

I'm not in agreement with the abbreviated source line though - I like my
files to be in the same basic tree as the target so I can find stuff and
naming is fully deterministic - force of habit but I like that habit(!).

I presume, if I really wanted to, I could implement a new "file" module
with a slightly different name to follow my preferred logic? I like the
puppet "outer skeleton" but I'm not digging the file handling...


I believe most people are bound to write this define sooner or later:

define my_file() {
   file { "$name":
 source =>  "puppet:///files/$name",
}


Ah - I like that...


It's a bit trickier to add support for all of file's options, but once
that's in, it's a huge advantage.

You should try and use modules, BTW. It saves pain down the road.


OK...

Cheers!

Tim


HTH,
Felix




--
Tim Watts
Personal Email

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Rameses Mss]

On Tue, Dec 14, 2010 at 1:03 PM, Tim Watts  wrote:

> Right. Now I'm not sure I see further down a solution unless it falls out
> of one of the environment or selector bits - I'll offer a standard "problem"
> and ask what the "puppet way" is if I may...
>
> OK - /etc/ssh/sshd_config - it's very common on a large uni site to have
> several versions - one for servers, one for staff PCs, another for student
> PCs, another for a "really secure server" and also to have ad-hoc exceptions
> on odd named PCs.
>
> If you don't like sshd_config, then mentally substitute /root/.k5login
>
> How does one handle this cleanly and concisely in puppet, based on the node
> inheritance scheme?
>

This seems like it encapsulates most of your concerns, so I'm addressing it.
If I dropped something you really wanted a reply to, say so.

There are many ways to do this, but this is the one I tend towards:

file { "/etc/sshd/sshd_config":
ensure => present,
owner  => "root",
group  => "root",
mode   => "0644",
source => "puppet:///sshd/etc/sshd/sshd_config.${sshd_type}",
}

In your base node (i.e., top level inheritance) set a default:

node base {
$sshd_type="client"
include sshd
}

node myclient inherits base {
}

node myserver inherits base {
$sshd_type="server"
}

This would require sshd_config.client. Override it on a per-node basis.
External nodes scripts make this sort of thing simpler.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Peter Meier]

> OK - I think this should be a "feature request". The logic would go:
> 
> "If installing a file on the target, create the path to the target
> root.root, mode 0755.
>
> 
> Only the edge cases of other ownerships or different modes would need
> explicit configuration then.

Uh, that sounds easier as it is, just have a look at [1] to get an idea
of a lot of edge cases that you didn't think of.

>> ##
>>>
>>> At first glance puppet seems extremely verbose (though I do like the
>>> certificate handling). To my mind a config management system should
>>> be solid
>>> in its code but simple in its managemnet and I'm not getting the
>>> "simple in
>>> its management" right now.
>>>
>>
>> Simple and verbose are not mutually exclusive. In fact, you could
>> argue that
>> they often go hand-in-hand. There's very little ambiguity in what Puppet
>> does. This means that you have to instruct it precisely, yes, but it also
>> means that troubleshooting often becomes simpler.
> 
> True - but if I need to ship out an arbitrary file in a hurry (say a
> modules blacklist to work around a vulnerable kernel module) I would
> like to just be able to lob a file in and have it go without creating
> several aspects of the config, each one prone to typos and thus not
> working.

Puppet gives you a lot of possibilities, but you can always abstract
things away to "enforce" your convention. If you really want to stick
with _your_ convention (mirror fs-tree) then you can always create a
define, like:

define myconvention::file(
  $owner, $group, $mode
){
file {$name:
mode => $mode,
owner => $owner,
group => $group,
source => "puppet:///files/${name}"
}
}

As you can already see, path and ensure are anyway already unnecessary
in your example.
So this would then make your syslog class look the following way:

class syslog {

  myconvention::file{"/etc/syslog-ng/syslog-ng.conf":
mode => 644,
owner => root,
group => root,
notify => Service[syslog],
  }

}

And you wrapped away most things that were verbose to you.

Anyway as other people mentioned /files/ is rather deprecated and you
should look into modules to organize your code.

>> I agree that documentation is sometimes out of date or weak in particular
>> areas, but that's a typical weakness of fast-moving open source
>> applications. That's also why wikis are community-editable.
> 
> That's understood - no problems with that.

Also note, that puppetlabs (especially James) happily accept
documentation tickets (and patches!)

> What I think is missing either from puppet or the docs is a "how to ship
> half dozen sshd_config files by host class". If puppet can achieve this
> (and I think it is conceptually vital that it can as it is such a common
> admin function) I'm more than happy to write up a wiki howto.

There are some modules out there in the wild that do that.

~pete

[1] http://projects.puppetlabs.com/issues/86

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] PluginModule issue

[Justin Ellis]

Thanks for the replies!  I found the issue earlier and have been busy
building out the rest of it, I had a feeling it was something small...turns
out it was.  The pluginsync = true portion was overwritten and thus the
cause of my issues.

Thanks!
Justin

On Tue, Dec 14, 2010 at 12:03 PM, Stefan Schulte <
stefan.schu...@taunusstein.net> wrote:

> On Tue, Dec 14, 2010 at 09:30:37AM -0600, Justin Ellis wrote:
> > Good Morning!
> >
> > I'm working on implementing the glassfish module from ModuleForge so that
> we
> > can use a Resource Type in our manifests instead of execs, but am getting
> an
> > odd error on the client.
> >
> > Glassfish[domain1]: Failed to retrieve current state of resource: No
> ability
> > to determine if glassfish exists
> >
> > Here is the relevant output from a debug/trace -
> http://pastie.org/1376256
> >
> > Provider:
> > glassfish/asadmin.rb - http://pastie.org/1376225
> >
> > Type:
> > type/glassfish.rb - http://pastie.org/1376249
>
> you did used the right paths?
> type/glassfish.rb
> provider/glassfish/asadmin.rb
>
> And the command asadmin is present on you machine? My guess is that Puppet
> cannot
> find your provider and because there is none, the type cannot call the
> exists? method on your provider and then tries to use the exists?
> method of your type. But your type does not have an exists? method (and
> thats correct)


> While you can write a type with no provider (the type must do all the
> retrieve,
> insync, etc.) you shouldn't to that. But
> you have to make sure that your provider gets loaded
>
> BTW:
> You defined portbase, profile etc as parameters. Puppet will not check
> if these are in sync, if the glassfish domain is already there. Is this
> intentional?



> When you want to parse output of a command there already are some helper
> functions like execpipe in util.rb you can use. You may also want to look
> in the exectype how the change owner work. I personally dont like
> su - user in scripts
>

I agree, it may be worth submitting a patch for this.


>
> -Stefan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: storeconfig / mysql

[donavan]

On Dec 12, 11:17 pm, walexey  wrote:
> > > Puppet (err): Could not retrieve catalog from remote server: Error 400
> > > on SERVER: Mysql::Error: MySQL server has gone away
>
> > > how can i fix it?
>
> > > wbr, alw
>
> > Would you happen to be running the puppet master(s) in mongrel?
>
> Yes, it runs with mongrel
>
> wbr, alw

It's anecdotal, but we had these same spurious disconnects. Mongrel,
not the activerecord/mysql handler, seemed to be periodically closing
an open mysql connection. When AR went to reuse the existing pooled
connection it would get a RST from the server. Never tracked down
exactly why, but it completely stopped with a change to Passenger.

I'd suggest giving Passenger a try, though I do think it's a poor
answer.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Difficulty Migrating to Mongrel

[jkois]

Hello,
After running the puppetmaster on Webrick and struggling with clients
dropping regularly, I have decided to migrate my install to Mongrel. I
have followed the documentation posted on the Puppet wiki but continue
to receive the following errors on the client:
err: Could not call puppetmaster.getconfig: #
err: Could not retrieve configuration: HTTP-Error: 502 Proxy Error

On the server log, the error is represented as the following:
(20014)Internal error: proxy: error reading status line from remote
server 127.0.0.1
proxy: NOT Closing connection to client although reading from backend
server 127.0.0.1 failed.

Here is the rundown of my environment:
Debian 5.0 (Lenny)
Apache 2.2.9 with all of the required modules (proxy, proxy_http,
proxy_balancer)
Puppet 0.24.5 installed using apt

My Apache config is virtually identical to the one shown at
http://projects.puppetlabs.com/projects/puppet/wiki/Using_Mongrel,
with the proper changes made. My /etc/default/puppetmaster
configuration includes the following:
START=yes
SERVERTYPE=mongrel
PUPPETMASTERS=2
PORT=18140

It is apparent that this is not so much of a puppetmaster issue as it
is an Apache proxy issue, but I cannot seem to find anything regarding
this particular issue when using puppet. Please let me know if there
is any other information I can provide and I would be happy to do so.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Tim Watts]

On 14/12/10 18:53, Peter Meier wrote:

OK - I think this should be a "feature request". The logic would go:

"If installing a file on the target, create the path to the target
root.root, mode 0755.


Only the edge cases of other ownerships or different modes would need
explicit configuration then.


Uh, that sounds easier as it is, just have a look at [1] to get an idea
of a lot of edge cases that you didn't think of.


Hi Peter,

I would disagree there. Agreed - it is quite common to have to fix the 
file modes, but at "the last place" we had a near microscopic number of 
*directories* that had files dist'd into them where mode 0755 wasn't 
good enough and we had to have a separate perl script to fix those up 
prior to disting out the contents.


The edge case was generally things like where ssl private keys sat, but 
we didn't dist those as the one weakness with our system was it was 
necessarily on world readable NFS.


Puppet does have that one big advantage that secure files can be sent out.


##


At first glance puppet seems extremely verbose (though I do like the
certificate handling). To my mind a config management system should
be solid
in its code but simple in its managemnet and I'm not getting the
"simple in
its management" right now.



Simple and verbose are not mutually exclusive. In fact, you could
argue that
they often go hand-in-hand. There's very little ambiguity in what Puppet
does. This means that you have to instruct it precisely, yes, but it also
means that troubleshooting often becomes simpler.


True - but if I need to ship out an arbitrary file in a hurry (say a
modules blacklist to work around a vulnerable kernel module) I would
like to just be able to lob a file in and have it go without creating
several aspects of the config, each one prone to typos and thus not
working.


Puppet gives you a lot of possibilities, but you can always abstract
things away to "enforce" your convention. If you really want to stick
with _your_ convention (mirror fs-tree) then you can always create a
define, like:

define myconvention::file(
   $owner, $group, $mode
){
 file {$name:
 mode =>  $mode,
 owner =>  $owner,
 group =>  $group,
 source =>  "puppet:///files/${name}"
 }
}

As you can already see, path and ensure are anyway already unnecessary
in your example.
So this would then make your syslog class look the following way:

class syslog {

   myconvention::file{"/etc/syslog-ng/syslog-ng.conf":
 mode =>  644,
 owner =>  root,
 group =>  root,
 notify =>  Service[syslog],
   }

}

And you wrapped away most things that were verbose to you.


Bingo! OK - I am liking this much more now! I hadn't go into the power 
of the "define". Looking promising...


I like policy because it makes it easier for the "other guy" IME - once 
they get used to the convention, they can quickly know where to find 
stuff. My colleague likes puppet (or to be honest I would have just 
reimplemented the "last place"'s system - but he agrees our current 
actual puppet setup isn't very good - so at least I can fix that without 
upsetting him.




Anyway as other people mentioned /files/ is rather deprecated and you
should look into modules to organize your code.


Does that stop me from keeping all my config files under a common tree?


I agree that documentation is sometimes out of date or weak in particular
areas, but that's a typical weakness of fast-moving open source
applications. That's also why wikis are community-editable.


That's understood - no problems with that.


Also note, that puppetlabs (especially James) happily accept
documentation tickets (and patches!)


What I think is missing either from puppet or the docs is a "how to ship
half dozen sshd_config files by host class". If puppet can achieve this
(and I think it is conceptually vital that it can as it is such a common
admin function) I'm more than happy to write up a wiki howto.


There are some modules out there in the wild that do that.


I'll keep an eye out. I might well write my own - puppet does at least 
have a way AFAICS to add user code in.



~pete

[1] http://projects.puppetlabs.com/issues/86



Many thanks for all this - your powers of advocacy are excellent!

--
Tim Watts
Personal Email

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] n00b questions - verbosity of config????

[Peter Meier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

>> Anyway as other people mentioned /files/ is rather deprecated and you
>> should look into modules to organize your code.
> 
> Does that stop me from keeping all my config files under a common tree?

Not explicitly, but the idea of modules is to put code together that
belongs together and separate it from the rest, that is unrelated to
that code. And with code you can read: manifests, configfiles,
templates, providers, facts, functions.

This means that you would find all the syslog related things in the
syslog module and all the sshd related things in the sshd module. Also
this enables you to share modules between different entities of your
company or even with the whole world if you are able to abstract them
that much that you can publish them as free software.

Puppet gives you here again a lot of possibilities how you can organize
your code and it certainly won't stop you putting all files into one
module (read: the files module).

~pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0H3R4ACgkQbwltcAfKi3/f8ACglx/w4mMaCckH+vM1stXb3tyK
MgUAn0IhAzqqgpq4uORw3tAkg3iTY4uv
=NgOz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Hostname was not match with the server certificate

[Dmytro Bablinyuk]

Thank you very much!
It worked!

On Dec 14, 6:17 pm, Nan Liu  wrote:
> On Mon, Dec 13, 2010 at 11:16 PM, Dmytro Bablinyuk  
> wrote:
> > Hi Everybody,
>
> > I have 2 machines, one that running puppetmasterd and another one that
> > running client.
> > Both run Ubuntu.
>
> > First I installed 2.25.4 (I think) version and then I have upgraded
> > Puppet to 2.6.4
>
> > Server does not have any DNS entry, so I am trying to use IP address
> > for the client to connect. Client generates some certificate error.
>
> > r...@puppet-client-ubuntu:~# puppetd --server 172.16.48.105 --
> > waitforcert 60 --test
> > info: Retrieving plugin
> > err: /File[/var/lib/puppet/lib]: Failed to generate additional
> > resources using 'eval_generate': hostname was not match with the
> > server certificate
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: hostname was not
> > match with the server certificate Could not retrieve file metadata for
> > puppet://172.16.48.105/plugins: hostname was not match with the server
> > certificate
> > err: Could not retrieve catalog from remote server: hostname was not
> > match with the server certificate
> > warning: Not using cache on failed catalog
> > err: Could not retrieve catalog; skipping run
>
> > r...@puppet-client-ubuntu:~# puppet --version
> > 2.6.4
>
> > I am very new to Puppet and most likely I am missing something very
> > simple.
>
> The hostname 172.16.48.105 used in --server option does not match the
> CN or Subject Alternative Name presented in the certificate.
>
> If you are using defaults, add an entry in /etc/hosts for puppet to
> 172.16.48.105 and connect without the --server option (server hostname
> puppet is used by default).
>
> I recommend reading Bruce's blog entry for more 
> details:http://www.masterzen.fr/2010/11/14/puppet-ssl-explained/
>
> Thanks,
>
> Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

I have downloaded and deployed puppet-iptables (I have puppet 2.6.4)

On both client and master config looks like this

[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
libdir=/var/lib/puppet/lib
factpath=$vardir/lib/facter
pluginsync=true
plugindest=/var/lib/puppet/lib
templatedir=$confdir/templates
prerun_command=/etc/puppet/etckeeper-commit-pre
postrun_command=/etc/puppet/etckeeper-commit-post
modulepath=/etc/puppet/modules

I have deployed iptables.rb

r...@puppet-master:/var/lib/puppet/lib/type# ls -l
total 28
-rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb

When I connect client to test a simple iptables action I have a error,
obviously I have deployed iptables in the wrong place or failed to
register somewhere.

r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
retrieve information from source(s) puppet://puppet/plugins
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
node puppet-client-ubuntu.harbour
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

I tried to move type folder around but still no luck

Can anybody advise on this?

Thank you very much!
Dmytro

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: service - explicit stats command

[russell.fulton]

>
> That might be a typo in what you've written above but your script
> should be returning zero if everything is all right, not 1. 1 would
> indicate a problem and thus Puppet is trying to restart yourservice.
>

Doh! -- no typo - that's the problem.  I even have the docs that say
it should be zero.

Thanks Luke.!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

Thank you Ken,

I have downloaded 1.2.0 iptables as you suggested.

I copied ruby script
r...@puppet-master:/etc/puppet/modules/type# ls -l
total 32
-rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb

Looks like I don't have other plugins, iptables is the only puppet
plugin I have

r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
type
r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
type/
iptables.rb

I have this error every time I try to access iptable type
r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
retrieve information from source(s) puppet://puppet/plugins
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
node puppet-client-ubuntu.harbour
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Thank you very much for your help
Dmytro

On Dec 15, 10:03 am, Ken Barber  wrote:
> Hi Dmytro,
>
> So looking at what you have posted  I can see a couple of things that
> trouble me:
>
> ..
> info: Retrieving plugin
> err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
> information from source(s) puppet://puppet/plugins
> ..
>
> Is this error always occurring? Are you able to synchronise Ruby plugins at
> all? You can check by looking at /var/lib/puppet/lib to see if anything else
> lives there. It just looks like generally your clients aren't synchronising
> plugins at all - but I could be wrong :-).
>
> Also the sync location doesn't look right to me on your puppetmaster ... you
> show:
>
> ...
> r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> total 28
> -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> ...
>
> But it should have sync'd here:
>
> ..
> r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> total 28
> -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> ..
>
> Did it actually synchronise on its own (ie. after running puppet) like this
> on your puppetmaster? Did you deploy the entire module into a path like
> /etc/puppet/modules/iptables?
>
> Oh btw. I'm not entirely sure the camptocamp revision is 2.6.x compatible.
>
> Try the revision here:
>
> https://github.com/bobsh/puppet-iptables/tree/1.2.0
>
> ken.
>
> On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote:
>
> > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4)
>
> > On both client and master config looks like this
>
> > [main]
> > logdir=/var/log/puppet
> > vardir=/var/lib/puppet
> > ssldir=/var/lib/puppet/ssl
> > rundir=/var/run/puppet
> > libdir=/var/lib/puppet/lib
> > factpath=$vardir/lib/facter
> > pluginsync=true
> > plugindest=/var/lib/puppet/lib
> > templatedir=$confdir/templates
> > prerun_command=/etc/puppet/etckeeper-commit-pre
> > postrun_command=/etc/puppet/etckeeper-commit-post
> > modulepath=/etc/puppet/modules
>
> > I have deployed iptables.rb
>
> > r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> > total 28
> > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
>
> > When I connect client to test a simple iptables action I have a error,
> > obviously I have deployed iptables in the wrong place or failed to
> > register somewhere.
>
> > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > retrieve information from source(s) puppet://puppet/plugins
> > err: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > node puppet-client-ubuntu.harbour
> > warning: Not using cache on failed catalog
> > err: Could not retrieve catalog; skipping run
>
> > I tried to move type folder around but still no luck
>
> > Can anybody advise on this?
>
> > Thank you very much!
> > Dmytro

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

You are life saver Ken!

It's working

r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
defined content as '{md5}b079e461bf96bd1194fb72abb8802515'
notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
defined content as '{md5}66481c7e3fb362d3448509e1e7f7fb35'
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
iptables.rb
err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
iptables.rb: no such file to load -- puppettest
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
iptables.rb

r...@puppet-client-ubuntu:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables
rule" -j DROP


On Dec 15, 10:56 am, Ken Barber  wrote:
> Hi Dmytro,
>
> Your methodology for installing modules isn't quite right :-).
>
> Instead of trying to extract the iptables.rb file yourself you want to do
> something like:
>
> cd /etc/puppet/modules
> git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> Which will give you a layout something like:
>
> # find /etc/puppet/modules/iptables
> /etc/puppet/modules/iptables
> /etc/puppet/modules/iptables/Rakefile
> /etc/puppet/modules/iptables/COPYING
> /etc/puppet/modules/iptables/lib
> /etc/puppet/modules/iptables/lib/puppet
> /etc/puppet/modules/iptables/lib/puppet/test
> /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> /etc/puppet/modules/iptables/lib/puppet/type
> /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> /etc/puppet/modules/iptables/tests
> ...
> /etc/puppet/modules/iptables/Modulefile
> /etc/puppet/modules/iptables/README.rst
> #
>
> Correct this and try again.
>
> ken.
>
> On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> > Thank you Ken,
>
> > I have downloaded 1.2.0 iptables as you suggested.
>
> > I copied ruby script
> > r...@puppet-master:/etc/puppet/modules/type# ls -l
> > total 32
> > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > Looks like I don't have other plugins, iptables is the only puppet
> > plugin I have
>
> > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
> > type
> > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
> > type/
> > iptables.rb
>
> > I have this error every time I try to access iptable type
> > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > retrieve information from source(s) puppet://puppet/plugins
> > err: Could not retrieve catalog from remote server: Error 400 on
> > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > node puppet-client-ubuntu.harbour
> > warning: Not using cache on failed catalog
> > err: Could not retrieve catalog; skipping run
>
> > Thank you very much for your help
> > Dmytro
>
> > On Dec 15, 10:03 am, Ken Barber  wrote:
> > > Hi Dmytro,
>
> > > So looking at what you have posted  I can see a couple of things that
>
> > > trouble me:
>
> > > ..
> > > info: Retrieving plugin
> > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
> > > information from source(s) puppet://puppet/plugins
> > > ..
>
> > > Is this error always occurring? Are you able to synchronise Ruby plugins
> > at
> > > all? You can check by looking at /var/lib/puppet/lib to see if anything
> > else
> > > lives there. It just looks like generally your clients aren't
> > synchronising
> > > plugins at all - but I could be wrong :-).
>
> > > Also the sync location doesn't look right to me on your puppetmaster ...
> > you
> > > show:
>
> > > ...
> > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > total 28
> > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> > > ...
>
> > > But it should have sync'd here:
>
> > > ..
> > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > total 28
> > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> > > ..
>
> > > Did it actually synchronise on its own (ie. after running puppet) like
> > this
> > > on your puppetmaster? Did you deploy the entire module into a path like
> > > /etc/puppet/modules/iptables?
>
> > > Oh btw. I'm not entirely sure the camptocamp revision is 2.6.x
> > compatible.
>
> > > Try the revision here:
>
> > >https://github.com/bobsh/puppet-iptables/tree/1.2.0
>
> > > ken.
>
> > > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote:
>
> > > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4)
>
> > > > On both client and ma

[Puppet Users] Re: source /etc/profile

[Ken Barber]

Hi Adrian,

I'm not sure but I imagine by just trying to 'source' the profile within the 
current puppet runtime the scope will be lost as it would be called within 
an exec? 

Obviously if you are not worried about running puppet multiple times you 
might be able to source it in your 'prerun_command' script.

Otherwise I have one possible (albeit slightly hacky) option. Perhaps you 
can drop to ruby to ensure you set the variable JAVA_HOME within the puppet 
runtime. Let me give you an example I set-up on my machine:

/tmp/var.sh:

#!/bin/bash
echo $JAVA_HOME > /tmp/java_path

test.pp:

$dummy = inline_template("<% ENV['JAVA_HOME'] = '/opt/java_1.6.0_20' %>")
exec {"a":
command => "/tmp/var.sh",
}
notice(inline_template("<%= ENV['JAVA_HOME'] %>"))

And to run it:

$ puppet test.pp 
notice: Scope(Class[main]): /opt/java_1.6.0_20
notice: /Stage[main]//Exec[a]/returns: executed successfully
$ cat /tmp/java_path
/opt/java_1.6.0_20
$ 

This shows that the environment variable is available at the scope when ruby 
does an exec (the exec resource) and when you try to grab the variable 
inline later on. Hopefully the gem provider should see this, but you'll have 
to make sure the inline_template runs before the gem does its work. Putting 
it in a class (like your "java" puppet class or something) and doing a 
require on the class may solve this.

Of course there is probably a nicer less complicated way of doing this :-).

ken.

On Tuesday, December 14, 2010 5:42:12 PM UTC, Adrian wrote:
>
> Hello , 
>
> There is a way to source /etc/profile inside puppet on demand? 
>
> My problem is that I install Java, afterwards I set JAVA_HOME variable 
> in /etc/profile. 
>
> After Java is installed, a gem which depends on Java starts to 
> install ... but as it needs JAVA_HOME environment to be set, it fails. 
>
> I am not sure what can I do ... 
>
> Thank you, 
>
> Adrian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetmaster 100%cpu usage on 2.6 (not on 0.24)

[Ken Barber]

Hi Chris,

Sorry - I can't say I'm seeing this performance issue myself with my setup 
:-(.

I'm not an expert around that part of the code. Having said that its 
probably DSL parsing related (possibly a recursion somewhere) ... I'd be 
focusing on your content not just the Ruby to see what part of the puppet 
DSL is causing it. Strip your content right back and add bits back in 
slowly. I think this would make your report very useful if it turns out to 
be a bug, and perhaps you can find a workaround that way as well.

That's just my 2c. Good luck :-).

ken.

On Tuesday, December 14, 2010 8:24:55 AM UTC, Chris wrote:
>
> Hi 
>
> I recently upgraded my puppet masters (and clients) from 0.24.8 to 
> 2.6.4 
>
> Previously, my most busy puppet master would hover around about 0.9 
> load average, after the upgrade, its load hovers around 5 
>
> I am running passenger and mysql based stored configs. 
>
> Checking my running processes, ruby (puppetmasterd) shoots up to 99% 
> cpu load and stays there for a few seconds before dropping again. 
> Often there are 4 of these running simultaneously, pegging each core 
> at 99% cpu. 
>
> It seems that there has been a serious performance regression between 
> 0.24 and 2.6 for my configuration 
>
> I hop the following can help work out where... 
>
> I ran puppetmasterd through a profiler to find the root cause of this 
> (http://boojum.homelinux.org/profile.svg). The main problem appears 
> to be in /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast/resource.rb, in 
> the evaluate function. 
>
> I added a few timing commands around various sections of that function 
> to find the following breakdown of times spent inside it, and the two 
> most intensive calls are 
> --- 
> paramobjects = parameters.collect { |param| 
> param.safeevaluate(scope) 
> } 
> --- 
>
> and 
> --- 
> resource_titles.flatten.collect { |resource_title| 
> exceptwrap :type => Puppet::ParseError do 
> resource = Puppet::Parser::Resource.new( 
> fully_qualified_type, resource_title, 
> :parameters => paramobjects, 
> :file => self.file, 
> :line => self.line, 
> :exported => self.exported, 
> :virtual => virt, 
> :source => scope.source, 
> :scope => scope, 
> :strict => true 
> ) 
>
> if resource.resource_type.is_a? Puppet::Resource::Type 
> resource.resource_type.instantiate_resource(scope, resource) 
> end 
> scope.compiler.add_resource(scope, resource) 
> scope.compiler.evaluate_classes([resource_title],scope,false) 
> if fully_qualified_type == 'class' 
> resource 
> end 
> }.reject { |resource| resource.nil? } 
> --- 
>
>
> Unfortunately, that is about the limit of my current ruby skills. 
> What else can be looked at to speed 2.6 back up to the performance of 
> 0.24? 
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configure firewall with Puppet

[Ken Barber]

Hi Dmytro,

Your methodology for installing modules isn't quite right :-). 

Instead of trying to extract the iptables.rb file yourself you want to do 
something like:

cd /etc/puppet/modules
git clone git://github.com/bobsh/puppet-iptables.git iptables

Which will give you a layout something like:

# find /etc/puppet/modules/iptables
/etc/puppet/modules/iptables
/etc/puppet/modules/iptables/Rakefile
/etc/puppet/modules/iptables/COPYING
/etc/puppet/modules/iptables/lib
/etc/puppet/modules/iptables/lib/puppet
/etc/puppet/modules/iptables/lib/puppet/test
/etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
/etc/puppet/modules/iptables/lib/puppet/type
/etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
/etc/puppet/modules/iptables/tests
...
/etc/puppet/modules/iptables/Modulefile
/etc/puppet/modules/iptables/README.rst
#

Correct this and try again.

ken.

On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> Thank you Ken, 
>
> I have downloaded 1.2.0 iptables as you suggested. 
>
> I copied ruby script 
> r...@puppet-master:/etc/puppet/modules/type# ls -l 
> total 32 
> -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb 
>
> Looks like I don't have other plugins, iptables is the only puppet 
> plugin I have 
>
> r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib 
> type 
> r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/ 
> type/ 
> iptables.rb 
>
> I have this error every time I try to access iptable type 
> r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test 
> info: Retrieving plugin 
> err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not 
> retrieve information from source(s) puppet://puppet/plugins 
> err: Could not retrieve catalog from remote server: Error 400 on 
> SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: 
> Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on 
> node puppet-client-ubuntu.harbour 
> warning: Not using cache on failed catalog 
> err: Could not retrieve catalog; skipping run 
>
> Thank you very much for your help 
> Dmytro 
>
> On Dec 15, 10:03 am, Ken Barber  wrote: 
> > Hi Dmytro, 
> > 
> > So looking at what you have posted  I can see a couple of things that 
>
> > trouble me: 
> > 
> > .. 
> > info: Retrieving plugin 
> > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve 
> > information from source(s) puppet://puppet/plugins 
> > .. 
> > 
> > Is this error always occurring? Are you able to synchronise Ruby plugins 
> at 
> > all? You can check by looking at /var/lib/puppet/lib to see if anything 
> else 
> > lives there. It just looks like generally your clients aren't 
> synchronising 
> > plugins at all - but I could be wrong :-). 
> > 
> > Also the sync location doesn't look right to me on your puppetmaster ... 
> you 
> > show: 
> > 
> > ... 
> > r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
> > total 28 
> > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
> > ... 
> > 
> > But it should have sync'd here: 
> > 
> > .. 
> > r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
> > total 28 
> > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
> > .. 
> > 
> > Did it actually synchronise on its own (ie. after running puppet) like 
> this 
> > on your puppetmaster? Did you deploy the entire module into a path like 
> > /etc/puppet/modules/iptables? 
> > 
> > Oh btw. I'm not entirely sure the camptocamp revision is 2.6.x 
> compatible. 
> > 
> > Try the revision here: 
> > 
> > https://github.com/bobsh/puppet-iptables/tree/1.2.0 
> > 
> > ken. 
> > 
> > On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote: 
> > 
> > > I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) 
> > 
> > > On both client and master config looks like this 
> > 
> > > [main] 
> > > logdir=/var/log/puppet 
> > > vardir=/var/lib/puppet 
> > > ssldir=/var/lib/puppet/ssl 
> > > rundir=/var/run/puppet 
> > > libdir=/var/lib/puppet/lib 
> > > factpath=$vardir/lib/facter 
> > > pluginsync=true 
> > > plugindest=/var/lib/puppet/lib 
> > > templatedir=$confdir/templates 
> > > prerun_command=/etc/puppet/etckeeper-commit-pre 
> > > postrun_command=/etc/puppet/etckeeper-commit-post 
> > > modulepath=/etc/puppet/modules 
> > 
> > > I have deployed iptables.rb 
> > 
> > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
> > > total 28 
> > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
> > 
> > > When I connect client to test a simple iptables action I have a error, 
> > > obviously I have deployed iptables in the wrong place or failed to 
> > > register somewhere. 
> > 
> > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test 
> > > info: Retrieving plugin 
> > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not 
> > > retrieve information from source(s) puppet://puppet/plugins 
> > > err: Could not retriev

[Puppet Users] Re: Configure firewall with Puppet

[Ken Barber]

Hi Dmytro,

So looking at what you have posted  I can see a couple of things that 
trouble me:

..
info: Retrieving plugin 
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve 
information from source(s) puppet://puppet/plugins 
..

Is this error always occurring? Are you able to synchronise Ruby plugins at 
all? You can check by looking at /var/lib/puppet/lib to see if anything else 
lives there. It just looks like generally your clients aren't synchronising 
plugins at all - but I could be wrong :-).

Also the sync location doesn't look right to me on your puppetmaster ... you 
show:

...
r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
total 28 
-rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
...

But it should have sync'd here:

..
r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
total 28 
-rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
..

Did it actually synchronise on its own (ie. after running puppet) like this 
on your puppetmaster? Did you deploy the entire module into a path like 
/etc/puppet/modules/iptables?

Oh btw. I'm not entirely sure the camptocamp revision is 2.6.x compatible.

Try the revision here:

https://github.com/bobsh/puppet-iptables/tree/1.2.0

ken.

On Tuesday, December 14, 2010 10:35:18 PM UTC, Dmytro Bablinyuk wrote:
>
> I have downloaded and deployed puppet-iptables (I have puppet 2.6.4) 
>
> On both client and master config looks like this 
>
> [main] 
> logdir=/var/log/puppet 
> vardir=/var/lib/puppet 
> ssldir=/var/lib/puppet/ssl 
> rundir=/var/run/puppet 
> libdir=/var/lib/puppet/lib 
> factpath=$vardir/lib/facter 
> pluginsync=true 
> plugindest=/var/lib/puppet/lib 
> templatedir=$confdir/templates 
> prerun_command=/etc/puppet/etckeeper-commit-pre 
> postrun_command=/etc/puppet/etckeeper-commit-post 
> modulepath=/etc/puppet/modules 
>
> I have deployed iptables.rb 
>
> r...@puppet-master:/var/lib/puppet/lib/type# ls -l 
> total 28 
> -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb 
>
> When I connect client to test a simple iptables action I have a error, 
> obviously I have deployed iptables in the wrong place or failed to 
> register somewhere. 
>
> r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test 
> info: Retrieving plugin 
> err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not 
> retrieve information from source(s) puppet://puppet/plugins 
> err: Could not retrieve catalog from remote server: Error 400 on 
> SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: 
> Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on 
> node puppet-client-ubuntu.harbour 
> warning: Not using cache on failed catalog 
> err: Could not retrieve catalog; skipping run 
>
> I tried to move type folder around but still no luck 
>
> Can anybody advise on this? 
>
> Thank you very much! 
> Dmytro 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppetmaster 100%cpu usage on 2.6 (not on 0.24)

[Nigel Kersten]

On Tue, Dec 14, 2010 at 12:24 AM, Chris  wrote:

> Hi
>
> I recently upgraded my puppet masters (and clients) from 0.24.8 to
> 2.6.4
>
> Previously, my most busy puppet master would hover around about 0.9
> load  average, after the upgrade, its load hovers around 5
>
> I am running passenger and mysql based stored configs.
>
> Checking my running processes, ruby (puppetmasterd) shoots up to 99%
> cpu load and stays there for a few seconds before dropping again.
> Often there are 4 of these running simultaneously, pegging each core
> at 99% cpu.
>
> It seems that there has been a serious performance regression between
> 0.24 and 2.6 for my configuration
>

Some useful info would be:

OS
OS version
Ruby version
Apache version/worker model
Passenger version





> I hop the following can help work out where...
>
> I ran puppetmasterd through a profiler to find the root cause of this
> (http://boojum.homelinux.org/profile.svg).  The main problem appears
> to be in /usr/lib/ruby/site_ruby/1.8/puppet/parser/ast/resource.rb, in
> the evaluate function.
>
> I added a few timing commands around various sections of that function
> to find the following breakdown of times spent inside it, and the two
> most intensive calls are
> ---
>paramobjects = parameters.collect { |param|
>  param.safeevaluate(scope)
>}
> ---
>
> and
> ---
>resource_titles.flatten.collect { |resource_title|
>  exceptwrap :type => Puppet::ParseError do
>resource = Puppet::Parser::Resource.new(
>  fully_qualified_type, resource_title,
>  :parameters => paramobjects,
>  :file => self.file,
>  :line => self.line,
>  :exported => self.exported,
>  :virtual => virt,
>  :source => scope.source,
>  :scope => scope,
>  :strict => true
>)
>
>if resource.resource_type.is_a? Puppet::Resource::Type
>  resource.resource_type.instantiate_resource(scope, resource)
>end
>scope.compiler.add_resource(scope, resource)
>scope.compiler.evaluate_classes([resource_title],scope,false)
> if fully_qualified_type == 'class'
>resource
>  end
>}.reject { |resource| resource.nil? }
> ---
>
>
> Unfortunately, that is about the limit of my current ruby skills.
> What else can be looked at to speed 2.6 back up to the performance of
> 0.24?
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Nigel Kersten - Puppet Labs -  http://www.puppetlabs.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet dashboard group and class

[Nicolas Aizier]

Hi everyone,

I'm actually kind of new in puppet but I'm doing good in progressing.
I have read lot of docs and how to to understand the whole behaviour
of puppet.
Installed a puppet master server, deployed 15 clients to test it on
some of our testing servers.
Written modules to get exactly what we want, and then installed puppet
dashboard which work really fine.

My question might sound a bit noobish but I'm stuck on that point and
I really don't like to don't understand every part of a tool.
What is the use of adding "groups" and "class" in the dashboard ?
It seems that the dashboard don't see your class from the modules (saw
that it will be corrected soon), but what is the point to creating
class in the GUI ? Can you do anything with that ? and if yes will
that not spread the config through dashboard + puppet config files,
it'll be messy to maintain 
Same question with the groups, I understand that you can assign class
to groups so it's easyer to add a server in a global behavior but it
only uses class from dashboard . And is there a way to create such
group in puppet config files (if yes I didn't manage to find it ...) ?

Thx a lot for your time and to all the puppet users !

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

A quick question,

If I run puppet more than one time it seems does not do anything, even
if I change manifest file.

r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
info: Retrieving plugin
info: Caching catalog for puppet-client-ubuntu
info: Applying configuration version '1292378428'
notice: Finished catalog run in 0.02 seconds

It looks like it retrieves the catalog but does not apply it.
How do I make puppet execute manifest?

Thank you
Dmytro

On Dec 15, 11:18 am, Dmytro Bablinyuk  wrote:
> You are life saver Ken!
>
> It's working
>
> r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> info: Retrieving plugin
> notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
> notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
> notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
> defined content as '{md5}b079e461bf96bd1194fb72abb8802515'
> notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
> notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
> defined content as '{md5}66481c7e3fb362d3448509e1e7f7fb35'
> info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
> iptables.rb
> err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
> iptables.rb: no such file to load -- puppettest
> info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
> iptables.rb
>
> r...@puppet-client-ubuntu:~# iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables
> rule" -j DROP
>
> On Dec 15, 10:56 am, Ken Barber  wrote:
>
> > Hi Dmytro,
>
> > Your methodology for installing modules isn't quite right :-).
>
> > Instead of trying to extract the iptables.rb file yourself you want to do
> > something like:
>
> > cd /etc/puppet/modules
> > git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> > Which will give you a layout something like:
>
> > # find /etc/puppet/modules/iptables
> > /etc/puppet/modules/iptables
> > /etc/puppet/modules/iptables/Rakefile
> > /etc/puppet/modules/iptables/COPYING
> > /etc/puppet/modules/iptables/lib
> > /etc/puppet/modules/iptables/lib/puppet
> > /etc/puppet/modules/iptables/lib/puppet/test
> > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> > /etc/puppet/modules/iptables/lib/puppet/type
> > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> > /etc/puppet/modules/iptables/tests
> > ...
> > /etc/puppet/modules/iptables/Modulefile
> > /etc/puppet/modules/iptables/README.rst
> > #
>
> > Correct this and try again.
>
> > ken.
>
> > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> > > Thank you Ken,
>
> > > I have downloaded 1.2.0 iptables as you suggested.
>
> > > I copied ruby script
> > > r...@puppet-master:/etc/puppet/modules/type# ls -l
> > > total 32
> > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > > Looks like I don't have other plugins, iptables is the only puppet
> > > plugin I have
>
> > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
> > > type
> > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
> > > type/
> > > iptables.rb
>
> > > I have this error every time I try to access iptable type
> > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > info: Retrieving plugin
> > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > > retrieve information from source(s) puppet://puppet/plugins
> > > err: Could not retrieve catalog from remote server: Error 400 on
> > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > > node puppet-client-ubuntu.harbour
> > > warning: Not using cache on failed catalog
> > > err: Could not retrieve catalog; skipping run
>
> > > Thank you very much for your help
> > > Dmytro
>
> > > On Dec 15, 10:03 am, Ken Barber  wrote:
> > > > Hi Dmytro,
>
> > > > So looking at what you have posted  I can see a couple of things 
> > > > that
>
> > > > trouble me:
>
> > > > ..
> > > > info: Retrieving plugin
> > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve
> > > > information from source(s) puppet://puppet/plugins
> > > > ..
>
> > > > Is this error always occurring? Are you able to synchronise Ruby plugins
> > > at
> > > > all? You can check by looking at /var/lib/puppet/lib to see if anything
> > > else
> > > > lives there. It just looks like generally your clients aren't
> > > synchronising
> > > > plugins at all - but I could be wrong :-).
>
> > > > Also the sync location doesn't look right to me on your puppetmaster ...
> > > you
> > > > show:
>
> > > > ...
> > > > r...@puppet-master:/var/lib/puppet/lib/type# ls -l
> > > > total 28
> > > > -rw-rw-r-- 1 root root 26625 2010-06-18 18:14 iptables.rb
> > > > ...
>
> > > > But it should have sync'd here:
>
> > > > ..
> > > > r...@puppet-master:/var/lib/puppet/lib/type

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

I have found what the problem was

I have now

iptables {"-2-":
 table => "nat",
 chain => "POSTROUTING",
 proto => "udp",
 destination => "172.17.7.118",
 dport => "53",
 jump => "MASQUERADE"
}

It was quietly doing nothing if I remove "" from destination IP
address.


On Dec 15, 1:12 pm, Dmytro Bablinyuk  wrote:
> A quick question,
>
> If I run puppet more than one time it seems does not do anything, even
> if I change manifest file.
>
> r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> info: Retrieving plugin
> info: Caching catalog for puppet-client-ubuntu
> info: Applying configuration version '1292378428'
> notice: Finished catalog run in 0.02 seconds
>
> It looks like it retrieves the catalog but does not apply it.
> How do I make puppet execute manifest?
>
> Thank you
> Dmytro
>
> On Dec 15, 11:18 am, Dmytro Bablinyuk  wrote:
>
> > You are life saver Ken!
>
> > It's working
>
> > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
> > defined content as '{md5}b079e461bf96bd1194fb72abb8802515'
> > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
> > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
> > defined content as '{md5}66481c7e3fb362d3448509e1e7f7fb35'
> > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
> > iptables.rb
> > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
> > iptables.rb: no such file to load -- puppettest
> > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
> > iptables.rb
>
> > r...@puppet-client-ubuntu:~# iptables -S
> > -P INPUT ACCEPT
> > -P FORWARD ACCEPT
> > -P OUTPUT ACCEPT
> > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables
> > rule" -j DROP
>
> > On Dec 15, 10:56 am, Ken Barber  wrote:
>
> > > Hi Dmytro,
>
> > > Your methodology for installing modules isn't quite right :-).
>
> > > Instead of trying to extract the iptables.rb file yourself you want to do
> > > something like:
>
> > > cd /etc/puppet/modules
> > > git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> > > Which will give you a layout something like:
>
> > > # find /etc/puppet/modules/iptables
> > > /etc/puppet/modules/iptables
> > > /etc/puppet/modules/iptables/Rakefile
> > > /etc/puppet/modules/iptables/COPYING
> > > /etc/puppet/modules/iptables/lib
> > > /etc/puppet/modules/iptables/lib/puppet
> > > /etc/puppet/modules/iptables/lib/puppet/test
> > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> > > /etc/puppet/modules/iptables/lib/puppet/type
> > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> > > /etc/puppet/modules/iptables/tests
> > > ...
> > > /etc/puppet/modules/iptables/Modulefile
> > > /etc/puppet/modules/iptables/README.rst
> > > #
>
> > > Correct this and try again.
>
> > > ken.
>
> > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> > > > Thank you Ken,
>
> > > > I have downloaded 1.2.0 iptables as you suggested.
>
> > > > I copied ruby script
> > > > r...@puppet-master:/etc/puppet/modules/type# ls -l
> > > > total 32
> > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > > > Looks like I don't have other plugins, iptables is the only puppet
> > > > plugin I have
>
> > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
> > > > type
> > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
> > > > type/
> > > > iptables.rb
>
> > > > I have this error every time I try to access iptable type
> > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > > info: Retrieving plugin
> > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > > > retrieve information from source(s) puppet://puppet/plugins
> > > > err: Could not retrieve catalog from remote server: Error 400 on
> > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > > > node puppet-client-ubuntu.harbour
> > > > warning: Not using cache on failed catalog
> > > > err: Could not retrieve catalog; skipping run
>
> > > > Thank you very much for your help
> > > > Dmytro
>
> > > > On Dec 15, 10:03 am, Ken Barber  wrote:
> > > > > Hi Dmytro,
>
> > > > > So looking at what you have posted  I can see a couple of things 
> > > > > that
>
> > > > > trouble me:
>
> > > > > ..
> > > > > info: Retrieving plugin
> > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not 
> > > > > retrieve
> > > > > information from source(s) puppet://puppet/plugins
> > > > > ..
>
> > > > > Is this error always occurring? Are you able to synchronise Ruby 
> > > > > plugins
> > > > at
> > > > > all? You can check by looking at /var/lib/puppet/lib to se

[Puppet Users] Re: Configure firewall with Puppet

[Dmytro Bablinyuk]

A quick question, I have modified iptables.rb to include some custom
"jump" values. I have restarted puppetmasterd, but client still sees
old "jump" values
How do I make iptables.rb to recompile?

Thank you
Dmytro


On Dec 15, 3:31 pm, Dmytro Bablinyuk  wrote:
> I have found what the problem was
>
> I have now
>
> iptables {"-2-":
>  table => "nat",
>  chain => "POSTROUTING",
>  proto => "udp",
>  destination => "172.17.7.118",
>  dport => "53",
>  jump => "MASQUERADE"
>
> }
>
> It was quietly doing nothing if I remove "" from destination IP
> address.
>
> On Dec 15, 1:12 pm, Dmytro Bablinyuk  wrote:
>
> > A quick question,
>
> > If I run puppet more than one time it seems does not do anything, even
> > if I change manifest file.
>
> > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > info: Retrieving plugin
> > info: Caching catalog for puppet-client-ubuntu
> > info: Applying configuration version '1292378428'
> > notice: Finished catalog run in 0.02 seconds
>
> > It looks like it retrieves the catalog but does not apply it.
> > How do I make puppet execute manifest?
>
> > Thank you
> > Dmytro
>
> > On Dec 15, 11:18 am, Dmytro Bablinyuk  wrote:
>
> > > You are life saver Ken!
>
> > > It's working
>
> > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > info: Retrieving plugin
> > > notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
> > > notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
> > > notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
> > > defined content as '{md5}b079e461bf96bd1194fb72abb8802515'
> > > notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
> > > notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
> > > defined content as '{md5}66481c7e3fb362d3448509e1e7f7fb35'
> > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
> > > iptables.rb
> > > err: Could not load downloaded file /var/lib/puppet/lib/puppet/test/
> > > iptables.rb: no such file to load -- puppettest
> > > info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
> > > iptables.rb
>
> > > r...@puppet-client-ubuntu:~# iptables -S
> > > -P INPUT ACCEPT
> > > -P FORWARD ACCEPT
> > > -P OUTPUT ACCEPT
> > > -A INPUT -p tcp -m tcp --dport 80 -m comment --comment "my iptables
> > > rule" -j DROP
>
> > > On Dec 15, 10:56 am, Ken Barber  wrote:
>
> > > > Hi Dmytro,
>
> > > > Your methodology for installing modules isn't quite right :-).
>
> > > > Instead of trying to extract the iptables.rb file yourself you want to 
> > > > do
> > > > something like:
>
> > > > cd /etc/puppet/modules
> > > > git clone git://github.com/bobsh/puppet-iptables.git iptables
>
> > > > Which will give you a layout something like:
>
> > > > # find /etc/puppet/modules/iptables
> > > > /etc/puppet/modules/iptables
> > > > /etc/puppet/modules/iptables/Rakefile
> > > > /etc/puppet/modules/iptables/COPYING
> > > > /etc/puppet/modules/iptables/lib
> > > > /etc/puppet/modules/iptables/lib/puppet
> > > > /etc/puppet/modules/iptables/lib/puppet/test
> > > > /etc/puppet/modules/iptables/lib/puppet/test/iptables.rb
> > > > /etc/puppet/modules/iptables/lib/puppet/type
> > > > /etc/puppet/modules/iptables/lib/puppet/type/iptables.rb
> > > > /etc/puppet/modules/iptables/tests
> > > > ...
> > > > /etc/puppet/modules/iptables/Modulefile
> > > > /etc/puppet/modules/iptables/README.rst
> > > > #
>
> > > > Correct this and try again.
>
> > > > ken.
>
> > > > On Tuesday, December 14, 2010 11:43:31 PM UTC, Dmytro Bablinyuk wrote:
>
> > > > > Thank you Ken,
>
> > > > > I have downloaded 1.2.0 iptables as you suggested.
>
> > > > > I copied ruby script
> > > > > r...@puppet-master:/etc/puppet/modules/type# ls -l
> > > > > total 32
> > > > > -rw-rw-r-- 1 root root 31539 2010-10-30 03:37 iptables.rb
>
> > > > > Looks like I don't have other plugins, iptables is the only puppet
> > > > > plugin I have
>
> > > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib
> > > > > type
> > > > > r...@puppet-master:/etc/puppet/modules/type# ls /var/lib/puppet/lib/
> > > > > type/
> > > > > iptables.rb
>
> > > > > I have this error every time I try to access iptable type
> > > > > r...@puppet-client-ubuntu:~# puppetd --waitforcert 60 --test
> > > > > info: Retrieving plugin
> > > > > err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not
> > > > > retrieve information from source(s) puppet://puppet/plugins
> > > > > err: Could not retrieve catalog from remote server: Error 400 on
> > > > > SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError:
> > > > > Invalid resource type iptables at /etc/puppet/manifests/site.pp:10 on
> > > > > node puppet-client-ubuntu.harbour
> > > > > warning: Not using cache on failed catalog
> > > > > err: Could not retrieve catalog; skipping run
>
> > > > > Thank you very much for your help
> > > > > Dmytro
>
> > > > > On Dec 15, 10:03 am, Ken Barber  wrote:
> > > > > > Hi Dmytro,
>
> > > > > > So looking at w

Re: [Puppet Users] Re: Configure firewall with Puppet

[Stefan Schulte]

On Tue, Dec 14, 2010 at 09:19:36PM -0800, Dmytro Bablinyuk wrote:
> A quick question, I have modified iptables.rb to include some custom
> "jump" values. I have restarted puppetmasterd, but client still sees
> old "jump" values
> How do I make iptables.rb to recompile?

iptabes.rb doesnt need a recompile because rubycode is interpreted. But
when you change the file on your master you have to sync it to your
clients /var/lib/puppet/lib/puppet/type/iptables.rb and that can be done
with "pluginsync = true" in your [agent] section on your client in
/etc/puppet/puppet.conf or if you specify --pluginsync on the
commandline when you start the agent.

-Stefan


pgpVKJ21eiBbZ.pgp
Description: PGP signature

[Puppet Users] error in execution of script file

[sanjiv.singh]

hi all ,
  i m tring to execute  shell script file with puppet.
  and had logging into  machine as non-root .

here is my puppet class.

class nodeUpdate
{

 exec {"run_process":
 command => "/usr/local/runprocess.sh",
 path => '/usr/bin:/bin:/usr/sbin:/sbin"
}

}

, here  "/usr/local/runprocess.sh"  shell have some command need to be
executed.

when i tried to fire puppet as

$ sudo puppetd  --test --debug

, then  "/usr/local/runprocess.sh"  has some permission issues.
some command in this file violate to execute  due to permission error.

, but i tried to execute this shelll script from terminal..as

$ sudo /usr/local/runprocess.sh

, then all command  in shell file executed sucessfully .

what could be the reason?
, i didnt get  the reason , why permission not granted ?

hoping for help!!!


regards,
Sanjiv Singh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] error in execution of script file

[Patrick]

On Dec 14, 2010, at 10:29 PM, sanjiv.singh wrote:

> exec {"run_process":
>command => "/usr/local/runprocess.sh",
>path => '/usr/bin:/bin:/usr/sbin:/sbin"
>}

Try putting just this in a file called test.pp.  Then try this:
puppet --verbose --debug test.pp

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] having trouble with puppet 0.25.5 on openbsd 4.8 on amd64

[Don Jackson]

My manifest includes this snippet

class app_client_openbsd {
  $app_client_pkgs_obsd = [ 'glib2-2.24.1p2', 'gtar-1.23p1' ]
  package { "${app_client_pkgs_obsd}":
ensure => 'installed',
source => 
"http://${installserver}/openbsd/${operatingsystemrelease}/packages/${hardwaremodel}/${name}.tgz";,
}

This doesn't work.

debug: Puppet::Type::Package::ProviderOpenbsd: Executing '/usr/sbin/pkg_info 
glib2-2.24.1p2gtar-1.23p1'
debug: /app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]: Changing ensure
debug: //app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]: 1 change(s)
debug: Puppet::Type::Package::ProviderOpenbsd: Executing '/usr/sbin/pkg_add 
http://svr.example.net/openbsd/4.8/packages/amd64/app_client_openbsd.tgz'
notice: //app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]/ensure: created

So why do the two strings of the two package names get smushed together instead 
of being run separately?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: error in execution of script file

[sanjiv.singh]

> Try putting just this in a file called test.pp.  Then try this:
> puppet --verbose --debug test.pp

thanks patrick for quick reply

i didnt get U, what U tring to say...
how this is going to help us by placing code from nodeUpdate.pp class
to test.pp class.

can U explain in more details.?


regards,
Sanjiv Singh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] having trouble with puppet 0.25.5 on openbsd 4.8 on amd64

[Daniel Pittman]

On Wed, Dec 15, 2010 at 17:45, Don Jackson
 wrote:
>
> My manifest includes this snippet
> class app_client_openbsd {
>   $app_client_pkgs_obsd = [ 'glib2-2.24.1p2', 'gtar-1.23p1' ]
>   package { "${app_client_pkgs_obsd}":
>     ensure => 'installed',
>     source =>
> "http://${installserver}/openbsd/${operatingsystemrelease}/packages/${hardwaremodel}/${name}.tgz";,
>     }
> This doesn't work.
>
> debug: Puppet::Type::Package::ProviderOpenbsd: Executing '/usr/sbin/pkg_info
> glib2-2.24.1p2gtar-1.23p1'
> debug: /app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]: Changing
> ensure
> debug: //app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]: 1 change(s)
> debug: Puppet::Type::Package::ProviderOpenbsd: Executing '/usr/sbin/pkg_add
> http://svr.example.net/openbsd/4.8/packages/amd64/app_client_openbsd.tgz'
> notice: //app_client_openbsd/Package[glib2-2.24.1p2gtar-1.23p1]/ensure:
> created
>
> So why do the two strings of the two package names get smushed together
> instead of being run separately?

Because the behaviour of puppet when an array is converted to a string
is to concatenate.
What you want is something like this:

package { $array: ... }

...rather than...

package { "$array": ... }

I think you will then run into the issue that $name can't be expanded
at that point, though, which would require writing an extra define to
make it available. :(

Regards,
Daniel
-- 
✣ Daniel Pittman            ✉ dan...@rimspace.net            ☎ +61 401 155 707
              ♽ made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetmaster 100%cpu usage on 2.6 (not on 0.24)

[Chris]

>
> Some useful info would be:
>
> OS
> OS version
> Ruby version
> Apache version/worker model
> Passenger version
>
CentOS 5.2
ruby-1.8.5-5.el5_3.7
httpd-2.2.3-31.el5.centos.2
rubygem-passenger-2.2.11-2el5.ecn
rubygem-rails-2.1.1-2.el5
rubygem-rack-1.1.0-1el5

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] having trouble with puppet 0.25.5 on openbsd 4.8 on amd64

[Eric Sorenson]

On Dec 14, 2010, at 11:04 PM, Daniel Pittman wrote:

> I think you will then run into the issue that $name can't be expanded
> at that point, though, which would require writing an extra define to
> make it available. :(

I really thought that would work too and mocked it up but apparently it ain't 
so. I tried '$name' '$namevar' '$title' to no avail.

https://projects.puppetlabs.com/issues/5259 seemed germane so I updated it with 
this discussion.

[e...@recury ~/sandbox/dotmac/puppet]% cat packages.pp 
  $installserver = "localhost"

  package { [ 'glib2-2.24.1p2', 'gtar-1.23p1' ]:
  provider => 'pkgdmg',
  ensure => 'installed',
  source => 
"http://${installserver}/openbsd/${operatingsystemrelease}/packages/${hardwaremodel}/${name}.dmg";,
}




info: Applying configuration version '1292396816'
debug: //Package[glib2-2.24.1p2]: Changing ensure
debug: //Package[glib2-2.24.1p2]: 1 change(s)
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl -o 
/tmp/glib2-2.24.1p2 -C - -k -s --url 
http://localhost/openbsd/10.5.0/packages/i386/.dmg'
debug: Success: curl transfered [glib2-2.24.1p2]
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil mount 
-plist -nobrowse -readonly -noidme -mountrandom /tmp /tmp/glib2-2.24.1p2'
err: //Package[glib2-2.24.1p2]/ensure: change from absent to present failed: 
Execution of '/usr/bin/hdiutil mount -plist -nobrowse -readonly -noidme 
-mountrandom /tmp /tmp/glib2-2.24.1p2' returned 1: hdiutil: mount failed - not 
recognized

debug: //Package[gtar-1.23p1]: Changing ensure
debug: //Package[gtar-1.23p1]: 1 change(s)
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/curl -o 
/tmp/gtar-1.23p1 -C - -k -s --url 
http://localhost/openbsd/10.5.0/packages/i386/.dmg'
debug: Success: curl transfered [gtar-1.23p1]
debug: Puppet::Type::Package::ProviderPkgdmg: Executing '/usr/bin/hdiutil mount 
-plist -nobrowse -readonly -noidme -mountrandom /tmp /tmp/gtar-1.23p1'
err: //Package[gtar-1.23p1]/ensure: change from absent to present failed: 
Execution of '/usr/bin/hdiutil mount -plist -nobrowse -readonly -noidme 
-mountrandom /tmp /tmp/gtar-1.23p1' returned 1: hdiutil: mount failed - not 
recognized

debug: Finishing transaction 2169486380 with 2 changes



 - Eric Sorenson - N37 17.255 W121 55.738  - http://twitter.com/ahpook  -

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet dashboard group and class

[Christian]

Hi Nicolas,

i had exactly the same problem when i start using puppet dashboard
some months ago. There is no documentation about it on the page and i
would say that the names 'Classes' and 'Groups' are used unlucky. It
turns out that classes acutally are the puppet modules (why the hell
they dont use the same expression in puppet dashboard like in the rest
puppet) and groups can be used to model a kind of inheritance. If you
use classes and groups you have to use puppet dashboard as an external
node classifier means you are not using node.pp anymore. The modeling
which module belongs to which node will be done then in puppet
dashboard. Your class name have of course be exactly the same name as
the module name you have in your folder structure in the puppet module
folder.

Hope that helps a bit

Christian



On 15 Dez., 02:17, Nicolas Aizier 
wrote:
> Hi everyone,
>
> I'm actually kind of new in puppet but I'm doing good in progressing.
> I have read lot of docs and how to to understand the whole behaviour
> of puppet.
> Installed a puppet master server, deployed 15 clients to test it on
> some of our testing servers.
> Written modules to get exactly what we want, and then installed puppet
> dashboard which work really fine.
>
> My question might sound a bit noobish but I'm stuck on that point and
> I really don't like to don't understand every part of a tool.
> What is the use of adding "groups" and "class" in the dashboard ?
> It seems that the dashboard don't see your class from the modules (saw
> that it will be corrected soon), but what is the point to creating
> class in the GUI ? Can you do anything with that ? and if yes will
> that not spread the config through dashboard + puppet config files,
> it'll be messy to maintain 
> Same question with the groups, I understand that you can assign class
> to groups so it's easyer to add a server in a global behavior but it
> only uses class from dashboard . And is there a way to create such
> group in puppet config files (if yes I didn't manage to find it ...) ?
>
> Thx a lot for your time and to all the puppet users !

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.