[Puppet Users] upgrading
I want to upgrade from puppet 0.24.8 to the latest puppet, and do I need to modify my puppet code to fit for 0.26? and another thing, I want to have multi-puppet server node, and 1 as the master, and the others as the slave. master serves for the most time, but when master is down, slave becomes the master. How to implement this? does 0.24.8 support it? -- *Space Lee* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Updating a symlink
I have just updated a 'file' directive that defines a symlink. The name of the symlink hasn't changed, but the target has. However, that change is not being propagated to clients. Bug? Expected behaviour? PEBKAC? Puppet master: 24.8 Puppet client: 24.8 Thanks, Keith -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Updating a symlink
Bug? Expected behaviour? PEBKAC? PEBKAC. Sorry for the noise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
On 07/01/11 14:54, luke.bigum wrote: I created the tree /etc/puppet/modules/ntp/manifests/ and created an init.pp with this content: class ntp { package { ntp: ensure = installed } service { ntpd: ensure = stopped } } Hi Jonathan, How do you know the client isn't doing what you told it if there are no error messages? What classes are on your client? Run this for a list: cat /var/lib/puppet/classes.txt A more comprehensive check is to list all the resources that can execute on your client with: puppetd --test --noop --evaltrace Does the ntp stuff appear in that list? If it does then you've probably got the ntp package already installed and the ntp service already stopped, so Puppet doesn't have to do anything :) Thanks for your response. Sorry, I realised I made a mistake in my message. There *was* an error message, as follows: # /usr/sbin/puppetd --server puppet.resnet.bris.ac.uk --test --evaltrace err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: No file(s) found for import of 'ntp' at /etc/puppet/manifests/site.pp:6 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run To reiterate, my 'ntp' class is defined in /etc/puppet/modules/ntp/manifests/init.pp and I have defined modulepath in my puppet.conf. The ntp module is imported in site.pp and included in nodes.pp. So it looks like my puppetmaster isn't correctly picking up my modulepath. Any ideas? Also, is there a way to get more verbose logging on the puppetmaster? Currently I only have masterhttp.log, but I would like to enable debug logging to see everything the puppetmaster is doing. Many thanks, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless VPN Team IT Services University of Bristol -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] pushing files with host based variables?
On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote: 192.168.1.20host1.domain.com 192.168.1.30host2.domain.com 192.168.1.250 unique_host.domain.com Is there a way to manage this with puppet? What I would like to do is be able to check that those 3 entries exist... if not replace the file and generate the custom content that needs to be in the file? If you use host resources, as already recommended, Puppet will create the entries if they do not exist. If you only want those entries present, tell Puppet to purge all host entries not specified in the puppet configuration for that host. host { 'host1.domain.com': ip = '192.168.1.20', ensure = 'present' } host { 'host2.domain.com': ip = '192.168.1.30', ensure = 'present' } host { 'unique_host.domain.com': ip = '192.168.1.250', ensure = 'present' } resources { 'host': purge = true } Stop thinking custom scripts; start thinking resources. Most Puppet configuration consists of specifying which resources you do or don't want present in which circumstances. Most of the rest of it is about defining which resources depend on which others (e.g. this running application depends on that configuration file). You describe how a system should look and Puppet does what is necessary to make it so. -- Bruce I object to intellect without discipline. I object to power without constructive purpose. -- Spock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] is it possible to access resource definitions from ERB templates?
Puppet's template() function has the potential to be a rather excellent way to generate configuration files, so I wondered if it would be able to generate something non-trivial, like a set of Shorewall configuration files. I should note, I have seen the Shorewall example from the puppet patterns pages, and others based on it [1]. These work by generating lots of fragments of files in /var/lib/puppet/modules/shorewall, with names prefixed by some index number, and finally sorting and concatenating them together, interleaved with various headers and footers. This isn't ideal when, like the zones file, there can be sections defined in some hierarchy. It also seems to be extremely slow to run (at least for me - it takes long enough to make some tea *and* drink it). But having tried to implement a version which uses a template (in v0.25.4), I can't see a way to do it without resorting to some variation of file concatenation, because the structure of resources defined in a puppet manifest is not fully exposed to the templates (that I can see). What I would like to do in general, for example, is to define some resources in a class like this: define somesystem::section { # This is a placeholder, it doesn't do anything # besides represent a section in the generated config file } define somesystem::item($name) { # ditto } class somesystem::defaults { # this could define any default configuration data, e.g.: section {common: item {base: name = /etc/somesystem} } } node mynode { class somesystem::my_config inherits somesystem::defaults { # This can extend (or override) the default config data section {animals: item {dog: name = 'fido'}; item {cat: name = 'fluffy'}; } section {vegetables: item {potato: name = 'spud'}; } } } Then, using a template like this example: config !-- boilerplate -- %# (note that the resources would ideally be iterated in the order they appear in the manifest, by default) % % scope.class.resources('section').each do |section| -% Section id=%= section.title % % section.resources('item').each do |item| -% item type=%= item.title %%= item.name %/item % end -% /Section % end % /config ...we might generate something like this: config !-- boilerplate -- Section id=common item type=base/var/somesystem/item /Section Section id=animals item type=dogfido/item item type=catfluffy/item /Section Section id=vegetables item type=dogfido/item item type=catfluffy/item /Section /config I would guess there is a way to access the manifest's syntax tree from within the template via the .scope method, but it doesn't seem to be fully supported or encouraged. [4] On the other hand, if Puppet had some sort of DOM accessible to templates, this could be made to work, and Puppet would have a very general and powerful way to generate all sorts of content from resources defined in manifests. I'd like to ask: - Does this seem a worthy and achievable aim in general? - Is there some way I could achieve this now, preferably in 0.25.x? I would guess that the only way is to write a Provider, or to somehow implement a (client-side?) ERB template which uses the YAML in /var/lib/puppet/state/localconfig.yaml as context, neither of which I know how to do currently. Advice and pointers would be very welcome. Thanks, Nick 1. These shorewall modules all seem to be essentially the same: http://projects.puppetlabs.com/projects/puppet/wiki/Aqueos_Shorewall_Patterns https://github.com/camptocamp/puppet-shorewall git://labs.riseup.net/module_shorewall 2. The above depend on this, or something equivalent: git://git.black.co.at/module-common 3. plugins loaded into memory on the server (e.g., functions) do not correctly work in environments [on 0.25.x] http://groups.google.com/group/puppet-dev/browse_thread/thread/d39e2db23a7f65b8 4. A similar idea to mine is discussed here: http://www.mail-archive.com/puppet-users@googlegroups.com/msg06883.html -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: can a class require an other class?
On 01/07/2011 07:49 PM, dingus9 wrote: I would like to see a dedicated group for this too. I have a few opinions on the matter of language syntax and semantics. My main frustration is the matter of slightly different methods for declaring defines, nodes and classes. Take these four examples a node, a define and the two class include/ initialize methods. # A node node uniquehostname { #do stuff } # a define mydefine {'uniqueName': #do some stuff that can be run multiple times param = 'val', } #Comments around 'uniqueclassname' may be used or ommited here class {uniqueclassname: param = 'val', #note comments on 'param' would mess it up here... lame } #but comments are required here for 'module::class' syntax, else it throws a syntax error class {'module::uniqueclassname': param = 'val', } #and finally include uniqueclassname I would like to see all syntax for instantiating a class define or node be the same... an example: node {'unquehostname': } mydefine {'uniquedefinename': } myclass {'module::classname': } or if you prefer a more explicit syntax: node {'unquehostname': } mydefine {'uniquedefinename': } class {'module::classname': } Thoughts? Nick, you're confusing me. You keep writing about comments where (hopefully) you mean quotes! Please note that node { } is always a declaration. Such is class { }. If I read you right, you'd like instanciation to work using class { name: }. But how can the parser tell that you aren't creating a new class by the name of current_scope::name? Furthermore, it would be downright confusing to be required to write node { 'dbserver1': include defaults include mail::server include mysql::server } Because declaring a node/class/define is conceptually different from instanciating a class or define. Both types of block should not look alike. I find it desirable to allow the negligience of quotes. It's OK when I have to quote node my.fqdn.server.com and need not quote node projecta-db1. Quoting parameter names is a Bad Idea. But for those that like typing absolutely unnecessary quote characters in almost each single line of each single manifest, it may as well be allowed as far as I'm concerned, but it should not be a requirement. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
To reiterate, my 'ntp' class is defined in /etc/puppet/modules/ntp/manifests/init.pp and I have defined modulepath in my puppet.conf. The ntp module is imported in site.pp and included in nodes.pp. Are the permissions adequate for your puppetmaster process? So it looks like my puppetmaster isn't correctly picking up my modulepath. Any ideas? Are you pasting those paths and settings? Some typos tend to evade the eye after just so many hours; you may want to paste excerpts from your manifest, configs and filesystem listings somehwere. Also, is there a way to get more verbose logging on the puppetmaster? Currently I only have masterhttp.log, but I would like to enable debug logging to see everything the puppetmaster is doing. I like to do this on occasion: $ puppet master --masterport 8141 --no-daemonize --debug --verbose --color false --pidfile=/var/run/puppet/master.debug.pid That way, you get a second puppetmaster on another port, and can query it from your clients using $ puppetd --test --noop --masterport 8141 HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster 2.6.x on Ubuntu Lucid
I like the idea of parametrized classes very much, and I would like to use them. Unfortunately Ubuntu Lucid ships with puppet 2.5.4, which doesn't support it. Does anybody here can tell me, how can I get 2.6.x version of puppet and puppetmaster on Ubuntu? I tried to install puppet from sources, but I failed miserably: The internal installer does little more then copying the ruby scripts. It doesn't create users, directories nor permissions necessary to run puppetmaster, and error messages that are generated on such failed install are cryptic. I am aware of http://packages.debian.org/lenny-backports/puppet, but itsn't strictly Ubuntu and there are missing dependencies, so right now I can't install it (I used to be able to do it few weeks ago, when they had puppet 2.6.2). I am also aware of https://launchpad.net/~mathiaz/+archive/puppet-backports but mathiaz doesn't provide puppetmaster. Can anyone suggest me any hints on how to do it? Maybe there is someone, who actually managed to run puppetmaster on Ubuntu 10.4 and who would share how did he achieve it? Thank you in advance, Adam Ryczkowski -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster 2.6.x on Ubuntu Lucid
Hi, On 10-01-11 14:34, Adam Ryczkowski wrote: I like the idea of parametrized classes very much, and I would like to use them. Unfortunately Ubuntu Lucid ships with puppet 2.5.4, which doesn't support it. Does anybody here can tell me, how can I get 2.6.x version of puppet and puppetmaster on Ubuntu? I tried to install puppet from sources, but I failed miserably: The internal installer does little more then copying the ruby scripts. It doesn't create users, directories nor permissions necessary to run puppetmaster, and error messages that are generated on such failed install are cryptic. I am aware of http://packages.debian.org/lenny-backports/puppet, but itsn't strictly Ubuntu and there are missing dependencies, so right now I can't install it (I used to be able to do it few weeks ago, when they had puppet 2.6.2). I am also aware of https://launchpad.net/~mathiaz/+archive/puppet-backports but mathiaz doesn't provide puppetmaster. Can anyone suggest me any hints on how to do it? Maybe there is someone, who actually managed to run puppetmaster on Ubuntu 10.4 and who would share how did he achieve it? We always create our own backport of the official Ubunutu packages from the latest release. http://packages.ubuntu.com/natty/puppet Just download/unpack the source and build it with your favourite build-tool (pbuilder or similar). It currently builds even on Hardy without modifications. Best regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
On 10/01/11 13:34, Felix Frank wrote: To reiterate, my 'ntp' class is defined in /etc/puppet/modules/ntp/manifests/init.pp and I have defined modulepath in my puppet.conf. The ntp module is imported in site.pp and included in nodes.pp. Are the permissions adequate for your puppetmaster process? Thanks for your reply. The tree /etc/puppet/modules has been chowned and chmodded to be the same as the other things in /etc/puppet. SELinux is disabled. So it looks like my puppetmaster isn't correctly picking up my modulepath. Any ideas? Are you pasting those paths and settings? Some typos tend to evade the eye after just so many hours; you may want to paste excerpts from your manifest, configs and filesystem listings somehwere. I have pasted these excerpts for verification. The modulepath directive is in puppet.conf as follows. Which subsection should it be in - main, puppetd or puppetmasterd? Currently it's in all three, just to be sure. modulepath = /etc/puppet/modules In site.pp: import nodes import ntp In nodes.pp: node 'espresso.resnet.bris.ac.uk' { include ntp } Also, is there a way to get more verbose logging on the puppetmaster? Currently I only have masterhttp.log, but I would like to enable debug logging to see everything the puppetmaster is doing. I like to do this on occasion: $ puppet master --masterport 8141 --no-daemonize --debug --verbose --color false --pidfile=/var/run/puppet/master.debug.pid That way, you get a second puppetmaster on another port, and can query it from your clients using $ puppetd --test --noop --masterport 8141 Thank you, that's an excellent idea. HTH, Felix Cheers, Jonathan -- Jonathan Gazeley Systems Support Specialist ResNet | Wireless VPN Team IT Services University of Bristol -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster 2.6.x on Ubuntu Lucid
On 10-01-11 14:47, Martijn Grendelman wrote: ... Ubunutu packages ... Damn. I STILL can't type 'Ubuntu' properly. Just use Debian, it's easier :-) Regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
node 'espresso.resnet.bris.ac.uk' { include ntp } To get anything going, try to rename class ntp to ntp::ntp and include it as that. You can strip down to more straight-forward naming once that works. BTW, I don't see how your 'import nodes' ever worked. But apparently it does. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster 2.6.x on Ubuntu Lucid
Hi adam, I am also aware of https://launchpad.net/~mathiaz/+archive/puppet-backports but mathiaz doesn't provide puppetmaster. I am using his PPA for a deployment right now with success. In this context, using Apache + Passenger is the way to go for the Puppetmaster role. Take a look at http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger -Mark Can anyone suggest me any hints on how to do it? Maybe there is someone, who actually managed to run puppetmaster on Ubuntu 10.4 and who would share how did he achieve it? Thank you in advance, Adam Ryczkowski -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Not authorized to call puppetmaster.getconfig
Hi, For more then 90 hosts, 1 host is always giving the error below. The strange thing: the reports says everything is fine and all necessary changes are still done There is nothing special about this host... Description:Red Hat Enterprise Linux Server release 5.5 (Tikanga) Release:5.5 Codename: Tikanga puppet version 2.6.4, facter 1.5.8 Jan 10 15:46:37 puppetm puppet-master[2476]: Puppet Server (Rack): Internal Server Error: Unhandled Exception: Host puppetclient.replaced.domain(x.x.x.x) not authorized to call puppetmaster.getconfig Jan 10 15:46:37 puppetm puppet-master[2476]: Backtrace: Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/site_ruby/1.8/puppet/network/xmlrpc/processor.rb:42:in `process' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack/xmlrpc.rb:35:in `process' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/site_ruby/1.8/puppet/network/http/rack.rb:51:in `call' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/rack/request_handler.rb:92:in `process_request' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/abstract_request_handler.rb:207:in `main_loop' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/rack/application_spawner.rb:118:in `run' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/rack/application_spawner.rb:65:in `spawn_application' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/utils.rb:184:in `safe_fork' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/rack/application_spawner.rb:58:in `spawn_application' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/rack/application_spawner.rb:41:in `spawn_application' Jan 10 15:46:37 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/spawn_manager.rb:159:in `spawn_application' Jan 10 15:46:38 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/spawn_manager.rb:287:in `handle_spawn_application' Jan 10 15:46:38 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/abstract_server.rb:352:in `__send__' Jan 10 15:46:38 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/abstract_server.rb:352:in `main_loop' Jan 10 15:46:38 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously' Jan 10 15:46:38 puppetm puppet-master[2476]: /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/bin/passenger-spawn-server:61 Jan 10 15:47:29 puppetm puppet-master[2476]: Compiled catalog for puppetclient.replaced.domain in environment production in 0.03 seconds Yours sincerely Pieter Baele www.pieterb.be -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] sysctl type not available
Hi all, from http://projects.puppetlabs.com/projects/1/wiki/Puppet_Modules wanted to take a look at sysctl type but it's not available. http://spook.wpi.edu/sysctl Anyone could give it a look? TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sysctl type not available
from http://projects.puppetlabs.com/projects/1/wiki/Puppet_Modules wanted to take a look at sysctl type but it's not available. http://spook.wpi.edu/sysctl Anyone could give it a look? As far as I remember this one: http://git.puppet.immerda.ch/?p=module-sysctl.git;a=summary was originally based on that one. ~pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
On 10/01/11 13:59, Felix Frank wrote: node 'espresso.resnet.bris.ac.uk' { include ntp } To get anything going, try to rename class ntp to ntp::ntp and include it as that. You can strip down to more straight-forward naming once that works. Hmm, no luck using ntp::ntp instead of ntp. The problem seems to be in importing rather than including. I tried using ntp, ntp::ntp, and the full path /etc/puppet/modules/ntp/manifests/init.pp. It always fails with: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: No file(s) found for import of 'ntp' at /etc/puppet/manifests/site.pp:6 It's as if it can't figure out the module path, which I have specified in the [main] section of my puppet.conf. I have triple-checked that there is no typo, and that the permissions are OK. BTW, I don't see how your 'import nodes' ever worked. But apparently it does. I don't know where I got that from - it was either in the default configuration from the EPEL repository, or I saw it on a mailing list / forum. It seems to work because nodes.pp is in the same dir as site.pp. Thanks, Jonathan -- Jonathan Gazeley Systems Support Specialist ResNet | Wireless VPN Team IT Services University of Bristol -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sysctl type not available
On Mon, 10 Jan 2011 16:41:02 +0100 Peter Meier wrote: As far as I remember this one: http://git.puppet.immerda.ch/?p=module-sysctl.git;a=summary was originally based on that one. Thanks! ~pete Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could not find user kbarber
Hi, looking for more modules: * puppet-iptables * puppet-archive * puppet-bugzilla * puppet-sshd give an error about kbarber user... was him deleted by error? http://forge.puppetlabs.com/bobsh/sshd http://bob.sh/puppet TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Thanks for the reply, It looks like I would need an entry for every host if I were to take that route? My environment would require 6000*3 entries... That doesn't seem logical. Am I understanding this correctly? On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote: On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote: 192.168.1.20 host1.domain.com 192.168.1.30 host2.domain.com 192.168.1.250 unique_host.domain.com Is there a way to manage this with puppet? What I would like to do is be able to check that those 3 entries exist... if not replace the file and generate the custom content that needs to be in the file? If you use host resources, as already recommended, Puppet will create the entries if they do not exist. If you only want those entries present, tell Puppet to purge all host entries not specified in the puppet configuration for that host. host { 'host1.domain.com': ip = '192.168.1.20', ensure = 'present' } host { 'host2.domain.com': ip = '192.168.1.30', ensure = 'present' } host { 'unique_host.domain.com': ip = '192.168.1.250', ensure = 'present' } resources { 'host': purge = true } Stop thinking custom scripts; start thinking resources. Most Puppet configuration consists of specifying which resources you do or don't want present in which circumstances. Most of the rest of it is about defining which resources depend on which others (e.g. this running application depends on that configuration file). You describe how a system should look and Puppet does what is necessary to make it so. -- Bruce I object to intellect without discipline. I object to power without constructive purpose. -- Spock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Problem loading custom modules
Hmm, no luck using ntp::ntp instead of ntp. The problem seems to be in importing rather than including. I tried using ntp, ntp::ntp, and the full path /etc/puppet/modules/ntp/manifests/init.pp. It always fails with: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: No file(s) found for import of 'ntp' at /etc/puppet/manifests/site.pp:6 Hi Jonathan, You shouldn't need to import your ntp module as Puppet should auto load it if the pathing is all correct, which it looks like it is. Remote the 'import ntp' line from your site.pp: In site.pp: import nodes.pp In nodes.pp: node 'espresso.resnet.bris.ac.uk' { include ntp } Then run the evaltrace on your node to see if your module and resources are there. Like Felix, an import of nodes seems is strange to me - maybe Puppet will implicitly add a .pp extension for files in the CWD? You should not need to explicitly import your module manifests, using include and Puppet with a correct modulepath should find it. -Luke -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Actually, upon more reading on my own, this is where stored configs will come into play? Ill approach more reading on that subject. On Jan 10, 9:56 am, trey85stang trey85st...@gmail.com wrote: Thanks for the reply, It looks like I would need an entry for every host if I were to take that route? My environment would require 6000*3 entries... That doesn't seem logical. Am I understanding this correctly? On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote: On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote: 192.168.1.20 host1.domain.com 192.168.1.30 host2.domain.com 192.168.1.250 unique_host.domain.com Is there a way to manage this with puppet? What I would like to do is be able to check that those 3 entries exist... if not replace the file and generate the custom content that needs to be in the file? If you use host resources, as already recommended, Puppet will create the entries if they do not exist. If you only want those entries present, tell Puppet to purge all host entries not specified in the puppet configuration for that host. host { 'host1.domain.com': ip = '192.168.1.20', ensure = 'present' } host { 'host2.domain.com': ip = '192.168.1.30', ensure = 'present' } host { 'unique_host.domain.com': ip = '192.168.1.250', ensure = 'present' } resources { 'host': purge = true } Stop thinking custom scripts; start thinking resources. Most Puppet configuration consists of specifying which resources you do or don't want present in which circumstances. Most of the rest of it is about defining which resources depend on which others (e.g. this running application depends on that configuration file). You describe how a system should look and Puppet does what is necessary to make it so. -- Bruce I object to intellect without discipline. I object to power without constructive purpose. -- Spock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Upon further reading, it looks like what I want would be better accomplished with using stored configs? On Jan 10, 9:56 am, trey85stang trey85st...@gmail.com wrote: Thanks for the reply, It looks like I would need an entry for every host if I were to take that route? My environment would require 6000*3 entries... That doesn't seem logical. Am I understanding this correctly? On Jan 10, 4:35 am, Bruce Richardson itsbr...@workshy.org wrote: On Sun, Jan 09, 2011 at 10:42:19AM -0800, trey85stang wrote: 192.168.1.20 host1.domain.com 192.168.1.30 host2.domain.com 192.168.1.250 unique_host.domain.com Is there a way to manage this with puppet? What I would like to do is be able to check that those 3 entries exist... if not replace the file and generate the custom content that needs to be in the file? If you use host resources, as already recommended, Puppet will create the entries if they do not exist. If you only want those entries present, tell Puppet to purge all host entries not specified in the puppet configuration for that host. host { 'host1.domain.com': ip = '192.168.1.20', ensure = 'present' } host { 'host2.domain.com': ip = '192.168.1.30', ensure = 'present' } host { 'unique_host.domain.com': ip = '192.168.1.250', ensure = 'present' } resources { 'host': purge = true } Stop thinking custom scripts; start thinking resources. Most Puppet configuration consists of specifying which resources you do or don't want present in which circumstances. Most of the rest of it is about defining which resources depend on which others (e.g. this running application depends on that configuration file). You describe how a system should look and Puppet does what is necessary to make it so. -- Bruce I object to intellect without discipline. I object to power without constructive purpose. -- Spock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
On 10/01/11 16:00, luke.bigum wrote: Hi Jonathan, You shouldn't need to import your ntp module as Puppet should auto load it if the pathing is all correct, which it looks like it is. OK, good to know. Remote the 'import ntp' line from your site.pp: I've removed this line. In site.pp: import nodes.pp Got that. In nodes.pp: node 'espresso.resnet.bris.ac.uk' { include ntp } Got that too. Unfortunately puppetmaster can't find the ntp class. Running the puppetmasterd in debug mode, it prints this: err: Could not find class ntp at /etc/puppet/manifests/nodes.pp:3 on node espresso.resnet.bris.ac.uk Line 3 in nodes.pp is the include ntp line. So it still seems as if the modulepath declaration isn't work properly. Puppet doesn't print any debug messages at startup about bad permissions etc, and I've verified that the path is typed correctly. Can I confirm that the modulepath declaration should be in the [main] section of puppet.conf? I've it in all sections without luck, though. Thanks for your help, Jonathan Then run the evaltrace on your node to see if your module and resources are there. Like Felix, an import of nodes seems is strange to me - maybe Puppet will implicitly add a .pp extension for files in the CWD? You should not need to explicitly import your module manifests, using include and Puppet with a correct modulepath should find it. -Luke -- Jonathan Gazeley Systems Support Specialist ResNet | Wireless VPN Team IT Services University of Bristol -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: pushing files with host based variables?
On Mon, Jan 10, 2011 at 07:56:49AM -0800, trey85stang wrote: Thanks for the reply, It looks like I would need an entry for every host if I were to take that route? My environment would require 6000*3 entries... That doesn't seem logical. Am I understanding this correctly? No, you're still learning. Here's how to do it (well, one way to do it): class role::basic_host { host { 'localhost': ip = '127.0.0.1', host_aliases = 'localhost.localdomain', ensure = 'present' } host { $fqdn: ip = $primary_ipaddress, host_aliases = $hostname, ensure = 'present' } host { 'host1.domain.com': ip = '192.168.1.20', ensure = 'present' } host { 'host2.domain.com': ip = '192.168.1.30', ensure = 'present' } host { 'unique_host.domain.com': ip = '192.168.1.250', ensure = 'present' } resources { 'host': purge = true } } node host1 { $primary_ipaddress = '192.168.1.1' include role::basic_host } node host2 { $primary_ipaddress = '192.168.1.2' include role::basic_host } node host3 { $primary_ipaddress = '192.168.1.3' include role::basic_host include some::other::class } You see? No need to define each host resource separately for each node (nodes are what puppet-configured hosts/computers are called in Puppet). What you do is you use classes to group together a linked set of resources, then you include the appropriate classes in your nodes. Notice that I added a couple of other important entries to the list of host resources (you wouldn't want to be without those, and the purge = true line would otherwise remove them)). Note also that I don't need to specify the values of $fqdn and $hostname, because these are facts which puppet can find out for itself (I do specify $primary_ipaddress in this example, because a host may have more than one address, not all of which will be associated with the primary hostname). Keep asking about anything which doesn't make sense yet. -- Bruce The ice-caps are melting, tra-la-la-la. All the world is drowning, tra-la-la-la-la. -- Tiny Tim. signature.asc Description: Digital signature
Re: [Puppet Users] Re: pushing files with host based variables?
On Mon, Jan 10, 2011 at 08:11:02AM -0800, trey85stang wrote: Upon further reading, it looks like what I want would be better accomplished with using stored configs? No. That's for something else. Since you have 6000 nodes in your environment, you probably want to look at External Nodes, which would scale better for you than describing all 6000 nodes in a text file. http://docs.puppetlabs.com/guides/external_nodes.html -- Bruce I object to intellect without discipline. I object to power without constructive purpose. -- Spock -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could not request certificate: No route to host?
Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not request certificate: No route to host?
On 01/10/2011 05:27 PM, James Lee wrote: Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. The master considering itself to be pmaster.domain is alright. But you want ping pmaster.domain to work for your client. If it doesn't, this thing won't fly. If in doubt, add an entry to /etc/hosts. Otherwise you may want to take a look at your DNS. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem loading custom modules
On 01/10/2011 05:30 PM, Jonathan Gazeley wrote: On 10/01/11 16:20, Felix Frank wrote: Hauling out the big guns boils down to (for me): strace -e trace=file -f puppet master --no-daemonize ... 21 | grep ntp That should eventually spit a few stat or open attempts that fail, when the master tries to import the ntp module. Thank you. Using strace shows that while the permissions were set correctly on my /etc/puppet/modules tree, the directories didn't have the X flag to allow browsing. I find your understanding of set correctly disturbing ;p That's why I originally asked for pastes of configs, manifests *and* filesystem listings (not to the list preferably, use pastebin services). But it worked out, you just had to do a bit more walking. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not request certificate: No route to host?
Any firewall (client or server) perhaps not explicitly allowing the proper traffic for 8140 to the master? -Mark On Jan 10, 2011, at 11:27 AM, James Lee wrote: Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Could not request certificate: No route to host?
Both the client and the server are allowing port 8140 for tcp and udp. On Jan 10, 11:33 am, Mark Stanislav mark.stanis...@gmail.com wrote: Any firewall (client or server) perhaps not explicitly allowing the proper traffic for 8140 to the master? -Mark On Jan 10, 2011, at 11:27 AM, James Lee wrote: Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Could not request certificate: No route to host?
Hi Felix, I tried ping pmaster.domain and it doesn't work (Destination Host Unreachable). I added an entry to /etc/hosts and it's still reacting the same. What might be wrong with my DNS? On Jan 10, 11:30 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 01/10/2011 05:27 PM, James Lee wrote: Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. The master considering itself to be pmaster.domain is alright. But you want ping pmaster.domain to work for your client. If it doesn't, this thing won't fly. If in doubt, add an entry to /etc/hosts. Otherwise you may want to take a look at your DNS. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Could not request certificate: No route to host?
On 01/10/2011 05:41 PM, James Lee wrote: Hi Felix, I tried ping pmaster.domain and it doesn't work (Destination Host Unreachable). I added an entry to /etc/hosts and it's still reacting the same. What might be wrong with my DNS? Your master is not available network-wise. This can have any number of reasons (IP not bound, routing issues etcpp.) Impossible to debug from here without much more info. Are you responsible for network infrastructure? If not, get someone who is and make him debug this for you. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Could not request certificate: No route to host?
Thanks for the tip, I think I will figure it out :) On Jan 10, 11:52 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 01/10/2011 05:41 PM, James Lee wrote: Hi Felix, I tried ping pmaster.domain and it doesn't work (Destination Host Unreachable). I added an entry to /etc/hosts and it's still reacting the same. What might be wrong with my DNS? Your master is not available network-wise. This can have any number of reasons (IP not bound, routing issues etcpp.) Impossible to debug from here without much more info. Are you responsible for network infrastructure? If not, get someone who is and make him debug this for you. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could not call puppetca.getcert HTTP-error: 500
Hello, Puppet client is receiving the 500 error when trying to talk to the puppetmaster server. Apache error log on the server shows - Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to file failed: Could not set 'file on ensure: Permission denied - /var/lib/puppet/log/masterhttp.log Permissions on this file are open and the file is owned by the puppet user. Any Ideas on this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Could not call puppetca.getcert HTTP-error: 500
looks like this error was caused by owner permissions not set to puppet on the /etc/puppet/rack/config.ru file. On Jan 10, 1:00 pm, Butt3r buttermyto...@lavabit.com wrote: Hello, Puppet client is receiving the 500 error when trying to talk to the puppetmaster server. Apache error log on the server shows - Could not prepare for execution: Got 1 failure(s) while initializing: change from absent to file failed: Could not set 'file on ensure: Permission denied - /var/lib/puppet/log/masterhttp.log Permissions on this file are open and the file is owned by the puppet user. Any Ideas on this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] upgrading
On Jan 10, 2011, at 12:30 AM, Spacelee wrote: I want to upgrade from puppet 0.24.8 to the latest puppet, and do I need to modify my puppet code to fit for 0.26? and another thing, I want to have multi-puppet server node, and 1 as the master, and the others as the slave. master serves for the most time, but when master is down, slave becomes the master. How to implement this? does 0.24.8 support it? Puppet has no concept of slave. Just master and client. If you want, you can setup more than one master and use tricks with DNS or a proxy to send clients to both (or more than 2) masters. Either of those can be used to give you load-balncing as well as high availability. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] importing classes to the dashboard
On Jan 10, 2011, at 8:01 AM, Adriana wrote: Hello, I would like to know if it is possible to automatically import the puppet classes to the dashboard in order to manage them from the gui. I didn't find exact instructions to make the puppet clients report directly to the dashboard instead of importing the reports every time through the command rake RAILS_ENV=production reports:import . Does anyone has the exact instructions? Thanks for the help. Cheers, Adriana What OS? Are you already using Passenger? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Re: Could not request certificate: No route to host?
Hi James, Since you are getting a Destination Host Unreachable from the ping command, do a netstat -nr command and verify that you have a default route for your primary NIC. If not, then add one with the route command. Good Luck, Mike -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of James Lee Sent: Monday, January 10, 2011 11:42 AM To: Puppet Users Subject: [Puppet Users] Re: Could not request certificate: No route to host? Hi Felix, I tried ping pmaster.domain and it doesn't work (Destination Host Unreachable). I added an entry to /etc/hosts and it's still reacting the same. What might be wrong with my DNS? On Jan 10, 11:30 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 01/10/2011 05:27 PM, James Lee wrote: Hi, I'm getting this message Could not request certificate: No route to host - connect(2) when I'm trying to connect my pclient to pmaster. I checked my hostnames for both the pclient and the pmaster: [r...@pclient etc]# hostname -f pclient.domain [r...@pmaster etc]# hostname -f pmaster.domain I tried requesting for certificate: [r...@pclient etc]# puppetd --server pmaster.domain --no-daemonize -- waitforcert 60 --verbose and all I get is the error message saying no route to host. What seems to be the problem? I saw a related discussion but I think I have the right server name. I'm running Puppet 0.25.5 retrieved from the EPEL package, and the OS is CentOS 5. The master considering itself to be pmaster.domain is alright. But you want ping pmaster.domain to work for your client. If it doesn't, this thing won't fly. If in doubt, add an entry to /etc/hosts. Otherwise you may want to take a look at your DNS. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. _ PLEASE NOTE: Florida has a very broad public records law (F. S. 119). All e-mails to and from County Officials are kept as a public record. Your e-mail communications, including your e-mail address may be disclosed to the public and media at any time. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: pushing files with host based variables?
On Mon, Jan 10, 2011 at 11:19:03AM -0800, trey85stang wrote: Bruce, I think what you are saying is clicking now. Now does puppet allow any variable substitution? I do urge you to stop thinking in terms of scripts. It doesn't map well onto the way that Puppet works. If you mean How do I apply the same changes to multiple nodes, with different values for each host?, then one answer is to put the common actions into a class and set different variable values in each node declaration. Alternatively, put them into a define and pass different parameters each time you call it. You can also use defines to repeate the same actions/changes with multiple values within a single context (e.g. a node). You should be able to find examples in the online documentation. -- Bruce I must admit that the existence of Disneyland (which I know is real) proves that we are not living in Judea in AD 50. -- Philip K. Dick signature.asc Description: Digital signature
[Puppet Users] Re: pushing files with host based variables?
Sorry for going back to scripts, I keep reading and reading that if you think in terms of scripts you're only going to confuse yourself been writing automation/admin scripts for way too long. I think you all have giving me a lot more to read up on so I will be doing that. I'll do some more reading and come back to this when I get a little further. So I will be looking at classes/define/repeat to see what I can come up with. On Jan 10, 1:46 pm, Bruce Richardson itsbr...@workshy.org wrote: On Mon, Jan 10, 2011 at 11:19:03AM -0800, trey85stang wrote: Bruce, I think what you are saying is clicking now. Now does puppet allow any variable substitution? I do urge you to stop thinking in terms of scripts. It doesn't map well onto the way that Puppet works. If you mean How do I apply the same changes to multiple nodes, with different values for each host?, then one answer is to put the common actions into a class and set different variable values in each node declaration. Alternatively, put them into a define and pass different parameters each time you call it. You can also use defines to repeate the same actions/changes with multiple values within a single context (e.g. a node). You should be able to find examples in the online documentation. -- Bruce I must admit that the existence of Disneyland (which I know is real) proves that we are not living in Judea in AD 50. -- Philip K. Dick signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: pushing files with host based variables?
Forgot to mention I appreciate everyone's help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem with multiple requires in Ruby DSL
I'm loving playing around with the DSL. There are some problems (ie 5237), but now that it's Ruby, I can fix them! woo! However, I'm stumped on this one, which may or may not be related to the DSL. When trying to have a resource have a simple dependency on two things at once, it simply fails, and I'm stumped as to why. The error message is: Parameter require failed: No title provided and [ Exec[git-/usr/local/ resque-runner], Rvm_install[1.9.2-p136]] is not a valid resource reference My definition looks like this: define :bundle_install, :rvm do rvm_exec bundle...@name}, :command = bundle install --without production, :ruby = @rvm, :path = /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin, # this alone works: #:require = rvm_install...@rvm}], # this alone also works: #:require = exec[git...@name}], # this fails: :require = [ exec[git...@name}], rvm_install...@rvm}]], :cwd = @name, :creates = #...@name}/.bundle/config end Am I missing something, or should I open a ticket? Thanks, Ben -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Certificate Validation problems.
Hi, Experiencing some issues with certs, I cannot see what I am doing wrong, if anyone would look over this I would be appreciative. I am running passenger and apache2. *** LOCAL GEMS *** daemon_controller (0.2.5) facter (1.5.8) fastthread (1.0.7) file-tail (1.0.5) passenger (2.2.11) puppet (2.6.4) rack (1.0.1) rake (0.8.7) spruz (0.2.2) apache2 -v Server version: Apache/2.2.14 (Ubuntu) Server built: Nov 18 2010 21:20:56 r...@puppetmaster:/etc/puppet# cat puppet.conf [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY r...@puppetmaster:/etc/puppet# cat /etc/puppet/rack/ config.ru public/ r...@puppetmaster:/etc/puppet# cat /etc/puppet/rack/config.ru # a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. # if puppet is not in your RUBYLIB: # $:.unshift('/opt/puppet/lib') $0 = master # if you want debugging: # ARGV --debug ARGV --rack require 'puppet/application/master' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Application[:master].run /etc/apache2/sites-available/puppetmasterd # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 NameVirtualHost puppet.server.com:8140 VirtualHost puppet.server.com:8140 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /etc/puppet/ssl/certs/puppetmaster.pem SSLCertificateKeyFile /etc/puppet/ssl/private_keys/ puppetmaster.pem SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory /VirtualHost After I run - puppetd --test --debug --server servername.com This works to push me the cert to sign on the server. Once I sign it I run this command again and get this error - warning: Certificate validation failed: considering using the certname configuration option err: Could not retrieve catalog: Certificates were not trusted: Hostname was not match with server certificate. warning: Not using cache on failed catalog. I have gone through and deleted the /etc/puppet/ssl directory from the server and attempted to regenerate the keys a few times. I also removed the .puppet/ssl/ directory from the client side and tried to regen the keys for it as well. No matter what I try I keep failing. If I try to run puppetd from the server I gert this error - err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Any tips? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with multiple requires in Ruby DSL
On Mon, Jan 10, 2011 at 12:27:13PM -0800, Ben Lavender wrote: I'm loving playing around with the DSL. There are some problems (ie 5237), but now that it's Ruby, I can fix them! woo! However, I'm stumped on this one, which may or may not be related to the DSL. When trying to have a resource have a simple dependency on two things at once, it simply fails, and I'm stumped as to why. The error message is: Parameter require failed: No title provided and [ Exec[git-/usr/local/ resque-runner], Rvm_install[1.9.2-p136]] is not a valid resource reference My definition looks like this: define :bundle_install, :rvm do rvm_exec bundle...@name}, :command = bundle install --without production, :ruby = @rvm, :path = /bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin, # this alone works: #:require = rvm_install...@rvm}], # this alone also works: #:require = exec[git...@name}], # this fails: :require = [ exec[git...@name}], rvm_install...@rvm}]], :cwd = @name, :creates = #...@name}/.bundle/config end Am I missing something, or should I open a ticket? Never tried the dsl but I guess require wants an array, not a string that looks like an array. So I think :require = [ exec[git...@name}], rvm_install...@rvm}]] will work. -Stefan pgpIhO1DB73a9.pgp Description: PGP signature
Re: [Puppet Users] Exactly how do people replace include with parametrised classes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 dont you find having to specify the relationships of httpd::ssl and httpd here to be wrong? Isn't the fact that the httpd module is designed to have this ordering requirement an implementation detail and not a usage detail? Surely people who just want to use the httpd module do not need to know this implementation detail? They should just be able to say use the module without understanding or knowing the ordering of internals. It's also not very DRY. Yep, I also recently started thinking about various new introduced problems I see with parametrized classes. For example, how could I do the following in the future with parametrized classes: class apache {} define apache::vhost(){ include ::apache ... } so the user only needs to define: apache::vhost{'example.com': } and everything else is pulled in automatically. This gives a very nice interface, is easy to use and if this way of writing puppet code wouldn't be anymore possible my infrastracture code would get *very* overloaded and ugly. And as R.I.Pienaar outlined later, we learned in the past to deal with the current scoping problems, but still producing more or less nice code. Although, I agree that parametrized classes provide a much nicer interface and I'm very happy they got introduced, I'm already seeing some problems with them: class apache($version = 'latest') {} define apache::vhost(){ class{'apache': } ... } This will raise problems if we define a second vhost. With the current scoping issues and my rule of thumb (First define all variables, then include classes) I had no problem with writing: $apache_version = '2.2.18' apache::vhost{'example.com': } apache::vhost{'cdn.example.com': } But how would I do that now? A possible solution would be to put the variables in a config class: class apache::config($version='latest'){} class apache { package{'apache': ensure = ${apache::config::version}, } } define apache::vhost(){ include ::apache ... } and then write: class{'apache::config': version = '2.2.18' } apache::vhost{'example.com': } apache::vhost{'cdn.example.com': } But how can I ensure that apache::config is loaded/included/applied when we include ::apache? I currently only see: class apache { if !defined(Class['apache::config']){ class{'apache::config': } } package{'apache': ensure = ${apache::config::version}, } } But this raises other ordering problems and breaks another rule of thumb of mine: Never use defined() as it can be seen as codesmell, for example exactly due to the ordering problems it raises. But this is the best solution I can currently come up with. Although, it still smells in my opinion. ~pete PS: Sorry, to come up with code examples, however I think I can express the current *new* limitations with them the best way. I will try to think about a non-code discussion contribution and maybe add it later to the thread. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rgaYACgkQbwltcAfKi38w4gCeJ8j3B6zcilYnXicgambV5Ty7 eqwAn1L86SUkKuMYwKTnVopNNgNntBBW =ODmw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Custom providers
Hi, Puppet::Provider::Package defines the prefetch class method. This is called at the beginning of the puppet run to find matches between existing packages and the one you described in your manifest. Prefetch calls instances which should return an array of provider instances. One provider instance for each package with the appropiate property_hash {ensure = whatever-version}. If you dont know how to implement it try with returning an empty array like hpux.rb does. Thanks. I still have this problem that I can't run puppet as a daemon and install packages as any other user. Trying to sudo inside the custom provider fails if puppet is running as a daemon. Is there no way around that? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet's direction in theory?
So, I started with puppet about two years ago (December 2008). At the time, I was under the impression that the list of Types would grow a lot (i.e. http://docs.puppetlabs.com/references/stable/type.html ). In fact, the file type says: If you find that you are often copying files in from a central location, rather than using native resources, please contact Puppet Labs and we can hopefully work with you to develop a native resource to support what you are doing. The thing is, that list hasn't actually changed all that much as far as I can recall. Instead, what seems to have happened is a lot of user-made modules as the code re-use unit; using the native features of puppet (i.e. lots of file{...} and exec{...}) to emulate new types, essentially; see http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Modules I don't mean this as any kind of criticism, I'm just wondering if this was on purpose? The goal with puppet seemed to be a simple, declarative configuration system, where as many things as possible were handled with native types, and that doesn't seem to be how things have actually gone, and I'm wondering if this represents an injection of pragmatism or a deliberate decision. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
It's my understanding that we'd like to have more of both! People do write native (ruby) Types and Providers, and people do write them in Puppet language. We're working on some new features to make it easier to write Types in the Puppet Language, and we're working on some new features that make it easier to write Types and Providers in ruby. Eventually we'd like to decouple many of the bundled ruby-language Providers from the Puppet core codebase, so they can be developed in parallel to the framework. I don't think there's a philosophical decision in play - sometimes it's easier to express problems in the ruby, but often people already have working Puppet code that they want to convert into a Type. ~Jesse Wolfe On Mon, Jan 10, 2011 at 7:57 PM, Robin Lee Powell rlpow...@digitalkingdom.org wrote: So, I started with puppet about two years ago (December 2008). At the time, I was under the impression that the list of Types would grow a lot (i.e. http://docs.puppetlabs.com/references/stable/type.html ). In fact, the file type says: If you find that you are often copying files in from a central location, rather than using native resources, please contact Puppet Labs and we can hopefully work with you to develop a native resource to support what you are doing. The thing is, that list hasn't actually changed all that much as far as I can recall. Instead, what seems to have happened is a lot of user-made modules as the code re-use unit; using the native features of puppet (i.e. lots of file{...} and exec{...}) to emulate new types, essentially; see http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Modules I don't mean this as any kind of criticism, I'm just wondering if this was on purpose? The goal with puppet seemed to be a simple, declarative configuration system, where as many things as possible were handled with native types, and that doesn't seem to be how things have actually gone, and I'm wondering if this represents an injection of pragmatism or a deliberate decision. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Best Practices/Style: add stuff to a file for each host?
(I'm going a bit more for philosophical discussion than practicality here, maybe. Do at least feel free to think in terms of what Puppet *should* do rather than tha fastest way to solve this problem.) There's a pattern I've run into a lot recently mhere a config file needs to be built based on information from a number of puppet managed hosts. Assume here than I mean node in the puppet sense when I say host. *shrug* Use cases: - backups, where each host has directories that need to be backed up, and things need to be done on the individual backup client hosts to handle that, and *also* stuff needs to be done on the backup master - deploy configuration, where each host has a deploy role and it makes most sense to talk about the deploy role in each host's puppet config, but the file that manages the deployment is on the deploy master host - VM configuration, where information about a VM needs to affect data/configuration stored on the host that holds that VM All the same general pattern of action-at-a-distance: configuration on a number of hosts affecting the master config file on a single host. Also, multi-part config files: in at least some of these cases, the information from each host generates some configuration file output, perhaps from a template, but all of those bits of config file need to be merged together into one master config file. These don't seem, to me, to be things puppet handles natively, and (see my other posts) new types don't seem to be being added all that often. So, my question is this: what's the right way to handle this sort of situation? Feel free to break the action-at-a-distance bit and the multipart-config-file-merge bit into seperate pieces, if you like. Thanks so much for your time! -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
On Mon, Jan 10, 2011 at 08:33:06PM -0800, Jesse Wolfe wrote: It's my understanding that we'd like to have more of both! So what should people who have developed new types do to get them included? People do write native (ruby) Types and Providers, and people do write them in Puppet language. Huh? You can write a Type in Puppet? How? I'm only aware of classes and defines, neither of which are that. You go on to say several things that hinge on this question, so I didn't actually respond to them. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] config_version - runs once at daemon startup, not every compile time
Hi All For those that use, or want to use config_version, you might want to watch http://projects.puppetlabs.com/issues/3692 My debugging (with webrick) shows that the puppet server only executes the script defined in config_version at daemon startup, no matter how many clients connect. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 8, 1:02 pm, trey85stang trey85st...@gmail.com wrote: I'm trying to get an idea of what kind of backend setup I would need to run puppet to manage roughly 6000 hosts. No one else has asked, but what's the geographic/network distribution look like? I see puppet by iteself is limited to 10-20; but with mongrel/apache that number shoots up but I am not sure by how much? At puppet camp US I think responses were in the 300-1000 clients/ master range. A dual socket x86_64 whitebox should do at least a few hundred clients. Masters seem to be CPU bound almost all the time. Client run interval, catalog size, and storeconfigs are the biggest factors that come to mind. 2. Should I let a high availability apache frontend manage a puppet backend? Using a front end load balancer, Apache or hardware (F5 etc), works fine. Depending on your DNS control there's also a pending feature to support SRV records for clients to find masters. 3. What is the best way to manage client signing and keeping the pem/ files in sync across such a backend? I'd suggest a single/central CA. The certificate signing/creation ties easily in to the host provisioning (kickstart definition/ec2 setup/ etc) step. Signing on each master works fine, but hinders later management. The CRL/inventory becomes worthless, for example. Storeconfigs is a special issue. At puppet camp SF show of hands had only two large (1000+) sites using store configs. Three or four more wanted to, but couldnt take the performance hit, as I recall. An SQL server is required, with postgres mysql oracle supported IIRC. The performance requirements for that machine shouldn't be too bad. The dataset should be in the MB range, easy to keep in memory. Setting thin_storeconfigs on the masters makes a very large difference in compilation time. A (very) rough estimate for compilation times of 300 resources: 6s with full storeconfigs, 3-4s with 'thin' storeconfigs, and 2s without. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
Huh? You can write a Type in Puppet? How? I'm only aware of classes and defines, neither of which are that. A define is a defined type - it really fills the same role as both a type and a provider. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Custom providers
On Mon, Jan 10, 2011 at 05:06:04PM -0800, pl wrote: Hi, Puppet::Provider::Package defines the prefetch class method. This is called at the beginning of the puppet run to find matches between existing packages and the one you described in your manifest. Prefetch calls instances which should return an array of provider instances. One provider instance for each package with the appropiate property_hash {ensure = whatever-version}. If you dont know how to implement it try with returning an empty array like hpux.rb does. Thanks. I still have this problem that I can't run puppet as a daemon and install packages as any other user. Trying to sudo inside the custom provider fails if puppet is running as a daemon. Is there no way around that? Yes there is. And you will probably dont want to use backticks. You can browse the functions in puppet/lib/util.rb for alternatives. There are different ways to run commands. If you have defined a command like you already did: commands :npm_cmd = /home/node/opt/bin/npm This will mean that puppet will only use the provider if the command is there and you will get a method for free that will run that command. npm_cmd('argument1','argument2') I'm not sure if this will have the output as a return value or just success/failure. To parse output I find execpipe convenient. (You can use command(:my_own_defined_command) to return your command as a string value) execpipe(#{command(:npm_cmd)} list_or_whatever_argument) do |output| output.each_line do |line| # do parsing here end end To run all these as a different user you should (although I never tried it) wrap them in Puppet::Util::SUIDManager.asuser(username, group) do # do stuff here as different user end Just grep for SUIDManager in the sources and you will find examples. You may have to use userids and groupids for that to work i dont know. Hope this helps. -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
On Mon, Jan 10, 2011 at 11:00:24PM -0800, Jesse A Wolfe wrote: Huh? You can write a Type in Puppet? How? I'm only aware of classes and defines, neither of which are that. A define is a defined type - it really fills the same role as both a type and a provider. Well, except for the part where it generally wraps a collection of exec{...} and file{...} calls, which the Puppet documentation says are to be avoided (I assume because they are procedural rather than declarative). So if you're saying those are fine, then that's exactly the change I was talking about. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.