[Puppet Users] A section with name main already exists (Bug 5231)
Hi all, I'm facing the bug 5231 when running puppet: host has some repos with many section main defined: # grep main * atrpms.repo:[main] cern-extra.repo:[main] cern-extra-srpms.repo:[main] cern-only.repo:[main] cern-only-srpms.repo:[main] cern.repo:[main] cern-srpms.repo:[main] cern-test.repo:[main] cern-test-srpms.repo:[main] cern-update.repo:[main] cern-update-srpms.repo:[main] dag.repo:[main] rhaps2.repo:[main] rhaps2-srpms.repo:[main] and puppet complains about it when adding a repo with no main section: # cat puppet-local-repo.repo [puppet-local-repo] name=puppet-local-repo I see no solution on puppet-bug and the only way I found to by-pass it is moving yum.repos.d direcotry. anyone who already faced it could give me a workaround? Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Multiple packages installation in one yum call
Hello, does anyone know if feature http://projects.puppetlabs.com/issues/2198 had been implemented and how it is possible to use it? I would like to install multiple packages with one single call the the yum packager. Can anyone help me? Thanks Adriana -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Best Practices/Style: add stuff to a file for each host?
Hi On Tuesday, January 11, 2011 5:51:07 AM UTC+1, Robin Lee Powell wrote: (I'm going a bit more for philosophical discussion than practicality here, maybe. Do at least feel free to think in terms of what Puppet *should* do rather than tha fastest way to solve this problem.) There's a pattern I've run into a lot recently mhere a config file needs to be built based on information from a number of puppet managed hosts. Assume here than I mean node in the puppet sense when I say host. *shrug* Use cases: - backups, where each host has directories that need to be backed up, and things need to be done on the individual backup client hosts to handle that, and *also* stuff needs to be done on the backup master - deploy configuration, where each host has a deploy role and it makes most sense to talk about the deploy role in each host's puppet config, but the file that manages the deployment is on the deploy master host - VM configuration, where information about a VM needs to affect data/configuration stored on the host that holds that VM All the same general pattern of action-at-a-distance: configuration on a number of hosts affecting the master config file on a single host. This is exactly the case when you need exported resources and, therefore, storeconfigs. http://projects.puppetlabs.com/projects/1/wiki/Exported_Resources Also, multi-part config files: in at least some of these cases, the information from each host generates some configuration file output, perhaps from a template, but all of those bits of config file need to be merged together into one master config file. You can build a file based on different fragments at least in 2 ways: - When you specify an array of templates , when using the content = argument, these templates are actually appended in the defined order. - With the puppet-concat module by Rip https://github.com/ripienaar/puppet-concat you can build up files based on different fragments (and you can define single fragmensts as exported resources so that they fit the need you expressed). Incidentally, I've started to use it just yesterday, to build named.conf in a bind module, and does exactly what it says. Hope it helps Af -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best Practices/Style: add stuff to a file for each host?
Al @ Lab42: You can build a file based on different fragments at least in 2 ways: - When you specify an array of templates , when using the content = argument, these templates are actually appended in the defined order. - With the puppet-concat module by Rip https://github.com/ripienaar/puppet-concat you can build up files based on different fragments (and you can define single fragments as exported resources so that they fit the need you expressed). I recently adopted puppet-concat, and found it my new big hammer for almost everything. I had previously set up a define for a simple header/body/footer structure where only those who cared would supply a custom body template name as an argument. When it came time to add more smarts, it was trivial to swap out the file resource in the define and insert both a concat and a concat::fragment. I now still have the old three-template API as well as a provide any fragments you like, but know that the header/body/footer have order 01/50/99 mechanism available. One could also use Augeas, but I do not feel that it would fit the original poster's desire to find a strong and helpful standard. Augeas doesn't do well when you need to assert the state of a file overall (which is at the heart of puppet's declarative nature) but with responsibility divided among systems. It does much better when you need to surgically assert one or two lines or stanzas in an otherwise unmanaged file. I'll just say that Augeas is named after a man who let his stables fill up with so much crap that Hercules had to divert two whole rivers to pressure-hose it clean again. You can't make this stuff up. -- These people program the way Victorians dress. It takes two hours and three assistants to put on your clothes, and you have to change before dinner. But everything is modular.-- Miles Nordin, on PAM -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Differences between puppet and puppetd
Hi all, I am using Puppet to execute an Expect script (http://expect.sourceforge.net) on a client. The Puppet recipe, test.pp, is: exec { '/root/test.exp': command = '/root/test.exp', logoutput = true } The recipe runs correctly when run using 'puppet --debug --verbose test.pp': debug: /Stage[main]//Exec[/root/test.exp]: Executing '/root/test.exp' debug: Executing '/root/test.exp' notice: /Stage[main]//Exec[/root/test.exp]/returns: spawn /etc/ssl/misc/CA.pl -newca ... notice: /Stage[main]//Exec[/root/test.exp]/returns: executed successfully However, it fails when run using puppetd: ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) spawn /etc/ssl/misc/CA.pl -newca#015 ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) #015 ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) send: spawn id exp3 not open ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) while executing ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) send password\r ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) (file /root/test.exp line 9)#015 ... puppet-agent[3650]: (/Stage[main]/Mail/Exec[/root/test.exp]/returns) change from notrun to 0 failed: /root/test.exp returned 1 instead of one of [0] at ... Is there any difference in the way Puppet executes a recipe using 'puppet --debug --verbose' compared to using puppetd? Martin. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Differences between puppet and puppetd
On Tue, Jan 11, 2011 at 02:36:42PM +, Martin Harrigan wrote: Hi all, I am using Puppet to execute an Expect script (http://expect.sourceforge.net) on a client. The Puppet recipe, test.pp, is: exec { '/root/test.exp': command = '/root/test.exp', logoutput = true } Is there any difference in the way Puppet executes a recipe using 'puppet --debug --verbose' compared to using puppetd? One issue will be the path. You really do need to set a path for exec with a minimum of '/bin/' on it so that puppetd can find /bin/sh, in my experience. When you run puppet rather than puppetd, it's inheriting your environment with your path. -- Bruce It is impolite to tell a man who is carrying you on his shoulders that his head smells. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: A section with name main already exists (Bug 5231)
On Jan 11, 4:02 am, Arnau Bria arnaub...@pic.es wrote: Hi all, I'm facing the bug 5231 when running puppet: host has some repos with many section main defined: # grep main * atrpms.repo:[main] cern-extra.repo:[main] cern-extra-srpms.repo:[main] cern-only.repo:[main] cern-only-srpms.repo:[main] cern.repo:[main] cern-srpms.repo:[main] cern-test.repo:[main] cern-test-srpms.repo:[main] cern-update.repo:[main] cern-update-srpms.repo:[main] dag.repo:[main] rhaps2.repo:[main] rhaps2-srpms.repo:[main] and puppet complains about it when adding a repo with no main section: # cat puppet-local-repo.repo [puppet-local-repo] name=puppet-local-repo I see no solution on puppet-bug and the only way I found to by-pass it is moving yum.repos.d direcotry. anyone who already faced it could give me a workaround? Bug 5231 is about the lack of clarity and specificity in error messages about conflicts between yum repos, not about the fact that an error was raised in the first place. It sounds like you are expecting Puppet to successfully apply your manifest. If indeed it should do so, then you should file a separate ticket. However, it's not clearcut to me that Puppet should do that. Do versions of yum more recent than 3.2.22 in fact allow [main] sections to appear in .repo files? Version 3.2.22 does not. From the man page for yum.conf(5): There should be only one [main] section. [...] The [main] section must exist (perforce in yum.conf) for yum to do anything. If the yum configuration on your system is faulty then I think it reasonable for Puppet to raise an error in response. I assume that yum itself is not complaining, so perhaps it is silently ignoring the [main] sections in your .repo files. If that's the case then the best workaround is probably to just remove those sections. Alternatively, if yum is in fact using all those [main] sections then you may be able to work around the problem by, for example, merging all the [main] sections together into yum.conf (if that's indeed equivalent to what yum does with them). Cheers, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Access parent resource name and type inside a template
Hi all, A question for those familiar with the internal Puppet APIs: is it possible to access the name and type of the Puppet resource/define that called a template from within that template? There was talk on the list a year ago that mentions scope.compiler.catalog.vertices, but this is a list of all Puppet resources where I just want the one 'current' one, or even better, the ability to determine the parent resource/define of this resource/define (and up and up the chain). It goes against information hiding principles, but it might be nice to say this bit of this file was generated by this Puppet resource. Thanks, -Luke -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet's direction in theory?
On Jan 10, 10:53 pm, Robin Lee Powell rlpow...@digitalkingdom.org wrote: Huh? You can write a Type in Puppet? How? I'm only aware of classes and defines, neither of which are that. Yes, you can, and you can distribute them to clients via Puppet itself. See http://docs.puppetlabs.com/#extending-puppet, and especially http://docs.puppetlabs.com/guides/custom_types.html. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Differences between puppet and puppetd
Thanks Bruce -- setting both path and cwd fixed the problem. On Tue, Jan 11, 2011 at 3:02 PM, Bruce Richardson itsbr...@workshy.orgwrote: On Tue, Jan 11, 2011 at 02:36:42PM +, Martin Harrigan wrote: Hi all, I am using Puppet to execute an Expect script ( http://expect.sourceforge.net) on a client. The Puppet recipe, test.pp, is: exec { '/root/test.exp': command = '/root/test.exp', logoutput = true } Is there any difference in the way Puppet executes a recipe using 'puppet --debug --verbose' compared to using puppetd? One issue will be the path. You really do need to set a path for exec with a minimum of '/bin/' on it so that puppetd can find /bin/sh, in my experience. When you run puppet rather than puppetd, it's inheriting your environment with your path. -- Bruce It is impolite to tell a man who is carrying you on his shoulders that his head smells. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Err: Could not retrieve catalog
Hi everyone, I've managed to sign my client's certificate request on the puppet master, and all seems fine until this message shows up: err: Could not retrieve catalog from remote server: certificate verify failed notice: Using cached catalog err: Could not retrieve catalog; skipping run notice: Caught INT; calling stop I've read through old posts about this error, and I have synchronized the time on both machines. I've also removed and cleaned all certificates prior to signing the certificate. I think I'm one step away, but I don't know what to do. Anyone to the rescue? Many thanks ;) James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Err: Could not retrieve catalog
I removed the ssl again and now its showing: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node pclient: Permission denied - / var/lib/puppet/yaml/node/pclient.yaml notice: Using cached catalog err: Could not retrieve catalog; skipping run notice: Caught INT; calling stop I'm running everything under root. On Jan 11, 10:40 am, James Lee lebronz...@gmail.com wrote: Hi everyone, I've managed to sign my client's certificate request on the puppet master, and all seems fine until this message shows up: err: Could not retrieve catalog from remote server: certificate verify failed notice: Using cached catalog err: Could not retrieve catalog; skipping run notice: Caught INT; calling stop I've read through old posts about this error, and I have synchronized the time on both machines. I've also removed and cleaned all certificates prior to signing the certificate. I think I'm one step away, but I don't know what to do. Anyone to the rescue? Many thanks ;) James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
On Mon, Jan 10, 2011 at 7:57 PM, Robin Lee Powell rlpow...@digitalkingdom.org wrote: So, I started with puppet about two years ago (December 2008). At the time, I was under the impression that the list of Types would grow a lot (i.e. http://docs.puppetlabs.com/references/stable/type.html ). In fact, the file type says: If you find that you are often copying files in from a central location, rather than using native resources, please contact Puppet Labs and we can hopefully work with you to develop a native resource to support what you are doing. The thing is, that list hasn't actually changed all that much as far as I can recall. Instead, what seems to have happened is a lot of user-made modules as the code re-use unit; using the native features of puppet (i.e. lots of file{...} and exec{...}) to emulate new types, essentially; see http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Modules I don't mean this as any kind of criticism, I'm just wondering if this was on purpose? The goal with puppet seemed to be a simple, declarative configuration system, where as many things as possible were handled with native types, and that doesn't seem to be how things have actually gone, and I'm wondering if this represents an injection of pragmatism or a deliberate decision. I don't think there's anything deliberate there. We don't have native Ruby libraries for many of the things sysadmins need to do, and so even when you write a Ruby type/provider, you're often execing out to external binaries anyway. Given the barrier to writing anything in Ruby is higher than doing the same thing in Puppet DSL, I think it's reasonable that people are collecting execs and files together to achieve something concrete. Also I think people have often come to the conclusion that they need several related types in a given problem domain, and so it becomes natural that they distribute these as a module. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: A section with name main already exists (Bug 5231)
On Tue, 11 Jan 2011 07:04:19 -0800 (PST) jcbollinger jcbollinger wrote: Hi, Bug 5231 is about the lack of clarity and specificity in error messages about conflicts between yum repos, not about the fact that an error was raised in the first place. It sounds like you are expecting Puppet to successfully apply your manifest. If indeed it should do so, then you should file a separate ticket. Ok then, sorry for confusing things. As I have a repo conflict problem I thought it was the same case. However, it's not clearcut to me that Puppet should do that. Do versions of yum more recent than 3.2.22 in fact allow [main] sections to appear in .repo files? Version 3.2.22 does not. From the man page for yum.conf(5): There should be only one [main] section. [...] The [main] section must exist (perforce in yum.conf) for yum to do anything. If the yum configuration on your system is faulty then I think it reasonable for Puppet to raise an error in response. My version is yum-2.4.1-11.slc4, its man says same as yours but I have a main section per repo, which is correct/acceptable as yum works perfectly and it's distro default. I've tested my conf (adding some empty main sections per repo ) in Centos 5 with yum 3.2.22 and yum still works fine, ignoring those section. # yum install foo Loading changelog plugin Loading installonlyn plugin [...] No Match for argument: foo Nothing to do I assume that yum itself is not complaining, so perhaps it is silently ignoring the [main] sections in your .repo files. If that's the case then the best workaround is probably to just remove those sections. Ok, I will do that, but seems strange to me that puppet is failing when yum doesn't resulting in puppet more restrictive than yum... Alternatively, if yum is in fact using all those [main] sections then you may be able to work around the problem by, for example, merging all the [main] sections together into yum.conf (if that's indeed equivalent to what yum does with them). Cheers, John Many thanks for your reply John, Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] reserved words
Hi, are there any reserved words i'm not allowed to use in the puppet manifests? I have some strange errors that came up using puppet manifests with variables like - $string - $type - $label After changing these variable names everything worked as expected. Best... Uwe -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster 2.6.x on Ubuntu Lucid
here how i do it: 1. in file /etc/apt/preferences I made several adjustment but for puppet this is the relevant lines # Backport for puppetlabs Package: puppet puppet-common puppetmaster facter Pin: release a=lenny-backports Pin-Priority: 900 2. then created the /etc/apt/sources.list.d/backports.list with the following line deb http://backports.debian.org/debian-backports lenny-backports main contrib non-free 3. once these file has been adjusted/created then add key apt-key adv --keyserver hkp://subkeys.pgp.net --recv-keys 9AA38DCD55BE302B 4. then apt-get update 5. to check apt-cache policy puppetmaster good luck -ls On Jan 10, 5:34 am, Adam Ryczkowski adam.ryczkow...@gmail.com wrote: I like the idea of parametrized classes very much, and I would like to use them. Unfortunately Ubuntu Lucid ships with puppet 2.5.4, which doesn't support it. Does anybody here can tell me, how can I get 2.6.x version of puppet and puppetmaster on Ubuntu? I tried to install puppet from sources, but I failed miserably: The internal installer does little more then copying the ruby scripts. It doesn't create users, directories nor permissions necessary to run puppetmaster, and error messages that are generated on such failed install are cryptic. I am aware ofhttp://packages.debian.org/lenny-backports/puppet, but itsn't strictly Ubuntu and there are missing dependencies, so right now I can't install it (I used to be able to do it few weeks ago, when they had puppet 2.6.2). I am also aware ofhttps://launchpad.net/~mathiaz/+archive/puppet-backports but mathiaz doesn't provide puppetmaster. Can anyone suggest me any hints on how to do it? Maybe there is someone, who actually managed to run puppetmaster on Ubuntu 10.4 and who would share how did he achieve it? Thank you in advance, Adam Ryczkowski -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] reserved words
On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels uwe.bart...@gmail.com wrote: Hi, are there any reserved words i'm not allowed to use in the puppet manifests? I have some strange errors that came up using puppet manifests with variables like - $string - $type - $label The are special variables, not reserved words: also $module_name, $title, $name, $caller_module_name After changing these variable names everything worked as expected. Best... Uwe -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Clients requesting classes
On Tue, Jan 11, 2011 at 02:09:27AM -0800, Exinferis wrote: But what we really want to achieve is not to register every node in our master configuration (hostnames can totally vary so no wildcard matching), but to give the nodes the possibility to request a specific class or to report themselves as a specific type of server. I think that approach is fundamentally wrong. I do not believe that a puppetmaster should allow clients to decide which host they are, or which configuration they receive. The whole point about central configuration is that you manage it centrally; if your clients can decide, how do you determine what is going on without inspecting every host directly? If most of your hosts are going to have the same configuration, but some will differ, why not use the default node for the common configuration and make different entries for other hosts when you need to? What do you gain by having to go and make configuration changes on each host, rather than just changing configurations in one place? I can tell you one thing you lose; you lose the ability to rebuild from scratch a node that died (with, say, an unrecoverable hard disk). If you really want to do this thing, you could achieve it by modifying your default node configuration so that the extra configuration options are contained in classes which are only included if certain facts are true. You then only create those facts on the hosts you want to have those configurations. I urge you not to do this. -- Bruce Hierophant: someone who remembers, when you are on the way down, everything you did to them on the way up. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Clients requesting classes
On Tue, Jan 11, 2011 at 8:57 AM, Bruce Richardson itsbr...@workshy.org wrote: On Tue, Jan 11, 2011 at 02:09:27AM -0800, Exinferis wrote: But what we really want to achieve is not to register every node in our master configuration (hostnames can totally vary so no wildcard matching), but to give the nodes the possibility to request a specific class or to report themselves as a specific type of server. I think that approach is fundamentally wrong. I do not believe that a puppetmaster should allow clients to decide which host they are, or which configuration they receive. The whole point about central configuration is that you manage it centrally; if your clients can decide, how do you determine what is going on without inspecting every host directly? I disagree that this approach is fundamentally wrong, but it's not always appropriate. Imagine you're managing thousands of desktops. Rather than giving them administrative rights, why not allow them to tweak the configuration that they receive and allow them to tune certain parameters that specify the kind of configuration that will be applied? You can use reports to see what the actual state of your fleet is, you don't need to manage a central database for minor differences. If most of your hosts are going to have the same configuration, but some will differ, why not use the default node for the common configuration and make different entries for other hosts when you need to? What do you gain by having to go and make configuration changes on each host, rather than just changing configurations in one place? I can tell you one thing you lose; you lose the ability to rebuild from scratch a node that died (with, say, an unrecoverable hard disk). If you really want to do this thing, you could achieve it by modifying your default node configuration so that the extra configuration options are contained in classes which are only included if certain facts are true. You then only create those facts on the hosts you want to have those configurations. I urge you not to do this. And on the flip side, I say that this is a perfectly valid way of managing certain deployments. -- Bruce Hierophant: someone who remembers, when you are on the way down, everything you did to them on the way up. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: race conditions in using svn update in puppetmaster's /etc/puppet directory?
On Mon, Jan 10, 2011 at 11:34 PM, donavan dona...@desinc.net wrote: On Jan 3, 1:34 pm, James Ralston rals...@pobox.com wrote: So, here's my question: if you are currently using the svn update approach to manage /etc/puppet on the puppetmaster, have you taken conscious steps to help avoid a race condition? A late vote for Ignore It. At puppet camp SF this came up in two breakout sessions I was in. As I can recall two large sites had seen resource/manifest version mismatches occur and ignored the race. Noone in the room had actually had a serious issue because of this. The resolution for everyone present was to just let the next run correct the problem. Another approach is to have a Big Red Button that controls whether or not clients update or not. This can be as simple as an URL that you check before puppet runs, and if the page exists, the clients can update. Then your release process becomes: * Disable all updates * Push changes to production * Wait x minutes to ensure atomic updates * Enable all updates This also has the advantage of giving you a single location that you can use to disable all updates if you've pushed an undesirable change to production that wasn't caught in testing. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Access parent resource name and type inside a template
On Tue, Jan 11, 2011 at 07:06:59AM -0800, luke.bigum wrote: Hi all, A question for those familiar with the internal Puppet APIs: is it possible to access the name and type of the Puppet resource/define that called a template from within that template? There was talk on the list a year ago that mentions scope.compiler.catalog.vertices, but this is a list of all Puppet resources where I just want the one 'current' one, or even better, the ability to determine the parent resource/define of this resource/define (and up and up the chain). It goes against information hiding principles, but it might be nice to say this bit of this file was generated by this Puppet resource. Thanks, -Luke This was mostly done by try and error since I dont know what you can access through scope.* and what they mean but it worked in a short test: # This file was generated by puppet # # Template Sourcefile: %= file % # Puppetmanifest : %= scope.source.file % # Class/Define : %= scope.resource.path % -Stefan pgpxdma8mrS80.pgp Description: PGP signature
Re: [Puppet Users] reserved words
On Jan 11, 2011 8:58 AM, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels uwe.bart...@gmail.com wrote: are there any reserved words i'm not allowed to use in the puppet manifests? I have some strange errors that came up using puppet manifests with variables like - $string - $type - $label The are special variables, not reserved words: also $module_name, $title, $name, $caller_module_name However, watch out that any name exported by the Ruby Kernel module is unavailable in an erb template - they invoke the Ruby method instead. (This is nasty for, say, the 'fork' variable in the template.) While it doesn't sound like that was your problem, it has caught me out more than once. Regards, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] reserved words
On Tue, Jan 11, 2011 at 9:59 AM, Daniel Pittman dan...@rimspace.net wrote: On Jan 11, 2011 8:58 AM, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels uwe.bart...@gmail.com wrote: are there any reserved words i'm not allowed to use in the puppet manifests? I have some strange errors that came up using puppet manifests with variables like - $string - $type - $label The are special variables, not reserved words: also $module_name, $title, $name, $caller_module_name However, watch out that any name exported by the Ruby Kernel module is unavailable in an erb template - they invoke the Ruby method instead. (This is nasty for, say, the 'fork' variable in the template.) feel free to vote on http://projects.puppetlabs.com/issues/5489, I had the same problem, but with a function called y While it doesn't sound like that was your problem, it has caught me out more than once. Regards, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Fwd: [Puppet-dev] Proposal: move parameter/property validation from master to agent
This is a reasonably important thread that I think is of interest to the -users list as well as -dev. I'm happy to take feedback from -users and migrate it to -dev if people don't want to go through the work of subscribing to the dev list. If you do want to, you can do that here: http://groups.google.com/group/puppet-dev/ and you can also follow the thread itself here: http://groups.google.com/group/puppet-dev/browse_thread/thread/51b1a5ce0be9698e -- Forwarded message -- From: Paul Berry p...@puppetlabs.com Date: Tue, Jan 11, 2011 at 10:31 AM Subject: [Puppet-dev] Proposal: move parameter/property validation from master to agent To: puppet-...@googlegroups.com Currently the master is responsible for validating resource parameters and properties. That is, it checks that the user doesn't attempt to use a parameter or property that doesn't exist (for example, 'group { foo: path = bar }'), and it checks that the user doesn't attempt to specify an invalid value for a parameter or property (for example, 'file { /tmp/foo: recurse = cheese }'). Jesse Wolfe and I have been thinking about this in connection with http://projects.puppetlabs.com/issues/4409, and we propose changing this so that validation is done on the agent rather than the master. Advantages we're anticipating: - It is no longer necessary for the master to be aware of types at all, so when a module defines its own native type, it is not necessary to copy it into the master's lib directory - It becomes possible to use different types in different environments; this is especially important when using a test environment to try out changes to a native type on a limited set of nodes before pushing them to all nodes. Disadvantages: - If a catalog fails due to a type validation error, it will be an execution error on the agent rather than a compilation error, so the agent will not be able to fall back to the previous catalog. Any comments on this proposal? This is a change that would likely be made in version 2.7. -- You received this message because you are subscribed to the Google Groups Puppet Developers group. To post to this group, send email to puppet-...@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] reserved words
Why not simple render templates with puppet with safemode templating [1]? this will avoid things like %= File.read /etc/shadow % and such, additionally, it can whitelist which params are allowed to be accessed within the template. I started using it within Foreman recently, and I find it very useful. Ohad [1] - https://github.com/svenfuchs/safemode#readme On Tue, Jan 11, 2011 at 8:15 PM, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 11, 2011 at 9:59 AM, Daniel Pittman dan...@rimspace.netwrote: On Jan 11, 2011 8:58 AM, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels uwe.bart...@gmail.com wrote: are there any reserved words i'm not allowed to use in the puppet manifests? I have some strange errors that came up using puppet manifests with variables like - $string - $type - $label The are special variables, not reserved words: also $module_name, $title, $name, $caller_module_name However, watch out that any name exported by the Ruby Kernel module is unavailable in an erb template - they invoke the Ruby method instead. (This is nasty for, say, the 'fork' variable in the template.) feel free to vote on http://projects.puppetlabs.com/issues/5489, I had the same problem, but with a function called y While it doesn't sound like that was your problem, it has caught me out more than once. Regards, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
On Tue, Jan 11, 2011 at 08:17, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Jan 10, 2011 at 7:57 PM, Robin Lee Powell rlpow...@digitalkingdom.org wrote: So, I started with puppet about two years ago (December 2008). At the time, I was under the impression that the list of Types would grow a lot (i.e. http://docs.puppetlabs.com/references/stable/type.html ). In fact, the file type says: If you find that you are often copying files in from a central location, rather than using native resources, please contact Puppet Labs and we can hopefully work with you to develop a native resource to support what you are doing. [...] I don't think there's anything deliberate there. We don't have native Ruby libraries for many of the things sysadmins need to do, and so even when you write a Ruby type/provider, you're often execing out to external binaries anyway. The other thing I keep in mind is that using a 'define' that wraps some file and exec operations *is* keeping with the spirit of that statement, if not the letter: sure, it defines the type in the DSL, but it means that your nodes are referring to high level types and concepts, not low level implementation details. For example, you could rewrite your 'define apache::site' into a Ruby type/provider pair and *nothing* would have to change for users of it – the fact that it happens to be implemented one way or the other is encapsulated. For what that is worth... Daniel -- ✉ Daniel Pittman dan...@rimspace.net ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet's direction in theory?
On Tue, Jan 11, 2011 at 07:07:58AM -0800, jcbollinger wrote: On Jan 10, 10:53 pm, Robin Lee Powell rlpow...@digitalkingdom.org wrote: Huh? You can write a Type in Puppet? How? I'm only aware of classes and defines, neither of which are that. Yes, you can, and you can distribute them to clients via Puppet itself. See http://docs.puppetlabs.com/#extending-puppet, and especially http://docs.puppetlabs.com/guides/custom_types.html. That's not in the Puppet *language*, that's in Ruby. It was Puppet Types written in the Puppet language that I was expressing surprise at. There are defines, but that's not really the same thing. Again: I don't see anybody distributing custom *resource types*, I see people distributing custom *modules* and defines. Since the docs at http://docs.puppetlabs.com/references/latest/type.html#exec and http://docs.puppetlabs.com/references/latest/type.html#file both say that actual resource types should be use wherever possible. I would therefore expect there to either be a bunch of new types added to Puppet, or a well-known repository of user-created Puppet types, but there are neither of these things AFAICT. Hence, I'm confused. Philosophically speaking, at least. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet's direction in theory?
On Tue, Jan 11, 2011 at 10:41:13AM -0800, Daniel Pittman wrote: The other thing I keep in mind is that using a 'define' that wraps some file and exec operations *is* keeping with the spirit of that statement, if not the letter: sure, it defines the type in the DSL, but it means that your nodes are referring to high level types and concepts, not low level implementation details. For example, you could rewrite your 'define apache::site' into a Ruby type/provider pair and *nothing* would have to change for users of it – the fact that it happens to be implemented one way or the other is encapsulated. I didn't realize it was that clean, actually. Thanks. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Fwd: [Puppet-dev] Proposal: move parameter/property validation from master to agent
On Tue, Jan 11, 2011 at 10:37:52AM -0800, Nigel Kersten wrote: This is a reasonably important thread that I think is of interest to the -users list as well as -dev. I subscribed to puppet-dev a while back and have never seen a single message from it. Assumed it was a quiet list ;) Tried resubscribing and it tells me I am subscribed. Still no messages. -- Bruce Remember you're a Womble. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Clients requesting classes
On Tue, Jan 11, 2011 at 09:05:43AM -0800, Nigel Kersten wrote: I disagree that this approach is fundamentally wrong, but it's not always appropriate. I'll concede I'm being a little over-emphatic, but the OP's situation didn't read to me as if it had anything to justify that approach. And I did tell him how to do it, anyway. Can't say fairer than that. -- Bruce I must admit that the existence of Disneyland (which I know is real) proves that we are not living in Judea in AD 50. -- Philip K. Dick -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] reserved words
On Tue, Jan 11, 2011 at 10:44, Ohad Levy ohadl...@gmail.com wrote: Why not simple render templates with puppet with safemode templating [1]? Last time I looked I didn't find this, if it was available. That was several major versions back though. this will avoid things like %= File.read /etc/shadow % and such, additionally, it can whitelist which params are allowed to be accessed within the template. Hrm. One of the ... useful by coincidence features of templates is that they can do a lot more than native code, for better or worse. I don't object, but I suspect there is a design decision in there. It would be nice if you could add that suggestion to the ticket, though; if you don't I will get to it some time :) Regards, Daniel -- ✉ Daniel Pittman dan...@rimspace.net ⌨ dan...@rimspace.net (XMPP) ☎ +1 503 893 2285 ♻ made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Best Practices/Style: add stuff to a file for each host?
On Tue, Jan 11, 2011 at 05:20:38AM -0800, Al @ Lab42 wrote: You can build a file based on different fragments at least in 2 ways: - When you specify an array of templates , when using the content = argument, these templates are actually appended in the defined order. Can you use exported resources to generate such an array? -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which this parrot is dead is ti poi spitaki cu morsi, but this sentence is false is na nei. My personal page: http://www.digitalkingdom.org/rlp/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: A section with name main already exists (Bug 5231)
On Jan 11, 10:24 am, Arnau Bria arnaub...@pic.es wrote: On Tue, 11 Jan 2011 07:04:19 -0800 (PST) jcbollinger jcbollinger wrote: I assume that yum itself is not complaining, so perhaps it is silently ignoring the [main] sections in your .repo files. If that's the case then the best workaround is probably to just remove those sections. Ok, I will do that, but seems strange to me that puppet is failing when yum doesn't resulting in puppet more restrictive than yum... I agree that it's strange, and I encourage you to file a ticket about it. I suppose that Puppet is trying to treat [main] in your .repo files as a repository section instead of as a superfluous main section. If that's what the problem is then it should be fairly straightforward to fix. Cheers, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Send Reports to Puppet Dashboard
Hi All, I have entered the following statements to the /etc/puppet/ puppet.conf file on my puppet master server so reports will get forwarded to my puppet client that is also running the Puppet Dashboard. I made these entries exactly as the dashboard docs indicated, and I modified the external_node script to use the defined url instead of the localhost default. [main] node_terminus = exec external_nodes = /etc/puppet/bin/external_node reports = http, store reporturl = fedorahost.ocfl.net:3000/reports However, when I restart the puppet master daemon I get the errors below. Has anyone seen this problem before, and if so, can you possibly tell me how to fix it? When I comment out the entries I made in [main], the puppet master and puppet clients work perfectly. I believe that the connection refused and No route to host are spurious messages and not truly indicative of the problem. Jan 11 11:14:18 fedorahost1 puppet-master[2572]: Reopening log files Jan 11 11:14:18 fedorahost1 puppet-master[2572]: Starting Puppet master version 2.6.4 Jan 11 11:19:16 fedorahost1 puppet-master[2572]: Failed to find fedorahost.ocfl.net via exec: Execution of '/etc/puppet/bin/ external_node fedorahost.ocfl.net' returned 1: /usr/lib/ruby/1.8/net/ http.rb:560:in `initialize': Connection refused - connect(2) (Errno::ECONNREFUSED)#012#011from /usr/lib/ruby/1.8/net/http.rb:560:in `open'#012#011from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'#012#011from /usr/lib/ruby/1.8/timeout.rb:53:in `timeout'#012#011from /usr/lib/ruby/1.8/timeout.rb:101:in `timeout'#012#011from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'#012#011from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'#012#011from /usr/lib/ruby/1.8/net/http.rb:542:in `start'#012#011from /usr/lib/ruby/1.8/net/http.rb:440:in `start'#012#011from /etc/puppet/bin/external_node:20 Jan 11 11:19:16 fedorahost1 puppet-master[2572]: Could not find node 'fedorahost.ocfl.net'; cannot compile Jan 11 11:19:16 fedorahost1 puppet-master[2572]: Report http failed: No route to host - connect(2) Thanks, Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
It may also be worth looking at some form of improved scheduling in order to avoid a thundering herd of requests to your puppetmasters. One option that looks interesting (about to try it myself) is to use mcollective: http://www.devco.net/archives/2010/03/17/scheduling_puppet_with_mcollective.php One other thing I've not seen mentioned in this thread is to use a dedicated fileserver: http://www.masterzen.fr/2010/01/28/puppet-memory-usage-not-a-fatality/ http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Scalability It'd be interesting to see how you get on. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Selector with arrays
Hello, I like to use selectors like this in a few locations: $shell = $operatingsystem ? { 'freebsd' = '/usr/local/bin/bash', default = '/bin/bash', } However it appears broken if I use an array value as my selection criteria: $info = [ acrews, Adam, /bin/bash ] $shell = $info[2] ? { /bin/ = $info[2], default = /sbin/nologin, } I get: Syntax error at '?'; expected '} If I do this it works: $info = [ acrews, Adam, /bin/bash ] $AA = $info[2] $shell = $AA ? { /bin/ = $info[2], default = /sbin/nologin, } This is just an example, I actually populate $info from an extlookup in a define that returns basically the same array. Am I doing something wrong, or is this a bug? Thanks -Adam -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 11, 1:05 am, Carles Amigó fr...@fr3nd.net wrote: What data is exactly discarded with thin storeconfigs? Effectively only facts and exported resources are stored for each node[1]. This is opposed to storing the complete set of resources (and other stuff?) for each node. For normal puppet usage there's no loss to using thin_storeconfigs. The full set is useful if you want to query it as part of an external process. A monitoring or inventory service, for example. Bryce F did most of the work that actually made storeconfigs useful. There are some very good posts on his blog[2]. [1] http://docs.puppetlabs.com/references/2.6.3/configuration.html#thinstoreconfigs [2] http://www.masterzen.fr/tag/storeconfigs/ On Jan 11, 1:47 pm, Adrian Bridgett adrian.bridg...@gmail.com wrote: It may also be worth looking at some form of improved scheduling in order to avoid a thundering herd of requests to your puppetmasters. Using a cron resource with fqdn_rand() interval works pretty well and is dead simple. cron { puppet_agent: command = 'puppet agent -- onetime', minute = [fqdn_rand(30), (fqdn_rand(30) + 30)] } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Send Reports to Puppet Dashboard
On Jan 11, 2011, at 12:13 PM, Mike wrote: [main] node_terminus = exec external_nodes = /etc/puppet/bin/external_node reports = http, store reporturl = fedorahost.ocfl.net:3000/reports However, when I restart the puppet master daemon I get the errors below. Has anyone seen this problem before, and if so, can you possibly tell me how to fix it? When I comment out the entries I made in [main], the puppet master and puppet clients work perfectly. I believe that the connection refused and No route to host are spurious messages and not truly indicative of the problem. Load up a webbrowser and point it to http://fedorahost.ocfl.net:3000/ . You should get a webpage. I'm guessing that you don't have Dashboard started. (Or possibly misconfigured) If Dashboard isn't started, your webbrowser will tell you connection refused or webpage not found or something similar. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppetmaster 2.6.x on Ubuntu Lucid
On Jan 11, 2011, at 8:52 AM, Luc Suryo wrote: 1. in file /etc/apt/preferences I made several adjustment but for puppet this is the relevant lines # Backport for puppetlabs Package: puppet puppet-common puppetmaster facter Pin: release a=lenny-backports Pin-Priority: 900 2. then created the /etc/apt/sources.list.d/backports.list with the following line deb http://backports.debian.org/debian-backports lenny-backports main contrib non-free You said this, but I want to make this very clear. If you're using puppet to deploy this, Make sure that step 2 will not happen until step 1 is complete. Remember, it's possible for file copies to fail if the server is overloaded or if you just have bad luck. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
We had trouble scaling with 400+ nodes. Puppet server is a VM on an ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly kick in OOM which would kill off most if not all of the 10 puppetmaster instances. We felt scheduling a restart of the puppetmasters a few times a day was not a sustainable solution. So we are in the midst of moving to removing the server from the equation altogether. Seeing as all nodes have a common NFS mount(s), we are testing moving to simply calling puppet with the sites.pp file as the only command line argument. So far in testing, it has been working great. Just thought I'd mention this as a potential option. On Jan 12, 9:15 am, donavan dona...@desinc.net wrote: On Jan 11, 1:05 am, Carles Amigó fr...@fr3nd.net wrote: What data is exactly discarded with thin storeconfigs? Effectively only facts and exported resources are stored for each node[1]. This is opposed to storing the complete set of resources (and other stuff?) for each node. For normal puppet usage there's no loss to using thin_storeconfigs. The full set is useful if you want to query it as part of an external process. A monitoring or inventory service, for example. Bryce F did most of the work that actually made storeconfigs useful. There are some very good posts on his blog[2]. [1]http://docs.puppetlabs.com/references/2.6.3/configuration.html#thinst... [2]http://www.masterzen.fr/tag/storeconfigs/ On Jan 11, 1:47 pm, Adrian Bridgett adrian.bridg...@gmail.com wrote: It may also be worth looking at some form of improved scheduling in order to avoid a thundering herd of requests to your puppetmasters. Using a cron resource with fqdn_rand() interval works pretty well and is dead simple. cron { puppet_agent: command = 'puppet agent -- onetime', minute = [fqdn_rand(30), (fqdn_rand(30) + 30)] } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Tue, Jan 11, 2011 at 2:45 PM, DaveQB david.w...@drdstudios.com wrote: We had trouble scaling with 400+ nodes. Puppet server is a VM on an ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly kick in OOM which would kill off most if not all of the 10 puppetmaster instances. We felt scheduling a restart of the puppetmasters a few times a day was not a sustainable solution. Ruby version? Puppet version? Puppet server architecture? (mongrel, webrick, passenger, etc) So we are in the midst of moving to removing the server from the equation altogether. Seeing as all nodes have a common NFS mount(s), we are testing moving to simply calling puppet with the sites.pp file as the only command line argument. So far in testing, it has been working great. Just thought I'd mention this as a potential option. On Jan 12, 9:15 am, donavan dona...@desinc.net wrote: On Jan 11, 1:05 am, Carles Amigó fr...@fr3nd.net wrote: What data is exactly discarded with thin storeconfigs? Effectively only facts and exported resources are stored for each node[1]. This is opposed to storing the complete set of resources (and other stuff?) for each node. For normal puppet usage there's no loss to using thin_storeconfigs. The full set is useful if you want to query it as part of an external process. A monitoring or inventory service, for example. Bryce F did most of the work that actually made storeconfigs useful. There are some very good posts on his blog[2]. [1]http://docs.puppetlabs.com/references/2.6.3/configuration.html#thinst... [2]http://www.masterzen.fr/tag/storeconfigs/ On Jan 11, 1:47 pm, Adrian Bridgett adrian.bridg...@gmail.com wrote: It may also be worth looking at some form of improved scheduling in order to avoid a thundering herd of requests to your puppetmasters. Using a cron resource with fqdn_rand() interval works pretty well and is dead simple. cron { puppet_agent: command = 'puppet agent -- onetime', minute = [fqdn_rand(30), (fqdn_rand(30) + 30)] } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could not retrieve catalog from remote server
What does this error mean or what does it indicate? puppet-agent: Could not retrieve catalog from remote server: Could not intern from pson: source did not contain any PSON! What can I try to resolve it? uninstall/reinstall puppet on the client? I found a bug report, but not much info in it: http://projects.puppetlabs.com/issues/5547 Thanks, Mohamed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Considerations for puppet/cluster to manage 6000 hosts.
On Jan 11, 2:45 pm, DaveQB david.w...@drdstudios.com wrote: We had trouble scaling with 400+ nodes. Puppet server is a VM on an ESX cluster with 3.5GB of ram and 1.5GB of swap but would regularly kick in OOM which would kill off most if not all of the 10 puppetmaster instances. This is very surprising to me. Is this .24 or .25 per chance serving large files via the File resource per chance? There were some big memory improvements in File handling around 2.6.0. Using 2.6.x, Ruby 1.8.7, Apache 2.2 and passenger I'd expect around 100-200mb usage per process. Even that seems a bit high to me, though I don't know what's shared and whats resident off hand. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple packages installation in one yum call
On Jan 11, 3:09 am, Adriana adriana.tele...@gmail.com wrote: Hello, does anyone know if featurehttp://projects.puppetlabs.com/issues/2198 had been implemented and how it is possible to use it? I don't think it's made it into the puppet codebase yet. It should be pretty simple to run the contributed patch though. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] reserved words
On Tue, Jan 11, 2011 at 7:47 PM, Naresh V nares...@gmail.com wrote: On 11 January 2011 22:27, Dan Bode d...@puppetlabs.com wrote: On Tue, Jan 11, 2011 at 1:36 AM, Uwe Bartels uwe.bart...@gmail.com wrote: [...] The are special variables, not reserved words: also $module_name, $title, $name, $caller_module_name Hi Dan, (sorry for the minor thread-hijack) What's the difference between $module_name and $caller_module_name? When I was attempting to use a parser function[1] I wrote to simplify my argument to the source param in file resources, I tried to assign $module_name to the name of the module and use lookupfile($module_name, cluebringer.conf) and got: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Cannot reassign variable module_name at /etc/puppet/modules/cbpolicyd/manifests/init.pp:15 on node outbound-us2 I didn't know/follow that it was due to $module_name being a special variable. I had this in my module: class cbpolicyd { $module_name = cbpolicyd this is the offending line, you don't have to specify this, it should already be set. try putting a notice($module_name) here file { /etc/policyd/cluebringer.conf: group = root, mode = 0644, source = lookupfile($module_name, cluebringer.conf), require = Package[cluebringer], notify = Service[cbpolicyd]; } ... multiple file resources ... } Now I think I might be able to simplify lookupfile() by assuming $module_name (or $caller_module_name) as an implicit argument within lookupfile.rb[1] and thereby having to just use: source = lookupfile(cluebringer.conf) -Naresh [1]: http://dpaste.com/hold/308475/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.