[Puppet Users] Re: Namespace tools?

[Kevin Beckford]

try 

puppet resource --types

each type can be enumerated

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Do people walk the filebucket tree searching by path?

[Trevor Vaughan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I always expected to be able to access the values by path.

Having to recall a hash from a log is pretty much unrealistic without tools to 
help you map the hash to the file at a later date.

I.e. Puppet supplied log parsers/data map store tools, etc...

That's my .02 anyway.

Trevor

On 02/17/2011 04:06 PM, Martin Langhoff wrote:
> On Thu, Feb 17, 2011 at 3:55 PM, Nigel Kersten  wrote:
>> ok. So it's unacceptable for you to refer to logs or reports to get
>> the checksum for a given replacement and then restore the file that
> 
> It's really damn fiddly :-)
> 
> As a git guts hacker, I appreciate that puppet stores things in a
> content addressable filesystem. But when I need to use the info in git
> or in puppet, I refer to it by path :-) ..
> 
> Actually git has some rich syntax to say "the previous version", like
> 
>git diff HEAD^ # the prev commit
>git diff HEAD^^ # two commits back
>git diff HEAD^^ # three commits back ;-)
> 
> that kind of glue is of enormous value.
> 
> 
> 
> m

- -- 
Trevor Vaughan
 Vice President, Onyx Point, Inc.
 email: tvaug...@onyxpoint.com
 phone: 410-541-ONYX (6699)
 pgp: 0x6C701E94

- -- This account not approved for unencrypted sensitive information --
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJNXgGLAAoJECNCGV1OLcypvXMH/3N06b/Qzpw0AarfQg8k4QOO
rqng7+0LmDjJzgmj9bt6fJVy7o4iBtC+24CpjevU4I5jrfLZiQwODdmR/u9CpGUV
vKZuRit9MqqAnvkZB6nTfrQgv95S3x4j9ZFtnfdMQH3JKNOXd0xLKH0hx2NwNmF2
UaNt/nb1DrIaEjNwOV/PAKtFClMcWXYgeb3Jtn5KyZUWC616OqRJaqoXPtLoMoTD
ukOARqQZHKzH9gvLlph/JMqYhshrp3VChAf2homao5KzlFQgXbDnp6uH+/gQf5sC
LMOSum9I9hk+H4PtopuHeFs8AcDDrcuurCLlthL3TPACoudug18NtorxlA6Gs4Q=
=zv67
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

<>

[Puppet Users] logoutput=>on_failure doesn't work as expected

[Bryan]

I'm using puppet 0.25.1.  I've got a simple resource:

exec { "/bin/ls $oracle_base/dba/bin/database_backup.ksh":
logoutput => on_failure,
}

and I don't want it to log every time it's successfully run:

$ sudo tail -F /var/log/messages | grep puppetd
Feb 17 16:36:11 test puppetd[26614]: (//my_module/Exec[/bin/ls /u01/
app/oracle/dba/bin/database_backup.ksh]/returns) executed successfully

but logoutput => on_failure doesn't suppress the above message.

Is that parameter not available in my version of puppet, or am I
perhaps misunderstanding its purpose?  I'm guessing the latter since
it looks like it was introduced 3 years ago.

In the meantime, I'm using this ugly, redundant hack to do what I
want:

exec { "/bin/ls $oracle_base/dba/bin/database_backup.ksh":
unless => "/bin/ls $oracle_base/dba/bin/database_backup.ksh",
}

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Distributing user configs from a central host?

[Robin Lee Powell]

On Thu, Feb 17, 2011 at 09:30:33AM -0800, Daniel Pittman wrote:
> You could use the resource description tool, in a generate call in the
> appropriate resource, to have puppet ruun the process of rebuilding the
> appropriate manifest content on demand.  (Probably needs a little scripting
> wrapped around it to get the content in the right format.)

I'm not following that at all, I'm afraid; especially "the resource
description tool"; can you give me an example?

> For the file content I would add another fileserver mount for
> /home on that system, then serve the content into the appropriate
> target location.

An interesting idea, but I can see some decently heavy security
issues there, and I'm sufficiently ignorant of puppet's security
model to be afraid of them.

-Robin

-- 
http://singinst.org/ :  Our last, best hope for a fantastic future.
Lojban (http://www.lojban.org/): The language in which "this parrot
is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
is "na nei".   My personal page: http://www.digitalkingdom.org/rlp/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Virtual Resources realization problems

[jcbollinger]

On Feb 17, 2:25 pm, Forrie  wrote:
> I have another related question.  What happens when a virtual resource
> such as an NFS mount is not longer needed -- how do you prune that
> from the systems that had it "realized"?   Can you "unrealize" them?

First, let's get the conceptual framework right.  Realizing a virtual
resource for a given node tells Puppet that you want to manage that
resource for that node.  Whether it implies the resource will then be
present depends on the resource's declared properties.  You can always
change your manifest so that those resources are no longer realized on
those nodes, but that won't do what I think you're looking for.

It is important to understand that by default, omitting a resource
from a node's catalog simply leaves it unmanaged, which is not at all
the same thing removing it from the node.  An unmanaged resource might
or might not be present, and if present its properties might have any
values.  From a Puppet perspective, omitting a resource from a node's
catalog means "I don't care."

Most Puppet resource types support particular parameter values that
indicate that the resource should be absent from the node.  Typically,
including for the Mount resource type, that's spelled "ensure =>
absent".  Thus, to get rid of a mount on certain nodes, simply arrange
for the ensure parameter of its corresponding Mount resource to take
the value "absent".  Puppet has several flavors of conditional
statements that can help achieve that.  Advanced Puppeteers might
sometimes use class inheritance to achieve the result by overriding
resource properties.  If the resource is virtual, then you will have
to realize it for that to have any effect.

If, however, you are looking to control on every node whether a
particular resource is present (and if so, its properties), then you
don't want a virtual resource at all.  Instead, you want a concrete
resource whose "ensure" property you twiddle appropriately.

It is also possible to instruct Puppet to remove all unmanaged
resources of given types (see the Resources resource type), but
proceed with extreme caution if you take that approach.  As a special
(but common) case, you can purge unmanaged files and subdirectories of
a given directory via the File resource type's "purge" parameter.


HTH,

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Virtual resources stopped working...

[Steve Shipway]

Since I moved our pre-prod puppet master to RHEL6, things have
broken.  This is how:

We have two classes, 'users' (which defines all our users as virtual)
and 'users::sys' which realises the systems-admin users.

I then have (this is simplified to show the problem):

node basenode  {
  include users
}
node foo inherits basenode {
  include defaults::systems
}
class defaults::systems {
  include users::sys
}

Previously, this worked -- but now, it doesnt!  The virtual users seem
to be created, but nothing is realised.

I also have another class -- sudo -- which is included in basenode.
This uses the class collection in a template file to build the sudoers
file, based on which of the users::xxx classes have been included.
Again, this used to work, but now it seems to be unable to see the
defaults::systems or users::sys classes for some reason.  I know they
are being included because I've added a notice() call in the class to
verify its inclusion.

Why would this be?  Does anyone know any reliable way to list every
class a node is including?  Is there a reason the users::sys class
cannot realise resources defined in users?

We originally tried to use tags to achieve this, but they are
completely useless as they are not global...

Hope someone can help.

Steve

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Namespace tools?

[Master Cho]

Are there any tools/techniques for dumping/browsing all of the
namespaces?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Do people walk the filebucket tree searching by path?

[Martin Langhoff]

On Thu, Feb 17, 2011 at 3:55 PM, Nigel Kersten  wrote:
> ok. So it's unacceptable for you to refer to logs or reports to get
> the checksum for a given replacement and then restore the file that

It's really damn fiddly :-)

As a git guts hacker, I appreciate that puppet stores things in a
content addressable filesystem. But when I need to use the info in git
or in puppet, I refer to it by path :-) ..

Actually git has some rich syntax to say "the previous version", like

   git diff HEAD^ # the prev commit
   git diff HEAD^^ # two commits back
   git diff HEAD^^ # three commits back ;-)

that kind of glue is of enormous value.



m
-- 
 martin.langh...@gmail.com
 mar...@laptop.org -- Software Architect - OLPC
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Do people walk the filebucket tree searching by path?

[Joe McDonagh]

On 02/17/2011 03:55 PM, Nigel Kersten wrote:

On Thu, Feb 17, 2011 at 12:48 PM, Joe McDonagh
  wrote:

I care a lot and had thought that the path would eventually be the main key
for retrieving files, with the checksum being sort of like a revision, with
some extra metadata when you interfaces with the filebucket...

ok. So it's unacceptable for you to refer to logs or reports to get
the checksum for a given replacement and then restore the file that
way?


I'm not sure 'unacceptable' is the word, I'm not going to stop using 
puppet because PL didn't make the filebucket interface to my spec. Just 
sayin, that's how I envisioned it back when I started using Puppet... 
and now with all the fancy doo dads in puppet I'd figure the filebucket 
would have lots of ways to access the data inside.


--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Do people walk the filebucket tree searching by path?

[Nigel Kersten]

On Thu, Feb 17, 2011 at 12:48 PM, Joe McDonagh
 wrote:
> I care a lot and had thought that the path would eventually be the main key
> for retrieving files, with the checksum being sort of like a revision, with
> some extra metadata when you interfaces with the filebucket...

ok. So it's unacceptable for you to refer to logs or reports to get
the checksum for a given replacement and then restore the file that
way?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Do people walk the filebucket tree searching by path?

[Joe McDonagh]

I care a lot and had thought that the path would eventually be the main 
key for retrieving files, with the checksum being sort of like a 
revision, with some extra metadata when you interfaces with the 
filebucket...


On 02/17/2011 03:46 PM, Nigel Kersten wrote:

https://projects.puppetlabs.com/issues/6353

Our old behavior was that when files were backed up to a filebucket,
we also wrote out the path information to the 'paths' file in the
checksum directory.

Do people actually use this functionality? Our sanctioned interface
"puppet filebucket" only ever restored files by checksum, not by path,
but from the wiki and some tickets it looks like we do have users who
construct find/exec commands to search by path.

This leaves us in a somewhat frustrating position. We've broken
functionality that at least some people use, but was essentially
poking into a private implementation of the filebucket.

The whole point of the filebucket at least from a design perspective
was to store and retrieve files by checksum, not by path. However that
doesn't appear to be how everyone uses it.


How much do you all care?




--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Do people walk the filebucket tree searching by path?

[Nigel Kersten]

https://projects.puppetlabs.com/issues/6353

Our old behavior was that when files were backed up to a filebucket,
we also wrote out the path information to the 'paths' file in the
checksum directory.

Do people actually use this functionality? Our sanctioned interface
"puppet filebucket" only ever restored files by checksum, not by path,
but from the wiki and some tickets it looks like we do have users who
construct find/exec commands to search by path.

This leaves us in a somewhat frustrating position. We've broken
functionality that at least some people use, but was essentially
poking into a private implementation of the filebucket.

The whole point of the filebucket at least from a design perspective
was to store and retrieve files by checksum, not by path. However that
doesn't appear to be how everyone uses it.


How much do you all care?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Virtual Resources realization problems

[Forrie]

Thank you!  That worked.  I was actually following an incorrect
example whereby the definition itself was capitalized.

What really irks me here is that the error message I was getting was
irrelevant -- at least, in my opinion it needed to be more specific
with syntactical errors.   There must be some clever tool out there
that will parse puppet scripts for format and syntax.  Something like
that should be available within Puppet itself.  It would have saved me
a lot of trouble.

In any case, a learning experience.

I have another related question.  What happens when a virtual resource
such as an NFS mount is not longer needed -- how do you prune that
from the systems that had it "realized"?   Can you "unrealize" them?

As for the define above for the initial "class dce {" that was typed
out in pseudo code for brevity :-)


Thanks again, I really appreciate it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet on a purely push basis no possible?

[Russell Jackson]

On 02/15/2011 05:37 PM, James Louis wrote:
> in spite of this not actually being a "push" mechanism if it walks like
> a duck. it would be nice if the documentation and previous discussions
> on this were more clear or even better if it's not a "push" then the it
> should be "redefined" within puppet world. IMHO
> 

Actually, almost anything that is referred to as "push" is usually
implemented as some sort of pull trigged via a notification mechanism.

-- 
Russell A Jackson 
Network Analyst
California State University, Bakersfield

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet on a purely push basis no possible?

[James Louis]

I see what you are saying. We are going with a plan to authorize an opening
in the firewall for just the instance of the kick. As any changes to our
production environment require a change request one would have to be created
to allow the ports to be opened just for the kick.

On Tue, Feb 15, 2011 at 9:22 PM, Patrick  wrote:

> I think you're saying that it's close enough that it shouldn't matter.  In
> the context of this thread, there's a huge difference though.  If the puppet
> client is in a DMZ, (and can't connect to the puppetmaster) it needs the
> catalog to be pushed to the client.  Not just the server telling the client
> to pull the config, because the client can't connect to the server since the
> client is locked in the DMZ.
>
> On Feb 15, 2011, at 5:37 PM, James Louis wrote:
>
> in spite of this not actually being a "push" mechanism if it walks like a
> duck. it would be nice if the documentation and previous discussions on this
> were more clear or even better if it's not a "push" then the it should be
> "redefined" within puppet world. IMHO
>
> On Tue, Feb 15, 2011 at 4:07 PM, Daniel Pittman wrote:
>
>> Other people answered other parts of this, but to be totally clear:
>>
>> 'puppet kick' is *NOT* a push mechanism for puppet.  It is a mechanism
>> to trigger the regular, pull-based, puppet run on a specific machine.
>>
>> In the bigger picture I would strongly suggest you just open the
>> single port used for puppet management from the DMZ to the secure
>> network, and allow that (and only that) exception.  Alternately,
>> establish a second puppet master in the DMZ for use there, and feed it
>> catalogs from the same VCS that the internal one uses.
>>
>> (Personally, I would suggest that opening the port is less security
>> auditing overhead than an entire puppet master out in the DMZ, but
>> YM(and auditors)MV.)
>>
>> Daniel
>>
>> On Tue, Feb 15, 2011 at 13:04, James Louis  wrote:
>> > My experience is having "listen = true" in the puppet conf and starting
>> the
>> > client with --no-client does prevent the puppet pull. This works for me
>> so
>> > that I can issue a puppet kick on the server to only serve changes when
>> I
>> > want to.
>> >
>> > On Tue, Feb 15, 2011 at 2:54 PM, Nan Liu  wrote:
>> >>
>> >> On Tue, Feb 15, 2011 at 11:21 AM, Kristopher 
>> wrote:
>> >> > I would like to confirm that the following is not possible:
>> >> > I have servers I would like to manage via puppet in my DMZ, I have my
>> >> > puppet server in the trusted zone of my network. Due to this
>> >> > arrangement (which cannot be changed due to other services running on
>> >> > the puppet master) puppet clients cannot initiate a connection with
>> >> > the puppet master. So I would like to use puppet on a purely push
>> >> > basis using puppet kick.
>> >> >
>> >> > So I handled the cert signing out of band for a client and set up the
>> >> > namespaceauth.conf. The problem is that when I start the client with
>> --
>> >> > no-client and --listen it still tries to connect to the puppet
>> server,
>> >> > which fails because of the firewall rules. In addition when I asked
>> on
>> >> > #puppet I was informed that puppet kick just tells the client to
>> phone
>> >> > home by creating a new connection to request its configs.
>> >> >
>> >> > From all this I came to conclusion that puppet cannot be used on a
>> >> > purely push basis, is this true?  If it is true is it likely to
>> change
>> >> > at any point?
>> >>
>> >> If you do not want the puppet agent to initiate any network connection
>> >> to the puppet master, compile the catalog on the master, ship the
>> >> catalog and dependent files to the agent, then apply the catalog on
>> >> the agent.
>> >>
>> >> Thanks,
>> >>
>> >> Nan
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "Puppet Users" group.
>> >> To post to this group, send email to puppet-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> puppet-users+unsubscr...@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/puppet-users?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > To be is to do = Immanuel Kant
>> > To do is to be = Descartes.
>> > Do be do be do = Frank Sinatra
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Puppet Users" group.
>> > To post to this group, send email to puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>> >
>>
>>
>>
>> --
>> ⎋ Puppet Labs Developer – http://puppetlabs.com
>> ✉ Daniel Pittman 
>> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
>> ♲ Made with 100 percent post-consumer electrons
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To 

[Puppet Users] Re: Virtual Resources realization problems

[Forrie]

Thank you!  That worked.  I was actually following an incorrect
example whereby the definition itself was capitalized.

What really irks me here is that the error message I was getting was
irrelevant -- at least, in my opinion it needed to be more specific
with syntactical errors.   There must be some clever tool out there
that will parse puppet scripts for format and syntax.  Something like
that should be available within Puppet itself.  It would have saved me
a lot of trouble.

In any case, a learning experience.

I have another related question.  What happens when a virtual resource
such as an NFS mount is not longer needed -- how do you prune that
from the systems that had it "realized"?   Can you "unrealize" them?

As for the define above for the initial "class dce {" that was typed
out in pseudo code for brevity :-)


Thanks again, I really appreciate it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Distributing user configs from a central host?

[Daniel Pittman]

You could use the resource description tool, in a generate call in the
appropriate resource, to have puppet ruun the process of rebuilding the
appropriate manifest content on demand.  (Probably needs a little scripting
wrapped around it to get the content in the right format.)

For the file content I would add another fileserver mount for /home on that
system, then serve the content into the appropriate target location.

That way you don't need to copy anything, including the data about the
users, in a static fashion.

Regards,
Daniel
-- 
Puppet Labs Developer –http://puppetlabs.com
Daniel Pittman 
Contact me via gtalk, email, or phone: +1 (877) 575-9775
Sent from a mobile device. Please forgive me if this is briefer than usual.
On Feb 17, 2011 6:45 AM, "Robin Lee Powell" 
wrote:
>
> I have a central server, that happens to be the puppetmaster, that
> has various users on it. I would like to copy out their information
> (name, uid, password, .bashrc, etc) to all my other hosts, but I
> want to let the users change their stuff on that host, so I don't
> want to just stick it in puppet.
>
> My inclination is to just make a script that runs through the passwd
> file and generates puppet instructions out, and also copies the user
> files in question into a place in the puppetmaster directories.
>
> Is there a more-idiomatic way to do that?
>
> -Robin
>
>
> --
> http://singinst.org/ : Our last, best hope for a fantastic future.
> Lojban (http://www.lojban.org/): The language in which "this parrot
> is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
> is "na nei". My personal page: http://www.digitalkingdom.org/rlp/
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble with retrieving information from current source

[rredeno2]

That worked!  I wish I would've just done that earlier.  Ok, so for each 
operating system that I have, I just need a new subdirectory?  That's easy 
enough, and I think that I can figure out how to make it recognize the 
different operating systems.  This also makes me feel better that I 
apparently set everything else up correctly.  Thank you so much for your 
help, even though it turned out to be rather trivial.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Virtual Resources realization problems

[jcbollinger]

Heed Felix's advice.  In particular, do not captialize class,
definition, or resource type names when you *declare* a resource,
including a virtual one.  Do capitalize where you *realize* a virtual
resource.

Also,

On Feb 16, 5:12 pm, Forrie  wrote:
> class dce {
>   define nfsmount(options} {
>  }

If that's a literal cut&paste from your manifest, then you will
probably want to correct its syntax error, too.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble with retrieving information from current source

[Felix Frank]

On 02/17/2011 04:54 PM, rredeno2 wrote:
> The exact file extension is /modules/pam/files/CentOS/login (or $ssh),
> and both the login and sshd files are there .  I was considering
> changing CentOS to Ubuntu to see if this made a difference, but in the
> pam module's init.pp file, it has the $operatingsystem variable where I
> believe the CentOS directory was located.
> (puppet:///modules/pam/$operatingsystem/login)  I was assuming that the
> module takes into account various operating systems, and wasn't sure of
> what effect it would have on the rest of the module if I changed it.  I
> did change $operatingsystem to CentOS to see if having the exact file
> extension would work, but that had the same error, but just with saying
> CentOS instead of Ubuntu in the source file path, so I changed it back.
> 
> And the original two errors are the only ones that I'm getting when I
> run it.

The module structure requires you to have a subdirectory for each client
operatingsystem you deploy with puppet.

I cannot infer what the error cause is when you do have, in fact, a
subdirectory named Ubuntu that contains the needed files. Create this
directory and watch the puppetmaster's debug output during a run once
more (although I fear that may turn up nothing).

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Parameterized class syntax...

[Peter Berghold]

On Thu, Feb 17, 2011 at 4:22 AM, Felix Frank <
felix.fr...@alumni.tu-berlin.de> wrote:

>
>
> What version is your puppetmaster?
>
>
the latest stable version.


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble with retrieving information from current source

[rredeno2]

The exact file extension is /modules/pam/files/CentOS/login (or $ssh), and 
both the login and sshd files are there .  I was considering changing CentOS 
to Ubuntu to see if this made a difference, but in the pam module's init.pp 
file, it has the $operatingsystem variable where I believe the CentOS 
directory was located. (puppet:///modules/pam/$operatingsystem/login)  I was 
assuming that the module takes into account various operating systems, and 
wasn't sure of what effect it would have on the rest of the module if I 
changed it.  I did change $operatingsystem to CentOS to see if having the 
exact file extension would work, but that had the same error, but just with 
saying CentOS instead of Ubuntu in the source file path, so I changed it 
back.

And the original two errors are the only ones that I'm getting when I run 
it.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Distributing user configs from a central host?

[Joe McDonagh]

You can use content => file("/etc/passwd") for example to serve out the 
content from the master's etc passwd.


On 02/17/2011 09:37 AM, Robin Lee Powell wrote:

I have a central server, that happens to be the puppetmaster, that
has various users on it.  I would like to copy out their information
(name, uid, password, .bashrc, etc) to all my other hosts, but I
want to let the users change their stuff on that host, so I don't
want to just stick it in puppet.

My inclination is to just make a script that runs through the passwd
file and generates puppet instructions out, and also copies the user
files in question into a place in the puppetmaster directories.

Is there a more-idiomatic way to do that?

-Robin





--
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
"When the going gets weird, the weird turn pro."

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Fresh node fails puppet run - init script not found before installing package

[jcbollinger]

On Feb 17, 8:05 am, Daniel Piddock  wrote:

I was going to suggest some of the things you report already trying:

> * Flattened the ssh module to remove the class level requires.

I find that better form in this case because I can't imagine a reason
to include/require just ssh::install, and ssh::config will (should)
pull in ssh::install every time via the default dependency it
declares.  As such, there is no functional difference between class
ssh and class ssh::config.  Furthermore, ssh::config and ssh::install
are not so large that there is any code organization advantage to the
split, and putting their contents together better encapsulates their
dependencies.

Nevertheless, even though I prefer a flat module structure in this
case, I don't see why there should have been dependency problems with
the original structure.

> * Put a direct require from Service[ssh] to Package[openssh-server]

I think it's always a good idea for a service to depend directly on
the package that provides it.  I realize that you previously had a
transitive dependency on the package via the config file, but for me
it's not just a matter of getting all the dependencies ordered, but of
modelling the system correctly.  Services should directly depend on
their packages because the packages provide their binaries.  They
should depend on any configuration file and/or init script that you
manage because those influence the service execution.  Whether the
config file / init script also depends on the package is irrelevant as
far as I'm concerned.

Still, I don't see why your original manifest should have suffered
from resource ordering problems.

> Attaching init.pp from ssh module and the client's cached yaml if anyone
> fancies looking.

I am a novice at analyzing Puppet yaml, but I don't see any
relationship edges that correspond to your explicit 'requires' and
'subscribe' dependencies.  That seems suspect to me, but maybe it's
normal.  I do see all the resources, and the 'requires' and
'subscribe' parameters themselves.  If the yaml in fact should contain
relationship edges for the explicit dependencies, then I have no idea
why yours doesn't.

Are you sure that the yaml corresponds to the manifest you posted?  It
looks like it does, but is there any chance that a stale server-cached
catalog was provided by the master?  Could a stale client-cached
catalog have been applied by the client?  There are Puppet
configuration options that can prevent those things: ignorecache,
use_cached_catalog, usecacheonfailure.

Also, do you confirm that the puppet agent fails on that catalog with
exactly the same error you originally posted?  And do you see any
relevant errors in the master's log?

You said you had other, similarly-structured modules that work.  Do
any of them also include Services?  Can you recheck that they in fact
work for the affected node?  Do you see any significant differences
between the manifests?


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Daniel Piddock]

On 17/02/11 14:05, Daniel Piddock wrote:
> On 17/02/11 12:09, Daniel Piddock wrote:
>> I managed to solve the problem by installing the openssh-server package
>> manually so the init script was present. I have other modules with a
>> very similar structure and they weren't throwing up these errors. Odd
>> glitch. Frustrating.
> I tried a few more things and it's still failing:
> * Upgrading the server and client to 2.6.4.
> * Flattened the ssh module to remove the class level requires.
> * Added a node definition so that only the ssh class was included.
> * Put a direct require from Service[ssh] to Package[openssh-server]
> * Syntax errors in init.pp to ensure it's actually reading the right file ;)
>
> Attaching init.pp from ssh module and the client's cached yaml if anyone
> fancies looking.
>
> Dan

Puppet bug.

It's setting the name parameter to not match the title that causes this
example to explode and why the other services weren't.

Issue 5610. Still hasn't been fixed in 2.6.5rc4. Ah well, something else
to work around.

Cheers,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: trouble with retrieving information from current source

[Felix Frank]

On 02/17/2011 03:45 PM, rredeno2 wrote:
> What component do you think I'm missing?

Oops, sorry - I didn't look careful enough yesterday.

So you have a modules/pam/files/Ubuntu/login file?

Does the puppetmaster log any problems of its own during the client run?

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Nigel Kersten]

On Thu, Feb 17, 2011 at 4:09 AM, Daniel Piddock
 wrote:
> On 17/02/11 11:45, Felix Frank wrote:
>>> e.g.: file { 'something': require => Class['ssh'] }
>>> class ssh gets processed but ssh::install and ssh::config might not be,
>>> unless I put a depend on something deeper within it. Which defeats the
>>> idea of organising into classes a bit.
>> Where have you gotten that idea from? Is this documented?
>>
>> AFAIK, requiring Class[ssh] will require all resources declared by class
>> ssh, and it doesn't matter whether those resources are declared through
>> include or directly in the class.
>>
>> Correct me if I'm wrong, please.
>
> My first mail to the group was about this very issue with the conclusion
> of using require instead of include:
> http://groups.google.com/group/puppet-users/browse_thread/thread/64e4dde981c79ffb/bbb8bdc4ab78c328?lnk=gst
>
> A require does require everything defined within the class but it does
> not put a dependency on other classes pulled in by an include.

Yep. If you need to achieve this, you'll need Class[ssh] to require
Clas[ssh::install, ssh::config] rather than simply including.




>
>> If I *am* wrong on this one, here's what should be safer:
>> class ssh {
>>   include ssh::install
>>   require ssh::config
>> }
>>
>> and have all resources in ssh::config require Class[ssh::install], but
>> that would be ugly and a bit evil (although not as evil as requiring two
>> interrelated classes).
>>
>> All this aside, I looked at your error again and begin to doubt that
>> this is the root cause of your problems. Your catalog should either
>> apply or be rejected because of cyclic dependencies. Something else must
>> be fishy. Does the catalog work if your node doesn't include ssh at all?
>
> I managed to solve the problem by installing the openssh-server package
> manually so the init script was present. I have other modules with a
> very similar structure and they weren't throwing up these errors. Odd
> glitch. Frustrating.
>
> Cheers,
> Dan
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: trouble with retrieving information from current source

[rredeno2]

What component do you think I'm missing?

I checked the error again and this is what I've done:

puppetmasterd --verbose --no-daemonize (when I run this command, it
first says that it can't create a PID file, so I have to remove the
old puppetmasterd.pid file, rerun the command, and then it runs.  Is
this the correct way to handle this or is this another error?)

Then I ran  sudo puppetd --server localserver.com --test --debug --
trace and got:

debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::User::ProviderUser_role_add: file roledel does
not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/monitor.cazoodle.com.pem]:
Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/
monitor.cazoodle.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
private_keys]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/
var/lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/public_keys/
monitor.cazoodle.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
public_keys]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: Finishing transaction 70220780888980 with 0 changes
debug: Using cached certificate for ca, good until Fri Jan 22 21:15:06
UTC 2016
debug: Using cached certificate for monitor.cazoodle.com, good until
Fri Jan 22 21:15:06 UTC 2016
debug: Loaded state in 0.00 seconds
info: Retrieving plugin
debug: Using cached certificate for ca, good until Fri Jan 22 21:15:06
UTC 2016
debug: Using cached certificate for monitor.cazoodle.com, good until
Fri Jan 22 21:15:06 UTC 2016
debug: Using cached certificate_revocation_list for ca, good until
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
debug: Finishing transaction 70220780526300 with 0 changes
debug: Executing '/etc/puppet/etckeeper-commit-pre'
debug: catalog supports formats: b64_zlib_yaml marshal pson raw yaml;
using pson
info: Caching catalog for monitor.cazoodle.com
debug: Creating default schedules
debug: Finishing transaction 70220781391100 with 0 changes
debug: Loaded state in 0.00 seconds
debug: //pam/Pam::Accesslogin[systems]/Exec[present : systems : ALL]/
require: requires Exec[prep access.conf]
debug: //pam/Pam::Accesslogin[root]/Exec[present : root : ALL]/
require: requires Exec[prep access.conf]
info: Applying configuration version '1297953008'
debug: //pam/Exec[prep access.conf]: Executing check 'tail -n 1 /etc/
security/access.conf | grep '^\- : ALL : ALL''
debug: Executing 'tail -n 1 /etc/security/access.conf | grep '^\- :
ALL : ALL''
debug: //pam/Pam::Accesslogin[root]/Exec[present : root : ALL]:
Executing check 'grep ' : root : ALL' /etc/security/access.conf'
debug: Executing 'grep ' : root : ALL' /etc/security/access.conf'
debug: //pam/Pam::Accesslogin[systems]/Exec[present : systems : ALL]:
Executing check 'grep ' : systems : ALL' /etc/security/access.conf'
debug: Executing 'grep ' : systems : ALL' /etc/security/access.conf'
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
/usr/lib/ruby/1.8/puppet/parameter.rb:401:in `fail'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:160:in `init_metadata'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `send'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
/usr/lib/ruby/1.8/puppet/util/cacher.rb:46:in `metadata'
/usr/lib/ruby/1.8/puppet/type/file/source.rb:111:in
`copy_source_values'
/usr/lib/ruby/1.8/puppet/type/file.rb:630:in `retri

[Puppet Users] Distributing user configs from a central host?

[Robin Lee Powell]

I have a central server, that happens to be the puppetmaster, that
has various users on it.  I would like to copy out their information
(name, uid, password, .bashrc, etc) to all my other hosts, but I
want to let the users change their stuff on that host, so I don't
want to just stick it in puppet.

My inclination is to just make a script that runs through the passwd
file and generates puppet instructions out, and also copies the user
files in question into a place in the puppetmaster directories.

Is there a more-idiomatic way to do that?

-Robin


-- 
http://singinst.org/ :  Our last, best hope for a fantastic future.
Lojban (http://www.lojban.org/): The language in which "this parrot
is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
is "na nei".   My personal page: http://www.digitalkingdom.org/rlp/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Daniel Piddock]

On 17/02/11 12:09, Daniel Piddock wrote:
> I managed to solve the problem by installing the openssh-server package
> manually so the init script was present. I have other modules with a
> very similar structure and they weren't throwing up these errors. Odd
> glitch. Frustrating.

I tried a few more things and it's still failing:
* Upgrading the server and client to 2.6.4.
* Flattened the ssh module to remove the class level requires.
* Added a node definition so that only the ssh class was included.
* Put a direct require from Service[ssh] to Package[openssh-server]
* Syntax errors in init.pp to ensure it's actually reading the right file ;)

Attaching init.pp from ssh module and the client's cached yaml if anyone
fancies looking.

Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

--- &id001 !ruby/object:Puppet::Resource::Catalog
  aliases: {}
  applying: false
  classes: 
- settings
- dhcp75.int.corefiling.com
- ssh
  edges: 
- &id044 !ruby/object:Puppet::Relationship
  source: &id009 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
parameters: 
  !ruby/sym name: main
reference: !ruby/object:Puppet::Resource::Reference
  title: &id002 main
  type: &id003 Stage
tags: 
  - stage
  - main
title: *id002
type: *id003
  target: &id006 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
parameters: 
  !ruby/sym name: main
reference: !ruby/object:Puppet::Resource::Reference
  title: &id004 Main
  type: &id005 Class
tags: 
  - class
  - main
title: *id004
type: *id005
- &id043 !ruby/object:Puppet::Relationship
  source: *id006
  target: &id033 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
parameters: {}
reference: !ruby/object:Puppet::Resource::Reference
  title: &id007 dhcp75.int.corefiling.com
  type: &id008 Node
tags: 
  - node
  - dhcp75.int.corefiling.com
  - class
title: *id007
type: *id008
- &id042 !ruby/object:Puppet::Relationship
  source: *id009
  target: &id012 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
parameters: {}
reference: !ruby/object:Puppet::Resource::Reference
  title: &id010 Ssh
  type: &id011 Class
tags: 
  - class
  - ssh
  - node
  - dhcp75.int.corefiling.com
title: *id010
type: *id011
- &id036 !ruby/object:Puppet::Relationship
  source: *id012
  target: &id027 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
file: /etc/puppet/modules/ssh/manifests/init.pp
line: 9
parameters: 
  !ruby/sym ensure: latest
reference: !ruby/object:Puppet::Resource::Reference
  title: &id013 openssh-server
  type: &id014 Package
tags: 
  - package
  - openssh-server
  - class
  - ssh
  - node
  - dhcp75.int.corefiling.com
title: *id013
type: *id014
- &id037 !ruby/object:Puppet::Relationship
  source: *id012
  target: &id030 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
file: /etc/puppet/modules/ssh/manifests/init.pp
line: 9
parameters: 
  !ruby/sym ensure: latest
  !ruby/sym name: openssh-client
reference: !ruby/object:Puppet::Resource::Reference
  title: &id015 openssh-clients
  type: &id016 Package
tags: 
  - package
  - openssh-clients
  - class
  - ssh
  - node
  - dhcp75.int.corefiling.com
title: *id015
type: *id016
- &id041 !ruby/object:Puppet::Relationship
  source: *id012
  target: &id025 !ruby/object:Puppet::Resource
catalog: *id001
exported: false
file: /etc/puppet/modules/ssh/manifests/init.pp
line: 25
parameters: 
  !ruby/sym source: 
- puppet:///files/dhcp75.int.corefiling.com/ssh/sshd_config
- puppet:///modules/ssh/sshd_config-int.corefiling.com.Debian
- puppet:///modules/ssh/sshd_config.Debian
  !ruby/sym group: root
  !ruby/sym owner: root
  !ruby/sym mode: "644"
  !ruby/sym require: "Package[openssh-server]"
reference: !ruby/object:Puppet::Resource::Reference
  title: &id017 /etc/ssh/sshd_config
  type: &id018 File

[Puppet Users] Re: Making dependencies work with variable resource names

[jcbollinger]

On Feb 16, 11:50 am, Matthew Pounsett  wrote:
> On 2011/02/16, at 03:44, Felix Frank wrote:
[...]
> I tried that as well (noted in the original post).  That's what generated the 
> error that I included.
>
> Feb 11 17:18:40 puppet-bsd2 puppet-agent[68963]: Could not run Puppet 
> configuration client: Could not find dependency File[/opt/home/2/dev/] for 
> Exec[create-device-/opt/home/2/dev/null] at 
> /usr/local/etc/puppet/production/modules/devices/manifests/init.pp:12
>
> It seems that the problem is that Puppet is expanding the variable in the 
> 'require' but has not yet expanded the variable in the file{} block, and so 
> can't find the file resource to create the dependency tree.
>
> > Although why your original approach didn't work is not quite fathomable
> > to me. If the error persistes, try and make a simplified version of your
> > manifests that reproduces the same problem. Often, this will make a
> > mistake obvious (when it stops to reproduce after all).
>
> This is exactly what I posted.  It's my actual manifests stripped down to 
> just the basics required to demonstrate the problem.

Looking at your manifest more closely, I see that the File resources
you are managing are named without a trailing slash, for example
"$homedir/${service_num}/dev", but the directory parameters you are
passing to your define are specified *with* a trailing slash, i.e.
"$homedir/${service_num}/dev/".  The error message shows that the
missing resource is File[/opt/home/2/dev/] (with a trailing slash),
which indeed you have not declared.  Although the two forms are
generally handed equivalently by the shell, I can fully believe that
Puppet does not consider it safe to treat them equivalently.

Try removing the trailing slashes from your directory names.  I think
that will solve your problem.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Felix Frank]

>> Then simply use it as
>> pooled_user {
>>   "jim": key => "B3N...";
>>   "joe": key => "B3N...";
>>   "jack":key => "BsX...";
>> }
> 
> However, this pieve of code isn't going to work because as my definition
> would look like the following...
> 
> --
> node node1 {
> 
>   pooled_user {
> "jim": key => "B3N...", systemuser => "foo";
> "jim": key => "B3N...", systemuser => "bar";
>   }
> 
> }
> --
> 
> ... making puppet throwing "duplicate definition" errors again because
> the resource name has been declared twice.
> 
> Many thanks for your support! :)

And why would they both be named "jim"? I don't even see why you need
the $systemuser parameter. Just make the resource name be the username
on the system in question.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Jan]

On 02/17/2011 01:14 PM, Jan wrote:

[...]

> I'm sorry for such confusion I've been causing right from the start. So
> I think that you've been right with your first thoughts because what I'm
> trying to achieve is exactly what you've mentioned earlier:
> 
> -> A one-to-many model which makes it possible to copy a users ssh
> pubkey (defined by ssh_authorized_key resource) to multiple local system
> accounts on the same node in order to be able to login. E.g. user "jim"
> shall be able to login to node1 by using system users "foo" and "bar"
> and his respective private key.

Maybe this addresses a new feature to the ssh_authorized_key function? I
think it would be the best do add some kind of array support to that
function being able to assign a pubkey to more then just one user?

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Jan]

On 02/17/2011 12:13 PM, Felix Frank wrote:

[...]

>> When using the realize statement I don't know which naming attribute to
>> use? The "key =>" contains a template or even the PEM encoded key of
>> user "jim" but except it's resource name "jim@uniqe.email_for_$name"
>> there is no naming attribute for this resource.
>>
>> So of course puppet throws an error when using the following definition
>> because virtual resource "jim" cannot be found.
> 
> Sorry if I caused confusion. I didn't mean to suggest you insert a
> key-placeholder in your define. From what I inferred, you were creating
> multiple accounts all sharing the same key. I now think I was mistaken
> there.

I'm sorry for such confusion I've been causing right from the start. So
I think that you've been right with your first thoughts because what I'm
trying to achieve is exactly what you've mentioned earlier:

-> A one-to-many model which makes it possible to copy a users ssh
pubkey (defined by ssh_authorized_key resource) to multiple local system
accounts on the same node in order to be able to login. E.g. user "jim"
shall be able to login to node1 by using system users "foo" and "bar"
and his respective private key.

I think that it shall be pretty simple to handle with puppet. I just
want to define pubkey resources and put them into classes something like
this:

---
define ssh::pubkeys::group1($systemAccount) {

ssh_authorized_key {
'worker1':
ensure => present,
user => "$systemAccount",
name => "unique@string.domain",
type  => ssh-rsa,
key => "$key";
'worker2':
ensure => present,
user => "$systemAccount",
name => "worker1@uniquestring",
type  => ssh-rsa,
key => "$key";
  }

}

define ssh::pubkeys::group2($systemAccount) {

ssh_authorized_key {

  [...]

}
---

Maybe I should start tagging such pubkey resources with there respective
"worker-groups" instead of grouping them by classes/definitions so this
way I would only have to define them in one definition - is this
possible? I'm not familiar with the tagging support of puppet and just
read a few thread topics on the list.

Maybe it could work like this (note the "tag =>" parameters):

---
define ssh::pubkeys($systemAccount) {

ssh_authorized_key {
'worker1':
ensure => present,
tag => workergroup1
user => "$systemAccount",
name => "unique@string.domain",
type  => ssh-rsa,
key => "$key";
'worker2':
ensure => present,
tag => workergroup2h
user => "$systemAccount",
name => "worker1@uniquestring",
type  => ssh-rsa,
key => "$key";
  }

}
---

Maybe it's possible to assign tagged objects with a class or definition
later on? Anyway, as the last step I would like to attach a ssh-pubkey
resource to a node while being able to specify to which user a pubkey
shall be attached:

---
node node1 {

ssh::pubkeys { "jim": systemAccount => ["bar","foo"] }

[...or...]

ssh::pubkeys { "jim": systemAccount => ["bar"] }
ssh::pubkeys { "jim": systemAccount => ["foo"] }

}
---

Hope that helps.

> Anyhow, still building on the given example, it would make most sense
> for you to make the key a parameter:
> 
> define pooled_user($realname="anonymous",$key) {
>   user { "$name": description => $realname, ... }
>   # insert code here to make sure ~/.ssh/ exists etc.
>   ssh_authorized_key { "pubkey_for_$name":
> key => $key, ...
>   }
> }
> 
> Then simply use it as
> pooled_user {
>   "jim": key => "B3N...";
>   "joe": key => "B3N...";
>   "jack":key => "BsX...";
> }

However, this pieve of code isn't going to work because as my definition
would look like the following...

--
node node1 {

  pooled_user {
"jim": key => "B3N...", systemuser => "foo";
"jim": key => "B3N...", systemuser => "bar";
  }

}
--

... making puppet throwing "duplicate definition" errors again because
the resource name has been declared twice.

Many thanks for your support! :)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Daniel Piddock]

On 17/02/11 11:45, Felix Frank wrote:
>> e.g.: file { 'something': require => Class['ssh'] }
>> class ssh gets processed but ssh::install and ssh::config might not be,
>> unless I put a depend on something deeper within it. Which defeats the
>> idea of organising into classes a bit.
> Where have you gotten that idea from? Is this documented?
>
> AFAIK, requiring Class[ssh] will require all resources declared by class
> ssh, and it doesn't matter whether those resources are declared through
> include or directly in the class.
>
> Correct me if I'm wrong, please.

My first mail to the group was about this very issue with the conclusion
of using require instead of include:
http://groups.google.com/group/puppet-users/browse_thread/thread/64e4dde981c79ffb/bbb8bdc4ab78c328?lnk=gst

A require does require everything defined within the class but it does
not put a dependency on other classes pulled in by an include.

> If I *am* wrong on this one, here's what should be safer:
> class ssh {
>   include ssh::install
>   require ssh::config
> }
>
> and have all resources in ssh::config require Class[ssh::install], but
> that would be ugly and a bit evil (although not as evil as requiring two
> interrelated classes).
>
> All this aside, I looked at your error again and begin to doubt that
> this is the root cause of your problems. Your catalog should either
> apply or be rejected because of cyclic dependencies. Something else must
> be fishy. Does the catalog work if your node doesn't include ssh at all?

I managed to solve the problem by installing the openssh-server package
manually so the init script was present. I have other modules with a
very similar structure and they weren't throwing up these errors. Odd
glitch. Frustrating.

Cheers,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ldap.conf modification problem

[Felix Frank]

On 02/15/2011 11:49 PM, Jay N. wrote:
> Hi Puppet Users,
> 
> In my configuration, I modify in the "pre" stage the ldap.conf file
> which is originally generic and useless.
> 
> Then, in the main stage, I try to modify the ownership of files with
> ldap users and groups and I have an error "Cannot find user/group".
> 
> I have done several tests :
> - just after the modification of the ldap.conf, I added an exec
> object : 'id any_ldap_user' and it worked but there were always the
> error when modifying the ownership of files
> - when I do a second puppet pass just after the first without any
> modification, it works and the modifications are applied
> 
> It's like the modification of the ldap.conf wasn't taken into account.
> 
> Any clue?

Hi,

apparently some provider reads your LDAP DB upon initialization, and
cannot catch on to your changes mid-run.

Is there a fact that changes when LDAP was configured (during your first
run)? If so, you could ignore all the dependent resources if LDAP isn't
ready prior to your run (puppet reads facts at startup, too).
A custom fact will work for this as well.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ERB Templates :: defined?("var")

[Felix Frank]

On 02/15/2011 10:24 PM, CraftyTech wrote:
> Hello All,
> 
>  I'm using puppet 0.25.5, and I'm having issues with an ERB template
> and its syntax.  Instead of declaring a var true or false, I'd like to
> do something if the variable is defined, otherwise ignore.  So here's
> what I have in my template:
> 
> <% if defined?("VAR") and VAR == "ABC" then -%>  XYZ <%END -%>

I believe you're looking for the has_variable? function.

> But for some reason, it just ignores it when I defined VAR=ABC.  I'd
> have to do <% if VAR == "ABC" then -%> XYZ, and that works.  But then
> I'd have to define it the VAR true or false, and I just want to have the
> option to define it only when I need it, and not all the time.  Any
> thoughts?

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Felix Frank]

> e.g.: file { 'something': require => Class['ssh'] }
> class ssh gets processed but ssh::install and ssh::config might not be,
> unless I put a depend on something deeper within it. Which defeats the
> idea of organising into classes a bit.

Where have you gotten that idea from? Is this documented?

AFAIK, requiring Class[ssh] will require all resources declared by class
ssh, and it doesn't matter whether those resources are declared through
include or directly in the class.

Correct me if I'm wrong, please.

If I *am* wrong on this one, here's what should be safer:
class ssh {
  include ssh::install
  require ssh::config
}

and have all resources in ssh::config require Class[ssh::install], but
that would be ugly and a bit evil (although not as evil as requiring two
interrelated classes).

All this aside, I looked at your error again and begin to doubt that
this is the root cause of your problems. Your catalog should either
apply or be rejected because of cyclic dependencies. Something else must
be fishy. Does the catalog work if your node doesn't include ssh at all?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Daniel Piddock]

On 17/02/11 08:52, Felix Frank wrote:
> Hi,
>
> On 02/16/2011 05:35 PM, Daniel Piddock wrote:
>> Hey all,
>>
>> I was installing puppet on a freshly installed node and the catalog
>> fails to apply. It immediately bails out with:
>> err: Could not run Puppet configuration client: Could not find init
>> script for 'ssh'
>>
>> This is annoying and odd. ssh service is run by a module in main stage,
>> there is a stage before that which isn't being applied. The service
>> subscribes to a file which in turn requires the package.
>>
>> Can anyone shed light/guess at why puppet is bailing on an init script
>> for a service it hasn't installed yet and shouldn't be worrying about at
>> this stage?
>>
>> Running puppet 2.6.2 on Debian Squeeze. Master is also 2.6.2 on Squeeze.
>>
>> Cheers,
>> Dan
>>
>>
>> modules/ssh/manifests/init.pp
>> class ssh {
>> require ssh::install, ssh::config
>> }
> Why do you use the require function? I think it's dangerous in this
> case, because it probably tries to enforce an ordering. I.e.,
> ssh::config is to be done before the "class ssh" proper. However,
> service "sshd" should require the ssh::install class.
>
> Use include instead of require, and make sure the service requires the
> install class as well. That may just solve your problem.

include doesn't provide a tight enough binding. It simply says "this
would be useful, please process it at some point". With your suggested
change, if another package puts a dependency on ssh module there's no
guarantee that the whole module will be processed in a usable state.

e.g.: file { 'something': require => Class['ssh'] }
class ssh gets processed but ssh::install and ssh::config might not be,
unless I put a depend on something deeper within it. Which defeats the
idea of organising into classes a bit.

I should probably just rewrite all my modules to be single classes
unless there's a clear use for a proper subclass. Puppet's classing
seems broken and my design with requires isn't helping.

I also think this is a tangent to the issue of failing a catalog due to
an init script not being present on a service that has dependencies to
process.

Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Felix Frank]

> No, I created this pool by using some simple resource definitions based
> on the ssh_authorized_key function.

It would be easier if you posted more of your code.

>> You should have a define as follows:
>>
>> define pooled_user($realname="anonymous") {
>>   user { "$name": description => $realname, ... }
>>   # insert code here to make sure ~/.ssh/ exists etc.
>>   ssh_authorized_key { "jim@uniqe.email_for_$name":
>> key => YOUR_KEY_HERE,
>> ...
>>   }
>> }
> 
> I think I didn't got it yet but just to stay with your example I'm using
> the following definition:
> 
> --
> [...]
> 
> define pooled_user($realname="anonymous") {
>   user { "$name": description => $realname, ... }
>   # insert code here to make sure ~/.ssh/ exists etc.
>   ssh_authorized_key { "jim@uniqe.email_for_$name":
> key => "KEY-PLACEHOLDER"
>   }
> }
> 
> [...]
> --
> 
> When using the realize statement I don't know which naming attribute to
> use? The "key =>" contains a template or even the PEM encoded key of
> user "jim" but except it's resource name "jim@uniqe.email_for_$name"
> there is no naming attribute for this resource.
> 
> So of course puppet throws an error when using the following definition
> because virtual resource "jim" cannot be found.

Sorry if I caused confusion. I didn't mean to suggest you insert a
key-placeholder in your define. From what I inferred, you were creating
multiple accounts all sharing the same key. I now think I was mistaken
there.

Anyhow, still building on the given example, it would make most sense
for you to make the key a parameter:

define pooled_user($realname="anonymous",$key) {
  user { "$name": description => $realname, ... }
  # insert code here to make sure ~/.ssh/ exists etc.
  ssh_authorized_key { "pubkey_for_$name":
key => $key, ...
  }
}

Then simply use it as
pooled_user {
  "jim": key => "B3N...";
  "joe": key => "B3N...";
  "jack":key => "BsX...";
}

No need for virtualization or realize() if you haven't needed it before.

Notice that the keys can be identical. The structure will ensure the
names are not.

Hope this makes things more clear.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Jan]

Hi Felix,

thanks for your response.

On 02/17/2011 10:01 AM, Felix Frank wrote:

[...]

> The whole apprach isn't especially sound. Is your "user pool" realized
> using virtual resources?

No, I created this pool by using some simple resource definitions based
on the ssh_authorized_key function.

> You should have a define as follows:
> 
> define pooled_user($realname="anonymous") {
>   user { "$name": description => $realname, ... }
>   # insert code here to make sure ~/.ssh/ exists etc.
>   ssh_authorized_key { "jim@uniqe.email_for_$name":
> key => YOUR_KEY_HERE,
> ...
>   }
> }

I think I didn't got it yet but just to stay with your example I'm using
the following definition:

--
[...]

define pooled_user($realname="anonymous") {
  user { "$name": description => $realname, ... }
  # insert code here to make sure ~/.ssh/ exists etc.
  ssh_authorized_key { "jim@uniqe.email_for_$name":
key => "KEY-PLACEHOLDER"
  }
}

[...]
--

When using the realize statement I don't know which naming attribute to
use? The "key =>" contains a template or even the PEM encoded key of
user "jim" but except it's resource name "jim@uniqe.email_for_$name"
there is no naming attribute for this resource.

So of course puppet throws an error when using the following definition
because virtual resource "jim" cannot be found.

--
[...]

realize(pooled_user[jim])

[...]
--

I have read about virtual resources within the documentation under
http://docs.puppetlabs.com/guides/virtual_resources.html but obviously I
don't know how to handle them.

I've just started learning how to use puppet a few days ago, so it would
be great if you could give me some additional hints on how to make it
through all this.

[...]

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Parameterized class syntax...

[Felix Frank]

> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid
> resource type class at /etc/puppet/manifests/nodes/atldhost0.pp:13 on
> node atldhost0.atl.sharkrivertech.com
> 
> warning: Not using cache on failed catalog
> 
> Line 13 is the closing brace for the "class" statement.

What version is your puppetmaster?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Nested defined resources

[Felix Frank]

> The trained eye can probably see immediately why this doesn't work - it
> tries to instantiate two copies of Python::Package[mock-0.6.0], each
> with different $virtualenv parameters.
> 
> I think I could make this particular process work if I could qualify the
> Python::Package resource names, and then un-qualify them to figure out
> what package to install and what virtualenv to install it in.  Then I
> would have
>   Python::Package[/tools/virtualenv-1|mock-0.6.0]
>   Python::Package[/tools/virtualenv-2|mock-0.6.0]
> 
> In the python::package define, I could split $title into $virtualenv and
> $pkg easily enough with regsubst().  However, how can I take an array of
> bare package names and prepend the virtualenv name and "|" to each one?

Hi,

good thinking. Although this is quite evil, I've recently done the same
to manage a swarm of git clones.

The good thing about regsubst is that it can be applied to arrays,
yielding an array of mangled strings. So my manifests contains (in a
define) something like

$my_repos = regsubst($repos, "\$", "-$name")
my_git_clone { $my_repos: ... }

where $repos is an array parameter.

If anyone has a fundamentally better suggestion, I'm certainly game.

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Virtual Resources realization problems

[Felix Frank]

Hi,

On 02/17/2011 12:12 AM, Forrie wrote:
> I'm somewhat new to Puppet.   I'm trying to establish some Virtual
> Resources so I can realize them based on a TAG.
> 
> The error I continue to get is:
> 
> Feb 16 18:02:38 test-fms puppet-agent[8590]: Could not retrieve
> catalog from remote server: Error 400 on SERVER: Syntax error at
> '201001'; expected '}' at /etc/puppet/modules/dce/manifests/mounts.pp:
> 4 on node test-fms.domain.com
> 
> The structure is, I believe, fairly simple.   I'm using another module
> as a template (ghoneycutt::generic).
> 
> There is a define of "nfsmount" under the init.pp:
> 
> [ file name: init.pp ]
> 
> class dce {
>   define nfsmount(options} {
>  }
> }
> 
> a separate file, mounts.pp has this and is included as "include
> dce::mounts":
> 
> [ file name:  mounts.pp ]
> 
> class dce::mounts {
> 
> # 2010
>  @Dce::Nfsmount { "201001":

why is this capitalized? I disbelieve it should be.

> device  => "10.101.0.133",
> exportPath  => "/dce/prod/201001",
> name=> "/home/201001",
> tag => "2010",
>  }
> 
> } # class dce::mounts
> 
> 
> There is no missing bracket.  I've looked at it a 100 times and I'm
> convinced of this.
> 
> in the final script, called mounttest.pp (also under the "dce" module)
> I'm doing this:
> 
> [ file name:  mounttest.pp ]
> 
> class dce::mounttest inherits dce {
> include dce::mounts
> 
> Dce::Nfsmount <| tag == "2010" |>
> 
> }
> 
> Whether I "inherit" this or not does not change the outcome of the
> error.   I would think that because it's under the same module of dce
> that I would not need to include or inherit it.

Don't go around randomly inheriting classes.

If you need to override a resource, inherit a class (and do not much
more that override resources).
Otherwise, don't inherit (include instead).

HTH,
Felix

> The dce::mounts file is just a list of Virtual Resources, that's it.
> 
> I simply can't understand what I'm doing wrong.  It's probably so
> simple that I'm overlooking it.
> 
> If anyone can lend a hand, I'd appreciate it.
> 
> 
> Thanks!
> 
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Assign a single ssh pubkey to multiple users on the same system

[Felix Frank]

Hi,

try this instead:

On 02/16/2011 11:19 AM, Jan wrote:
> Hi *,
> 
> I would like to create a pool of ssh pubkeys. The major goal is to be
> able to assign a single key to multiple users on a given node/system.
> 
> Okay, lets say we have the users: foo and bar. In my manifest I've
> created the following test definition for resource "jim":
> 
> -
> define sshpubkey::test($user) {
> 
>
ssh_authorized_key { "$name-for-$user":
> ensure => present,
> user => "$user",
> name => "jim@unique.email",
> type  => ssh-rsa,
> key => "[...KEY...]"
>   }
> -

In either case, you cannot name both your sshpubkey::test resources
"jim". Never ever. They must have unique names.

The whole apprach isn't especially sound. Is your "user pool" realized
using virtual resources?

You should have a define as follows:

define pooled_user($realname="anonymous") {
  user { "$name": description => $realname, ... }
  # insert code here to make sure ~/.ssh/ exists etc.
  ssh_authorized_key { "jim@uniqe.email_for_$name":
key => YOUR_KEY_HERE,
...
  }
}

So you can have your user pool consist of virtual "pooled_user"
resources and realize at will.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Install a single pubkey on multiple system accounts located on the same node (duplicate definition error)

[Jan]

Hi *,

On 02/16/2011 11:19 AM, Jan wrote:
> I would like to create a pool of ssh pubkeys. The major goal is to be
> able to assign a single key to multiple users on a given node/system.

so here are some details on what I'm trying to do:


   ___   _  ___
  |   | | ||   |
  | node1 |-| PUB KEY |<---| real user |
  |___| |_||___|
  |  |
  |  |
  |  |
  |  |
 ---   **
 | | **  **
  ___   ___ USER
 |   | |   |*   POOL   *
 |  foo  | |  bar  | **  **
 |___| |___|   **

 .ssh/authorized_keys



The user pool consists of key resources defined by the
ssh_authorized_key type. The users foo and bar are local system accounts.

Pubkey definition:


[...]

define sshpubkey::users($systemAccount) {

ssh_authorized_key {
'jim':
ensure => present,
user => "$systemAccount",
name => "unique@string.domain",
type  => ssh-rsa,
key => "[...]";
  }

[...]


Assigning the key to different users:


[...]

sshpubkey::users { "jim": systemAccount => "bar" }
sshpubkey::users { "jim": systemAccount => "foo" }

[...]


At this point arrays are not working so I think that's because the
ssh_authorized_keys function don't know how to handle them. As another
option I had a look at the ssh::auth class but in fact this solution is
based on key distribution with automatic key generation which I don't need:

http://projects.puppetlabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns

I also had a look at virtual resources but I think that this approach
won't solve my problem either. Guys, I'm stuck and could really use some
help with this. I know that I'm missing something, so any smallest
advice is greatly appreciated. Btw. I'm using puppet 2.6.4.

Many thanks

Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Fresh node fails puppet run - init script not found before installing package

[Felix Frank]

Hi,

On 02/16/2011 05:35 PM, Daniel Piddock wrote:
> Hey all,
> 
> I was installing puppet on a freshly installed node and the catalog
> fails to apply. It immediately bails out with:
> err: Could not run Puppet configuration client: Could not find init
> script for 'ssh'
> 
> This is annoying and odd. ssh service is run by a module in main stage,
> there is a stage before that which isn't being applied. The service
> subscribes to a file which in turn requires the package.
> 
> Can anyone shed light/guess at why puppet is bailing on an init script
> for a service it hasn't installed yet and shouldn't be worrying about at
> this stage?
> 
> Running puppet 2.6.2 on Debian Squeeze. Master is also 2.6.2 on Squeeze.
> 
> Cheers,
> Dan
> 
> 
> modules/ssh/manifests/init.pp
> class ssh {
> require ssh::install, ssh::config
> }

Why do you use the require function? I think it's dangerous in this
case, because it probably tries to enforce an ordering. I.e.,
ssh::config is to be done before the "class ssh" proper. However,
service "sshd" should require the ssh::install class.

Use include instead of require, and make sure the service requires the
install class as well. That may just solve your problem.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.