Re: [Puppet Users] Re: Puppet + Nginx + Passenger: Certificate Request Problem
My working setup: puppet.conf [master] section has the following: # Passenger SSL envvars ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY applicable parts of nginx.conf: env PATH [...] http { [...] passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.2; passenger_ruby /usr/bin/ruby; server { listen 8140; server_name _; access_log /var/log/nginx/puppetmaster.log; error_log /var/log/nginx/puppetmaster_error.log; ssl on; ssl_certificate /var/lib/puppet/ssl/certs/[PUPPETMASTERFQDN].pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/[PUPPETMASTERFQDN].pem; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; ssl_verify_client optional; root /etc/puppet/rack/public; passenger_enabled on; passenger_min_instances 2; passenger_set_cgi_param SSL_CLIENT_S_DN $ssl_client_s_dn; passenger_set_cgi_param SSL_CLIENT_VERIFY $ssl_client_verify; } No custom config.ru stuff here, just ARGV --rack. Eric -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] trouble with my virtual user setup
Hi, no, the namings scheme is in fact perfectly fine. That is why you should *not* import the modules. Since you're using sane naming conventions, your classes can be autoloaded. It is good practice to not use any import statements whatsoever (as far as modules are concerned). The only problem I can easily discern is that the password hash is double quoted, and puppet will try and substitute variables. Use single quotes or escape the dollar signs. What's the problem you're facing with this manifest? Cheers, Felix On 03/31/2011 01:40 AM, Denmat wrote: Hi, Can't test this, but isn't this declaration around the wrong way? # virtual.pp # class virtual_users::virtual I would expect: # virtual.pp # class virtual::virtual_users As I say, can't test before I reply. Cheers On 31/03/2011, at 7:33, MariaS maria.thompson-s...@ucop.edu mailto:maria.thompson-s...@ucop.edu wrote: # virtual.pp # class virtual_users::virtual -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Set password for local user account but not for remote accounts in LDAP/AD
I have a list of virtual users define (like the example below) and the same account will be realized on servers where the account will be local (/etc/passwd), but also on servers which have local accounts and remote accounts (like LDAP and/or AD). @user { userx: ensure = present, uid = 500, gid = 200, groups = users, comment = User x, home = /home/userx, password = blablabla, shell= /bin/bash, managehome = true, } For local accounts, this works fine, but for LDAP/AD enabled servers, puppet also wants to change the password and this is not what I want. Is there a way to skip setting the password for LDAP/AD enabled servers ? NOTE: At this moment I have to change the virtual user definition by commenting (out) the password line each time. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Exclude a resource from reports
A little while back I asked how to make puppet not report on a resource.. and was shown the loglevel metaparam: Quoting bell...@nsc.liu.se: There is a metaparameter called 'loglevel'. If you set that to something lower than notice (i.e. either info or debug), then Puppet won't report that it applied the resource... So I made my resource like this: file { /etc/mcollective/facts.yaml: ensure = file, content = inline_template(%= scope.to_hash.reject { |k,v| (!( k.is_a?(String) v.is_a?(String) ) || (k =~ /password/i)) }.to_yaml %), noop = false, loglevel = debug, } This results, indeed, in the corresponding events not appearing in the logs received by puppetmaster (in syslog) I then noticed that the reports, as shown by foreman, still contain these events. It shows there there was one applied change, though it does not show what resource it is. Why is that? someone also suggested I used an Exec resource like so: exec { generate_facts_yaml: command = /bin/false, unless = do the real work here, } Can I generate a file's content, from an inline template, in an Exec like above? How can I do that? Thanks a lot. Mohamed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exclude a resource from reports
someone also suggested I used an Exec resource like so: exec { generate_facts_yaml: command = /bin/false, unless = do the real work here, } Can I generate a file's content, from an inline template, in an Exec like above? How can I do that? Bah, that's an ugly hack. You might want to try: $content = inline_template(...) exec { generate_facts_yaml: command = /bin/false, unless = echo '$content' /path/to/file, } Note that despite never logging anything, this *will* fire on each catalog run. It's bound to disturb whoever else needs to maintain your manifests. Don't do it if you can avoid it in any possible way. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exclude a resource from reports
Thanks Felix. I do want it to fire all the time, and I will add noop=false to be explicit. but it does not look safe as the $content could contain single quotes, could it not? $content = inline_template(...) exec { generate_facts_yaml: command = /bin/false, unless = echo '$content' /path/to/file, } On Thu, Mar 31, 2011 at 9:34 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: someone also suggested I used an Exec resource like so: exec { generate_facts_yaml: command = /bin/false, unless = do the real work here, } Can I generate a file's content, from an inline template, in an Exec like above? How can I do that? Bah, that's an ugly hack. You might want to try: $content = inline_template(...) exec { generate_facts_yaml: command = /bin/false, unless = echo '$content' /path/to/file, } Note that despite never logging anything, this *will* fire on each catalog run. It's bound to disturb whoever else needs to maintain your manifests. Don't do it if you can avoid it in any possible way. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] failed dependancy on augas provider doesn't let me install the dependancy
On Mar 25, 2011, at 6:55 AM, Rudy Gevaert wrote: When my initial run doesn't need augeas the augeas dependencies are installed. If I then need augeas in a following run it works too. Of course the problem can be fixed by either making sure the augeas dependencies are installed before my first run without using puppet. Are there any ways how I can still fix it with puppet? I suppose you could have Puppet install all the Augeas packages and then specify a “require” for those packages on each and every Agueas resource you define, but that sounds awful. Of course the best way to fix it, as you pointed out, is to take whatever mechanism is installing Puppet and have it install Augeas too. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] manage /etc/passwd and /etc/group
Hi again, I am trying to add the following to my /etc/passwd and /etc/group files +: and +::: this is for ldap search on the servers. I am note quite sure on howto do this, I tryed with the following code augeas{ groups ldap: context = /files/etc/group, changes = [ ins group after group[last()], set group[last()] '+', set group[. = '+']/id :, ], } well this did not quite work out :) puppet-agent[8348]: (/Stage[main]/Ldappam/Augeas[groups ldap]) Could not evaluate: Error sending command 'ins' with params [group, after, /files/etc/group/group[last()]]/Error sending command 'ins' with params [group, after, /files/etc/group/group[last()]] also I am missing the onlyif statement, but I could not figure out on howto do this... so if anyone has a working example I would be quite happy. I also tryed with the group / user type reference, but this did not work either for me. thnx for the help stefanero -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Set password for local user account but not for remote accounts in LDAP/AD
On Mar 31, 5:55 am, rvlinden rene.vanderlinde...@gmail.com wrote: I have a list of virtual users define (like the example below) and the same account will be realized on servers where the account will be local (/etc/passwd), but also on servers which have local accounts and remote accounts (like LDAP and/or AD). @user { userx: ensure = present, uid = 500, gid = 200, groups = users, comment = User x, home = /home/userx, password = blablabla, shell = /bin/bash, managehome = true, } For local accounts, this works fine, but for LDAP/AD enabled servers, puppet also wants to change the password and this is not what I want. Is there a way to skip setting the password for LDAP/AD enabled servers ? NOTE: At this moment I have to change the virtual user definition by commenting (out) the password line each time. On your LDAP-based nodes, try realizing your users this way: # All virtual users User| | { password = undef } or this way: # Specific virtual user User| title == 'userx' | { password = undef } Or, you could write your declarations differently: @user { userx: ... password = $i_am_an_ldap_node ? { 'yes' = undef, default = blablabla } ... } Or, you could create a subclass of the class that declares your users, and in it override all the users' passwords to undef. Then include that subclass on the ldap-based nodes (either instead of or in addition to its base class; it doesn't matter). There are other alternatives, but all of the ones I can think of introduce duplication into your manifests. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Use puppet to preconfigure gnome gvfs shares
Hello, I'm looking for a neat solution for this kind of need: we're looking for a way to deploy pre-configured gnome workstations on a large corporate network. The most interesting tool is sabayon, but it is not allowing to pre-populate nautilus bookmarks with gvfs samba shares (having a preconfigured set of shares for the users is a very easy task on Windows AD domains). The easiest way seems to push a predefined .gtk-bookmarks file into the /home/username directory, further customized for his network share (i.e. //myserver/username/share). Here's the problem: how to instruct puppet to generate a customized file with the interpreted username variable, and how to tell puppet to place this file in /home/username? Ideally, the file should be created only at first login to avoid existing bookmarks to be overwritten... Alternative solutions are obviously welcome! Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] test manifests?
Reading through the recently published style guide, I see http://docs.puppetlabs.com/guides/style_guide.html#tests saying: All manifests should have a corresponding test manifest in the module’s tests directory. Is there any documentation on how these work? I couldn't find anything in the documentation on puppetlabs or any mention in release notes. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] test manifests?
On Thu, Mar 31, 2011 at 8:20 AM, Clay Caviness ccavin...@gmail.com wrote: Reading through the recently published style guide, I see http://docs.puppetlabs.com/guides/style_guide.html#tests saying: All manifests should have a corresponding test manifest in the module’s tests directory. the idea is to have maintain basic tests written in Puppet for all of your manifests in a module. they can serve not only as basic smoke tests, but also as a reference for example code of how a class/define should be used. the simplest tests would be: class{ 'foo': } more complicated tests would involve specifying required dependencies and parameters. Is there any documentation on how these work? I couldn't find anything in the documentation on puppetlabs or any mention in release notes. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] test manifests?
On Thu, Mar 31, 2011 at 11:29, Dan Bode d...@puppetlabs.com wrote: On Thu, Mar 31, 2011 at 8:20 AM, Clay Caviness ccavin...@gmail.comwrote: Reading through the recently published style guide, I see http://docs.puppetlabs.com/guides/style_guide.html#tests saying: All manifests should have a corresponding test manifest in the module’s tests directory. the idea is to have maintain basic tests written in Puppet for all of your manifests in a module. they can serve not only as basic smoke tests, but also as a reference for example code of how a class/define should be used. But when/how are these tests run? the simplest tests would be: class{ 'foo': } more complicated tests would involve specifying required dependencies and parameters. Are there examples and documentation on how they should work available anywhere? Is there any documentation on how these work? I couldn't find anything in the documentation on puppetlabs or any mention in release notes. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom Puppet CA?
Can someone, anyone, help me understand what it takes -- if indeed it's even possible -- to use a custom CA with puppetmasterd. Such that, for every client it signs, the cert for that client actually says something meaningful about my organization, and was ultimately signed by our own root CA. I made a valid sub-CA for my puppet server, signed by my organization's root CA. I placed those files carefully into /var/lib/ puppet/ssl/ca and put the necessary path declarations into puppet.conf. Nevertheless, puppetmasted stubborn refuses to accept this certificate. [root@nagios puppet]# /usr/sbin/puppetmasterd --debug --verbose --no- daemonize debug: Failed to load library 'rubygems' for feature 'rubygems' debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/ dscl does not exist debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/server_data]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/ lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring File[/var/lib/puppet/ssl] debug: /File[/var/run/puppet/master.pid]: Autorequiring File[/var/run/ puppet] debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/manifests]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/ puppet] debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/ var/lib/puppet/ssl] debug: /File[/var/lib/puppet/ssl/public_keys/puppet.renci.org.pem]: Autorequiring File[/var/lib/puppet/ssl/public_keys] debug: /File[/var/lib/puppet/yaml]: Autorequiring File[/var/lib/ puppet] debug: /File[/etc/puppet/fileserver.conf]: Autorequiring File[/etc/ puppet] debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/ puppet/ssl] debug: /File[/etc/puppet/auth.conf]: Autorequiring File[/etc/puppet] debug: /File[/var/lib/puppet/reports]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/bucket]: Autorequiring File[/var/lib/ puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet.renci.org.pem]: Autorequiring File[/var/lib/puppet/ssl/private_keys] debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /File[/var/log/puppet/masterhttp.log]: Autorequiring File[/var/ log/puppet] debug: /File[/var/lib/puppet/ssl/private_keys/puppet.renci.org.pem]/ mode: mode changed '640' to '600' debug: /File[/var/lib/puppet/ssl/public_keys/puppet.renci.org.pem]/ mode: mode changed '640' to '644' debug: Finishing transaction 23846103120600 notice: Starting Puppet master version 2.6.6 Could not run: Could not retrieve certificate for puppet.renci.org and not running on a valid certificate authority -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] test manifests?
On Thu, Mar 31, 2011 at 8:37 AM, Clay Caviness ccavin...@gmail.com wrote: On Thu, Mar 31, 2011 at 11:29, Dan Bode d...@puppetlabs.com wrote: On Thu, Mar 31, 2011 at 8:20 AM, Clay Caviness ccavin...@gmail.comwrote: Reading through the recently published style guide, I see http://docs.puppetlabs.com/guides/style_guide.html#tests saying: All manifests should have a corresponding test manifest in the module’s tests directory. the idea is to have maintain basic tests written in Puppet for all of your manifests in a module. they can serve not only as basic smoke tests, but also as a reference for example code of how a class/define should be used. But when/how are these tests run? the tests should be run during development, I usually run them with --noop I have been working on some other utilities as well for integrating these smoke tests into a build pipeline https://github.com/puppetlabs/interface-utils the simplest tests would be: class{ 'foo': } more complicated tests would involve specifying required dependencies and parameters. Are there examples and documentation on how they should work available anywhere? probably not, I am more than happy to discuss either here or bodepd on freenode :( Is there any documentation on how these work? I couldn't find anything in the documentation on puppetlabs or any mention in release notes. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] trouble with my virtual user setup
Hi, There is something missing because this manifest will not create my test user. Thanks for your suggestions. .Maria On 3/30/11 11:36 PM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, no, the namings scheme is in fact perfectly fine. That is why you should *not* import the modules. Since you're using sane naming conventions, your classes can be autoloaded. It is good practice to not use any import statements whatsoever (as far as modules are concerned). The only problem I can easily discern is that the password hash is double quoted, and puppet will try and substitute variables. Use single quotes or escape the dollar signs. What's the problem you're facing with this manifest? Cheers, Felix On 03/31/2011 01:40 AM, Denmat wrote: Hi, Can't test this, but isn't this declaration around the wrong way? # virtual.pp # class virtual_users::virtual I would expect: # virtual.pp # class virtual::virtual_users As I say, can't test before I reply. Cheers On 31/03/2011, at 7:33, MariaS maria.thompson-s...@ucop.edu mailto:maria.thompson-s...@ucop.edu wrote: # virtual.pp # class virtual_users::virtual -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Question about catalog version numbers
Am I correct to assume that catalog version numbers should be unique across client nodes? I'm seeing duplicates used throughout my Opensolaris environment running 0.25.4 # for i in `grep 1301583608 /var/puppet.production/reports/ unknown.rb.reliant/* | awk -F: '{ print $1 }' | uniq`; do grep | twm0 $i | head -1; done - twm0401red0 - twm0203red0 - twm0205red0 - twm0401red0 - twm0203red0 Of course, the fact that these clients are reported as 'unknown' is something I'm also trying to get my head around... I suspect this may be more of a cosmetic issue since I do not use the default node definition and have confirmed that a host named 'unknown' will not actually be served a catalog. It probably has something to do with reverse dns lookup failures but again, still looking into this... Thanks, Adam -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet + Nginx + Passenger: Certificate Request Problem
On Thu, Mar 31, 2011 at 3:06 AM, Eric Searcy emsea...@gmail.com wrote: My working setup: [...] Thanks for sharing, I'm using the same configuration as you, including the ssl env vars. Without them, I would always get a Forbidden Request for everything. Sadly, puppetmaster is still storing the request on /var/lib/puppet/ssl/certificate_requests instead of the right way - /var/lib/puppet/ssl/ca/requests. Everything past the certificate request/sign problem is working perfect. On config.ru, I had to use --confdir on ARGV to force not reading the $HOME/.puppet when not using root. So it reads the /etc/puppet/* files instead. (it is a known bug in 0.25.x, as I saw on the bug track.) I'm running out of ideas. For now, i'm using a puppetmasterd standalone daemon on port 8141 and running first-time puppet with --master-port=8141. It accepts the certificate, sign and after that it begins using only the nginx+passenger setup. Any more ideas? When I have some more time, I'll begin to test with other versions of puppet and passenger, or maybe an apache setup... -- []'s Hugo www.devin.com.br -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet + Nginx + Passenger: Certificate Request Problem
On Mar 31, 2011, at 11:23 AM, Hugo Cisneiros (Eitch) wrote: Any more ideas? When I have some more time, I'll begin to test with other versions of puppet and passenger, or maybe an apache setup... Other stabs: I guess since you're on 0.25.x you have the puppet.conf SSL settings in [puppetd], as opposed to [master] as I had (unless they added forward compatibility for 0.25.x for that)? Is config.ru owned by the puppet user (I'm assuming so since you say when not using root). I'd suggest other versions of puppet over Apache, not because there's anything wrong with Apache but since it seems the issue you're having is at puppet daemon level. By the way, I'm on Puppet 2.6.4 with Ruby 1.8.5 (old EL5...) and Passenger 3.0.2. Eric -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Use puppet to preconfigure gnome gvfs shares
Am 31.03.2011 15:19, schrieb spidernik84: Here's the problem: how to instruct puppet to generate a customized file with the interpretedusername variable, and how to tell puppet to place this file in /home/username? Ideally, the file should be created only at first login to avoid existing bookmarks to be overwritten... The problem is not very clear to me. Do you just try to manage a file with a variable in it's path name? Given that the target username is already present as a variable in the manifest, you'd just write: file { /home/${username}/path/to/file: content = template(path/to/template) } given that the template makes use of the $username variable too. If you need the same procedure for more than one user, wrap the whole thing into a define. Add 'replace = false' to make this a one-shot operation. Did I get the problem right? Did I miss something? Regards Christian -- Dipl.-Inf. Christian Kauhaus · k...@gocept.com · systems administration gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 Zope and Plone consulting and development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exclude a resource from reports
Felix Frank wrote: On 03/31/2011 03:42 PM, Mohamed Lrhazi wrote: but it does not look safe as the $content could contain single quotes, could it not? That't true, and I don't see a way that you can waterproof this construct. Sorry. Then you haven't seen the shellquote() function. It is there specifically so you can construct safe shell commands: $echocmd = shellquote('/bin/echo', $content) exec { generate_facts_yaml: command = /bin/false, unless = $echocmd /path/to/file; } Note that shellquote('/bin/echo', $content, '/path/to/file'), would be wrong, since shellquote() would then quote the character so the shell won't interpret it as a redirection. /Bellman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Managing directories, recursively?
I've read a couple of bug reports via Google about problems managing directories recursively with Puppet. Another article suggests to create a resource that points to an empty directory on the file store, then use file resources to populate it (which I cannot get to work). The common error being: Error 400 on SERVER: Not authorized to call search on /file_metadata/ usr/local/my/empty-dir with {:checksum_type=md5, :recurse=true, :links=manage} When I look at the configuration directives, and I see the usage of recurse = true I assume the directory structure will be created. Why does this not work? Some assumptions could be made on the proper ownership of the unmanaged /sub/directory/tree/dir (upper directories). What's the best way to work with this issue? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing directories, recursively?
First of all it isn't a great idea to use recursive if there are a lot of files/directories. Puppet does a pretty bad job on that, and it will eat your CPU. It is better to launch external program such as: rsync to perform this function. However if you only have few directories or files this is fine. It sounds like you have a permission problem. On Thu, Mar 31, 2011 at 2:06 PM, Forrie for...@gmail.com wrote: I've read a couple of bug reports via Google about problems managing directories recursively with Puppet. Another article suggests to create a resource that points to an empty directory on the file store, then use file resources to populate it (which I cannot get to work). The common error being: Error 400 on SERVER: Not authorized to call search on /file_metadata/ usr/local/my/empty-dir with {:checksum_type=md5, :recurse=true, :links=manage} When I look at the configuration directives, and I see the usage of recurse = true I assume the directory structure will be created. Why does this not work? Some assumptions could be made on the proper ownership of the unmanaged /sub/directory/tree/dir (upper directories). What's the best way to work with this issue? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing directories, recursively?
I only have a directory like: /usr/local/nagios/libexec for which I want to manage the plugins on the clients. It's pretty simple. So are you suggesting the better approach may be to exec a mkdir -p as a requirement in the head of the *.pp as a dependency? Meaning, it would detect if the directory structure is already there and if not, mkdir -p. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exclude a resource from reports
Fantastic.. did not know about that one either. Thanks. On Thu, Mar 31, 2011 at 3:42 PM, Thomas Bellman bell...@nsc.liu.se wrote: Felix Frank wrote: On 03/31/2011 03:42 PM, Mohamed Lrhazi wrote: but it does not look safe as the $content could contain single quotes, could it not? That't true, and I don't see a way that you can waterproof this construct. Sorry. Then you haven't seen the shellquote() function. It is there specifically so you can construct safe shell commands: $echocmd = shellquote('/bin/echo', $content) exec { generate_facts_yaml: command = /bin/false, unless = $echocmd /path/to/file; } Note that shellquote('/bin/echo', $content, '/path/to/file'), would be wrong, since shellquote() would then quote the character so the shell won't interpret it as a redirection. /Bellman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Managing directories, recursively?
On Thu, 31 Mar 2011 13:19:21 -0700 (PDT) Forrie Forrie wrote: I only have a directory like: /usr/local/nagios/libexec for which I want to manage the plugins on the clients. It's pretty simple. So are you suggesting the better approach may be to exec a mkdir -p as a requirement in the head of the *.pp as a dependency? Meaning, it would detect if the directory structure is already there and if not, mkdir -p. or simply, add more directories as depency... file { '/usr/local/nagios': ; '/usr/local/nagios/libexec': requires = File['/usr/local/nagios'], owner = 'nagios', mode = 755; } HTH, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetca and /etc/puppet/ssl
All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing directories, recursively?
That doesn't work - I still get the same type of errors, with something like this: file { /usr/local/nagios: ; /usr/local/nagios/libexec: requires = File['/usr/local/nagios'], owner= 'root', mode = 655, group= 'root', ensure = directory, } It says that require is an invalid parameter. Here is the full output of the log errors: Mar 31 16:43:02 my-server puppet-agent[28997]: Starting Puppet client version 2.6.4 Mar 31 16:43:03 my-server puppet-agent[28997]: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter requires at /etc/puppet/manifests/classes/nagios-test.pp:26 on node my- server Mar 31 16:43:03 my-server puppet-agent[28997]: Using cached catalog Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/usr/local/nagios/libexec-empty with {:checksum_type=md5, :recurse=true, :links=manage} Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/usr/local/nagios/ libexec-empty Could not retrieve file metadata for puppet:///usr/local/nagios/libexec-empty: Error 400 on SERVER: Not authorized to call find on /file_metadata/usr/local/nagios/libexec- empty at /etc/puppet/manifests/classes/nagios-test.pp:17 Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec/check_nfs_mounts.sh]) Dependency File[/usr/local/nagios/libexec] has failures: true Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec/check_nfs_mounts.sh]) Skipping because of failed dependencies Mar 31 16:43:04 my-server puppet-agent[28997]: Finished catalog run in 0.30 seconds On Mar 31, 4:30 pm, Arnau Bria arnaub...@pic.es wrote: On Thu, 31 Mar 2011 13:19:21 -0700 (PDT) Forrie Forrie wrote: I only have a directory like: /usr/local/nagios/libexec for which I want to manage the plugins on the clients. It's pretty simple. So are you suggesting the better approach may be to exec a mkdir -p as a requirement in the head of the *.pp as a dependency? Meaning, it would detect if the directory structure is already there and if not, mkdir -p. or simply, add more directories as depency... file { '/usr/local/nagios': ; '/usr/local/nagios/libexec': requires = File['/usr/local/nagios'], owner = 'nagios', mode = 755; } HTH, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing directories, recursively?
On Mar 31, 3:46 pm, Forrie for...@gmail.com wrote: That doesn't work - I still get the same type of errors, with something like this: file { /usr/local/nagios: ; /usr/local/nagios/libexec: requires = File['/usr/local/nagios'], owner = 'root', mode = 655, group = 'root', ensure = directory, } It says that require is an invalid parameter. Puppet is right (but you have quoted its message incorrectly). The metaparameter is spelled require, not requires, and use of the latter spelling will cause Puppet justifiably to complain about an invalid parameter. Here is the full output of the log errors: Mar 31 16:43:02 my-server puppet-agent[28997]: Starting Puppet client version 2.6.4 Mar 31 16:43:03 my-server puppet-agent[28997]: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter requires at /etc/puppet/manifests/classes/nagios-test.pp:26 on node my- server Mar 31 16:43:03 my-server puppet-agent[28997]: Using cached catalog Note that that is warning you that whatever changes you made to your manifests, Puppet is not using them. Instead, it is using the most recent catalog it successfully retrieved (c.f. cached). Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec]) Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/usr/local/nagios/libexec-empty with {:checksum_type=md5, :recurse=true, :links=manage} Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec]) Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/usr/local/nagios/ libexec-empty Could not retrieve file metadata for puppet:///usr/local/nagios/libexec-empty: Error 400 on SERVER: Not authorized to call find on /file_metadata/usr/local/nagios/libexec- empty at /etc/puppet/manifests/classes/nagios-test.pp:17 Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec/check_nfs_mounts.sh]) Dependency File[/usr/local/nagios/libexec] has failures: true Mar 31 16:43:04 my-server puppet-agent[28997]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec/check_nfs_mounts.sh]) Skipping because of failed dependencies Mar 31 16:43:04 my-server puppet-agent[28997]: Finished catalog run in 0.30 seconds As Marek already wrote, it looks like you have a permissions problem. Whatever user the puppetmaster is running as must have read permission on all the files you want it to serve, and must have both read and execute permissions on all the directories in your recursive tree and all the ancestor directories of its root. If you have additional access controls active (e.g. SELinux) then those must also permit the puppetmaster user to read all the files and traverse the directory tree. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing directories, recursively?
I found that the file struct under /etc/puppet/files was owned by root (oops, fixed). However, in using this method outlined earlier, I'm still not able to get the desired result: file { /usr/local/nagios: ; /usr/local/nagios/libexec: requires = File['/usr/local/nagios'], owner= 'root', mode = 655, group= 'root', ensure = directory, } Mar 31 17:11:06 test-fms puppet-agent[29221]: (/Stage[main]/Nagios- test/File[/usr/local/nagios/libexec]/ensure) change from absent to directory failed: Cannot create /usr/local/nagios/libexec; parent directory /usr/local/nagios does not exist I find this very confusing - perhaps it's simpler to 'exec' a 'mkdir - p' in here as a dependency if the structure doesn't exist? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: trouble with my virtual user setup
On Mar 31, 12:57 pm, Maria Thompson-Saeb maria.thompson- s...@ucop.edu wrote: There is something missing because this manifest will not create my test user. Thanks for your suggestions. There are many possibilities. Running puppetd with debug output turned on is likely to help in determining which applies: /usr/sbin/puppetd --test --debug John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing directories, recursively?
This actually seems to work better: file { /usr/local/nagios: ensure = directory, owner = 'root', group = 'root', mode = 655, } file { /usr/local/nagios/libexec: require = File['/usr/local/nagios'], ensure = directory, owner = 'root', group = 'root', mode = 655, } It's more verbose, but it works. I would still like to see something in puppet that does some recursive directory creation/management. Thank you to those who responded. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetca and /etc/puppet/ssl
Set ssldir? On Mar 31, 2011 1:41 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetca and /etc/puppet/ssl
I have ssldir set to $vardir/ssl in /etc/puppet/puppet.conf. On Thu, Mar 31, 2011 at 2:55 PM, Scott Smith sc...@ohlol.net wrote: Set ssldir? On Mar 31, 2011 1:41 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: trouble with my virtual user setup
Thanks, that helped. My module appears to run now but not until the second or third attempt with no changes being made. err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class virtual at /data/puppet/test/modules/virtual_users/manifests/init.pp:5 on node ..Maria On 3/31/11 1:15 PM, jcbollinger john.bollin...@stjude.org wrote: On Mar 31, 12:57 pm, Maria Thompson-Saeb maria.thompson- s...@ucop.edu wrote: There is something missing because this manifest will not create my test user. Thanks for your suggestions. There are many possibilities. Running puppetd with debug output turned on is likely to help in determining which applies: /usr/sbin/puppetd --test --debug John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] test manifests?
On Thu, Mar 31, 2011 at 12:04, Dan Bode d...@puppetlabs.com wrote: Are there examples and documentation on how they should work available anywhere? probably not, I am more than happy to discuss either here or bodepd on freenode :( Well, I'm very interested in testing in general, but it's probably a bit premature to put it in the style guide if it's not clearly documented what they are and how they work. No? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetca and /etc/puppet/ssl
Hi, I will assume that you're talking about the master only and not about the clients that connect to it. Do you have two puppet.conf files? One in /etc/puppet and one in /etc/puppet/common or is that a typo? Cause the obvious question is is it reading the right file? Is ssldir set under main section? Do you want to grep for ssldir over /etc/puppet? In 2.6.x I had no trouble moving that directory to /var/lib. Cheers On 01/04/2011, at 8:58, Douglas Garstang doug.garst...@gmail.com wrote: I have ssldir set to $vardir/ssl in /etc/puppet/puppet.conf. On Thu, Mar 31, 2011 at 2:55 PM, Scott Smith sc...@ohlol.net wrote: Set ssldir? On Mar 31, 2011 1:41 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have --confdir=/etc/puppet/common in my /etc/init.d/puppetmaster and /etc/init.d/puppet files, vardir set to /var/lib/puppet in /etc/puppet/common/puppet.conf, and yet, every time I run puppetca it creates /etc/puppet/ssl. Anyone know why? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetca and /etc/puppet/ssl
On Thu, Mar 31, 2011 at 3:53 PM, Denmat tu2bg...@gmail.com wrote: Hi, I will assume that you're talking about the master only and not about the clients that connect to it. It seems to only be a bug with puppetca. Yes, master only. Did you try using puppetca? Do you have two puppet.conf files? One in /etc/puppet and one in /etc/puppet/common or is that a typo? Cause the obvious question is is it reading the right file? I don't have a puppet.conf in /etc/puppet: -bash-3.2# cd /etc/puppet -bash-3.2# ls -l total 8 drwxr-xr-x 6 puppet puppet 4096 Mar 31 20:43 common drwxr-xr-x 5 puppet puppet 4096 Mar 31 20:59 extdata It should be reading the right file... The /etc/init.d/puppetmaster file has: PUPPETMASTER_OPTS=--confdir=/etc/puppet/common and my /etc/puppet/common/puppet.conf looks like: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl external_nodes = /etc/puppet/common/bin/getnode.sh node_terminus = exec autosign = true [prod_current] modulepath = /etc/puppet/common/env/prod_current/modules manifest = /etc/puppet/common/env/prod_current/manifests/site.pp [prod_legacy] modulepath = /etc/puppet/common/env/prod_legacy/modules manifest = /etc/puppet/common/env/prod_legacy/manifests/site.pp [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig listen = true usecacheonfailure = false runinterval = 1800 report = true server = puppet.pax.livegamer.com environment = prod_current Is ssldir set under main section? Do you want to grep for ssldir over /etc/puppet? Yep. Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: test manifests?
On Mar 31, 3:22 pm, Clay Caviness ccavin...@gmail.com wrote: Well, I'm very interested in testing in general, but it's probably a bit premature to put it in the style guide if it's not clearly documented what they are and how they work. No? Nah, I disagree with that. As far as I'm concerned, our policy is to write a given document as a good document! If that ends up revealing deficiencies elsewhere, we fix those when we can. (In this case, being good meant capturing the best practices for module development as understood by our professional services team and others. Leaving out the note about testing would have made it a document about something other than the current best practices.) Anyway, I'm writing a short document about module testing now. If you see other things missing in the documentation, we love getting tickets filed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom Puppet CA?
On Thu, Mar 31, 2011 at 08:57:06AM -0700, jonmills wrote: Can someone, anyone, help me understand what it takes -- if indeed it's even possible -- to use a custom CA with puppetmasterd. It is possible, and (albeit sparsely) documented at https://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional Does that help at all? -- Ben Hughes || http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: Re: [Puppet Users] puppetca and /etc/puppet/ssl
Hi, man puppetca ... For example, ´ssldir´ is a valid configuration parameter, so you can specify ´--ssldir directory´ as an argument. ... have tried specifying the directory on the command line? Also, do you run RedHat style hosts, because they will read in any options in /etc/sysconfig/puppet (that aren't hashed out)? - Debian style hosts probably have a similar file in /etc/defaults. What particular version are you using? Cheers, On , Douglas Garstang doug.garst...@gmail.com wrote: On Thu, Mar 31, 2011 at 3:53 PM, Denmat tu2bg...@gmail.com wrote: Hi, I will assume that you're talking about the master only and not about the clients that connect to it. It seems to only be a bug with puppetca. Yes, master only. Did you try using puppetca? Do you have two puppet.conf files? One in /etc/puppet and one in /etc/puppet/common or is that a typo? Cause the obvious question is is it reading the right file? I don't have a puppet.conf in /etc/puppet: -bash-3.2# cd /etc/puppet -bash-3.2# ls -l total 8 drwxr-xr-x 6 puppet puppet 4096 Mar 31 20:43 common drwxr-xr-x 5 puppet puppet 4096 Mar 31 20:59 extdata It should be reading the right file... The /etc/init.d/puppetmaster file has: PUPPETMASTER_OPTS=--confdir=/etc/puppet/common and my /etc/puppet/common/puppet.conf looks like: [main] vardir = /var/lib/puppet logdir = /var/log/puppet rundir = /var/run/puppet ssldir = $vardir/ssl external_nodes = /etc/puppet/common/bin/getnode.sh node_terminus = exec autosign = true [prod_current] modulepath = /etc/puppet/common/env/prod_current/modules manifest = /etc/puppet/common/env/prod_current/manifests/site.pp [prod_legacy] modulepath = /etc/puppet/common/env/prod_legacy/modules manifest = /etc/puppet/common/env/prod_legacy/manifests/site.pp [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig listen = true usecacheonfailure = false runinterval = 1800 report = true server = puppet.pax.livegamer.com environment = prod_current Is ssldir set under main section? Do you want to grep for ssldir over /etc/puppet? Yep. Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.