date:20110404

We'd like to make the contents of a folder contain all the files from two 
different folders on the server. Which folder to merge will be different for 
different client machines. How can I specify that in a file rule?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Redhat 6

2011-04-04 Thread JohnW

Sorry for the somewhat late response.

No is was not a direct cut and paste, i left out some personal
information and accidentally cut the ending double quote as well.
I sent this log as an example.

I get the error on any file I want to replace/keep is a certain state.
Like a simple module to keep the issue file the way we want:

class issue
{
file { /etc/issue:
owner   = root,
group   = root,
mode= 644,
source  = puppet://$puppetmaster/modules/issue/
issue;
}

ends in a similar way:

info: Applying configuration version '1301906526'
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
debug: /File[/etc/issue.net]/content: Executing 'diff -u /etc/
issue.net /tmp/puppet-file20110404-27227-u2uokh-0'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:341: [BUG] Segmentation
fault
ruby 1.8.7 (2010-06-23 patchlevel 299) [x86_64-linux]

Aborted (core dumped)

It seems like the execution of a system command  from within the ruby
script fails, but I'm not to good with ruby.



The modules are used without problems on systems with SLES11 and
CentOS 5.5

- John



On Apr 1, 9:36 pm, Frank Sweetser f...@wpi.edu wrote:
 On 4/1/2011 5:15 AM, JohnW wrote:



  Hello

  I have been using puppet for a while now, more or less successfully on
  SLES 11 and CentOS 5.5
  currently I am using puppet 2.6.6

  I now am trying it out on redhat 6, and now i run into an problem with
  even the simplest of modules/classes

  The error I get is :

  debug: /Stage[main]/Motd/File[/etc/motd]/content: Executing 'diff -u /
  etc/motd /tmp/puppet-file20110401-3455-malx7x-0'
  /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:341: [BUG] Segmentation
  fault
  ruby 1.8.7 (2010-06-23 patchlevel 299) [x86_64-linux]

  my motd module is like this:

  class motd {

           $ascii = generate('/bin/sh', '-c', /bin/echo OS:
  $operatingsystem )

 Is this a direct cut and paste?  Because if so, you're missing a closing 
 double
 quote here.

 --
 Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
 WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
      GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client certs dns

2011-04-04 Thread Felix Frank

On 04/01/2011 08:23 PM, FRLinux wrote:
 Hello,
 
 First off, forgive me if that has been discussed before.
 
 Has there been any thought given to using dns records queried from the
 IP of a host where puppet is installed? Reason I'm asking is we had an
 issue in which our fqdn got screwed up in /etc/hosts in the form of
 node.example instead of host.example.com and that led to the server
 signing the cert for the host (yeah bad, we use auto signing) as
 node.example which of course was not a valid host declared in sites.
 
 This is not a rant, just a question. Thanks for anyone who can shed
 any light on this.

Hi,

certification can be painful at times, but I don't see the real problem
you had with requesting a signature on a badly named cert?

You can always just revoke it on the master and have your client issue a
new CSR.

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ssh_authorized_keys - not adding keys ... (??)

2011-04-04 Thread Felix Frank



On 04/02/2011 08:40 PM, Cody Robertson wrote:
 It looks like the `user` portion is overriding the original resource? I
 haven't checked if this would work but maybe you can do something along
 these lines:
 
Ssh_authorized_key | title == test.user.key |{
 user = [test.user,studio_app],
 }

Probably not.

Afaik, an ssh_authorized_key resource is associated with exactly one user.

What you want to do is
1. assign your key to a variable ($testkey = AAAgwiv...)
2. declare two ssh_authorized_key resources that both use that variable
as the key parameter.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Use puppet to preconfigure gnome gvfs shares

2011-04-04 Thread spidernik84

On Apr 2, 8:58 pm, Christian Kauhaus k...@gocept.com wrote:
 Am 01.04.2011 11:11, schrieb spidernik84:
 I don't think that Puppet is designed to support this sort of interactive
 behavior. I'd rather suggest to deploy a custom shell script via Puppet that
 performs the outlined actions on a user's first login. For example, pam_exec
 is providing this functionality. Something in /etc/profile (or your login
 shell's equivalent) would also be feasible.

Thank you Christian,
this is for sure an interesting option. I'll investigate further.

Regards,
Nicola

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Merge folders

I'm trying to do this using an array variable and the sourceselect 
parameter.

class parent {
$sources = [ '/path/to/first' ]

file { '...':
ensure = directory,
source = $sources,
sourceselect = all
}
}

class child {
$sources += [ '/path/to/second' ]
}


But it complains that:

Error 400 on SERVER: Puppet::Parser::AST::VarDef failed with error 
TypeError: can't convert Array into String


Is puppet not capable of using an array variable for an array parameter? Do 
I need to use a special syntax for this? 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Merge folders

Ah, it works if the variable is in the outer scope:

$sources = [ '/path/to/first' ]

class parent {
file { '...':
ensure = directory,
source = $sources,
sourceselect = all
}
}

class child {
$sources += [ '/path/to/second' ]
}

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Merge folders

Correction: this only works if the place that uses the variable (the 'file' 
resource) comes after the place where the variable is modified. In our case 
that meant the child looks like this:

class child {
$sources += [ '/path/to/second' ]
include parent
}

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet client certs dns

On Mon, Apr 4, 2011 at 9:50 AM, Felix Frank
felix.fr...@alumni.tu-berlin.de wrote:
 certification can be painful at times, but I don't see the real problem
 you had with requesting a signature on a badly named cert?

 You can always just revoke it on the master and have your client issue a
 new CSR.

Hello,

Thanks for your response, my point was more that if puppet relied on
querying the FQDN for the box, it would request the right cert all the
time.

Cheers,
Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet-dashboard

Hello,

I have another quick one about puppet dashboard. We are using the
Debian one for Squeeze (1.0.4) and as the database has significantly
grown, if/when we click on a list of unresponsive nodes to check them,
the web interface sits there doing nothing then the puppetmaster
process starts timing out for all nodes compiling their catalogs.

Has anyone got a workaround for this? Does it involve cleaning the
database from time to time?

The box is a VM with 3G of allocated RAM, our ibdata1 file is pretty
big, reached 8G recently.

So what do others do?

Cheers,
Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet nagios integration problem

2011-04-04 Thread Jonathan Gazeley


Hi all,

I'm working on setting up Puppet to write out my Nagios configs. A few 
weeks back I inserted a few dummy Nagios checks into my Puppet config, 
and the Nagios configs were written out properly.


I've now added loads of Nagios host and service checks like this:

@@nagios_service { check_smtp_${hostname}:
   check_command = check_nrpe!check_smtp,
   host_name = $fqdn,
   service_description = SMTP,
}

and then I collect them like this:

Nagios_host ||
Nagios_service ||
Nagios_hostextinfo ||
Nagios_servicedependency ||

But today I spotted that my Nagios configs in /etc/nagios/ haven't 
actually been updated for ages. I've prodded at the puppet server and 
client but I can't see anything wrong with my setup. That said, I don't 
really know how to debug this.


Can anyone offer any pointers?

Thanks,
Jonathan

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard

2011-04-04 Thread Arnau Bria

On Mon, 4 Apr 2011 11:33:54 +0100
FRLinux FRLinux wrote:

 Hello,
Hi,
 
 I have another quick one about puppet dashboard. We are using the
 Debian one for Squeeze (1.0.4) and as the database has significantly
 grown, if/when we click on a list of unresponsive nodes to check them,
 the web interface sits there doing nothing then the puppetmaster
 process starts timing out for all nodes compiling their catalogs.
 
 Has anyone got a workaround for this? Does it involve cleaning the
 database from time to time?
We added a cron which does:

rake RAILS_ENV=production reports:prune upto=1 unit=wk
rake RAILS_ENV=production db:raw:optimize
from /opt/puppet-dashboard
once per week.

since then, the server has increased its performance significally and
we see no more timeout errors.

 The box is a VM with 3G of allocated RAM, our ibdata1 file is pretty
 big, reached 8G recently.
 
 So what do others do?
 
 Cheers,
 Steph
HTH,
Arnau 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard

2011-04-04 Thread Patrick


On Apr 4, 2011, at 3:33 AM, FRLinux wrote:

 Hello,
 
 I have another quick one about puppet dashboard. We are using the
 Debian one for Squeeze (1.0.4) and as the database has significantly
 grown, if/when we click on a list of unresponsive nodes to check them,
 the web interface sits there doing nothing then the puppetmaster
 process starts timing out for all nodes compiling their catalogs.
 
 Has anyone got a workaround for this? Does it involve cleaning the
 database from time to time?
 
 The box is a VM with 3G of allocated RAM, our ibdata1 file is pretty
 big, reached 8G recently.
 
 So what do others do?

I run:
cd /usr/share/puppet-dashboard/
nice -n +1 rake RAILS_ENV=production reports:prune upto=1 unit=mon  nice -n 
+1 rake RAILS_ENV=production db:raw:optimize

This removes all entires older than a month, which keeps it small enough for 
me.  My machine is a P4 with 1GB of RAM, and serves 80 nodes.

Note that with MySQL, the size of the ibdata1 file won't actually shrink.  The 
explanation is complicated, and can be found using google.

If you want to get the space back, an easy way is to wipe the whole database.  
Put this into your config:
[mysqld]
innodb_file_per_table=true

Then the db:raw:optimize command will actually be able to shrink the DB.  Note, 
that attribute will cause all tables to be stored in separate files.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard

On Mon, Apr 4, 2011 at 11:53 AM, Patrick kc7...@gmail.com wrote:
 Then the db:raw:optimize command will actually be able to shrink the DB.
  Note, that attribute will cause all tables to be stored in separate files.

Nice one, thanks for all the replies, I have a responsive dashboard
once again :)

Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet nagios integration problem

On Mon, Apr 4, 2011 at 11:37 AM, Jonathan Gazeley
jonathan.gaze...@bristol.ac.uk wrote:
 Can anyone offer any pointers?

Go to the one of the clients, then run: puppetd -vt and take a look at
the output?

Usually a good pointer :)
Cheers,
Steph

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet nagios integration problem

2011-04-04 Thread Jonathan Gazeley


On 04/04/2011 12:09 PM, FRLinux wrote:

On Mon, Apr 4, 2011 at 11:37 AM, Jonathan Gazeley
jonathan.gaze...@bristol.ac.uk  wrote:

Can anyone offer any pointers?

Go to the one of the clients, then run: puppetd -vt and take a look at
the output?

Usually a good pointer :)
Cheers,
Steph


Thanks for your reply. Running with -vt seems to give the same output as 
--test. Neither output shows any nagios declarations being run, despite 
the fact that the manifests show that I'm applying @@nagios {} config 
like I showed in my previous email.


These Nagios calls are built-in Puppet functionality, right? Or do I 
have to install something extra? I'm running puppet 0.25.5 on server and 
clients. This is being installed on CentOS from the rpmfusion repo, 
although I'm not massively averse to packaging a newer version if this 
would help.


Cheers,
Jonathan

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Managing directories, recursively?



On Apr 1, 9:17 am, Arnau Bria arnaub...@pic.es wrote:
 Apart from that, didn't know about
 file {  [ /usr/local/nagios, /usr/local/nagios/libexec ]:

 which automagically creates file dependency. so I declared it in two
 diff files.

Clarification: that syntax introduces one property list that applies
to all the files named in the array.  It is not special with respect
to file dependencies, however.  Puppet will automagically create
dependencies between declared files wherever one is the parent
directory of the other, regardless of where each is declared or the
syntax of the declarations.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Redhat 6



On Apr 4, 3:45 am, JohnW boerma@gmail.com wrote:
 info: Applying configuration version '1301906526'
 debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
 yaml; using pson
 debug: /File[/etc/issue.net]/content: Executing 'diff -u /etc/
 issue.net /tmp/puppet-file20110404-27227-u2uokh-0'
 /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:341: [BUG] Segmentation
 fault
 ruby 1.8.7 (2010-06-23 patchlevel 299) [x86_64-linux]

 Aborted (core dumped)

 It seems like the execution of a system command  from within the ruby
 script fails, but I'm not to good with ruby.

A segmentation fault in a Ruby program likely signals a problem in the
Ruby runtime, not the program.  Does the Ruby you are using ship with
RHEL 6?  If it was built with a different toolchain or against a
different version of the system libraries than RHEL 6 provides, then
you might see any number of odd behaviors, segmentation faults among
them.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: manage /etc/passwd and /etc/group

2011-04-04 Thread stefanero

Okey,

thank you for this information, so augeas cannot handle this type of
requests.

cu
stefanero

On 1 Apr., 17:26, Adam Heinz a...@metricwise.net wrote:
 Small copy/paste error:

  augtool print /files/etc/group/foo
  Saved 1 file(s)

 Was actually:

 augtool save
 Saved 1 file(s)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Nodes graphs



On Apr 3, 12:10 pm, Jean Baptiste FAVRE
jean.baptiste.fa...@gmail.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Hello,
 Working further with puppet, I need to be able to graph both nodes and
 class dependencies to be able to diagnose issues and/or redundancies.

 Currently, activating graph allows me to get ressources/dependencies
 graphs per client.

 But I would like to highlight nodes dependenxies as well.
 Is there any way to get a global node-centric graph ?
 If yes, how: server-side, client-side, both ?

I strongly recommend that you approach this problem in a different
way: flatten your node graph.  Deep node inheritance hierarchies are
likely to cause you pain, largely because nodes sets do not typically
admit a single, definitive taxonomy.  I recommend at most two levels,
including the level of your default node, if any.  Your Puppet
manifest development will be more productively directed, and as a
bonus, with a flat node hierarchy you have little need for a node
graph.

I observe also that you don't need dynamic graphing of node
dependencies anyway, because all the inheritance tree is declared
statically, and does not vary by node.  Nevertheless, you should be
able to use the resource graph to flag which node declaration(s) are
being evaluated:

node N_default{
include C_a;
include C_b;
notify { node N_default: message = I am an N_default }
}


node N_mynode inherits N_default {
include C_c;
notify { node N_mynode: message = I am an N_mynode }
}

This will produce messages in the client logs (possibly useful for
debugging), but more importantly, it should introduce top-level, node-
type-specific resources into your resource graph.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: if statement: 'true' from left operand of 'in' expression is not a string



On Apr 3, 8:29 pm, Ben Hughes b...@puppetlabs.com wrote:
 On Fri, Apr 01, 2011 at 11:19:16AM +0200, Jan wrote:
  Any ideas? What am I missing?

 If you quote the true/falses, it works.

 In the style guide, they're being used as variables for setting options of
 a type: hasstatus = $trueorfalsevar.

 However, if you want to evaluate them, they need to be quoted I'm afraid.

 $installplugins  = 'true'

 if ! ($installplugins in [ 'true', 'false' ]) {
     fail(nrpe installplugins parameter must be true or false)

 }

 if $installplugins == 'true' {
     notice( I work, hurrah )

 }

Curious.  From the message, I would guess that this would (also) work:

if ! ($installplugins in [ true, false ]) {
  fail(nrpe installplugins parameter must be true or false)
}

(Since it's the *left* side of the in operator that Puppet complains
about not being a string.)  Of course, it's quite inconsistent that if
one assigns bareword true to a variable, one cannot subsequently
compare that variable against the same value, or against an array that
(appears to) contain that value.  I call bug, and I recommend filing a
ticket.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet on Redhat 6

2011-04-04 Thread JohnW

OK, the problem just got a little stranger.

my previous puppetruns were done on RHEL6 installed on a kvm, with a
kvm host installed with SLES11sp1

I now installed a physical host with RHEL6, using the same resources,
and on that system the same puppetruns run without error.

I tried both aforementioned motd and issue modules.

This would imply it would be more a problem with virtualisation, then
with puppet/ruby.
It would mean, I have to report this elsewhere (not sure where yet)



@ jcbolllinger:  the Ruby that was used, is shipped with RHEL6




On Apr 4, 3:02 pm, jcbollinger john.bollin...@stjude.org wrote:
 On Apr 4, 3:45 am, JohnW boerma@gmail.com wrote:

  info: Applying configuration version '1301906526'
  debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
  yaml; using pson
  debug: /File[/etc/issue.net]/content: Executing 'diff -u /etc/
  issue.net /tmp/puppet-file20110404-27227-u2uokh-0'
  /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:341: [BUG] Segmentation
  fault
  ruby 1.8.7 (2010-06-23 patchlevel 299) [x86_64-linux]

  Aborted (core dumped)

  It seems like the execution of a system command  from within the ruby
  script fails, but I'm not to good with ruby.

 A segmentation fault in a Ruby program likely signals a problem in the
 Ruby runtime, not the program.  Does the Ruby you are using ship with
 RHEL 6?  If it was built with a different toolchain or against a
 different version of the system libraries than RHEL 6 provides, then
 you might see any number of odd behaviors, segmentation faults among
 them.

 John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet fails to retrieve catalog

2011-04-04 Thread Dennis Jacobfeuerborn

Hi,
I've got a problem where clients apparently randomly lose the ability to 
retrieve catalogs.
This is what I end up seeing in the log:

puppet-agent[26510]: Starting Puppet client version 2.6.6
puppet-agent[26510]: Could not retrieve catalog from remote server: 
puppet-agent[26510]: Using cached catalog
puppet-agent[26510]: Could not retrieve catalog; skipping run

Notice that no actual reason is given which makes finding the cause 
difficult. This also happened with 0.25.5 and I upgraded both the server and 
one client hoping that this would fix things or at least provide a proper 
error message but that didn't work.

Strangely enough when I run tcpdump -i eth0 port 8140 on the client in 
order to see if the client manages to communicate with the server this 
apparently fixes the problem and the client can retrieve catalogs again.

Any ideas on how the fix this problem?

Regards,
  Dennis

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard

2011-04-04 Thread Randall Hansen

On Apr 4, 2011, at 4:03 AM, FRLinux wrote:

 On Mon, Apr 4, 2011 at 11:53 AM, Patrick kc7...@gmail.com wrote:
 Then the db:raw:optimize command will actually be able to shrink the DB.
  Note, that attribute will cause all tables to be stored in separate files.
 
 Nice one, thanks for all the replies, I have a responsive dashboard
 once again :)

Steph  Patrick ~

We're aware of some performance problems in Dashboard and are keen to fix them. 
 How much data do you have?  How many nodes?  How many unresponsive?  What's 
your update interval?  At what point does it start to fall over?

Thank you!

r

--
Randall Hansen • Director of User Experience • rand...@puppetlabs.com


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Merge folders

2011-04-04 Thread Jennings, Jared L CTR USAF AFMC 46 SK/CCI

As I said, the sourceselect = all parameter is necessary to make puppet 
merge the listed sources rather than selecting one of them.

I take your point that variables are a fragile way of specifying. I'll try 
refactoring it based on class parameters, but the list of sources isn't the 
same length for the different nodes so it'll still have to be an array; and 
it will need to add that array to a list of default sources shared by all 
instances (that I'd rather not repeat for every one).

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet-dashboard

2011-04-04 Thread Patrick


On Apr 4, 2011, at 8:26 AM, Randall Hansen wrote:

 On Apr 4, 2011, at 4:03 AM, FRLinux wrote:
 
 On Mon, Apr 4, 2011 at 11:53 AM, Patrick kc7...@gmail.com wrote:
 Then the db:raw:optimize command will actually be able to shrink the DB.
 Note, that attribute will cause all tables to be stored in separate files.
 
 Nice one, thanks for all the replies, I have a responsive dashboard
 once again :)
 
 Steph  Patrick ~
 
 We're aware of some performance problems in Dashboard and are keen to fix 
 them.  How much data do you have?  How many nodes?  How many unresponsive?  
 What's your update interval?  At what point does it start to fall over?

I'm using Passenger for the puppetmaster+storedconfigs and for dashbaord.
processor0 = Intel(R) Celeron(R) CPU 2.53GHz

I've currently got 77147 reports

I've got about 80 hosts.
runinterval = 1800

I found that upgrading to dashboard 1.0.4 gave me huge performance gains.

I found that turning on a 24MB query cache in mysqld gave me some moderate 
performance gains too.  I assume this is because the results for the sidebar 
are cached, but this is mostly baseless speculation.

The load time on the first page is usually around 2-2.5 seconds.  Any page 
after that takes around 1.5 seconds to load the first time, and about 0.7 
seconds if called again soon.  I don't know what soon is except that it can 
be longer than 5 seconds, and doesn't apply a day later.  The query cache might 
mean some data is out of date.  I don't know how mysql works, but I don't need 
realtime updates.  Just reports on the last week.

I always found that using Webrick was often painfully slow.  I'm guessing that 
this is because I either got suck behind a puppetmaster uploading its report, 
or that I wasn't able to load all the little files (images, etc.) very fast.

I am using RubyEE.

My reports.ibd is 908MB.

Anything else that would help?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ANNOUNCE: Puppet Dashbard 1.1.0 Final!

2011-04-04 Thread Jacob Helwig

This release addresses a large number of issues and adds lots of new
functionality, including:

* Inventory Service Lookup

- The node view page will now retrieve and display the node's facts
from the inventory service.

- There is a Custom Query page which will search the inventory
service for nodes meeting particular conditions.

Preliminary documentation for this feature will be available at:

https://github.com/puppetlabs/puppet-docs/blob/master/source/guides/inventory_service.markdown

Finalized documentation will be available in the near future on the
main documentation site: http://docs.puppetlabs.com

* Settings

- Many settings may now be specified in config/settings.yml. Copy
the config/settings.yml.example (which provides fallback defaults)
to get started.

- Changing a setting will currently require a server restart to take
effect.

* Inspect Report Handling

- Dashboard can now consume and display inspect reports.

* Filebucket integration

- Dashboard can now display file contents and diffs from a specified
Puppet filebucket.

* Lots of UI and speed improvements

* Better support for reports

- Now supports 2.6 reports and inspect reports

* Preliminary support for user-made plugins

* Improved Class/Group/Parameter dependency reporting and handling

* Log rotation

*IMPORTANT* Things to note about the 1.1.0 release of Dashboard:

1. Reports will need to be converted to a new schematized format when
upgrading (#5459). Rather than just storing reports as serialized
YAML in the database as is currently done in v1.0.4, they are now in a
set of tables that allows them to be queried more easily and faster.
This conversion can be a slow process if you have a long history of
reports, so it's not done as part of `rake db:migrate`. Instead,
there is a rake task (#5535) that will do the conversion for you,
converting newer reports first and able to be resumed if it's
interrupted just by rerunning it.

`rake reports:schematize`

Also worth noting is the `rake reports:prune` task that can prune
older reports that you don't care about, which will make this
conversion much faster. Run the rake task without arguments to see
documentation for how to specify how far back to prune.

2. The new inventory service portion of Dashboard only works if
you're running the newest version of Puppet (2.6.7 which is releasing
today).

This release is available for download at:
http://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.1.0.tar.gz

See the Verifying Puppet Download section at:

http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads

Please report feedback via the Puppet Labs Redmine site, using an
affected version of 1.1.0:
http://projects.puppetlabs.com/projects/dashboard/

v1.1.0 Changelog

e786ea3 Updated CHANGELOG for 1.1.0rc3
2d4d3da Updated VERSION for 1.1.0rc3
29969d7 Updated CHANGELOG for 1.1.0rc2
af1a006 (#6835) Handle malformed facts from Puppet 2.6.7 storedconfigs
520a02d Update CHANGELOG and version for 1.1.0rc1
3817aa5 maint: Add missing CHANGELOG entries for 1.0.3 to 1.0.4
1fcfc01 (#6736) Provide Mutex, avoid an error.
95f97fb maint: Move inventory section lower on the node page
8629962 (#4403) Do timezone arithmetic outside of the DB in the Status model
614655c Remove dead code from Status model
849f2de Validate the user supplied daily_run_history_length
118962b (#6656) Inventory service is no longer experimental.
90e0624 (#6601) Inventory search uses the new inventory URL
fb55499 (#5711) Change license from GPLv3 to GPLv2
68b335e (#5234) Source of silk icons attributed, per author's license
d3d1528 Maint: Moved logic for identifying inspect reports into a callback.
c2fe255 Maint: removed bogus comments from _report.html.haml
81b8a04 Maint: Moved elements of the report show view into callbacks.
2b91838 Maint: Moved elements of the node show view into callbacks.
cc95431 Maint: Forbid uninstalled plugins from adding themselves to hooks.
169d275 Maint: Add plug-in install and uninstall rake tasks
d4d0b00 Maint: removed db/schema.rb
5f6614d Maint: Removed some private methods in the report model that are part
of baseline functionality.
db663a5 Maint: remove code that belongs in the baseline module.
5be1f0f maint: Added log dir to version control
93857f0 Maint: Add puppet plugins to .gitignore
1197e8a Bug fix: renamed each_hook and find_first_hook to *_callback
cbfde3d Remove some forgotten baseline code
2b4f9eb Add some basic hooks for use by future Dashboard plug-ins.
c9ff13e Add a registry for creating hooks and callbacks.
a40e6c9 Oops: Remove report baseline functionality
fd7f799 Rename baseline-diff-report CSS classes and IDs to be expandable-list
161e0da (#6090) Improved auto-selection of specific baseline.
035aa17 (#6072) Moved baseline inspection link underneath Recent Inspections

[Puppet Users] ssh_authorized_key and the .ssh directory

2011-04-04 Thread Forrie

I've been working with a file of virtual users that I want to
realize on certain hosts.   For one of these, I need an
authorized_keys file.   After experimenting with the resource
ssh_authorized_key, I thought I could create a dependency relationship
like this:

Ssh_authorized_key | title == nagios | - Group | title ==
nagios | - User | title == nagios |

which doesn't work.  The logic being that there's no sense in
manifesting the ssh_authorized_key unless the dependencies of the
group and user are present.

What am I doing wrong?

I can realize the ssh_authorized_key separately, but it stands on its
own and will likely fail if the aforementioned dependencies disappear.

I also noticed that it creates the .ssh directory owned by username
and group root -- but I don't see a directive to manage that.

Can someone clarify how to best accomplish this?


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Should @user with managehome also track the actual home directory?

2011-04-04 Thread Forrie

On my test system, I noticed that (with virtual users) if you remove /
home/username, puppet doesn't realize there is a problem, as the
resource doesn't track the home directory.

When you userdel then it notices and creates everything as it should
be.

In a virtual user configuration, what's the best way to ensure that
the home directory is also present, in addition to the /etc/passwd
entries (or, dependent on each other)?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet on Redhat 6

2011-04-04 Thread Stefan Schulte

On Mon, Apr 04, 2011 at 09:34:10AM -0500, Jennings, Jared L CTR USAF AFMC 46 
SK/CCI wrote:
   my motd module is like this:
  
   class motd {
  
   $ascii = generate('/bin/sh', '-c', /bin/echo OS:
   $operatingsystem )
  
  
  Not an answer to your problem, but isnt this the same as
  
  $ascii = OS: ${operatingsystem}
  
  -Stefan
 
 I believe the function is evaluated on the server, whereas the fact is
 evaluated on the client

Truth, but since /bin/echo OS: $operatingsystem is in double
quotes, wouldn't puppet just substitute $operatingsystem with the client
fact. e.g. I run the agent on Solaris and on the server I now execute

'/bin/sh', '-c', '/bin/echo OS: Solaris'

And that seems a bit to complicated for me.

-Stefan
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 


pgp5Kn8yzALwR.pgp
Description: PGP signature

RE: [Puppet Users] Puppet on Redhat 6

/bin/echo OS: $operatingsystem

You are right, Stefan! I didn't pay attention at all to the command
being executed.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ssh_authorized_key and the .ssh directory

2011-04-04 Thread Jim Bala

Overrides like this work for me:

User | title == $title | {
  password = '*LK*',
  shell = /bin/false
}

You could try:

Ssh_authorized_key | title == nagios | {
  require = [ Group[nagios], User[nagios], ],
}

However, I showed this syntax to Jeff McCune and he said something to
the effect of, Huh, *that's* interesting.  So, you know... your
mileage may vary. :)

-Jim

On Mon, Apr 4, 2011 at 12:52 PM, Forrie for...@gmail.com wrote:
 I've been working with a file of virtual users that I want to
 realize on certain hosts.   For one of these, I need an
 authorized_keys file.   After experimenting with the resource
 ssh_authorized_key, I thought I could create a dependency relationship
 like this:

    Ssh_authorized_key | title == nagios | - Group | title ==
 nagios | - User | title == nagios |

 which doesn't work.  The logic being that there's no sense in
 manifesting the ssh_authorized_key unless the dependencies of the
 group and user are present.

 What am I doing wrong?

 I can realize the ssh_authorized_key separately, but it stands on its
 own and will likely fail if the aforementioned dependencies disappear.

 I also noticed that it creates the .ssh directory owned by username
 and group root -- but I don't see a directive to manage that.

 Can someone clarify how to best accomplish this?


 Thanks.

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ssh_authorized_keys - not adding keys ... (??)

2011-04-04 Thread Nick Steel

On Mon, Apr 4, 2011 at 1:54 AM, Felix Frank felix.fr...@alumni.tu-berlin.de
 wrote:



 On 04/02/2011 08:40 PM, Cody Robertson wrote:
  It looks like the `user` portion is overriding the original resource? I
  haven't checked if this would work but maybe you can do something along
  these lines:
 
 Ssh_authorized_key | title == test.user.key |{
  user = [test.user,studio_app],
  }

 Probably not.

 Afaik, an ssh_authorized_key resource is associated with exactly one user.

 What you want to do is
 1. assign your key to a variable ($testkey = AAAgwiv...)
 2. declare two ssh_authorized_key resources that both use that variable
 as the key parameter.

 HTH,
 Felix



Thanks Felix, that worked!

Its interesting that ssh_authorized_keys behaves this way. I would have
thought that having a single key in multiple user's authorized_key files
would have been a use case (albeit a bit unusual)...

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: RFC: Splitting up the file{} type functionality.

2011-04-04 Thread Andreas Rogge


Am 31.03.2011 16:56, schrieb jcbollinger:

3. Sockets, FIFOs, devices, whatnot

[...]

Indeed.  And here, too, you might want to work in symlinks to these
objects, especially if symlinks managed by the regular file type (2
above) indeed require their target to be a regular file..


Yes, of course.




4. Recursive Tree Copy
The recursive tree copy has always been a bit weird. Don't get me wrong,
but in puppet you're usually explicit: To ensure the presence of a set
of files you'd explicitly list each file in your manifest.
Obviously the right thing for a recusive tree copy would be to do
exactly that: explicitly list every file and directory in your manifest.
If that could be done at compile-time all was well.
What we need for that is:
- function to list all files/directories/sockets/whatever inside a tree
- a method to loop over that list and generate the corresponding set of
resources



And that's similar to my resource generator idea, so +1 overall.

People seem to agree that recursive tree copying is a different sort
of beast from the file and directory management that the File type
otherwise does.  More open to debate, however, is whether that feature
should be split out into its own *type*, distinct from whatever type
manages directories without recursion.

I think not.  Either it should be implemented as some other kind of
thing (not resource type) as suggested here, or it should be a sub-
type of a Directory type (if resource sub-typing were introduced).
Some other kind of thing might leverage the existing Puppet
framework (i.e. functions, hashes, etc.) to a greater or lesser
extent, but it would be nice to avoid making the feature significantly
harder to describe in a manifest than it is now.


Yep.



Idea: instead of functions producing hashes, new iterative statements
in Puppet DSL, etc., what about a function that *accepts* a hash as an
argument, where the keys match the recursion-related properties of the
current File type, and which introduces the appropriate resources into
the target node's catalog?  For example:

recursive_tree({
   root =  /path/to/base/dir,
   source_root =  path/relative/to/modules/file/dir,
   recurse_limit =  2,
   owner =  some_user,
   group =  some_group,
   mode =  0644,
   links =  manage,
   ensure =  present,
   purge =  false
})

Taking a hash as an argument would provide for syntax similar to the
that of the File type, would more or less provide keyword arguments,
would support omitting properties.  In other words, it would yield
most of the syntax and usage advantages of doing recursive copying via
the File type.



I was thinking about something like foreach in the DSL, so you could 
simply write something like the following:


foreach($path in recursive_file_list(
'puppet:///path/in/my/module',
'/path/to/base/dir',
2)
) {
if $path[type] == 'File' {
/* explicit setting of parameters */
file { $path[title]:
source = $path[source],
owner   = $path[owner],
mode= 0664,
}   
}
else if $path[type] == 'Directory' {
/* implicitly taking all parameters from $path */
directory { $path }
}
else if $path[type] == 'Device' {
/* combining both */
device { $path }
Device[$path[title]] {
requires= File[/sbin/MAKEDEV]
}
}
}

where recursive_file_list($puppet_uri, $client_path, $recursion) yields 
an array of hashes.
This allows for all kind of neat tricks as you can now generate 
resources based on something that's returned from a function. 
Additionally this can be done *before* we start to interpret any types 
and resources defined as it is essentially doable by some kind of 
preprocessor.


The Problem I see with your variant is that the resources are created by 
your function. This unneccisarily constrains flexibility. My variant 
allows you to do something like the following:


foreach(dir in only_dirs(recursive_file_list(...))) {
...
}
Using recursive_file_list() yields an array of hashes which only_dirs() 
can then filter to only contain directories.
Or maybe a function force_mode() that takes the minimum permission bits 
which is then simply ANDed with the bits read from the filesystem.


last but not least the not harder to understand than what we do right 
now-example:


$tree = recursive_file_list(...)
foreach(dir in only_dirs($tree)) {
directory { $dir }
}
foreach(file in only_files($tree)) {
file { $file }
}

I know this still looks complicated and is the *one* thing that would be 
simpler with the old variant where the File-type does everything:


foreach(file in recursive_file_list(...)) {
file { $file }
}

However, the upper one definitely wins once you

Re: [Puppet Users] puppet-dashboard