[Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?
Hi Ralf I totally agree with you. Hence with the above solution we can have a little bit more control over our systems. Thanks > if a user can change /etc/hosts or any other system file, he must have > root privileges. There is little you can do about it. We have a > similar environment and it's nearly impossible to prevent users from > doing things we don't want them to do... > > Ralf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] ANNOUNCE: Puppet Dashbard 1.1.0 Final!
On Apr 4, 2011, at 1:39 PM, Patrick wrote: > > On Apr 4, 2011, at 11:48 AM, Jacob Helwig wrote: > >> 1. Reports will need to be converted to a new schematized format when >> upgrading (#5459). Rather than just storing reports as serialized >> YAML in the database as is currently done in v1.0.4, they are now in a >> set of tables that allows them to be queried more easily and faster. >> This conversion can be a slow process if you have a long history of >> reports, so it's not done as part of `rake db:migrate`. Instead, >> there is a rake task (#5535) that will do the conversion for you, >> converting newer reports first and able to be resumed if it's >> interrupted just by rerunning it. >> >> `rake reports:schematize` > > > Just to be clear, can I run that rake task while dashboard is running, and > getting new reports from the puppetmaster? I'd probably run it with "nice -n > +1" so it doesn't interfere (as much) with the other stuff the server is > doing. Bump -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet Dashboard 1.1.0rc3
Hi Thomas, sorry for the slow reply on this and lack of packages for testing. We messed up and forgot to put packages out with Dashboard for the RC or the release. This should be fixed now for the release, and we've updated our RC checklist to make testing packages for the next time. We definitely appreciate any help testing RC's and releases, so I look forward to your feedback. Matt On Mon, Mar 28, 2011 at 4:34 AM, Thomas Bendler wrote: > Hi Jacob, > > 2011/3/24 Jacob Helwig >> >> [...] >> This release is available for download at: >> >> http://puppetlabs.com/downloads/dashboard/puppet-dashboard-1.1.0rc3.tar.gz >> [...] > > are there already RPMs available? I would like to help testing but only if > RPMs are provided. > > Kind regards, Thomas > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Skipping a module
Doug, I wonder why you can't selectively include? Requiring a module by
default and not realizing the resources inside it could be very frustrating
to troubleshoot.
On Thu, Apr 7, 2011 at 5:29 PM, Nigel Kersten wrote:
> On Thu, Apr 7, 2011 at 3:28 PM, Douglas Garstang
> wrote:
> > I'd like to be able to always include all modules at the top level, but
> in
> > certain modules, have some logic that uses extlookup to determine if it
> > should be enabled. What's the best way to use if; then; else to exit a
> > module, and stop processing, based on some condition?
>
> class foo {
>
> if $somecondition {
>
>
>
> }
>
> }
>
> Doesn't that do it inside the module for you?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Skipping a module
On Thu, Apr 7, 2011 at 3:28 PM, Douglas Garstang
wrote:
> I'd like to be able to always include all modules at the top level, but in
> certain modules, have some logic that uses extlookup to determine if it
> should be enabled. What's the best way to use if; then; else to exit a
> module, and stop processing, based on some condition?
class foo {
if $somecondition {
}
}
Doesn't that do it inside the module for you?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key type not working
On Thu, Apr 07, 2011 at 10:51:04AM -0700, Corey Osman wrote:
> puppet resource ssh_authorized_key (this returns nothing)
>
> puppet resource ssh_authorized_key username (this returns the following)
Hmm, yes, the ssh_authorized_key key parameter isn't the username. Though
that is not a very optimal error message.
If you change encryption to type, I had that working for me.
ssh_authorized_key{ "macbook-root":
ensure => present,
key =>
"B3NzaC1yc2EBIwAAAQEAxsDSms5CWF1iKlyCFLaPfs0It4dDXwhH1W2REzz7K/b5pXsOJyOzCHEO6odcHda039GHMc36rrkO6qOOQlU/6J6wZhqTc02P9OkkCcTT9404SCC5TMgXV+obdgMjNzIE5R46fC8buUO/sYcew31KBRhmvcahyvvqeHOXkj8jHYUw3IjI2+Yn+OczXjS23NMwGTc5dhEw+BLBeoIzNZ1+2bvzKZTtuadEF6WJcBDld7CoC65UFwiyO9Vls8O4PNrusObbgzD2RXp3UyX06tPQa/HACbhvPt3kqin061vvmXSW64GK47P6Pkvk5aS8YB2J4qLemKH3NjPx05gPWQ==",
name => "macbook pro key",
type => "ssh-rsa",
user =>"corey",
}
--
Ben Hughes || http://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: err: Could not retrieve configuration: Could not find hostname
I believe you will need with .24 a [puppetd] section (i subsequently looked up
the namespace name] in your puppet.conf file. This will tell puppet it should
also act as a client.
Cheers,
Den
On 08/04/2011, at 8:22, Saurval wrote:
>
> At the time of the last run I did not have a nodes.pp included in my
> configuration. I had added one with a node definition, but it has
> made no difference, I get the same error reported originally
>
> err: Could not retrieve configuration: Could not find
> jenkins.example.com with names jenkins.example.com, jenkins
> warning: Not using cache on failed configuration
>
> This is the node definition I added, though it prompted no change.
>
> node 'jenkins.example.com' inherits basenode {
>info('jenkins.example.com')
> }
>
> When I run puppetd or puppetmasterd with --genconfig my FQDN comes up
> as the default value for 'certname'. When I look at the certificate
> my 'CN= my FQDN' comes up as the Issuer and the Subject, so that seems
> to match just fine.
>
> I do not have a [client] section to my configuration, and I do not see
> one in my --genconfig output either.
>
> -Saurval
>
>
> On Apr 7, 5:38 pm, Denmat wrote:
>> Hi,
>> First is what name is defined in the node definition.
>> Then I would check the puppet.conf for the client settings (l think in .24
>> it is the [client] section).
>> After that ... I'd have to keep fiddling at the console.
>>
>> Cheers,
>>
>> On 08/04/2011, at 1:56, Saurval wrote:
>>
>>
>>
>>> I am on CentOS 5.4 running
>>> puppet-0.22.4-1.el5.rf
>>> puppet-server-0.22.4-1.el5.rf
>>
>>> I am a little stumped on this one.I imagine it is something simple
>>> I am missing. but basically the puppetmasterd cannot talk to a
>>> puppetd instance running as a client on the same host.
>>
>>> The error I am getting is essentially:
>>
>>> [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o --
>>> server=jenkins.example.com --test
>>> err: Could not retrieve configuration: Could not find
>>> jenkins.example.com with names jenkins.example.com, jenkins
>>> warning: Not using cache on failed configuration
>>
>>> After testing SSL with OpenSSL by hand, the handshake works, and it
>>> looks like everyone is using the same name in the subject name of the
>>> certificates. In fact, it looks like the puppet master is seeing the
>>> request, accepting SSL, but then still reporting the same error. Here
>>> is the debug output showing the response to the client's attempt to
>>> run seen above.
>>
>>> root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/
>>> puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log --
>>> bindaddress=10.131.125.85 --debug
>>> debug: puppet: Setting vardir to '/var/lib/puppet'
>>> debug: puppet: Setting logdir to '/var/log/puppet'
>>> debug: puppet: Setting rundir to '/var/run/puppet'
>>> debug: puppet: Setting ssldir to '$vardir/ssl'
>>> debug: puppetd: Setting classfile to '$vardir/classes.txt'
>>> debug: puppetd: Setting localconfig to '$vardir/localconfig'
>>> info: Starting server for Puppet version 0.22.4
>>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]:
>>> Autorequiring File[/var/lib/puppet/ssl/ca/private]
>>> debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]:
>>> Autorequiring File[/var/lib/puppet]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
>>> private_keys]: Autorequiring File[/var/lib/puppet/ssl]
>>> debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring
>>> File[/etc/puppet]
>>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]:
>>> Autorequiring File[/var/lib/puppet/ssl/ca]
>>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]:
>>> Autorequiring File[/var/lib/puppet/state]
>>> debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]:
>>> Autorequiring File[/var/lib/puppet/state]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
>>> csr_jenkins.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
>>> public_keys]: Autorequiring File[/var/lib/puppet/ssl]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
>>> private_keys/repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/
>>> puppet/ssl/private_keys]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private]:
>>> Autorequiring File[/var/lib/puppet/ssl]
>>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/inventory.txt]:
>>> Autorequiring File[/var/lib/puppet/ssl/ca]
>>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/serial]:
>>> Autorequiring File[/var/lib/puppet/ssl/ca]
>>> debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crl.pem]:
>>> Autorequiring File[/var/lib/puppet/ssl/ca]
>>> debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: Autorequiring
>>> File[/var/lib/puppet]
>>> debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/public_keys/
>>> repo.shermanstravel.com.p
Re: [Puppet Users] include parameterized classes?
Hi,
I believe that you can only do this in the node definition - though the
documentation doesn't specifically say this.
Cheers,
Den
On 07/04/2011, at 16:49, Jens Bräuer wrote:
> Hi all,
>
> i try to run a puppet-setup that is not based on hostnames, but facts i
> supply to facter. The idea is described here
> https://github.com/jordansissel/puppet-examples/blob/master/nodeless-puppet/README.rdoc,
> but a basic example would be
>
>
> if has_role("loadbalancer") {
> include loadbalancer::service
> } else {
> # Otherwise, this machine is not a loadbalancer
> include loadbalancer::remove
> }
>
>
> How am i able to bring this together with parameterized classes? For instance
> this will complain about redefinition of class 'haproxy'.
>
> ---
> class haproxy ($conf = "puppet:///modules/haproxy/proxy.conf") {
> }
>
> if has_role("loadbalancer") {
> class { 'haproxy': conf => "puppet://modules/haproxy/conf1" }
> } else {
> class { 'haproxy': conf => "puppet://modules/haproxy/conf2" }
> }
> ---
>
> How can i "import" parameterized classes? Is there a work-around?
>
> I am quiet new to puppet, so if i missed the obvious or google keywords,
> please point me to the right direction.
>
> Regards, Jens
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Skipping a module
I'd like to be able to always include all modules at the top level, but in certain modules, have some logic that uses extlookup to determine if it should be enabled. What's the best way to use if; then; else to exit a module, and stop processing, based on some condition? Doug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Setting puppetmaster modulepath from inside manifests
Hi, Don't like the sound of your predicament :) Could you use different module paths like you do with 'environments'. Traditionally these are used for 'production, testing, devel' but there in no limit on what you call them. Then the nodes subscribe to that particular environment that points to your specific module path. Everything remains in svn. Cheers, Den On 07/04/2011, at 11:45, Miki wrote: > Greetings all > Am trying to solve a problem, not entirely sure I'm approaching it > from the right angle. > > Setting up a reasonably big site (servercount in the four digits) with > puppetmaster and clients (puppet 2.6.x). We are required to have > versioned modules (base SOE module, app X module, app Y module, etc - > all with multiple classes etc inside) managed on an underlying SVN > repository. > > A requirement is that a node should be configured entirely within > node.pp, should not rely on extra per-server specifics added to > puppet.conf on either puppetmaster or agent ends > > Different nodes are required to have different versions of same > modules. > site.pp imports files with node definitions. Node definitions must end > up including a base class of a nominated version and any number of app > classes, each with its respective version. > > The approaches to choose from I'm aware of are: > [approach A] ALL versions of a module are simultaneously available to > all servers via one big ubercatalog. SVN trunk, as well as SVN tag > directories (containing historic versions of modules) are added to > modulepath on the puppetmaster via puppet.conf > > The node file then says: > include base-1.2.3 > > Problems with this approach: > 1. We can't have two versions of "base". We need to call them > differently. Thus, when a new SVN 'tag' is made, it needs to be > branched out, and all references inside - base::class::foo be changed > to base-1.2.3::class::foo in a multitude of places in the module. > Doing this manually is impractically tedious. Doing this automatically > is unacceptably risky. > 2. The catalog will keep getting lumpier and bloatier with time and > might someday reach a point where something breaks. > > [approach B] A node can cherry-pick its module version (injecting > manifest code into the node definition that tells puppetmaster to use > a custom modulepath?) > This sounds good, but how does one do this? > > [c] Scrap modules altogether and just import the correct manifests, > using the directory path to the manifests to nominate the SVN tag > directory with the right version, then doing: > include base > > > I don't like [c] (especially as my modules have both files and > templates that need to be referenced as well), but it's the only thing > I've managed to make work so far. > > Can anyone suggest how to make modules work to suit these > requirements? > > Much thanks :) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: err: Could not retrieve configuration: Could not find hostname
At the time of the last run I did not have a nodes.pp included in my
configuration. I had added one with a node definition, but it has
made no difference, I get the same error reported originally
err: Could not retrieve configuration: Could not find
jenkins.example.com with names jenkins.example.com, jenkins
warning: Not using cache on failed configuration
This is the node definition I added, though it prompted no change.
node 'jenkins.example.com' inherits basenode {
info('jenkins.example.com')
}
When I run puppetd or puppetmasterd with --genconfig my FQDN comes up
as the default value for 'certname'. When I look at the certificate
my 'CN= my FQDN' comes up as the Issuer and the Subject, so that seems
to match just fine.
I do not have a [client] section to my configuration, and I do not see
one in my --genconfig output either.
-Saurval
On Apr 7, 5:38 pm, Denmat wrote:
> Hi,
> First is what name is defined in the node definition.
> Then I would check the puppet.conf for the client settings (l think in .24 it
> is the [client] section).
> After that ... I'd have to keep fiddling at the console.
>
> Cheers,
>
> On 08/04/2011, at 1:56, Saurval wrote:
>
>
>
> > I am on CentOS 5.4 running
> > puppet-0.22.4-1.el5.rf
> > puppet-server-0.22.4-1.el5.rf
>
> > I am a little stumped on this one. I imagine it is something simple
> > I am missing. but basically the puppetmasterd cannot talk to a
> > puppetd instance running as a client on the same host.
>
> > The error I am getting is essentially:
>
> > [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o --
> > server=jenkins.example.com --test
> > err: Could not retrieve configuration: Could not find
> > jenkins.example.com with names jenkins.example.com, jenkins
> > warning: Not using cache on failed configuration
>
> > After testing SSL with OpenSSL by hand, the handshake works, and it
> > looks like everyone is using the same name in the subject name of the
> > certificates. In fact, it looks like the puppet master is seeing the
> > request, accepting SSL, but then still reporting the same error. Here
> > is the debug output showing the response to the client's attempt to
> > run seen above.
>
> > root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/
> > puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log --
> > bindaddress=10.131.125.85 --debug
> > debug: puppet: Setting vardir to '/var/lib/puppet'
> > debug: puppet: Setting logdir to '/var/log/puppet'
> > debug: puppet: Setting rundir to '/var/run/puppet'
> > debug: puppet: Setting ssldir to '$vardir/ssl'
> > debug: puppetd: Setting classfile to '$vardir/classes.txt'
> > debug: puppetd: Setting localconfig to '$vardir/localconfig'
> > info: Starting server for Puppet version 0.22.4
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]:
> > Autorequiring File[/var/lib/puppet/ssl/ca/private]
> > debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]:
> > Autorequiring File[/var/lib/puppet]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> > private_keys]: Autorequiring File[/var/lib/puppet/ssl]
> > debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring
> > File[/etc/puppet]
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]:
> > Autorequiring File[/var/lib/puppet/ssl/ca]
> > debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]:
> > Autorequiring File[/var/lib/puppet/state]
> > debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]:
> > Autorequiring File[/var/lib/puppet/state]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> > csr_jenkins.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> > public_keys]: Autorequiring File[/var/lib/puppet/ssl]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
> > private_keys/repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/
> > puppet/ssl/private_keys]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private]:
> > Autorequiring File[/var/lib/puppet/ssl]
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/inventory.txt]:
> > Autorequiring File[/var/lib/puppet/ssl/ca]
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/serial]:
> > Autorequiring File[/var/lib/puppet/ssl/ca]
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crl.pem]:
> > Autorequiring File[/var/lib/puppet/ssl/ca]
> > debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: Autorequiring
> > File[/var/lib/puppet]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/public_keys/
> > repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
> > public_keys]
> > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/requests]:
> > Autorequiring File[/var/lib/puppet/ssl/ca]
> > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs]:
> > Autorequiring File[/var/lib/puppet/ssl]
> > debug: /puppetcon
Re: [Puppet Users] err: Could not retrieve configuration: Could not find hostname
Hi, First is what name is defined in the node definition. Then I would check the puppet.conf for the client settings (l think in .24 it is the [client] section). After that ... I'd have to keep fiddling at the console. Cheers, On 08/04/2011, at 1:56, Saurval wrote: > > I am on CentOS 5.4 running > puppet-0.22.4-1.el5.rf > puppet-server-0.22.4-1.el5.rf > > I am a little stumped on this one.I imagine it is something simple > I am missing. but basically the puppetmasterd cannot talk to a > puppetd instance running as a client on the same host. > > The error I am getting is essentially: > > [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o -- > server=jenkins.example.com --test > err: Could not retrieve configuration: Could not find > jenkins.example.com with names jenkins.example.com, jenkins > warning: Not using cache on failed configuration > > After testing SSL with OpenSSL by hand, the handshake works, and it > looks like everyone is using the same name in the subject name of the > certificates. In fact, it looks like the puppet master is seeing the > request, accepting SSL, but then still reporting the same error. Here > is the debug output showing the response to the client's attempt to > run seen above. > > root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/ > puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log -- > bindaddress=10.131.125.85 --debug > debug: puppet: Setting vardir to '/var/lib/puppet' > debug: puppet: Setting logdir to '/var/log/puppet' > debug: puppet: Setting rundir to '/var/run/puppet' > debug: puppet: Setting ssldir to '$vardir/ssl' > debug: puppetd: Setting classfile to '$vardir/classes.txt' > debug: puppetd: Setting localconfig to '$vardir/localconfig' > info: Starting server for Puppet version 0.22.4 > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]: > Autorequiring File[/var/lib/puppet/ssl/ca/private] > debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]: > Autorequiring File[/var/lib/puppet] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ > private_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring > File[/etc/puppet] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]: > Autorequiring File[/var/lib/puppet/state] > debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]: > Autorequiring File[/var/lib/puppet/state] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ > csr_jenkins.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ > public_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ > private_keys/repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/ > puppet/ssl/private_keys] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private]: > Autorequiring File[/var/lib/puppet/ssl] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/inventory.txt]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/serial]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crl.pem]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: Autorequiring > File[/var/lib/puppet] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/public_keys/ > repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/ > public_keys] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/requests]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs]: > Autorequiring File[/var/lib/puppet/ssl] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private/ > password]: Autorequiring File[/var/lib/puppet/ssl/private] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca]: Autorequiring > File[/var/lib/puppet/ssl] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_key.pem]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/ > ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/signed]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crt.pem]: > Autorequiring File[/var/lib/puppet/ssl/ca] > debug: /puppetconfig/puppet/File[/var/lib/puppet/state]: Autorequiring > File[/var/lib/puppet] > debug: /puppetconfig/puppet/File[/var/lib/puppet/plugins]: > Autorequiring File[/var/lib/puppet] > debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/ > repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/ > certs] > debug: /puppetconfig/puppet/File[/v
[Puppet Users] include parameterized classes?
Hi all,
i try to run a puppet-setup that is not based on hostnames, but facts i supply
to facter. The idea is described here
https://github.com/jordansissel/puppet-examples/blob/master/nodeless-puppet/README.rdoc,
but a basic example would be
if has_role("loadbalancer") {
include loadbalancer::service
} else {
# Otherwise, this machine is not a loadbalancer
include loadbalancer::remove
}
How am i able to bring this together with parameterized classes? For instance
this will complain about redefinition of class 'haproxy'.
---
class haproxy ($conf = "puppet:///modules/haproxy/proxy.conf") {
}
if has_role("loadbalancer") {
class { 'haproxy': conf => "puppet://modules/haproxy/conf1" }
} else {
class { 'haproxy': conf => "puppet://modules/haproxy/conf2" }
}
---
How can i "import" parameterized classes? Is there a work-around?
I am quiet new to puppet, so if i missed the obvious or google keywords, please
point me to the right direction.
Regards, Jens
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] include vs parametrized classes?
Hi all,
i try to run a puppet-setup that is not based on hostnames, but facts
i supply to facter. The idea is described here
https://github.com/jordansissel/puppet-examples/blob/master/nodeless-puppet/README.rdoc,
but a basic example would be
if has_role("loadbalancer") {
include loadbalancer::service
} else {
# Otherwise, this machine is not a loadbalancer
include loadbalancer::remove
}
How am i able to bring this together with parameterized classes? For
instance this will complain about redefinition of class 'haproxy'.
---
class haproxy ($conf = "puppet:///modules/haproxy/proxy.conf") {
}
if has_role("loadbalancer") {
class { 'haproxy': conf => "puppet://modules/haproxy/conf1" }
} else {
class { 'haproxy': conf => "puppet://modules/haproxy/conf2" }
}
---
How can i "import" parameterized classes? Is there a work-around?
I am quiet new to puppet, so if i missed the obvious or google
keywords, please point me to the right direction.
Regards, Jens
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Setting puppetmaster modulepath from inside manifests
Greetings all Am trying to solve a problem, not entirely sure I'm approaching it from the right angle. Setting up a reasonably big site (servercount in the four digits) with puppetmaster and clients (puppet 2.6.x). We are required to have versioned modules (base SOE module, app X module, app Y module, etc - all with multiple classes etc inside) managed on an underlying SVN repository. A requirement is that a node should be configured entirely within node.pp, should not rely on extra per-server specifics added to puppet.conf on either puppetmaster or agent ends Different nodes are required to have different versions of same modules. site.pp imports files with node definitions. Node definitions must end up including a base class of a nominated version and any number of app classes, each with its respective version. The approaches to choose from I'm aware of are: [approach A] ALL versions of a module are simultaneously available to all servers via one big ubercatalog. SVN trunk, as well as SVN tag directories (containing historic versions of modules) are added to modulepath on the puppetmaster via puppet.conf The node file then says: include base-1.2.3 Problems with this approach: 1. We can't have two versions of "base". We need to call them differently. Thus, when a new SVN 'tag' is made, it needs to be branched out, and all references inside - base::class::foo be changed to base-1.2.3::class::foo in a multitude of places in the module. Doing this manually is impractically tedious. Doing this automatically is unacceptably risky. 2. The catalog will keep getting lumpier and bloatier with time and might someday reach a point where something breaks. [approach B] A node can cherry-pick its module version (injecting manifest code into the node definition that tells puppetmaster to use a custom modulepath?) This sounds good, but how does one do this? [c] Scrap modules altogether and just import the correct manifests, using the directory path to the manifests to nominate the SVN tag directory with the right version, then doing: include base I don't like [c] (especially as my modules have both files and templates that need to be referenced as well), but it's the only thing I've managed to make work so far. Can anyone suggest how to make modules work to suit these requirements? Much thanks :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can puppet client make immediate pull after a file's content change by user?
Hi, >> Are you trying to trigger a puppet run when a particular file changes? > Yes, this is what I exactly want to do. For example, if a user changes > /etc/hosts file (via vim for instance), it will be corrupted until the next > run. What if I don't want to wait until the next run? if a user can change /etc/hosts or any other system file, he must have root privileges. There is little you can do about it. We have a similar environment and it's nearly impossible to prevent users from doing things we don't want them to do... Ralf -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] err: Could not retrieve configuration: Could not find hostname
I am on CentOS 5.4 running puppet-0.22.4-1.el5.rf puppet-server-0.22.4-1.el5.rf I am a little stumped on this one.I imagine it is something simple I am missing. but basically the puppetmasterd cannot talk to a puppetd instance running as a client on the same host. The error I am getting is essentially: [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o -- server=jenkins.example.com --test err: Could not retrieve configuration: Could not find jenkins.example.com with names jenkins.example.com, jenkins warning: Not using cache on failed configuration After testing SSL with OpenSSL by hand, the handshake works, and it looks like everyone is using the same name in the subject name of the certificates. In fact, it looks like the puppet master is seeing the request, accepting SSL, but then still reporting the same error. Here is the debug output showing the response to the client's attempt to run seen above. root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/ puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log -- bindaddress=10.131.125.85 --debug debug: puppet: Setting vardir to '/var/lib/puppet' debug: puppet: Setting logdir to '/var/log/puppet' debug: puppet: Setting rundir to '/var/run/puppet' debug: puppet: Setting ssldir to '$vardir/ssl' debug: puppetd: Setting classfile to '$vardir/classes.txt' debug: puppetd: Setting localconfig to '$vardir/localconfig' info: Starting server for Puppet version 0.22.4 debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]: Autorequiring File[/var/lib/puppet/ssl/ca/private] debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ private_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring File[/etc/puppet] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/lib/puppet/state] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ csr_jenkins.example.com.pem]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ public_keys]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/ private_keys/repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/ puppet/ssl/private_keys] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/inventory.txt]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/serial]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crl.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/puppet/File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/public_keys/ repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/ public_keys] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/requests]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/private/ password]: Autorequiring File[/var/lib/puppet/ssl/private] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca]: Autorequiring File[/var/lib/puppet/ssl] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_key.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/ ca.pem]: Autorequiring File[/var/lib/puppet/ssl/certs] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/signed]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_crt.pem]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/puppet/File[/var/lib/puppet/state]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/puppet/File[/var/lib/puppet/plugins]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/certs/ repo.shermanstravel.com.pem]: Autorequiring File[/var/lib/puppet/ssl/ certs] debug: /puppetconfig/puppet/File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private]: Autorequiring File[/var/lib/puppet/ssl/ca] debug: /puppetconfig/puppet/File[/etc/puppet/namespaceauth.conf]: Autorequiring File[/etc/puppet] debug: /puppetconfig/puppet/File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet] debug: /puppetconfig/puppet/File[/var/lib/puppet/plugins]: File does not exist debug: /puppetconfig/puppe
[Puppet Users] troubleshooting storeconfig
Hi, I've configured the storeconfig for the exported resources and created the files based on the collected resources. It has been working fine until now then all in suddenly it stopped working. When I looked into the problem, other than looking inside the database or running the host with the debug mode, I couldn't find anywhere else with the useful information. Database seems to have been updated fine. No changes have been made which may relate to this problem as I recall. Could anyone advice how I shall troubleshoot the problem, where I shall look into? I'm running puppet 2.6.7 with mysql 5.0 on a Redhat 5 host. Thanks so much! Mizuki -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Gerenating client certs... where to put them?
http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security answer is buried in that link, All good to go now. Thanks On Apr 7, 8:22 am, trey85stang wrote: > When I generate a cert on the puppetmaster, where do I get the cert, > andwhere do I put them on the client so everything will work? > > Im prepping up for a deployment and have been looking through a lot of > threads on the best way to deal with this.. but I havent seen one that > says where to put the files on the client. and what I have tried so > far does not work. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Should @user with managehome also track the actual home directory?
One workaround is to also is to set user first to "absent" that will delete the user. Once that is done, create the user with "ensure -> present" and that will create user with correct home directory. Keep in mind that above doesn't delete a home directory either so all you really loose is the time that the user was deleted, which can be very short if you manually run puppet. I would consider this a bug, I think that a user without a home directory but explicitly set should have his directory created by puppet. On Thu, Apr 7, 2011 at 7:52 AM, jcbollinger wrote: > > > On Apr 6, 4:16 pm, Forrie wrote: > > > Sounds like a bug to me. A user with managehome => true but no home > > > directory should not be in sync. You may want to report this (or vote > on > > > the bug if it's been reported already). > > > > I wasn't able to find a bug similar to this based on the search > > criteria, so I filed bug #7002. > > > > > > > > > > In a virtual user configuration, what's the best way to ensure that > > > > the home directory is also present, in addition to the /etc/passwd > > > > entries (or, dependent on each other)? > > > > > I don't understand what the user's being virtual has to do with this, > > > please elaborate. > > > > What I mean is provided that "managehome" doesn't actually "manage" > > the directory after creation, what's a clever way to tie in this > > (somewhat obvious) dependency into the user creation/tracking. > > Perhaps with some wrapper around the call. > > > You are right, in the sense that you have accurately described the > relevant part of the meaning of the "managehome" parameter. You are > also right that this sense of "manage" is not quite what we usually > mean when we say that Puppet is managing something, thus the parameter > does have a somewhat unfortunate name. I don't personally account > this a bug, but we shall see what happens with ticket 7002. > > > > > A simple workaround is to wrap the user type in your own define. This > > > define will manage the home dir as a file type resource and you don't > > > use managehome at all. I think it's quite common to do that, since > > > people probably want to ensure the existence of .ssh/authorized_keys or > > > similar things as well. > > > > Thanks, yes I think I'm going to try doing this. > > > Indeed, I would not characterize this as a workaround at all. If you > want to manage a directory in the usual Puppet sense of the term, then > declaring a resource for it is the standard and appropriate way to > proceed. > > Do note also that User providers that support "managing" home > directories may do more than just create that directory when the user > is added. In particuar, they may initially populate the directory > with various files and subdirectories. If you are using the 'useradd' > provider (which is common), then you can find details in the manpage > of the 'useradd' program, and especially its -m option. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deploying puppet with puppet, best practices
A while ago, I noticed a *.spec file in the puppet distribution - but I think it was out of date. I could use that to distribute an RPM. Curious, do you separate out the client/server portions for installation or just install the whole thing on client systems. This will be different for us when/if we adopt Puppet Enterprise... and I'm curious how they manage the updates to that if at all. Thanks for all the helpful info, much appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Blank lines in conditional templates
Thank you! There were indeed spaces at the end of lines. Arthur -- Arthur Clune -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ssh_authorized_key type not working
I can't seem to get the authorized_key type to work at all on my systems. Below is my configuration that I used. I could have something missing but the examples I see make it difficult to compare. Additionally if I try and do the reverse using puppet resource nothing comes up: puppet resource ssh_authorized_key (this returns nothing) puppet resource ssh_authorized_key username (this returns the following) /usr/lib/ruby/site_ruby/1.8/puppet/type/ssh_authorized_key.rb:89:in `validate': undefined method `[]' for nil:NilClass (NoMethodError) from /usr/lib/ruby/site_ruby/1.8/puppet/type.rb:1738:in `initialize' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/resource/ral.rb:5:in `new' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/resource/ral.rb:5:in `find' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:193:in `find' from /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:50:in `find' from /usr/lib/ruby/site_ruby/1.8/puppet/application/resource.rb:79:in `main' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:295:in `run_command' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:287:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in `exit_on_fail' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:287:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:55:in `execute' from /usr/bin/puppet:4 My module's init.pp http://pastebin.com/4aBYjJQq Does anybody else have this working in their environment? Corey Osman -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Blank lines in conditional templates
On Apr 7, 3:27 am, Arthur Clune wrote: > On Thu, Apr 7, 2011 at 5:26 AM, Ben Hughes wrote: > > I tried to recreate this, but your mailer has munged all the lines to fit > > in 80 columns, so I can't tell where all the breaks should be, so can't > > test it. Could you pastie or similar it? > > Thanks for looking at this. I've put it up at gist > > https://gist.github.com/907330 > > I've tried various variations on the line layout but all seem to give > the same result: if the name isn't defined, I get a blank line rather > than no line at all. I haven't done much with ERB, but I used to work a lot with JSP, to which ERB seems very similar. In what follows, I take the somewhat risky approach of projecting JSP semantics onto ERB, so do take it with several grains of salt. I'm sure those more knowledgable about ERB itself will jump in where I err. 1. It is important to understand what the ERB processor is going to do with your template, which is basically to turn it inside out to yield a piece of executable Ruby code. Everything inside the ERB tags goes into the output as Ruby code (decorated, in the case of <%= %>), and everything outside gets turned into string literals and Ruby code to output them. 2. "Everything outside" the ERB tags includes literal newlines in your template, so normally those are echoed when the template is processed, subject to the Ruby control flow. This, I believe, is the basis for the comments I see in some ERB tutorials to the effect that "the standard <% %> tag pair will result in a newline being added to the output." I think that's incorrect. Reading the docs of the ERB class, I think it's actually a <% %> pair *followed by a newline* that results in a newline being added to the output -- and then only because the newline is present in the template. 3. ERB has a "trim mode" option, which in ERB dialects such as Rails' and Puppet's is enabled on a per-tag basis via the closing tag "-%>". Some describe trim mode simplistically as suppressing "the added newline", but ERB doesn't add a newline in the first place! The ERB docs themselves say something subtly different: "omit newline for lines ending in %>". In trim mode, then, ERB *modifies your template text* by removing certain newlines. 4. So the $64,000 question is this: which newlines will be removed from your template text? In particular, why weren't newlines removed where you expected? I strongly suspect that a close, literal reading of the ERB docs yields the answer. The newline is suppressed for lines *ending in* "%>", but not, one might interpret, for lines that have anything between the closing tag and the terminating newline. Say, for example, space characters. Check for trailing spaces in your template. Regards, John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] $environment in File source not working
Thanks guys, I only read READMEs and RELEASE NOTES when it does not work :) On Wed, Apr 6, 2011 at 11:55 PM, Nigel Kersten wrote: > On Wed, Apr 6, 2011 at 8:51 PM, Tony G. wrote: > >> Not completely related, but I was under the impression that clients >> shouldn't be higher than the masters, did that change on newer versions? > > No, it hasn't changed, it's not supported, even though it may work fine. > > Always upgrade the master first. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Should @user with managehome also track the actual home directory?
On Apr 6, 4:16 pm, Forrie wrote: > > Sounds like a bug to me. A user with managehome => true but no home > > directory should not be in sync. You may want to report this (or vote on > > the bug if it's been reported already). > > I wasn't able to find a bug similar to this based on the search > criteria, so I filed bug #7002. > > > > > > In a virtual user configuration, what's the best way to ensure that > > > the home directory is also present, in addition to the /etc/passwd > > > entries (or, dependent on each other)? > > > I don't understand what the user's being virtual has to do with this, > > please elaborate. > > What I mean is provided that "managehome" doesn't actually "manage" > the directory after creation, what's a clever way to tie in this > (somewhat obvious) dependency into the user creation/tracking. > Perhaps with some wrapper around the call. You are right, in the sense that you have accurately described the relevant part of the meaning of the "managehome" parameter. You are also right that this sense of "manage" is not quite what we usually mean when we say that Puppet is managing something, thus the parameter does have a somewhat unfortunate name. I don't personally account this a bug, but we shall see what happens with ticket 7002. > > A simple workaround is to wrap the user type in your own define. This > > define will manage the home dir as a file type resource and you don't > > use managehome at all. I think it's quite common to do that, since > > people probably want to ensure the existence of .ssh/authorized_keys or > > similar things as well. > > Thanks, yes I think I'm going to try doing this. Indeed, I would not characterize this as a workaround at all. If you want to manage a directory in the usual Puppet sense of the term, then declaring a resource for it is the standard and appropriate way to proceed. Do note also that User providers that support "managing" home directories may do more than just create that directory when the user is added. In particuar, they may initially populate the directory with various files and subdirectories. If you are using the 'useradd' provider (which is common), then you can find details in the manpage of the 'useradd' program, and especially its -m option. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: add ssh key to several user accounts
Hi again,
I've been thinking a little more and got more ideas, but I
don't know if they're possible, so I'll appreciate some expert opinion
on them:
1.-) modify authorized_key provider (create my own) where user
param accepts an array of elements (users)
user => [ 'user1' , 'user2' , ...]
I'm not sure if this is correct (or even possible, I don't know all
puppet types, but I don't remember any param that accepts and array
and forces the execution of the provider several times ).
2.-) New type/provider where name is user in place of ssh_key.
Something like:
my_own_ssh_authorized_key { ' [ 'user1', 'user2', 'user3' ] :
source => me@mycomputer
key => jkladbglbsdlgb
type=>
}
this makes more sense as the provider will be called for each user, and
the code seems easy to implement (I'm ruby begginer) cause is an
adaptaion of current type/provider
Any advice?
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sourceselect & multiple sources not working
On Thu, Apr 7, 2011 at 3:04 PM, Felix Frank wrote:
> note here http://docs.puppetlabs.com/references/stable/type.html#file
> that sourceselect "is only used in recursive copies".
>
ah ok. thanks
Single files cannot be merged. After all, how would you define the merge
> of two files?
>
concat :p - i.e. append file contents to each in the order they are listed
> If you want to concatenate the files, you may want to abuse the
> template() function for that. But please don't ;-)
>
I did come across this too - http://projects.puppetlabs.com/issues/5158, and
implemented this:
custom function added:
module Puppet::Parser::Functions
newfunction(:cat, :type => :rvalue) do |args|
args.join("")
end
end
files then uses content:
content => cat(file("/etc/puppet/modules/app/files/sysconfig-base"),
file("/etc/puppet/modules/app/files/$env/sysconfig.$hostname")),
Just need to add in some path detection or some variable so that I don't
have to specify the path the files (is there a variable available that gives
$module_path? )
brett
> Regards,
> Felix
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PSON! Grrr!
Hullo, On 04/06/2011 04:54 PM, Douglas Garstang wrote: Because the correct combination of packages isn't always available as RPM's. This is a production environment. We don't install anything from gem's. As you mentioned you are using Centos 5.5 this might not be too helpful to you but we have in http://puias.princeton.edu/data/puias/unsupported/6/ repo passenger rpms that do work for RHEL6 or clones (for at least 2 separate apache+passenger installations) - no dead chickens or tu-tus required... While we also have an older passenger for 5 I have no idea if it will run with current puppet (we've moved on to 6). Josko P. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Gerenating client certs... where to put them?
When I generate a cert on the puppetmaster, where do I get the cert, andwhere do I put them on the client so everything will work? Im prepping up for a deployment and have been looking through a lot of threads on the best way to deal with this.. but I havent seen one that says where to put the files on the client. and what I have tried so far does not work. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] sourceselect & multiple sources not working
Hi, On 04/07/2011 02:44 PM, Brett Cave wrote: > Hi, > > I am trying to configure a file resource with multiple sources, and > browsing list archives and forums seems to indicate that sourceselect > parameter with an array for the source param. But the final file gets > created using the first matching parameter in the array. note here http://docs.puppetlabs.com/references/stable/type.html#file that sourceselect "is only used in recursive copies". Single files cannot be merged. After all, how would you define the merge of two files? If you want to concatenate the files, you may want to abuse the template() function for that. But please don't ;-) Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?
> Something similar and maybe easier would be monit. > > Cheers, Hi Denmat I had a quick look at monit and it looks really good. Thanks for your answer and suggestion. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] sourceselect & multiple sources not working
Hi,
I am trying to configure a file resource with multiple sources, and browsing
list archives and forums seems to indicate that sourceselect parameter with
an array for the source param. But the final file gets created using the
first matching parameter in the array.
file { '/etc/sysconfig/myconfig':
sourceselect=> all,
source => [
"puppet:///modules/app/$env/sysconfig.$hostname",
"puppet:///modules/app/sysconfig-base"
],
owner => 'someuser',
group => 'somegroup',
mode=> '0664',
require => Package['app'],
}
If i set source to either 1 or the other, instead of an array, it works as
expected. by swapping the 2 array elements around, i get either the hostname
version only, or the base version only, but the content is never merged (i
get the content of the first element).
Is this the correct way to have multiple source files merged?
puppet / puppet-master version (RHEL rpm): 2.6.6-0.5
brett
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SSL issues: Separate CA, multiple load balanced masters
Ohad, I can't thank you enough for that tip. Solved every error that was occurring by disabling CRL. I realise this is not desirable, so I will get my init scripts generating separate certificates for the puppet agent running on the masters. Again, thank you very much. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SSL issues: Separate CA, multiple load balanced masters
On Thu, Apr 7, 2011 at 10:03 AM, Andrei Serdeliuc wrote: > It now seems to work, I was doing 2 things wrong: not restarting Apache > (the master runs under apache + passenger) after certificates were > generated. That fixed the initial SSL error (apache was using an older > certificate, the ones generated didn't match, etc). > > All works fine now, unless I try to get the masters to use themselves as > masters. If I configure the masters to use the CA server as a master, puppet > agent works fine. If I point the masters to the load balancer in front of > the masters, puppet agent throws the same annoying SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > > Any tips on that? > Either disable CRL or set a new certificate for your puppet client (which is running on your master). > > Thanks > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?
Hi, Something similar and maybe easier would be monit. Cheers, On 07/04/2011, at 19:26, John Chris Richards wrote: >> You can probably use inotify it something similar for this functionality > > Hi Scott > > I saw your post just now and I am sorry for this late answer. > I also thank you very much too for your answer. > > Hence from your post I conclude that puppet does not handle these type > problems so I should use an external solution (like inotfy). > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Blank lines in conditional templates
It's been suggested that I just create the output string in code, which works fine. I've put a working version in the gist. > https://gist.github.com/907330 -- Arthur Clune art...@clune.org -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can puppet client make immediate pull after a file's content change by user?
> You can probably use inotify it something similar for this functionality Hi Scott I saw your post just now and I am sorry for this late answer. I also thank you very much too for your answer. Hence from your post I conclude that puppet does not handle these type problems so I should use an external solution (like inotfy). -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: add ssh key to several user accounts
On Thu, 7 Apr 2011 02:07:52 -0700 (PDT)
ccm ccm wrote:
> Hey.
Hi ccm.
> have a look at my last posting:
>
> http://groups.google.com/group/puppet-users/browse_thread/thread/d74262daca8c0e8f
>
> I wrote a small wrapper that might help you here.
Nice, but how to add same key to several accounts?
cause in your last example:
$team = [ 'ad...@domain.tld', 'us...@domain.tld' ]
sshauthkeys{ user2: keys => $team }
sshauthkeys{ user3: keys => $team }
I have to define user2/3/ so I'll have to define my 1500 accounts,
am I right? or am I missunderstanding your code?
> Best,
>
> ccm.
Thanks!
Arnau
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: add ssh key to several user accounts
Hey. have a look at my last posting: http://groups.google.com/group/puppet-users/browse_thread/thread/d74262daca8c0e8f I wrote a small wrapper that might help you here. Best, ccm. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] add ssh key to several user accounts
Hi all,
I'd like to add one ssh_key to several (1500) user accounts.
Accounts share some prefix, so I was thinking on a regular expression,
but after reading language_guide, I understood that I cannot use
reg.expr for that.
So, I have a couple of ideas:
1.) define authorized_keys file like:
file { [ '/home/XXXuser1' , '/home/XXXuser2' ] :
content => $key,
mode=> ...
2.-) exec some kind of script which creates the .ssh dir and adds
content.
3.-) define 1500 authorized keys
Anyone could give more elegant/efficient ideas for this purpose?
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Blank lines in conditional templates
On Thu, Apr 7, 2011 at 5:26 AM, Ben Hughes wrote: > I tried to recreate this, but your mailer has munged all the lines to fit > in 80 columns, so I can't tell where all the breaks should be, so can't > test it. Could you pastie or similar it? Thanks for looking at this. I've put it up at gist https://gist.github.com/907330 I've tried various variations on the line layout but all seem to give the same result: if the name isn't defined, I get a blank line rather than no line at all. Arthur -- Arthur Clune art...@clune.org -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Node classifier not loading any defined classes
On 04/06/2011 09:16 PM, Chad wrote: > Well I kind of figured it out (though not how I like). > > I had to move these lines > > node_terminus = exec > external_nodes = /.foo/bin/puppet_node_classifier.sh > > out of my [development] area into my [main] in puppet.conf. > > Once I did that I was able to use the external classifier (though I only > wanted it in development). Hi, looking at http://projects.puppetlabs.com/projects/1/wiki/Using_Multiple_Environments, I cannot see any indication that those settings are per-environment. I disbelieve that environments are meant to be independent configuration overrides. They merely provide you with the means to have independent clones of your manifests and modules. Regards, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] certdnsname being ignored when having separate CA?
Hi, I have a separate CA server. On each master I've configured in puppet.conf certdnsname to the domains the masters will be accessed as, but the signed certificates don't seem to reflect that (openssl x509 -text -in ...). The CA server has certdnsname configured as well, and it's signed certificate does reflect it. Does the certdnsname option only apply when the master acts as CA? Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SSL issues: Separate CA, multiple load balanced masters
It now seems to work, I was doing 2 things wrong: not restarting Apache (the master runs under apache + passenger) after certificates were generated. That fixed the initial SSL error (apache was using an older certificate, the ones generated didn't match, etc). All works fine now, unless I try to get the masters to use themselves as masters. If I configure the masters to use the CA server as a master, puppet agent works fine. If I point the masters to the load balancer in front of the masters, puppet agent throws the same annoying SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Any tips on that? Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
