Re: [Puppet Users] Re: Mutliple custom facts not showing in facter

[James Turnbull]

Cody Robertson wrote:
 I've only tested this on 1.5.8 where it worked. Upgraded to 1.5.9rc5 and it 
 appears broken. 
 

Can one of you please log a ticket for this - we'd obviously like to fix
it before we release Facter 1.5.9.

Thanks

James

-- 
James Turnbull
Puppet Labs
1-503-734-8571

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: troubleshooting storeconfig

[Felix Frank]

Hi,

On 04/08/2011 10:20 PM, mizuki wrote:
 I started looking into detail level inside the database, and run
 puppetmasterd in debug as well...
 Noticed the resources were exported from the individual hosts, but
 didn't update the host (who suppsed to collect those resources) with the
 exported resources' information in db.
 Meanwhile puppetmasterd didn't report any errors, the host got all
 changes except populating exported resource.
 
 Do I want to trace the database to find why it didn't updated the db
 properly or somewhere else I shall look into?

what resources are being exported and how exactly do you collect them?
(Please share manifest excerpts.)

This is probably going to fall into the how did that ever work?
category, but you're going to have to solve this problem bottom-up.

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Node classifier not loading any defined classes

[Felix Frank]

On 04/10/2011 11:46 AM, John Warburton wrote:
 On 8 April 2011 19:09, Felix Frank felix.fr...@alumni.tu-berlin.de
 mailto:felix.fr...@alumni.tu-berlin.de wrote:
 
  *Parts* of your modules.  You can't have custom resource types or
 custom
  functions per environment.  And that sucks.
 
 You can't? Is there a bug for this that I can vote on?
 
 http://projects.puppetlabs.com/issues/4409

Thrilling read ;)

Voted up - thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Certificate Issues.... again

[Felix Frank]

On 04/11/2011 12:20 AM, Douglas Garstang wrote:
 I don't know what it is with puppet's certificates, but once again, they
 are behaving strangely.
 
 Client is reporting:
 debug: Using cached certificate for auth01.fre.livegamer.com
 http://auth01.fre.livegamer.com
 /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:166:in `certificate'
 /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:227:in `wait_for_cert'
 /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:194:in `setup_host'
 /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:257:in `setup'
 /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run'
 /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in `exit_on_fail'
 /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run'
 /usr/sbin/puppetd:4
 err: Could not request certificate: Retrieved certificate does not match
 private key; please remove certificate from server and regenerate it
 with the current key
 
 I:
 Stopped puppet on client
 Removed /var/lib/puppet on client
 Cleaned certificate on server
 Restarted server
 Started puppet on client
 
 and again it occurs. It doesn't happen every time, but often does after
 the first install of a new system. Also, puppet will be part way through
 it's process, and then report the certificates are not valid. Performing
 the above steps _usually_ fixes it.

Hi,

this sounds weird. Are you sure you're not loosing the key on your
agents somehow?

If so, you may want to establish logging like once an hour, dump a hash
of my priv key to syslog.

You're either loosing your key, or the certificates on your master get
replaced somehow at some point. Which would be equally startling.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Can I read a file from a template?

[Allan Clark]

 Hi Allan, would mind sharing a piece of manifest/template showing how
 I can use that statement?


The below code will look for the files mentioned in $filelist inside
the files directory of the module some_module
and import the contents of the file in to the template. In my case
each file contains a single line so it works out
rather well.

Hope this helps.

Allan

$filelist = [ 'file1.txt', 'file2.txt']

% filelist.sort.each do |my_file| -%
%
File.open(Puppet::Module::find_template(some_module/+my_file)).each
{ |line| _erbout  line } -%
% end -%

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Mutliple custom facts not showing in facter

[Ohad Levy]

git bisect is a great way to figure out which commit broke it.

Ohad

On Mon, Apr 11, 2011 at 9:45 AM, Cody Robertson c...@hawkhost.com wrote:

 I'll test it on more versions tomorrow to see if I can pinpoint exactly
 where the change happened: http://projects.puppetlabs.com/issues/7039

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet dashboard performance issue

[Vincent]

Hello,

since the last upgrade to V1.1.0
The dashboard is very slow

I notice this slow queries in the log :

  Node Load (14178.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
`reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
AND reports.status != 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
nodes.id
  Node Load (13149.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
`reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
AND reports.status = 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
nodes.id


How can i optimize the DB ?

Vincent

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet dashboard performance issue

[Mohamed Lrhazi]

There's some rake tasks, and other things,  suggested here:
https://github.com/puppetlabs/puppet-dashboard

On Mon, Apr 11, 2011 at 5:29 AM, Vincent vlouvi...@gmail.com wrote:
 Hello,

 since the last upgrade to V1.1.0
 The dashboard is very slow

 I notice this slow queries in the log :

  Node Load (14178.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
 `reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
 AND reports.status != 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
 nodes.id
  Node Load (13149.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
 `reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
 AND reports.status = 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
 nodes.id


 How can i optimize the DB ?

 Vincent

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Can I read a file from a template?

[Mohamed Lrhazi]

Great thanks a lot.

On Mon, Apr 11, 2011 at 4:54 AM, Allan Clark napt...@gmail.com wrote:
 Hi Allan, would mind sharing a piece of manifest/template showing how
 I can use that statement?


 The below code will look for the files mentioned in $filelist inside
 the files directory of the module some_module
 and import the contents of the file in to the template. In my case
 each file contains a single line so it works out
 rather well.

 Hope this helps.

 Allan

 $filelist = [ 'file1.txt', 'file2.txt']

 % filelist.sort.each do |my_file| -%
 %
 File.open(Puppet::Module::find_template(some_module/+my_file)).each
 { |line| _erbout  line } -%
 % end -%

 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Mysql user removal problems

[Ashley Penney]

Hi,

I'm using duritong's puppet module and I've run into a bizarre issue after
migrating to it that I cannot resolve and I thought I'd take it to the list
in the hope someone can help.

The error I get from a run is:

info: Retrieving plugin
info: Loading facts in dell
info: Loading facts in apache-ports
info: Loading facts in mysql
info: Loading facts in location
info: Loading facts in convera
info: Loading facts in dell
info: Loading facts in apache-portsinfo: Loading facts in mysql
info: Loading facts in location
info: Loading facts in convera
info: Caching catalog for hlstestidm1.law.harvard.edu
err: Could not run Puppet configuration client: Invalid parameter defaults
at
/etc/puppet/modules/development/mysql/manifests/server/account_security.pp:12

That file is:



class mysql::server::account_security {
   # some installations have some default users which are not required.
   # We remove them here. You can subclass this class to overwrite this
behavior.
   #mysql_user{ [ root@${fqdn}, root@127.0.0.1, @${fqdn},
@localhost, @% ]:
 #ensure = absent,
   #  require = Service['mysqld'],
   #}

mysql_user { root@${fqdn}:
ensure = absent,
require = Service['mysqld'],
}

}



I think the issue is something to do with mysql_user not allowing ensure to
be used, but the error message doesn't really help.  Running puppetd -tvd
didn't add any extra information to help me nail this down.

For reference the mysql_user type is:

--

# This has to be a separate type to enable collecting
Puppet::Type.newtype(:mysql_user) do
  @doc = Manage a database user.
  ensurable
  newparam(:name) do
desc The name of the user. This uses the 'username@hostname' form.

validate do |value|
  if value.split('@').first.size  16
raise ArgumentError,
  MySQL usernames are limited to a maximum of 16 characters
  else
super
  end
end
  end

  newproperty(:password_hash) do
desc The password hash of the user. Use mysql_password() for creating
such a hash.
  end
end

---

and the provider for mysql_user:

require 'puppet/provider/package'

Puppet::Type.type(:mysql_user).provide(:mysql,
# T'is funny business, this code is quite generic
:parent = Puppet::Provider::Package) do

desc Use mysql as database.
commands :mysql = '/usr/bin/mysql'
commands :mysqladmin = '/usr/bin/mysqladmin'

# retrieve the current set of mysql users
def self.instances
users = []

cmd = #{command(:mysql)} mysql -NBe 'select concat(user,
\@\, host), password from user'
execpipe(cmd) do |process|
process.each do |line|
users  new( query_line_to_hash(line) )
end
end
return users
end

def self.query_line_to_hash(line)
fields = line.chomp.split(/\t/)
{
:name = fields[0],
:password_hash = fields[1],
:ensure = :present
}
end

def mysql_flush
mysqladmin flush-privileges
end

def query
result = {}

cmd = #{command(:mysql)} -NBe 'select concat(user, \@\,
host), password from user where concat(user, \@\, host) = \%s\' %
@resource[:name]
execpipe(cmd) do |process|
process.each do |line|
unless result.empty?
raise Puppet::Error,
Got multiple results for
user '%s' % @resource[:name]
end
result = query_line_to_hash(line)
end
end
result
end

def create
mysql mysql, -e, create user '%s' identified by
PASSWORD '%s' % [ @resource[:name].sub(@, '@'),
@resource.should(:password_hash) ]
mysql_flush
end

def destroy
mysql mysql, -e, drop user '%s' %
@resource[:name].sub(@, '@')
mysql_flush
end

def exists?
not mysql(mysql, -NBe, select '1' from user where
CONCAT(user, '@', host) = '%s' % @resource[:name]).empty?
end

def password_hash
@property_hash[:password_hash]
end

def password_hash=(string)
mysql mysql, -e, SET PASSWORD FOR '%s' = '%s' % [
@resource[:name].sub(@, '@'), string ]
mysql_flush
end
end

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 

Re: [Puppet Users] ANNOUNCE: Puppet Dashboard 1.1.0rc3

[Thomas Bendler]

Hi Matt,

2011/4/8 Matt Robinson m...@puppetlabs.com

 [...]
 We definitely appreciate any help testing RC's and releases, so I look
 forward to your feedback.
 [...]


Ok, here it is (CentOS 5.6 system). I've changed:

su -s /bin/sh -c ${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}
${DASHBOARD_USER} 

to:

su -s /bin/sh -c ${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}
/dev/null 21 ${DASHBOARD_USER} 

in /etc/init.d/puppet-dashboard. Otherwise my console is messed up with
error logs and I can't log out without loosing puppet-dashboard. /dev/null
could be replaced by a log file wich should be part of logrotate.

Regards, Thomas

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet dashboard performance issue

[Vincent]

Thanks

I have make the
rake RAILS_ENV=production db:raw:optimize
and  in the my.cnf
query_cache_size = 2000

Its really better

Vincent

On 11 avr, 14:26, Mohamed Lrhazi lrh...@gmail.com wrote:
 There's some rake tasks, and other things,  suggested 
 here:https://github.com/puppetlabs/puppet-dashboard







 On Mon, Apr 11, 2011 at 5:29 AM, Vincent vlouvi...@gmail.com wrote:
  Hello,

  since the last upgrade to V1.1.0
  The dashboard is very slow

  I notice this slow queries in the log :

   Node Load (14178.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
  `reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
  AND reports.status != 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
  nodes.id
   Node Load (13149.9ms)   SELECT `nodes`.* FROM `nodes` INNER JOIN
  `reports` ON reports.node_id = nodes.id WHERE ((reports.kind = 'apply'
  AND reports.status = 'failed') AND (`nodes`.`hidden` = 0)) GROUP BY
  nodes.id

  How can i optimize the DB ?

  Vincent

  --
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com.
  To unsubscribe from this group, send email to 
  puppet-users+unsubscr...@googlegroups.com.
  For more options, visit this group 
  athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Getting client information instantly

[jcbollinger]

On Apr 10, 5:12 pm, John Chris Richards
john.chris.richa...@gmail.com wrote:
 Hi all

 I wanna take a list of running services on the client instantly. Can I
 do this with puppet?

Not really, no.  Puppet does not query client nodes, neither on a
schedule nor on demand, and it does not track information about
resources (such as Services) that are not managed for the node in
question.

 For example, is it possible to write a custom facter and send it to
 the client so I can get the running services information whenever I
 want via REST. Is my logic correct?

No, your logic is not correct.  You could certainly write a custom
fact that collects information about the services running on a client,
but that will not allow you to obtain an up-to-date result on demand.
The client will publish the fact value every time it requests a
catalog from the master (every 30 minutes by default), and there are
several ways you could cause the master to store that information
somewhere, but that's not the same thing.

Or there is another thing to solve
 this problem?

Not in full generality, no, because there's no reliable way to
determine what processes running on the client are services.

Basically, you can do something like this:

ssh root@node -c ps -e

, which gives you all running processe without distinguishing what
might be a service (whatever that means to you).  Or you can do
something like this:

ssh root@node -c for s in $(/sbin/chkconfig --list); do /sbin/
service $s status; done

, which tells you (on a system with chkconfig) which registered
services are running, as judged by their initscripts' status
command.  That doesn't tell you anything about unregistered services,
however, and it may not be 100% reliable for registered ones.

Or you can write a custom service inquiry script of any complexity you
desire, push it out to clients with Puppet, and run it at need.

MCollective might provide a convenient interface for issuing the
remote commands (instead of ssh -c), but it doesn't solve the
underlying problem of how to determine what services are running.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Error sending reports to dashboard

[Patrick]

Bump.  Anyone know the answer?  Can puppet use https to post reports?  I'm 
having trouble sending reports using https too, although I haven't yet found 
anything useful in the logs.

On Mar 21, 2011, at 9:41 PM, Mohamed Lrhazi wrote:

 I enabled debug log level in apache virtual and it seems like
 puppetmaster is trying to speak http, instead of https.
 Is https not supported for posting reports?
 
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1819): OpenSSL:
 read 11/11 bytes from BIO#2b225d284100 [mem: 2b225d2f9650] (BIO dump
 follows)
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1766):
 +-+
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1791): | : 50
 4f 53 54 20 2f 72 65-70 6f 72 POST /repor  |
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1797):
 +-+
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_kernel.c(1838): OpenSSL:
 Exit: error in SSLv2/v3 read client hello A
 [Tue Mar 22 00:39:43 2011] [info] [client 141.161.245.113] SSL
 handshake failed: HTTP spoken on HTTPS port; trying to send HTML error
 page
 [Tue Mar 22 00:39:43 2011] [info] SSL Library Error: 336027804
 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
 speaking HTTP to HTTPS port!?
 
 
 
 On Tue, Mar 22, 2011 at 12:28 AM, Mohamed Lrhazi lrh...@gmail.com wrote:
 If I run the dash-board directly, with built-in web-server, on default
 port, and remove the reporturl , reports are posted successfully!
 
 Any idea what I am missing for a behind apache/Phusion setup?
 
 Thanks a lot.
 Mohamed.
 
 On Mon, Mar 21, 2011 at 7:12 PM, Mohamed Lrhazi lrh...@gmail.com wrote:
 [master]
  reports = log, store, http
  reporturl = https://puppet-test.uis.example.com/reports/upload
 
 am running dashboar in the same host as puppetmaster, which is
 puppet-test, both behind apache/phusion.
 
 reports fail and master logs:
 
  Report http failed: wrong status line: !DOCTYPE HTML PUBLIC
 \-//IETF//DTD HTML 2.0//EN\
 
 How can I furthe rdebug this? am using dashboard for a github checkout
 and puppet 2.6.3
 
 
 Thanks a lot.
 Mohamed.
 
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Error sending reports to dashboard

[Mohamed Lrhazi]

I did not find any reference I just added a second apache virtual
server  to do http on port 80.

On Mon, Apr 11, 2011 at 12:14 PM, Patrick kc7...@gmail.com wrote:
 Bump.  Anyone know the answer?  Can puppet use https to post reports?  I'm 
 having trouble sending reports using https too, although I haven't yet found 
 anything useful in the logs.

 On Mar 21, 2011, at 9:41 PM, Mohamed Lrhazi wrote:

 I enabled debug log level in apache virtual and it seems like
 puppetmaster is trying to speak http, instead of https.
 Is https not supported for posting reports?

 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1819): OpenSSL:
 read 11/11 bytes from BIO#2b225d284100 [mem: 2b225d2f9650] (BIO dump
 follows)
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1766):
 +-+
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1791): | : 50
 4f 53 54 20 2f 72 65-70 6f 72                 POST /repor      |
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_io.c(1797):
 +-+
 [Tue Mar 22 00:39:43 2011] [debug] ssl_engine_kernel.c(1838): OpenSSL:
 Exit: error in SSLv2/v3 read client hello A
 [Tue Mar 22 00:39:43 2011] [info] [client 141.161.245.113] SSL
 handshake failed: HTTP spoken on HTTPS port; trying to send HTML error
 page
 [Tue Mar 22 00:39:43 2011] [info] SSL Library Error: 336027804
 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request
 speaking HTTP to HTTPS port!?



 On Tue, Mar 22, 2011 at 12:28 AM, Mohamed Lrhazi lrh...@gmail.com wrote:
 If I run the dash-board directly, with built-in web-server, on default
 port, and remove the reporturl , reports are posted successfully!

 Any idea what I am missing for a behind apache/Phusion setup?

 Thanks a lot.
 Mohamed.

 On Mon, Mar 21, 2011 at 7:12 PM, Mohamed Lrhazi lrh...@gmail.com wrote:
 [master]
  reports = log, store, http
  reporturl = https://puppet-test.uis.example.com/reports/upload

 am running dashboar in the same host as puppetmaster, which is
 puppet-test, both behind apache/phusion.

 reports fail and master logs:

  Report http failed: wrong status line: !DOCTYPE HTML PUBLIC
 \-//IETF//DTD HTML 2.0//EN\

 How can I furthe rdebug this? am using dashboard for a github checkout
 and puppet 2.6.3


 Thanks a lot.
 Mohamed.



 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.


 --
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Mutliple custom facts not showing in facter

[Cody Robertson]

On 04/11/2011 05:03 AM, Ohad Levy wrote:

git bisect is a great way to figure out which commit broke it.

Ohad

On Mon, Apr 11, 2011 at 9:45 AM, Cody Robertson c...@hawkhost.com 
mailto:c...@hawkhost.com wrote:


I'll test it on more versions tomorrow to see if I can pinpoint
exactly where the change happened:
http://projects.puppetlabs.com/issues/7039

-- 
You received this message because you are subscribed to the Google

Groups Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com
mailto:puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com
mailto:puppet-users%2bunsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.

To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


I went ahead and gave it a whirl and it appears to have done the job in 
finding which commit introduced the change. Thanks for the tip!


--
Cody Robertson
1-800-859-8803 ext. 5

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ActiveRecord/Puppet error? Missing mysql2 gem.

[Josh]

Hi,

Building a new 2.7+storeconfigs+passenger puppetmaster and running
into a problem:

$ puppetd --server puppetmaster --verbose --waitforcert 60 --
environment=blah --test
notice: Ignoring --listen on onetime run
err: Could not retrieve catalog from remote server: Error 400 on
SERVER: !!! Missing the mysql2 gem. Add it to your Gemfile: gem
'mysql2'
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Other [maybe] relevant information:

$ rpm -qa | grep puppet
puppet-server-2.6.7-1.el6.noarch
puppet-2.6.7-1.el6.noarch


~$ gem list

*** LOCAL GEMS ***

abstract (1.0.0)
actionmailer (3.0.5)
actionpack (3.0.5)
activemodel (3.0.5)
activerecord (3.0.5)
activeresource (3.0.5)
activesupport (3.0.5)
arel (2.0.9)
builder (3.0.0, 2.1.2)
bundler (1.0.10)
daemon_controller (0.2.6)
erubis (2.6.6)
fastthread (1.0.7)
file-tail (1.0.5)
i18n (0.5.0)
mail (2.2.15)
mime-types (1.16)
mysql2 (0.2.7)
passenger (3.0.5)
polyglot (0.3.1)
rack (1.2.2)
rack-mount (0.6.13)
rack-test (0.5.7)
rails (3.0.5)
railties (3.0.5)
rake (0.8.7)
spruz (0.2.5)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.25)

Any idea on how to solve this problem?

Thanks,

Josh

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Problem with pushing ssh_authorized_keys

[Forrie]

I had to write up a quick *.pp to push out SSH keys for our nagios
user, while I work on a better solution for managing these.   To my
surprise, I found multiples (100 or more?) of the same key in the
authorized_keys file, which is definitely wrong.   I'm including the
simple code below -- can someone please advise me on what the problem
is??

The section that handles the virtual user seems to be fine.

Thanks in advance...



class nagios-ssh-keys {

file { /home/nagios/.ssh:
require  = User[nagios],
ensure   = directory,
owner= nagios,
group= staff,
mode = 700,
}

ssh_authorized_key { nagios:
ensure   = present,
key  = [snip]== nagios@host,
user = nagios,
type = ssh-dss,
# require  = User[nagios],
tag  = system,
}

} # ssh-keys

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: err: Could not retrieve configuration: Could not find hostname

[Saurval]

O.K.  I think I have this working.

With no node defined at all, puppetd refused to run on any node.  It
would check in with Puppetmaster, correctly negotiate SSL, but then
not find a node definition it just quit with the error message
mentioned above.   So right now I have a default node defined, which
allows me to run puppetd on just about any client, running the simple
class sudo from  one of he getting started guides:

node default {
include sudo
}

I assume from here I can define particular hosts, etc.  I had defined
particular hosts in the past, and they did not work, but perhaps I had
the syntax wrong or some such.

Frankly was just a little taken aback since most of the basic
tutorials demonstrate running things through puppet without nodes
explicitly defined, but in my case it seems like it was absolutely
required.  Perhaps I have a weird setting somewhere, I do not know.
So far I have not found one, but maybe I will in time.

Thank you to everyone who tried to help.


On Apr 7, 7:17 pm, Denmat tu2bg...@gmail.com wrote:
 I believe you will need with .24 a [puppetd] section (i subsequently looked 
 up the namespace name] in your puppet.conf file. This will tell puppet it 
 should also act as a client.

 Cheers,
 Den

 On 08/04/2011, at 8:22, Saurval saur...@gmail.com wrote:



  At the time of the last run I did not have a nodes.pp included in my
  configuration.  I had added one with a node definition, but it has
  made no difference, I get the same error reported originally

  err: Could not retrieve configuration: Could not find
  jenkins.example.com with names jenkins.example.com, jenkins
  warning: Not using cache on failed configuration

  This is the node definition I added, though it prompted no change.

  node 'jenkins.example.com' inherits basenode {
     info('jenkins.example.com')
  }

  When I run puppetd or puppetmasterd with --genconfig my FQDN comes up
  as the default value for 'certname'.  When I look at the certificate
  my 'CN= my FQDN' comes up as the Issuer and the Subject, so that seems
  to match just fine.

  I do not have a [client] section to my configuration, and I do not see
  one in my --genconfig output either.

  -Saurval

  On Apr 7, 5:38 pm, Denmat tu2bg...@gmail.com wrote:
  Hi,
  First is what name is defined in the node definition.
  Then I would check the puppet.conf for the client settings (l think in .24 
  it is the [client] section).
  After that ... I'd have to keep fiddling at the console.

  Cheers,

  On 08/04/2011, at 1:56, Saurval saur...@gmail.com wrote:

  I am on CentOS 5.4 running
  puppet-0.22.4-1.el5.rf
  puppet-server-0.22.4-1.el5.rf

  I am a little stumped on this one.    I imagine it is something simple
  I am missing.  but basically the puppetmasterd cannot talk to a
  puppetd instance running as a client on the same host.

  The error I am getting is essentially:

  [root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetd -o --
  server=jenkins.example.com --test
  err: Could not retrieve configuration: Could not find
  jenkins.example.com with names jenkins.example.com, jenkins
  warning: Not using cache on failed configuration

  After testing SSL with OpenSSL by hand, the handshake works, and it
  looks like everyone is using the same name in the subject name of the
  certificates.  In fact, it looks like the puppet master is seeing the
  request, accepting SSL, but then still reporting the same error.  Here
  is the debug output showing the response to the client's attempt to
  run seen above.

  root@jenkins ~]# /usr/bin/ruby /usr/sbin/puppetmasterd --manifest=/etc/
  puppet/manifests/site.pp --logdest=/var/log/puppet/puppetmaster.log --
  bindaddress=10.131.125.85 --debug
  debug: puppet: Setting vardir to '/var/lib/puppet'
  debug: puppet: Setting logdir to '/var/log/puppet'
  debug: puppet: Setting rundir to '/var/run/puppet'
  debug: puppet: Setting ssldir to '$vardir/ssl'
  debug: puppetd: Setting classfile to '$vardir/classes.txt'
  debug: puppetd: Setting localconfig to '$vardir/localconfig'
  info: Starting server for Puppet version 0.22.4
  debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/private/ca.pass]:
  Autorequiring File[/var/lib/puppet/ssl/ca/private]
  debug: /puppetconfig/puppet/File[/var/lib/puppet/templates]:
  Autorequiring File[/var/lib/puppet]
  debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
  private_keys]: Autorequiring File[/var/lib/puppet/ssl]
  debug: /puppetconfig/ca/File[/etc/puppet/autosign.conf]: Autorequiring
  File[/etc/puppet]
  debug: /puppetconfig/ca/File[/var/lib/puppet/ssl/ca/ca_pub.pem]:
  Autorequiring File[/var/lib/puppet/ssl/ca]
  debug: /puppetconfig/puppet/File[/var/lib/puppet/state/state.yaml]:
  Autorequiring File[/var/lib/puppet/state]
  debug: /puppetconfig/puppet/File[/var/lib/puppet/state/graphs]:
  Autorequiring File[/var/lib/puppet/state]
  debug: /puppetconfig/certificates/File[/var/lib/puppet/ssl/
  csr_jenkins.example.com.pem]: Autorequiring 

Re: [Puppet Users] Problem with pushing ssh_authorized_keys

[Patrick]

On Apr 11, 2011, at 1:40 PM, Forrie wrote:

ssh_authorized_key { nagios:
ensure   = present,
key  = [snip]== nagios@host,
user = nagios,
type = ssh-dss,
# require  = User[nagios],
tag  = system,
}

I believe I remember hearing this can happen if you include things other than 
the key in the key field.  Try removing nagios@host from the key field and 
see if it's fixed.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Problem with pushing ssh_authorized_keys

[Stefan Schulte]

On Mon, Apr 11, 2011 at 01:40:42PM -0700, Forrie wrote:
 I had to write up a quick *.pp to push out SSH keys for our nagios
 user, while I work on a better solution for managing these.   To my
 surprise, I found multiples (100 or more?) of the same key in the
 authorized_keys file, which is definitely wrong.   I'm including the
 simple code below -- can someone please advise me on what the problem
 is??
 
 The section that handles the virtual user seems to be fine.
 
 Thanks in advance...
 
 
 
 class nagios-ssh-keys {
 
 file { /home/nagios/.ssh:
 require  = User[nagios],
 ensure   = directory,
 owner= nagios,
 group= staff,
 mode = 700,
 }
 
 ssh_authorized_key { nagios:
 ensure   = present,
 key  = [snip]== nagios@host,
 user = nagios,
 type = ssh-dss,
 # require  = User[nagios],
 tag  = system,
 }
 
 } # ssh-keys

Hi,

what you're specifying as a key is acutally a key (AAA...) and a comment
(nagios@host).

As a result puppet will most likely write a corrupt entry to your
authorized_key file (because puppet will append the resource's title
»nagios« as a comment to your key) and it will not recognize the key
when you run puppet the next time (because puppet will parse every line,
extract the comment and try to find a resource with that name).

So puppet will always think that the key is absent and will then add it
to the file.

Solution: Dont specify a comment with the key property (at least dont
use whitespaces because they are field delimiters in the target file)

-Stefan


pgpf1J4oX28rV.pgp
Description: PGP signature

[Puppet Users] Re: Problem with pushing ssh_authorized_keys

[Forrie]

Thanks, this was the problem.  Sounds like a bug to me.. ?

How can I go through my systems and remove all the 10's of redundant
SSH-DSS keys that have the comment in them?  I dread doing that by
hand :-)


Thanks again.


On Apr 11, 5:12 pm, Patrick kc7...@gmail.com wrote:
 On Apr 11, 2011, at 1:40 PM, Forrie wrote:

     ssh_authorized_key { nagios:
         ensure   = present,
         key      = [snip]== nagios@host,
         user     = nagios,
         type     = ssh-dss,
         # require  = User[nagios],
         tag      = system,
     }

 I believe I remember hearing this can happen if you include things other than 
 the key in the key field.  Try removing nagios@host from the key field and 
 see if it's fixed.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ActiveRecord/Puppet error? Missing mysql2 gem.

[Cody Robertson]

Did you manually install the gem? I believe Todd's RPMS are built to work 
with EPEL so you might want to look for the mysql-ruby RPM and see if that 
works.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ActiveRecord/Puppet error? Missing mysql2 gem.

[Josh]

Cody,

Thanks for the help.  Installing the ruby-mysql RPM from EPEL seemed
to fix this issue.

Thanks!

Josh

On Apr 11, 5:32 pm, Cody Robertson c...@hawkhost.com wrote:
 Did you manually install the gem? I believe Todd's RPMS are built to work
 with EPEL so you might want to look for the mysql-ruby RPM and see if that
 works.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Problem with pushing ssh_authorized_keys

[Patrick]

On Apr 11, 2011, at 2:22 PM, Forrie wrote:

 Thanks, this was the problem.  Sounds like a bug to me.. ?
 
 How can I go through my systems and remove all the 10's of redundant
 SSH-DSS keys that have the comment in them?  I dread doing that by
 hand :-)

Well, you can push out an empty file, and then repopulate it.  Is there stuff 
in that file you want to keep?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] ANNOUNCE: Puppet Dashboard 1.1.0rc3

[Matt Robinson]

I'm not sure why this would be without more info to reproduce the
problem.  I couldn't reproduce it anyway.  I'd recommend opening a
ticket that includes at least a sample of the messed up error logs in
addition to the info you provided.

On Mon, Apr 11, 2011 at 7:06 AM, Thomas Bendler
thomas.bend...@gmail.com wrote:
 Hi Matt,

 2011/4/8 Matt Robinson m...@puppetlabs.com

 [...]
 We definitely appreciate any help testing RC's and releases, so I look
 forward to your feedback.
 [...]

 Ok, here it is (CentOS 5.6 system). I've changed:

 su -s /bin/sh -c ${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
 ${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}
 ${DASHBOARD_USER} 

 to:

 su -s /bin/sh -c ${DASHBOARD_RUBY} ${DASHBOARD_HOME}/script/server -e
 ${DASHBOARD_ENVIRONMENT} -p ${DASHBOARD_PORT} -b ${DASHBOARD_IFACE}
/dev/null 21 ${DASHBOARD_USER} 

 in /etc/init.d/puppet-dashboard. Otherwise my console is messed up with
 error logs and I can't log out without loosing puppet-dashboard. /dev/null
 could be replaced by a log file wich should be part of logrotate.

 Regards, Thomas


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Problem with pushing ssh_authorized_keys

[Scott Smith]

Egrep -v 'pubkey' ?
On Apr 11, 2011 2:22 PM, Forrie for...@gmail.com wrote:
 Thanks, this was the problem. Sounds like a bug to me.. ?

 How can I go through my systems and remove all the 10's of redundant
 SSH-DSS keys that have the comment in them? I dread doing that by
 hand :-)


 Thanks again.


 On Apr 11, 5:12 pm, Patrick kc7...@gmail.com wrote:
 On Apr 11, 2011, at 1:40 PM, Forrie wrote:

 ssh_authorized_key { nagios:
 ensure   = present,
 key  = [snip]== nagios@host,
 user = nagios,
 type = ssh-dss,
 # require  = User[nagios],
 tag  = system,
 }

 I believe I remember hearing this can happen if you include things other
than the key in the key field.  Try removing nagios@host from the key
field and see if it's fixed.

 --
 You received this message because you are subscribed to the Google Groups
Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to setup database for Inventory Service

[Luke Baker]

Hey there,

I used the storeconfigs database. Here is a condensed version of the
storeconfigs setup, 
http://linux-collective.blogspot.com/2011/04/puppet-storeconfigs.html.
You shouldn't need to migrate anything, the data will be populated
when the clients check in.


On Apr 11, 10:07 am, Alessandro Franceschi a...@lab42.it wrote:
 Actually that is the good way to do that on a fresh installation I suppose,
 but I wonder, and ask, if there's a way to create the needed schema for the
 Inventory service without destroying the current database.

 My case is that I've a Puppet Master with storeconfigs activated and a lot
 of data already stored.
 I've just updated it from 0.25.x (btw, now it's 2.6 times ... slower :-) and
 want to activate the inventory service and I face Mohamed's same error.
 I'd prefer to avoid to drop everything and wait for convergence.

 While writing I just realized that I can just dump a fresh db on a test
 puppetmaster and import the relevant inventory tables, but, well, if there's
 an official way to do that, or just a rake script or whatever, it would be
 better.

 Hints?

 al

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] any better way to manage access control via /etc/passwd

[hai wu]

We need to manage /etc/passwd where there would be one line at the very end
of the file to restrict access to all users not explictly allowed:

+::/sbin/nologin

If using delete_lines and append_if_no_such_lines (similar to this one at
http://www.debian-administration.org/articles/528) to manage access control,
each time a few new users got appended to /etc/passwd file, the above line
would be deleted and appended, for many times, while it only needs to be
done once.

Any better way to manage this file in terms of access control? Augeas is
buggy and I filed a bug report on this already.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] any better way to manage access control via /etc/passwd

[Rich Rauenzahn]

On Mon, Apr 11, 2011 at 7:30 PM, hai wu haiwu...@gmail.com wrote:
 We need to manage /etc/passwd where there would be one line at the very end
 of the file to restrict access to all users not explictly allowed:

 +::/sbin/nologin

 If using delete_lines and append_if_no_such_lines (similar to this one at
 http://www.debian-administration.org/articles/528) to manage access control,
 each time a few new users got appended to /etc/passwd file, the above line
 would be deleted and appended, for many times, while it only needs to be
 done once.

 Any better way to manage this file in terms of access control? Augeas is
 buggy and I filed a bug report on this already.


I just dealt with this in our puppet config -- I wrote a
nis_modify_passwd script that has a --checkonly flag (for the exec's
onlyif condition), and a --add function.  I used

lckpwdf (3)  - get shadow password file entry
ulckpwdf (3) - get shadow password file entry

to lock the passwd file during the change -- and made sure not to edit
the passwd file in place -- I make a 2nd copy, then mv it into place
to ensure it works when out of diskspace.

BUT.. after doing all of this, I later realized that in the
nsswitch.conf, 'compat' mode for /etc/passwd sets the default for NIS
to not allow anyone unless explicitly added to the /etc/passwd.  So
another way to deal with this is to change your nsswitch.conf to be
'compat' and not 'files nis'.

In other words, 'files nis' more or less does a #include of all NIS
users, so you have to added an explicit global /sbin/nologin to your
passwd file -- but 'compat' allows you to hand pick which NIS users
you want and defaults to nologin.

Unfortunately, useradd doesn't seem to handle +user's...

Rich

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] augtool/augeas -- clearly missing something...

[russell.fulton]

Hi

I've just started trying to use augeas to manage /etc/network/
interfaces on Ubuntu

I found some stuff in the archive that seems to match what I need but
I can't make anything work.

I have
   augeas { network_interface:
  context = /etc/network/interfaces,
  changes = [
  set auto[.= eth1] eth1,
  set iface[.= eth1] eth1,
  set iface[.= eth1]/family inet ,
  set iface[.= eth1]/method manual ,
}

This does not produce any errors but does not do anything either.

I installed augtool on the box and tried:

cp /etc/network/interfaces .
rful011@mon225044:~$ augtool
augtool set file/interfaces/iface[eth1] eth1
augtool set file/interfaces/iface[eth1]/family inet
augtool set file/interfaces/iface[eth1]/method manual
augtool save
augtool ls  file/interfaces/iface[eth1]
augtool quit

again no errors (no feedback at all ?) and no changes to the file.

Clearly I am missing something!

Russell

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] extlookup == bad?

[John Warburton]

OK, I'll bite

In the newly published Style Guide (
http://docs.puppetlabs.com/guides/style_guide.html), right at the end it
says

Modules should avoid the use of extlookup() in favor of ENCs or other
alternatives

But there is no reason as to why.

We have a rule of thumb where we use the ENC to set specific information for
a host, and extlookup for groups of servers (based on class, location, etc
set in the ENC). It works well, and we even received a thumbs up in a recent
Puppet Labs audit of our manifests as we have clear separation of
configuration and data.

So, why should we avoid extlookup()? What should we use instead?

John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] extlookup == bad?

[Dan Bode]

On Mon, Apr 11, 2011 at 9:25 PM, John Warburton jwarbur...@gmail.comwrote:

 OK, I'll bite

 In the newly published Style Guide (
 http://docs.puppetlabs.com/guides/style_guide.html), right at the end it
 says

 Modules should avoid the use of extlookup() in favor of ENCs or other
 alternatives


For clarity, this should read:

in favor of ENCs in combination with parameterized classes

But there is no reason as to why.


that is partly my fault.

the following is my opinion, and may or may not express the opinions of
PuppetLabs, although I can be pretty persuasive :) 

Extlookup provided some necessary pre-2.6.x functionality, namely, a sane
way to get around dynamic scoping.

given the option between parameterized class combined with an ENC vs.
extlookup, I choose parameterized classes+ENC. The reason is readability and
encapsulation.

In order to understand an implementation of Puppet using extlookup, you have
to understand all of your code in its entirety. After all, any code anywhere
in your modulepath could be calling extlookup and accessing data. (I would
be very interested to hear if anyone has a good pattern for this)

With param classes, you can build a layered architecture of classes that
pass data to each other through their explicit interfaces.

This means that in any given layer, you only have to understand the
specified class interfaces and not their internals. It should be clear from
the interface how data effects the behavior of a class.

At the highest level, you can build composite classess that expose which
data can effect the behavior of all of your Puppet code.

class { 'myplatform':
   ntp = 'foo'
   foo_data = 'foo'
   foo_server = ''foo
}

class { 'myapp':
  appvar1 = '1'
  appvar2 = '2'
}

Allowing you to have a single view of how data effects the behavior of your
configuration components.

as an added benefit, using an ENC with param classes maintains the classes
together with all of their passed parameters in $yamldir/node/ for the last
run of each node

I look forward to further debate :)


 We have a rule of thumb where we use the ENC to set specific information
 for a host, and extlookup for groups of servers (based on class, location,
 etc set in the ENC). It works well, and we even received a thumbs up in a
 recent Puppet Labs audit of our manifests as we have clear separation of
 configuration and data.

 So, why should we avoid extlookup()? What should we use instead?

 John

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.