[Puppet Users] Re: Melbourne puppet catch up?
Hi list, Just a reminder that if you want to meet up in Melbourne tomorrow night it will be at the Workshop at around 6pm (I'll probably be there by 5.30). http://www.theworkshop.com.au/ I will try to get a table inside and have a little puppet sign on it :) Cheers, Den On Apr 6, 3:39 pm, Denmat tu2bg...@gmail.com wrote: Hi list, Some weeks ago some asked if there was a Melbourne puppet group. There isn't to my knowledge but I would be happy to organize an irregular catch up in Melbourne where we can talk puppet and other things of interest. I was thinking the Wednesday the 20th of this month would be good - somewhere in the city after work. Thinking 'the Workshop' in Elizabeth street around 6pm. (for those in Melbourne Florida USA you'll never find it - but if you're visiting Oz you're welcome to attend). Open invitation to those that can attend. Those that can't, maybe another time? Cheers, Den On Apr 6, 3:54 pm, Ben Hughes b...@puppetlabs.com wrote: On Wed, Apr 06, 2011 at 03:39:28PM +1000, Denmat wrote: Open invitation to those that can attend. Those that can't, maybe another time? Sounds grand. Is there a Melbourne devops meet up this month too? I hear the last one went pretty well. -- Ben Hughes ||http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do you implement revert changes'
On 04/18/2011 11:22 PM, Mohamed Lrhazi wrote: I forgot to think about a little detail, while introducing Puppet to our environment :) For each change to production systems, one has to submit a script detailing what changes will be made and how to revert them back.. I was wondering if any of you, who implemented something similar, would care to share how they did it. Simply reverting puppet's own config to a previous repository version would not be enough in most cases, as it would not necessarily involve restoring overwritten files on the clients, if those files were not originally generated from puppet itself. I guess Puppet's buckets would be involved in the answer, but my understanding is that they are not documented yet, correct? is such a feature planned for upcoming releases? am currently thinking that our only option would be to write and run scripts to backup the specific files any change would affect, prior to running puppet agent --no-noop, so the revert step would be to run another script to restore the backups, restart services... Filebucket does work for this purpose already. There should be a man page (I know there is one in the Debian packages). Doing this in a scripted fashion may be tricky, though. It will probably involve parsing agent logs. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
On Tue, Apr 19, 2011 at 8:42 AM, Miki Shapiro mikishap...@gmail.com wrote: clunky and could probably be written better. My 2 questions are: 1. Can I somehow get a list of keys from the hash itself (a list that will behave like an array that I can feed into a defined type) instead of manually defining $array for this purpose? fuzzy workaround: $keys = inline_template(%= hash.keys %) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate request does not match existing certificate
On 04/18/2011 11:44 PM, Sylvain wrote: Hello there, I have a problem while I'm trying to puppetize a client, I get this error: err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run 'puppetca --clean puppetclienttest'. Here is how I proceed: -Ask for a certificate /usr/sbin/puppetd --server puppetserver -- verbose --waitforcert 60 --test -Check that I received the certificate request /usr/sbin/puppetca -- list -Generate the certificate /usr/sbin/puppetca --generate puppetclienttest Hi, you're no supposed to do this. After puppetd --waitforcert, you should see the CSR on the master using puppetca -l. Then sign it using puppetca -s client. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On 04/19/2011 03:57 AM, Ian Mortimer wrote: On Mon, 2011-04-18 at 23:22 +1000, jcbollinger wrote: (I am fairly sure that this is why the yum Package provider uses rpm -e instead of yum remove in the first place.) Except that installing or removing packages with rpm is now deprecated: http://illiterat.livejournal.com/7834.html Looking at the provider more closely, it does indeed seem to fall back to rpm for removing packages. However, it does implement a native purge function. So setting 'ensure = purged' may do the right thing. Then of course, if you want puppet to uninstall using yum but *not* purge, you're currently screwed. The OP may want to consider raising a bug about this. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Bake custom function in order to heck for a files existence (on the puppetmaster)
Hi guys,
I just try to cook up some ruby code to check for a files existence on the
puppetmaster. I tried to bake a custom function in order to be able to use
it in connection with an if statement in my manifests.
I've read the page about how to write custom functions ..
http://projects.puppetlabs.com/projects/puppet/wiki/Writing_Your_Own_Functions
.. but ain't got any luck so far :/
Currently my function looks like this:
# cat /var/lib/puppet/lib/puppet/parser/functions/exists.rb;
module Puppet::Parser::Functions
newfunction(:exists, :type = :rvalue) do |args|
filename = args[0]
File::exist?(filename)
end
end
It also seems like it's being recognized by puppet because no errors occurs:
irb(main):003:0 require 'puppet'
= true
irb(main):004:0 require /var/lib/puppet/lib/puppet/parser/functions/
.exists.rb.swp exists.rb
irb(main):004:0 require
'/var/lib/puppet/lib/puppet/parser/functions/exists.rb'
= true
irb(main):005:0 Puppet::Parser::Functions.function(:exists)
= function_exists
The part of my manifest looks like this:
if (exists(/path/to/file)) {
[..my puppet code..]
}
The puppet code somehow won't get evaluated if the clients catalog is
being build. If I remove the if-statement the respective code is being
execute on the respective client. Any ideas? I think that the function
doesn't return anything and that's the major problem!?
Cheers!
JD
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deleted zypper repo not re-created on subsequent puppetd runs
Apologies. It's working now but I'm not sure why.
I created a new repository module init.pp from scratch, walking
through examples again and it's working correctly. Diff between the 2
init.pp files I can't see anything.
Maybe in some small way this may help others with general
troubleshooting.
Michael, thanks again for your assistence, and your efforts towards
this community.
On Apr 19, 9:34 am, scarts stephenandmi...@me.com wrote:
I think this should fill in the blanks.
Because this is a test environment I've stripped down the config to
what I believe to be close to minimum.
PUPPETMASTER:
# puppet --version
2.6.5
/etc/puppet/puppet.conf: cut
# The configuration file for master.
# The default value is '$confdir/puppet.conf'.
config = /etc/puppet/puppet.conf
# The entry-point manifest for puppet master.
# The default value is '$manifestdir/site.pp'.
manifest = /etc/puppet/manifests/site.pp
cut
# The search path for modules as a colon-separated list of
# directories.
# The default value is '$confdir/modules:/usr/share/puppet/
modules'.
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
# Where puppet master looks for its manifests.
# The default value is '$confdir/manifests'.
manifestdir = /etc/puppet/manifests
cut
/etc/puppet/manifests # cat modules.pp
import 'testfile'
import 'repositories'
/etc/puppet/manifests # cat site.pp
import nodes/*
/etc/puppet/manifests/nodes # cat basenode.pp
# Top level node that everything inherits from
#import */*
node basenode {
Package {
provider = $operatingsystem ? {
SLES = zypper,
}
}
}
node serverX inherits basenode {
include repositories
}
/etc/puppet/modules/repositories # ls -R
.:
lib manifests
./lib:
puppet
./lib/puppet:
type
./lib/puppet/type:
zypprepo.rb
./manifests:
init.pp
/etc/puppet/modules/repositories # cat manifests/init.pp
class repositories {
case $operatingsystem {
SLES: {
zypprepo {LSE-SLES11:
descr = LSE YaST repository,
autorefresh = 1,
type = yum,
path = /,
keeppackages = 0,
gpgcheck = 0,
baseurl = nfs://10.0.0.1/data/install/LSE/SLES11/,
enabled = 1,
}
zypprepo {SUSE-Linux-Enterprise-Server-11:
descr = SUSE-Linux-Enterprise-Server-11 11-0,
autorefresh = 1,
type = yast2,
path = /,
keeppackages = 0,
baseurl = nfs://10.0.0.1/data/install/SLES11-x86_64-
GM/,
enabled = 1,
}
zypprepo {SUSE-Linux-Enterprise-Software-Development-
Kit-11_11-0:
descr = SUSE-Linux-Enterprise-Software-Development-
Kit-11 11-0,
autorefresh = 1,
type = yast2,
path = /,
keeppackages = 0,
baseurl = = nfs://10.0.0.1/data/install/SLE-11-SDK-
DVD-x86_64-GM-Media1/,
enabled = 1,
}
}
}
}
PUPPET CLIENT:
serverX:/ # puppetd --version
2.6.5
serverX:/ # ps -ef | grep pupp
root 8855 26185 0 09:21 pts/4 00:00:00 grep pupp
serverX:/ # find / -name zypprepo.rb
/var/lib/puppet/lib/provider/package/zypprepo.rb
serverX:/ # puppetd --server puppet.t-tsr-ops.stockex.com --test --
debug --tags zypprepo
debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderUser_role_add: file roledel does
not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/ssl/private_keys/
serverX.somedomain.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
private_keys]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
Re: [Puppet Users] Re: Deleted zypper repo not re-created on subsequent puppetd runs
Hi,
That seems ok, but I'm still not seeing anything from zypprepo in the
debug output which leads me to think it's being included for some reason.
I just tried removing the repos on SLED and SLES test systems and the
repo files were recreated without any intervention.
I'm wondering about your node definition ...
should
node serverX inherits basenode {
include repositories
}
be
node serverX.somedomain.com inherits basenode {
include repositories
}
I think there is something simple that we're missing, as zypprepo and
yumrepo simply check for the existence of the file. They then set the
values in it appropriately.
Cheers
On 19/04/11 6:34 PM, scarts wrote:
I think this should fill in the blanks.
Because this is a test environment I've stripped down the config to
what I believe to be close to minimum.
PUPPETMASTER:
# puppet --version
2.6.5
/etc/puppet/puppet.conf:cut
# The configuration file for master.
# The default value is '$confdir/puppet.conf'.
config = /etc/puppet/puppet.conf
# The entry-point manifest for puppet master.
# The default value is '$manifestdir/site.pp'.
manifest = /etc/puppet/manifests/site.pp
cut
# The search path for modules as a colon-separated list of
# directories.
# The default value is '$confdir/modules:/usr/share/puppet/
modules'.
modulepath = /etc/puppet/modules:/usr/share/puppet/modules
# Where puppet master looks for its manifests.
# The default value is '$confdir/manifests'.
manifestdir = /etc/puppet/manifests
cut
/etc/puppet/manifests # cat modules.pp
import 'testfile'
import 'repositories'
/etc/puppet/manifests # cat site.pp
import nodes/*
/etc/puppet/manifests/nodes # cat basenode.pp
# Top level node that everything inherits from
#import */*
node basenode {
Package {
provider = $operatingsystem ? {
SLES = zypper,
}
}
}
node serverX inherits basenode {
include repositories
}
/etc/puppet/modules/repositories # ls -R
.:
lib manifests
./lib:
puppet
./lib/puppet:
type
./lib/puppet/type:
zypprepo.rb
./manifests:
init.pp
/etc/puppet/modules/repositories # cat manifests/init.pp
class repositories {
case $operatingsystem {
SLES: {
zypprepo {LSE-SLES11:
descr = LSE YaST repository,
autorefresh = 1,
type= yum,
path= /,
keeppackages= 0,
gpgcheck= 0,
baseurl = nfs://10.0.0.1/data/install/LSE/SLES11/,
enabled = 1,
}
zypprepo {SUSE-Linux-Enterprise-Server-11:
descr = SUSE-Linux-Enterprise-Server-11 11-0,
autorefresh = 1,
type= yast2,
path= /,
keeppackages= 0,
baseurl = nfs://10.0.0.1/data/install/SLES11-x86_64-
GM/,
enabled = 1,
}
zypprepo {SUSE-Linux-Enterprise-Software-Development-
Kit-11_11-0:
descr = SUSE-Linux-Enterprise-Software-Development-
Kit-11 11-0,
autorefresh = 1,
type= yast2,
path= /,
keeppackages= 0,
baseurl = = nfs://10.0.0.1/data/install/SLE-11-SDK-
DVD-x86_64-GM-Media1/,
enabled = 1,
}
}
}
}
PUPPET CLIENT:
serverX:/ # puppetd --version
2.6.5
serverX:/ # ps -ef | grep pupp
root 8855 26185 0 09:21 pts/400:00:00 grep pupp
serverX:/ # find / -name zypprepo.rb
/var/lib/puppet/lib/provider/package/zypprepo.rb
serverX:/ # puppetd --server puppet.t-tsr-ops.stockex.com --test --
debug --tags zypprepo
debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Puppet::Type::User::ProviderLdap: feature ldap is missing
debug: Puppet::Type::User::ProviderUser_role_add: file roledel does
not exist
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/classes.txt]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug:
RE: [Puppet Users] Dependencies between nodes
-Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Michael.Lausch Sent: 17 April 2011 09:56 To: Puppet Users Subject: [Puppet Users] Dependencies between nodes Hi, I'm just getting my feet wet with puppet and I want to solve inter- node dependencies. For example I want to install client-server programs on different nodes and make sure the version installed on the clients are the same as on the server. The concrete example used C# WCF server and client components. I have two tasks to do 1) I will insert/configure the SOAP endpoints in the clients config files using data from the SOAP server recipe (http port, host name(s) of nodes where the server is installed 2) If configuring a client, check if a server with a matching version is installed somewhere I know that puppet may need some work to make it run on windows and therefore i want to check if this scenario can be implemented using puppet, before wasting work on making sure if this can be done You may be able to consider using environments for this - each environment would only have a specific version available to both Clients and servers within that environment. So long as you don't mix environments between nodes you ought to be OK. It might not be smart enough to cope with your scenario though and it's a bit all-or-nothing. -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could not find dependency Package[] for Package
class audio-video {
# In this example we are not being picky about ordering of
installation of libxine1-ffmpeg
$packagelist = [vlc, amarok, libxine1-ffmpeg]
package { $packagelist:
ensure = installed,
}
}
Although it is not operationally important I prefer the style of the
first example (using require = Package) since I believe it enforces
ordering, which in some cases may be very important. Is there
something wrong with the definition in the first example? Does anyone
have any idea why it doesn't work?
That's a very sound way of thinking as far as puppet is concerned, and
as already mentioned in the thread, you should both declare the package
and require it.
However, this is not an example in which you should enforce ordering.
The rule of thumb (for me) is to *only* enforce order if a resource will
not work unless its dependencies are met (e.g., you cannot have puppet
edit a config unless the owning package is already installed etc.).
As far as packages are concerned, those have excellent dependency
support of their own. If amarok doesn't depend on a lib, it doesn't make
much sense to invent such a dependency. At the end of your run, all your
packages *will* be present, so it shouldn't make any difference (edge
cases notwithstanding).
HTH,
Felix
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet apply with ENC and storeconfigs
I'm probably doing something wrong, but please sanity check this. I'm trying to use puppet apply locally on my Puppetmasters. They have storeconfigs configured in the [main] section, as well as the ENC config set up in [main]. When puppet apply is run in this way, I can see storeconfigs being activated and queried, but the ENC script is not called. For reference my config is something like this: [main] node_terminus = exec external_nodes = /root/enc.sh # Storeconfigs storeconfigs = true thin_storeconfigs = true dbadapter = mysql dbuser = puppet dbpassword = password dbserver = 127.0.0.1 dbsocket = /var/lib/mysql/mysql.sock Moving the storeconfigs to the [master] section causes the ENC to be queried, but obviously on puppet apply runs, storeconfigs will not be used. We do have some exported resources in our modules so I think we need storeconfigs to be enabled. Any thoughts on this? Bug? Unforeseen use case? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 18, 2:22 pm, jcbollinger john.bollin...@stjude.org wrote: [ . ] 1) The dependent package is managed by Puppet. In this case, you must ensure it absent too, else you cannot achieve a consistent configuration. You will either get Puppet failures or flip-flops between whether httpd is installed or not. (I am fairly sure that this is why the yum Package provider uses rpm -e instead of yum remove in the first place.) To fix it, you have to ensure the dependent package absent too, and in that case you can address your original problem by twiddling the dependent package's dependencies. For example: If I understand you correctly, how do one know about the packages that depend on a certain package? Even though someone may know about the dependent packages, do you mean to list all the packages with no parameter? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [SOLVED] Bake custom function in order to heck for a files existence (on the puppetmaster)
I was using the wrong path so the function seems to work as expected :)
On 04/19/2011 10:06 AM Jan wrote:
Hi guys,
I just try to cook up some ruby code to check for a files existence on the
puppetmaster. I tried to bake a custom function in order to be able to use
it in connection with an if statement in my manifests.
I've read the page about how to write custom functions ..
http://projects.puppetlabs.com/projects/puppet/wiki/Writing_Your_Own_Functions
.. but ain't got any luck so far :/
Currently my function looks like this:
# cat /var/lib/puppet/lib/puppet/parser/functions/exists.rb;
module Puppet::Parser::Functions
newfunction(:exists, :type = :rvalue) do |args|
filename = args[0]
File::exist?(filename)
end
end
It also seems like it's being recognized by puppet because no errors occurs:
irb(main):003:0 require 'puppet'
= true
irb(main):004:0 require /var/lib/puppet/lib/puppet/parser/functions/
.exists.rb.swp exists.rb
irb(main):004:0 require
'/var/lib/puppet/lib/puppet/parser/functions/exists.rb'
= true
irb(main):005:0 Puppet::Parser::Functions.function(:exists)
= function_exists
The part of my manifest looks like this:
if (exists(/path/to/file)) {
[..my puppet code..]
}
The puppet code somehow won't get evaluated if the clients catalog is
being build. If I remove the if-statement the respective code is being
execute on the respective client. Any ideas? I think that the function
doesn't return anything and that's the major problem!?
Cheers!
JD
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] is there a definition of the abstract service type
Hullo I'm a puppet neophyte and I'm a bit confused about the service type. I've just run up the learning vm and when I try: puppet resource service I don't seem to get any of the services controlled by xinetd, nor even xinetd itself. This doesn't sound right to me as it will cause future issues if services are implemented in different ways on different o/s types. Is there a canonical definition of the service type abstraction, or is the definition just how the implementation behaves? cheers Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Certificate request does not match existing certificate
Am Mon, 18 Apr 2011 14:28:57 -0700 schrieb Sylvain: Hello there, I have a problem while I'm trying to puppetize a client, I get this error: err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run 'puppetca --clean puppetclienttest.sl.ss'. I checked -Shutdown puppet on client/server side, delete ssl/ dir to regenerate certificate. -Be sure that the time is the same on both host. Now I don't know what I can do else. Client version: 0.24.8 Server version: 2.6.6 IMHO client 0.24.x is too old and does not work with puppetmaster 2.6.x? - Thomas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 18, 8:57 pm, Ian Mortimer i.morti...@uq.edu.au wrote: On Mon, 2011-04-18 at 23:22 +1000, jcbollinger wrote: (I am fairly sure that this is why the yum Package provider uses rpm -e instead of yum remove in the first place.) Except that installing or removing packages with rpm is now deprecated: http://illiterat.livejournal.com/7834.html I can't read the article (livejournal is blocked here). The bottom line as far as our discussion goes, however, is that it is *intentional* that the yum Package provider fails to remove packages on which other installed packages depend, and that there is good technical justification for that design choice. I would be surprised if other Package providers were different in that regard. Your Puppet manifests need to account for that, one way or another. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On 04/19/2011 03:18 PM, jcbollinger wrote: On Apr 18, 8:57 pm, Ian Mortimer i.morti...@uq.edu.au wrote: On Mon, 2011-04-18 at 23:22 +1000, jcbollinger wrote: (I am fairly sure that this is why the yum Package provider uses rpm -e instead of yum remove in the first place.) Except that installing or removing packages with rpm is now deprecated: http://illiterat.livejournal.com/7834.html I can't read the article (livejournal is blocked here). The bottom line as far as our discussion goes, however, is that it is *intentional* that the yum Package provider fails to remove packages on which other installed packages depend, and that there is good technical justification for that design choice. I would be surprised if other Package providers were different in that regard. Your Puppet manifests need to account for that, one way or another. I disagree. First off, the apt provider *will* recursively uninstall depending packages. Second, this *is* sound design. If I tell puppet that I don't want package X on my system, I expect it to remove it and do whatever is necessary, except the provider's backend objects. It is your opinion that a package manager should object as soon as a depended package would be removed by an uninstallation. Myself, I don't want to be bothered with such details. I fully expect my package manager do care about all aspects of dependeny resolution, be it during installation or its opposite. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] svn update on puppetmaster via commit hook on another server
Hello there, I'm trying to get SVN working with puppet, but what I need to do is a remote svn update on the puppetmaster server, so that puppet uses the latest configuration. The puppetlabs wiki page uses a simple svn update /etc/puppet in the post-commit hook script, but that implies that the SVN server is on the same machine as the puppetmaster, which is not the case in my environment. The post commit script is being executed by the same user which is running the httpd, in our case a user with minimal right, so no home directory to put other ssh keys in it. Does anyone have a solution to execute the svn update on the puppetmaster server? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 19, 6:08 am, Sans r.santanu@gmail.com wrote:
On Apr 18, 2:22 pm, jcbollinger john.bollin...@stjude.org wrote: [ . ]
1) The dependent package is managed by Puppet. In this case, you must
ensure it absent too, else you cannot achieve a consistent
configuration. You will either get Puppet failures or flip-flops
between whether httpd is installed or not. (I am fairly sure that
this is why the yum Package provider uses rpm -e instead of yum
remove in the first place.) To fix it, you have to ensure the
dependent package absent too, and in that case you can address your
original problem by twiddling the dependent package's dependencies.
For example:
If I understand you correctly, how do one know about the packages that
depend on a certain package?
Well that's part of a deeper problem, isn't it? If you don't know
what packages you might end up removing or why they're installed in
the first place, then are you really comfortable with blindly removing
them? I certainly wouldn't be.
Even though someone may know about the
dependent packages, do you mean to list all the packages with no
parameter? Cheers!!
No, I don't mean that. For a very tightly-controlled configuration,
one might choose to declare all packages that should be installed and
to purge anything else, but that can be hard to maintain, and I
wouldn't recommend it unless you really need it. Most people don't go
that far.
I mean you test your manifests before rolling them out and collect
automated reports from the clients afterward, you troubleshoot
failures, and when you identify a package dependency that causes
removal of another package to fail, you add a
package { unwanted-dependency:
ensure = absent,
before = Package[dependent-package]
}
to the affected nodes' manifests. (Or if the dependency is already
under management then adjust its declaration as needed.)
Also, the frequency of such problems will be reduced if you take
firmer control of your machines' initial provisioning. For example,
your initial install might be the bare minimum needed to get Puppet
running, with everything else needed being installed under Puppet
control. Alternatively, do at least consider a provisioning system
that starts all your systems in the same, known state -- that way you
can solve the dependency issues once for that configuration and cover
the majority of package dependency issues that you will ever need to
handle.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Inventory service and dashboard 1.1.0 rc1
Hi, I'm seeing exactly the same problem. I have 2.6.7 on both the master and client. Any ideas? Prateep On Mar 18, 6:48 pm, Jacob Helwig ja...@puppetlabs.com wrote: On Thu, 17 Mar 2011 21:32:29 -0700, Luke Baker wrote: I just set up the latest dashboard release candidate in hopes of trying out the new inventory service. After modifying the puppet- dashboard config to use the inventory service and after changing my auth.conf I gave it a whirl but ran into some issues.. I initially tried using fact_terminus = yaml and was able to do some queries via curl. I'm currently using storeconfigs so setting up another database for the inventory service was pretty easy, however when I set fact_terminus to 'inventory_active_record' I receive this error when performing a puppet run, Could not find terminus inventory_active_record for indirection facts Should this be set to something else for use with puppet-dashboard? Are you also using a 2.6.7rc1 puppet master? We probably didn't call this out well enough, but the inventory service features in Dashboard require the new version of Puppet on the master. -- Jacob Helwig signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 19, 8:26 am, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:
On 04/19/2011 03:18 PM, jcbollinger wrote:
[...]
The bottom line as far as our discussion goes, however, is that it is
*intentional* that the yum Package provider fails to remove packages
on which other installed packages depend, and that there is good
technical justification for that design choice. I would be surprised
if other Package providers were different in that regard. Your Puppet
manifests need to account for that, one way or another.
I disagree.
First off, the apt provider *will* recursively uninstall depending packages.
That's an unfortunate inconsistency between providers. I am
surprised.
Oddly enough, I found bug 1739, closed on 0.24.x, that makes exactly
the change from rpm -e to yum -y remove. That would make the yum
provider work like the apt provider. I didn't find anything
suggesting that it was reverted, yet the change is not present in the
released code.
Second, this *is* sound design. If I tell puppet that I don't want
package X on my system, I expect it to remove it and do whatever is
necessary, except the provider's backend objects.
I didn't say that behavior such as the apt provider's is unsound or
unjustified, rather I said that the Yum provider's behavior is
intentional (my deduction) and justified. When there is justification
for two incompatible alternatives, a design decision must be made, and
it was made -- inconsistently -- for the Package providers.
It is your opinion that a package manager should object as soon as a
depended package would be removed by an uninstallation.
It is my opinion that it is *reasonable* for a Puppet Package provider
refuse to remove a package on which others depend instead of removing
all dependencies along with it. It is _not_ my opinion that the
alternative would be _un_reasonable. Both approaches have advantages
and disadvantages.
It is less reasonable, however, that providers are inconsistent in
this regard.
Myself, I don't
want to be bothered with such details. I fully expect my package manager
do care about all aspects of dependeny resolution, be it during
installation or its opposite.
That's fair. But consider this:
package { foo:
ensure = absent
}
package { i-depend-on-foo:
ensure = latest
}
The manifest is inherently inconsistent, yet if the Package provider
performs automatic dependency installation and removal then it can be
applied without error. The result depends on which package is managed
first, and at least one of the packages will flip-flop between being
installed and uninstalled. The specified configuration can never be
achieved. If I had that situation in one of my manifests, I would
want an error message.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to create multi-option yum repo file?
On Apr 18, 7:03 pm, Sans r.santanu@gmail.com wrote:
On Apr 18, 6:11 pm, jcbollinger john.bollin...@stjude.org wrote:
[...]
If the file exists before the Puppet run, then Puppet will not split
it up, but when Puppet creates a new repo definition it always goes
into its own file. You could, however, concatenate the resulting
files after the fact, probably via an exec. If having the repos in
multiple files bothers you, the go vote for bug #2062.
Although it's bothering me a to some extent, it's more likely a
question of compatibility. When the RHEL is the OS in question, RHEL
itself delivers the repo in the format, whilst Puppet doesn't support
that yet (as far as I understood in my few days of experience). Thanks
for the info on the bug reporting, I'll look for it.
As I wrote before, If the file exists before the Puppet run, then
Puppet will not split it up. Perhaps I should have been more
specific: in that case, Puppet will work fine with the file containing
multiple repo declarations. It will successfully manage all the
repositories defined in such a file, and it will keep them together in
that file. This has worked since at least 0.24.8.
What Puppet does not like is the same repo being defined in more than
one file, and perhaps that's what you've run into. Yum supposedly
accepts duplicates, so that might contribute to the appearance that
the problem is with Puppet. As far as i can tell, however, Yum's
*treatment* of duplicates is undocumented, so I cannot fault Puppet
for objecting.
I see, descr can't be used more than once in the same yumrepo{}
section. What's the work around? Cheers!!
I didn't know this was a restriction. If it is, then it will apply
whether you declare your Yumrepos in the same or different blocks.
There is no reason why it should need to be unique, so if you indeed
see such behavior then I'd file a ticket.
Looks like I was doing something wrong when I tried that for the first
time. If I do something like this:
[...]
Puppet creates two separate file, which actually does makes sense the
way Puppet works.
I'm glad you've sorted it out.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On Tue, Apr 19, 2011 at 7:46 AM, jcbollinger john.bollin...@stjude.org wrote On Apr 19, 8:26 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 04/19/2011 03:18 PM, jcbollinger wrote: [...] The bottom line as far as our discussion goes, however, is that it is *intentional* that the yum Package provider fails to remove packages on which other installed packages depend, and that there is good technical justification for that design choice. I would be surprised if other Package providers were different in that regard. Your Puppet manifests need to account for that, one way or another. I disagree. First off, the apt provider *will* recursively uninstall depending packages. That's an unfortunate inconsistency between providers. I am surprised. Oddly enough, I found bug 1739, closed on 0.24.x, that makes exactly the change from rpm -e to yum -y remove. That would make the yum provider work like the apt provider. I didn't find anything suggesting that it was reverted, yet the change is not present in the released code. The commit is still present, it's implemented as the purge action for yum provider. Check: git show d5e19f git blame lib/puppet/provider/package/yum.rb Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Crashing, libldap error?
Ok, for what its worth, I think I solved this a while back.. but I ran into it
again the other day, and couldn't remember the fix. I found this thread again
while searching around — so I figure I should update it so that everyone knows
what went wrong.
We are using not only local files, and LDAP for auth.. but we're using
'nsscache' as a backup if the LDAP service is down for any extended period of
time. The problem seems to be that occasionally nsscache writes out its DB
files in a way that upsets ruby's ldap library significantly. Disabling
nsscache, or rebuilding its DB files from scratch seems to solve this problem.
—Matt
On Mar 16, 2011, at 8:46 PM, Daniel Pittman wrote:
On Wed, Mar 16, 2011 at 20:16, Matt Wise w...@wiredgeek.net wrote:
I've got a handful of nodes (3?) out of about 400 that are giving me
grief... puppet will run either manually or in the service mode. However, in
the service mode the puppet process dies after an hour or so. I got an
strace of the failure:
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(8, , 4096) = 0
rt_sigaction(SIGPIPE, {0x1, [], SA_RESTORER, 0x31af00eb10}, {0x31af88c700,
[], SA_RESTORER|SA_RESTART, 0x31af00eb10}, 8) = 0
write(2, ruby: ../../../libraries/libldap..., 98ruby:
../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld !=
((void *)0)' failed.
) = 98
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
write(4, :XMLRPC::WEBrickServlet:0x2afa17..., 495) = 495
tgkill(1267, 1267, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT (core dumped) +++
[root@bastion100 ~]#
I'm running Puppet 2.6.5 on CentOS 5.5 x86_64... any thoughts?
Something is making libldap unhappy, which is being used by Ruby, used
in turn by Puppet. Which triggers the unfortunate error handling
behaviour of abort the entire process now!!! that I just *love* from
libraries I depend on.
So, I would go hunting for details about what causes that particular
assertion to fire in the LDAP library you are using. My guess would
be that there is a bug in there, tickled by some particular data set,
that those hosts hit, and that a newer release would probably fix it.
Other that turning off LDAP in the Puppet code, there isn't likely
much we can do about it.
Daniel
--
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman dan...@puppetlabs.com
✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
♲ Made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster best practice for multiple zones
Hello, sorry if this is a stupid question but I currently have inherited three security zones LAN, DMZ and PROD. I currently have Puppet and Foreman running in the LAN zone on a host called puppet-lan and I am starting to manage the LAN based systems with them. I am bit stuck however for how best I can managed the remaining two zones. Do create another two puppetmasters and configure them to use the existing storeconfigs DB I am currents. Or do I have two additional standalone puppetmasters? If do the later how will I be able to unify my view of the three zones? All answers welcome, including links to docs I may have missed. Regards Jim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster best practice for multiple zones
Hello, sorry if this is a stupid question but I currently have inherited three security zones LAN, DMZ and PROD. I currently have Puppet and Foreman running in the LAN zone on a host called puppet-lan and I am starting to manage the LAN based systems with them. I am bit stuck however for how best I can managed the remaining two zones. Do create another two puppetmasters and configure them to use the existing storeconfigs DB I am currently using. Or do I have two additional standalone puppetmasters? If do the later how will I be able to unify my view of the three zones? All answers welcome, including links to docs I may have missed. Regards Jim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Inventory service and dashboard 1.1.0 rc1
Forget that. I discovered that there were remnants of the old puppet version still installed on my master after upgrade. Working fine now! On Apr 19, 4:27 pm, Prateep prat...@anicca.net wrote: Hi, I'm seeing exactly the same problem. I have 2.6.7 on both the master and client. Any ideas? Prateep On Mar 18, 6:48 pm, Jacob Helwig ja...@puppetlabs.com wrote: On Thu, 17 Mar 2011 21:32:29 -0700, Luke Baker wrote: I just set up the latest dashboard release candidate in hopes of trying out the new inventory service. After modifying the puppet- dashboard config to use the inventory service and after changing my auth.conf I gave it a whirl but ran into some issues.. I initially tried using fact_terminus = yaml and was able to do some queries via curl. I'm currently using storeconfigs so setting up another database for the inventory service was pretty easy, however when I set fact_terminus to 'inventory_active_record' I receive this error when performing a puppet run, Could not find terminus inventory_active_record for indirection facts Should this be set to something else for use with puppet-dashboard? Are you also using a 2.6.7rc1 puppet master? We probably didn't call this out well enough, but the inventory service features in Dashboard require the new version of Puppet on the master. -- Jacob Helwig signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: svn update on puppetmaster via commit hook on another server
I have a similar issue. I simply run a cronjob on the master every 5 minutes to do the svn update. On Apr 19, 3:36 pm, Andreas Paul a.p...@enbw.com wrote: Hello there, I'm trying to get SVN working with puppet, but what I need to do is a remote svn update on the puppetmaster server, so that puppet uses the latest configuration. The puppetlabs wiki page uses a simple svn update /etc/puppet in the post-commit hook script, but that implies that the SVN server is on the same machine as the puppetmaster, which is not the case in my environment. The post commit script is being executed by the same user which is running the httpd, in our case a user with minimal right, so no home directory to put other ssh keys in it. Does anyone have a solution to execute the svn update on the puppetmaster server? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: svn update on puppetmaster via commit hook on another server
- Original Message - I have a similar issue. I simply run a cronjob on the master every 5 minutes to do the svn update. I do this with mcollective. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] editing property files
On Apr 18, 2011, at 6:08 AM, David Kavanagh wrote: I assumed this would be simple. I thought about using augeas, but don't want to pull that in if I don't really need it. Is there a built-in resource that I could use to edit property files that I'm missing? Thanks, David What's a property file? You talking about MacOS plist files? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] editing property files
Property files are pretty common in Java land. They are a key/value store. Formatted as key=value with optional #comment lines. Yes, probably like a .plist file. I've done some iOS programming... seem to remember that, but mostly use XCode which hides the underlying file format pretty well. David On Tue, Apr 19, 2011 at 1:58 PM, Patrick kc7...@gmail.com wrote: On Apr 18, 2011, at 6:08 AM, David Kavanagh wrote: I assumed this would be simple. I thought about using augeas, but don't want to pull that in if I don't really need it. Is there a built-in resource that I could use to edit property files that I'm missing? Thanks, David What's a property file? You talking about MacOS plist files? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Handling unmanaged resources and their files/configs
We have resources that, from time to time, are selected to be removed (unmanaged). When it comes to ssh keys, fstab... this leaves a lot of stuff behind that we don't want. Is there a simple way to remove the unmanaged data so we can keep the systems clean. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do you implement revert changes'
Thanks Felix But how is Filebucket currently used? Is there a puppet agent --restore functionality that I missed? On Tue, Apr 19, 2011 at 3:20 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 04/18/2011 11:22 PM, Mohamed Lrhazi wrote: I forgot to think about a little detail, while introducing Puppet to our environment :) For each change to production systems, one has to submit a script detailing what changes will be made and how to revert them back.. I was wondering if any of you, who implemented something similar, would care to share how they did it. Simply reverting puppet's own config to a previous repository version would not be enough in most cases, as it would not necessarily involve restoring overwritten files on the clients, if those files were not originally generated from puppet itself. I guess Puppet's buckets would be involved in the answer, but my understanding is that they are not documented yet, correct? is such a feature planned for upcoming releases? am currently thinking that our only option would be to write and run scripts to backup the specific files any change would affect, prior to running puppet agent --no-noop, so the revert step would be to run another script to restore the backups, restart services... Filebucket does work for this purpose already. There should be a man page (I know there is one in the Debian packages). Doing this in a scripted fashion may be tricky, though. It will probably involve parsing agent logs. HTH, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: RFC: Refactoring the mount provider.
+1 here for this. Having said that, I think mingling the setting in there with the two basic types would be essential to keep this simple. All the heavy lifting should go on automatically in the background. A sysadmin should only have to change the mount to rw or ro and have Puppet do the right thing. As difficult as that may be to implement :-) On Mar 22, 4:19 pm, Thomas Bellman bell...@nsc.liu.se wrote: Nigel Kersten wrote: TL;DR Themountprovider has used a mish-mash of checkingfstaband actualmountstate to determine state. A possible solution we're looking at is splitting into two types, one that manages /etc/fstab (or /etc/filesystem on other OSes), and one that manages actualmount state. [Details elided] Two separate types is the obviously correct way. Just like we have two separate types for specifying whether a service should be started at boot and for whether it should be running right now. And just like we have nine separate types for specifying file type, owner, group, mode, content and SElinux parameters. ... Hey wait, we don't! We only have one service type and one file type, with multiple properties. Maybe there is some good reason for having it like that. Perhaps like not requiring users to repeat the same things (service name; file path;mount-point and device) for things that very, very often go together. So, no, I think splitting themounttype into two types would be a bad choice. Splitting the 'ensure' parameter of themounttype into two, on the other hand, I think is a very good idea. The nice way to transition would be to have two entirely new parameters, let's provisionally call them 'mount_state' and 'fstab_state', and in 2.7 have the 'ensure' parameter translated into those two new parameters with a warning about that syntax being deprecated, and then in 2.8 remove the 'ensure' parameter entirely. (I actually dislike the names I propose above; they are just examples for the sake of discussing the principle.) /Bellman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] is it possible to take definition parameters from a database?
hello everybody,
I really wonder that can we use a database for our definition calls.
assume that we have a definition which is used for adding virtual
hosts to apache configuration file like below:
apache:addvhost {abc: param1=value1, param2=value2}
There may be thousands of lines like above. so is it possible to store
val1, val2 values in a database and do our job only calling a line
like this:
for every $p1 and $p2 in valueTable in mypuppetDB:
apache:addvhost {abc: param1=$p1, param2=$p2}
Above code is pseudo.
thanks in advance.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] does puppet allow to a client specify a value in a configuration file?
hi everybody, In the server side we define a template for a configuration file. Our client pulls configuration file from the server without knowing any template is used or not, it just takes the catalog and puts the changes to the file. However, if a client wants to add an extra value to its configuration file that does not exist in the template, does puppet allow that? In other words, puppet forces a configuration file to a bunch of nodes but a node in this bunch wants to add an extra value by itself, it wont take that value from the server. thanks so much -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What to do if something is not required on the clients?
On Apr 19, 2:48 pm, jcbollinger john.bollin...@stjude.org wrote: If I understand you correctly, how do one know about the packages that depend on a certain package? Well that's part of a deeper problem, isn't it? If you don't know what packages you might end up removing or why they're installed in the first place, then are you really comfortable with blindly removing them? I certainly wouldn't be. I don't think that's the way you do it. You don't install packages at random or without having known why you installing that package for - do you? And if you know the packages you installing, you already know the dependences and the related packages. At least that's the case here. In this example, if I know that I definitely don't want httpd to be installed on the system at the first place, then why should I care about all the packages (maybe installed by default) that need httpd - isn't it? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Script to find potential puppet clients
Has anybody written a script that will scan the network to find systems not running puppet and ultimately send an email with the findings? I was thinking I can do this by just scanning for port 8141 or is it 8139? This would assume listen=true is setup on all the existing clients though. I could then filter out any of the candidates by ensuring the ssh port is open (this might tell me its a unix system). Anybody interested in such a script run via a cron job? Corey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing port on FreeBSD
One last somewhat unrelated question, but one that might help someone
with a similar setup:
How do I ensure that nss_ldap is installed only after 'sudo', as
otherwise, installing nss_ldap from ports would trigger the openldap
and sudo packages, which I don't want.
require = Package['port-sudo'] wouldn't work, and I don't see an
'onlyif' or similar parameter under package
===
class kerberosauth {
include kerberosauth::$operatingsystem
}
class kerberosauth::common {
...
$nss_ldap = nss_ldap
package { $nss_ldap:
ensure = installed
}
...
}
class kerberosauth::freebsd inherits kerberosauth::common {
exec { port-sudo:
cwd = /usr/ports/security/sudo,
environment = BATCH=yes,
command = make install,
path= /bin/:/usr/bin/:/usr/local/bin/:/
sbin/:/usr/sbin/:/usr/local/sbin/,
logoutput = 'on_failure',
require = File['options-sudo']
}
}
=
--
Darek
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing port on FreeBSD
One last somewhat unrelated question, but one that might help someone
with a similar setup:
How do I ensure that nss_ldap is installed only after 'sudo', as
otherwise, installing nss_ldap from ports would trigger the openldap
and sudo packages, which I don't want.
require = Package['port-sudo'] wouldn't work, and I don't see an
'onlyif' or similar parameter under package
===
class kerberosauth {
include kerberosauth::$operatingsystem
}
class kerberosauth::common {
...
$nss_ldap = nss_ldap
package { $nss_ldap:
ensure = installed
}
...
}
class kerberosauth::freebsd inherits kerberosauth::common {
exec { port-sudo:
cwd = /usr/ports/security/sudo,
environment = BATCH=yes,
command = make install,
path= /bin/:/usr/bin/:/usr/local/bin/:/
sbin/:/usr/sbin/:/usr/local/sbin/,
logoutput = 'on_failure',
require = File['options-sudo']
}
}
=
--
Darek
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing port on FreeBSD
One last somewhat unrelated question, but one that might help someone
with a similar setup:
How do I ensure that nss_ldap is installed only after 'sudo', as
otherwise, installing nss_ldap from ports would trigger the openldap
and sudo packages, which I don't want.
require = Package['port-sudo'] wouldn't work, and I don't see an
'onlyif' or similar parameter under package
===
class kerberosauth {
include kerberosauth::$operatingsystem
}
class kerberosauth::common {
...
$nss_ldap = nss_ldap
package { $nss_ldap:
ensure = installed
}
...
}
class kerberosauth::freebsd inherits kerberosauth::common {
exec { port-sudo:
cwd = /usr/ports/security/sudo,
environment = BATCH=yes,
command = make install,
path= /bin/:/usr/bin/:/usr/local/bin/:/
sbin/:/usr/sbin/:/usr/local/sbin/,
logoutput = 'on_failure',
require = File['options-sudo']
}
}
=
--
Darek
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing port on FreeBSD
One last somewhat unrelated question, but one that might help someone
with a similar setup:
How do I ensure that nss_ldap is installed only after 'sudo', as
otherwise, installing nss_ldap from ports would trigger the openldap
and sudo packages, which I don't want.
require = Package['port-sudo'] wouldn't work, and I don't see an
'onlyif' or similar parameter under package
===
class kerberosauth {
include kerberosauth::$operatingsystem
}
class kerberosauth::common {
...
$nss_ldap = nss_ldap
package { $nss_ldap:
ensure = installed
}
...
}
class kerberosauth::freebsd inherits kerberosauth::common {
exec { port-sudo:
cwd = /usr/ports/security/sudo,
environment = BATCH=yes,
command = make install,
path= /bin/:/usr/bin/:/usr/local/bin/:/
sbin/:/usr/sbin/:/usr/local/sbin/,
logoutput = 'on_failure',
require = File['options-sudo']
}
}
===
--
Darek
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] does puppet allow to a client specify a value in a configuration file?
Hi, Well depending on what you're trying to do exactly there are some ways to get around it. But this comes back to the essence of puppet, it is not just a deployment tool but it is used to describe and assert the configuration state you want on your node. A file that is volatile to wanted change on the node maybe better handled at the package level so you deploy a known state then the node makes changes after that. In this case you can still describe the file in the manifest but not the contents of the file (just that it's present and has these perm values and so on). Other options really depend on the files in question, like they might allow local include files that can have the volatile changes. Cheers, Den On 20/04/2011, at 7:34, rowan holmes rwn.h...@gmail.com wrote: hi everybody, In the server side we define a template for a configuration file. Our client pulls configuration file from the server without knowing any template is used or not, it just takes the catalog and puts the changes to the file. However, if a client wants to add an extra value to its configuration file that does not exist in the template, does puppet allow that? In other words, puppet forces a configuration file to a bunch of nodes but a node in this bunch wants to add an extra value by itself, it wont take that value from the server. thanks so much -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet environment can't be used in extlookup (precedence)
Anyone able to explain why $fqdn works and $environment doesn't in:
$extlookup_precedence=[%{fqdn},%{environment},common]
How to reproduce it:
-
- In /etc/puppet/manifests/site.pp :
$extlookup_datadir = /etc/puppet/manifests/extdata
$extlookup_precedence=[%{fqdn},%{environment},common]
- In /etc/puppet/manifests/extdata/common.csv
extdata1,CommonData1
extdata2,CommonData2
- In /etc/puppet/manifests/extdata/production.csv
extdata1,ProdEnvData
- In /etc/puppet/manifests/extdata/myhostname.domain.local.csv
extdata2,HostData
- In a manifest, test it with:
$extdata1 = extlookup(extdata1)
$extdata2 = extlookup(extdata2)
file{/tmp/test.txt :
ensure = file,
content = FQDN = ${fqdn} , ENV = ${environment}, extdata1 =
${extdata1) , extdata2 = ${extdata2) ,
}
- At the end, test.txt will contain :
FQDN = myhostname.domain.local , ENV = production, extdata1 = CommonData1 ,
extdata2 = HostData
- But I guess the expected result should be:
FQDN = myhostname.domain.local , ENV = production, extdata1 = ProdEnvData,
extdata2 = HostData
What am I missing here ?
Cheers,
Marcello
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Script to find potential puppet clients
How about scan the network and collect IPs that are UP... then check puppets facts db for missing IPs ? On Tue, Apr 19, 2011 at 5:44 PM, Corey Osman co...@logicminds.biz wrote: Has anybody written a script that will scan the network to find systems not running puppet and ultimately send an email with the findings? I was thinking I can do this by just scanning for port 8141 or is it 8139? This would assume listen=true is setup on all the existing clients though. I could then filter out any of the candidates by ensuring the ssh port is open (this might tell me its a unix system). Anybody interested in such a script run via a cron job? Corey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Script to find potential puppet clients
On Tue, Apr 19, 2011 at 5:44 PM, Corey Osman co...@logicminds.biz wrote: Has anybody written a script that will scan the network to find systems not running puppet and ultimately send an email with the findings? I was thinking I can do this by just scanning for port 8141 or is it 8139? This would assume listen=true is setup on all the existing clients though. I could then filter out any of the candidates by ensuring the ssh port is open (this might tell me its a unix system). Anybody interested in such a script run via a cron job? Corey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Hi Corey, I have a few scripts that do this (and provision the hosts with the missing parts if needed) .. though all servers which are built now include puppet and friends via KS/cobbler. I've also noted that many organizations don't have _usable_ and/or current inventory management (not to mention dns records with PTR _current_) in place (which I tackle first to make all else manageable). I'd like to see your whack at it though. -- Cheers, Steven --- Steven Acres UNIX/Linux System Administrator -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Inventory service and dashboard 1.1.0 rc1
On Tue, Apr 19, 2011 at 12:32 PM, Prateep prat...@anicca.net wrote: Forget that. I discovered that there were remnants of the old puppet version still installed on my master after upgrade. Working fine now! On Apr 19, 4:27 pm, Prateep prat...@anicca.net wrote: Hi, I'm seeing exactly the same problem. I have 2.6.7 on both the master and client. Any ideas? Prateep On Mar 18, 6:48 pm, Jacob Helwig ja...@puppetlabs.com wrote: On Thu, 17 Mar 2011 21:32:29 -0700, Luke Baker wrote: I just set up the latest dashboard release candidate in hopes of trying out the new inventory service. After modifying the puppet- dashboard config to use the inventory service and after changing my auth.conf I gave it a whirl but ran into some issues.. I initially tried using fact_terminus = yaml and was able to do some queries via curl. I'm currently using storeconfigs so setting up another database for the inventory service was pretty easy, however when I set fact_terminus to 'inventory_active_record' I receive this error when performing a puppet run, Could not find terminus inventory_active_record for indirection facts Should this be set to something else for use with puppet-dashboard? Are you also using a 2.6.7rc1 puppet master? We probably didn't call this out well enough, but the inventory service features in Dashboard require the new version of Puppet on the master. -- Jacob Helwig signature.asc 1KViewDownload -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Hi, Prateep, you mentioned ...I discovered that there were remnants of the old puppet version still installed on my master after upgrade... . That's something I'd rather not experience. Would you please expand on that with regards to install/upgrade method? Thanks. -- Cheers, Steven --- Steven Acres UNIX/Linux System Administrator -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] randomize minute
Hello
I.m trying to get a 'static random' base on a node's ip address and
use that number as the minute for a crontab
so each node will get a number between and 59
The things is the number is generated by the puppet master and so all
node get the same value...
my current code :
random_minute = generate('/usr/bin/env', 'bash', '-c', 'host `uname
-n` | head -1 | awk \'{ print $4 }\' | awk -F . \'{ printf(%d\n,
($1+$2+$3+$4)%60); }\'')
So Im a lost what do i need to do so 'generate' used the node's IP and
not puppetmaster...
Thanks!
-ls
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] randomize minute
Luc Suryo said:
Hello
I.m trying to get a 'static random' base on a node's ip address and
use that number as the minute for a crontab
so each node will get a number between and 59
The things is the number is generated by the puppet master and so all
node get the same value...
my current code :
random_minute = generate('/usr/bin/env', 'bash', '-c', 'host `uname
-n` | head -1 | awk \'{ print $4 }\' | awk -F . \'{ printf(%d\n,
($1+$2+$3+$4)%60); }\'')
So Im a lost what do i need to do so 'generate' used the node's IP and
not puppetmaster...
Did you perhaps want the fqdn_rand() function?
This gives a static random number based on the node's fqdn (not IP
like you asked for, but hopefully usable anyway).
I use it like this:
$minute1 = fqdn_rand(15)
$minute2 = 15+$minute1
$minute3 = 30+$minute1
$minute4 = 45+$minute1
cron { run puppet:
command = $puppetrun,
user= root,
minute = [ $minute1, $minute2, $minute3, $minute4 ],
require = File[$sysadmindir],
}
(from
https://gitorious.org/qtqa/sysadmin/blobs/master/puppet/modules/puppet/manifests/unix.pp
)
Only think I can't remember is if it returns an integer from 0 .. 14 or 0 .. 15
:)
--
Rohan McGovern
Quality Engineer
Qt Development Frameworks, Nokia
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] is there a definition of the abstract service type
On Tue, Apr 19, 2011 at 04:24:18AM -0700, Tim Coote wrote:
Is there a canonical definition of the service type abstraction, or is
the definition just how the implementation behaves?
What happens when you do:
$ puppet resource service xinetd
That should hopefully give you the output for that.
Resource isn't, say, a system profiling tool. It's more an interface to
resources you have. And while some will give you all the information you
may want ('user' for example), not all of them can.
--
Ben Hughes || http://www.puppetlabs.com/
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Handling unmanaged resources and their files/configs
On Tue, Apr 19, 2011 at 11:38:35AM -0700, Forrie wrote: Is there a simple way to remove the unmanaged data so we can keep the systems clean. Setting the resource to ensure = absent will remove them. Or are you after something more? -- Ben Hughes || http://www.puppetlabs.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
I must be doing something wrong...
As suggested by Ohad:
Manifest says:
$keys = inline_template(%= netifcfg.keys %)
exec { /bin/echo keys are $keys and netifcfg is $netifcfg: logoutput = true }
Output says:
notice: /Stage[main]/Base::Network-common/Exec[/bin/echo keys are bond0bond1
and netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1]/returns:
is notrun, should be 0 (noop)
(DOES work with 2 element tho)
As suggested by Felix:
Manifest says:
$keys = split(,, inline_template(%= netifcfg.keys.join(',')
%))
exec { /bin/echo keys are $keys and netifcfg is $netifcfg:
logoutput = true }
Output says:
notice: /Stage[main]/Base::Network-common/Exec[/bin/echo keys are , and
netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1]/returns:
keys are , and netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] randomize minute
I end up doing this:
http://projects.puppetlabs.com/projects/1/wiki/Writing_Your_Own_Functions
and works well, I was hoping not to have to write a function, but then realized
I need to get node's facter ipaddress, add the 4 of the octet and a % 60
and we are set :-)
but thanks for the tip, added to my bookmark :)
On Tue, Apr 19, 2011 at 6:06 PM, Rohan McGovern
rohan.mcgov...@nokia.com wrote:
Luc Suryo said:
Hello
I.m trying to get a 'static random' base on a node's ip address and
use that number as the minute for a crontab
so each node will get a number between and 59
The things is the number is generated by the puppet master and so all
node get the same value...
my current code :
random_minute = generate('/usr/bin/env', 'bash', '-c', 'host `uname
-n` | head -1 | awk \'{ print $4 }\' | awk -F . \'{ printf(%d\n,
($1+$2+$3+$4)%60); }\'')
So Im a lost what do i need to do so 'generate' used the node's IP and
not puppetmaster...
Did you perhaps want the fqdn_rand() function?
This gives a static random number based on the node's fqdn (not IP
like you asked for, but hopefully usable anyway).
I use it like this:
$minute1 = fqdn_rand(15)
$minute2 = 15+$minute1
$minute3 = 30+$minute1
$minute4 = 45+$minute1
cron { run puppet:
command = $puppetrun,
user = root,
minute = [ $minute1, $minute2, $minute3, $minute4 ],
require = File[$sysadmindir],
}
(from
https://gitorious.org/qtqa/sysadmin/blobs/master/puppet/modules/puppet/manifests/unix.pp
)
Only think I can't remember is if it returns an integer from 0 .. 14 or 0 ..
15 :)
--
Rohan McGovern
Quality Engineer
Qt Development Frameworks, Nokia
--
-ls
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
I must be doing something wrong...
As suggested by Ohad:
Manifest says:
$keys = inline_template(%= netifcfg.keys %)
exec { /bin/echo keys are $keys and netifcfg is $netifcfg: logoutput = true }
Output says:
notice: /Stage[main]/Base::Network-common/Exec[/bin/echo keys are bond0bond1
and netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1]/returns:
is notrun, should be 0 (noop)
(DOES work with 1 element tho)
As suggested by Felix:
Manifest says:
$keys = split(,, inline_template(%= netifcfg.keys.join(',')
%))
exec { /bin/echo keys are $keys and netifcfg is $netifcfg:
logoutput = true }
Output says:
notice: /Stage[main]/Base::Network-common/Exec[/bin/echo keys are , and
netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1]/returns:
keys are , and netifcfg is
bond0ipaddress10.15.69.177netmask255.255.254.0defaultgatewayyesgateway10.15.68.1bond1ipadderss1.2.3.4netmask255.255.254.0gateway1.2.3.1
(Split doesn't seem to work).
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On Wed, 2011-04-20 at 07:37 +1000, Sans wrote: if I know that I definitely don't want httpd to be installed on the system at the first place, then why should I care about all the packages (maybe installed by default) that need httpd - What happens if an update of a required package introduces a new dependency on httpd. yum update will install httpd to satisfy the dependency but then you have a conflict in your puppet manifest between ensuring httpd is absent while ensuring the dependent package is latest. (Admittedly I haven't seen this with httpd but something similar with mysql-server on Fedora). -- Ian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Refactoring the mount provider.
On 23 March 2011 10:21, Nigel Kersten ni...@puppetlabs.com wrote: On Tue, Mar 22, 2011 at 4:05 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: So splitting the mounttype can lead to better reports when puppet sync mountpoint and entry in fstab seperatly. Because I'm lazy I'll propably write a define (maybe I will call it mount) that will create two resources for the two new types. If we did decide to make this change, we would probably try to get such a define/wrapped type that preserved existing semantics into core as well, so people could choose to use it. Creating a define to wrap the two resources is essentially option 3 then, isn't it? +1 option 3 John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What to do if something is not required on the clients?
On Tue, Apr 19, 2011 at 9:31 PM, Ian Mortimer i.morti...@uq.edu.au wrote: On Wed, 2011-04-20 at 07:37 +1000, Sans wrote: if I know that I definitely don't want httpd to be installed on the system at the first place, then why should I care about all the packages (maybe installed by default) that need httpd - What happens if an update of a required package introduces a new dependency on httpd. yum update will install httpd to satisfy the dependency but then you have a conflict in your puppet manifest between ensuring httpd is absent while ensuring the dependent package is latest. (Admittedly I haven't seen this with httpd but something similar with mysql-server on Fedora). -- Ian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This is an excellent example of 'right tool for the job'. The native package manager should be used to manage packages. Puppet is the tool we are using to manage/configure that package manager in an automated fashion keeping in mind that it's not usurping the package manager's function. Yum is a frontend to rpm (man, I don't miss rpm dependency hell of days gone by) and puppet is basically an extra team member (or team even) IMHO. -- Cheers, Steven --- Steven Acres UNIX/Linux System Administrator -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
On Tue, Apr 19, 2011 at 6:28 PM, Miki Shapiro mikishap...@gmail.com wrote:
$keys = split(,, inline_template(%= netifcfg.keys.join(',') %))
Honestly, I'd put this together as a Puppet function at this point, as
that's just resulting in something rather unmaintainable.
http://docs.puppetlabs.com/guides/custom_functions.html
I'll have a quick stab at it in a second.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
On Tue, Apr 19, 2011 at 8:08 PM, Nigel Kersten ni...@puppetlabs.com wrote:
On Tue, Apr 19, 2011 at 6:28 PM, Miki Shapiro mikishap...@gmail.com wrote:
$keys = split(,, inline_template(%= netifcfg.keys.join(',') %))
Honestly, I'd put this together as a Puppet function at this point, as
that's just resulting in something rather unmaintainable.
http://docs.puppetlabs.com/guides/custom_functions.html
I'll have a quick stab at it in a second.
module Puppet::Parser::Functions
newfunction(:hash_keys, :type = :rvalue) do |args|
unless args[0].is_a?(Hash)
Puppet.warning hash_keys takes one argument, the input hash
nil
else
args[0].keys
end
end
end
save to lib/puppet/parser/functions/ in a module.
--
Nigel Kersten
Product, Puppet Labs
@nigelkersten
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
Thanks guys
I ended up breaking up what FelixOhad suggested into two lines to make it
work:
$keycsv= inline_template(%= netifcfg.keys.join(',') %)
$keys = split ($keycsv,',')
Yep, it's a 'hack' (sorry, Ohad, workaround ;)), but it saves me having to
add puppet functions into SVN...
(which is quite involved in my case because we support a big site with
versioned modules and a custom module-versioning mechanism that at present
does not cover custom functions (a long, painful topic in its own right) so
I need to contain this code in the module using it - making this workaround
perfect.
Should we perhaps nudge the above function into mainstream puppet? Being
able to list the keys in a hash is quite a crucial capability to have.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetmaster best practice for multiple zones
Am 19.04.2011 18:13, schrieb James Bailey: I am bit stuck however for how best I can managed the remaining two zones. Do create another two puppetmasters and configure them to use the existing storeconfigs DB I am currently using. Or do I have two additional standalone puppetmasters? If do the later how will I be able to unify my view of the three zones? I'd prefer one puppetmaster for everything. If the puppetmaster needs to reachable from everywhere, it belongs into the production zone. Regards Christian -- Dipl.-Inf. Christian Kauhaus · k...@gocept.com · systems administration gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 11 · fax +49 345 1229889 1 Zope and Plone consulting and development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: is it possible to take definition parameters from a database?
for every $p1 and $p2 in valueTable in mypuppetDB:
apache:addvhost {abc$p1$p2: param1=$p1, param2=$p2}
I corrected the title as abc$p1$p2
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Listing the keys in a hash as an array
On Wed, Apr 20, 2011 at 7:46 AM, Miki Shapiro mikishap...@gmail.com wrote:
Thanks guys
I ended up breaking up what FelixOhad suggested into two lines to make it
work:
$keycsv= inline_template(%= netifcfg.keys.join(',') %)
$keys = split ($keycsv,',')
Yep, it's a 'hack' (sorry, Ohad, workaround ;)), but it saves me having to
add puppet functions into SVN...
(which is quite involved in my case because we support a big site with
versioned modules and a custom module-versioning mechanism that at present
does not cover custom functions (a long, painful topic in its own right) so
I need to contain this code in the module using it - making this workaround
perfect.
when having this issue, one can use a plain template not to clutter the
manifest, not sure if it apply 100% in this case, but for most things a
template == function... for example
$var = template (x.erb)
x.erb--
%=
netifcfg.keys.collect |key|
key.reverse!
key.upcase!
key += woot
File.open(/tmp/#{key}
end
%
Ohad
Should we perhaps nudge the above function into mainstream puppet? Being
able to list the keys in a hash is quite a crucial capability to have.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
