[Puppet Users] Custom data embedded in Puppet SSL Certs...
I'm working out some security issues here and wanted to throw something out there... I'll be digging in tonight to see whether something like this is possible, so I'd appreciate feedback quickly if anyone happens to know if this is possible. Imagine a scenario where our individual hosts actually tell the puppet server which 'config' they want. This is our environment, and its not changeable. (The short explanation — its done this way because we provision nodes in several clouds where hostnames are not known until after a host has booted). For now, our nodes actually check in and say "I want XYZ class". I'd like to have our nodes able to do this ONCE ... only when they generate their CSR. After that, I'd like their 'base_class' to be embedded in the CSR (And subsequently the CERT), so that a client cannot later change its mind about what kind of host it is. Essentially I'm thinking the process would be something like this: Client: -) fill in 'base_class' somewhere (puppet.conf?) -) run puppet... host generates private key, and csr, and submits it to the puppet ca master Server: -) process signs CSR and provides Cert back to host (this is automated in our case, but not with autosign.conf) Client: -) begin actual puppet run.. request real configuration Server: -) read 'base_class' from certificate, and fill in $base_class with that data .. Thoughts? Any ideas on a good way to work this out? (my alternative method is going to involve a back-end Amazon SimpleDB script that dumps a nodes base_class into the database the first time ti runs, and then forever-after pulls from SimpleDB to fill in the base_class variable. I dont like this though, as its slow and it adds another service dependency.) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Crashing, libldap error?
Just following up on this a bit more. One additional thing I needed to do as well was install ruby-ldap. It wasnt installed by default, and caused all kinds of random failures that were hard to troubleshoot. Once installed, all the warning messages went away and the failures stopped. On Apr 19, 2011, at 8:14 AM, Matt Wise wrote: > Ok, for what its worth, I think I solved this a while back.. but I ran into > it again the other day, and couldn't remember the fix. I found this thread > again while searching around — so I figure I should update it so that > everyone knows what went wrong. > > We are using not only local files, and LDAP for auth.. but we're using > 'nsscache' as a backup if the LDAP service is down for any extended period of > time. The problem seems to be that occasionally nsscache writes out its DB > files in a way that upsets ruby's ldap library significantly. Disabling > nsscache, or rebuilding its DB files from scratch seems to solve this > problem. > > —Matt > > On Mar 16, 2011, at 8:46 PM, Daniel Pittman wrote: > >> On Wed, Mar 16, 2011 at 20:16, Matt Wise wrote: >> >>> I've got a handful of nodes (3?) out of about 400 that are giving me >>> grief... puppet will run either manually or in the service mode. However, >>> in the service mode the puppet process dies after an hour or so. I got an >>> strace of the failure: >>> >>> rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 >>> rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 >>> read(8, "", 4096) = 0 >>> rt_sigaction(SIGPIPE, {0x1, [], SA_RESTORER, 0x31af00eb10}, {0x31af88c700, >>> [], SA_RESTORER|SA_RESTART, 0x31af00eb10}, 8) = 0 >>> write(2, "ruby: ../../../libraries/libldap"..., 98ruby: >>> ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != >>> ((void *)0)' failed. >>> ) = 98 >>> rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 >>> write(4, ":XMLRPC::WEBrickServlet:0x2afa17"..., 495) = 495 >>> tgkill(1267, 1267, SIGABRT) = 0 >>> --- SIGABRT (Aborted) @ 0 (0) --- >>> +++ killed by SIGABRT (core dumped) +++ >>> [root@bastion100 ~]# >>> >>> I'm running Puppet 2.6.5 on CentOS 5.5 x86_64... any thoughts? >> >> Something is making libldap unhappy, which is being used by Ruby, used >> in turn by Puppet. Which triggers the unfortunate error handling >> behaviour of "abort the entire process now!!!" that I just *love* from >> libraries I depend on. >> >> So, I would go hunting for details about what causes that particular >> assertion to fire in the LDAP library you are using. My guess would >> be that there is a bug in there, tickled by some particular data set, >> that those hosts hit, and that a newer release would probably fix it. >> >> Other that turning off LDAP in the Puppet code, there isn't likely >> much we can do about it. >> >> Daniel >> -- >> ⎋ Puppet Labs Developer – http://puppetlabs.com >> ✉ Daniel Pittman >> ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 >> ♲ Made with 100 percent post-consumer electrons > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deploy puppet via NFS?
Sorry ignore my last statement... I did not use REE on Solaris, but used OpenCSW which packages all the software to go under /opt/csw, including ruby and puppet, and makes it straightforward to share the whole /opt/csw readonly over NFS I still think REE with facter and puppet in one directory should be work fine too. Thanks, Mohamed, On Mon, Apr 25, 2011 at 9:39 PM, Mohamed Lrhazi wrote: > and I was assuming puppet/facter/any other gems, would be installed as > gems using REE. > thats how I did it on Solaris and it works fine. > > > On Mon, Apr 25, 2011 at 9:36 PM, Mohamed Lrhazi wrote: >> there should be dependencies for REE.. is all goes under >> /opt/ruby-enterprise. >> >> >> >> On Mon, Apr 25, 2011 at 5:13 PM, Forrie wrote: >>> How do you handle the *.rpm prerequisites of puppet itself. If one >>> installs (deploys) puppet on an NFS mount, presumably you would also >>> include enterprise-ruby (or standard) with those dependencies there. >>> Enterprise Ruby seems to have rolled their own rpms, prefixed with >>> "pe-". >>> >>> I suppose you'll find out what dependencies are missing if you try >>> running it on another host via the NFS mount :-) >>> >>> >>> >>> On Apr 13, 6:46 pm, Mohamed Lrhazi wrote: If I were to do this on Linux, I would use Enterprise Ruby, install it into /opt/companyname/ruby-enterprise, then install puppet as a gem with that ruby. Thanks, Mohamed. >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to >>> puppet-users+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/puppet-users?hl=en. >>> >>> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deploy puppet via NFS?
and I was assuming puppet/facter/any other gems, would be installed as gems using REE. thats how I did it on Solaris and it works fine. On Mon, Apr 25, 2011 at 9:36 PM, Mohamed Lrhazi wrote: > there should be dependencies for REE.. is all goes under /opt/ruby-enterprise. > > > > On Mon, Apr 25, 2011 at 5:13 PM, Forrie wrote: >> How do you handle the *.rpm prerequisites of puppet itself. If one >> installs (deploys) puppet on an NFS mount, presumably you would also >> include enterprise-ruby (or standard) with those dependencies there. >> Enterprise Ruby seems to have rolled their own rpms, prefixed with >> "pe-". >> >> I suppose you'll find out what dependencies are missing if you try >> running it on another host via the NFS mount :-) >> >> >> >> On Apr 13, 6:46 pm, Mohamed Lrhazi wrote: >>> If I were to do this on Linux, I would use Enterprise Ruby, install it >>> into /opt/companyname/ruby-enterprise, then install puppet as a gem >>> with that ruby. >>> >>> Thanks, >>> Mohamed. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deploy puppet via NFS?
there should be dependencies for REE.. is all goes under /opt/ruby-enterprise. On Mon, Apr 25, 2011 at 5:13 PM, Forrie wrote: > How do you handle the *.rpm prerequisites of puppet itself. If one > installs (deploys) puppet on an NFS mount, presumably you would also > include enterprise-ruby (or standard) with those dependencies there. > Enterprise Ruby seems to have rolled their own rpms, prefixed with > "pe-". > > I suppose you'll find out what dependencies are missing if you try > running it on another host via the NFS mount :-) > > > > On Apr 13, 6:46 pm, Mohamed Lrhazi wrote: >> If I were to do this on Linux, I would use Enterprise Ruby, install it >> into /opt/companyname/ruby-enterprise, then install puppet as a gem >> with that ruby. >> >> Thanks, >> Mohamed. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deploy puppet via NFS?
How do you handle the *.rpm prerequisites of puppet itself. If one installs (deploys) puppet on an NFS mount, presumably you would also include enterprise-ruby (or standard) with those dependencies there. Enterprise Ruby seems to have rolled their own rpms, prefixed with "pe-". I suppose you'll find out what dependencies are missing if you try running it on another host via the NFS mount :-) On Apr 13, 6:46 pm, Mohamed Lrhazi wrote: > If I were to do this on Linux, I would use Enterprise Ruby, install it > into /opt/companyname/ruby-enterprise, then install puppet as a gem > with that ruby. > > Thanks, > Mohamed. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Is it possible to get puppetdoc to include custom function listings?
I haven't found the magic flag combination yet... Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] "resources" type: only for purge?
On Mon, Apr 25, 2011 at 12:52 PM, Randall Hansen wrote: > Good people ~ > > Is the "resources" type primarily useful for purging? Is it also > commonly used for metaparameters? The documentation[1] says this, but > I haven't used it much myself, and I don't know what common use is. Yep, it's used when you fully manage a resource and wish to purge any unknown/unmanaged resource of that type. The limitation is you must be able to inspect the resource (verify if you can run puppet resource [type]), and it doesn't quite work for package resource (since it doesn't detect multiple kernel packages). Also friendly reminder to use noop if you are trying it out. resources { 'host': purge => true, } Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] "resources" type: only for purge?
Good people ~ Is the "resources" type primarily useful for purging? Is it also commonly used for metaparameters? The documentation[1] says this, but I haven't used it much myself, and I don't know what common use is. Thanks! r 1. http://docs.puppetlabs.com/references/stable/type.html#resources (Search for "metatype" to see it; the "resources" anchor is bugged.) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet configuration on Ubuntu
Silly me. I failed to notice that the puppetmaster server was not starting properly. I must have edited the /etc/puppet/fileserver.conf improperly and that caused the init script to fail. I think the ball is rolling now. Thank you so much. BTW @Patrick. Thanks for the help. And @Nan I'd love to use the latest version, but am unable to per my work. Thanks all. On Apr 25, 11:07 am, Mark wrote: > Hello, > > I'm just starting out with Puppet. I currently have a puppetmaster > running on Ubuntu 10.04 so it is using puppet 0.25.x. I've been > running into issues with modules. I want to create some custom modules > to do random configurations, but it doesn't seem to be working for me. > I've been working from this > documentationhttp://docs.puppetlabs.com/guides/modules.html > > Here is the issue I'm having. Under configuration it mentions > [puppetmasterd] But I don't seem to have that with my default Ubuntu > config. I have an auth.conf and a fileserver.conf. The auth.conf > indicates that it mimics puppetmasterd. So can I just set my module > path just like the the instructions linked or is there a different > syntax with this file? I'm just trying to understand where I'm going > wrong. My classes specified and linked via the manifests folder are > working fine, but it seems as though my class referenced from the > module I created aren't. > > Any help is welcomed. Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Inheritance/Performance
On Mon, Apr 25, 2011 at 8:07 AM, wrote: > Newb question. The style guide contains this: > > Inheritance may be used within a module, but must not be used across > module namespaces. Cross-module dependencies should be satisfied in a > more portable way that doesn’t violate the concept of modularity, such > as with include statements or relationship declarations. > > That's self-explanatory and makes perfect sense. Is there also a > performance cost to inheriting across namespaces? I presume you mean inheriting a different class in another module. This would only affect catalog compilation, and not the enforcement of the catalog and it's not really measurable in a quick test. You can check the catalog compile time for comparison. This data should exist both in summarize option or syslog/store (yaml) report: $ puppet agent -t --summarize --noop ... Time: Config retrieval: 3.11 $ grep retrieval 201104090212.yaml !ruby/sym config_retrieval: 3.10552787780762 - - config_retrieval - Config retrieval Please post additional info if you notice a significant difference. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Suggestions for using tags and variable for an Array
On Mon, Apr 25, 2011 at 10:05 AM, linuxbsdfreak wrote: > Hi All, > > > I am writing some puppet manifests to manage some deployments. I have > created a define which takes some parameters and i am providing the > input with variables in the site.pp file. I am managing 3 different > environments like testing, staging and production and have tagged the > servers as tst_env, stg_env and prd_env for doing some customization. > However i have some common stuff to do in tst_env and stg_env > evironments, but i have to create 3 different if conditions, something > like this > > if tagged(tst_env) > { > do somethng... > } > > if tagged(stg_env) > { > do somethng... > } > > if tagged(prd_env) > { > do somethng... > } > > I would like to combine the tst_env and stg_env by using somethng like > a OR condition. Howerver the following below doesnt work. > > if tagged(tst_env|stg_env) > > Any ideas how do i apply the same code to 2 environments without > creating an additional if statement. tagged doesn't support regular expression, it appears to support an array but it's requiring all tags in the array to exist. You should be able to do this instead: if tagged('test_env') or tagged('stg_env') > - I have 2nd query with arrays and variables > > I am invoking a define by providing an array with some software > packages to be installed. > > Eg: > > definename::install{ > [ ''package1'', > ''package2'', > ''package3'' > ]: > othervariabes ... > } > > Within the define i am using the $name to parse the array and do the > stuff. > > Is there a possibility that i can assign that array to a variable > before the define and use it later. It works with normal variables, > However the following below doesnt work: > > Eg: > > $pkglist = [ ''package1'', > ''package2'', > ''package3'' > ]: > > define name::install{ > $pkglist > othervariabes ... > } Try using the fully qualified namespace to access the variable (something like path to staging directory), so class a::param { $pkglist = ... } define ... { notice($a::param::pkglist) } or pass it as a parameter if it changes per resource declaration. > - Can i also use if conditions while invoking defines? Yes, the only thing that confuses new user, is you can't use if & case statements in a resource declaration. type { 'title': # can't have if or case statement within resource. # only selector attribute => $var ? { ... } } if ... { # declare resources. type { "title": ... } } Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet configuration on Ubuntu
On Mon, Apr 25, 2011 at 8:07 AM, Mark wrote: > Hello, > > I'm just starting out with Puppet. I currently have a puppetmaster > running on Ubuntu 10.04 so it is using puppet 0.25.x. I've been > running into issues with modules. I want to create some custom modules > to do random configurations, but it doesn't seem to be working for me. > I've been working from this documentation > http://docs.puppetlabs.com/guides/modules.html You can install natty's puppet/puppet-common package and use puppet 2.6.4 on Ubuntu 10.04. > Here is the issue I'm having. Under configuration it mentions > [puppetmasterd] But I don't seem to have that with my default Ubuntu > config. I have an auth.conf and a fileserver.conf. The auth.conf > indicates that it mimics puppetmasterd. So can I just set my module > path just like the the instructions linked or is there a different > syntax with this file? I'm just trying to understand where I'm going > wrong. My classes specified and linked via the manifests folder are > working fine, but it seems as though my class referenced from the > module I created aren't. The setting can be obtained via: puppet --configprint modulepath The following command will provide all the configuration info: puppet --configprint all You can replace the service resource in Patrick's example with a notify to see it in action without changing your system. HTH, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Suggestions for using tags and variable for an Array
Hi All, I am writing some puppet manifests to manage some deployments. I have created a define which takes some parameters and i am providing the input with variables in the site.pp file.I am managing 3 different environments like testing, staging and production and have tagged the servers as tst_env, stg_env and prd_env for doing some customization. However i have some common stuff to do in tst_env and stg_env evironments, but i have to create 3 different if conditions, something like this if tagged(tst_env) { do somethng... } if tagged(stg_env) { do somethng... } if tagged(prd_env) { do somethng... } I would like to combine the tst_env and stg_env by using somethng like a OR condition. Howerver the following below doesnt work. if tagged(tst_env|stg_env) Any ideas how do i apply the same code to 2 environments without creating an additional if statement. - I have 2nd query with arrays and variables I am invoking a define by providing an array with some software packages to be installed. Eg: definename::install{ [ ''package1'', ''package2'', ''package3'' ]: othervariabes ... } Within the define i am using the $name to parse the array and do the stuff. Is there a possibility that i can assign that array to a variable before the define and use it later. It works with normal variables, However the following below doesnt work: Eg: $pkglist = [ ''package1'', ''package2'', ''package3'' ]: definename::install{ $pkglist othervariabes ... } - Can i also use if conditions while invoking defines? Any inputs appreciated. Regards, Kevin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet configuration on Ubuntu
On Apr 25, 2011, at 8:07 AM, Mark wrote: > Hello, > > I'm just starting out with Puppet. I currently have a puppetmaster > running on Ubuntu 10.04 so it is using puppet 0.25.x. I've been > running into issues with modules. I want to create some custom modules > to do random configurations, but it doesn't seem to be working for me. > I've been working from this documentation > http://docs.puppetlabs.com/guides/modules.html > > Here is the issue I'm having. Under configuration it mentions > [puppetmasterd] But I don't seem to have that with my default Ubuntu > config. I have an auth.conf and a fileserver.conf. The auth.conf > indicates that it mimics puppetmasterd. So can I just set my module > path just like the the instructions linked or is there a different > syntax with this file? I'm just trying to understand where I'm going > wrong. My classes specified and linked via the manifests folder are > working fine, but it seems as though my class referenced from the > module I created aren't. > > Any help is welcomed. Thanks Try putting this module in /etc/puppet/modules/ntp/manifests/init.pp class ntp { service { "ntp": ensure => running, enable => true, } } Then put "include ntp" in /etc/puppet/manifests/site.pp Warning: This will start ntp and make it autostart. If that's a problem, don't run this. Does that work? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet configuration on Ubuntu
Hello, I'm just starting out with Puppet. I currently have a puppetmaster running on Ubuntu 10.04 so it is using puppet 0.25.x. I've been running into issues with modules. I want to create some custom modules to do random configurations, but it doesn't seem to be working for me. I've been working from this documentation http://docs.puppetlabs.com/guides/modules.html Here is the issue I'm having. Under configuration it mentions [puppetmasterd] But I don't seem to have that with my default Ubuntu config. I have an auth.conf and a fileserver.conf. The auth.conf indicates that it mimics puppetmasterd. So can I just set my module path just like the the instructions linked or is there a different syntax with this file? I'm just trying to understand where I'm going wrong. My classes specified and linked via the manifests folder are working fine, but it seems as though my class referenced from the module I created aren't. Any help is welcomed. Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Inheritance/Performance
Newb question. The style guide contains this: Inheritance may be used within a module, but must not be used across module namespaces. Cross-module dependencies should be satisfied in a more portable way that doesn’t violate the concept of modularity, such as with include statements or relationship declarations. That's self-explanatory and makes perfect sense. Is there also a performance cost to inheriting across namespaces? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How do you implement "revert changes'
Since most of the puppet activity is done on the root filesystem one cool way to do it would be to use root ZFS on solaris or LVM on linux and take a snapshot of that root filesystem before puppet run - then rollback if needed. On Apr 25, 5:59 am, Mohamed Lrhazi wrote: > Thinking about the "change" and the "reverted to change" as two > different machine states, that both need to be coded in Puppet, is > definitely right answer, I am starting to understand. No way puppet > could figure out what how to get to the previous state. > > In my case I think all our initial changes, as we add more and more to > puppet, will have a puppet-less 'revert" procedure: > > - Change via puppet. > - Revert (the old way)t: > for host in hosts: > ssh to host > run command1 > run command2 > > Thanks, > Mohamed. > > On Mon, Apr 25, 2011 at 1:56 AM, pzi wrote: > > File content is just a small part of what puppet classes generally do. > > Average module if coded properly will include number of operations > > like starting/configuring services, cron jobs, editing files, > > installing packages, etc. and I think the only way to satisfy that > > average change control 'revert' is to code the reverse operation while > > you code the change. > > I would compare it to rc init scripts what have 'start' and 'stop' > > operations. It is all a matter of coding standards and defensive > > design. > > -Peter > > > On Apr 24, 5:12 am, James Turnbull wrote: > >> Mohamed Lrhazi wrote: > >> > For each change to production systems, one has to submit a script > >> > detailing what changes will be made and how to revert them back.. I > >> > was wondering if any of you, who implemented something similar, would > >> > care to share how they did it. > > >> There is no such thing as rollback. :) > > >> I wrote roll in and roll out manifests and tested both. The roll in > >> manifest made the required packages. The roll out manifest reversed > >> those changes. > > >> > Simply reverting puppet's own config to a previous repository version > >> > would not be enough in most cases, as it would not necessarily involve > >> > restoring overwritten files on the clients, if those files were not > >> > originally generated from puppet itself. > > >> Files can be backed up remote file buckets. > > >> > I guess Puppet's buckets would be involved in the answer, but my > >> > understanding is that they are not documented yet, correct? is such a > >> > feature planned for upcoming releases? > > >> It is documented. > > >>http://docs.puppetlabs.com/references/2.6.7/type.html#filebucket > > >> The feature already exists. > > >> Regards > > >> James > > >> -- > >> James Turnbull > >> Puppet Labs > >> 1-503-734-8571 > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Handling unmanaged resources and their files/configs
On Apr 21, 4:06 pm, Forrie wrote: > Fair enough :-) In my case, we have NFS mounts that rotate out -- > and I dread having to manually prune the many systems we use. Puppet > will handle /etc/fstab, but I want to remove the mountpoint as well. As Nigel implied, what you're asking is self-contradictory. If you want Puppet to clean up a resource, then that constitutes Puppet managing it. Even using the Resources type to purge otherwise unmanaged resources (which makes me nervous, too) puts resources under Puppet management in a logical sense. As I sometimes tell folks, "unmanaged" does not mean absent, it means "I don't care." If you *do* care, then manage the resource. That seems almost a slam dunk for a resource that starts out managed. Instead of taking it out of management, manage it into the state you want (such as absent). John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Meet me in London tomorrow (Tuesday) night
Hi all, I'm in London for a couple of days, and if you're interested, please come meet me tomorrow night (Tuesday the 26th, I think - a bit jet lagged and brain addled, but that seems correct). Here are the details: Royal Festival Hall Belvedere Road London SE1 8XX There is an outdoor area, and if the weather is nice enough we'll be there from 18:30 onwards. Otherwise we'll be indoors. I (hope) to be there from 18:00 onwards if anyone wants to come along early. Nearest tubes are Embankment (over the bridge) or Waterloo. Cheers, Luke -- The difference between scientists and engineers is that when engineers screw up, people die.-- Professor Orthlieb - Luke Kanies -|- http://puppetlabs.com -|- http://about.me/lak -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How do you implement "revert changes'
Thinking about the "change" and the "reverted to change" as two different machine states, that both need to be coded in Puppet, is definitely right answer, I am starting to understand. No way puppet could figure out what how to get to the previous state. In my case I think all our initial changes, as we add more and more to puppet, will have a puppet-less 'revert" procedure: - Change via puppet. - Revert (the old way)t: for host in hosts: ssh to host run command1 run command2 Thanks, Mohamed. On Mon, Apr 25, 2011 at 1:56 AM, pzi wrote: > File content is just a small part of what puppet classes generally do. > Average module if coded properly will include number of operations > like starting/configuring services, cron jobs, editing files, > installing packages, etc. and I think the only way to satisfy that > average change control 'revert' is to code the reverse operation while > you code the change. > I would compare it to rc init scripts what have 'start' and 'stop' > operations. It is all a matter of coding standards and defensive > design. > -Peter > > On Apr 24, 5:12 am, James Turnbull wrote: >> Mohamed Lrhazi wrote: >> > For each change to production systems, one has to submit a script >> > detailing what changes will be made and how to revert them back.. I >> > was wondering if any of you, who implemented something similar, would >> > care to share how they did it. >> >> There is no such thing as rollback. :) >> >> I wrote roll in and roll out manifests and tested both. The roll in >> manifest made the required packages. The roll out manifest reversed >> those changes. >> >> >> >> > Simply reverting puppet's own config to a previous repository version >> > would not be enough in most cases, as it would not necessarily involve >> > restoring overwritten files on the clients, if those files were not >> > originally generated from puppet itself. >> >> Files can be backed up remote file buckets. >> >> >> >> > I guess Puppet's buckets would be involved in the answer, but my >> > understanding is that they are not documented yet, correct? is such a >> > feature planned for upcoming releases? >> >> It is documented. >> >> http://docs.puppetlabs.com/references/2.6.7/type.html#filebucket >> >> The feature already exists. >> >> Regards >> >> James >> >> -- >> James Turnbull >> Puppet Labs >> 1-503-734-8571 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.