Re: [Puppet Users] The quantum effect when loading classes
Hi, You should include the version number with your questions so we can narrow down answers :) First thing I would do is grep through manifest and look for any calls to the classes in your module. Also the syntax looks a bit odd to me. No doubt works but it is not the way puppet recommends. I would put the class inside your init.pp (like you said you've done now). You can put some notifies in your module and see if you can get more debugging info. Apart from that I have nothing else to offer I'm afraid. Cheers, Den On 20/05/2011, at 13:45, John Warburton jwarbur...@gmail.com wrote: Can anyone comment / expand upon http://www.nico.schottelius.org/blog/puppet-sometimes-loads-a-class/ I am experiencing a case which may be related. We have an ENC, and recently on our twice daily noop runs from cron, puppet has reported some servers aren't in sync because they do not have a certain module/class (dns_server) even though they are not subscribed to the dns_server module in the ENC I can't reproduce it from the command line (yay), so am stumped debugging the issue, however, our dns_server module is not standard, and is probably causing the screw up % cat modules/dns_server/manifests/init.pp import *.pp include dns_server % ls -l modules/dns_server/manifests total 56 -rw-r--r-- 1 warbjoh unxadmin 22296 Mar 15 18:38 dns_server.pp -rw-r--r-- 1 warbjoh unxadmin 489 Mar 15 18:38 init.pp I have modified the module by renaming dns_server.pp to init.pp and hence removing the import *.pp I am now waiting to see if that has fixed the issue, but if it has (I suspect it will), why and how does this happen? Thanks John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Not able to execute shell script
Hi, What is the exit code of the script when you run manually? Does it exit with 1? Cheers, Den On 20/05/2011, at 13:58, Sumith Sudhakaran sumit...@gmail.com wrote: Hi, After configuring puppet ( 2.6.8 ) in RHEL 5 update 6, I am able to execute commands individually but I am not able execute the shell script, its giving error only. Somebody please help me how can I execute a shell script in rhel5 update6 using puppetserver. hereunder I am mentioning the manifests format, which i have followed exec { start: command = /usr/bin/start.sh, logoutput = true, } Error I am getting:- err: /Stage[main]//Exec[start]/ returns: change from notrun to 0 failed: /usr/bin/start returned 1 instead of one of [0] at /etc/puppet/manifests/site.pp:7 I am able to execute this script directly. -- Regards Sumith -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] autosign by hostname not working?
On Thu, 19 May 2011 09:10:22 -0700 Patrick Patrick wrote: Hi, Sorry. I ready your whole email backwords. I can only blame being tired. no problem! Did you clean using puppetca --clean hostname on the server, by using rm on the client, or both? clean on the server. Are you using Passenger? Mongrel That was the source of the issue I had to restart http/puppetmaster for new autosign to take effect. Now it works fine. I can block/unblock hosts with autosign. Thanks! Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] autosign by hostname not working?
On Thu, 19 May 2011 23:46:32 + Nan Liu wrote: thanks Nan, with your help and Patrick's I've understood the problem and solved. Many thanks for you reply! Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] changing the default key length and hash
Hi Micah, In short, I'm in agreement with you. With the CA which is defaulted to 5 years (not at all surprising) there's no doubt that soon (maybe 2.7 is a good time?) that 2048 key size should be used for at least the CA key, if not default for client key generation as well. Secondly, yes, I don't know why MD5 would be the hashing algorithm of choice in this case either. As I recall last year, most major root CAs went to 2048 last year to not anger the NIST recommendation. -Mark On May 19, 2011, at 11:07 PM, Micah Anderson wrote: Hi all, I would like to start a discussion about changing the default key length From 1024 bits to 2048, and am interested to know if this might cause any issues for people. puppet.conf(5) says that the keylength parameter defaults to 1024 bits for new RSA keys. There are many reasons why 1024bits is just not good enough now days: . many free software crypto tools are defaulting to 2048-bit keys now (e.g. OpenSSH, GnuPG) . NIST has recommended avoiding reliance on 1024-bit keys after the end of 2010 you can compare other comparable standards at http://keylength.com/ Considering that generated certificates are expected to be around for at least the lifetime of the server itself, setting a reasonable bit-length key from the beginning is pretty important, especially if the server might be expected to be around for some years from now… Not only is the default keylength for the CA 1024 bits, the default hash is MD5. The german BSI1 produces a yearly document[0] that defines which algorithms should be save for usage over the next five years. This document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key sizes 1976 bits for RSA keys right now. Now that we are well beyond the NIST recommendation, this seems to be a bug, and I filed it as such[1]. However, I'm throwing this out there to see if this might be an issue for anyone, such as on older distributions. discuss! micah 0. http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf 0. https://projects.puppetlabs.com/issues/6663 -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Not able to execute shell script
On May 19, 10:58 pm, Sumith Sudhakaran sumit...@gmail.com wrote: Hi, After configuring puppet ( 2.6.8 ) in RHEL 5 update 6, I am able to execute commands individually but I am not able execute the shell script, its giving error only. Somebody please help me how can I execute a shell script in rhel5 update6 using puppetserver. hereunder I am mentioning the manifests format, which i have followed *exec { start: command = /usr/bin/start.sh, logoutput = true, }* Error I am getting:- err: /Stage[main]//Exec[start]/ returns: change from notrun to 0 failed: /usr/bin/start returned 1 instead of one of [0] at /etc/puppet/manifests/site.pp:7 *I am able to execute this script directly. * And Puppet was able to execute it too (but see also below); that's how it found that the exit status was 1. Puppet expects scripts to follow the Unix convention of exiting with status 0 when they are successful. Any other exit status indicates a failure of some kind. When a command executed by a Puppet Exec exits with an error status, the Exec fails. I observe also, however, that the error message you report does not appear to exactly match your Exec resource: the error message claims to have run /usr/bin/start, whereas the exec gives the command as /usr/ bin/start.sh. These are not equivalent, so I'm not sure what's going on here. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Intermittent errors for resource dependencies
On May 20, 4:07 am, tobyriddell toby.ridd...@gmail.com wrote: I realise that the config. for the new host I'm working on doesn't include the 'nss' class so that would explain why the error appears in the first place (thanks for helping me track that down). But I still don't have a grasp on why it's intermittent... When the catlog is compiled successfully, does it actually contain the Service['nslcd'] resource? And in that case, does it indeed *not* contain File['/etc/nslcd.conf']? I would be very surprised if both were so, and that would definitely constitute a bug. My guess, however, is that one or more of the following is true: 1) Your node's facts are inconsistent from run to run; this would be surprising for Facter's built-in facts, but it might arise from custom facts you have added. 2) Your manifests use one of the few Puppet features that are evaluation-order dependent. The result could be either that sometimes your nss class gets included when you thought it would not be, or that somtimes the class declaring Service['nslcd'] is not included when you thought it would be. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: custom function from .24.6 not working in 2.6 (from squeeze)
On May 19, 5:10 pm, Bill Anderson ucnt...@gmail.com wrote: I'm in the process of upgrading an existing installation from .24.x to 2.6. We seem to have a custom function that is throwing the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: private method `gsub' called for #Array:0x7fdcebf3bbf8 at /etc/puppet/manifests/classes/apache-php.pp:72 Here is the function: # Checks if a file exists on the puppet maser Puppet::Parser::Functions::newfunction(:bbcom_file_exists, :type = :rvalue, :doc = Checks if the given file exists on the puppet master.) do |vals| ret = false vals.each do |file| # First convert our $puppet urls to local filesystems urls # We do this to allow the caller to use the same urls array # in other parts of the recipe. file = file.gsub(puppet:///appconf/, /etc/cdir/config/) # Now do the same for internal server files file = file.gsub(puppet:///files/, /etc/puppet/files/) unless file =~ /^#{File::SEPARATOR}/ raise Puppet::ParseError, Files must be fully qualified end if File.exists?(file) ret = true break end end ret end The function is used as a conditional: given a list of files puppet may be managing, if any of them exist on the server, then do this other thing (so far it usually means manage this other file too). Personally I'd love to be able to remove it as it seems clunky to me; but failing that if someone can point out why it is failing in 2.6 and how to fix it I would greatly appreciate it. I'm not much of a Ruby guy so while I understand _what_ the error is telling me, fixing it is a different story. It looks like at least one function argument is being received as an array instead of as a string. It may be that 0.24.x was flattening that array into a series of individual arguments, whereas 2.6.x does not. If that's the case, then you may be able to fix the problem by changing vals.each do |file| to vals.flatten.each do |file| Alternatively, you may be able to approach the problem on the manifest side by passing multiple arguments instead of an array. I agree that the function and the usage you describe is suspect. It is dicey whenever a manifest is conditional on anything other than (ultimately) nodes' facts. I don't see a good reason why the manifest should not *know* whether any particular file is (supposed to be) managed for a particular node. Moreover, it's not safe to assume that the presence of a file on the master implies that a corresponding file is being / supposed to be managed for any particular node. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Including a class multiple times, with different variables
Hi, I'm defining a class whose responsibility is to setup an application folder, virtual host, init script and so forth for a rails application. The class is defined as follows: class rails($name, $environment) ## Include General Software require nginx require mysql ## Setup application directories File { [/home/$app, /home/$app/app, /home/$app/app/log, /home/ $app/app/tmp]: ensure = directory owner = root group = dev mode = 4755 } ## etc } Now, on our production servers, we have one application running, so we do: node production.domain.com { class { rails: name = application1, env = production } } This works fine, and sets up all the requirements for the application. However, our staging server runs multiple applications, so I want to do the following: node staging.domain.com { class { rails: name = application1, env = production } class { rails: name = application2, env = production } class { rails: name = application3, env = production } } Obviously this complains about duplicate definitions of the rails class, but the variables are different. How can I work around this? Or what is a better way to implement what I'm trying to do? without having to duplicate everything -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Not able to execute shell script
On Thursday, May 19, 2011 at 11:58 PM, Sumith Sudhakaran wrote: Hi, After configuring puppet ( 2.6.8 ) in RHEL 5 update 6, I am able to execute commands individually but I am not able execute the shell script, its giving error only. Somebody please help me how can I execute a shell script in rhel5 update6 using puppetserver. hereunder I am mentioning the manifests format, which i have followed exec { start: command = /usr/bin/start.sh, logoutput = true, } Error I am getting:- err: /Stage[main]//Exec[start]/ returns: change from notrun to 0 failed: /usr/bin/start returned 1 instead of one of [0] at /etc/puppet/manifests/site.pp:7 I am able to execute this script directly. -- Regards Sumith Can you provide the content of start.sh? Failing that, when you run the script directly, does it exit with code 0? To test, run '/usr/bin/start.sh; echo $?' -- Peter M. Bukowinski Systems Engineer Janelia Farm Research Campus, HHMI -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The quantum effect when loading classes
On Thu, May 19, 2011 at 8:45 PM, John Warburton jwarbur...@gmail.comwrote: Can anyone comment / expand upon http://www.nico.schottelius.org/blog/puppet-sometimes-loads-a-class/ I am experiencing a case which may be related. We have an ENC, and recently on our twice daily noop runs from cron, puppet has reported some servers aren't in sync because they do not have a certain module/class (dns_server) even though they are not subscribed to the dns_server module in the ENC I can't reproduce it from the command line (yay), so am stumped debugging the issue, however, our dns_server module is not standard, and is probably causing the screw up % cat modules/dns_server/manifests/init.pp import *.pp include dns_server You should avoid import in favor of include like this: # modules/dns_server/manifests/init.pp class dns_server { # actual contents of your dns_server class. } and then your ENC or site.pp just does include dns_server. % ls -l modules/dns_server/manifests total 56 -rw-r--r-- 1 warbjoh unxadmin 22296 Mar 15 18:38 dns_server.pp -rw-r--r-- 1 warbjoh unxadmin 489 Mar 15 18:38 init.pp I have modified the module by renaming dns_server.pp to init.pp and hence removing the import *.pp I am now waiting to see if that has fixed the issue, but if it has (I suspect it will), why and how does this happen? Thanks John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] changing the default key length and hash
On Fri, May 20, 2011 at 5:39 AM, Mark Stanislav mark.stanis...@gmail.comwrote: Hi Micah, In short, I'm in agreement with you. With the CA which is defaulted to 5 years (not at all surprising) there's no doubt that soon (maybe 2.7 is a good time?) that 2048 key size should be used for at least the CA key, if not default for client key generation as well. Secondly, yes, I don't know why MD5 would be the hashing algorithm of choice in this case either. As I recall last year, most major root CAs went to 2048 last year to not anger the NIST recommendation. We will do this for 2.7.x unless we get major pushback from the community. -Mark On May 19, 2011, at 11:07 PM, Micah Anderson wrote: Hi all, I would like to start a discussion about changing the default key length From 1024 bits to 2048, and am interested to know if this might cause any issues for people. puppet.conf(5) says that the keylength parameter defaults to 1024 bits for new RSA keys. There are many reasons why 1024bits is just not good enough now days: . many free software crypto tools are defaulting to 2048-bit keys now (e.g. OpenSSH, GnuPG) . NIST has recommended avoiding reliance on 1024-bit keys after the end of 2010 you can compare other comparable standards at http://keylength.com/ Considering that generated certificates are expected to be around for at least the lifetime of the server itself, setting a reasonable bit-length key from the beginning is pretty important, especially if the server might be expected to be around for some years from now… Not only is the default keylength for the CA 1024 bits, the default hash is MD5. The german BSI1 produces a yearly document[0] that defines which algorithms should be save for usage over the next five years. This document rules out MD5, SHA-1 and RIPEMD-160 for hashing and key sizes 1976 bits for RSA keys right now. Now that we are well beyond the NIST recommendation, this seems to be a bug, and I filed it as such[1]. However, I'm throwing this out there to see if this might be an issue for anyone, such as on older distributions. discuss! micah 0. http://www.bundesnetzagentur.de/cae/servlet/contentblob/192414/publicationFile/10008/2011AlgoKatpdf.pdf 0. https://projects.puppetlabs.com/issues/6663 -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Defined resources not being applied, breaking dependencies
I'm running into an issue where I have a resource (package ipwatchd) dependent on another resource (exec fix_sle_sdk_pool_repo), but the resource that its dependent on isn't being included into the catalog. What's where is that the ipwatchd resource is actually dependent on 5 different exec 'repos' (fix_sles_pool_repo, fix_sles_update_repo, fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo). 2 of them look to be in the catalog (fix_sles_pool_repo, fix_sles_update_repo), the other 3 are not (fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo) ... I determined this (maybe incorrectly) by looking at /var/lib/puppet/client_yaml/catalog/fqdn.yaml. All of the exec resources are all defined similarly though. The error I get is: err: Could not run Puppet configuration client: Could not find dependency Exec[fix_sle_sdk_pool_repo] for Package[usps-ipwatchd] at / etc/puppet/modules/common/manifests/packages.pp:12 This seems to be working fine on 5 other SLES 11.1 systems though ... and has worked fine in the past numerous times. I'm using puppet 2.6.8 on the master and agents. I've mainly been using 2.6.7 in the past, just started using 2.6.8. Not sure if that has anything to do with this, but it is a recent change. Not sure what else to provide ... here is a copy of the class that manages the resources in question. I removed all the shell commands in command and onlyif in the exec resources. If they are needed for some reason let me know as I'm not sure I should be providing those types of details. class common::packages { case $operatingsystem { SLES: { Package { provider = zypper, require = Exec[ fix_sles_pool_repo, fix_sles_update_repo, fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo ] } package { [ usps-ldap, usps-eth, usps-augeas, usps-ipwatchd, USPSpassword, usps-rpmtools ]: ensure = installed } exec { add_usps_repo_key: path = /bin:/usr/bin, command = , onlyif = ; } if $architecture == x86_64 { if $virtual =~ /vmware/ { exec { add_vmware_repo_key: path = /bin:/usr/bin, command = , onlyif = ; } package { vmware-tools: ensure = installed, require = Exec[ fix_sle_vmware_repo ], notify = Service[network]; } } } case $operatingsystemrelease { 10.3: { # SLES 10.3 exec { fix_sles_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sles_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_usps_addons_repo: require = Exec[ add_usps_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } if $virtual =~ /vmware/ { exec { fix_sle_vmware_repo: require = Exec[ add_vmware_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } } } 11.1: { # SLES 11.1 exec { fix_sles_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sles_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_usps_addons_repo: require = Exec[ add_usps_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } if $virtual =~ /vmware/ { exec { fix_sle_vmware_repo: require = Exec[ add_vmware_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } } } } } } } Thanks, Jake -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Including a class multiple times, with different variables
On Fri, May 20, 2011 at 5:26 AM, Bilco105 bilco...@gmail.com wrote: Hi, I'm defining a class whose responsibility is to setup an application folder, virtual host, init script and so forth for a rails application. The class is defined as follows: class rails($name, $environment) ## Include General Software require nginx require mysql ## Setup application directories File { [/home/$app, /home/$app/app, /home/$app/app/log, /home/ $app/app/tmp]: ensure = directory owner = root group = dev mode = 4755 } ## etc } Now, on our production servers, we have one application running, so we do: node production.domain.com { class { rails: name = application1, env = production } } This works fine, and sets up all the requirements for the application. However, our staging server runs multiple applications, so I want to do the following: node staging.domain.com { class { rails: name = application1, env = production } class { rails: name = application2, env = production } class { rails: name = application3, env = production } } Obviously this complains about duplicate definitions of the rails class, but the variables are different. How can I work around this? Or what is a better way to implement what I'm trying to do? without having to duplicate everything Classes are singletons and you can only have one of them. If you want to instantiate multiple instances, use a defined resource type instead. http://docs.puppetlabs.com/guides/language_guide.html#defined-resource-types -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] finding consultants or full time puppet experts?
We are looking to hire a full time (or possibly a consultant) in Boston with experience in AWS and Puppet (or Chef :) http://www.fiksu.com/company/careers/cloud-operations-manager Any good leads on other places to look for someone like that? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Defined resources not being applied, breaking dependencies
That was a typo on my part, usps-ipwatchd is where the issues stems from as the error shows. And as you stated, that is the only thing defined. Sorry for the confusion. As you can see also, I'm not specifying any requires when defining the usps-ipwatchd package. And as the error shows its getting the correct dependencies assigned to it. The issue is that the dependency it has is not 'defined' in the catalog the host receives, even though from what I can tell above I have it defined properly and infact 2 similar exec resources seem to be included fine (I think). I've also checked all my other modules/manifests to make sure I didn't have usps- ipwatchd somewhere else also and its not. So I'm not sure that is the issue. Thanks, Jake On May 20, 10:44 am, Nigel Kersten ni...@puppetlabs.com wrote: On Fri, May 20, 2011 at 8:29 AM, Jake - USPS jacob.m.mcc...@usps.govwrote: I'm running into an issue where I have a resource (package ipwatchd) I can't see that actual package defined below, just usps-ipwatchd. Are you perhaps running into the issue where a specific require in a resource will override (rather than append) to the require set by a resource default as you have here with Package ? dependent on another resource (exec fix_sle_sdk_pool_repo), but the resource that its dependent on isn't being included into the catalog. What's where is that the ipwatchd resource is actually dependent on 5 different exec 'repos' (fix_sles_pool_repo, fix_sles_update_repo, fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo). 2 of them look to be in the catalog (fix_sles_pool_repo, fix_sles_update_repo), the other 3 are not (fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo) ... I determined this (maybe incorrectly) by looking at /var/lib/puppet/client_yaml/catalog/fqdn.yaml. All of the exec resources are all defined similarly though. The error I get is: err: Could not run Puppet configuration client: Could not find dependency Exec[fix_sle_sdk_pool_repo] for Package[usps-ipwatchd] at / etc/puppet/modules/common/manifests/packages.pp:12 This seems to be working fine on 5 other SLES 11.1 systems though ... and has worked fine in the past numerous times. I'm using puppet 2.6.8 on the master and agents. I've mainly been using 2.6.7 in the past, just started using 2.6.8. Not sure if that has anything to do with this, but it is a recent change. Not sure what else to provide ... here is a copy of the class that manages the resources in question. I removed all the shell commands in command and onlyif in the exec resources. If they are needed for some reason let me know as I'm not sure I should be providing those types of details. class common::packages { case $operatingsystem { SLES: { Package { provider = zypper, require = Exec[ fix_sles_pool_repo, fix_sles_update_repo, fix_sle_sdk_pool_repo, fix_sle_sdk_update_repo, fix_sle_usps_addons_repo ] } package { [ usps-ldap, usps-eth, usps-augeas, usps-ipwatchd, USPSpassword, usps-rpmtools ]: ensure = installed } exec { add_usps_repo_key: path = /bin:/usr/bin, command = , onlyif = ; } if $architecture == x86_64 { if $virtual =~ /vmware/ { exec { add_vmware_repo_key: path = /bin:/usr/bin, command = , onlyif = ; } package { vmware-tools: ensure = installed, require = Exec[ fix_sle_vmware_repo ], notify = Service[network]; } } } case $operatingsystemrelease { 10.3: { # SLES 10.3 exec { fix_sles_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sles_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_pool_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_sdk_update_repo: path = /bin:/usr/bin, command = , onlyif = ; fix_sle_usps_addons_repo: require = Exec[ add_usps_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } if $virtual =~ /vmware/ { exec { fix_sle_vmware_repo: require = Exec[ add_vmware_repo_key ], path = /bin:/usr/bin, command = , onlyif = ; } } } 11.1: { # SLES 11.1 exec { fix_sles_pool_repo: path = /bin:/usr/bin, command = ,
Re: [Puppet Users] finding consultants or full time puppet experts?
On Fri, May 20, 2011 at 08:31, Mark mcor...@gmail.com wrote: We are looking to hire a full time (or possibly a consultant) in Boston with experience in AWS and Puppet (or Chef :) http://www.fiksu.com/company/careers/cloud-operations-manager Any good leads on other places to look for someone like that? Here was always good, when I was looking. ;) That said, if you can't find anyone, Puppet Labs does have a professional services arm who do consulting, and we would be happy to talk to you about that. Not really a full time solution, obviously. :) Good luck. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ANNOUNCE: Facter 1.5.9 Final!
Facter 1.5.9 is a maintenance release containing fixes and updates. This release contains several fixes, and updated facts, as well as adding some new facts. These include enhancements with Facter EC2, additional memory facts for OS X, and better Ruby 1.9 support. As always, please let us know if you run into any problems with any of the release candidates. This release is available for download at: http://puppetlabs.com/downloads/facter/facter-1.5.9.tar.gz See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.5.9: http://projects.puppetlabs.com/projects/facter/ Revision log: 1.5.9 = 024f7c9 Update CHANGELOG for 1.5.9 4de8b20 Updated CHANGELOG for 1.5.9rc6 cc67a01 Removed inappropriately uncredited Ohai method from ec2 fact 69f98da Add facter test for ticket 7039 f91c120 downcase arp output so that the ec2 arp is matched a75f0f9 (#7039) Pre-load all facts when requesting a single fact 6b97242 Update CHANGELOG for 1.5.9rc5 acf0bb2 Ensures that ARP facts are returned only on EC2 hosts 76f544b Updated CHANGELOG for 1.5.9rc4 09b9f9b (#6795) Update tests to reflect changed exec 3db1cd0 Updated CHANGELOG for 1.5.9rc3 def3322 (#6795) xendomains: Ignore error output from xm list f39d487 (#6763) Use Facter::Util::Resolution.exec for arp 3eb9410 arp: Cleanup indendation 50b9b3f Updated CHANGELOG for 1.5.9rc2 2fb8316 Clean up indentation, and alignment in macaddress_spec.rb 3f0a340 (#6716) fix facter issues on OSX with ipv6 in macaddress.rb. 43f82ef Update CHANGELOG for 1.5.9rc1 d62e079 Fixed #2346 - A much cleverer EC2 fact 0411d2e Fixed #2346 - Part 1: Added arp fact for Linux 5b6f4fa Discussion on ec2 facts - #2346 e917e1a Fixed #3087 - Identify VMWare d0f0f63 (#6327) Memory facts should be available on Mac Darwin 458a22d Incremented release to 1.5.9 4eb64fe Fixed #6719 Typo ffd80ac (#5011) Adds swap statistics for OSX 1207765 (#6719) Restricts virtualization types for zones 8d71db3 Fixed #6616 - Stubbing in VMware tests on Linux aa959df Remove Solaris from the list of confined systems. It won't get the original lsb facts, and it's nonsensical too. 2e48e18 Fixed #6695 - Updated id fact for Darwin et al d718af4 Fix #6679 - Added Scientific Linux to operatingsystem fact dea6f78 Further fix to #5485 - SELinux facts 6d6d8da (#2721) Merged patch from Brane GraAnar 868e7ba (#5485) Made selinux_mode fact work 214da73 Fixed #5485 - Updated selinux_mode fact ba2601f Fix for #6495 - Updated interface detection 93461d9 Fixed #5950 - Solaris ipaddress incorrect after bonding failure 2e06cdc (#6615) fix missing stub calls in loader specs 3c7841e (#5666) windows support for facter/id.rb dd5d5bf (#4925) - MS Windows doesn't do man pages 52026ee Fixed #5699 - Added processorcount support for S390x 7dd730d Fixed #5699 - Added virtual support for s390x/Zlinux d6ce08a Fixed #6611 - Fixed broken HPVM test and rationalised test structure 84fa3c4 (#6525) change semicolons to 'then' in case statement for ruby 1.9.2 compatibility 3e6217d Fixes #6521 and other Ruby 1.9 issues eb5d6fc Fixed #6525 - Test failures on Ruby 1.9.x cb25119 (#2270) add testing for the new ipaddress6 feature ea29483 (#2270) add IPv6 support to facter core. 77eb512 (#2270) Remove DWIM code from ipaddress on Darwin. f5bf0f5 (#6360) Flush Facter top level cache before every test case. 0d7a2e6 Fix #4755: add support for GNU/kFreeBSD platform where missing. b88a088 (#5510) Facter should load custom fact definitions in filename order. 7a8be16 Refactor #6044 -- use _spec.rb as the pattern for spec tests. b39f892 Refactor #6044 -- require spec_helper with a consistent path. a4fe459 Refactor #6044 -- port testing to rspec2 af9134c (#5086) Try using kstat before falling back to 'who -b' to determine uptime. cbbfe55 Refactor util/uptime.rb tests to reduce duplication using contexts f0cc2c0 (#4575) win32 support for manufacturer, productname, serialnumber c40fc07 (#1423) Memory facts for Solaris 1985528 (#4754) Change is_virtual logic to not enumerate virtual types 739040f (#4754) Add support for Darwin and Parallels VM to virtual fact 9332f8a (#5325) Add tests for SPARC manufacturer and product name 5b561e3 (#5325) Manufacturer and product name on SPARC 9d99079 maint: Fix spec failures caused by having a space in the path to facter's source 89da001 maint: require rubygems so hudson can run the specs 1eef842 Maint: add Local-branch: info to mails sent by rake mail_patches f007a9d (#4989) Add xendomains fact 1fa87a9 JSON support. Works in 1.9.1. Warnings in 1.9.2. LoadError on 1.8.7 for some reason 43e203c (#5040) fact virtual should detect hpvm 7cec60a (#5016) is_virtual should be true on solaris zones f2e66b6 (#5031) Remove redundant puts from RDoc.usage f4da528 maint: Fix merge error d62b013 Issue #4889 Fact values should all be strings 07f186d [#4552] Updating --timing to
[Puppet Users] Does the puppet module tool work with ruby1.9.2?
puppet-module changelog /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/util/log/destinations.rb:99: warning: class variable access from toplevel /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/application/kick.rb: /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/application/kick.rb:107: Invalid next (SyntaxError) I'm running puppet-module (0.3.3) Ruby for me is via macports: port install ruby1.9 +nosuffix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback:
http://projects.puppetlabs.com/issues/7599 This (or something very like it) should work: file { foo: ensure = present mode = 0644 } Note the lack of commas after key/value pairs. Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: ability to remove all unmanaged resources
http://projects.puppetlabs.com/issues/7600 I call this the agent orange option :) This works, purging all unmanaged hosts entries: resources { 'host': purge = true, noop = true, } We should have a similar property for all (most?) types. Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: long online docs pages should be broken up
http://projects.puppetlabs.com/issues/7601 Our very long docs pages are difficult to use. E.g., http://docs.puppetlabs.com/references/2.6.8/type.html Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: import should also include subdirectories
http://projects.puppetlabs.com/issues/7604 import /etc/puppet/manifests/nodes/* Should import all manifests in subdirectories as well. Note that this conflicts with #4732, which proposes that Puppet globs act more like shell globs. Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet code to find out which is the first active network interface
I have a piece of shell script as below: ACTIVE_INTERFACE=`/sbin/ifconfig | /bin/gawk ' /^eth/ { print $1 } ' | /usr/bin/head -1` How do I translate it to puppet code, for example to assign the result as a variable to use? Thanks, -Haiyan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: virtual resource operator is too magical, hard to read
http://projects.puppetlabs.com/issues/7605 The virtual resource operator: @user { luke: ensure = present } Is relatively easy to type but, if you don’t know it, very hard to read. We should consider a word-based syntax, e.g.: virtual user { luke: ensure = present } Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: spaceship operator too magical, hard to read
http://projects.puppetlabs.com/issues/7606 The spaceship operator: User | group == sysadmin or title == luke | Is relatively easy to type but, if you don’t know it, very hard to read. We should consider a word-based syntax, e.g.: collect User { group == sysadmin or title == luke } User search { group == sysadmin or title == luke } Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] PC EU feedback: exported resource syntax is too magical, hard to read
http://projects.puppetlabs.com/issues/7612 The exported resources syntax: @@user { luke: ensure = present } Is concise and powerful, but very difficult to read. We should consider word-based syntax, e.g.: export @user { luke: ensure = present } And taking into account #7605, perhaps: export virtual user { luke: ensure = present } Please comment on the ticket or reply here, whichever you prefer. Thanks! r P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: exported resource syntax is too magical, hard to read
On 05/20/2011 01:24 PM, Randall Hansen wrote: http://projects.puppetlabs.com/issues/7612 The exported resources syntax: @@user { luke: ensure = present } Is concise and powerful, but very difficult to read. We should consider word-based syntax, e.g.: export @user { luke: ensure = present } And taking into account #7605, perhaps: export virtual user { luke: ensure = present } Yes on both counts. My coworkers have often commented on the cryptic nature of this construct, and googling for 'puppet @@' doesn't return anything immediately useful. Googling for 'puppet virtual export', on the other hand, does. In fact, the first hit is the documentation on Exporting and Collecting Resources. -- Russell A Jackson r...@csub.edu Network Analyst California State University, Bakersfield -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] report for schedule items
Hi, Currently when a resource is scheduled, that resource doesn't run until its supposed to. However, the puppet report currently doesn't show if a resource is schedule as it just marks it as skipped. Is there a way to separate out skipped from scheduled in puppet reports? Corey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: virtual resource operator is too magical, hard to read
On Fri, May 20, 2011 at 1:20 PM, Randall Hansen rand...@puppetlabs.comwrote: http://projects.puppetlabs.com/issues/7605 The virtual resource operator: @user { luke: ensure = present } Is relatively easy to type but, if you don’t know it, very hard to read. We should consider a word-based syntax, e.g.: virtual user { luke: ensure = present } Please comment on the ticket or reply here, whichever you prefer. Thanks! r +1 to this. Any change here should also updae the export syntax as well. replace @@user { foo: ; } with export user { foo: ; } Any plans on making the realizing/importing queries changed as well? realize/query: User | title == foo | export query: User | title == foo | -Jordan P.S. This is in response to feedback from my Improving the Puppet DSL session at Puppet Camp EU, 2011. This ticket isn't a promise we will take action, but we could very much like comment and discussion from you good people. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PC EU feedback: ability to remove all unmanaged resources
On May 20, 3:17 pm, Randall Hansen rand...@puppetlabs.com wrote: http://projects.puppetlabs.com/issues/7600 I call this the agent orange option :) This works, purging all unmanaged hosts entries: resources { 'host': purge = true, noop = true, } We should have a similar property for all (most?) types. Please comment on the ticket or reply here, whichever you prefer. I don't understand. I didn't think the resources meta-resource was specific to use with the 'host' resource type. Are there any resource types that it *doesn't* work with? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet code to find out which is the first active network interface
On Fri, May 20, 2011 at 13:19, hyzhang hyzh...@jcvi.org wrote: I have a piece of shell script as below: ACTIVE_INTERFACE=`/sbin/ifconfig | /bin/gawk ' /^eth/ { print $1 } ' | /usr/bin/head -1` How do I translate it to puppet code, for example to assign the result as a variable to use? You want to write a custom fact, for Facter. Normally you would distribute that as part of the pluginsync process, so it would be sent to the client by Puppet automatically, and available before your catalog was compiled. Regards, Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetmaster leaving files open with too many files open error
Every few days I have to restart the puppetmaster process due to this error Could not read YAML data for node Too many open files. I have 9 clients being controlled by Puppet and each one of those will generate the same error once this happens. Running 'lsof' during this time shows me 100's of entries like this puppetmas 10443 puppet 14u unix 0x810014c7e18017057251 socket. The only way to remedy this is by restarting the puppetmaster process. Once I restart the puppet master process it seems that a new lsof entry is created and stays present for every client check. All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64. Any ideas? If more output and debug info is needed please let me know. Also if switching to a mysql data store could get rid of this then that would work as I was planning on it eventually. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.