Re: [Puppet Users] Cross-module dependencies
On Sun, May 22, 2011 at 11:06 PM, Matthew Macdonald-Wallace li...@truthisfreedom.org.uk wrote: Hi all, I've got modules for NGINX and PHP-FPM which are working fine, the issue I'm running into is that quite often NGinx will start before php-fpm is even installed. I'm wondering if there's a way in the nginx module to Require the PHP-FPM service is started as a dependency of the nginx service, something like the following: class nginx { service { 'nginx': require = Service['php-fpm::php-fpm'], if the name of the service is php-fpm, you can just reference it as: service { 'nginx': require = Service['php-fpm'] } in general though, it is a little more maintainable to specify inter-module deps at the class level: service { 'nginx': require = Class['php'] } running = true; } } Is this possible in puppet 0.25 on CentOS? Thanks in advance, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: virtual resource operator is too magical, hard to read
Jordan Sissel: +1 to this. Any change here should also updae the export syntax as well. replace @@user { foo: ; } with export user { foo: ; } Agreed! Any plans on making the realizing/importing queries changed as well? realize/query: User | title == foo | export query: User | title == foo | Perhaps a server-side function, like collect_exports(Resource, expression) or perhaps extend the Realize directive to support expression matching somehow. However it's done, I agree that the query syntax should be made explicit at the same time as export. -- On my TV show, when I say and where do we put policy? the audience will yell USERSPACE! -- Sean Q. Neakums -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: spaceship operator too magical, hard to read
Nan Liu: On this subject, should we support regular expression? User | title =~ /*adm/ | If you're going down this road, it's probably worthwhile to add the full set of comparison operators such as = and so forth. -- There should be a homonym exam before people are issued keyboards. -- George Moffitt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] PC EU feedback: exported resource syntax is too magical, hard to read
Nigel Kersten: On Sat, May 21, 2011 at 1:42 AM, Brice Figureau brice-pup...@daysofwonder.com wrote: If you really want to simplify people's life, make those extra attributes become metaparameters (but please keep the old syntax): user { luke: ensure = present, virtual = [boolean] } That would even allow us to parametrize virtuality/exportability with the help of an expression (ie selectors, functions, boolean expressions ...) ++ This would be great. Being able to filter on virtual/export status would be killer. Oh yes indeed! I can already think of ways to use this. -- Man, if everything were object-oriented then rsync could do this already. Of course, if everything were object-oriented I'd have a bushy moustache and be wearing flares, which would suck. -- Sean Neakums -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How can i copy a directory
HI How can i copy a directory from puppet master to client I have tried this, but its giving error. I am using redhat 5.6 and puppet 2.6.8 file { /usr: ensure = directory, owner = root, group = root, mode = 777, content = template(/usr/local/sbin/), Please help me.. -- * Regards*** * Sumith** * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can i copy a directory
Try looking into the recurse = true parameter. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Mon, May 23, 2011 at 3:05 AM, Sumith Sudhakaran sumit...@gmail.comwrote: HI How can i copy a directory from puppet master to client I have tried this, but its giving error. I am using redhat 5.6 and puppet 2.6.8 file { /usr: ensure = directory, owner = root, group = root, mode = 777, content = template(/usr/local/sbin/), Please help me.. -- * Regards*** * Sumith** * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Users group in NW Ohio or hell even Detroit/Ohio area
I too am in the Metro Detroit area and would be interested. - Brad The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. From: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] On Behalf Of Robert Citek Sent: Sunday, May 22, 2011 12:49 PM To: puppet-users Subject: Re: [Puppet Users] Users group in NW Ohio or hell even Detroit/Ohio area I'm in the metro Detroit area. What do you have in mind? Regards, - Robert On Sun, May 22, 2011 at 11:46 AM, Jason Slagle raist...@tacorp.net wrote: Anyone else out there using puppet that would be interesting in forming a users group if one doesn't already exist? Jason -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can i copy a directory
Hi, You've got it a bit wrong. Here is what I think you're trying to do: http://docs.puppetlabs.com/guides/techniques.html#how-can-i-manage-whole-directories-of-files-without-explicitly-listing-the-files I think if you're starting out, you should try something simpler and less likely to destroy your system :) http://docs.puppetlabs.com/learning/manifests.html#resource-declarations For complete file type reference: http://docs.puppetlabs.com/references/stable/type.html#file content = template(/usr/local/sbin/), That does not work like you think it does. It is for file templates using ERB. For recursive directories you need something like: source = puppet:///module/name/somedirectory Cheers, Den On 23/05/2011, at 20:05, Sumith Sudhakaran sumit...@gmail.com wrote: HI How can i copy a directory from puppet master to client I have tried this, but its giving error. I am using redhat 5.6 and puppet 2.6.8 file { /usr: ensure = directory, owner = root, group = root, mode = 777, content = template(/usr/local/sbin/), Please help me.. -- Regards Sumith -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can i copy a directory
Hi, Now i am getting error like: err: /Stage[main]//File[/usr/local/sbin]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Not authorized to call search on /file_metadata/usr/local/sbin with {:recurse=true, :links=manage, :checksum_type=md5} On Mon, May 23, 2011 at 4:17 PM, Denmat tu2bg...@gmail.com wrote: Hi, You've got it a bit wrong. Here is what I think you're trying to do: http://docs.puppetlabs.com/guides/techniques.html#how-can-i-manage-whole-directories-of-files-without-explicitly-listing-the-files I think if you're starting out, you should try something simpler and less likely to destroy your system :) http://docs.puppetlabs.com/learning/manifests.html#resource-declarations For complete file type reference: http://docs.puppetlabs.com/references/stable/type.html#file content = template(/usr/local/sbin/), That does not work like you think it does. It is for file templates using ERB. For recursive directories you need something like: source = puppet:///module/name/somedirectory Cheers, Den On 23/05/2011, at 20:05, Sumith Sudhakaran sumit...@gmail.com wrote: HI How can i copy a directory from puppet master to client I have tried this, but its giving error. I am using redhat 5.6 and puppet 2.6.8 file { /usr: ensure = directory, owner = root, group = root, mode = 777, content = template(/usr/local/sbin/), Please help me.. -- * Regards*** * Sumith** * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- * Regards*** * Sumith** * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: PC EU feedback: ability to remove all unmanaged resources
On May 21, 2:11 am, Patrick Mohr kc7...@gmail.com wrote: On Fri, May 20, 2011 at 3:15 PM, jcbollinger john.bollin...@stjude.orgwrote: On May 20, 3:17 pm, Randall Hansen rand...@puppetlabs.com wrote: http://projects.puppetlabs.com/issues/7600 I call this the agent orange option :) This works, purging all unmanaged hosts entries: resources { 'host': purge = true, noop = true, } We should have a similar property for all (most?) types. Please comment on the ticket or reply here, whichever you prefer. I don't understand. I didn't think the resources meta-resource was specific to use with the 'host' resource type. Are there any resource types that it *doesn't* work with? Err, I assume (hope) it doesn't work with Augeas or File. I'd guess Package is too dangerous to be useful, but I could be wrong. Puppet is a powerful tool. If you use a powerful tool incorrectly, you can get powerfully hurt. All flippancy aside, my point is that the issue appears to be misconceived. To the best of my knowledge, the resources metaresource does work with all resource types, at least in principle. I imagine that in practice there are resource types that it cannot purge, as a result of those types' implementation details, and I suspect File and Augeas are among those. But that's not what I was talking about. Perhaps the question would make more sense if posed in a positive sense: Is the Resources type explicitly limited to working with only a subset of the available resource types? I thought the answer was no. Furthermore, some resource types do have type-specific purging at one scope or another. File is among them. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Inheritance in parametrized classes
On May 20, 10:20 am, Carles Amigó carles.am...@softonic.com wrote: Hi, I'm trying to pass a parameter different from the default to the child of a parametrized class with inheritance, I would not recommend mixing class inheritance with parameterized classes. As a separate matter, I would recommend to most people to avoid parameterized classes altogether. but the inherited code from the parent class doesn't seem to be taking the correct parameter. For example, in the following code: class parent ( $foo = bar ) { notice(parent: foo is $foo ) } class child ( $foo = bar ) inherits parent { notice(child: foo is $foo ) } class { child: foo = test } I would expect the following result: notice: Scope(Class[Parent]): parent: foo is test notice: Scope(Class[Child]): child: foo is test I'm getting the following one instead: notice: Scope(Class[Parent]): parent: foo is bar notice: Scope(Class[Child]): child: foo is test Is that the correct behaviour? Correct is such a nuanced word. I don't know whether the observed behavior is by design, but I don't find it surprising. I would not have found your expected behavior surprising either, however. You may be able to achieve your desired result like this: class { parent: foo = test } class { child: foo = test } That is, it is safe to include both a class and one of its subclasses in the same manifest. Do be aware, however, that you should create subclasses *only* to override superclass resource properties. And with parameterized classes, you can achieve an equivalent result via class parameters instead. If you want a class that declares all the resources of another, plus more, then have one class include the other instead of inheriting it. Except don't do that with parameterized classes: Puppet Labs recommends against it, and there are practical reasons to avoid doing so. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can i copy a directory
You'll have to copy the entire contents of /usr into the Puppet tree to do this, you can't serve it in place. I wouldn't do what you're doing anyway. Puppet is great for serving config files but for serving all of /usr I'd choose either NFS or rsync and call your sync script from Puppet. On May 23, 2011 4:09 AM, Sumith Sudhakaran sumit...@gmail.com wrote: -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SEC State and Dashboard
On 04/21/2011 03:21 PM, Glenn Buckholz wrote: I was wondering if anyone has, or is aware of puppet dashboard integration with secstate (https://fedorahosted.org/secstate/) . A use case would be, I run a compliance report in secstate, it shows up on the puppet dashboard and allows me to see where I'm out of compliance and where I can remediation with puppet content if I have it written and available. Just looking for pointers I'm new to the puppet world. -Glenn Make a security module, then everything related will be auto-tagged security. THen you can add your own tag to an arbitrary resource that say is required by PCI or some such tag = security_pci, and then use the report processor for dashboard with some tiny modifications to get a security overview. So, I guess the answer is no to your question but i think it's not that hard to do. -- -- Joe McDonagh Operations Engineer AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cross-module dependencies
On Sun, May 22, 2011 at 11:06 PM, Matthew Macdonald-Wallace li...@truthisfreedom.org.uk wrote: Hi all, I've got modules for NGINX and PHP-FPM which are working fine, the issue I'm running into is that quite often NGinx will start before php-fpm is even installed. I'm wondering if there's a way in the nginx module to Require the PHP-FPM service is started as a dependency of the nginx service, something like the following: There's also the 'require' function which does an include and sets up Class - Class relationships. class nginx { service { 'nginx': require = Service['php-fpm::php-fpm'], running = true; } } Is this possible in puppet 0.25 on CentOS? Thanks in advance, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: finding consultants or full time puppet experts?
On Sun, May 22, 2011 at 7:48 AM, Mark mcor...@gmail.com wrote: Great, thanks for the pointer. I saw the consulting page and we will give you a call about that. We definitely would prefer a full-time person, but we are looking at all of the options.. You might have more luck asking on Twitter using the #puppet hash tag. A lot of the more experienced consultants end up being too busy to keep up with the traffic on the -users list regularly :) On May 20, 1:31 pm, Daniel Pittman dan...@puppetlabs.com wrote: On Fri, May 20, 2011 at 08:31, Mark mcor...@gmail.com wrote: We are looking to hire a full time (or possibly aconsultant) in Boston with experience in AWS and Puppet (or Chef :) http://www.fiksu.com/company/careers/cloud-operations-manager Any good leads on other places to look for someone like that? Here was always good, when I was looking. ;) That said, if you can't find anyone, Puppet Labs does have a professional services arm who do consulting, and we would be happy to talk to you about that. Not really a full time solution, obviously. :) Good luck. Daniel -- ⎋ Puppet Labs Developer –http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can i copy a directory
On Mon, May 23, 2011 at 10:08 AM, Aaron Grewell aaron.grew...@gmail.com wrote: You'll have to copy the entire contents of /usr into the Puppet tree to do this, you can't serve it in place. I wouldn't do what you're doing anyway. Puppet is great for serving config files but for serving all of /usr I'd choose either NFS or rsync and call your sync script from Puppet. I find myself using something like this fairly often: $rsync_html = /usr/bin/rsync -a $user@$host:$svnfolder/html/ $approot/html --exclude=.svn --delete exec { $rsync_html: onlyif = test `$rsync_html --dry-run --itemize-changes | wc -l` -gt 0 } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Variable inheritance in Stages
I have pre, main, and post stages configured in my manifests. When I assign variables in the node declaration they are present in the main stage, but not my pre-stage. How do I assign variables at the node level that can be referenced in my pre stage? -Chip Schweiss -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Does the puppet module tool work with ruby1.9.2?
I shall try this inquiry again: I installed the puppet module tool version 0.3.3 locally to my laptop. I have installed ruby 1.9.2 on the laptop. Surely by now, puppet and facter work with ruby 1.9.2? They certainly seem to work well. I have installed ruby using macports, and am using the +nosuffix option, which installes ruby as 'ruby' not 'ruby19' I have attached the output from my attempt to run this tool to this message. It appears as if there is a ruby error in puppet 2.6.8? I'm unsure. Pls advise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Fetching: puppet-module-0.3.3.gem (100%) ** Thank you for installing puppet-module from Puppet Labs! * Usage instructions: read README.markdown or run `puppet-module usage` * Changelog: read CHANGES.markdown or run `puppet-module changelog` * Puppet Forge: visit http://forge.puppetlabs.com/ * If you don't have Puppet installed locally by your system package manager, please install it with: sudo gem install puppet ** Successfully installed puppet-module-0.3.3 1 gem installed Installing ri documentation for puppet-module-0.3.3... Installing RDoc documentation for puppet-module-0.3.3... [root:8va:0:~ ]# rehash [root:8va:0:~ ]# puppet-module usage /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/util/log/destinations.rb:99: warning: class variable access from toplevel /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/application/kick.rb: /opt/local/lib/ruby1.9/gems/1.9.1/gems/puppet-2.6.8/lib/puppet/application/kick.rb:107: Invalid next (SyntaxError)
Re: [Puppet Users] Re: Does the puppet module tool work with ruby1.9.2?
On Mon, May 23, 2011 at 9:30 AM, Kevin Beckford lazy...@gmail.com wrote: I shall try this inquiry again: I installed the puppet module tool version 0.3.3 locally to my laptop. I have installed ruby 1.9.2 on the laptop. Surely by now, puppet and facter work with ruby 1.9.2? They certainly seem to work well. I have installed ruby using macports, and am using the +nosuffix option, which installes ruby as 'ruby' not 'ruby19' I have attached the output from my attempt to run this tool to this message. It appears as if there is a ruby error in puppet 2.6.8? I'm unsure. Ruby 1.9.2 support is targeted for 2.7.x Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] finding consultants or full time puppet experts?
On 05/20/2011 11:31 AM, Mark wrote: We are looking to hire a full time (or possibly a consultant) in Boston with experience in AWS and Puppet (or Chef :) http://www.fiksu.com/company/careers/cloud-operations-manager Any good leads on other places to look for someone like that? Thanks! Although I do currently have a great $dayjob, I also work nights and weekends consulting in areas I specialize it, similar to what you're asking for. I am in Boston (Somerville/Charlestown line actually), have been a heavy (for many months I was doing Puppet 6-8 hours+ a day) Puppet user for a total of about three years, currently managing 200+ RHEL boxes at one site and 100+ Ubuntu 6.06/8.04/10.04 in addition to several OpenBSD boxes. I certainly do have other specialities in areas like Security, Firewalling, and general automation really. However, I do not have practical talents with AWS, which looks to be a hard requirement. Regardless, I am open for work nights and weekends. If you're still interested, e-mail me your preferred resume format (or anyone on the list, also open to you if you're in Greater Boston or want remote work) and I'll get it back to you. Thanks! -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable inheritance in Stages
On 05/23/2011 12:34 PM, Chip wrote: I have pre, main, and post stages configured in my manifests. When I assign variables in the node declaration they are present in the main stage, but not my pre-stage. How do I assign variables at the node level that can be referenced in my pre stage? -Chip Schweiss I'm also curious how variables interact with stages in general. I was really anticipating them to solve some long-standing problems at this one gig and it turned out that it worked absolutely nothing I thought it would. -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Management of MySQL grant tables?
On 07/28/2010 02:58 AM, David Schmitt wrote: On 7/28/2010 12:41 AM, Christopher Johnston wrote: David, Curious on how you handle doing a grant of *.* (all attributes) I looked through your puppet type and I see you are individually listing every type out but you are missing event_priv and trigger_priv as grant types. I haven't worked on those types in a while and it is possible, that those privs only exist in a later version of mysql? Best Regards, David Last time I looked at this there was some stub function in place that just couldn't be found anywhere. Has there been some recent function on it? Also, why the augeas module dependency? Grant state is managed in the db, which is what makes this problem tough to solve for most people. However, I know Dave's no slouch so maybe I am missing something. -- Joe McDonagh IT Infrastructure Consultant AIM: YoosingYoonickz IRC: joe-mac on freenode When the going gets weird, the weird turn pro. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] custom facter does not show up on client
Hi, I wrote a custom facter called active_interface and put in /etc/puppet/ modules/networking/lib/facter directory. Then I did export RUBYLIB=/etc/puppet/modules/networking/lib on puppet master. On puppet master, it works. facter active_interface eth0 But on client, it did not even seem to try to pull it from master. The log does not show any event related. Do I miss something? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom facter does not show up on client
On Mon, May 23, 2011 at 2:06 PM, hyzhang hyzh...@jcvi.org wrote: Hi, I wrote a custom facter called active_interface and put in /etc/puppet/ modules/networking/lib/facter directory. Then I did export RUBYLIB=/etc/puppet/modules/networking/lib on puppet master. On puppet master, it works. facter active_interface eth0 But on client, it did not even seem to try to pull it from master. The log does not show any event related. Do I miss something? Enable pluginsync option on the the client puppet.conf, and test on the client with the command facter -p. HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable inheritance in Stages
On Mon, May 23, 2011 at 9:34 AM, Chip chip.schwe...@gmail.com wrote: I have pre, main, and post stages configured in my manifests. When I assign variables in the node declaration they are present in the main stage, but not my pre-stage. How do I assign variables at the node level that can be referenced in my pre stage? Not sure how that would be affect by stages: class a { notify { $var:} } node default { $var = hi! stage { pre: before = Stage['main'], } class { a: stage = 'pre', } } notice: hi! notice: /Stage[pre]/A/Notify[hi!]/message: defined 'message' as 'hi!' The only thing I suspect is the variable is declared after the class have been declared. A concrete example or pastie of your code would be beneficial to diagnose this further. Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Variable interpolation challenge
I'm having a problem with variable interpolation that I haven't found a good solution to. I want to use a variable as part of the name of a fact, but the interpolation doesn't work as expected. I've allowed for passing the mac address into my define() but if it's not provided I want to look it up via facter. if $macaddress_${name} { $final_hwaddr = $macaddress_${name} } I want Puppet to look up the value of macaddress_eth0 or whatever, but instead it returns the value of $name. How can I get the appropriate value? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Merge folders
On Mon, Apr 4, 2011 at 12:13 PM, Marcus Downing marcus.down...@gmail.com wrote: As I said, the sourceselect = all parameter is necessary to make puppet merge the listed sources rather than selecting one of them. I take your point that variables are a fragile way of specifying. I'll try refactoring it based on class parameters, but the list of sources isn't the same length for the different nodes so it'll still have to be an array; and it will need to add that array to a list of default sources shared by all instances (that I'd rather not repeat for every one). Have you had any luck with this? I'm trying to do something similar with multiple sources for one directory where each node has a different set of sources. I can explicitly set the list of sources on a per-node basis, but whenever I try to set it using modules, it fails. Thanks, Jeremy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Template conditionals
I've got a conditional statement that isn't working the way I expect. I've created a define() for building network interfaces, but two of the entries (master slave) are only appropriate for bonded interfaces. I would like them to be completely excluded from regular interfaces. This seems easy enough according to the docs, set master slave to 'undef' and use the 'if has_variable' syntax in the template. It doesn't work though. I also tried using 'if variable != undef' but this also does not work. Interestingly the results of the two are exactly the same. I'm clearly missing something. How do I get the template to skip these lines? The results end up looking like this: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=eth0 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.1 NETMASK=255.255.255.0 HWADDR=eth0 MASTER=undef SLAVE=undef The define is built like so: define network_interface ( $bootproto, $onboot, $ipaddr = undef, $netmask = undef, $hwaddr = undef, $master = undef, $slave = undef ){ SNIP } And the template looks like: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=%= name % BOOTPROTO=%= bootproto % ONBOOT=%= onboot % % if ipaddr != undef -% IPADDR=%= ipaddr % % end -% % if netmask != undef -% NETMASK=%= netmask % % end -% % if final_hwaddr != undef -% HWADDR=%= final_hwaddr % % end -% % if master != undef -% MASTER=%= master % % end -% % if slave != undef -% SLAVE=%= slave % % end -% Or I also tried: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=%= name % BOOTPROTO=%= bootproto % ONBOOT=%= onboot % % if has_variable?(ipaddr) then -% IPADDR=%= ipaddr % % end -% % if has_variable?(netmask) then -% NETMASK=%= netmask % % end -% % if has_variable?(final_hwaddr) then -% HWADDR=%= final_hwaddr % % end -% % if has_variable?(master) then -% MASTER=%= master % % end -% % if has_variable?(slave) then -% SLAVE=%= slave % % end -% -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Generate Compiled catalog/yaml for a node?
One Follow up question: how do I apply the compiled catalog on the client? The yaml I get from puppet master --compile is like: cat mytest.yaml { data: { edges: [ { target: Class[main], source: Stage[main] ... } If I do on the client: puppet apply --test --debug mytest.yaml, I get Could not parse for environment production: Syntax error at '{'; expected '}' at /root/mytest.yaml:1 on node 192.168.2.199 Am I missing anything? Thanks a lot! -Yushu +-+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | 1 Cyclotron Road | Berkeley CA 94720 - USA +-+ On Sat, May 7, 2011 at 9:00 AM, Nigel Kersten ni...@puppetlabs.com wrote: On Sat, May 7, 2011 at 5:50 AM, Yushu Yao y...@lbl.gov wrote: Thanks Folks for the answers. Before I go into this direction, I just want to make sure one thing from the developers: Is this a feature that you think will stay inside puppet? (in 3.0, 4.0, etc) Or has there been any discussion to remove this feature? Feel safer if I know this feature will stay long. Thanks You're only going to see more flexible control over out of band catalog compilation like this Yushu, not less. We won't be removing this feature, we'll be improving it. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Generate Compiled catalog/yaml for a node?
On Mon, May 23, 2011 at 4:21 PM, Yushu Yao y...@lbl.gov wrote: One Follow up question: how do I apply the compiled catalog on the client? The yaml I get from puppet master --compile is like: cat mytest.yaml { data: { edges: [ { target: Class[main], source: Stage[main] ... } If I do on the client: puppet apply --test --debug mytest.yaml, I get Could not parse for environment production: Syntax error at '{'; expected '}' at /root/mytest.yaml:1 on node 192.168.2.199 Not the most intuitive thing, puppet apply -t -d --apply mytest.yaml. Most likely will get expired catalog, but that can either be updated by changing expire datetime in the catalog, or controlling expiration using --runinterval (it's overloading the same option for two purpose). HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Variable interpolation challenge
On Mon, May 23, 2011 at 3:51 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I'm having a problem with variable interpolation that I haven't found a good solution to. I want to use a variable as part of the name of a fact, but the interpolation doesn't work as expected. I've allowed for passing the mac address into my define() but if it's not provided I want to look it up via facter. if $macaddress_${name} { $final_hwaddr = $macaddress_${name} } I want Puppet to look up the value of macaddress_eth0 or whatever, but instead it returns the value of $name. How can I get the appropriate value? Should be a function instead of inline_template: $myvar = macaddress_${name} $hwaddr = inline_template(%= scope.lookupvar(myvar) %) Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Template conditionals
On Mon, May 23, 2011 at 4:09 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I've got a conditional statement that isn't working the way I expect. I've created a define() for building network interfaces, but two of the entries (master slave) are only appropriate for bonded interfaces. I would like them to be completely excluded from regular interfaces. This seems easy enough according to the docs, set master slave to 'undef' and use the 'if has_variable' syntax in the template. It doesn't work though. I also tried using 'if variable != undef' but this also does not work. Interestingly the results of the two are exactly the same. I'm clearly missing something. How do I get the template to skip these lines? The results end up looking like this: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=eth0 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.1 NETMASK=255.255.255.0 HWADDR=eth0 MASTER=undef SLAVE=undef The define is built like so: define network_interface ( $bootproto, $onboot, $ipaddr = undef, $netmask = undef, $hwaddr = undef, $master = undef, $slave = undef ){ SNIP } And the template looks like: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=%= name % BOOTPROTO=%= bootproto % ONBOOT=%= onboot % % if ipaddr != undef -% IPADDR=%= ipaddr % % end -% % if netmask != undef -% NETMASK=%= netmask % % end -% % if final_hwaddr != undef -% HWADDR=%= final_hwaddr % % end -% % if master != undef -% MASTER=%= master % % end -% % if slave != undef -% SLAVE=%= slave % % end -% Or I also tried: ### This file is being managed by Puppet ### DO NOT EDIT DEVICE=%= name % BOOTPROTO=%= bootproto % ONBOOT=%= onboot % % if has_variable?(ipaddr) then -% IPADDR=%= ipaddr % % end -% % if has_variable?(netmask) then -% NETMASK=%= netmask % % end -% % if has_variable?(final_hwaddr) then -% HWADDR=%= final_hwaddr % % end -% % if has_variable?(master) then -% MASTER=%= master % % end -% % if has_variable?(slave) then -% SLAVE=%= slave % % end -% Don't quote it, has_variable?(slave). Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] custom provider type error message
# 1. able to see confirm pluginsync = true works $ find /var/lib/puppet/lib/puppet/ -type f /var/lib/puppet/lib/puppet/type/custominstall.rb /var/lib/puppet/lib/puppet/provider/custominstall/custominstall.rb # 2. but I still get the following messages $ sudo less /var/log/messags May 23 17:45:20 dashboard puppet-agent[29951]: (/Stage[main]// Node[dashboard.lab.xxx.net]/Custominstall[erlgrey]) Could not evaluate: No ability to determine if custominstall exists # my site.pp for the node is simple $ cat /etc/puppet/manifests/site.pp node 'dashboard.lab.xxx.net' { custominstall { erlgrey: ensure = present, release = 1551, } } # here is the type $ cat /etc/puppet/modules/xxx/lib/puppet/type/custominstall.rb Puppet::Type.newtype(:custominstall) do @doc = Manage custominstall feature :installable, The provider can install packages., :methods = [:install] feature :uninstallable, The provider can uninstall packages., :methods = [:uninstall] ensurable do desc What state the package should be in [absent,present,installed]. newvalue(:present, :event = :package_installed) do provider.install end newvalue(:absent, :event = :package_removed) do provider.uninstall end # Alias the 'present' value. aliasvalue(:installed, :present) defaultto :installed end newparam(:artifact, :namevar = true) do desc The package name. end newparam(:revision) do desc The package revision. end end # here is the provider $ cat /etc/puppet/modules/xxx/lib/puppet/provider/custominstall/ custominstall.rb Puppet::Type.type(:custominstall).provide :custominstall do commands :curl= /usr/bin/curl def uninstall notice going to uninstall #{@resource[:name]} end def install artifact = @resource[:name] file = /tmp/#{artifact}.xml url = http://xxx/#{@resource[:revision]}; Puppet::Util::SUIDManager.asuser(xxx, xxx) do curl -o, file, -C, -, -k, -s, --url, url end end end -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Does the puppet module tool work with ruby1.9.2?
On Mon, May 23, 2011 at 9:30 AM, Kevin Beckford lazy...@gmail.com wrote: I shall try this inquiry again: I installed the puppet module tool version 0.3.3 locally to my laptop. I have installed ruby 1.9.2 on the laptop. Surely by now, puppet and facter work with ruby 1.9.2? They certainly seem to work well. I have installed ruby using macports, and am using the +nosuffix option, which installes ruby as 'ruby' not 'ruby19' Kevin, please bug report this here: http://projects.puppetlabs.com/projects/module-site/issues/new and pick the category module tool. We'll get this addressed soon, it should be a simple enough fix. I have attached the output from my attempt to run this tool to this message. It appears as if there is a ruby error in puppet 2.6.8? I'm unsure. Pls advise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] custom provider type error message
On Mon, May 23, 2011 at 4:01 PM, MolMorroco vvita...@gmail.com wrote: # 1. able to see confirm pluginsync = true works $ find /var/lib/puppet/lib/puppet/ -type f /var/lib/puppet/lib/puppet/type/custominstall.rb /var/lib/puppet/lib/puppet/provider/custominstall/custominstall.rb # 2. but I still get the following messages $ sudo less /var/log/messags May 23 17:45:20 dashboard puppet-agent[29951]: (/Stage[main]// Node[dashboard.lab.xxx.net]/Custominstall[erlgrey]) Could not evaluate: No ability to determine if custominstall exists puppet-dev is more appropriate for custom types/providers. # my site.pp for the node is simple $ cat /etc/puppet/manifests/site.pp node 'dashboard.lab.xxx.net' { custominstall { erlgrey: ensure = present, release = 1551, } } # here is the type $ cat /etc/puppet/modules/xxx/lib/puppet/type/custominstall.rb Puppet::Type.newtype(:custominstall) do @doc = Manage custominstall feature :installable, The provider can install packages., :methods = [:install] feature :uninstallable, The provider can uninstall packages., :methods = [:uninstall] ensurable do desc What state the package should be in [absent,present,installed]. newvalue(:present, :event = :package_installed) do provider.install end newvalue(:absent, :event = :package_removed) do provider.uninstall end # Alias the 'present' value. aliasvalue(:installed, :present) defaultto :installed end newparam(:artifact, :namevar = true) do desc The package name. end newparam(:revision) do desc The package revision. end end # here is the provider $ cat /etc/puppet/modules/xxx/lib/puppet/provider/custominstall/ custominstall.rb Puppet::Type.type(:custominstall).provide :custominstall do commands :curl = /usr/bin/curl def uninstall notice going to uninstall #{@resource[:name]} end def install artifact = @resource[:name] file = /tmp/#{artifact}.xml url = http://xxx/#{@resource[:revision]}; Puppet::Util::SUIDManager.asuser(xxx, xxx) do curl -o, file, -C, -, -k, -s, --url, url end end end You specified ensurable but didn't implement a way for puppet to detect whether this resource exists. You need to implement something along the line of: def self.instances packages = [] # some way to determine what custominstall resource exists on the system. end If you think about how puppet performs changes to the system, it needs to query the state of the resource current state on the system and it only performs action when appropriate to change the resource to the desire state described in your manifests. So implementing the install/uninstall action is insufficient. Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppetmaster leaving files open with too many files open error
What is the current issue number? The only one I could find that mentions the same problem is this , http://projects.puppetlabs.com/issues/7203. Would any changes to my current puppet.conf (see below) make this problem no longer an issue? I'm not suing storeconfig, and not really sure if I need to be doing anything as far as saving the inventory information. My setup is very basic, but right now can't run for more than 2 or 3 days without having to restart the puppetmaster service. [master] certname=puppetmaster reports = http, store # Configure Inventory Service facts_terminus = inventory_active_record dbadapter = mysql dbname = puppet_inv dbuser = puppet_inv dbpassword = cabb0ac9ed925867f93587ccfb147ebf15dec8a3 dbserver = localhost dbsocket = /var/lib/mysql/mysql.sock Thanks - Trey On May 21, 6:08 am, Nathan Clemons nat...@livemocha.com wrote: I'm pretty sure there is an open bug on this, I was looking around on this the other day. It's related to using stored configs and Puppet/ruby not closing the connections to the database servers. -- Nathan Clemonshttp://www.livemocha.com The worlds largest online language learning community On Fri, May 20, 2011 at 10:01 PM, treydock treyd...@gmail.com wrote: Every few days I have to restart the puppetmaster process due to this error Could not read YAML data for node Too many open files. I have 9 clients being controlled by Puppet and each one of those will generate the same error once this happens. Running 'lsof' during this time shows me 100's of entries like this puppetmas 10443 puppet 14u unix 0x810014c7e180 17057251 socket. The only way to remedy this is by restarting the puppetmaster process. Once I restart the puppet master process it seems that a new lsof entry is created and stays present for every client check. All clients and puppetmaster are running 2.6.8 on CentOS 5.6 x64. Any ideas? If more output and debug info is needed please let me know. Also if switching to a mysql data store could get rid of this then that would work as I was planning on it eventually. Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Generate Compiled catalog/yaml for a node?
That works. Thanks a lot@ -yushu +-+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | 1 Cyclotron Road | Berkeley CA 94720 - USA +-+ On Mon, May 23, 2011 at 4:41 PM, Nan Liu n...@puppetlabs.com wrote: On Mon, May 23, 2011 at 4:21 PM, Yushu Yao y...@lbl.gov wrote: One Follow up question: how do I apply the compiled catalog on the client? The yaml I get from puppet master --compile is like: cat mytest.yaml { data: { edges: [ { target: Class[main], source: Stage[main] ... } If I do on the client: puppet apply --test --debug mytest.yaml, I get Could not parse for environment production: Syntax error at '{'; expected '}' at /root/mytest.yaml:1 on node 192.168.2.199 Not the most intuitive thing, puppet apply -t -d --apply mytest.yaml. Most likely will get expired catalog, but that can either be updated by changing expire datetime in the catalog, or controlling expiration using --runinterval (it's overloading the same option for two purpose). HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] changing the default key length and hash
On Fri, May 20, 2011 at 08:23, Nigel Kersten ni...@puppetlabs.com wrote: On Fri, May 20, 2011 at 5:39 AM, Mark Stanislav mark.stanis...@gmail.com wrote: In short, I'm in agreement with you. With the CA which is defaulted to 5 years (not at all surprising) there's no doubt that soon (maybe 2.7 is a good time?) that 2048 key size should be used for at least the CA key, if not default for client key generation as well. Secondly, yes, I don't know why MD5 would be the hashing algorithm of choice in this case either. As I recall last year, most major root CAs went to 2048 last year to not anger the NIST recommendation. We will do this for 2.7.x unless we get major pushback from the community. To replicate what I said in RedMine: I am strongly of the view that we should follow the most restrictive of the current sets of government advice (eg: BSI, NSA/NIST, etc) and advice from the experts in the field. If this requires addressing the question of how to achieve compatibility then we had better solve this, before someone genuinely breaks MD5, or RSA, or whatever in a way that matters to us, and we end up in more serious trouble: having to solve this in zero time, rather than with the relatively luxury of time. Larger keys, better hashing (probably by adding them as well as md5, rather than just replacing it, etc.) (Oh, and we absolutely have the capabilities to inspect the client version and make intelligent decisions about what we ship in terms of checksums, etc, as part of our compatibility story. As long as the master leads the agent in version we should be fine.) Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.