Re: [Puppet Users] available built-in variables
On Thu, Jun 23, 2011 at 7:46 AM, Patrick patrick.hem...@gmail.com wrote: Is there anywhere that lists the available built-in variables aside from facter and http://docs.puppetlabs.com/guides/faq.html#are-there-variables-available-other-than-those-provided-by-facter ? Pretty sure that's it. You can dump all variables in scope via: notice(inline_template(%= scope.to_hash %)) This isn't perfect, but should give you the subset: (since facter value such as uptime changes, and in agent/master mode this is totally wrong unless it's on the same system) notice(inline_template(%= (scope.to_hash.to_a - Facter.to_hash.to_a).to_yaml %) This obviously will be different if the notice is in a module, a class, a define, $caller_module, $module_name would only be present if the notice is in the appropriate location. I'm referring to variables like $title and $name, which are mentioned by http://docs.puppetlabs.com/guides/language_guide.html#defined-resource-types, but are there any others? Anyhow this is what I got back using puppet apply (trimming some extras): - - clientversion - 2.6.4 (Puppet Enterprise 1.0) - - clientcert - pe-master.localdomain - - title - main - - name - main - - environment - production Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
For whatever reason I'm using the opensource packages from blastwave. AFAIU these are not to be mixed with opencsw. So I can't use your packages? regards, Andreas Mark Phillips wrote: CSW packages in experimental - http://buildfarm.opencsw.org/experimental.html#markp Both contain Dom Cleal's patched pkgutil[1] provider that supports 'source'[2] for -t alternative repositories. --Mark [1] https://github.com/domcleal/puppet/blob/tickets/master/8011/lib/puppet/provider/package/pkgutil.rb [2] http://projects.puppetlabs.com/issues/8011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] howto trigger action on another client
Hi, I want to automate installation of GridEngine with puppet. GE comes with some prepared script for automatic installation. Unfortunately this is to be run on the GE master to install the executions host (=clients). (This then will run some commands on the exec host via ssh) So from puppet's perspective if an agent on an execution host notices that GE is not installed but should it has to tell the agent on the GE master to run the install script. Is there an easy (puppet) way to do it? My idea is to have the exec host write its name into a file hosts_to_install on a common NFS and have the master check that file. But maybe there are better ways. Does anybody here has some other GE related recipes? regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exported resources for DNS and DHCP
On 06/09/2011 06:46 PM, Daniel Pittman wrote: On Thu, Jun 9, 2011 at 07:40, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: I haven't used exported resources before, and I'm finding it a little confusing. Basically I want Puppet to know which of the servers have the DNS servers class applied to them, so it can use these servers' IP addresses when it generates the DHCP config. This way, if we add or remove DNS servers, the DHCP is automatically regenerated. It doesn't sound too hard, but I can't quite see to achieve this. Can anyone give me a few pointers, please? Yeah. So, one of the current problems with storeconfigs is that it only serves to inject resource declarations into another host. You can't really manage the data itself, so you have to put *something* physical somewhere to make it work. When I had similar problems I took one of two approaches: One, inject textual content into the target file directly, either using 'file' resources and include statements in the configuration, or using one of the concatenated file providers, and exporting / importing a fragment from the DNS server to the DHCP server. Thanks for your response, very helpful. I've only just got round to finding time to work on this again. Please can you expand on the two things you mentioned above - I'm not sure I fully understand. At the moment we are using Puppet in a fairly noddy way, and I'm keen to get to grips with its more advanced features. Many thanks, Jonathan If neither of those worked, the other approach I took was painfully indirect: export a file with the data, import that on the master, then use the 'generate' function to extract that on the master when I built the target system. For example, on the DNS server, create this exported resource: @@file { /datastore/dns-${fqdn}.data: content = ip = ${ipaddress}\n, tag = 'data' } Then, on the master import that, and use a little Perl script to read /datastore/dns-*.data, parse out the IP value, and inject that: class dhcp { $dns = generate('/u/l/bin/extract-data', 'dns', 'ip') # ...and that is the data I need. } Regards, Daniel -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet agent problem on Ubuntu
did you tried sudo pupetd --server=myserver --test it will run puppet onetime as root and verbosely... 2011/6/21 John Nicholson vilvic.j...@gmail.com I'm in the process of setting up puppet and experiencing some issues. I'm running Ubuntu 11.04 desktop and server in two seperate VM's. I've installed puppet master (2.6.4) and puppet (2.6.4). The puppet master and agent are happily working together. I'm running the example in the book Pro Puppet. This is the first example; Code: class sudo { package { sudo: ensure = present, } if $operatingsystem == Ubuntu { package { sudo-ldap: ensure = present, require = Package[sudo], } } file { /etc/sudoers: owner = root, group = root, mode = 0440, source = puppet://$puppetserver/modules/sudo/etc/sudoers, require = Package[sudo], } } On the agent I run the following command; puppet agent --server=myserver --no-daemonize --verbose --onetime The agent see's the change but I get an error; info: Caching catalog for agentServer info: Applying configuration version '123456789' err: /Stage[main]/Sudo/Package[sudo-ldap]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=-- force-confold install sudo-ldap' returned 100: E: Could not open lock file /var/lib/ dpkg/lock - open (13: Permission denied) E: Unable to lick the administration directory (/var/lib/dpkg/), are you root? I don't have another package manager open. I understand what the problem is. The agent is being run as the current logged in user and that user doesn't have permission to run apt-get. Generally to run apt-get i have to do sudo apt-get. I've thought about modifying the sudoers file and adding nopasswd for my user (as suggested in other posts) for apt-get but that doesn't solve the problem since the command in the puppet agent is not run with sudo. I understand if I run the puppet agent as a daemon then it runs as user root which I guess would solve the problem. I'm not sure it's best to run the agent as a daemon. I might want to control when the agent pulls the updates from the puppet master (or through cron). If I run; sudo puppet agent --server=myserver --no-daemonize --verbose -- onetime I get a different error; err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I've tried removing the ssl certs from both the puppet master and agent and run the command again. I get the same problem. When I remove the sudo from the start of the command the puppet agent is happy with the cert. I though about adding my user to the root group as a test. Even when I do that if I run apt-get update manually a permission denied. I wondered if this has something to do with the root user being disabled by default on Ubuntu. I'm a novice when it comes to these sorts of things. Has anyone got this working or have any suggestions of how I might solve this issue? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to manage many nodes easily?
What a good solution! Thanks a lot! 2011/6/24 Nan Liu n...@puppetlabs.com On Thu, Jun 23, 2011 at 7:43 PM, flex frostyn...@gmail.com wrote: er...that's what we use now, but define and external node cannot use together, we want to use external node to manage nodes configuration easily, so that's why i want to change all the define to class ENC doesn't support resources, and defines are custom resources, however we can still support ENC by defining this in an app class: class app { $software ) { app::deploy { $software: } } define app::deploy { app:: add { $name: path = /var/$name } } node some_system { class { app: software = ['app1', 'app2', 'app3'], } } ENC support for parametrized class was added in 2.6.5+. If you need to pass custom parameters to the resource, use a hash or write a wrapper class for create_resource function to handle any complex usage, and that function can be backported from 2.7 to 2.6.x. Thanks, Nan 2011/6/23 Martin Alfke tux...@gmail.com On 06/23/2011 11:52 AM, flex wrote: But i think class is singletons, means when using class you can not get more than one copy of the resource, that's the biggest difference between class and define. Your example give a duplicate definition error in my environment. So is this my fault or there another way? You are right. Using class does not work here. But you can use a define with parameters and call the define with parameters later on: define application::add ($appname) { file { /var/$appname: ensure = directory, } } node 'node1' { application::add { app1: appname = app1 } application::add { app3: appname = app3 } } node 'node2' { application::add { app2: appname = app2 } application::add { anyname: appname = app4 } } When calling the define you just have to make sure that the give name is uniq. 2011/6/23 Martin Alfke tux...@gmail.com mailto:tux...@gmail.com On Jun 23, 7:44 am, Martin Alfke tux...@gmail.com mailto:tux...@gmail.com wrote: On 06/23/2011 04:35 AM, flex wrote: These is another question, i have many defines which will apply an application to sepcified path, called as: application::add { app1: path = /var/app1 } by this i can apply app1 and app2 in node1, app3 and app4 in node2, etc. now, how do i switch this to a class? Need i create a seperate class for all the apps although the only difference is the path? You can make use of parameterized classes: class application::add($appname) { path = '/var/${appname}', ... } Within your node definition you call the class with desired parameter: node 'node1' { class application::add { appname = 'app1' } class application::add { appname = 'app3' } } The mentioned usage of parameterized classes in node definition is wrong. See: http://docs.puppetlabs.com/guides/language_guide.html#parameterised-classes node 'node1' { class { 'application::app': appname = 'app1' } class { 'application::add': appname = 'app3' } } Kind regards, Martin 2011/6/21 Chris Phillips ch...@untrepid.com mailto:ch...@untrepid.com mailto:ch...@untrepid.com mailto:ch...@untrepid.com I would see a principle whereby nodes should not ever be defined within the manifest code at all. To me the manifests should be written to be very generic, and then use ENC's to modify their behaviour at a user level. There is still a lot of inconsistency within Puppet as to how device specific data can be obtained (extlookup is very useful but rides roughshod over other architectural principles) but I try to stick to keeping all manifests generic. I write manifests to manage a package, then create a group in dashboard to relate that function to a business need and then a node into that group. On 21 June 2011 14:48, Martin Willemsma mwillem...@gmail.com mailto:mwillem...@gmail.com mailto:mwillem...@gmail.com mailto:mwillem...@gmail.com wrote: We use /etc/puppet/node-definitions/*.pp in site.pp similar to what Carles is saying. [node-definitions] is a git repo thats being synced on both puppermasters. This happens on every push to origin We use the
[Puppet Users] Puppet Class is applied but is not executed
Hi all, i' am having a strange problem with a puppet class, basically i wrote a small class, no special content (ensure packed is installed). I applied this class to a linuxbox with puppetclient 2.6.4 installed (and working for the other classes). So the problem if I'am forcing now the client to get the new configuration, it does it very well. No error's even with the debug option. In the /var/lib/puppet directory i take a look at the classes.txt and i find the new class inside. So i try to force en error with the class be doing a modifying the class and adding a parser error. Executing again on the linuxbox the puppet command, nothing happens. I would now expect a error. But it looks like puppet just doesn't executed this class. anyone a idea what i'am missing .. ? thanks Christian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Turn off client autoupdate
By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Turn off client autoupdate
By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.6.9 2.7.1 packages for Solaris
I'm not sure what the deal is with sharing the /opt/csw space these days, so I'm afraid I can't comment on whether it will play ball or not. The dependency list isn't so large, so if you've got CSWruby on your machine you may find it all installs correctly. It's your choice I'm afraid Andreas - give it a go? Regards, --Mark On 24 Jun 2011, at 08:47, Andreas Kuntzagk wrote: For whatever reason I'm using the opensource packages from blastwave. AFAIU these are not to be mixed with opencsw. So I can't use your packages? regards, Andreas Mark Phillips wrote: CSW packages in experimental - http://buildfarm.opencsw.org/experimental.html#markp Both contain Dom Cleal's patched pkgutil[1] provider that supports 'source'[2] for -t alternative repositories. --Mark [1] https://github.com/domcleal/puppet/blob/tickets/master/8011/lib/puppet/provider/package/pkgutil.rb [2] http://projects.puppetlabs.com/issues/8011 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Turn off client autoupdate
Hello! By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] implementing a 1-to-many exported resource only once ?
Hello, I would like to know if there is a (sane) way to allow multiple declarations of the same exported resource to result in only one instance of that resource being instantiated on a given node. Allow me to explain : - Node infra includes class syslog::server. - Definition syslog__naglog allows configuration snippets to be added to the syslog configuration. - Many nodes contain class snmpd. - Class snmpd calls definition syslog__naglog as an exported resource in the form @@syslog_naglog, thus there are multiple declarations for this resource across the ecosystem. - Class syslog::server realizes the exported resource in the forst Syslog__naglog ||. Now this will, predictably, result in a cannot override local resource problem. I could fix this by ensuring that each instantiation has a unique name (via $fqdn or some such), however, that would result in each node adding a configuration snippet to the syslog.conf on node infra, which is not in fact what I'm looking for. I'm looking for a way to say to node infra that since class snmpd is out there, somewhere, regardless of how many times, that one (and only one) configuration line should be added to the local syslog config - and I'd like to be able to do this from the snmpd class. I know that I could do it rather simply from class syslog::server (for example), but I'd like it to be dynamic - I'd like other modules to be able to trigger the addition of a given configuration snippet in the syslog config of node infra. Can this be done ? Is this realistic ? Is there another approach that would be better ? I would greatly appreciate any and all commentary. Thank you. -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
jcbollinger wrote: On Jun 24, 3:14 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Hi, I want to automate installation of GridEngine with puppet. GE comes with some prepared script for automatic installation. Unfortunately this is to be run on the GE master to install the executions host (=clients). (This then will run some commands on the exec host via ssh) So from puppet's perspective if an agent on an execution host notices that GE is not installed but should it has to tell the agent on the GE master to run the install script. Is there an easy (puppet) way to do it? My idea is to have the exec host write its name into a file hosts_to_install on a common NFS and have the master check that file. But maybe there are better ways. Does anybody here has some other GE related recipes? Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? The tricky part might be to come up with an 'unless' parameter for it to ensure that the master does not attempt to install the execution host twice. This has the advantage that it does not rely on a shared file or indeed on NFS at all. It does entail a delay between when the execution host's configuration is applied and when GE is actually installed, however. I can live with that delay. The solution I proposed will probably have the same delay - between the puppet run on the exec host and the puppet run on the master. Your idea has merit too. It is certainly possible to use Puppet on the execution hosts to ensure (or not) that some accessible file has a specific line. There is no native resource for this narrow purpose (augeas notwithstanding), but you can find recipes on the PuppetLabs wiki. If you have no other need for exported resources then it may be to your advantage to avoid them. Yeah, I'm aware of addifnosuchline exec's and the like. Thanks, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
Just disable the puppet agent / puppetd (depending on your version) in chkconfig / update-rc.d / etc. Further runs would then be done via ssh, either manually or via a distributed ssh command like ralsh, pdsh, clusterssh, etc. This is what we do at Livemocha; we're actually in the process of switching over to using MCollective to trigger Puppet runs. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 1:47 AM, Sergey V. Arlashin sergey...@gmail.comwrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user= nagios, type= ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/**localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/**idmapd.conf]/content) content changed '{md5}**3e94f238294cc61b047e7ae50115df**fc' to '{md5}** 6d9c69f38eca81ab0f879c2771d5d5**43' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd] **/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd] **) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/* *yp.conf]/ensure) defined content as '{md5}** 9c23d37f431c0788c212d3c0ab8a48**af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_ **if_no_such_line[sudoers_**nagios_smartctl]/Exec[/bin/**echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/* *ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/* *nsswitch.conf]/content) content changed '{md5}** 295c15c4bdac80e50b37689ef08f35**9c' to '{md5}** 250a1851aec43bcc5f73e8a01b2141**bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis] **) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_ **key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@**login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@** googlegroups.com puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/** group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
And how is it possible to connect to puppet client via ssh? I mean I usually issue puppetrun nodename and then puppetmaster connects to puppet client on the client node. What should I do in case of ssh connect? --- WBR, Sergey On Jun 24, 2011, at 6:10 PM, Nathan Clemons wrote: Just disable the puppet agent / puppetd (depending on your version) in chkconfig / update-rc.d / etc. Further runs would then be done via ssh, either manually or via a distributed ssh command like ralsh, pdsh, clusterssh, etc. This is what we do at Livemocha; we're actually in the process of switching over to using MCollective to trigger Puppet runs. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 1:47 AM, Sergey V. Arlashin sergey...@gmail.com wrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] IP address evenness as an identifier
For my puppet-managed servers, I want roughly half to use nameserver1 followed by nameserver2, and the other half to use nameserver2 in preference to nameserver1. The most reliable and simplest way I can think of doing this is to look at the last octet of the IP address, test whether it is even or odd, and apply different nameservers accordingly. Two questions: how would this be easily achieved in a manifest, and is there a better way? :) Cheers, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Daniel Maher wrote: On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote: Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? Exported resources are great fun. :) http://docs.puppetlabs.com/guides/exported_resources.html http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration According to these exported resources are somewhat similar to virtual resources. Problem is until now I cannot wrap my brain arount virtual resources so I don't understand the exported resources examples. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Its just using the Ruby Etc library to do the lookup according to puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a feature request if you want this support. You can work around this by using something like: $username = bob ssh_authorized_key { keyfor-${username}: key = ..., target = /user/home/dirs/${username}/.ssh/authorized_keys, } The issue being you need prior knowledge of path to the key. You can glean this by producing a fact that uses something like 'getent' instead of /etc/passwd - but this is less then optimal. ken. On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote: I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user = nagios, type = ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: howto trigger action on another client
Another mechanism. You can use mcollective and this resource to trigger mco calls inside puppet: https://github.com/ripienaar/puppet-mcollective The resource acts like an exec ... and can be refreshed and notified. For example: file {/tmp/foo1: # content = foo, content = inline_template(%= Time.now %), notify = Mcollective[test1], } mcollective {test1: agent = service, action = restart, arguments = { service = rsyslog, }, identity_filter = [puppet1], disctimeout = 3, timeout = 10, refreshonly = true, } Just make an mcollective plugin for adding new clients on your master and trigger it this way. ken. On Fri, Jun 24, 2011 at 3:18 PM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Daniel Maher wrote: On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote: Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? Exported resources are great fun. :) http://docs.puppetlabs.com/guides/exported_resources.html http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration According to these exported resources are somewhat similar to virtual resources. Problem is until now I cannot wrap my brain arount virtual resources so I don't understand the exported resources examples. regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
I concur. Using mcollective to trigger Puppet is sweet. ken. On Fri, Jun 24, 2011 at 3:31 PM, Daniel Maher dma...@milestonelab.com wrote: On 06/24/2011 04:10 PM, Nathan Clemons wrote: This is what we do at Livemocha; we're actually in the process of switching over to using MCollective to trigger Puppet runs. By way of a vote of confidence, we made the switch to MC-triggered Puppet runs a few months ago and have been very happy with the result. Implementing Puppet Commander[1] in order to manage the trigger events was about as straightforward as it gets ! [1] http://projects.puppetlabs.com/projects/mcollective-plugins/wiki/ToolPuppetcommander -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. » -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ssh_authorized_key and NIS user
Ken Barber wrote: Its just using the Ruby Etc library to do the lookup according to puppet/util/posix.rb. Which won't match NIS accounts. So I'd raise a feature request if you want this support. its #8081 You can work around this by using something like: $username = bob ssh_authorized_key { keyfor-${username}: key = ..., target = /user/home/dirs/${username}/.ssh/authorized_keys, } Will look into this. The issue being you need prior knowledge of path to the key. For my simple usecase this is not a problem. (At least atm. I don't see one.) Thanks, Andreas glean this by producing a fact that uses something like 'getent' instead of /etc/passwd - but this is less then optimal. ken. On Fri, Jun 24, 2011 at 3:13 PM, Nathan Clemons nat...@livemocha.com wrote: I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 6:41 AM, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I'm wondering if my description was not clear enough or nobody knows an answer to this. Did I stumble across a bug here and should open a ticket? regards, Andreas Andreas Kuntzagk wrote: Hi, I have this resource definition: ssh_authorized_key { nagios@login2: key = [REDACTED] user= nagios, type= ssh-dss, require = Service['nis'], } This nagios user comes from NIS, yp.conf and nsswitch.conf are handled by puppet and configured before the key. I still get an User does not exist. daemon.log: ... Jun 17 14:00:57 node016 puppet-agent[1109]: (/Stage[main]/All/File[/localhome/nagios/]/ensure) created Jun 17 14:12:53 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[root@node002]/ensure) created Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//File[/etc/idmapd.conf]/content) content changed '{md5}3e94f238294cc61b047e7ae50115dffc' to '{md5}6d9c69f38eca81ab0f879c2771d5d543' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]/ensure) ensure changed 'stopped' to 'running' Jun 17 14:15:14 node016 puppet-agent[1109]: (/Stage[main]//Service[idmapd]) Triggered 'refresh' from 1 events Jun 17 14:15:41 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/yp.conf]/ensure) defined content as '{md5}9c23d37f431c0788c212d3c0ab8a48af' Jun 17 14:15:58 node016 puppet-agent[1109]: (/Stage[main]/All/All::Append_if_no_such_line[sudoers_nagios_smartctl]/Exec[/bin/echo 'nagios ALL=(root) NOPASSWD: /usr/sbin/smartctl' '/etc/sudoers']/returns) executed su ccessfully Jun 17 14:17:03 node016 puppet-agent[1109]: (/Stage[main]//Package[nis]/ensure) ensure changed 'purged' to 'latest' Jun 17 14:17:39 node016 puppet-agent[1109]: (/Stage[main]/All/File[/etc/nsswitch.conf]/content) content changed '{md5}295c15c4bdac80e50b37689ef08f359c' to '{md5}250a1851aec43bcc5f73e8a01b2141bd' Jun 17 14:17:43 node016 puppet-agent[1109]: (/Stage[main]/All/Service[nis]) Triggered 'refresh' from 4 events Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]/ensure) created Jun 17 14:17:50 node016 puppet-agent[1109]: (/Stage[main]//Ssh_authorized_key[nagios@login2]) Could not evaluate: User 'nagios' does not exist Jun 17 14:18:06 node016 puppet-agent[1109]: (/Whit[last]) Dependency Ssh_authorized_key[nagios@login2] has failures: true ... This is Ubuntu 10.04 with puppet 2.6.8 regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] IP address evenness as an identifier
On Jun 24, 2011, at 7:15 AM, Jonathan Gazeley wrote: For my puppet-managed servers, I want roughly half to use nameserver1 followed by nameserver2, and the other half to use nameserver2 in preference to nameserver1. The most reliable and simplest way I can think of doing this is to look at the last octet of the IP address, test whether it is even or odd, and apply different nameservers accordingly. Two questions: how would this be easily achieved in a manifest, and is there a better way? :) I would probably create a custom fact for this IP_ADDR=192.168.10.21 y=#{IP_ADDR}.split('.')[3].to_i).divmod(2)[1] puts y something like... $resolv.conf_pool = resolv.conf-pool-A #{IP_ADDR}.split('.')[3].to_i).divmod(2)[1] == 0 ? resolv.conf-pool-A : resolv.conf-pool-B and then 'source' the actual resolv.conf file per pool-A or pool-B result Should be relatively easy to create. -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package pre-requisites prior to file exec
On Jun 23, 2011, at 6:17 PM, Nigel Kersten wrote: On Thu, Jun 23, 2011 at 4:07 PM, Craig White craig.wh...@ttiltd.com wrote: class nginx::install { $prerequisites = [ build-essential, libcurl4-openssl-dev, libssl-dev, zlib1g-dev ] case $operatingsystem { centos, redhat: { } debian, ubuntu: { package { $prerequisites : ensure = installed : ensure = present { exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, } } file {/etc/init.d/nginx: source = puppet:///modules/nginx/nginx-initd, owner = root, group = root, mode= 755, require = Class[nginx::install], notify = Class[nginx::service], } } } } } The above has a syntax error on line 7 and the catalog won't build but essentially I want to 'ensure' that the pre-requsite packages are installed prior to attempting to execute the command (because if the pre-requisites aren't there, the command will fail). That definitely won't compile :) You should be able to just declare the exec and package(s) resources separately and define a relationship, like: exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, require = Package[$prerequisites], } That last line should work for you. Otherwise you could define it the opposite way around: package { $prerequisites: ensure = installed, before = Exec[Installing nginx via passenger], } Both those methods should work, but I have a vague memory of the first method failing in a point release or two. What version of Puppet are you running? You may have a much clearer way of expressing the conditional you're using than the somewhat messy case statement you're using at the moment. puppet 2.6.8 Your first example would necessitate creating installation class for those pre-requisite packages which I was hoping to just slide by without doing. In fact, my way that I did it sort of worked with a little tweaking but it seemed to try to install nginx before the pre-requisite packages so the first tine through, it would time out on the command but load the pre-requisite packages afterwards and then the second time through, it would install via the command which was messy. this is where I am at at the moment... class nginx::install { case $operatingsystem { centos, redhat: { } debian, ubuntu: { exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, require = Class[gems::passenger, nginx::prerequisites] } } } } and still the 'require' doesn't seem to be executed prior to evaluating the 'command' to exec - which still gives me issues. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
Under 0.25, we do puppet --onetime --no-daemonize. I'm not sure if that syntax changed in 2.6.x and above. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 7:14 AM, sergey sergey...@gmail.com wrote: And how is it possible to connect to puppet client via ssh? I mean I usually issue puppetrun nodename and then puppetmaster connects to puppet client on the client node. What should I do in case of ssh connect? --- WBR, Sergey On Jun 24, 2011, at 6:10 PM, Nathan Clemons wrote: Just disable the puppet agent / puppetd (depending on your version) in chkconfig / update-rc.d / etc. Further runs would then be done via ssh, either manually or via a distributed ssh command like ralsh, pdsh, clusterssh, etc. This is what we do at Livemocha; we're actually in the process of switching over to using MCollective to trigger Puppet runs. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 1:47 AM, Sergey V. Arlashin sergey...@gmail.comwrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package pre-requisites prior to file exec
Nevermind... under control - thanks for the fish Craig On Jun 24, 2011, at 9:26 AM, Craig White wrote: On Jun 23, 2011, at 6:17 PM, Nigel Kersten wrote: On Thu, Jun 23, 2011 at 4:07 PM, Craig White craig.wh...@ttiltd.com wrote: class nginx::install { $prerequisites = [ build-essential, libcurl4-openssl-dev, libssl-dev, zlib1g-dev ] case $operatingsystem { centos, redhat: { } debian, ubuntu: { package { $prerequisites : ensure = installed : ensure = present { exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, } } file {/etc/init.d/nginx: source = puppet:///modules/nginx/nginx-initd, owner = root, group = root, mode= 755, require = Class[nginx::install], notify = Class[nginx::service], } } } } } The above has a syntax error on line 7 and the catalog won't build but essentially I want to 'ensure' that the pre-requsite packages are installed prior to attempting to execute the command (because if the pre-requisites aren't there, the command will fail). That definitely won't compile :) You should be able to just declare the exec and package(s) resources separately and define a relationship, like: exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, require = Package[$prerequisites], } That last line should work for you. Otherwise you could define it the opposite way around: package { $prerequisites: ensure = installed, before = Exec[Installing nginx via passenger], } Both those methods should work, but I have a vague memory of the first method failing in a point release or two. What version of Puppet are you running? You may have a much clearer way of expressing the conditional you're using than the somewhat messy case statement you're using at the moment. puppet 2.6.8 Your first example would necessitate creating installation class for those pre-requisite packages which I was hoping to just slide by without doing. In fact, my way that I did it sort of worked with a little tweaking but it seemed to try to install nginx before the pre-requisite packages so the first tine through, it would time out on the command but load the pre-requisite packages afterwards and then the second time through, it would install via the command which was messy. this is where I am at at the moment... class nginx::install { case $operatingsystem { centos, redhat: { } debian, ubuntu: { exec { Installing nginx via passenger: path= /bin:/usr/bin, environment = HOME=/root, command = passenger-install-nginx-module --auto-download --auto, user= root, group = root, unless = ls -l /opt | grep nginx, logoutput = on_failure, require = Class[gems::passenger, nginx::prerequisites] } } } } and still the 'require' doesn't seem to be executed prior to evaluating the 'command' to exec - which still gives me issues. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package pre-requisites prior to file exec
On Fri, Jun 24, 2011 at 10:38 AM, Craig White craig.wh...@ttiltd.com wrote: Nevermind... under control - thanks for the fish Heh. Great timing, I was just typing up a reply. Craig, I'd appreciate it if we could try and work out what led you down the wrong path in terms of syntax so we can try to make sure it doesn't happen for other people learning Puppet in the future. I'd be more than happy to have an off-list chat if needed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
Ok, here's the report processor to send events to Zenoss, based off James' Zendesk module. https://github.com/donjohnson/puppet-zenoss -Don Release Engineer / Toolsmith, VerticalResponse On Wed, Jun 8, 2011 at 6:09 PM, Don auder...@gmail.com wrote: Thanks for the help off-list, James. here's the stub I'm using to check if the log is error-ful, inside of process(): def process failure = false #iterate through each log object and look for failures self.logs.each do |log| if log.level.to_s == 'err' || 'alert' || 'emerg' || 'crit' failure = true end end if failure Puppet.debug Creating Zenoss event for failed run on #{self.host}. ### This definitely costs a few more cycles than with 2.6.5+. I'll publish the rest of the Zenoss processor on github tomorrow or Friday. -Don On Wed, Jun 8, 2011 at 5:23 PM, James Turnbull ja...@puppetlabs.com wrote: Don wrote: I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? The issue is that status is only available in the V2 report format in Puppet 2.6.5 and onwards. Before this you need to check for err tags to find failed runs. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Turn off client autoupdate
On Jun 24, 9:14 am, sergey sergey...@gmail.com wrote: And how is it possible to connect to puppet client via ssh? I mean I usually issue puppetrun nodename and then puppetmaster connects to puppet client on the client node. What should I do in case of ssh connect? One does not connect to the puppet client *software*; rather, one connectes to the puppet client *machine*. The software (puppetd or puppet agent, depending on the version) is after all not running as a daemon. Once connected, you execute a command such as puppet agent -- onetime --no-daemonize. If you wish to use it, command-line ssh clients typically provide a means to specify a command to run on the remote machine instead of a login shell (e.g. puppet agent [...]); this is convenient for scripting. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Turn off client autoupdate
Thank you! --- WBR, Sergey On Jun 24, 2011, at 10:29 PM, jcbollinger wrote: you wish to use it, command-line ssh clients typically provide a means to specify a command to run on the remote machine instead of a login shell (e.g. puppet agent [...]); this is convenient for scripting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package pre-requisites prior to file exec
On Jun 24, 2011, at 10:42 AM, Nigel Kersten wrote: On Fri, Jun 24, 2011 at 10:38 AM, Craig White craig.wh...@ttiltd.com wrote: Nevermind... under control - thanks for the fish Heh. Great timing, I was just typing up a reply. Craig, I'd appreciate it if we could try and work out what led you down the wrong path in terms of syntax so we can try to make sure it doesn't happen for other people learning Puppet in the future. I'd be more than happy to have an off-list chat if needed. I don't think anything is wrong with the documentation - I probably bit off a very complicated use case before I had my understanding up to speed. This has taught me much though. I am trying to make apache co-exist with nginx which is difficult enough (managing ports, virtual host conf) but we are also using gems for things like nginx which add to the complexity. I suspect that some may be interested in what I finally work out (and I'm maybe another 4-6 hours away from completing this). What I didn't realize was that in my process of flailing for answers, I failed to preserve an intermediate configuration that semi-worked and so I reverted to the file that I posted to the list yesterday which failed to account for ruby being in /usr/local (ruby-enterprise) and so I was getting failures because it couldn't find the command. This was clearly my issue and it had me going for a while. Anyway, I've only been at this since Monday and I am quite pleased. I have managed to add some custom 'facts', get some pretty complicated chaining of package installations, work through some reasonably sophisticated templates so that things like apache nginx config files, sysv initscripts, virtual hosts are all delivered with a high enough level of flexibility for mods, rewrite rules, etc. for each vhost. Thanks again Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: IP address evenness as an identifier
On Jun 24, 9:15 am, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: For my puppet-managed servers, I want roughly half to use nameserver1 followed by nameserver2, and the other half to use nameserver2 in preference to nameserver1. The most reliable and simplest way I can think of doing this is to look at the last octet of the IP address, test whether it is even or odd, and apply different nameservers accordingly. Two questions: how would this be easily achieved in a manifest, and is there a better way? :) If your name resolver supports it then you could put options rotate into every /etc/resolv.conf (or add 'rotate' to the existing options) so that all hosts alternate which name server they query first. If that works for you at all then it should do a better job of spreading out the name service load than would tweaking the name server listing order on some of your machines. It's also a lot easier to code in your manifests. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Puppet report processors...
I'm psyched... I think I have my boss almost ready to implement Zenoss and still only see small benefits to using Dashboard. Craig On Jun 24, 2011, at 10:53 AM, Don wrote: Ok, here's the report processor to send events to Zenoss, based off James' Zendesk module. https://github.com/donjohnson/puppet-zenoss -Don Release Engineer / Toolsmith, VerticalResponse On Wed, Jun 8, 2011 at 6:09 PM, Don auder...@gmail.com wrote: Thanks for the help off-list, James. here's the stub I'm using to check if the log is error-ful, inside of process(): def process failure = false #iterate through each log object and look for failures self.logs.each do |log| if log.level.to_s == 'err' || 'alert' || 'emerg' || 'crit' failure = true end end if failure Puppet.debug Creating Zenoss event for failed run on #{self.host}. ### This definitely costs a few more cycles than with 2.6.5+. I'll publish the rest of the Zenoss processor on github tomorrow or Friday. -Don On Wed, Jun 8, 2011 at 5:23 PM, James Turnbull ja...@puppetlabs.com wrote: Don wrote: I'm running 2.6.4 on the master client. pluginsync is true on both, and reports = zenoss only on the master for this test. Why is self.status not working in this case? The issue is that status is only available in the V2 report format in Puppet 2.6.5 and onwards. Before this you need to check for err tags to find failed runs. Regards James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
On Fri, 24 Jun 2011 01:47:56 -0700, Sergey V. Arlashin wrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey You'd probably be interested in #4411[1] and #3313[2]. Specifically, it looks like the way you should be able to do this is by specifying listen=true and client=false, but there appears to be a bug with the agent that makes client=false not actually work, but (--no-client on the command line does work). :-/ [1] http://projects.puppetlabs.com/issues/4411 [2] http://projects.puppetlabs.com/issues/3313 -- Jacob Helwig signature.asc Description: Digital signature
[Puppet Users] Enable yum repositories as needed
Hi All, I'm new to puppet and I'm having some difficulty enabling and disabling yum repositories on an as needed basis and I was wondering if you all might be able to provide me with some assistance. I've been able to get puppet to configure a yum repository, I'm going to use EPEL as an example here but I'd like it for all, by creating a class called epel.pp containing class epel { yumrepo { epel: descr = Extra Packages for Enterprise Linux \$releasever - \$basearch, baseurl = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/\$releasever/\$basearch;, gpgcheck = 1, gpgkey = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/RPM-GPG-KEY-EPEL;, enabled=0 } } and it does create and populate the /etc/yum.repos.d/epel.repo file with this information. Now I want to be able to install ganglia-gmond automatically from this repository but I can't figure out how to enable and disable the repo afterwards? Can anyone please provide an example of how something like this may be accomplished? -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices http://blogs.sfu.ca/people/jpeltier -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ssh_authorized_key and NIS user
On Jun 24, 9:13 am, Nathan Clemons nat...@livemocha.com wrote: I'm wondering if the User provider has the capability to look up accounts via NIS. It's been a long time since I've used NIS, however, so I don't know if this is the problem for sure. The default provider for RedHat / Fedora / CentOS does not recognize NIS users. I don't know about other providers, but I suspect that most don't recognize them. I use a custom provider here that assumes the compat scheme for specifying NIS users in /etc/passwd. If you're using NIS the other (default) way then no User provider can manage NIS users because there is no local representation to manage. With that said, it's not obvious that any User provider is involved at all. A provider would come into the mix if you were managing the nagios user itself, but it doesn't look like you're doing that. Perhaps since user 'nagios' is unmanaged, however, Ssh_authorized_key is using the default User provider to check for its existence. That's not exactly right, but I can't think of anything better. If it is a provider issue and you're using NIS in the default manner, then you could perhaps write a simple(-ish) povider that enumerates existing users without any ability to modify them or create new ones. You would then add this to your manifest: user { nagios: provider = nisuser, ensure = present, before = Ssh_authorized_key [ nagios@login2 ] } That's a significant amount of work, however, especially given that it is not clear whether it would actually solve the problem. But if you've been itching to try creating a custom provider then here's an excuse. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] could not find dependency Class
err: Could not run Puppet configuration client: Could not find dependency Class[Nginx::Install] for File[/opt/nginx/nginx.conf] at /etc/puppet/modules/nginx/manifests/configure.pp:24 perhaps this is because this is coming not from a class but from a define... # pwd /etc/puppet/modules/nginx/manifests # cat init.pp class nginx { include nginx::install, nginx::service, nginx::prerequisites } # cat configure.pp define nginx::configure( $ip=*, $port=80, $ssl=false, $ssl_certificate=cert.pem, $ssl_certificate_key=cert.key, $ssl_session_timeout=5m, $ssl_protocols=SSLv2 SSLv3 TLSv1, $ssl_ciphers=ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP, $ssl_prefer_server_ciphers=on, $template_conf='nginx/nginx.conf.erb') { case $operatingsystem { centos, redhat: { } debian, ubuntu: { file {/opt/nginx/nginx.conf: content = template($template_conf), owner = root, group = root, mode= 644, require = Class[nginx::install], notify = Class[nginx::service], } } } } and it errors on 'require' and on 'notify' Class... do I have to somehow declare this to be a class in order to reference another class? -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you! This is what I was looking for :) --no-client DOES work. P.S. I should have read man puppetd before sending this message. :) On Jun 24, 2011, at 10:39 PM, Jacob Helwig wrote: On Fri, 24 Jun 2011 01:47:56 -0700, Sergey V. Arlashin wrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey You'd probably be interested in #4411[1] and #3313[2]. Specifically, it looks like the way you should be able to do this is by specifying listen=true and client=false, but there appears to be a bug with the agent that makes client=false not actually work, but (--no-client on the command line does work). :-/ [1] http://projects.puppetlabs.com/issues/4411 [2] http://projects.puppetlabs.com/issues/3313 -- Jacob Helwig -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJOBOMiAAoJEPQ905NMSvKrpLsIAMD/sUsdJDCOW9L0WGXKjLFz BQ9OFmReZx2MSDtXpgzhioOsJ0lMBeTlQ0RWEv5oEtz7senIwbWSyW9hGzHgpujW nm0ZLk7bURW7Fn0z8zVw7ueS70RnMgq0MTeLNSQBZk/dCjBDxu72HSg2O9jAxW8x z49AZVT9TWNjSMIaihF4V5GpbxdAKRb7iqbbNEJAYHRiGodgwjwJywQl8JWRBTg3 1dLzlAr24bzxusApMMNf+7aYPgYQSzyp2jfIpgx3HEp0D3tO3Wv4dmYqUf8YFWG7 Q+uYjnq+PiYeSNxTF2w/F9D5XU5wEbgnnV0r5TrLws5KsKrl4VZ3q4JEmPh0Zzg= =nyL2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Enable yum repositories as needed
On Jun 24, 2011, at 11:48 AM, James A. Peltier wrote: Hi All, I'm new to puppet and I'm having some difficulty enabling and disabling yum repositories on an as needed basis and I was wondering if you all might be able to provide me with some assistance. I've been able to get puppet to configure a yum repository, I'm going to use EPEL as an example here but I'd like it for all, by creating a class called epel.pp containing class epel { yumrepo { epel: descr = Extra Packages for Enterprise Linux \$releasever - \$basearch, baseurl = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/\$releasever/\$basearch;, gpgcheck = 1, gpgkey = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/RPM-GPG-KEY-EPEL;, enabled=0 } } and it does create and populate the /etc/yum.repos.d/epel.repo file with this information. Now I want to be able to install ganglia-gmond automatically from this repository but I can't figure out how to enable and disable the repo afterwards? Can anyone please provide an example of how something like this may be accomplished? I've been at this for less than a week and primarily concentrating on ubuntu, not RHEL/CentOS so take this with a grain of salt You have to be careful when installing packages from another repo but generally, you just keep the EPEL repo disabled and instead of using the built-in package command, you would want to 'exec' something like... exec('/usr/bin/yum --enablerepo=epel install -y ganglia-gmond') and I would also note that you have to ensure that the rpm-gpg key is installed for the epel repo BEFORE that command is executed - I believe you already provided the gpg-key URL to us. something like this should work (adapt for rpm/yum and note that rpm stores keys in /etc/pki/rpm-gpg)... class apt { package { apt: ensure = installed, } file{/etc/apt/sources.list: ensure = present, owner = root, group = root, mode= 0444, content = template(apt/sources.list.erb), require = Package[apt], } exec{/usr/bin/apt-get update: refreshonly = true, subscribe = File[/etc/apt/sources.list], require = File[/etc/apt/sources.list], } # MongoDB Key apt::key { 7F0CEB10: keyid = 7F0CEB10, ensure = present, } } define apt::key($keyid, $ensure, $keyserver = keyserver.ubuntu.com) { case $ensure { present: { exec { Import $keyid to apt keystore: path= /bin:/usr/bin, environment = HOME=/root, command = gpg --keyserver $keyserver --recv-keys $keyid gpg --export --armor $keyid | apt-key add -, user= root, group = root, unless = apt-key list | grep $keyid, logoutput = on_failure, } } absent: { exec { Remove $keyid from apt keystore: path= /bin:/usr/bin, environment = HOME=/root, command = apt-key del $keyid, user= root, group = root, onlyif = apt-key list | grep $keyid, } } default: { fail Invalid 'ensure' value '$ensure' for apt::key } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Enable yum repositories as needed
There's an open bug concerning this very issue, in regards to being able to specify which repos to use when installing an rpm using the package resource. http://projects.puppetlabs.com/issues/2247 -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 12:27 PM, Craig White craig.wh...@ttiltd.comwrote: On Jun 24, 2011, at 11:48 AM, James A. Peltier wrote: Hi All, I'm new to puppet and I'm having some difficulty enabling and disabling yum repositories on an as needed basis and I was wondering if you all might be able to provide me with some assistance. I've been able to get puppet to configure a yum repository, I'm going to use EPEL as an example here but I'd like it for all, by creating a class called epel.pp containing class epel { yumrepo { epel: descr = Extra Packages for Enterprise Linux \$releasever - \$basearch, baseurl = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/\$releasever/\$basearch;, gpgcheck = 1, gpgkey = http://mirror.its.sfu.ca/mirror/CentOS-Third-Party/epel/RPM-GPG-KEY-EPEL;, enabled=0 } } and it does create and populate the /etc/yum.repos.d/epel.repo file with this information. Now I want to be able to install ganglia-gmond automatically from this repository but I can't figure out how to enable and disable the repo afterwards? Can anyone please provide an example of how something like this may be accomplished? I've been at this for less than a week and primarily concentrating on ubuntu, not RHEL/CentOS so take this with a grain of salt You have to be careful when installing packages from another repo but generally, you just keep the EPEL repo disabled and instead of using the built-in package command, you would want to 'exec' something like... exec('/usr/bin/yum --enablerepo=epel install -y ganglia-gmond') and I would also note that you have to ensure that the rpm-gpg key is installed for the epel repo BEFORE that command is executed - I believe you already provided the gpg-key URL to us. something like this should work (adapt for rpm/yum and note that rpm stores keys in /etc/pki/rpm-gpg)... class apt { package { apt: ensure = installed, } file{/etc/apt/sources.list: ensure = present, owner = root, group = root, mode= 0444, content = template(apt/sources.list.erb), require = Package[apt], } exec{/usr/bin/apt-get update: refreshonly = true, subscribe = File[/etc/apt/sources.list], require = File[/etc/apt/sources.list], } # MongoDB Key apt::key { 7F0CEB10: keyid = 7F0CEB10, ensure = present, } } define apt::key($keyid, $ensure, $keyserver = keyserver.ubuntu.com) { case $ensure { present: { exec { Import $keyid to apt keystore: path= /bin:/usr/bin, environment = HOME=/root, command = gpg --keyserver $keyserver --recv-keys $keyid gpg --export --armor $keyid | apt-key add -, user= root, group = root, unless = apt-key list | grep $keyid, logoutput = on_failure, } } absent: { exec { Remove $keyid from apt keystore: path= /bin:/usr/bin, environment = HOME=/root, command = apt-key del $keyid, user= root, group = root, onlyif = apt-key list | grep $keyid, } } default: { fail Invalid 'ensure' value '$ensure' for apt::key } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: howto trigger action on another client
On Jun 24, 9:18 am, Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: Daniel Maher wrote: On 06/24/2011 03:39 PM, Andreas Kuntzagk wrote: Exported resources are the Puppet means for one node to provide resources for another. In this case, the execution host could export an Exec resource for the master to collect and apply. Hmm, in the (very short) time I've been working with puppet I have not stumbled across exported resources. Any pointer where I should start reading? Exported resources are great fun. :) http://docs.puppetlabs.com/guides/exported_resources.html http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configura... According to these exported resources are somewhat similar to virtual resources. Problem is until now I cannot wrap my brain arount virtual resources so I don't understand the exported resources examples. Exported resources are an extended version of virtual resources. It took me a while to catch on to virtual resources, too, but once I got it I realized how useful they are. I'll attempt to explain: Normal resource declarations have two key aspects. First, they describe a resource, and second, by their presence in a manifest they indicate that that resource should be managed. For example, user { john: ensure = absent } describes a User resource whose username is john, and if it is present in a node's manifest then that tells Puppet that the matching user should be managed on that node -- in this case, User john must be ensured absent from the node. Virtual resources separate those key aspects. They allow a resource to be declared (described) without specifying whether that resource should be managed. For example, @user { john: ensure = absent } describes a User resource whose username is john, but by itself it does not direct the Puppet agent to do anything about that user. Elsewhere in the manifest, however, that user can be realized to indicate to Puppet that yes, User [john] should indeed be managed (in this example, poor john would then again be ensured absent). Virtual resources that are not realized for a particular node have no effect on that node. There are at least two ways in which this is useful: 1) If there are resources that must be managed only on some nodes, then it can be clean and convenient to declare them virtually, all in one place, for all nodes, and then realize just the needed ones on each node. This is a good alternative to bracketing each resource with a complicated conditional statement. 2) Although resources, including virtual ones, can only be *declared* once, virtual resources can be *realized* any number of times. For instance, if you had several different classes that wanted to drop files in /etc/cron.d/, then they might all want to ensure that that directory is present. They can't all declare it, else the declarations would collide. One possibility would be to declare it virtually, and let all the classes realize it. (Another would be to declare it concretely in a separate class, and have the other classes each include that class.) Exported resources are much like virtual ones. The main difference is that exported resources can be collected by any node, not just the node that declares them. For example, suppose you want all your nodes to be listed in each other's /etc/hosts file. Each node knows its own name and IP address (suppose for simplicity that it has only one), but it doesn't a priori know the others'. You can do this: # Export a Host resource describing this node: @@host { $fqdn: ip = $ipaddress, host_aliases = $hostname, ensure = present } # Collect all nodes' exported Host resources # (including this node's) Host | | One of the major drawbacks of exported resources is that they require persistent storage. Puppet uses a database for that, which is a bit heavy. That's one reason why exported resources may not be worth the trouble if this is your only use for them. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Package pre-requisites prior to file exec
On Fri, Jun 24, 2011 at 11:33 AM, Craig White craig.wh...@ttiltd.com wrote: Anyway, I've only been at this since Monday and I am quite pleased. I have managed to add some custom 'facts', get some pretty complicated chaining of package installations, work through some reasonably sophisticated templates so that things like apache nginx config files, sysv initscripts, virtual hosts are all delivered with a high enough level of flexibility for mods, rewrite rules, etc. for each vhost. That's really quite awesome progress for a couple of days work Craig. Well done! Glad to hear the docs weren't a big problem, but it does feel like there's something here that could maybe have been called out in a more obvious manner in the docs. -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: implementing a 1-to-many exported resource only once ?
On Jun 24, 7:53 am, Daniel Maher dma...@milestonelab.com wrote: Hello, I would like to know if there is a (sane) way to allow multiple declarations of the same exported resource to result in only one instance of that resource being instantiated on a given node. No. In fact, it is not sane for multiple nodes to export the same resource in the first place. Allow me to explain : - Node infra includes class syslog::server. - Definition syslog__naglog allows configuration snippets to be added to the syslog configuration. - Many nodes contain class snmpd. - Class snmpd calls definition syslog__naglog as an exported resource in the form @@syslog_naglog, thus there are multiple declarations for this resource across the ecosystem. - Class syslog::server realizes the exported resource in the forst Syslog__naglog ||. Now this will, predictably, result in a cannot override local resource problem. I could fix this by ensuring that each instantiation has a unique name (via $fqdn or some such), however, that would result in each node adding a configuration snippet to the syslog.conf on node infra, which is not in fact what I'm looking for. I'm looking for a way to say to node infra that since class snmpd is out there, somewhere, regardless of how many times, that one (and only one) configuration line should be added to the local syslog config - and I'd like to be able to do this from the snmpd class. I'm confused here. If all the exports of syslog_naglog are the same, then why do you need to export it at all? There can't be anything node-specific in it (else the exports wouldn't be the same), so any node that wants it should be able to declare it for itself. Alternatively, if the exported resources do have node-specific bits in them, then how do you suppose Puppet would know which one to collect? I know that I could do it rather simply from class syslog::server (for example), but I'd like it to be dynamic - I'd like other modules to be able to trigger the addition of a given configuration snippet in the syslog config of node infra. Other modules or other nodes? Can this be done ? Is this realistic ? Is there another approach that would be better ? I would greatly appreciate any and all commentary. Would it be an issue for node infra to have Syslog_naglog when in fact no nodes have class snmpd? If not, then skip all the exported resource stuff and just have infra declare Syslog_naglog locally. If so, then consider what would happen if all the nodes that once had class snmpd were removed from service. Syslog_naglog might no longer be exported (if you clean the storeconfig database), but unless you've been very clever, the corresponding line will remain in infra's syslog configuration, only unmanaged. (How to avoid that is left as an exercise for the reader.) If you're not being clever enough to get rid of the syslog line dynamically in the event that all the snmpd servers go away, then it's silly to struggle over inserting it dynamically only when there are snmpd servers around. There's a point where elegance -- if that's what it is -- must give way to pragmatism. I bet you've already spent more time on the problem than a solution would ever have saved you. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: error with puppet
On Jun 24, 3:30 am, Neelam ajender.nee...@gmail.com wrote: err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run my hostnames are correct i can ping one from another using the hostname which i set in /etc/host how do i resolve this The certificate your server presented to authenticate itself to the client bore a different name than the one the client used to contact the server. For instance, your client may have contacted it as puppet.superawesome.com, but the certificate it presented was issued to master.superawesome.com. The easiest thing to do would be to contact the server via the name used in its certificate. You can test this via puppet agent --onetime --no-daemonize --server=master's cert name Having determined that it works, update your client's /etc/puppet/ puppet.conf by setting server=master's cert name John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Class is applied but is not executed
On Jun 24, 7:33 am, christian huber christian.hu...@triphase.ch wrote: Hi all, i' am having a strange problem with a puppet class, basically i wrote a small class, no special content (ensure packed is installed). I applied this class to a linuxbox with puppetclient 2.6.4 installed (and working for the other classes). So the problem if I'am forcing now the client to get the new configuration, it does it very well. No error's even with the debug option. In the /var/lib/puppet directory i take a look at the classes.txt and i find the new class inside. So i try to force en error with the class be doing a modifying the class and adding a parser error. Executing again on the linuxbox the puppet command, nothing happens. I would now expect a error. But it looks like puppet just doesn't executed this class. anyone a idea what i'am missing .. ? You might be missing a message that Puppet is applying a cached catalog because the master failed to compile a new one; that's normally what happens when there is a syntax error in a node's manifests. We're missing all details of Puppet's output, whether to the console or to the system logs. Also the contents of the manifests involved and the command you used to run Puppet. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Turn off client autoupdate
Hi, You're looking for something like this. http://docs.puppetlabs.com/mcollective/index.html On 24/06/2011, at 8:07, sergey sergey...@gmail.com wrote: By default puppet node connects to server periodically and looks if there is something execute. I'm wondering is it possible to make puppet clients not connect to server themselves? So that it would be possible to update a node only with puppetrun nodename. --- WBR, Sergey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom facts - chicken or the egg
Perhaps my logic isn't that good here and I shouldn't be using a custom fact at all but what I am trying to do is ascertain which version of the passenger gem is actually installed because I need to reference it in various places in apache nginx configuration (the specific location of the passenger binary). but my erb fails because the fact $passenger_version hasn't been created yet. so I tried... file {/etc/apache2/mods-enabled/passenger.load: ... snip ... require = Facter[datacenter], } and in /etc/puppet/modules/custom/lib/facter/datacenter.rb I have Facter.add(datacenter) do setcode do datacenter = unknown # Get current ip address from Facter's own database ipaddr = Facter.value(:ipaddress) ... snip ... datacenter end end # # Provide an additional 'passenger_version' fact # to use in apache nginx modules # Facter.add(passenger_version) do setcode do passenger_version = unknown exec('/usr/local/bin/passenger --version /tmp/passenger_version') passenger_version = File.open('/tmp/passenger_version', :readline).chomp.split(' ').last passenger_version end end but it never seems to add the 'passenger_version' fact 1. How can I make sure that the fact is ascertained before the template file is parsed? 2. If I am setting up a new system, passenger won't be installed until some point in the declarative process and at that point, how would I ensure that the fact is ascertained? Thanks -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Different users within same exec
I have the following exec in my manifest : exec { some_exec: path = [ /bin,/usr/bin,/usr/local/bin ], command = EXECUTE COMMAND 1, onlyif = EXECUTE COMMAND 2, logoutput = on_failure } I want that the COMMAND 1 should be executed by USER 1 and COMMAND 2 should be executed by USER 2. Is there a way to do it ? I tried giving the users parameter, but that seems to apply to both the commands. Thanks in advance, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom facts - chicken or the egg
Hi, What I do is a little different for zmanda. I have a fact that looks for a local release file that contains the version number installed. If that file doesn't exist then it returns 0.0.0. The version file is created after the successful install. I thought the gem provider was anyway? Can't you pass the version in the package declaration? Cheers, Den On 25/06/2011, at 8:12, Craig White craig.wh...@ttiltd.com wrote: Perhaps my logic isn't that good here and I shouldn't be using a custom fact at all but what I am trying to do is ascertain which version of the passenger gem is actually installed because I need to reference it in various places in apache nginx configuration (the specific location of the passenger binary). but my erb fails because the fact $passenger_version hasn't been created yet. so I tried... file {/etc/apache2/mods-enabled/passenger.load: ... snip ... require = Facter[datacenter], } and in /etc/puppet/modules/custom/lib/facter/datacenter.rb I have Facter.add(datacenter) do setcode do datacenter = unknown # Get current ip address from Facter's own database ipaddr = Facter.value(:ipaddress) ... snip ... datacenter end end # # Provide an additional 'passenger_version' fact # to use in apache nginx modules # Facter.add(passenger_version) do setcode do passenger_version = unknown exec('/usr/local/bin/passenger --version /tmp/passenger_version') passenger_version = File.open('/tmp/passenger_version', :readline).chomp.split(' ').last passenger_version end end but it never seems to add the 'passenger_version' fact 1. How can I make sure that the fact is ascertained before the template file is parsed? 2. If I am setting up a new system, passenger won't be installed until some point in the declarative process and at that point, how would I ensure that the fact is ascertained? Thanks -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Different users within same exec
Use su -c cmd user? -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Fri, Jun 24, 2011 at 3:06 PM, ssk1287 kulkarni.swar...@gmail.com wrote: I have the following exec in my manifest : exec { some_exec: path = [ /bin,/usr/bin,/usr/local/bin ], command = EXECUTE COMMAND 1, onlyif = EXECUTE COMMAND 2, logoutput = on_failure } I want that the COMMAND 1 should be executed by USER 1 and COMMAND 2 should be executed by USER 2. Is there a way to do it ? I tried giving the users parameter, but that seems to apply to both the commands. Thanks in advance, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom facts - chicken or the egg
On Jun 24, 2011, at 3:40 PM, Denmat wrote: Hi, What I do is a little different for zmanda. I have a fact that looks for a local release file that contains the version number installed. If that file doesn't exist then it returns 0.0.0. The version file is created after the successful install. I thought the gem provider was anyway? Can't you pass the version in the package declaration? - getting the version isn't exactly the problem and yes, the version is in the package installation set - which I plan to revisit later because it seems that when it comes to gem packages, 'ensure = latest' didn't seem to work but I didn't want to waste time on that. My issues seem to be... 1. I want to require = /etc/puppet/modules/custom/lib/facter/$SOME_CUSTOM_FACT is actually executed and the fact is established before a particular package is installed/configured. I can't seem to find the proper syntax for requiring that fact first - before the attempted installation. 2. It seems that the custom/lib/facter directory is a bit squirrelly in that it gags on the automatic backup files created by emacs (FILENAME.rb~) and if I create a resource that depends upon a fact, the resource installation fails and the fact is never established when I was sort of expecting facter to run at the outset of any agent activity. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Setting requirements using collection -vs- before/require meta-parameters
Hello, Could someone explain why a relationship implemented with a collection is honored by Puppet, but a 'before' or 'require' meta-parameter fails for the example below. --- THIS WORKS -- Nfs::Client | | - Class['myclass'] class { 'myclass': } nfs::client { '/share':} -- DEPENDENCY IS NOT HONORED BY PUPPET HERE - class{'myclass': require = Nfs::Client['/share'] } nfs::client{'/share':} The nfs share must be mounted before packages can be installed in Class['myclass']. Defining this relationship using 'before' or 'require' meta-parameters did not succeed: In the bottom example, Puppet would attempt to install packages contained in the class even though the nfs share was not mounted. I realize that the top example is applying the relationship to all 'nfs::client' defined types (which is fine). But why should this method work while the explicit 'before' or 'require' approach fail? Jon -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] need help with name parameter
Thanks Stefan. A bug (originally a doc bug) and subsequent discussion at Puppetlabs is documented here: https://projects.puppetlabs.com/issues/8096 ken. On Thu, Jun 23, 2011 at 6:11 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Wed, Jun 22, 2011 at 08:37:25PM +0100, Ken Barber wrote: So it would appear the parameter 'name' acts as namevar for file and exec at least ... its not defined in the type for these explicitly - it seems implicit. This seems historical and I haven't seen it used before (at least I've never used it myself). Does anyone know the history behind this? The following: @key_attribute_parameters ||= ( params = @parameters.find_all { |param| param.isnamevar? or param.name == :name } ) I guess this was added because not all types define a namevar. If you have no parameter marked as the namevar, :name is your namevar. Is defined in puppet/type.rb :-). Not sure if we have this behavior documented - or if its up for deprecation :-). I guess the more interesting bits are: def self.validattr?(name) name = symbolize(name) return true if name == :name @validattrs ||= {} unless @validattrs.include?(name) @validattrs[name] = !!(self.validproperty?(name) or self.validparameter?(name) or self.metaparam?(name)) end @validattrs[name] end So name is always considered a valid parameter. In fact name can always be used to reference the namevar parameter: def [](name) name = attr_alias(name) fail(Invalid parameter #{name}(#{name.inspect})) unless self.class.validattr?(name) if name == :name nv = name_var name = nv end if obj = @parameters[name] # Note that if this is a property, then the value is the should value, # not the current value. obj.value else return nil end end At the moment some parts of puppet depend on this behaviour because puppet often uses the value of the name parameter to identify a resource. If we remove the current name translation magic, referencing a resource by the name parameter will obviously not work for resources that dont have a name parameter. Hopefully this will be resolved in the future (always query a resource by uniqueness_key and dont rely on a name parameter at all). For further reading: problems with composite namevars because of the current way to query a resource * http://projects.puppetlabs.com/issues/5605 * http://projects.puppetlabs.com/issues/7629 Experimental patch on puppet-dev by Dan Bode * http://groups.google.com/group/puppet-dev/msg/7295ee43e76c02fd -Stefan ken. On Wed, Jun 22, 2011 at 6:40 PM, Henrik Lindberg henrik.lindb...@cloudsmith.com wrote: Hi, A bit of help is needed with this geppetto issue: https://github.com/cloudsmith/geppetto/issues/87 It is about the parameter name in relation to file. Appreciate feedback. Regards - henrik -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet Class is applied but is not executed
I agree it is almost certainly a syntax error. Do this on your class: puppet --parseonly class name this will do a quick sanity check. If you want to do more you can also run puppet with nodeamonize mode and debug to see what's wrong.. but I have a feeling that syntax checking will solve it. -Original Message- From: jcbollinger Sent: Friday, June 24, 2011 3:06 PM To: Puppet Users Subject: [Puppet Users] Re: Puppet Class is applied but is not executed On Jun 24, 7:33 am, christian huber christian.hu...@triphase.ch wrote: Hi all, i' am having a strange problem with a puppet class, basically i wrote a small class, no special content (ensure packed is installed). I applied this class to a linuxbox with puppetclient 2.6.4 installed (and working for the other classes). So the problem if I'am forcing now the client to get the new configuration, it does it very well. No error's even with the debug option. In the /var/lib/puppet directory i take a look at the classes.txt and i find the new class inside. So i try to force en error with the class be doing a modifying the class and adding a parser error. Executing again on the linuxbox the puppet command, nothing happens. I would now expect a error. But it looks like puppet just doesn't executed this class. anyone a idea what i'am missing .. ? You might be missing a message that Puppet is applying a cached catalog because the master failed to compile a new one; that's normally what happens when there is a syntax error in a node's manifests. We're missing all details of Puppet's output, whether to the console or to the system logs. Also the contents of the manifests involved and the command you used to run Puppet. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.