Re: [Puppet Users] making puppetd immortal
Well, changing a runlevel just to stop a daemon is a bit heavy handed. There are other tools that perform this in a more flexible manner: Runit, Daemontools, Monit, Supervisord, etc. -scott On Wed, Jun 29, 2011 at 10:33 PM, vagn scott vagnsc...@gmail.com wrote: In my reading I just ran across this: [Puppet - Bug #7273] Modifying puppet.conf causes 'reparsing config' and TERM signal results in shutdown of daemon short version: puppet agent can commit suicide, but it can't raise itself from the dead. However, init is immortal, and so puppetd can be, too. # on debian squeeze as root: insserv -r puppet echo 7:2:respawn:/usr/sbin/puppetd --no-daemonize /etc/inittab init Q If you don't want puppet running init 3 or some other run level. puppetd will stop. When you init 2 puppetd will start again. When you killall puppetd puppetd will do this: Jun 30 01:28:20 vm01 puppet-agent[7548]: Caught TERM; calling stop Jun 30 01:28:21 vm01 puppet-agent[8157]: Starting Puppet client version 2.6.2 Jun 30 01:28:22 vm01 puppet-agent[8157]: Finished catalog run in 0.11 seconds I'm not seeing a downside to this. Am I missing something? -- vagn -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@** googlegroups.com puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/** group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] using memorysize fact in manifests
Hi, I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? regards, Andreas -- Andreas Kuntzagk SystemAdministrator MDC Berlin / BIMSB Tel.: +49 30 9406 2997 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using memorysize fact in manifests
Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? Typical problem. Not to mention that you happen to have G but that could very easily be M. Here's my workaround for that, which I use for calculations to then set some sysctl.conf values accordingly : # This is ugly, but very useful to get a standard kiB total RAM # to base further calculations upon. Note that we get a string $mem = inline_template(% mem,unit = scope.lookupvar('::memorysize').split mem = mem.to_f # Normalize mem to KiB case unit when nil: mem *= (10) when 'kB': mem *= (110) when 'MB': mem *= (120) when 'GB': mem *= (130) when 'TB': mem *= (140) end %%= mem.to_i %) Here's an example of how I then use it : # kernel.shmmax if $shmmax { $shmmax_final = $shmmax } else { if $oracle { # For non-shm half the RAM for = 4G, 2G otherwise if $mem = 4294967296 { $shmmax_final = $mem / 2 } else { $shmmax_final = $mem - 2147483648 } } else { $shmmax_final = $mem } } HTH, Matthias -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.7.1, variable scoping, best practices
Hi, Having installed Puppet 2.7.1 on my testserver yesterday, I am now bugged by log messages, that tell me not to use dynamic variable lookups: Jun 29 13:31:09 os1 puppet-master[31910]: Dynamic lookup of $ssh_permitrootlogin at /etc/puppet/templates/etc/ssh/sshd_config.erb:28 is deprecated. Support will be removed in Puppet 2.8. Use a fully-qualified variable name (e.g., $classname::variable) or parameterized classes. Now, I have been reading up on variable scoping and trying to figure out how to rewrite my manifests to embrace best practices, but I am confused on how to proceed, and I can't really find any working examples, so I turn here for help. My current setup is something like this: node basenode { $somevar = defaultvalue $someothervar = anotherdefault } node internal inherits basenode { $someothervar = internaloverride } node external inherits basenode { } node myinternalserver inherits internal { $somevar = nodeoverride include generic } node someexternalserver inherits external { include generic } ...another 40 node definitions, inheriting either internal or external... class generic { include someclass include somemodule::anotherclass ... include a whole bunch of other classes that every node needs } In any class or module I use $somevar and $someothervar as I please, and I understand that this a) is not a recommended practice and b) will stop working in Puppet 2.8. So, what should I do? Switching to parameterized classes sounds nice, but that would mean that the 'generic' class would have to get /every/ variable I use as a parameter and pass it on to subsequent classes where needed. That sounds incredibly clumsy to me. In http://docs.puppetlabs.com/guides/scope_and_puppet.html I read: If you’re using dynamic scope to share resource defaults, there’s no way around it: you’ll have to repeat yourself in each file that the defaults apply to. Is this what's biting me here? Well, this sounds like something I can live with, after all: it's not the default values I care about, it's the overriding values. Further, it states: If you need to apply resource defaults more broadly, you can still set them at top scope in your primary site manifest. If you need the resource defaults in a class to change depending on where the class is being declared, you need parameterized classes. And we're back at parameterized classes. And what does 'top scope' mean exactly? I assume that would be in 'site.pp', outside any class or node definition? To make a long question short: what is the recommended way to override values for certain nodes or groups of nodes (by inheritance)? And I'd /really/ prefer to do that without having to pass on each and every value as a parameter to the next included class... Best regards, Martijn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using memorysize fact in manifests
On 30-06-11 11:20, Matthias Saou wrote: Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? Typical problem. Not to mention that you happen to have G but that could very easily be M. Here's my workaround for that, which I use for calculations to then set some sysctl.conf values accordingly : # This is ugly, but very useful to get a standard kiB total RAM # to base further calculations upon. Note that we get a string $mem = inline_template(% mem,unit = scope.lookupvar('::memorysize').split mem = mem.to_f # Normalize mem to KiB case unit when nil: mem *= (10) when 'kB': mem *= (110) when 'MB': mem *= (120) when 'GB': mem *= (130) when 'TB': mem *= (140) end %%= mem.to_i %) I use a custom fact, that returns the amount of system memory in megabytes. This is, however, Linux-only, since it uses /proc/meminfo: $ cat modules/common/lib/facter/memorysize_mb.rb require 'facter' Facter.add(memorysize_mb) do confine :kernel = :Linux ram = 0 # Steal linux's meminfo File.open( /proc/meminfo , 'r' ) do |f| f.grep( /^MemTotal:/ ) { |mem| ram = mem.split( / +/ )[1].to_i / 1024 } end setcode do ram end end Here's an example of how I then use it : # kernel.shmmax if $shmmax { $shmmax_final = $shmmax } else { if $oracle { # For non-shm half the RAM for = 4G, 2G otherwise if $mem = 4294967296 { $shmmax_final = $mem / 2 } else { $shmmax_final = $mem - 2147483648 } } else { $shmmax_final = $mem } } Best regards, Martijn Grendelman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using memorysize fact in manifests
Well that's odd, I was looking at the exact same issue this morning for sysctl.conf / oracle stuff. But why are people writing new facts?? Why not just take a copy of the original function and simply not run the function that normalizes the number? It seems very odd to make a more limited version of the function when it's already there. Is it not possible to copy the code directly from utils/memory.rb in facter? Chris On 30 June 2011 13:00, Martijn Grendelman mart...@iphion.nl wrote: On 30-06-11 11:20, Matthias Saou wrote: Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? Typical problem. Not to mention that you happen to have G but that could very easily be M. Here's my workaround for that, which I use for calculations to then set some sysctl.conf values accordingly : # This is ugly, but very useful to get a standard kiB total RAM # to base further calculations upon. Note that we get a string $mem = inline_template(% mem,unit = scope.lookupvar('::memorysize').split mem = mem.to_f # Normalize mem to KiB case unit when nil: mem *= (10) when 'kB': mem *= (110) when 'MB': mem *= (120) when 'GB': mem *= (130) when 'TB': mem *= (140) end %%= mem.to_i %) I use a custom fact, that returns the amount of system memory in megabytes. This is, however, Linux-only, since it uses /proc/meminfo: $ cat modules/common/lib/facter/memorysize_mb.rb require 'facter' Facter.add(memorysize_mb) do confine :kernel = :Linux ram = 0 # Steal linux's meminfo File.open( /proc/meminfo , 'r' ) do |f| f.grep( /^MemTotal:/ ) { |mem| ram = mem.split( / +/ )[1].to_i / 1024 } end setcode do ram end end Here's an example of how I then use it : # kernel.shmmax if $shmmax { $shmmax_final = $shmmax } else { if $oracle { # For non-shm half the RAM for = 4G, 2G otherwise if $mem = 4294967296 { $shmmax_final = $mem / 2 } else { $shmmax_final = $mem - 2147483648 } } else { $shmmax_final = $mem } } Best regards, Martijn Grendelman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using memorysize fact in manifests
Further to this, this is the normal memory code condensed with normalization removed to give raw versions of the facts. require 'facter' { :MemorySizeRaw = MemTotal, :MemoryFreeRaw = MemFree, :SwapSizeRaw = SwapTotal, :SwapFreeRaw = SwapFree }.each do |fact, name| Facter.add(fact) do confine :kernel = :linux setcode do memsize_raw = Thread::exclusive do File.readlines(/proc/meminfo).each do |l| memsize_raw = $1.to_i if l =~ /^#{name}:\s+(\d+)\s+\S+/ # MemoryFree == memfree + cached + buffers # (assume scales are all the same as memfree) if name == MemFree l =~ /^(?:Buffers|Cached):\s+(\d+)\s+\S+/ memsize_raw += $1.to_i end end end memsize_raw end end end Thanks Chris On 30 June 2011 13:29, Chris Phillips ch...@untrepid.com wrote: Well that's odd, I was looking at the exact same issue this morning for sysctl.conf / oracle stuff. But why are people writing new facts?? Why not just take a copy of the original function and simply not run the function that normalizes the number? It seems very odd to make a more limited version of the function when it's already there. Is it not possible to copy the code directly from utils/memory.rb in facter? Chris On 30 June 2011 13:00, Martijn Grendelman mart...@iphion.nl wrote: On 30-06-11 11:20, Matthias Saou wrote: Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote: I want some config depending on memorysize. What I tried was if ($memorysize = 256 * 1024*1024) { ... } But this fails because $memorysize is a string (and contains a G) and can't be compared to an int. Are all facts strings? How do I work with numbers? Typical problem. Not to mention that you happen to have G but that could very easily be M. Here's my workaround for that, which I use for calculations to then set some sysctl.conf values accordingly : # This is ugly, but very useful to get a standard kiB total RAM # to base further calculations upon. Note that we get a string $mem = inline_template(% mem,unit = scope.lookupvar('::memorysize').split mem = mem.to_f # Normalize mem to KiB case unit when nil: mem *= (10) when 'kB': mem *= (110) when 'MB': mem *= (120) when 'GB': mem *= (130) when 'TB': mem *= (140) end %%= mem.to_i %) I use a custom fact, that returns the amount of system memory in megabytes. This is, however, Linux-only, since it uses /proc/meminfo: $ cat modules/common/lib/facter/memorysize_mb.rb require 'facter' Facter.add(memorysize_mb) do confine :kernel = :Linux ram = 0 # Steal linux's meminfo File.open( /proc/meminfo , 'r' ) do |f| f.grep( /^MemTotal:/ ) { |mem| ram = mem.split( / +/ )[1].to_i / 1024 } end setcode do ram end end Here's an example of how I then use it : # kernel.shmmax if $shmmax { $shmmax_final = $shmmax } else { if $oracle { # For non-shm half the RAM for = 4G, 2G otherwise if $mem = 4294967296 { $shmmax_final = $mem / 2 } else { $shmmax_final = $mem - 2147483648 } } else { $shmmax_final = $mem } } Best regards, Martijn Grendelman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] AIX clients
On Jun 29, 2011, at 3:28 PM, Kinzel, David wrote: Can you point to where/how you got ruby working? Last attempt openssl was refusing to function properly for me. I built it from source, but the SSL module wasn’t working for me either. I didn’t include every problem I ran into since I figured the theoretical answer would cover them. Sorry. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
On Jun 29, 7:47 pm, Sriramu Singaram sriramus@gmail.com wrote: Hi Everyone, I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their hostname set to localhost.localdomain initially at boot-time. There is this script file that runs in rc.local and this is what I do inside it 1. I change the hostname from localhost to xxx.xx using the hostname command. 2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xx --logdest=/var/log/puppet/puppet.log The problem I am facing is that the puppet agent on the VMs creates certificates for localhost.localdomain inspite of me changing the hostname to say xxx.xxx. I want the puppet agent to pick up the new hostname while creating the certificate, but it doesn't seem to be doing that. I am not sure where the puppet agent looks to pick up the hostname at certificate creation, is it the /etc/hosts file or the env or /etc/ sysconfig/network? currently when I set the hostname using the hostname command, it doesnt create any entry in these files. Any help is really appreciated!! In all likelihood, the agent uses the node's name resolver to get its FQDN, either by a command such as 'hostname --fqdn' or by the direct syscalls. Changing the host name via the hostname command does not affect the FQDN, and also does not persist across reboots . How you can change the FQDN and whether you can do so without restarting the VM will depend on your configuration and resolver library. Among the relevant files for most Linux installations are / etc/nsswitch.conf, /etc/resolv.conf, and /etc/hosts. Other files vary more among distributions, but on RedHat-family distros you probably need to set the FQDN in /etc/sysconfig/network. Whether the node's name is in fact resolvable in DNS / NIS / whatever-nameservice-is- configured may also be relevant. If you are running a name caching service (e.g. nscd) then that may also factor into the equation. Note that nscd in particular can be configured to be stubbornly ignorant of changes to the authoritative files. Good luck, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announcing: Geppetto 1.0.1
Hi, Geppetto 1.0.1 is now available. If you are among the 300 users that already have Geppetto 1.0.0 installed, you can get the new release by selecting Help Check for Updates. If you are on Mac OS X you need to make a very simple and small adjustment to your installed Geppetto 1.0.0 as described in this FAQ entry: http://cloudsmith.github.com/geppetto/faq.html#2011/06/29/update-stops-with-permgen-error Download of packaged Geppeto is available at: https://github.com/cloudsmith/geppetto/downloads If you installed Geppetto into your Eclipse, you will get 1.0.1 the next time you perform Check for Updates. For other information please visit: http://cloudsmith.github.com/geppetto/ Regards -henrik Release notes for 1.0.1 === * Support for Nagios types added * Meta 'name'-parameter alias supported * Build optimizations (10x improvement for large/complicated modules) * Fixed issues Issues Fixed --- * Validation of trivial resource redefinitions added. Issue #84 * RHS of node inherits must be a constant expression. Issue #67 * Add redefinition checks for names in array. Issue #84 * URL for pptp shortened in ambiguity error marker. Quickfix glitch. * Support for nagios types added to pptp. Issue #106 * Improved formatting of ambiguous warning message. * Added Progress Monitor to recursive delete. * Parameters 'target' and 'ensure' not included for any nagios type. Issue #115 * Added namevar processing (default meta 'name' and real namevar - error for redefinition). * Optimized resource linker * Generated pptp files for 2.6.9 and 2.7.1. (Files included but not yet directly useable from UI). Issue #116 * Single-quoted strings with escapes cause unwarranted warnings. Issue #126. * Setting defaults for defines causes unwarranted error. Issue #125 * Fixed problem on OSX that required manual patch to geppetto.ini to be able to update. Also see FAQ (as mentioned above). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Ruby 1.8.7 manifest
If you have used a public accessible manifest for ruby 1.8.7 ree or you are willing to share ... I am looking for one! Oh, and i've not yet acquired the skillz to create my own. But when I do, I promise to share. ; ) T. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
On Thu, Jun 30, 2011 at 6:49 AM, jcbollinger john.bollin...@stjude.orgwrote: Note that nscd in particular can be configured to be stubbornly ignorant of changes to the authoritative files. Tell it like it is brother! /me considers forming the nscd-haters club... As an aside that really isn't that relevant to the OP, I've had good success with nsscache in the past. http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet client do-overs
I am pulling in the 'client' intended version of puppet.conf on my puppetmaster system - probably because I had a package that required a class it shouldn't have and I have fixed that (I think - hard to test) but even after killing off all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting puppetd they just seem to reload the specific mod_puppet classes that it shouldn't. Perhaps it is a stored config and I've tried running puppetstoredconfigclean.rb without any success (user stupidity for not knowing what this host file is supposed to look like). How can I get a fresh start with a client so it operates only on the classes it is configured to use? Craig -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] FIPS 140-2 compliance
Pittman: Hey, thanks for filing away that request. We had previous folks asking for similar things, but no one indicated that FIPS compliant OpenSSL would absolutely refuse to work with MD5, full stop. Am I right in imagining, given your title, that FIPS mode is an absolute requirement for y'all to use Puppet on your systems? I believe I understand your question when I say: yes, we have to use FIPS mode on our systems; if Puppet does not work under FIPS mode, we can't use Puppet. At my site, right now, it works ok, because I have locally-made RPM packages of Puppet and Ruby with the rough patches that I've indicated in the issue reports I've filed. For J. Random Federalgovernment Admin, it probably needs to work more smoothly. (What were her parents thinking, giving her two middle names...) Further reading: http://iase.disa.mil/stigs/os/unix/unix.html http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf (look for DCAS-1 and DCCS-2) http://www.niap-ccevs.org/faqs/nstissp-11/ Federal Information Security Management Act (FISMA) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to define a hash table and loop over them in a definition?
Thanks a lot for both answers! Very helpful. However, I was a little surprised that how slow Puppet was when I run your example. Was it Puppet just slow or was it just my VM is slow? I literally had to wait 1 min to get the result: Thu Jun 30 10:37:56 PDT 2011 notice: Finished catalog run in 0.02 seconds Thu Jun 30 10:38:58 PDT 2011 Did I do anything wrong here? I was running it under Ubuntu 10.04 Thanks again! On Wed, Jun 29, 2011 at 7:11 PM, vagn scott vagnsc...@gmail.com wrote: On 06/29/2011 09:56 PM, treydock wrote: % apparray.each do |key,value| -% Key:%= key % Path:%= value['path'] % Command:%= value['command'] % % end -% inline_template() can be used as a here document. that plus a puppet shebang line makes testing and presenting examples really easy. Put the following in file here-hash.pp, then chmod +x here-hash.pp ./here-hash.pp --vagn ---8 #! /usr/bin/puppet apply Exec { path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } $prog_name = here-hash.pp $apparray = { app1 = { 'path' = '/test/path1', 'command' = 'cmd1' }, app2 = { 'path' = '/test/path2', 'command' = 'cmd2' }, } $result = inline_template( % apparray.each do |key,value| -% Key: %= key % Path: %= value['path'] % Command: %= value['command'] % % end -% ) node default { notice(--- running: $program_name -) notice($result) notice(--- done: $program_name ) } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet autosign by VLAN IP
Hi, Can puppet autosign work by giving vlan IP instead of domain? For example, in the autosign.conf file, instead of using *.mydomain.org, I want to give 172.18.133.* But it does not seem to work if I give the IP address. But I don't want to limit the client from *.mydomain.org by only allow certain vlan client not all the are in the same domain. Thanks, -Haiyan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] FIPS 140-2 compliance
On Thu, Jun 30, 2011 at 10:08, Jennings, Jared L CTR USAF AFMC 46 SK/CCI jared.jennings@eglin.af.mil wrote: Pittman: Hey, thanks for filing away that request. We had previous folks asking for similar things, but no one indicated that FIPS compliant OpenSSL would absolutely refuse to work with MD5, full stop. Am I right in imagining, given your title, that FIPS mode is an absolute requirement for y'all to use Puppet on your systems? I believe I understand your question when I say: yes, we have to use FIPS mode on our systems; if Puppet does not work under FIPS mode, we can't use Puppet. Maybe I could have asked more clearly. I wanted to make sure I had supporting data when it came to convincing my boss that we should be putting engineering time into fixing this now, because it matters for a lot more than just theoretical technical reasons. ;) Thank you so much for sending those references. They make it much easier to make my case. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman dan...@puppetlabs.com ✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775 ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.7.1, variable scoping, best practices
I'm doing something similar with class inheritance, rather than node inheritance. In http://docs.puppetlabs.com/guides/scope_and_puppet.html it says: In effect, all variables will be either strictly local or strictly global. The one exception will be derived classes, which will continue to consult the scope of the base class they inherit from. I take this to mean that foo() below won't get anything from it's enclosing class since it is not inheriting from that class. This change breaks everything non-trivial I've written lately. But, wait! About the postfix example it says postfix::custom’s chain of parent scopes is postfix::custom postfix base top-scope Well, that's not too bad. Everything should keep working. So, a better statement would be: All variables will be either strictly local or strictly global. The two exceptions will be derived classes, which will continue to consult the scope of the base class they inherit from, and included classes that can see variables from the including class. Tell me this is still going to work: class default { $somevar = defaultvalue $someothervar = anotherdefault # 50 other items } define foo($a, $b, $c=z) { # uses somevar and someothervar } class local_foo1 inherits default { $someothervar = internaloverride foo { blah: a = x, b = y } foo { fooey: a = x2, b = y2 } } class local_foo2 inherits default { $someothervar = internaloverride2 foo { yuck: a = x3, b = y } } node baz { class ( local_foo1: } class ( local_foo2: } } and if it won't continue to work, how about an explicit inherits for scopes and lookup order? define foo($a, $b, $c=z) { $inherits = [ Parent[2], # parent and grandparent #global, # uncomment if you want global Class[ site_params2 ] # in lieu of global ] # uses somevar and someothervar } About this: But this is not a bad thing! Resource defaults are really just code compression, and were designed to make a single file of Puppet code more concise. By making sure your defaults are always on the same page as the resources they apply to, you’ll make your code vastly more legible and predictable. Just code compression? No, defaults is an expression of DRY: Don't Repeat Yourself. How are we supposed to keep our code DRY under this new regime? Aside: I never liked puppet's use of the term include. Maybe because I'm a C programmer. In C/C++ include is a textual interpolation, similar to string interpolation. But, for puppet: include something I have to mentally translate that to use something something.set_parent_scope(this) Which, if I'm reading things right, won't be changing to use something something.set_parent_scope(nil) Anyway, looks like I'll be testing 2.7 soon. -- vagn On 06/30/2011 07:15 AM, Martijn Grendelman wrote: Hi, Having installed Puppet 2.7.1 on my testserver yesterday, I am now bugged by log messages, that tell me not to use dynamic variable lookups: Jun 29 13:31:09 os1 puppet-master[31910]: Dynamic lookup of $ssh_permitrootlogin at /etc/puppet/templates/etc/ssh/sshd_config.erb:28 is deprecated. Support will be removed in Puppet 2.8. Use a fully-qualified variable name (e.g., $classname::variable) or parameterized classes. Now, I have been reading up on variable scoping and trying to figure out how to rewrite my manifests to embrace best practices, but I am confused on how to proceed, and I can't really find any working examples, so I turn here for help. My current setup is something like this: node basenode { $somevar = defaultvalue $someothervar = anotherdefault } node internal inherits basenode { $someothervar = internaloverride } node external inherits basenode { } node myinternalserver inherits internal { $somevar = nodeoverride include generic } node someexternalserver inherits external { include generic } ...another 40 node definitions, inheriting either internal or external... class generic { include someclass include somemodule::anotherclass ... includea whole bunch of other classes that every node needs } In any class or module I use $somevar and $someothervar as I please, and I understand that this a) is not a recommended practice and b) will stop working in Puppet 2.8. So, what should I do? Switching to parameterized classes sounds nice, but that would mean that the 'generic' class would have to get /every/ variable I use as a parameter and pass it on to subsequent classes where needed. That sounds incredibly clumsy to me. In http://docs.puppetlabs.com/guides/scope_and_puppet.html I read: If you’re using dynamic scope to share resource defaults, there’s no way around it:
[Puppet Users] Re: Using Mcollective with Enterprise Ruby
Where is the plugins directory supposed to be installed/located? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] require = Class
Hi I have been trying to use class dependency and had no luck so far. following are the two classes i am trying to use [root@puppet]#cat libreoffice.pp class libreoffice { case $hostname { foo: { package { libreoffice: ensure = present, require = Class[foo1] } } } } [root@puppet]#cat foo.pp class foo1 { package { openoffice.org-core: ensure = absent, } } When i run puppetd on client i get the error message Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class foo1 at /etc/puppet/manifests/classes/ libreoffice.pp:18 on node Do i need to do anything else in order to use require = Class? Any help would be appreciated Thanks Brijesh Do i need -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] require = Class
you also have to have a include foo1 somewhere. Note that your require is a dependency, not an instantiation. require just says that foo1 has to be installed first, before libreoffice package can be installed. -- vagn class libreoffice { case $hostname { foo: { include foo1 package { libreoffice: ensure = present, require = Class[foo1] } } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] require = Class
Are both of the .pp files being imported in site.pp / init.pp? -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Thu, Jun 30, 2011 at 5:19 PM, brijesh bridgepa...@gmail.com wrote: Hi I have been trying to use class dependency and had no luck so far. following are the two classes i am trying to use [root@puppet]#cat libreoffice.pp class libreoffice { case $hostname { foo: { package { libreoffice: ensure = present, require = Class[foo1] } } } } [root@puppet]#cat foo.pp class foo1 { package { openoffice.org-core: ensure = absent, } } When i run puppetd on client i get the error message Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class foo1 at /etc/puppet/manifests/classes/ libreoffice.pp:18 on node Do i need to do anything else in order to use require = Class? Any help would be appreciated Thanks Brijesh Do i need -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: require = Class
thanks that worked i didn't realise i need to include it first. Brijesh On Jul 1, 1:18 pm, vagn scott vagnsc...@gmail.com wrote: you also have to have a include foo1 somewhere. Note that your require is a dependency, not an instantiation. require just says that foo1 has to be installed first, before libreoffice package can be installed. -- vagn class libreoffice { case $hostname { foo: { include foo1 package { libreoffice: ensure = present, require = Class[foo1] } } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: require = Class
yes i have *.pp in my site.pp file but adding include foo1 fixed the issue. On Jul 1, 3:02 pm, brijesh bridgepa...@gmail.com wrote: thanks that worked i didn't realise i need to include it first. Brijesh On Jul 1, 1:18 pm, vagn scott vagnsc...@gmail.com wrote: you also have to have a include foo1 somewhere. Note that your require is a dependency, not an instantiation. require just says that foo1 has to be installed first, before libreoffice package can be installed. -- vagn class libreoffice { case $hostname { foo: { include foo1 package { libreoffice: ensure = present, require = Class[foo1] } } } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet client do-overs
What problem do you have with puppetstoreconfigclean.rb? The problem I usually have is that I forget it has to be run as root on the puppetmaster, I keep thinking I need to run it on the client machine. -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Thu, Jun 30, 2011 at 9:59 AM, Craig White craig.wh...@ttiltd.com wrote: I am pulling in the 'client' intended version of puppet.conf on my puppetmaster system - probably because I had a package that required a class it shouldn't have and I have fixed that (I think - hard to test) but even after killing off all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting puppetd they just seem to reload the specific mod_puppet classes that it shouldn't. Perhaps it is a stored config and I've tried running puppetstoredconfigclean.rb without any success (user stupidity for not knowing what this host file is supposed to look like). How can I get a fresh start with a client so it operates only on the classes it is configured to use? Craig -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.