Re: [Puppet Users] making puppetd immortal

2011-06-30 Thread Scott Smith
Well, changing a runlevel just to stop a daemon is a bit heavy handed.

There are other tools that perform this in a more flexible manner: Runit,
Daemontools, Monit, Supervisord, etc.

-scott

On Wed, Jun 29, 2011 at 10:33 PM, vagn scott vagnsc...@gmail.com wrote:

 In my reading I just ran across this:

[Puppet - Bug #7273] Modifying puppet.conf causes 'reparsing config'
and TERM signal results in shutdown of daemon

 short version: puppet agent can commit suicide, but it can't raise itself
 from the dead.

 However, init is immortal, and so puppetd can be, too.


# on debian squeeze as root:
insserv -r puppet
echo 7:2:respawn:/usr/sbin/puppetd --no-daemonize  /etc/inittab
init Q

 If you don't want puppet running

init 3

 or some other run level.  puppetd will stop.
 When you

init 2

 puppetd will start again.

 When you

killall puppetd

 puppetd will do this:

Jun 30 01:28:20 vm01 puppet-agent[7548]: Caught TERM; calling stop
Jun 30 01:28:21 vm01 puppet-agent[8157]: Starting Puppet client
 version 2.6.2
Jun 30 01:28:22 vm01 puppet-agent[8157]: Finished catalog run in
 0.11 seconds

 I'm not seeing a downside to this.  Am I missing something?

 --
 vagn

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to puppet-users+unsubscribe@**
 googlegroups.com puppet-users%2bunsubscr...@googlegroups.com.
 For more options, visit this group at http://groups.google.com/**
 group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en
 .



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] using memorysize fact in manifests

2011-06-30 Thread Andreas Kuntzagk

Hi,

I want some config depending on memorysize.

What I tried was
  if ($memorysize = 256 * 1024*1024) {
...
  }

But this fails because $memorysize is a string (and contains a G) and can't be 
compared to an int.


Are all facts strings? How do I work with numbers?

regards, Andreas

--
Andreas Kuntzagk
SystemAdministrator
MDC Berlin / BIMSB
Tel.: +49 30 9406 2997

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using memorysize fact in manifests

2011-06-30 Thread Matthias Saou
Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote:

 I want some config depending on memorysize.
 
 What I tried was
if ($memorysize = 256 * 1024*1024) {
 ...
}
 
 But this fails because $memorysize is a string (and contains a G)
 and can't be compared to an int.
 
 Are all facts strings? How do I work with numbers?

Typical problem. Not to mention that you happen to have G but that
could very easily be M. Here's my workaround for that, which I use
for calculations to then set some sysctl.conf values accordingly :

# This is ugly, but very useful to get a standard kiB total RAM
# to base further calculations upon. Note that we get a string
$mem = inline_template(%
mem,unit = scope.lookupvar('::memorysize').split
mem = mem.to_f
# Normalize mem to KiB
case unit
when nil:  mem *= (10)
when 'kB': mem *= (110)
when 'MB': mem *= (120)
when 'GB': mem *= (130)
when 'TB': mem *= (140)
end
%%= mem.to_i %)

Here's an example of how I then use it :

# kernel.shmmax
if $shmmax {
$shmmax_final = $shmmax
} else {
if $oracle {
# For non-shm half the RAM for = 4G, 2G otherwise
if $mem = 4294967296 {
$shmmax_final = $mem / 2
} else {
$shmmax_final = $mem - 2147483648
}
} else {
$shmmax_final = $mem
}
}

HTH,
Matthias

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Puppet 2.7.1, variable scoping, best practices

2011-06-30 Thread Martijn Grendelman
Hi,

Having installed Puppet 2.7.1 on my testserver yesterday, I am now bugged
by log messages, that tell me not to use dynamic variable lookups:

Jun 29 13:31:09 os1 puppet-master[31910]: Dynamic lookup of
$ssh_permitrootlogin at /etc/puppet/templates/etc/ssh/sshd_config.erb:28
is deprecated.  Support will be removed in Puppet 2.8.  Use a
fully-qualified variable name (e.g., $classname::variable) or
parameterized classes.

Now, I have been reading up on variable scoping and trying to figure out
how to rewrite my manifests to embrace best practices, but I am confused
on how to proceed, and I can't really find any working examples, so I turn
here for help.

My current setup is something like this:


node basenode {
$somevar  = defaultvalue
$someothervar = anotherdefault
}

node internal inherits basenode {
$someothervar = internaloverride
}

node external inherits basenode {
}

node myinternalserver inherits internal {
$somevar = nodeoverride
include generic
}

node someexternalserver inherits external {
include generic
}

...another 40 node definitions, inheriting either internal or external...

class generic {
include someclass
include somemodule::anotherclass
...
include a whole bunch of other classes that every node needs
}


In any class or module I use $somevar and $someothervar as I please, and I
understand that this a) is not a recommended practice and b) will stop
working in Puppet 2.8.

So, what should I do?

Switching to parameterized classes sounds nice, but that would mean that
the 'generic' class would have to get /every/ variable I use as a
parameter and pass it on to subsequent classes where needed. That sounds
incredibly clumsy to me.

In http://docs.puppetlabs.com/guides/scope_and_puppet.html I read:

  If you’re using dynamic scope to share resource defaults, there’s no
way around it: you’ll have to repeat yourself in each file that the
defaults apply to.

Is this what's biting me here? Well, this sounds like something I can live
with, after all: it's not the default values I care about, it's the
overriding values.

Further, it states:

  If you need to apply resource defaults more broadly, you can still set
them at top scope in your primary site manifest. If you need the resource
defaults in a class to change depending on where the class is being
declared, you need parameterized classes.

And we're back at parameterized classes. And what does 'top scope' mean
exactly? I assume that would be in 'site.pp', outside any class or node
definition?

To make a long question short: what is the recommended way to override
values for certain nodes or groups of nodes (by inheritance)? And I'd
/really/ prefer to do that without having to pass on each and every value
as a parameter to the next included class...

Best regards,
Martijn.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using memorysize fact in manifests

2011-06-30 Thread Martijn Grendelman
On 30-06-11 11:20, Matthias Saou wrote:
 Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote:
 
 I want some config depending on memorysize.

 What I tried was
if ($memorysize = 256 * 1024*1024) {
 ...
}

 But this fails because $memorysize is a string (and contains a G)
 and can't be compared to an int.

 Are all facts strings? How do I work with numbers?
 
 Typical problem. Not to mention that you happen to have G but that
 could very easily be M. Here's my workaround for that, which I use
 for calculations to then set some sysctl.conf values accordingly :
 
 # This is ugly, but very useful to get a standard kiB total RAM
 # to base further calculations upon. Note that we get a string
 $mem = inline_template(%
 mem,unit = scope.lookupvar('::memorysize').split
 mem = mem.to_f
 # Normalize mem to KiB
 case unit
 when nil:  mem *= (10)
 when 'kB': mem *= (110)
 when 'MB': mem *= (120)
 when 'GB': mem *= (130)
 when 'TB': mem *= (140)
 end
 %%= mem.to_i %)

I use a custom fact, that returns the amount of system memory in
megabytes. This is, however, Linux-only, since it uses /proc/meminfo:

$ cat modules/common/lib/facter/memorysize_mb.rb


require 'facter'

Facter.add(memorysize_mb) do
confine :kernel = :Linux

ram = 0

# Steal linux's meminfo
File.open( /proc/meminfo , 'r' ) do |f|
f.grep( /^MemTotal:/ ) { |mem|
ram = mem.split( / +/ )[1].to_i / 1024
}
end

setcode do
ram
end
end


 Here's an example of how I then use it :
 
 # kernel.shmmax
 if $shmmax {
 $shmmax_final = $shmmax
 } else {
 if $oracle {
 # For non-shm half the RAM for = 4G, 2G otherwise
 if $mem = 4294967296 {
 $shmmax_final = $mem / 2
 } else {
 $shmmax_final = $mem - 2147483648
 }
 } else {
 $shmmax_final = $mem
 }
 }


Best regards,
Martijn Grendelman

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using memorysize fact in manifests

2011-06-30 Thread Chris Phillips
Well that's odd, I was looking at the exact same issue this morning for
sysctl.conf / oracle stuff.

But why are people writing new facts?? Why not just take a copy of the
original function and simply not run the function that normalizes the
number? It seems very odd to make a more limited version of the function
when it's already there.

Is it not possible to copy the code directly from utils/memory.rb  in
facter?

Chris

On 30 June 2011 13:00, Martijn Grendelman mart...@iphion.nl wrote:

 On 30-06-11 11:20, Matthias Saou wrote:
  Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote:
 
  I want some config depending on memorysize.
 
  What I tried was
 if ($memorysize = 256 * 1024*1024) {
  ...
 }
 
  But this fails because $memorysize is a string (and contains a G)
  and can't be compared to an int.
 
  Are all facts strings? How do I work with numbers?
 
  Typical problem. Not to mention that you happen to have G but that
  could very easily be M. Here's my workaround for that, which I use
  for calculations to then set some sysctl.conf values accordingly :
 
  # This is ugly, but very useful to get a standard kiB total RAM
  # to base further calculations upon. Note that we get a string
  $mem = inline_template(%
  mem,unit = scope.lookupvar('::memorysize').split
  mem = mem.to_f
  # Normalize mem to KiB
  case unit
  when nil:  mem *= (10)
  when 'kB': mem *= (110)
  when 'MB': mem *= (120)
  when 'GB': mem *= (130)
  when 'TB': mem *= (140)
  end
  %%= mem.to_i %)

 I use a custom fact, that returns the amount of system memory in
 megabytes. This is, however, Linux-only, since it uses /proc/meminfo:

 $ cat modules/common/lib/facter/memorysize_mb.rb


 require 'facter'

 Facter.add(memorysize_mb) do
confine :kernel = :Linux

ram = 0

# Steal linux's meminfo
File.open( /proc/meminfo , 'r' ) do |f|
f.grep( /^MemTotal:/ ) { |mem|
ram = mem.split( / +/ )[1].to_i / 1024
}
end

setcode do
ram
end
 end


  Here's an example of how I then use it :
 
  # kernel.shmmax
  if $shmmax {
  $shmmax_final = $shmmax
  } else {
  if $oracle {
  # For non-shm half the RAM for = 4G, 2G otherwise
  if $mem = 4294967296 {
  $shmmax_final = $mem / 2
  } else {
  $shmmax_final = $mem - 2147483648
  }
  } else {
  $shmmax_final = $mem
  }
  }


 Best regards,
 Martijn Grendelman

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] using memorysize fact in manifests

2011-06-30 Thread Chris Phillips
Further to this, this is the normal memory code condensed with normalization
removed to give raw versions of the facts.

require 'facter'

{   :MemorySizeRaw = MemTotal,
:MemoryFreeRaw = MemFree,
:SwapSizeRaw   = SwapTotal,
:SwapFreeRaw   = SwapFree
}.each do |fact, name|
Facter.add(fact) do
confine :kernel = :linux
setcode do
memsize_raw = 
Thread::exclusive do
File.readlines(/proc/meminfo).each do |l|
memsize_raw = $1.to_i if l =~ /^#{name}:\s+(\d+)\s+\S+/
# MemoryFree == memfree + cached + buffers
#  (assume scales are all the same as memfree)
if name == MemFree 
l =~ /^(?:Buffers|Cached):\s+(\d+)\s+\S+/
memsize_raw += $1.to_i
end
end
end
memsize_raw
end
end
end

Thanks

Chris

On 30 June 2011 13:29, Chris Phillips ch...@untrepid.com wrote:


 Well that's odd, I was looking at the exact same issue this morning for
 sysctl.conf / oracle stuff.

 But why are people writing new facts?? Why not just take a copy of the
 original function and simply not run the function that normalizes the
 number? It seems very odd to make a more limited version of the function
 when it's already there.

 Is it not possible to copy the code directly from utils/memory.rb  in
 facter?

 Chris

 On 30 June 2011 13:00, Martijn Grendelman mart...@iphion.nl wrote:

 On 30-06-11 11:20, Matthias Saou wrote:
  Andreas Kuntzagk andreas.kuntz...@mdc-berlin.de wrote:
 
  I want some config depending on memorysize.
 
  What I tried was
 if ($memorysize = 256 * 1024*1024) {
  ...
 }
 
  But this fails because $memorysize is a string (and contains a G)
  and can't be compared to an int.
 
  Are all facts strings? How do I work with numbers?
 
  Typical problem. Not to mention that you happen to have G but that
  could very easily be M. Here's my workaround for that, which I use
  for calculations to then set some sysctl.conf values accordingly :
 
  # This is ugly, but very useful to get a standard kiB total RAM
  # to base further calculations upon. Note that we get a string
  $mem = inline_template(%
  mem,unit = scope.lookupvar('::memorysize').split
  mem = mem.to_f
  # Normalize mem to KiB
  case unit
  when nil:  mem *= (10)
  when 'kB': mem *= (110)
  when 'MB': mem *= (120)
  when 'GB': mem *= (130)
  when 'TB': mem *= (140)
  end
  %%= mem.to_i %)

 I use a custom fact, that returns the amount of system memory in
 megabytes. This is, however, Linux-only, since it uses /proc/meminfo:

 $ cat modules/common/lib/facter/memorysize_mb.rb


 require 'facter'

 Facter.add(memorysize_mb) do
confine :kernel = :Linux

ram = 0

# Steal linux's meminfo
File.open( /proc/meminfo , 'r' ) do |f|
f.grep( /^MemTotal:/ ) { |mem|
ram = mem.split( / +/ )[1].to_i / 1024
}
end

setcode do
ram
end
 end


  Here's an example of how I then use it :
 
  # kernel.shmmax
  if $shmmax {
  $shmmax_final = $shmmax
  } else {
  if $oracle {
  # For non-shm half the RAM for = 4G, 2G otherwise
  if $mem = 4294967296 {
  $shmmax_final = $mem / 2
  } else {
  $shmmax_final = $mem - 2147483648
  }
  } else {
  $shmmax_final = $mem
  }
  }


 Best regards,
 Martijn Grendelman

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] AIX clients

2011-06-30 Thread Rob McBroom
On Jun 29, 2011, at 3:28 PM, Kinzel, David wrote:

 Can you point to where/how you got ruby working? Last attempt openssl
 was refusing to function properly for me.

I built it from source, but the SSL module wasn’t working for me either. I 
didn’t include every problem I ran into since I figured the theoretical answer 
would cover them. Sorry.

-- 
Rob McBroom
http://www.skurfer.com/

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

2011-06-30 Thread jcbollinger


On Jun 29, 7:47 pm, Sriramu Singaram sriramus@gmail.com wrote:
 Hi Everyone,

 I am using Puppet 2.6.5 to configure fresh VMs. These VMs have their
 hostname set to localhost.localdomain initially at boot-time.

 There is this script file that runs in rc.local and this is what I do
 inside it
   1. I change the hostname from localhost to xxx.xx using the
 hostname command.
   2. start the puppet agent as /usr/sbin/puppetd --certname=xxx.xx
 --logdest=/var/log/puppet/puppet.log

 The problem I am facing is that the puppet agent on the VMs creates
 certificates for localhost.localdomain inspite of me changing the
 hostname to say xxx.xxx.

 I want the puppet agent to pick up the new hostname while creating the
 certificate, but it doesn't seem to be doing that.

 I am not sure where the puppet agent looks to pick up the hostname at
 certificate creation, is it the /etc/hosts file or the env or /etc/
 sysconfig/network? currently when I set the hostname using the
 hostname command, it doesnt create any entry in these files.

 Any help is really appreciated!!


In all likelihood, the agent uses the node's name resolver to get its
FQDN, either by a command such as 'hostname --fqdn' or by the direct
syscalls.  Changing the host name via the hostname command does not
affect the FQDN, and also does not persist across reboots .

How you can change the FQDN and whether you can do so without
restarting the VM will depend on your configuration and resolver
library.  Among the relevant files for most Linux installations are /
etc/nsswitch.conf, /etc/resolv.conf, and /etc/hosts.  Other files vary
more among distributions, but on RedHat-family distros you probably
need to set the FQDN in /etc/sysconfig/network.  Whether the node's
name is in fact resolvable in DNS / NIS / whatever-nameservice-is-
configured may also be relevant.

If you are running a name caching service (e.g. nscd) then that may
also factor into the equation.  Note that nscd in particular can be
configured to be stubbornly ignorant of changes to the authoritative
files.


Good luck,

John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Announcing: Geppetto 1.0.1

2011-06-30 Thread Henrik Lindberg

Hi,
Geppetto 1.0.1 is now available.

If you are among the 300 users that already have Geppetto 1.0.0 
installed, you can get the new release by selecting Help  Check for 
Updates. If you are on Mac OS X you need to make a very simple and 
small adjustment to your installed Geppetto 1.0.0 as described in this 
FAQ entry: 
http://cloudsmith.github.com/geppetto/faq.html#2011/06/29/update-stops-with-permgen-error


Download of packaged Geppeto is available at: 
https://github.com/cloudsmith/geppetto/downloads


If you installed Geppetto into your Eclipse, you will get 1.0.1 the next 
time you perform Check for Updates.


For other information please visit: http://cloudsmith.github.com/geppetto/

Regards
-henrik

Release notes for 1.0.1
===
* Support for Nagios types added
* Meta 'name'-parameter alias supported
* Build optimizations (10x improvement for large/complicated modules)
* Fixed issues

Issues Fixed
---
* Validation of trivial resource redefinitions added. Issue #84
* RHS of node inherits must be a constant expression. Issue #67
* Add redefinition checks for names in array. Issue #84
* URL for pptp shortened in ambiguity error marker. Quickfix glitch.
* Support for nagios types added to pptp. Issue #106
* Improved formatting of ambiguous warning message.
* Added Progress Monitor to recursive delete.
* Parameters 'target' and 'ensure' not included for any nagios type. 
Issue #115
* Added namevar processing (default meta 'name' and real namevar - error 
for redefinition).

* Optimized resource linker
* Generated pptp files for 2.6.9 and 2.7.1. (Files included but not yet 
directly useable from UI). Issue #116

* Single-quoted strings with escapes cause unwarranted warnings. Issue #126.
* Setting defaults for defines causes unwarranted error. Issue #125
* Fixed problem on OSX that required manual patch to geppetto.ini to be 
able to update. Also see FAQ (as mentioned above).


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Ruby 1.8.7 manifest

2011-06-30 Thread machete

If you have used a public accessible manifest for ruby 1.8.7 ree or
you are willing to share ... I am looking for one!


Oh, and i've not yet acquired the skillz to create my own.  But when I
do, I promise to share. ; )


T.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

2011-06-30 Thread Nigel Kersten
On Thu, Jun 30, 2011 at 6:49 AM, jcbollinger john.bollin...@stjude.orgwrote:


 Note that nscd in particular can be
 configured to be stubbornly ignorant of changes to the authoritative
 files.


Tell it like it is brother!

/me considers forming the nscd-haters club...

As an aside that really isn't that relevant to the OP, I've had good success
with nsscache in the past.

http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Puppet client do-overs

2011-06-30 Thread Craig White
I am pulling in the 'client' intended version of puppet.conf on my puppetmaster 
system - probably because I had a package that required a class it shouldn't 
have and I have fixed that (I think - hard to test) but even after killing off 
all puppetd processes, clearing out /var/lib/puppet/client_yaml/* and 
/var/lib/puppet/state/* and restarting puppetd they just seem to reload the 
specific mod_puppet classes that it shouldn't. Perhaps it is a stored config 
and I've tried running puppetstoredconfigclean.rb without any success (user 
stupidity for not knowing what this host file is supposed to look like).

How can I get a fresh start with a client so it operates only on the classes it 
is configured to use?

Craig

-- 
Craig White ~~  craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



RE: [Puppet Users] FIPS 140-2 compliance

2011-06-30 Thread Jennings, Jared L CTR USAF AFMC 46 SK/CCI
Pittman:
 Hey, thanks for filing away that request.  We had previous folks
 asking for similar things, but no one indicated that FIPS compliant
 OpenSSL would absolutely refuse to work with MD5, full stop.
 Am I right in imagining, given your title, that FIPS mode is an
 absolute requirement for y'all to use Puppet on your systems?

I believe I understand your question when I say: yes, we have to use FIPS mode 
on our systems; if Puppet does not work under FIPS mode, we can't use Puppet.

At my site, right now, it works ok, because I have locally-made RPM packages of 
Puppet and Ruby with the rough patches that I've indicated in the issue reports 
I've filed. For J. Random Federalgovernment Admin, it probably needs to work 
more smoothly. (What were her parents thinking, giving her two middle names...)

Further reading:
http://iase.disa.mil/stigs/os/unix/unix.html
http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf (look for DCAS-1 
and DCCS-2)
http://www.niap-ccevs.org/faqs/nstissp-11/
Federal Information Security Management Act (FISMA)

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Re: How to define a hash table and loop over them in a definition?

2011-06-30 Thread Haitao Jiang
Thanks a lot for both answers! Very helpful.

However, I was a little surprised that how slow Puppet was when I run
your example. Was it Puppet just slow or was it just my VM is slow? I
literally had to wait 1 min to get the result:

Thu Jun 30 10:37:56 PDT 2011
notice: Finished catalog run in 0.02 seconds
Thu Jun 30 10:38:58 PDT 2011

Did I do anything wrong here?  I was running it under Ubuntu 10.04

Thanks again!

On Wed, Jun 29, 2011 at 7:11 PM, vagn scott vagnsc...@gmail.com wrote:
 On 06/29/2011 09:56 PM, treydock wrote:

 % apparray.each do |key,value| -%

 Key:%= key %
 Path:%= value['path'] %
 Command:%= value['command'] %

 % end -%

 inline_template() can be used as a here document.
 that plus a puppet  shebang line makes testing
 and presenting examples really easy.

 Put the following in file here-hash.pp, then

 chmod +x here-hash.pp
 ./here-hash.pp

 --vagn

 ---8

 #! /usr/bin/puppet apply

 Exec {
        path =
 /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 }

 $prog_name = here-hash.pp

 $apparray =  {
    app1 = { 'path' = '/test/path1', 'command' = 'cmd1' },
    app2 = { 'path' = '/test/path2', 'command' = 'cmd2' },
 }

 $result = inline_template(

 % apparray.each do |key,value| -%

 Key: %= key %
 Path: %= value['path'] %
 Command: %= value['command'] %

 % end -%

 )


 node default {

        notice(--- running: $program_name
 -)

        notice($result)

        notice(--- done: $program_name
 )
 }

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] puppet autosign by VLAN IP

2011-06-30 Thread hyzhang
Hi,

Can puppet autosign work by giving vlan IP instead of domain?

For example, in the autosign.conf file, instead of using
*.mydomain.org, I want to give 172.18.133.*

But it does not seem to work if I give the IP address. But I don't
want to limit the client from *.mydomain.org by only allow certain
vlan client not all the are in the same domain.

Thanks,
-Haiyan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] FIPS 140-2 compliance

2011-06-30 Thread Daniel Pittman
On Thu, Jun 30, 2011 at 10:08, Jennings, Jared L CTR USAF AFMC 46
SK/CCI jared.jennings@eglin.af.mil wrote:
 Pittman:
 Hey, thanks for filing away that request.  We had previous folks
 asking for similar things, but no one indicated that FIPS compliant
 OpenSSL would absolutely refuse to work with MD5, full stop.
 Am I right in imagining, given your title, that FIPS mode is an
 absolute requirement for y'all to use Puppet on your systems?

 I believe I understand your question when I say: yes, we have to use FIPS 
 mode on our systems; if Puppet does not work under FIPS mode, we can't use 
 Puppet.

Maybe I could have asked more clearly.  I wanted to make sure I had
supporting data when it came to convincing my boss that we should be
putting engineering time into fixing this now, because it matters for
a lot more than just theoretical technical reasons. ;)

Thank you so much for sending those references.  They make it much
easier to make my case.

Daniel
-- 
⎋ Puppet Labs Developer – http://puppetlabs.com
✉ Daniel Pittman dan...@puppetlabs.com
✆ Contact me via gtalk, email, or phone: +1 (877) 575-9775
♲ Made with 100 percent post-consumer electrons

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Puppet 2.7.1, variable scoping, best practices

2011-06-30 Thread vagn scott


I'm doing something similar with class inheritance,
rather than node inheritance.

 In http://docs.puppetlabs.com/guides/scope_and_puppet.html it says:

In effect, all variables will be either strictly local or strictly
global. The one exception will be derived classes, which will 
continue

to consult the scope of the base class they inherit from.

I take this to mean that foo() below won't get anything from
it's enclosing class since it is not inheriting from that class.
This change breaks everything non-trivial I've written lately.

But, wait!  About the postfix example it says

postfix::custom’s chain of parent scopes is

postfix::custom  postfix  base  top-scope

Well, that's not too bad.  Everything should keep working.
So, a better statement would be:

All variables will be either strictly local or strictly
global. The two exceptions will be derived classes, which will 
continue

to consult the scope of the base class they inherit from,
and included classes that can see variables from the including 
class.


Tell me this is still going to work:


class default {
$somevar  = defaultvalue
$someothervar = anotherdefault
# 50 other items
}

define foo($a, $b, $c=z) {

# uses somevar and someothervar

}

class local_foo1 inherits default {
$someothervar = internaloverride

foo { blah:   a = x, b = y }
foo { fooey:  a = x2, b = y2 }

}

class local_foo2 inherits default {
$someothervar = internaloverride2

foo { yuck:   a = x3, b = y }

}

node baz {

class ( local_foo1: }
class ( local_foo2: }

}

and if it won't continue to work, how about an explicit
inherits for scopes and lookup order?

define foo($a, $b, $c=z) {
$inherits = [
Parent[2],   # parent and grandparent
#global, # uncomment if you want global
Class[ site_params2 ]  # in lieu of global
]
# uses somevar and someothervar
}

About this:

But this is not a bad thing! Resource defaults are really just
code compression, and were designed to make a single file of
Puppet code more concise. By making sure your defaults are always
on the same page as the resources they apply to, you’ll make
your code vastly more legible and predictable.

Just code compression?  No, defaults is an expression of DRY:
Don't Repeat Yourself.  How are we supposed to keep our code DRY
under this new regime?


Aside:

I never liked puppet's use of the term include.  Maybe because I'm a C
programmer. In C/C++ include is a textual interpolation, similar to
string interpolation.  But, for puppet:

include something

I have to mentally translate that to

use something
something.set_parent_scope(this)

Which, if I'm reading things right, won't be changing to

use something
something.set_parent_scope(nil)



Anyway, looks like I'll be testing 2.7 soon.

--
vagn

On 06/30/2011 07:15 AM, Martijn Grendelman wrote:

Hi,

Having installed Puppet 2.7.1 on my testserver yesterday, I am now bugged
by log messages, that tell me not to use dynamic variable lookups:

Jun 29 13:31:09 os1 puppet-master[31910]: Dynamic lookup of
$ssh_permitrootlogin at /etc/puppet/templates/etc/ssh/sshd_config.erb:28
is deprecated.  Support will be removed in Puppet 2.8.  Use a
fully-qualified variable name (e.g., $classname::variable) or
parameterized classes.

Now, I have been reading up on variable scoping and trying to figure out
how to rewrite my manifests to embrace best practices, but I am confused
on how to proceed, and I can't really find any working examples, so I turn
here for help.

My current setup is something like this:


node basenode {
 $somevar  = defaultvalue
 $someothervar = anotherdefault
}

node internal inherits basenode {
 $someothervar = internaloverride
}

node external inherits basenode {
}

node myinternalserver inherits internal {
 $somevar = nodeoverride
 include generic
}

node someexternalserver inherits external {
 include generic
}

...another 40 node definitions, inheriting either internal or external...

class generic {
 include someclass
 include somemodule::anotherclass
 ...
 includea whole bunch of other classes that every node needs
}


In any class or module I use $somevar and $someothervar as I please, and I
understand that this a) is not a recommended practice and b) will stop
working in Puppet 2.8.

So, what should I do?

Switching to parameterized classes sounds nice, but that would mean that
the 'generic' class would have to get /every/ variable I use as a
parameter and pass it on to subsequent classes where needed. That sounds
incredibly clumsy to me.

In http://docs.puppetlabs.com/guides/scope_and_puppet.html I read:

   If you’re using dynamic scope to share resource defaults, there’s no
way around it: 

[Puppet Users] Re: Using Mcollective with Enterprise Ruby

2011-06-30 Thread Forrie
Where is the plugins directory supposed to be installed/located?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] require = Class

2011-06-30 Thread brijesh
Hi

I have been trying to use class dependency and had no luck so far.
following are the two classes i am trying to use

[root@puppet]#cat libreoffice.pp

class libreoffice {

  case $hostname {
  foo: { package { libreoffice: ensure = present, require =
Class[foo1] } }
}
}

[root@puppet]#cat foo.pp

class foo1 {
  package { openoffice.org-core:
ensure = absent,
  }
}

When i run puppetd on client i get the error message
 Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find class foo1 at /etc/puppet/manifests/classes/
libreoffice.pp:18 on node

Do i need to do anything else in order to use require = Class?

Any help would be appreciated

Thanks

Brijesh



Do i need

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] require = Class

2011-06-30 Thread vagn scott

you also have to have a

include foo1

somewhere.

Note that your require is a dependency,
not an instantiation.  require just says
that foo1 has to be installed first,
before libreoffice package can be installed.

--
vagn



class libreoffice {

case $hostname {
foo: {

include foo1

package { libreoffice:
ensure = present,
require = Class[foo1]
}
}
}
}


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] require = Class

2011-06-30 Thread Nathan Clemons
Are both of the .pp files being imported in site.pp / init.pp?

--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Thu, Jun 30, 2011 at 5:19 PM, brijesh bridgepa...@gmail.com wrote:

 Hi

 I have been trying to use class dependency and had no luck so far.
 following are the two classes i am trying to use

 [root@puppet]#cat libreoffice.pp

 class libreoffice {

  case $hostname {
  foo: { package { libreoffice: ensure = present, require =
 Class[foo1] } }
 }
 }

 [root@puppet]#cat foo.pp

 class foo1 {
  package { openoffice.org-core:
ensure = absent,
  }
 }

 When i run puppetd on client i get the error message
  Could not retrieve catalog from remote server: Error 400 on SERVER:
 Could not find class foo1 at /etc/puppet/manifests/classes/
 libreoffice.pp:18 on node

 Do i need to do anything else in order to use require = Class?

 Any help would be appreciated

 Thanks

 Brijesh



 Do i need

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: require = Class

2011-06-30 Thread brijesh
thanks
that  worked  i didn't realise i need to include it first.

Brijesh

On Jul 1, 1:18 pm, vagn scott vagnsc...@gmail.com wrote:
 you also have to have a

 include foo1

 somewhere.

 Note that your require is a dependency,
 not an instantiation.  require just says
 that foo1 has to be installed first,
 before libreoffice package can be installed.

 --
 vagn

 class libreoffice {

          case $hostname {
                  foo: {

                          include foo1

                          package { libreoffice:
                                  ensure = present,
                                  require = Class[foo1]
                          }
                  }
          }

 }

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



[Puppet Users] Re: require = Class

2011-06-30 Thread brijesh
yes i  have *.pp in my site.pp file but adding include foo1 fixed the
issue.

On Jul 1, 3:02 pm, brijesh bridgepa...@gmail.com wrote:
 thanks
 that  worked  i didn't realise i need to include it first.

 Brijesh

 On Jul 1, 1:18 pm, vagn scott vagnsc...@gmail.com wrote:

  you also have to have a

  include foo1

  somewhere.

  Note that your require is a dependency,
  not an instantiation.  require just says
  that foo1 has to be installed first,
  before libreoffice package can be installed.

  --
  vagn

  class libreoffice {

           case $hostname {
                   foo: {

                           include foo1

                           package { libreoffice:
                                   ensure = present,
                                   require = Class[foo1]
                           }
                   }
           }

  }

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.



Re: [Puppet Users] Puppet client do-overs

2011-06-30 Thread Nathan Clemons
What problem do you have with puppetstoreconfigclean.rb? The problem I
usually have is that I forget it has to be run as root on the puppetmaster,
I keep thinking I need to run it on the client machine.

--
Nathan Clemons
http://www.livemocha.com
The worlds largest online language learning community



On Thu, Jun 30, 2011 at 9:59 AM, Craig White craig.wh...@ttiltd.com wrote:

 I am pulling in the 'client' intended version of puppet.conf on my
 puppetmaster system - probably because I had a package that required a class
 it shouldn't have and I have fixed that (I think - hard to test) but even
 after killing off all puppetd processes, clearing out
 /var/lib/puppet/client_yaml/* and /var/lib/puppet/state/* and restarting
 puppetd they just seem to reload the specific mod_puppet classes that it
 shouldn't. Perhaps it is a stored config and I've tried running
 puppetstoredconfigclean.rb without any success (user stupidity for not
 knowing what this host file is supposed to look like).

 How can I get a fresh start with a client so it operates only on the
 classes it is configured to use?

 Craig

 --
 Craig White ~~  craig.wh...@ttiltd.com
 1.800.869.6908 ~~~ www.ttiassessments.com

 Need help communicating between generations at work to achieve your desired
 success? Let us help!

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.