[Puppet Users] err: Could not retrieve catalog from remote server: Could not intern from pson: Could not convert from pson: Could not find relationship target "File[]"

[Michael Halligan]

I'm running Puppet 2.7.1 on the master as well as the agent and just
received a new error which doesn't actually reference a module or a file, so
I'm somewhat stuck as to how to debug this. Any pointers?
The error is  err: Could not retrieve catalog from remote server: Could not
intern from pson: Could not convert from pson: Could not find relationship
target "File[]"

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

[Sriramu Singaram]

Thank you very much for the reply Guyz. I really appreciate it. I am
working on CentOS and as suggested I tried turning off the nscd
service with no success.

I am curently working setting the hostname in the different
configuration files, hope it works.

will keep you guys posted.

Thanks,
Sriramu



On Jul 1, 9:01 am, jcbollinger  wrote:
> On Jun 30, 10:57 am, Nigel Kersten  wrote:
>
> > As an aside that really isn't that relevant to the OP, I've had good success
> > with nsscache in the past.
>
> >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache
>
> That's cool.  I'll have to study it is a possible solution for some of
> my current problems, such as laptops that can't reach our name
> services when they're off our internal network.  Thanks!
>
> John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] sysv init scripts when using gem to install

[vagn scott]

does /var/run/puppet  exist?

-v



On 06/21/2011 12:30 PM, Craig White wrote:

I am using ruby-enterprise for ruby packages and gem for puppet/facter 
installation and I 'borrowed' the ubuntu sysv init scripts and they mostly work 
but for some reason, it won't stop the service as written but it will start.

For example, the 'puppet' script (obviously for puppetd) has the following...

stop_puppet() {
 start-stop-daemon --stop --quiet --pidfile $PIDFILE
}

# /etc/init.d/puppet restart
  * Restarting puppet configuration management tool
   Could not prepare for execution: Could not create PID file: 
/var/run/puppet/agent.pid

 [ OK ]
Now the file does exist and apparently doesn't get deleted and the process is 
not killed as a result of that command and if I substitute 'killall puppetd' 
for the 'start-stop-daemon' command, it does actually work but it seems so 
inelegant and potentially a problem. The same sort of thing occurs with the 
puppetmaster sysv initscript and I've spent too much time with no better answer 
than substituting the 'killall puppetd|puppetmaster' and suspect that maybe the 
problem is that I have so little familiarity with ubuntu/debian and their sysv 
implementation.

Anyone have a better suggestion than 'killall puppetd|puppetmaster' for the 
'stop' process?

   


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Override resource in nested class structure

[vagn scott]

Here's one way.  It's ugly, but it works.

--
vagn


#! /usr/bin/puppet apply

# Hello everybody
#
# I have a set of nested classes and the deepest class looks after a
# file resource.  I want all my nodes to be of the parent class type
# except one of them needs a special copy of the same file resource.
# How do I override the file resource for that specific node without
# copying the entire class hierarchy for just that one node?  Example:

$default = "/tmp/foo"

define a($filename = "$default") {
  b { "b from a": filename => "$filename" }
  #...
}

define b($filename = "$default") {
  c { "c from b": filename => "$filename" }
  #...
}

define c($filename = "$default") {
  file { "$filename":
ensure => file,
content => "filename: $filename\n",
  }
  notice("title = $title, filename = $filename\n")
}

node default {
  a { "a from default": }
}

node 'specialnode' {
  a { "a from specialnode": filename => "/tmp/baz" }
}

# I want 'specialnode' to have it's own file 'foo' resource which
# differs from the one in class 'c'.
#
# Thank you!



On 07/01/2011 03:48 AM, Chris de Villiers wrote:

Hello everybody

I have a set of nested classes and the deepest class looks after a
file resource.  I want all my nodes to be of the parent class type
except one of them needs a special copy of the same file resource.
How do I override the file resource for that specific node without
copying the entire class hierarchy for just that one node?  Example:

class { 'a':
   include b
   ...
}

class { 'b':
   include c
   ...
}

class { 'c':
   file { 'foo':
 ensure =>  file,
 source =>  'puppet:///modules/...',
   }
}

node default {
   include a
}

node 'specialnode' {
   include a
   # OVERRIDE FILE RESOURCE 'foo' HERE!!
}

I want 'specialnode' to have it's own file 'foo' resource which
differs from the one in class 'c'.

Thank you!

   


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Linux hardening

[James Turnbull]

Nicolas Arias wrote:

Hi guys!.

I want to use puppet to automate initial linux hardening and to
maintain a security configuration standard.

Does any one knows if there are modules going around that take care of
the usual hardening steps?.

If not, i will work on them and share them.



I started this modeled on the CIS Linux Security guidelines.

https://github.com/jamtur01/puppet-hardening

It's not complete but covers a selection of the controls.  You're 
welcome to fork/hack on it.  Patches welcome etc.


Regards

James


--
James Turnbull
Puppet Labs
1-503-734-8571

Join us for PuppetConf , September 22nd
and 23rd in Portland, Oregon, USA.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppetmaster gets no certificate request

[newguy]

Hi guys,
I am very new to puppet and am trying to install  puppet master-client
on my ubuntu system.
Client is a ubuntu on virtual box.

problem is that my puppet mastere gets no certificate request and
puppet client keeps on saying :

warning: peer certificate wont be verified in this SSL session.
notice: Did not receive certificate.

On puppetmaster  puppetmasterd --no-daemonize -v

command gives the following output:


notice: Starting Puppet server version 0.25.4
err: Removing mount files: /etc/puppet/files does not exist
info: mount[files]: allowing 192.168.0.0/24 access
info: mount[plugins]: allowing 192.168.0.0/24 access
info: access[^/catalog/([^/]+)$]: allowing 'method' find
info: access[^/catalog/([^/]+)$]: allowing $1 access
info: access[/certificate_revocation_list/ca]: allowing 'method' find
info: access[/certificate_revocation_list/ca]: allowing * access
info: access[/report]: allowing 'method' save
info: access[/report]: allowing * access
info: access[/file]: allowing * access
info: access[/certificate/ca]: adding authentication no
info: access[/certificate/ca]: allowing 'method' find
info: access[/certificate/ca]: allowing * access
info: access[/certificate/]: adding authentication no
info: access[/certificate/]: allowing 'method' find
info: access[/certificate/]: allowing * access
info: access[/certificate_request]: adding authentication no
info: access[/certificate_request]: allowing 'method' find
info: access[/certificate_request]: allowing 'method' save
info: access[/certificate_request]: allowing * access
info: access[/]: adding authentication any
info: Could not find certificate for 'puppetclient.sbcglobal.net'
info: Could not find certificate for 'puppetclient.sbcglobal.net'
info: Could not find certificate for 'puppetclient.sbcglobal.net'
info: Could not find certificate for 'puppetclient.sbcglobal.net'

and this never ends.

Please help me with this guys, am stuck here, I have read the related
posts in this group but couldnt solve it.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] pluginsync fails to load custom facts or providers

[nate]

possibly related to (or the same as) issues 4830 and 2244, i'm getting
errors when adding a custom fact and provider to a module to propagate
to clients.

am i missing something here? i tried the workaround of adding a
fileserver.conf to the master (referenced below and in the tickets)
with no change.

thanks for any help.

here's a pile of details:

puppetmaster 2.6.9 is running standalone (no apache/passenger) on
centos 5.5 with ruby 1.8.7 (2010-06-23 patchlevel 299) [i386-linux]).
master was upgraded from possibly an earlier 2.6.x release, but it
never ran 0.25.x.

agent is running on os x 10.6.8, puppet 2.6.7, stock ruby 1.8.7.

the custom fact and vcsrepo provider are dumped in a module's lib dir
like so:

/etc/puppet/modules/growl/
|-- files
|   `-- tmp
|   `-- GROWL
|-- lib
|   |-- facter
|   |   `-- facter_dot_d.rb
|   `-- puppet
|   |-- provider
|   |   |-- vcsrepo
|   |   |   |-- bzr.rb
|   |   |   |-- cvs.rb
|   |   |   |-- git.rb
|   |   |   |-- hg.rb
|   |   |   `-- svn.rb
|   |   `-- vcsrepo.rb
|   `-- type
|   `-- vcsrepo.rb
|-- manifests
|   `-- init.pp
`-- templates

init.pp basically just runs a couple of execs to pop up notifications
and drops file under /tmp. it's basically not doing much of anything.
the node definition includes growl, which works fine. everything
except caching the custom fact and provider works.

errors on agent run:

err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources using 'eval_generate': wrong header line format
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw
yaml; using pson
err: /File[/var/lib/puppet/lib]: Could not evaluate: wrong header line
format Could not retrieve file metadata for 
puppet://puppet.adullmoment.com/plugins:
wrong header line format

trace output:

http://pastie.textmate.org/private/40kzbxn0jy3row5s1eu8nq


similar to:

http://projects.puppetlabs.com/issues/4830
http://groups.google.com/group/puppet-users/browse_thread/thread/ae7eecd2fab5dea6

master puppet.conf:

[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
pluginsync = true
factpath = /etc/puppet/facts
moduledir = /etc/puppet/modules:/var/lib/puppet/modules

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
pluginsync = true



[master]
vardir = /var/lib/puppet
libdir = $vardir/lib
#ssldir = /etc/puppet/ssl


agent puppet.conf:

[main]
pluginsync = true
server = puppet.adullmoment.com
moduledir = /etc/puppet/modules:/var/lib/puppet/modules

[agent]
pluginsync = true
vardir = /var/lib/puppet
ssldir = $vardir/ssl

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: undefined method error when installing Puppet Dashboard 1.1.1

[Nigel Kersten]

Has anyone bug reported this yet?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Bug or Feature

[Craig White]

I had a number of symbolic links for file resources and didn't consider the 
impact.

source => "puppet:///modules/$some_module/some_file_which_is_a_symbolic_link"

would actually transfer the link and not the content of the source link.

Moving it to templates and appending .erb to the names handled things fine but  
I thought I should toss this out there because it was unexpected.

-- 
Craig White ~~  craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client do-overs

[Craig White]

On Jun 30, 2011, at 8:21 PM, Nathan Clemons wrote:

> What problem do you have with puppetstoreconfigclean.rb? The problem I 
> usually have is that I forget it has to be run as root on the puppetmaster, I 
> keep thinking I need to run it on the client machine.

The other issue I fixed... PEBKAC naturally

# ruby puppetstoredconfigclean.rb ubuntu.ttinet
puppetstoredconfigclean.rb:54:in `require': no such file to load -- 
puppet/rails (LoadError)
from puppetstoredconfigclean.rb:54

root@ubuntu:/etc/puppet# which ruby
/usr/local/bin/ruby

root@ubuntu:/etc/puppet# gem list --local

*** LOCAL GEMS ***

abstract (1.0.0)
actionmailer (3.0.4)
actionpack (3.0.4)
activeldap (1.2.4)
activemodel (3.0.4)
activerecord (3.0.4, 2.3.12)
activeresource (3.0.4)
activesupport (3.0.4, 2.3.12)
arel (2.0.8)
builder (2.1.2)
bundler (1.0.10)
daemon_controller (0.2.6)
erubis (2.6.6)
facter (1.5.9)
fast_gettext (0.5.8)
fastthread (1.0.7)
file-tail (1.0.5)
gettext_i18n_rails (0.2.2)
i18n (0.5.0)
json (1.5.2)
locale (2.0.5)
mail (2.2.15)
mime-types (1.16)
mysql (2.8.1)
passenger (3.0.7)
polyglot (0.3.1)
puppet (2.6.8)
rack (1.2.1)
rack-mount (0.6.13)
rack-test (0.5.7)
rails (3.0.4)
railties (3.0.4)
rake (0.8.7)
ruby-ldap (0.9.11)
spruz (0.2.5)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.24)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: undefined method error when installing Puppet Dashboard 1.1.1

[Nathan Yehle]

Fixed by downgrading ruby.

Thanks for depreciating so much functionality ruby team!

I had to create a second virtual machine just to run puppetdash
because its required ruby versions do not seem to work with the
versions we use for our puppetmaster server.

Working config:
 SL55
libselinux-ruby-1.33.4-5.7.el5
ruby-irb-1.8.5-19.el5_6.1
ruby-gems-1.3.1-1.el5
ruby-mysql-2.7.3-1.el5
ruby-augeas-0.4.1-1.el5
rubygems-1.3.1-1.el5
ruby-1.8.5-19.el5_6.1
ruby-rdoc-1.8.5-19.el5_6.1
rubygem-rake-0.8.3-1.el5
ruby-shadow-1.4.1-7.el5
ruby-libs-1.8.5-19.el5_6.1

Non-working:

$ ruby -v
ruby 1.8.7 (2011-02-18 patchlevel 334) [x86_64-linux]



On Jul 1, 10:56 am, Nathan Yehle  wrote:
> I'm stuck at this bug too, SL55 x86_64 ruby-1.8.5-5.el5_4.8, puppet-
> dashboard-1.1.1-1
> -N

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Linux hardening

[Nicolas Arias]

Hi guys!.

I want to use puppet to automate initial linux hardening and to
maintain a security configuration standard.

Does any one knows if there are modules going around that take care of
the usual hardening steps?.

If not, i will work on them and share them.

thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet 2.7.1, variable scoping, best practices

[vagn scott]

On 07/01/2011 10:01 AM, jcbollinger wrote:


Parameterized classes address problem (1) by formalizing class
parameterization, and they address problem (2) by making it illegal to
include a parameterized class more than once (even with the same
parameters).  One of my main objections to parameterized classes is
that the latter is too far-reaching and constraining.


   


The problem is context dependent classes.
The new rules intend to make it impossible to
write such classes, except where the context
is explicitly passed in the argument list.


Things to consider:

1) I personally recommend avoiding deep node inheritance hierarchies.
In fact, I recommend no more than two levels to your node inheritance
tree.  This may or may not help with your present problem.
2) As I mentioned above, you may be able to just change to fully-
qualified variable names.  That would be quick and relatively
painless.
   


Well, I will play with 2.7 this weekend with an eye toward
killing context dependencies in my manifests.  The question
is, are the dependencies necessary (and there are a lot of them),
or are they just a result of thinking in C?

Thanks for being didactic :-)

--
vagn

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

[jcbollinger]

On Jun 30, 10:57 am, Nigel Kersten  wrote:
> As an aside that really isn't that relevant to the OP, I've had good success
> with nsscache in the past.
>
> http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache

That's cool.  I'll have to study it is a possible solution for some of
my current problems, such as laptops that can't reach our name
services when they're off our internal network.  Thanks!


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Override resource in nested class structure

[Chris de Villiers]

Hello everybody

I have a set of nested classes and the deepest class looks after a
file resource.  I want all my nodes to be of the parent class type
except one of them needs a special copy of the same file resource.
How do I override the file resource for that specific node without
copying the entire class hierarchy for just that one node?  Example:

class { 'a':
  include b
  ...
}

class { 'b':
  include c
  ...
}

class { 'c':
  file { 'foo':
ensure => file,
source => 'puppet:///modules/...',
  }
}

node default {
  include a
}

node 'specialnode' {
  include a
  # OVERRIDE FILE RESOURCE 'foo' HERE!!
}

I want 'specialnode' to have it's own file 'foo' resource which
differs from the one in class 'c'.

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: undefined method error when installing Puppet Dashboard 1.1.1

[Nathan Yehle]

I'm stuck at this bug too, SL55 x86_64 ruby-1.8.5-5.el5_4.8, puppet-
dashboard-1.1.1-1
-N

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet dashboard cannot work behind a Apache reverse proxy?

[heriyanto]

Dear All,


I already deploy puppet-dashboard with passanger.
i'm want to try puppet-dasboard work in like myserver.com/puppet-report
using apache proxy reverse, but still getting work, its just show the 
index then when i try to click
some link like nodes, its will be goto myserver.com/nodes, not to 
myserver.com/puppet-report/nodes
its just work if i try to reverse to myserver.com. where my false, 
should i not using passanger or

something wrong my config .

i'm realy need help because i already try 3 days and still not work, 
because puppet-dashboard its

very important to monitor about hundreds our hosts.

this is my vhost configuration in puppet-dashboard server:

1. 192.168.x.x /etc/httpd/conf.d/dashboard.conf  where the puppet 
dashboard deployed:


LoadModule passenger_module 
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.7/ext/apache2/mod_passenger.so

PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.7
PassengerRuby /usr/bin/ruby
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
PassengerStatThrottleRate 120
RailsAutoDetect On

ServerName server.myserver.local
DocumentRoot /usr/share/puppet-dashboard/public/

Options None
AllowOverride AuthConfig
Order allow,deny
allow from all

ErrorLog /var/log/httpd/server.myserver.local_error.log
LogLevel warn
CustomLog /var/log/httpd/server.myserver.local_access.log combined
ServerSignature On


2. 203.x.x.x /etc/httpd/conf.d/dashboard.conf this where the apache 
should reverse:



  ServerName www.myserver.local
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass /puppet-report http://www.myserver.com/
  ProxyPassReverse /puppet-report http://www.myserver.com/

  Order deny,allow
  Allow from all



any something wrong with my configuration?

with this config its already show in www.myserver.com/puppet-report
but when i click some link like nodes its always goto 
www.myserver.com/nodes/

not www.myserver.com/puppet-report/nodes/

I appreciate every reply you give. Thank you very much.



Regards


Heriyanto

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 2.7.1, variable scoping, best practices

[jcbollinger]

On Jun 30, 6:15 am, Martijn Grendelman  wrote:
> Hi,
>
> Having installed Puppet 2.7.1 on my testserver yesterday, I am now bugged
> by log messages, that tell me not to use dynamic variable lookups:
>
> Jun 29 13:31:09 os1 puppet-master[31910]: Dynamic lookup of
> $ssh_permitrootlogin at /etc/puppet/templates/etc/ssh/sshd_config.erb:28
> is deprecated.  Support will be removed in Puppet 2.8.  Use a
> fully-qualified variable name (e.g., $classname::variable) or
> parameterized classes.
>
> Now, I have been reading up on variable scoping and trying to figure out
> how to rewrite my manifests to embrace best practices, but I am confused
> on how to proceed, and I can't really find any working examples, so I turn
> here for help.
>
> My current setup is something like this:
>
> node basenode {
>     $somevar      = "defaultvalue"
>     $someothervar = "anotherdefault"
>
> }


[...]


> In any class or module I use $somevar and $someothervar as I please, and I
> understand that this a) is not a recommended practice and b) will stop
> working in Puppet 2.8.
>
> So, what should I do?


It's not actually clear to me whether "top level" includes inside node
declarations, but IMHO it should.  If it does, and if you do not rely
on defining different values for $somevar or $someothervar inside your
classes (see below), then you should be able to solve your problem by
changing all appearance of $somevar and $someothervar to $::somevar
and $::someothervar (i.e. use their fully-qualified names as the
warning suggests).  It should be pretty easy to test whether that
works for you.


> Switching to parameterized classes sounds nice, but that would mean that
> the 'generic' class would have to get /every/ variable I use as a
> parameter and pass it on to subsequent classes where needed. That sounds
> incredibly clumsy to me.


As regulars here will know, I am not a big fan of parameterized
classes.  Puppetlabs likes them, and pushes them, but I think they are
rarely the best tool for the job.  Perhaps the thing that they are
most appropriate for, however, is avoiding dynamic scoping.  More on
that below.

You are right that for your manifest design, solving the problem via
class parameterization would require your Class["generic"] to be
parameterized with all the variables it uses directly plus all those
needed by the classes it includes.  I think this is one reason that
Puppetlabs' style guide now recommends avoiding classes including
other classes.  Once your manifests become complex enough that that is
painful, they suggest using an external node classifier.  If you don't
buy in to parameterized classes, however, then that advice does not
stand up so well.


> Inhttp://docs.puppetlabs.com/guides/scope_and_puppet.htmlI read:
>
>   "If you re using dynamic scope to share resource defaults, there s no
> way around it: you ll have to repeat yourself in each file that the
> defaults apply to."
>
> Is this what's biting me here? Well, this sounds like something I can live
> with, after all: it's not the default values I care about, it's the
> overriding values.


Forgive me for being didactic:

In Puppet < 2.8.0, variables declared outside any class can be
overridden by declarations of the same variable name within classes.
Within a class that does so and any class it includes, recursively,
the variable's unqualified name resolves to the class's definition,
not the top-level one.  Except that this nests, so that if an included
class also defines a variable having the same simple name, then it and
its included classes see *its* definition.  This is called "dynamic
scoping".

Dynamic scoping presents at least two problems:

1) When a class refers to externally defined variables by their simple
names, it is hard to know what definition of the variable you're going
to get.  That's not such a big deal, though, and it could even be
considered an advantage -- the external variables a class uses can be
considered de facto parameters for it.

2) Classes can be included multiple times, by more than one path, and
there is no guarantee that the values they see for unqualified
external variable names will be the same at each inclusion.  This can
result in unintended behavior, but the problem is not so much that
dynamic scoping is inherently bad, but rather that it facilitates poor
manifest design.

Parameterized classes address problem (1) by formalizing class
parameterization, and they address problem (2) by making it illegal to
include a parameterized class more than once (even with the same
parameters).  One of my main objections to parameterized classes is
that the latter is too far-reaching and constraining.


> Further, it states:
>
>   "If you need to apply resource defaults more broadly, you can still set
> them at top scope in your primary site manifest. If you need the resource
> defaults in a class to change depending on where the class is being
> declared, you need parameterized classes."
>
> And we're back at parameterized

[Puppet Users] Re: How to define a hash table and loop over them in a definition?

[jcbollinger]

On Jun 30, 12:42 pm, Haitao Jiang  wrote:
> Thanks a lot for both answers! Very helpful.
>
> However, I was a little surprised that how slow Puppet was when I run
> your example. Was it Puppet just slow or was it just my VM is slow? I
> literally had to wait 1 min to get the result:
>
> Thu Jun 30 10:37:56 PDT 2011
> notice: Finished catalog run in 0.02 seconds
> Thu Jun 30 10:38:58 PDT 2011
>
> Did I do anything wrong here?  I was running it under Ubuntu 10.04


Puppet reported spending just 20 milliseconds applying the catalog.
Your puppetmaster's log will show how long it spent compiling that
catalog.  Any other elapsed time is not directly attributable to
Puppet, but is not necessarily the result of running in VM, either.
It could be a result of multiple VMs contending for processor and/or
network resources, of a network configuration problem (e.g. Vagn's DNS
timeout), or of simple network congestion.  There are undoubtedly
other possibilities as well.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] functions and environments

[vagn scott]

On 06/17/2011 10:52 AM, Nigel Kersten wrote:
It's not entirely unreasonable to expect that if module 'foo' is found 
in one modulepath component, that no other module named 'foo' should 
come into play, but I think we have some edge cases here. Please feel 
free to file a feature request around modulepath behaving more like 
$PATH in the shell does.


I actually played around with this for a while, trying to come up with a 
scheme for
stackable configurations.  The hack needed to make it work is to install 
links
higher in the stack to files lower in the stack, because where ever 
puppet finds
a module in the stack of modules trees, that module tree is where it 
looks for all the
other related files.  It will not drill down through the stack ('path') 
for each file of

the module.  Nor would you want it to.

Anyway, it ended up ugly, and I went looking for a better way.
--
vagn

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How to define a hash table and loop over them in a definition?

[vagn scott]

Maybe you've got network issues?
1 minute sounds like two DNS lookups timing out.

--
vagn

On 06/30/2011 01:42 PM, Haitao Jiang wrote:

Thanks a lot for both answers! Very helpful.

However, I was a little surprised that how slow Puppet was when I run
your example. Was it Puppet just slow or was it just my VM is slow? I
literally had to wait 1 min to get the result:

Thu Jun 30 10:37:56 PDT 2011
notice: Finished catalog run in 0.02 seconds
Thu Jun 30 10:38:58 PDT 2011

Did I do anything wrong here?  I was running it under Ubuntu 10.04

Thanks again!
   


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet autosign by VLAN IP

[Denmat]

Hi, 

I'm pretty sure the signing can only reference the cert name in the SSL 
certificate. 

Cheers,
Den

On 01/07/2011, at 4:12, hyzhang  wrote:

> Hi,
> 
> Can puppet autosign work by giving vlan IP instead of domain?
> 
> For example, in the autosign.conf file, instead of using
> *.mydomain.org, I want to give 172.18.133.*
> 
> But it does not seem to work if I give the IP address. But I don't
> want to limit the client from *.mydomain.org by only allow certain
> vlan client not all the are in the same domain.
> 
> Thanks,
> -Haiyan
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.