[Puppet Users] Re: ENC to install multiple instances of an app on the same node
On Jul 5, 11:45 pm, Erik paleh...@gmail.com wrote: I'm a puppet n00b trying to write an ENC, and I'm a bit stumped. Here's the scenario: I have an app which is started via inittab, and a parameterized class which accepts several arguments (inittab label, log dir, version, etc) which it uses to ensure that the app is installed, that certain directories are created, inittab entries are added, etc. This app has several instances, each of which is deployed to a group of hosts. Some of these groups of hosts overlap, meaning that multiple instances can run on a given host. My dilemma is that this makes returning the proper YAML from a perl script impractical as the class names are the keys. So when multiple instances of an app need to be installed on the same node... well, you can't. Key names must be unique. A more elegant way must exist to do what I need to do, I'm just not seeing it. Any ideas? Hmm... This seems to have been already addressed in a reply posted almost at the same as I sent this message: http://groups.google.com/group/puppet-users/browse_thread/thread/d9fe1204cfbffb0b For some reason I did not notice the original post when I was browsing the list via the web interface. Sorry for the additional noise, and thanks to Dan for his reply in that thread. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How puppetmasterd manage libraries?
The version of puppet is 2.6.8. If I try to run the agent on the server side, I get the modules. But there is any way to do that without running the client in the server? root@server /etc/puppet# puppet agent --no-daemonize --environment development --verbose --onetime info: Retrieving plugin notice: /File[/var/lib/puppet/lib/puppet]/ensure: created notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure: defined content as '{md5}79b686248bc15ca126e53acbdb31735f' notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure: defined content as '{md5}2b8e9ec04676207536608563d9933781' info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/ iptables.rb info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/ iptables.rb info: Caching catalog for server info: Applying configuration version '1309855716' On 5 jul, 19:56, Ken Barber k...@puppetlabs.com wrote: Do you get any errors when you run puppetd/puppet agent on the server side? (as apposed to running it on the client). What version of puppet are you running btw? ken. On Tue, Jul 5, 2011 at 9:11 AM, alan bover alanbo...@gmail.com wrote: Hi, I've been doing some testings with an iptables puppet recepy on my own deployment, where the puppetd and puppetmasterd are in different machines. I don't really understand how to make puppetmasterd get automatically the libraries from the modules. Some workaround: The module iptables structure: - iptables / - tests/ - lib / - puppet / - test / - iptables.rb - type / - iptables.rb As I could see, on the master side, the folder 'lib' needs to be copied in /var/lib/puppet/lib/.., or otherwise the client will launch an error because the puppetmaster ignores the type iptables at compiling time. I set in both server and client the configurations of pluginsync = true, and plugindest. But I always get the same problem: on the client side, it downloads the plugin from the server and place it in /var/lib/ puppet/lib/, and after I get an error because the server does not do the same with the module to his own directory. The solution for the moment was copy it manually. How should I do for the server get automatically the plugins and load them into plugindest? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Importing RPM private signing keys
Hi all, I'm not sure about the best way to tackle this - perhaps someone can help :) I've got some manifests that set up a server to be a build server, to compile sources and create RPM packages. There is a couple of things that I can't see how to do: 1. Each user needs an ~/.rpmmacros file in their home dir, and the file needs to be different for each person. The content should be like this: %_topdir %(echo $HOME)/rpmbuild %_smp_mflags -j3 %__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot %_signature gpg %_gpg_name ResNet %packager Jonathan Gazeley jonathan.gaze...@bristol.ac.uk Is there a neat way of deploying a templated .rpmmacros file to all users on the build box? 2. Each user needs to import the secret signing key into their keychain. This is done by running gpg --import secret.key as each user on the build box. How can puppet do this? Many thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dashboard resurrecting deleted nodes
Hi, I was just searching for all systems where selinux is true on Dashboard and firstly I got no results, despite there being some (any clues?) but that search also seems to have resurrected some nodes I deleted a few weeks ago. 7 systems instantly appeared under Never reported. I just deleted one, did the search again and POW! it's back again. Does this sound familiar or should I go open a bug (against 1.1.0) Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Moving config to an ENC
This looks exactly like what I was looking for, thank you. This might be worth mentioning on the ENC page so people like myself can find it easier. On Tue, Jul 5, 2011 at 10:42 PM, Dan Bode d...@puppetlabs.com wrote: Hi J, The create resources function was created to serve this exact use case (the README actually mentions your exact use case :) ) https://github.com/puppetlabs/puppetlabs-create_resources This will require 2.6.5 or higher to work (That is the first version where ENC's support param classes) The function was also merged into core in 2.7.0 -Dan On Tue, Jul 5, 2011 at 1:40 PM, Justin Lambert jlamb...@localmatters.comwrote: I have recently started moving the config of our puppet hosts out of the nodes files and into an ENC so they can be managed through a web UI by someone with less technical experience without the fear of a typo causing a failure of all catalogs to compile. As a result, I have been looking at which modules need to be rewritten to support this. The problem I have run into is, how do you do something such as add multiple virtual hosts using the YAML output of an ENC? I currently have something like: node 'web01.company.com' { apache::virtualhost { 'site1': location = '/hosted/site1', url = ' http://site1.com' } apache::virtualhost { 'site2': location = '/hosted/site2', url = ' http://site2.com' } } This uses 'define apache::virtualhost' in order to create multiple sites, works fine. The YAML from an ENC (referencing http://docs.puppetlabs.com/guides/external_nodes.html) doesn't look to support this kind of definition so I need to find an alternative. My next thought was that I can pass parameters to a parameterized class. No love there as you can't instantiate a class multiple times with different parameters. How are others solving this issue? Thanks, jl -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dynamic including in templates
I have a puppet class called dhcp which sets up the daemon and installs a base dhcpd.conf. I have also have subclasses like dhcp::pool1, dhcp::pool2 which install other files with DHCP code snippets to provide DHCP to different subnets with different address pools. The manifest for these looks like this: class dhcp::rnw { include dhcp2::common $includernw = '1' file { dhcpd.rnw: name = /etc/dhcp/dhcpd.rnw, mode = 644, owner = root, group = root, notify = Service[dhcpd], source = puppet:///modules/dhcp/dhcpd.rnw, } In the ERB template for the base dhcpd.conf, I have lines like this: % if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end % For some reason, the include lines always get included, even if the subclass hasn't been applied and therefore the $includernw hasn't been set. Am I missing something with the way variables are set and assigned, or read in ERB? Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problems Syncing Home Directories
Thanks! All the files in /etc/puppet are owned by root, so I assumed those files should be as well. Re-owned the files to puppet and now it works great! Thanks again for the help. Kyle http://www.kylehall.info Mill Run Technology Solutions ( http://millruntech.com ) Crawford County Federated Library System ( http://www.ccfls.org ) Meadville Public Library ( http://www.meadvillelibrary.org ) On Tue, Jul 5, 2011 at 12:53 PM, Ken Barber k...@puppetlabs.com wrote: Hi Kyle, The source paths need to be accessible by the same user that puppetmasterd is running as ... which is usually puppet. Some of those files are owned by root and 700 or 600 so it can't read them: drwx-- 2 root root 4.0K 2011-07-05 07:39 autostart Look at the error: err: /Stage[main]/User-public/File[public-home-cs]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Permission denied - /etc/puppet/files/users/home/public/.config/autostart The error is on the server ... the point being, its not the client permissions that you should be worried about. Make the directory and its children (say .config) accessible to puppet, probably by changing the owner (or a chmod - depends on what you've got in these dirs) - and sort out applying the correct permissions on the client with the file {} resource. ken. On Tue, Jul 5, 2011 at 2:42 PM, Kyle Hall kyle.m.h...@gmail.com wrote: Hello All, I administrate public Internet computers for a number of libraries. I have a user 'public' and I am trying to keep all the home's for this user the same across multiple computers. When I try to do this with puppet, I get errors for some directories. It only happens on hidden directories, but I'm not sure if it is all of them, or just some of them. This is the error: err: /Stage[main]/User-public/File[public-home-cs]: Failed to generate additional resources using 'eval_generate': Error 400 on SERVER: Permission denied - /etc/puppet/files/users/home/public/.config/autostart If I delete this directory, it will give an error for some other directory. Here is an ls -alh for /etc/puppet/files/users/home/public/.config drwxrwxrwx 8 root root 4.0K 2011-07-05 07:39 . drwxrwxrwx 27 root root 4.0K 2011-07-05 07:56 .. drwx-- 2 root root 4.0K 2011-07-05 07:39 autostart drwxr--r-- 2 root root 4.0K 2011-07-05 07:39 deskbar-applet drwx-- 2 root root 4.0K 2011-07-05 07:39 enchant drwxr-xr-x 3 root root 4.0K 2011-07-05 07:39 gnome-session drwxr-xr-x 4 root root 4.0K 2011-07-05 07:39 google-chrome drwxr-xr-x 2 root root 4.0K 2011-07-05 07:39 menus -rw--- 1 root root 632 2011-07-05 07:39 user-dirs.dirs -rw-r--r-- 1 root root 5 2011-07-05 07:39 user-dirs.locale I've tried it with the dir owned as both root and public, same error both ways. Here is the relevant part of my manifiest: class user-public { group { public: ensure = present, } user { public: ensure = present, gid = 'public', shell = '/bin/bash', home = '/home/public', managehome = true, password = '$6$skUt3Y9e$DCE./FocksDxrsrZN2hIZXiZNNBLPUDKkhg359BAwHVKXU6HsQKb2nkX.B1zngxtUI91zAqdTFZHYaiCAoBoB1', require = Group['public'], } file { public-home: path = '/home/public', ensure = directory, owner = 'public', group = 'public', recurse = true, ignore = '.git', source = 'puppet:///files/users/home/public', require = User['public'], } } Thanks in advance, Kyle http://www.kylehall.info Mill Run Technology Solutions ( http://millruntech.com ) Crawford County Federated Library System ( http://www.ccfls.org ) Meadville Public Library ( http://www.meadvillelibrary.org ) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
Re: [Puppet Users] Dynamic including in templates
Try: % if includernw == 1 % include /etc/dhcp/dhcpd.rnw;% end % Note the '==' :-). ken. On Wed, Jul 6, 2011 at 2:45 PM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: I have a puppet class called dhcp which sets up the daemon and installs a base dhcpd.conf. I have also have subclasses like dhcp::pool1, dhcp::pool2 which install other files with DHCP code snippets to provide DHCP to different subnets with different address pools. The manifest for these looks like this: class dhcp::rnw { include dhcp2::common $includernw = '1' file { dhcpd.rnw: name = /etc/dhcp/dhcpd.rnw, mode = 644, owner = root, group = root, notify = Service[dhcpd], source = puppet:///modules/dhcp/dhcpd.rnw, } In the ERB template for the base dhcpd.conf, I have lines like this: % if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end % For some reason, the include lines always get included, even if the subclass hasn't been applied and therefore the $includernw hasn't been set. Am I missing something with the way variables are set and assigned, or read in ERB? Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard resurrecting deleted nodes
On Wed, Jul 6, 2011 at 4:20 AM, Chris Phillips ch...@untrepid.com wrote: Hi, I was just searching for all systems where selinux is true on Dashboard and firstly I got no results, despite there being some (any clues?) but that search also seems to have resurrected some nodes I deleted a few weeks ago. 7 systems instantly appeared under Never reported. I just deleted one, did the search again and POW! it's back again. Does this sound familiar or should I go open a bug (against 1.1.0) This is happening because the inventory search will create nodes in Dashboard corresponding to the nodes retrieved by the search, and the facts for that node are still present on your master. The ideal solution would probably be to purge the master of the data for that node, though someone else will have to speak as to how best to do that. On the Dashboard side, you can hide a node rather than deleting it, which will prevent it from coming back to life this way. Hidden nodes remain in the system, but are ignored in lists of node statuses, charts, etc. Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dynamic including in templates
Thanks Ken. Adding the '==' now makes my template syntactically valid, which is always nice. Next problem - as the $includernw variable is defined in a subclass, it is out-of-scope when the main dhcpd.conf template is called from the top class. I see in the docs there's a function called scope.lookupvar but that seems to need a %= in the template, rather than a %. Is there a way to use an out-of-scope variable in a simple conditional in a template? I'm a perl kinda guy, but gradually getting to grips with ruby/puppet :) Many thanks, Jonathan On 06/07/11 14:56, Ken Barber wrote: Try: % if includernw == 1 % include /etc/dhcp/dhcpd.rnw;% end % Note the '==' :-). ken. On Wed, Jul 6, 2011 at 2:45 PM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: I have a puppet class called dhcp which sets up the daemon and installs a base dhcpd.conf. I have also have subclasses like dhcp::pool1, dhcp::pool2 which install other files with DHCP code snippets to provide DHCP to different subnets with different address pools. The manifest for these looks like this: class dhcp::rnw { include dhcp2::common $includernw = '1' file { dhcpd.rnw: name = /etc/dhcp/dhcpd.rnw, mode = 644, owner = root, group = root, notify = Service[dhcpd], source = puppet:///modules/dhcp/dhcpd.rnw, } In the ERB template for the base dhcpd.conf, I have lines like this: % if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end % For some reason, the include lines always get included, even if the subclass hasn't been applied and therefore the $includernw hasn't been set. Am I missing something with the way variables are set and assigned, or read in ERB? Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard - Could not retrieve facts from inventory service
Yes, 'auth any' was the secret decoder ring. I would have thought 'auth no' was sufficient but evidently not. Thanks Craig On Jul 5, 2011, at 8:31 PM, Justin Lambert wrote: I actually set this up today, if you set it up like: path /facts method find auth any allow * does that fix your issue? If it does, it looks like it is something with the way your reverse DNS is working on the allow line. On Tue, Jul 5, 2011 at 4:24 PM, Craig White craig.wh...@ttiltd.com wrote: puppet 2.6.8 puppet-dashboard v1.1.1 auth.conf has: path /facts auth no method find allow dashboard, ubuntu.ttinet path /inventory auth no method search, find allow dashboard, ubuntu.ttinet # grep fact puppet.conf factpath=$vardir/lib/facter factsysnc=true The error (and I've tracked a lot of these down w/ Google but not getting to the heart of my problem - I'm relatively up to date): Could not retrieve facts from inventory service: 403 Forbidden request: dashboard(10.1.0.253) access to /facts/ubuntu2.ttinet [find] authenticated at line 103 How do I fix this? -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Large scale puppet deployments
I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Any pointers are welcome, Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Large scale puppet deployments
At Vanderbilt University, we have a compute cluster with about 700 machines total, all under puppet. The machines are broken into 3 groups: compute nodes, gateways, and infrastructure. The puppet server is a dual-quad core box with 16GB ram, using apache and passenger. All 700 boxes check in once per hour, but we are considering running puppet out of cron on the nodes and gateways, dialing back the frequency of puppet runs. We are using puppet version 2.6.6 across the cluster. ~Charles~ On Wed, Jul 6, 2011 at 7:22 AM, Tim Bell noggin...@gmail.com wrote: I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Any pointers are welcome, Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue with puppet file serving api not parsing yaml content correctly
I am working on building a facter tag based node classifier similar to https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/. However, I have run into an issue where I cannot use puppet's require file ability to push the yaml file containing the facts file to the client because it would require two runs of puppet to pickup changes. Consequently, I have written into the facter ruby script the ability to connect to puppet's restful api and get the yaml file from the private store. This works fine in irb, ruby, and facter if called directly. However, when run inside of a puppet run it seems to fail on parsing the http response correctly into yaml. As a result, it does not get saved to disk and loaded as a fact for the puppet run. There is probably a simpler way to do this. Essentially we want to have tags on a server and use that to selectively include or remove modules from a server by facter tags rather than by a server's name. Some Version Information: - os = CentOS release 5.2 (Final) - ruby = ruby 1.8.6 (2008-08-11 patchlevel 287) [x86_64-linux] - facter = 1.6.0 (updated because my script loads multiple facts and the older version we were running requires the filename to match the fact name. This was not working because I did not want to split my ruby load script into multiple files to match each of the fact names.) - puppet = 0.25.4 Yaml file it is trying to grab from a private store: --- role: - base - db env: - dev The yaml file downloads correctly via a puppet run without my script. I can also wget the file and use net/https via ruby to get the file. All methods return the correct file with matching md5sums. Under my module called truth I have the following: - files - private - domain.inter - hostname - truth_tags.yml ex: --- role: - base env: - dev - lib - facter - load_truth_tags.rb problem area: def apitruthtag(calltype) # set some client side variables to build on later sslbasedir = '/etc/puppet/ssl' sslprivdir = sslbasedir + '/private_keys' sslpubdir = sslbasedir + '/certs' sslcafile = sslpubdir + '/ca.pem' # this sets if we want metadata or content from puppet datatype = calltype # We want yaml back from puppet header = {'Accept' = 'yaml'} # Setup some connection variables to our puppet server and what we want from it proto = 'https' server = 'puppet.domain.inter' port = '8140' path = '/production/file_' + datatype + '/truth_private/ truth_tags.yml' # Build the full uri to request from our puppet server. Then parse it for port and things uri = URI.parse(proto + '://' + server + ':' + port + path) # Setup the http module and set it for getting data http = Net::HTTP.new(uri.host, uri.port) request = Net::HTTP::Get.new(uri.request_uri, header) http.use_ssl = true if uri.scheme == 'https' # Enable ssl verification to ensure we are talking to the correct people http.verify_mode = OpenSSL::SSL::VERIFY_PEER # Cert Auth: # Set certificate paths # puppet certificate authority file if File.readable?(sslcafile) then # Puppet ca file http.ca_file = sslcafile puts readable? + sslprivdir + '/' + hostname + '.pem' if $debug if File.readable?(sslprivdir + '/' + hostname + '.pem') then # client private key http.key = OpenSSL::PKey::RSA.new(File.read(sslprivdir + '/' + hostname + '.pem')) puts readable? + sslpubdir + '/' + hostname + '.pem' if $debug if File.readable?(sslpubdir + '/' + hostname + '.pem') then # client public key http.cert = OpenSSL::X509::Certificate.new(File.read(sslpubdir + '/' + hostname + '.pem')) # Make the request response = http.request(request) else raise No readable client pubic key in #{sslpubdir}/ #{hostname}.pem end # End public key check else raise No readable client private key in #{sslprivdir}/ #{hostname}.pem end # End private key check else raise No readable ca cert in #{sslcafile} end # End ca file check # Check to make sure we got some data back if response != nil # Check to see if we have a good server response before saving the variable puts check code + response.code if $debug if ((response.code 300) and (response.code = 200)) return response.body else raise server did not return an acceptable reponse code end # end server response code check else raise No response from #{server} end # end nil response check end # end apitruthtag servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] # When executed from a puppet run I tells me that ivars is undefined. - lib - puppet - parser - functions - truth_tags.rb - manifests - init.pp ex: class truth inherits truth::init_bootstrap { if truth_tag('role', 'base') and !truth_tag('role', 'nobase') { notice(${::hostname}: Including role, base modules...) notice(${::hostname}: role, base: including network)
Re: [Puppet Users] AIX clients
On Thu, Jun 30, 2011 at 6:12 AM, Rob McBroom mailingli...@skurfer.com wrote: On Jun 29, 2011, at 3:28 PM, Kinzel, David wrote: Can you point to where/how you got ruby working? Last attempt openssl was refusing to function properly for me. I built it from source, but the SSL module wasn’t working for me either. I didn’t include every problem I ran into since I figured the theoretical answer would cover them. Sorry. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I had Ruby with SSL working on AIX 5.x and 6.x at my last job. Let me see if I can find my notes about building ruby, and maybe I'll be able to help out some. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet 2.7.2rc1
This a bug-fix release in the 2.7.x branch. This merges up all changes in the 2.6.9 release that were unable to be merged into 2.7.{0,1} due to 2.7 being frozen in release candidate state. This release is available for download at: http://puppetlabs.com/downloads/puppet/puppet-2.7.2rc1.tar.gz See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 2.7.2rc1 http://projects.puppetlabs.com/projects/puppet/ Release notes found at: https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.2rc1 # Highlights include: # 99330fa (#7224) Reword ‘hostname was not match’ error message 1d867b0 (#7224) Add a helper to Puppet::SSL::Certificate to retrieve alternate names db1a392 (#7506) Organize READMEs; specify supported Ruby versions in README.md 98ba407 (#7127) Stop puppet if a prerun command fails caca469 (#4416) Ensure types are providified after reloading 413b136 (#4416) Always remove old provider before recreating it 98f58ce (#2128) Add WARNING for node_name_{fact,value} descriptions 3f0dbb5 (#650) Allow symlinks for configuration directories 1c70f0c (#2128) Add support for setting node name based on a fact c629958 (#2128) Get facts before retrieving catalog 8eb0e16 (#2728) Add diff output for changes made by Augeas provider c02126d (#5966) Add support for hostname regular expressions in auth.conf 75e2764 (#5318) Always notice changes to manifests when compiling. 0bcbca5 maint: Dedup the loadpath so we don’t have to walk it multiple times 89d447b (#6962) Add “arguments” method to help API 8eea3f5 Added the vcsrepo type and providers to the core 107b38a maint: Fix pacman provider to work with Ruby 1.9 0b8ebac (#7300) Fix instances method of mount provider -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Large scale puppet deployments
Tim Bell wrote: I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Largest install I am aware of is 100K machines but I suspect they probably have more now. I know of multiple 50K to 100K installations and numerous 10K to 50K installations. Those usually involve multiple Puppet masters deployed geographically and locally redundant usually front-ended with load balances of various kinds (HW/Apache) with masters running Apache-Passenger, Nginx, Unicorn and the like. What's your use case and I can probably expand on this. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 Join us for PuppetConf http://www.bit.ly/puppetconfsig, September 22nd and 23rd in Portland, Oregon, USA. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.