[Puppet Users] Re: ENC to install multiple instances of an app on the same node
On Jul 5, 11:45 pm, Erik paleh...@gmail.com wrote: I'm a puppet n00b trying to write an ENC, and I'm a bit stumped. Here's the scenario: I have an app which is started via inittab, and a parameterized class which accepts several arguments (inittab label, log dir, version, etc) which it uses to ensure that the app is installed, that certain directories are created, inittab entries are added, etc. This app has several instances, each of which is deployed to a group of hosts. Some of these groups of hosts overlap, meaning that multiple instances can run on a given host. My dilemma is that this makes returning the proper YAML from a perl script impractical as the class names are the keys. So when multiple instances of an app need to be installed on the same node... well, you can't. Key names must be unique. A more elegant way must exist to do what I need to do, I'm just not seeing it. Any ideas? Hmm... This seems to have been already addressed in a reply posted almost at the same as I sent this message: http://groups.google.com/group/puppet-users/browse_thread/thread/d9fe1204cfbffb0b For some reason I did not notice the original post when I was browsing the list via the web interface. Sorry for the additional noise, and thanks to Dan for his reply in that thread. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How puppetmasterd manage libraries?
The version of puppet is 2.6.8.
If I try to run the agent on the server side, I get the modules. But
there is any way to do that without running the client in the server?
root@server /etc/puppet# puppet agent --no-daemonize --environment
development --verbose --onetime
info: Retrieving plugin
notice: /File[/var/lib/puppet/lib/puppet]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/test/iptables.rb]/ensure:
defined content as '{md5}79b686248bc15ca126e53acbdb31735f'
notice: /File[/var/lib/puppet/lib/puppet/type]/ensure: created
notice: /File[/var/lib/puppet/lib/puppet/type/iptables.rb]/ensure:
defined content as '{md5}2b8e9ec04676207536608563d9933781'
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/
iptables.rb
info: Loading downloaded plugin /var/lib/puppet/lib/puppet/test/
iptables.rb
info: Caching catalog for server
info: Applying configuration version '1309855716'
On 5 jul, 19:56, Ken Barber k...@puppetlabs.com wrote:
Do you get any errors when you run puppetd/puppet agent on the server
side? (as apposed to running it on the client).
What version of puppet are you running btw?
ken.
On Tue, Jul 5, 2011 at 9:11 AM, alan bover alanbo...@gmail.com wrote:
Hi, I've been doing some testings with an iptables puppet recepy on my
own deployment, where the puppetd and puppetmasterd are in different
machines. I don't really understand how to make puppetmasterd get
automatically the libraries from the modules. Some workaround:
The module iptables structure:
- iptables /
- tests/
- lib /
- puppet /
- test /
- iptables.rb
- type /
- iptables.rb
As I could see, on the master side, the folder 'lib' needs to be
copied in /var/lib/puppet/lib/.., or otherwise the client will launch
an error because the puppetmaster ignores the type iptables at
compiling time.
I set in both server and client the configurations of pluginsync =
true, and plugindest. But I always get the same problem: on the client
side, it downloads the plugin from the server and place it in /var/lib/
puppet/lib/, and after I get an error because the server does not do
the same with the module to his own directory. The solution for the
moment was copy it manually.
How should I do for the server get automatically the plugins and load
them into plugindest?
Thanks
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group
athttp://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Importing RPM private signing keys
Hi all, I'm not sure about the best way to tackle this - perhaps someone can help :) I've got some manifests that set up a server to be a build server, to compile sources and create RPM packages. There is a couple of things that I can't see how to do: 1. Each user needs an ~/.rpmmacros file in their home dir, and the file needs to be different for each person. The content should be like this: %_topdir %(echo $HOME)/rpmbuild %_smp_mflags -j3 %__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot %_signature gpg %_gpg_name ResNet %packager Jonathan Gazeley jonathan.gaze...@bristol.ac.uk Is there a neat way of deploying a templated .rpmmacros file to all users on the build box? 2. Each user needs to import the secret signing key into their keychain. This is done by running gpg --import secret.key as each user on the build box. How can puppet do this? Many thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dashboard resurrecting deleted nodes
Hi, I was just searching for all systems where selinux is true on Dashboard and firstly I got no results, despite there being some (any clues?) but that search also seems to have resurrected some nodes I deleted a few weeks ago. 7 systems instantly appeared under Never reported. I just deleted one, did the search again and POW! it's back again. Does this sound familiar or should I go open a bug (against 1.1.0) Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Moving config to an ENC
This looks exactly like what I was looking for, thank you. This might be
worth mentioning on the ENC page so people like myself can find it easier.
On Tue, Jul 5, 2011 at 10:42 PM, Dan Bode d...@puppetlabs.com wrote:
Hi J,
The create resources function was created to serve this exact use case (the
README actually mentions your exact use case :) )
https://github.com/puppetlabs/puppetlabs-create_resources
This will require 2.6.5 or higher to work (That is the first version where
ENC's support param classes)
The function was also merged into core in 2.7.0
-Dan
On Tue, Jul 5, 2011 at 1:40 PM, Justin Lambert
jlamb...@localmatters.comwrote:
I have recently started moving the config of our puppet hosts out of the
nodes files and into an ENC so they can be managed through a web UI by
someone with less technical experience without the fear of a typo causing a
failure of all catalogs to compile. As a result, I have been looking at
which modules need to be rewritten to support this. The problem I have run
into is, how do you do something such as add multiple virtual hosts using
the YAML output of an ENC?
I currently have something like:
node 'web01.company.com' {
apache::virtualhost { 'site1': location = '/hosted/site1', url = '
http://site1.com' }
apache::virtualhost { 'site2': location = '/hosted/site2', url = '
http://site2.com' }
}
This uses 'define apache::virtualhost' in order to create multiple sites,
works fine. The YAML from an ENC (referencing
http://docs.puppetlabs.com/guides/external_nodes.html) doesn't look to
support this kind of definition so I need to find an alternative. My next
thought was that I can pass parameters to a parameterized class. No love
there as you can't instantiate a class multiple times with different
parameters. How are others solving this issue?
Thanks,
jl
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dynamic including in templates
I have a puppet class called dhcp which sets up the daemon and installs
a base dhcpd.conf.
I have also have subclasses like dhcp::pool1, dhcp::pool2 which install
other files with DHCP code snippets to provide DHCP to different subnets
with different address pools. The manifest for these looks like this:
class dhcp::rnw {
include dhcp2::common
$includernw = '1'
file { dhcpd.rnw:
name = /etc/dhcp/dhcpd.rnw,
mode = 644,
owner = root,
group = root,
notify = Service[dhcpd],
source = puppet:///modules/dhcp/dhcpd.rnw,
}
In the ERB template for the base dhcpd.conf, I have lines like this:
% if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end %
For some reason, the include lines always get included, even if the
subclass hasn't been applied and therefore the $includernw hasn't been set.
Am I missing something with the way variables are set and assigned, or
read in ERB?
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problems Syncing Home Directories
Thanks! All the files in /etc/puppet are owned by root, so I assumed
those files should be as well. Re-owned the files to puppet and now it
works great! Thanks again for the help.
Kyle
http://www.kylehall.info
Mill Run Technology Solutions ( http://millruntech.com )
Crawford County Federated Library System ( http://www.ccfls.org )
Meadville Public Library ( http://www.meadvillelibrary.org )
On Tue, Jul 5, 2011 at 12:53 PM, Ken Barber k...@puppetlabs.com wrote:
Hi Kyle,
The source paths need to be accessible by the same user that
puppetmasterd is running as ... which is usually puppet. Some of those
files are owned by root and 700 or 600 so it can't read them:
drwx-- 2 root root 4.0K 2011-07-05 07:39 autostart
Look at the error:
err: /Stage[main]/User-public/File[public-home-cs]: Failed to generate
additional resources using 'eval_generate': Error 400 on SERVER:
Permission denied -
/etc/puppet/files/users/home/public/.config/autostart
The error is on the server ... the point being, its not the client
permissions that you should be worried about.
Make the directory and its children (say .config) accessible to
puppet, probably by changing the owner (or a chmod - depends on what
you've got in these dirs) - and sort out applying the correct
permissions on the client with the file {} resource.
ken.
On Tue, Jul 5, 2011 at 2:42 PM, Kyle Hall kyle.m.h...@gmail.com wrote:
Hello All,
I administrate public Internet computers for a number of libraries.
I have a user 'public' and I am trying to keep all the home's for this
user the same across multiple computers. When I try to do this with
puppet, I get errors for some directories. It only happens on hidden
directories, but I'm not sure if it is all of them, or just some of
them.
This is the error:
err: /Stage[main]/User-public/File[public-home-cs]: Failed to generate
additional resources using 'eval_generate': Error 400 on SERVER:
Permission denied -
/etc/puppet/files/users/home/public/.config/autostart
If I delete this directory, it will give an error for some other directory.
Here is an ls -alh for /etc/puppet/files/users/home/public/.config
drwxrwxrwx 8 root root 4.0K 2011-07-05 07:39 .
drwxrwxrwx 27 root root 4.0K 2011-07-05 07:56 ..
drwx-- 2 root root 4.0K 2011-07-05 07:39 autostart
drwxr--r-- 2 root root 4.0K 2011-07-05 07:39 deskbar-applet
drwx-- 2 root root 4.0K 2011-07-05 07:39 enchant
drwxr-xr-x 3 root root 4.0K 2011-07-05 07:39 gnome-session
drwxr-xr-x 4 root root 4.0K 2011-07-05 07:39 google-chrome
drwxr-xr-x 2 root root 4.0K 2011-07-05 07:39 menus
-rw--- 1 root root 632 2011-07-05 07:39 user-dirs.dirs
-rw-r--r-- 1 root root 5 2011-07-05 07:39 user-dirs.locale
I've tried it with the dir owned as both root and public, same error both
ways.
Here is the relevant part of my manifiest:
class user-public {
group { public:
ensure = present,
}
user { public:
ensure = present,
gid = 'public',
shell = '/bin/bash',
home = '/home/public',
managehome = true,
password =
'$6$skUt3Y9e$DCE./FocksDxrsrZN2hIZXiZNNBLPUDKkhg359BAwHVKXU6HsQKb2nkX.B1zngxtUI91zAqdTFZHYaiCAoBoB1',
require = Group['public'],
}
file { public-home:
path = '/home/public',
ensure = directory,
owner = 'public',
group = 'public',
recurse = true,
ignore = '.git',
source = 'puppet:///files/users/home/public',
require = User['public'],
}
}
Thanks in advance,
Kyle
http://www.kylehall.info
Mill Run Technology Solutions ( http://millruntech.com )
Crawford County Federated Library System ( http://www.ccfls.org )
Meadville Public Library ( http://www.meadvillelibrary.org )
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
Re: [Puppet Users] Dynamic including in templates
Try:
% if includernw == 1 % include /etc/dhcp/dhcpd.rnw;% end %
Note the '==' :-).
ken.
On Wed, Jul 6, 2011 at 2:45 PM, Jonathan Gazeley
jonathan.gaze...@bristol.ac.uk wrote:
I have a puppet class called dhcp which sets up the daemon and installs a
base dhcpd.conf.
I have also have subclasses like dhcp::pool1, dhcp::pool2 which install
other files with DHCP code snippets to provide DHCP to different subnets
with different address pools. The manifest for these looks like this:
class dhcp::rnw {
include dhcp2::common
$includernw = '1'
file { dhcpd.rnw:
name = /etc/dhcp/dhcpd.rnw,
mode = 644,
owner = root,
group = root,
notify = Service[dhcpd],
source = puppet:///modules/dhcp/dhcpd.rnw,
}
In the ERB template for the base dhcpd.conf, I have lines like this:
% if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end %
For some reason, the include lines always get included, even if the subclass
hasn't been applied and therefore the $includernw hasn't been set.
Am I missing something with the way variables are set and assigned, or read
in ERB?
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard resurrecting deleted nodes
On Wed, Jul 6, 2011 at 4:20 AM, Chris Phillips ch...@untrepid.com wrote: Hi, I was just searching for all systems where selinux is true on Dashboard and firstly I got no results, despite there being some (any clues?) but that search also seems to have resurrected some nodes I deleted a few weeks ago. 7 systems instantly appeared under Never reported. I just deleted one, did the search again and POW! it's back again. Does this sound familiar or should I go open a bug (against 1.1.0) This is happening because the inventory search will create nodes in Dashboard corresponding to the nodes retrieved by the search, and the facts for that node are still present on your master. The ideal solution would probably be to purge the master of the data for that node, though someone else will have to speak as to how best to do that. On the Dashboard side, you can hide a node rather than deleting it, which will prevent it from coming back to life this way. Hidden nodes remain in the system, but are ignored in lists of node statuses, charts, etc. Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dynamic including in templates
Thanks Ken. Adding the '==' now makes my template syntactically valid,
which is always nice.
Next problem - as the $includernw variable is defined in a subclass, it
is out-of-scope when the main dhcpd.conf template is called from the top
class.
I see in the docs there's a function called scope.lookupvar but that
seems to need a %= in the template, rather than a %. Is there a way to
use an out-of-scope variable in a simple conditional in a template?
I'm a perl kinda guy, but gradually getting to grips with ruby/puppet :)
Many thanks,
Jonathan
On 06/07/11 14:56, Ken Barber wrote:
Try:
% if includernw == 1 % include /etc/dhcp/dhcpd.rnw;% end %
Note the '==' :-).
ken.
On Wed, Jul 6, 2011 at 2:45 PM, Jonathan Gazeley
jonathan.gaze...@bristol.ac.uk wrote:
I have a puppet class called dhcp which sets up the daemon and installs a
base dhcpd.conf.
I have also have subclasses like dhcp::pool1, dhcp::pool2 which install
other files with DHCP code snippets to provide DHCP to different subnets
with different address pools. The manifest for these looks like this:
class dhcp::rnw {
include dhcp2::common
$includernw = '1'
file { dhcpd.rnw:
name = /etc/dhcp/dhcpd.rnw,
mode = 644,
owner = root,
group = root,
notify = Service[dhcpd],
source = puppet:///modules/dhcp/dhcpd.rnw,
}
In the ERB template for the base dhcpd.conf, I have lines like this:
% if includernw = 1 % include /etc/dhcp/dhcpd.rnw;% end %
For some reason, the include lines always get included, even if the subclass
hasn't been applied and therefore the $includernw hasn't been set.
Am I missing something with the way variables are set and assigned, or read
in ERB?
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard - Could not retrieve facts from inventory service
Yes, 'auth any' was the secret decoder ring. I would have thought 'auth no' was sufficient but evidently not. Thanks Craig On Jul 5, 2011, at 8:31 PM, Justin Lambert wrote: I actually set this up today, if you set it up like: path /facts method find auth any allow * does that fix your issue? If it does, it looks like it is something with the way your reverse DNS is working on the allow line. On Tue, Jul 5, 2011 at 4:24 PM, Craig White craig.wh...@ttiltd.com wrote: puppet 2.6.8 puppet-dashboard v1.1.1 auth.conf has: path /facts auth no method find allow dashboard, ubuntu.ttinet path /inventory auth no method search, find allow dashboard, ubuntu.ttinet # grep fact puppet.conf factpath=$vardir/lib/facter factsysnc=true The error (and I've tracked a lot of these down w/ Google but not getting to the heart of my problem - I'm relatively up to date): Could not retrieve facts from inventory service: 403 Forbidden request: dashboard(10.1.0.253) access to /facts/ubuntu2.ttinet [find] authenticated at line 103 How do I fix this? -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Large scale puppet deployments
I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Any pointers are welcome, Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Large scale puppet deployments
At Vanderbilt University, we have a compute cluster with about 700 machines total, all under puppet. The machines are broken into 3 groups: compute nodes, gateways, and infrastructure. The puppet server is a dual-quad core box with 16GB ram, using apache and passenger. All 700 boxes check in once per hour, but we are considering running puppet out of cron on the nodes and gateways, dialing back the frequency of puppet runs. We are using puppet version 2.6.6 across the cluster. ~Charles~ On Wed, Jul 6, 2011 at 7:22 AM, Tim Bell noggin...@gmail.com wrote: I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Any pointers are welcome, Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Issue with puppet file serving api not parsing yaml content correctly
I am working on building a facter tag based node classifier similar to
https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/.
However, I have run into an issue where I cannot use puppet's require
file ability to push the yaml file containing the facts file to the
client because it would require two runs of puppet to pickup changes.
Consequently, I have written into the facter ruby script the ability
to connect to puppet's restful api and get the yaml file from the
private store. This works fine in irb, ruby, and facter if called
directly. However, when run inside of a puppet run it seems to fail on
parsing the http response correctly into yaml. As a result, it does
not get saved to disk and loaded as a fact for the puppet run.
There is probably a simpler way to do this. Essentially we want to
have tags on a server and use that to selectively include or remove
modules from a server by facter tags rather than by a server's name.
Some Version Information:
- os = CentOS release 5.2 (Final)
- ruby = ruby 1.8.6 (2008-08-11 patchlevel 287) [x86_64-linux]
- facter = 1.6.0 (updated because my script loads multiple facts and
the older version we were running requires the filename to match the
fact name. This was not working because I did not want to split my
ruby load script into multiple files to match each of the fact names.)
- puppet = 0.25.4
Yaml file it is trying to grab from a private store:
---
role:
- base
- db
env:
- dev
The yaml file downloads correctly via a puppet run without my script.
I can also wget the file and use net/https via ruby to get the file.
All methods return the correct file with matching md5sums.
Under my module called truth I have the following:
- files - private - domain.inter - hostname - truth_tags.yml
ex:
---
role:
- base
env:
- dev
- lib - facter - load_truth_tags.rb
problem area:
def apitruthtag(calltype)
# set some client side variables to build on later
sslbasedir = '/etc/puppet/ssl'
sslprivdir = sslbasedir + '/private_keys'
sslpubdir = sslbasedir + '/certs'
sslcafile = sslpubdir + '/ca.pem'
# this sets if we want metadata or content from puppet
datatype = calltype
# We want yaml back from puppet
header = {'Accept' = 'yaml'}
# Setup some connection variables to our puppet server and what we
want from it
proto = 'https'
server = 'puppet.domain.inter'
port = '8140'
path = '/production/file_' + datatype + '/truth_private/
truth_tags.yml'
# Build the full uri to request from our puppet server. Then parse
it for port and things
uri = URI.parse(proto + '://' + server + ':' + port + path)
# Setup the http module and set it for getting data
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri, header)
http.use_ssl = true if uri.scheme == 'https'
# Enable ssl verification to ensure we are talking to the correct
people
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
# Cert Auth:
# Set certificate paths
# puppet certificate authority file
if File.readable?(sslcafile) then
# Puppet ca file
http.ca_file = sslcafile
puts readable? + sslprivdir + '/' + hostname + '.pem' if $debug
if File.readable?(sslprivdir + '/' + hostname + '.pem') then
# client private key
http.key = OpenSSL::PKey::RSA.new(File.read(sslprivdir + '/' +
hostname + '.pem'))
puts readable? + sslpubdir + '/' + hostname + '.pem' if
$debug
if File.readable?(sslpubdir + '/' + hostname + '.pem') then
# client public key
http.cert = OpenSSL::X509::Certificate.new(File.read(sslpubdir
+ '/' + hostname + '.pem'))
# Make the request
response = http.request(request)
else
raise No readable client pubic key in #{sslpubdir}/
#{hostname}.pem
end # End public key check
else
raise No readable client private key in #{sslprivdir}/
#{hostname}.pem
end # End private key check
else
raise No readable ca cert in #{sslcafile}
end # End ca file check
# Check to make sure we got some data back
if response != nil
# Check to see if we have a good server response before saving the
variable
puts check code + response.code if $debug
if ((response.code 300) and (response.code = 200))
return response.body
else
raise server did not return an acceptable reponse code
end # end server response code check
else
raise No response from #{server}
end # end nil response check
end # end apitruthtag
servermd5 = YAML.load(apitruthtag(metadata)).ivars[checksum] #
When executed from a puppet run I tells me that ivars is undefined.
- lib - puppet - parser - functions - truth_tags.rb
- manifests - init.pp
ex:
class truth inherits truth::init_bootstrap {
if truth_tag('role', 'base') and !truth_tag('role', 'nobase') {
notice(${::hostname}: Including role, base modules...)
notice(${::hostname}: role, base: including network)
Re: [Puppet Users] AIX clients
On Thu, Jun 30, 2011 at 6:12 AM, Rob McBroom mailingli...@skurfer.com wrote: On Jun 29, 2011, at 3:28 PM, Kinzel, David wrote: Can you point to where/how you got ruby working? Last attempt openssl was refusing to function properly for me. I built it from source, but the SSL module wasn’t working for me either. I didn’t include every problem I ran into since I figured the theoretical answer would cover them. Sorry. -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. I had Ruby with SSL working on AIX 5.x and 6.x at my last job. Let me see if I can find my notes about building ruby, and maybe I'll be able to help out some. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet 2.7.2rc1
This a bug-fix release in the 2.7.x branch.
This merges up all changes in the 2.6.9 release that were unable to be
merged into 2.7.{0,1} due to 2.7 being frozen in release candidate
state.
This release is available for download at:
http://puppetlabs.com/downloads/puppet/puppet-2.7.2rc1.tar.gz
See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
Please report feedback via the Puppet Labs Redmine site, using an
affected version of 2.7.2rc1
http://projects.puppetlabs.com/projects/puppet/
Release notes found at:
https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.2rc1
# Highlights include: #
99330fa (#7224) Reword ‘hostname was not match’ error message
1d867b0 (#7224) Add a helper to Puppet::SSL::Certificate to
retrieve alternate names
db1a392 (#7506) Organize READMEs; specify supported Ruby versions
in README.md
98ba407 (#7127) Stop puppet if a prerun command fails
caca469 (#4416) Ensure types are providified after reloading
413b136 (#4416) Always remove old provider before recreating it
98f58ce (#2128) Add WARNING for node_name_{fact,value} descriptions
3f0dbb5 (#650) Allow symlinks for configuration directories
1c70f0c (#2128) Add support for setting node name based on a fact
c629958 (#2128) Get facts before retrieving catalog
8eb0e16 (#2728) Add diff output for changes made by Augeas provider
c02126d (#5966) Add support for hostname regular expressions in auth.conf
75e2764 (#5318) Always notice changes to manifests when compiling.
0bcbca5 maint: Dedup the loadpath so we don’t have to walk it multiple times
89d447b (#6962) Add “arguments” method to help API
8eea3f5 Added the vcsrepo type and providers to the core
107b38a maint: Fix pacman provider to work with Ruby 1.9
0b8ebac (#7300) Fix instances method of mount provider
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Large scale puppet deployments
Tim Bell wrote: I am looking for - an estimate on the number of machines that Puppet can manage - a pointer to how these large scale configurations can be set up Largest install I am aware of is 100K machines but I suspect they probably have more now. I know of multiple 50K to 100K installations and numerous 10K to 50K installations. Those usually involve multiple Puppet masters deployed geographically and locally redundant usually front-ended with load balances of various kinds (HW/Apache) with masters running Apache-Passenger, Nginx, Unicorn and the like. What's your use case and I can probably expand on this. Regards James -- James Turnbull Puppet Labs 1-503-734-8571 Join us for PuppetConf http://www.bit.ly/puppetconfsig, September 22nd and 23rd in Portland, Oregon, USA. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
