Re: [Puppet Users] puppet manifest execution orders

[Rony KB]

Hi All,

I am new in Puppet.I am using github for manifest store.I created following
these three manifest for installing our web based application in ubuntu
systems.I am not using any variables in these.
1. how to implement variables for dbname, document root folder path etc...
in nods.pp file.
2. right now i am using sed command for editing
/etc/apache2/sites-available/default file. is there any other option for
editing this?
3. for installing our application i run puppet -v nodes.pp. this will call
everything. I am using these three manifests.Some time mysql database
restore starts with gitclone database backup from git hub. I set required
with it. I got timeout error on that time.
4.

*A.*
nodes.pp
class web-server {

import 'common/consolidated-common-manifests.pp'
import 'xxx/consolidated-xxx-manifests.pp'
}

node "default" {
include web-server
}
*B.*
consolidated-xxx-manifests.pp'

# This will execute git clone
exec { "gitclone-drupal-db":
command => "git clone g...@github.com:XXX/drupal-db.git
/xx/drupal-db/",
}
# This will execute
exec { "gitclone-drupal":
command => "git clone g...@github.com:netspective/xxx-drupal.git
/var/www/html/xxx.com/xxx-drupal",
require => Exec['gitclone-drupal-db']
}
# This will create
exec { "xxx-devl-db-create":
command
=>"/home/ubuntu/operations/configuration/server/puppet/manifests/xxx/create-xxx-devl-database.sh",
require => Package ["mysql-server"],
}
# This will restore xxx database
exec { "restore-xxx-devl-db":
command =>
"/home/ubuntu/operations/configuration/server/puppet/manifests/xxx/restore-xxx-master-branch-db-into-mysql.sh",
require => Exec['xxx-devl-db-create']
}
# This will create sym link for files folder
exec { "symlink-for-files-folder":
command => "ln -s /xxx/xxx-drupal-db/files /var/www/html/.
xxx.com/xxx-drupal/public_site/sites/default/files",
require => Exec['gitclone-xxx-drupal'],
}

*C:*
consolidated-common-manifests.pp'
# CentOS v.5 only
case  $operatingsystem {
"CentOS":  {
$wantedpackages = [
"httpd","php","php-mysql","php-mcrypt","php-mhash","php-mbstring" ]
  package { $wantedpackages:
  ensure => installed
}
service { "httpd":
 ensure => running,
 hasstatus => true,
 hasrestart => true,
 require => Package["httpd"],
 restart => true;
}
}
# Ubuntu servers
#assume Ubuntu/Debian base..
"Ubuntu":  {
$wantedpackages = [
"apache2","php5","libapache2-mod-php5","php5-cli","php5-mysql","mysql-server","mysql-client"
]
package { $wantedpackages:
ensure => installed
}

service { "apache2":
 hasstatus => true,
 hasrestart => true,
 ensure => running,
 require => Package["apache2"]
}
}
} # end case

# put this somewhere global,
Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }

# This will edit default apache2 conf file
exec { "edit-apache2-conf-file":
command => "sed -i 's/AllowOverride None/AllowOverride All/'
/etc/apache2/sites-available/default",
require => Package["apache2"]
}
# This will increase php memory limit
exec { "increase-php-memory-limit":
command => "sed -i 's/memory_limit = .*/memory_limit = 384M/'
/etc/php5/apache2/php.ini",
require => Package["php5"]
}
exec { "edit-documentRoot-folder-path":
command =>
"/home/ubuntu/operations/configuration/server/puppet/manifests/common/edit-documentRoot-folder-path.sh",
require => Package["apache2"]
}



On Thu, Jul 14, 2011 at 11:37 AM, Rony KB  wrote:

> Thanks Nigel.
>
> Right now i am using two shell scripts for Mysql Database creation and
> database restore. These shell scripts are calling from puppet manifest
> through exec.Can we do these from pure puppet manifest, without shell
> scripts.
>
> Roni
>
>
> On Wed, Jul 13, 2011 at 7:32 PM, Nigel Kersten wrote:
>
>>
>>
>> On Tue, Jul 12, 2011 at 11:51 PM, Roni  wrote:
>>
>>> I created manifest for our webserver. manifest included git clone,
>>> database creation and restore database etc How to order the
>>> installation and exec exactly
>>>
>>>
>> Roni, you really should have a run through our Learning Puppet series.
>>
>> http://docs.puppetlabs.com/learning/ordering.html
>>
>>
>>
>>
>> --
>> Nigel Kersten
>> Product Manager, Puppet Labs
>> Twitter: @nigelkersten
>>
>> *Join us for **PuppetConf *
>> September 22nd and 23rd in Portland, Oregon, USA.
>> *
>> *
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>

[Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade

[treydock]

I think the way I posted the contents of the modules may have been
misleading, as I do actually have each class in it's own file so
kvm::host class has it's own host.pp file.  So far I've actually
noticed this problem only on my modules that make use of the
autoloading, so each class in it's own *.pp file.  Not all my modules
suffer from this, but that's one common thing among the ones that do
fail.  I'm in the process of moving my other modules to that layout as
they currently have all classes in init.pp, but interestingly enough
none of those modules have had random failures.

- Trey


On Jul 13, 1:29 am, Peter Meier  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > Is using an empty class in init.pp problematic ?  All of these modules
> > worked just fine before going from 2.6.8 to 2.7.1.
>
> I have no idea, whether this is the problem. But why do you do:
>
> > # manifests/init.pp
> > import "classes/*.pp"
>
> > class kvm {
> > }
>
> > # manifests/classes/host.pp
> > class kvm::host {
>
> ?
>
> Why not just have one file manifests/host.pp that contains the kvm::host
> class? Everything else is not really necessary.
>
> Puppet has quite a powerfull autoloading feature of classes and I think
> it can be seen as a general best practice to have one class in a file in
> its corresponding path on the filesystem.
>
> With your current way you would need a global import kvm, so that the
> init.pp class is actually parsed, so that the files in classes/ are
> imported.
> If this is not the case and the kvm::host class is not in a file that
> can be found by the autoloader it won't find the class.
>
> This becomes even trickier as other hosts can now interfere which
> classes are available while compiling the next hosts classes, as an
> import statement might only have been executed if Host A is compiled and
> only this would then make these "imported" classes that Host B requires
> available.
>
> Actually, I remember that the autoloader should also look into init.pp
> for the kvm::host class. But it's possible that something like that
> might have changed in 2.7. But I don't know it.
>
> Due to these two reasones (magic availability of classes, possible
> changes in how classes become available in 2.7) I would generally
> recommend to *not* use import statements and instead use puppet's
> autoloading feature. They're rather hard to debug.
>
> ~pete
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB
> M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p
> =lWHm
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[rvlinden]

All,

I used to download the Puppet and Facter RHEL5 rpm packages from
http://people.fedoraproject.org/~tmz/repo/puppet/epel/

but the latest version on that site is puppet 2.6.9 and facter 1.5.9.

Does anyone know if this site is the still maintained ? or if there
are other locations where the rpm's are published

Regards,
Rene

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet custom fuction run as user pupprt?

[jcbollinger]

On Jul 14, 1:15 am, flex  wrote:
> I wrote a custom fuction to read a root read-only file, it raised an
> Permission Denied error.
> During debug, i found  this fuction seems to run as user puppet, it is this
> a feature or a bug?


This is a feature.  Puppet functions run in the master process, which
is intentionally unprivileged.  Compare with other service daemons,
such as web or database servers, which also run without privilege.

There are two main possibilities for how you can proceed:

1) If you really did want the function to run on the master then just
make the file readable by the Puppet user or group.  If there's some
reason why that is unsatisfactory, then you'll need to tell us more
about what you're trying to do.

2) If you meant the function to be evaluated on the client then a
function is the wrong tool.  Instead you want a custom fact, a custom
type or provider, or possibly an Exec.  Any of these will be
evaluated / run by the Puppet agent (on the client), which normally
runs as root.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Exported Resources with --noop

[Andrew Thompson]

On Jul 13, 7:03 pm, Gabriel Filion  wrote:
> On 11-07-13 12:06 PM, Andrew Thompson wrote:
>
> > When I puppet with the noop flag resources are being exported to the
> > db.  Is this expected or a bug?
>
> Hmm what version of puppet are you using?
>
> I've just encountered exactly this with puppet 0.25.4. ran puppet with
> "-t --noop" on a node that has yet never run puppet, and it exported a
> nagios host.
>
> I think it's a bug. If you open an issue about it, send the URL here and
> I'll go vote for it.
>
https://projects.puppetlabs.com/issues/8417

> > I would expect it to simulate the transaction with the db...
>
> I would too. It could for example warn if there's a conflict
> (redefinition of an exported resource) but it shouldn't commit resources
> to database.
>
> --
> Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[Todd Zullinger]

rvlinden wrote:
> I used to download the Puppet and Facter RHEL5 rpm packages from
> http://people.fedoraproject.org/~tmz/repo/puppet/epel/
>
> but the latest version on that site is puppet 2.6.9 and facter
> 1.5.9.
>
> Does anyone know if this site is the still maintained ? or if there
> are other locations where the rpm's are published

Yes, it's still maintained.  I need to get puppet 2.6.x pushed into
Feodra and EPEL stable repos before I want to push 2.7.x into the
fedorapeople.org repos.  I haven't had enough time the past few weeks
to make that happen, so I'm a little behind.

-- 
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Teach a man to make fire, and he will be warm for a day.  Set a man on
fire, and he will be warm for the rest of his life.
-- John A. Hrastar



pgpEfCWDclarK.pgp
Description: PGP signature

Re: [Puppet Users] Re: how to write classes to install package from source

[Al @ Lab42]

Thanks for the suggestions, they are going to be merged.
That's a define I did various years ago that actually has been useful in 
various cases (I do agree that it's better to use packages, but sometimes 
this is the quickest and saner approach).

Al
 
On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
>
> On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
> > command => "mkdir -p $destination_dir ; cd 
> > $destination_dir ; $extract_command $work_dir/$source_filename",
> Nice.  But  I would suggest changing ';' to '&&'.  That way, if the 
> mkdir or cd fail you don't end up
> trying to extract the archive in the wrong directory.
>
>command => "mkdir -p $destination_dir && cd $destination_dir && 
> $extract_command $work_dir/$source_filename",
>
> Also consider
>
>unless => "test -d ${destination_dir }/${extracted_dir}",
>
> or even better
>
>creates => "${destination_dir }/${extracted_dir}",
>
> for the repetition guard.
>
> -- 
> vagn
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: What is the best practice to clean up installed components on a node?

[jcbollinger]

On Jul 13, 11:39 am, Darrell Fuhriman  wrote:
> I've always thought there should be an implicit X::disabled class that gets 
> included for every host where X isn't included.
>
> Then if I create said class, it gets automatically executed on all hosts that 
> don't include X.


It is not practical to do this even at resource level, because for
many resources it is unclear what the opposite resource would be.
Exec resources are the canonical example ("don't run" is not at all
the same thing as "reverse the changes produced by running").  There
are in fact issues with most, if not all, resource types because
Puppet does not keep track of the state before applying a resource.
Even if Puppet *did* track prior state, there would still be an issue
of choosing which of possibly many prior states to revert to.

To do this at class level is worse, because in addition to not knowing
how to reverse a class's resources, it is very difficult in the
general case to determine even which resources would need to be
reversed.  Conditional statements, selectors, variables, virtual and
exported resources, and class parameters are some of the many things
that complicate the analysis.

And even if all the above could somehow be satisfactorily resolved,
there remains the problem that the concept is fundamentally flawed.
Declining to include a class simply cannot reliably be interpreted as
an intention to "unmanage" the resources managed by that class.  As
just one example, consider classes that are omitted because they are
inapplicable to the node in question: maybe they are for a different
OS than the node's, or maybe they are one of a series of alternative
classes.

Furthermore, that analysis ignores the question of whether the
behavior described would be desirable even if it were possible.  It
would not be for me, as it would make writing classes a lot more
difficult.  I would have to be careful to write each class so that the
automatic opposite would also work, and I am confident that that would
not be trivial.


> As it is now, one still has to go through and add X::disabled to every host, 
> which is largely defeating the purpose of having a X::disabled class in the 
> first place. (That purpose, for those not paying attention, is to make sure 
> that things are in a known state, including services *not* running where they 
> shouldn't be.)


I disagree.  The purpose of having an X::disabled is to define what
exactly you do want when you explicitly want to exclude X.  Which
nodes should have that state ensured is an entirely separate (and not
clear-cut) question.  "Unmanaged" may not be the state you want for
certain resources, but it is not inherently undesirable for all
resources.

It is yet another separate question how to achieve the correct casses
being included on each node.  For example, if you want X to be
disabled on every node where it is not enabled, then one alternative
is to invert the class inheritence: class X defines the *disabled*
state of X, and is included in a default node definition inherited by
all other node definitions.  Then a class X::enabled subclasses X and
overrides resources as necessary to establish the "enabled" state;
nodes that want X enabled include X::enabled.  That avoids explicitly
including a specific X class in every node declaration.

Alternatively, the issue is easily addressed if you use an external
node classifier.  Or you can indeed put one of X and X::(enabled|
disabled) in every node declaration if that is indeed what you want to
do.  Some would prefer the explicitness of that style.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade

[Gustavo Soares]

Hi Trey,

same problem for me.. I've notice the problem on modules using
autoloading...

I think I will stick to version 2.6.9...

Gus

On Thu, Jul 14, 2011 at 8:57 AM, treydock  wrote:

> I think the way I posted the contents of the modules may have been
> misleading, as I do actually have each class in it's own file so
> kvm::host class has it's own host.pp file.  So far I've actually
> noticed this problem only on my modules that make use of the
> autoloading, so each class in it's own *.pp file.  Not all my modules
> suffer from this, but that's one common thing among the ones that do
> fail.  I'm in the process of moving my other modules to that layout as
> they currently have all classes in init.pp, but interestingly enough
> none of those modules have had random failures.
>
> - Trey
>
>
> On Jul 13, 1:29 am, Peter Meier  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > > Is using an empty class in init.pp problematic ?  All of these modules
> > > worked just fine before going from 2.6.8 to 2.7.1.
> >
> > I have no idea, whether this is the problem. But why do you do:
> >
> > > # manifests/init.pp
> > > import "classes/*.pp"
> >
> > > class kvm {
> > > }
> >
> > > # manifests/classes/host.pp
> > > class kvm::host {
> >
> > ?
> >
> > Why not just have one file manifests/host.pp that contains the kvm::host
> > class? Everything else is not really necessary.
> >
> > Puppet has quite a powerfull autoloading feature of classes and I think
> > it can be seen as a general best practice to have one class in a file in
> > its corresponding path on the filesystem.
> >
> > With your current way you would need a global import kvm, so that the
> > init.pp class is actually parsed, so that the files in classes/ are
> > imported.
> > If this is not the case and the kvm::host class is not in a file that
> > can be found by the autoloader it won't find the class.
> >
> > This becomes even trickier as other hosts can now interfere which
> > classes are available while compiling the next hosts classes, as an
> > import statement might only have been executed if Host A is compiled and
> > only this would then make these "imported" classes that Host B requires
> > available.
> >
> > Actually, I remember that the autoloader should also look into init.pp
> > for the kvm::host class. But it's possible that something like that
> > might have changed in 2.7. But I don't know it.
> >
> > Due to these two reasones (magic availability of classes, possible
> > changes in how classes become available in 2.7) I would generally
> > recommend to *not* use import statements and instead use puppet's
> > autoloading feature. They're rather hard to debug.
> >
> > ~pete
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.4.11 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
> >
> > iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB
> > M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p
> > =lWHm
> > -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade

[Nigel Kersten]

On Wed, Jul 13, 2011 at 2:26 PM, Gus  wrote:

> Hi!
>
> I've also noticed this (weird) behaviour. I am planning an (huge)
> upgrade (from 0.25.x to 2.7.1) in all my puppet's boxes...
>
> I've installed puppet's 2.7.1 gem and got a lot of "Could not find
> class" problem... and everything worked just fine with 0.25.x.
>
> So, I decided to uninstall the gem for version 2.7.1 and install
> puppet version 2.6.9.
>
> Everything worked just fine... no weird "Could not find class"
> problem...
>
> am I missing something?
>

You need to give us a few more details.

* name of the classes that are failing and succeeding autoloading
* How you're declaring the classes (include vs parameterized class
declaration)
* the file paths that contain the classes that fail and succeed
* some info about the modulepath for this environment.
* whether you're using 'import' anywhere.





>
> Thanks in advance,
> Gus
>
> On Jul 13, 11:03 am, Nigel Kersten  wrote:
> > On Tue, Jul 12, 2011 at 11:29 PM, Peter Meier  >wrote:
> >
> >
> >
> > > Puppet has quite a powerfull autoloading feature of classes and I think
> > > it can be seen as a general best practice to have one class in a file
> in
> > > its corresponding path on the filesystem.
> >
> > What he said. :)
> >
> > Life really does become a lot simpler if you avoid 'import' everywhere
> you
> > can and just rely upon the class autoloader.
> >
> > --
> > Nigel Kersten
> > Product Manager, Puppet Labs
> > Twitter: @nigelkersten
> >
> > *Join us for **PuppetConf *
> > September 22nd and 23rd in Portland, Oregon, USA.
> > *
> > *
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Nigel Kersten
Product Manager, Puppet Labs
Twitter: @nigelkersten

*Join us for **PuppetConf *
September 22nd and 23rd in Portland, Oregon, USA.
*
*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[Chris Phillips]

On 14 July 2011 15:00, Todd Zullinger  wrote:

> rvlinden wrote:
> > I used to download the Puppet and Facter RHEL5 rpm packages from
> > http://people.fedoraproject.org/~tmz/repo/puppet/epel/
> >
> > but the latest version on that site is puppet 2.6.9 and facter
> > 1.5.9.
> >
> > Does anyone know if this site is the still maintained ? or if there
> > are other locations where the rpm's are published
>
> Yes, it's still maintained.  I need to get puppet 2.6.x pushed into
> Feodra and EPEL stable repos before I want to push 2.7.x into the
> fedorapeople.org repos.  I haven't had enough time the past few weeks
> to make that happen, so I'm a little behind.


How does this relate to yum.puppetlabs.com? That's where I installed 2.6.7
from.

Thanks

Chris

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to use notify to invoke something prior to a change

[PBWebGuy]

I have a Chicken and Egg scenario here and trying to come up with a
way to solve it.

I have a mount definition that manages mount points.  The problem
arises when the mount point changes after it is in use.  Case in
point, we have mount points for the mysql data and logs directories.
If we change the configuration of the mount (i.e. options) then Puppet
will unmount and remount the directory automatically.  MySQL will not
be to happy with that.

So, what I want to do is to optionally pass the service name to the
define and to shut it down, but ONLY if the mount command detects a
change and mysql is running.

The problem I have is that if the mount command notifies shutdown,
then the shutdown happens to late and I only what to shutdown if mount
detects a change.  It would be great if there was a "pre-notify"
option to force an exec to run beforehand.

I tried putting a Notify and Require from the mount to the stop
service exec but that causes a circular reference and just the require
in the mount does not trigger the stop service exec because of the
refreshonly=>true which is necessary so that it doesn't always run.

Any thoughts?

Thanks, John

Here's what I have:

  exec { "stop service for remount $name":
 onlyif  => ["test -f /etc/init.d/$service", "service
$service status"],
 command => "service $service stop",
 refreshonly => true,
 notify  => Exec["restart service for remount $name"],
  }

  # Mount the file system
  mount { $name:
 name=> $mount_point,
 ensure  => mounted,
 options => $options,
 atboot  => $atboot,
 fstype  => $fstype,
 device  => $device,
 dump=> 0,
 pass=> 0,
 require => Exec["stop service for remount $name"],
 # notify  => Exec["stop service for remount $name"],
  }

  exec { "restart service for remount $name":
 command => "service $service start",
 refreshonly => true,
 require => Mount[$name],
  }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet 2.6.x fate

[Michael Stahnke]

It was decided earlier this week that the 2.6 series will have it's
last release at 2.6.10 (we're currently at 2.6.9).  However, we are
not doing a 2.6.10 RC/release this month.  That will wait until
August.

If you have patches waiting on some final tweaks or any other work
that you feel like just *has* to be in the 2.6 series, please get it
filed with us ASAP.  Right now the bug-fix list is not huge, and we're
pretty happy about that.


As always, if a security issue is discovered in 2.6.x, we will issue
updates to fix those.


Mike


(You're coming to PuppetConf  right?)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet 2.6.x fate

[PBWebGuy]

Hi Mike,

I wanted to comment on bug http://projects.puppetlabs.com/issues/7680
which is a regression introduced in 2.6.8.  I recently ran into this
issue and had to downgrade to 2.6.7 from 2.6.8.  When I discovered the
issue I tried upgrading to 2.6.9 and it was still an issue.

The problem is simply that if the source points to a symlinked file,
the md5 calculation fails.  This bug has prevented me from moving
forward and would love to see it get fixed.

I wanted to vote on the bug but I have not figured out how to get some
level of access to the bug tracking system.  I also have a few other
bugs that I would like to report but the process is not clearly
documented.

Thanks,

John



On Jul 14, 12:06 pm, Michael Stahnke  wrote:
> It was decided earlier this week that the 2.6 series will have it's
> last release at 2.6.10 (we're currently at 2.6.9).  However, we are
> not doing a 2.6.10 RC/release this month.  That will wait until
> August.
>
> If you have patches waiting on some final tweaks or any other work
> that you feel like just *has* to be in the 2.6 series, please get it
> filed with us ASAP.  Right now the bug-fix list is not huge, and we're
> pretty happy about that.
>
> As always, if a security issue is discovered in 2.6.x, we will issue
> updates to fix those.
>
> Mike
>
> (You're coming to PuppetConf  right?)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet custom fuction run as user pupprt?

[PBWebGuy]

John,

You bring up a good point and I wanted to ask this question anyways.
To the best of my knowledge, functions run on the master and facts run
on the node.  If that is the case, it perplexes me that functions get
sync'd to the node in the /var/lib/puppet/lib... directory.  That is
unless functions can then be used in a fact which is something that I
have yet to test.  Do you have any clarification?

Thanks,

John

On Jul 14, 9:27 am, jcbollinger  wrote:
> On Jul 14, 1:15 am, flex  wrote:
>
> > I wrote a custom fuction to read a root read-only file, it raised an
> > Permission Denied error.
> > During debug, i found  this fuction seems to run as user puppet, it is this
> > a feature or a bug?
>
> This is a feature.  Puppet functions run in the master process, which
> is intentionally unprivileged.  Compare with other service daemons,
> such as web or database servers, which also run without privilege.
>
> There are two main possibilities for how you can proceed:
>
> 1) If you really did want the function to run on the master then just
> make the file readable by the Puppet user or group.  If there's some
> reason why that is unsatisfactory, then you'll need to tell us more
> about what you're trying to do.
>
> 2) If you meant the function to be evaluated on the client then a
> function is the wrong tool.  Instead you want a custom fact, a custom
> type or provider, or possibly an Exec.  Any of these will be
> evaluated / run by the Puppet agent (on the client), which normally
> runs as root.
>
> John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: wrong nodes.pp being accessed by the client

[PBWebGuy]

Also you should specify the environments that the master supports:

[master]
# Environments that are defined for this PuppetMaster
environments=development,main

HTH,

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: how to write classes to install package from source

[KarthiKeyan. Kesavan]

Hi guys,

Thanks a lot for the suggestions .

Regards

K.Karthikeyan

On Thu, Jul 14, 2011 at 7:33 PM, Al @ Lab42  wrote:

> Thanks for the suggestions, they are going to be merged.
> That's a define I did various years ago that actually has been useful in
> various cases (I do agree that it's better to use packages, but sometimes
> this is the quickest and saner approach).
>
> Al
>
>
> On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
>>
>> On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
>> > command => "mkdir -p $destination_dir ; cd
>> > $destination_dir ; $extract_command $work_dir/$source_filename",
>> Nice.  But  I would suggest changing ';' to '&&'.  That way, if the
>> mkdir or cd fail you don't end up
>> trying to extract the archive in the wrong directory.
>>
>>command => "mkdir -p $destination_dir && cd $destination_dir &&
>> $extract_command $work_dir/$source_filename",
>>
>> Also consider
>>
>>unless => "test -d ${destination_dir }/${extracted_dir}",
>>
>> or even better
>>
>>creates => "${destination_dir }/${extracted_dir}",
>>
>> for the repetition guard.
>>
>> --
>> vagn
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] LDAP ENC

[Craig White]

Seems straight forward enough but I keep getting errors. On a client...

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed 
when searching for node ubuntu5.ttinet: LDAP Search failed

on the puppet master...

puppet.conf [master]
 # ENC (external node classificiations)
  node_terminus = ldap
  ldapnodes = true
  ldapclassattrs = puppetclass

 # LDAP
  ldapserver = ubuntu.ttinet
  ldapbase = ou=Hosts,dc=ttinet,dc=local
  ldapuser = cn=admin,dc=ttinet,dc=local
  ldappasswd = 
  ldapstring = (&(objectclass=puppetClient)(cn=%s))
  ldaptls = false
  ldapssl = false
  ldapport = 389

and this is a piece of cake from CLI

# ldapsearch -x '(&(objectclass=puppetClient)(cn=ubuntu5.ttinet))'
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (&(objectclass=puppetClient)(cn=ubuntu5.ttinet))
# requesting: ALL
#

# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu.ttinet
cn: ubuntu5.ttinet
puppetClass: baseclass
puppetClass: nginx::configure: {$fqdn}
puppetClass: nginx::vhost: {$fqdn: port => 80, ssl => false, priority => 10, p
 assenger_enable => 'Yes', serveraliases => ['alias1', 'alias2']}

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

puppet 2.6.8
# ruby -rldap -e "puts :installed"
installed
ruby-ldap-ro is installed

-- 
Craig White ~~  craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?

[Darrell Fuhriman]

> 
> Puppet does not keep track of the state before applying a resource.
> Even if Puppet *did* track prior state, there would still be an issue
> of choosing which of possibly many prior states to revert to.

I'm not asking puppet to know what to do, which I agree is ridiculous. I'm 
saying that if and only if I've defined X::disabled, automatically run it on 
every host which does not include X. If X::disabled isn't defined, then don't 
do anything.  Probably a better way to think of it instead of X::disabled is 
that for ever class X there is an implicitly defined not-X class, which is 
empty until I define it. For example:

class webserver {
package {apache: ensure => installed}
service {apache: ensure => running}
}
class !webserver {
package {apache: ensure => absent}
}
class dnsserver {
[...]
}

node "foo" {
 include webserver
}
node "bar" {
 include dnsserver
}

On node bar, !webserver would get executed, but because I haven't defined 
!dnsserver, node foo wouldn't do anything related to dnsserver.

>> As it is now, one still has to go through and add X::disabled to every host, 
>> which is largely defeating the purpose of having a X::disabled class in the 
>> first place. (That purpose, for those not paying attention, is to make sure 
>> that things are in a known state, including services *not* running where 
>> they shouldn't be.)
> 
> 
> I disagree.  The purpose of having an X::disabled is to define what
> exactly you do want when you explicitly want to exclude X.  Which
> nodes should have that state ensured is an entirely separate (and not
> clear-cut) question.  "Unmanaged" may not be the state you want for
> certain resources, but it is not inherently undesirable for all
> resources.


I'm not sure I understand what you're saying here. It is perfectly reasonable 
to want to ensure that things which aren't webservers are, in fact, not running 
as webservers, If I want to leave a particular resource unmanaged, then just 
don't put anything in the !X class (or the X class, for that matter).  Maybe we 
have different approaches to how we manage resources, but I genuinely can't 
think of an example of where you would want some hosts to be X, some to be !X, 
and some to be unknown, which is kind of what I think you're saying here, 
because I can't think of anyway that "unmanaged" doesn't mean "unknown".

Darrell

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet 2.6.x fate

[Jacob Helwig]

On Thu, 14 Jul 2011 09:53:36 -0700, PBWebGuy wrote:
> 
> Hi Mike,
> 
> I wanted to comment on bug http://projects.puppetlabs.com/issues/7680
> which is a regression introduced in 2.6.8.  I recently ran into this
> issue and had to downgrade to 2.6.7 from 2.6.8.  When I discovered the
> issue I tried upgrading to 2.6.9 and it was still an issue.
> 
> The problem is simply that if the source points to a symlinked file,
> the md5 calculation fails.  This bug has prevented me from moving
> forward and would love to see it get fixed.
> 
> I wanted to vote on the bug but I have not figured out how to get some
> level of access to the bug tracking system.  I also have a few other
> bugs that I would like to report but the process is not clearly
> documented.
> 
> Thanks,
> 
> John
> 

You should be able to vote on the issue once you've logged in.  It
shouldn't require any special permissions.

I'm guessing you've already created an account on the Redmine
instance[1]?

As far as reporting other bugs: Once you've logged in, you should be
able to click the New Issue link[2] when you're viewing the appropriate
project.  There isn't really much "process" around it.  We appreciate if
you check for a pre-existing ticket before filing a new one, but it's
not like we'll get angry if you don't spot that it's duplicate.

[1] https://projects.puppetlabs.com/account/register
[2] https://projects.puppetlabs.com/projects/puppet/issues/new

-- 
Jacob Helwig
,
| Join us for PuppetConf, September 22nd and 23rd in Portland, OR
| http://bit.ly/puppetconfsig
`


signature.asc
Description: Digital signature

[Puppet Users] Re: puppetrun/puppet kick

[Craig White]

Too stupid a question? (puppet kick seems to be identical to puppetrun command 
as discussed in Pro Puppet book)

I spent enough time looking through puppet documentation and googling and 
couldn't solve it so I asked...

On Jul 12, 2011, at 4:21 PM, Craig White wrote:

> Can't seem to make it work
> 
> puppet 2.6.8 (client/server)
> 
> # puppet kick -f ubuntu4.ttinet
> Triggering ubuntu4.ttinet
> Host ubuntu4.ttinet failed: Error 400 on SERVER: 'save ' is not an allowed 
> value for method directive
> ubuntu4.ttinet finished with exit code 2
> Failed: ubuntu4.ttinet
> 
> root@ubuntu4:~# cat /etc/puppet/auth.conf
> path /run 
> method save 
> allow *
> 
> root@ubuntu4:~# cat /etc/puppet/namespaceauth.conf
> [puppetrunner]
>  allow *
> 
> root@ubuntu4:~# grep listen /etc/puppet/*
> /etc/puppet/puppet.conf:  listen = true
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppetrun/puppet kick

[Nick Lewis]

On Tuesday, July 12, 2011 at 4:21 PM, Craig White wrote:

> Can't seem to make it work
> 
> puppet 2.6.8 (client/server)
> 
> # puppet kick -f ubuntu4.ttinet
> Triggering ubuntu4.ttinet
> Host ubuntu4.ttinet failed: Error 400 on SERVER: 'save ' is not an allowed 
> value for method directive
> ubuntu4.ttinet finished with exit code 2
> Failed: ubuntu4.ttinet
> 
> root@ubuntu4:~# cat /etc/puppet/auth.conf
> path /run 
>  method save 
>  allow *
> 
> root@ubuntu4:~# cat /etc/puppet/namespaceauth.conf
> [puppetrunner]
>  allow *
> 
> root@ubuntu4:~# grep listen /etc/puppet/*
> /etc/puppet/puppet.conf: listen = true
> 
It looks like you have a trailing space on your "method save" line, and Puppet 
is taking that to mean method "save " (note the space). Remove that and you 
should be okay.

See ticket #5010.
http://projects.puppetlabs.com/issues/5010

> -- 
> Craig White ~~ craig.wh...@ttiltd.com 
> (mailto:craig.wh...@ttiltd.com)
> 1.800.869.6908 ~~~ www.ttiassessments.com 
> (http://www.ttiassessments.com) 
> 
> Need help communicating between generations at work to achieve your desired 
> success? Let us help!
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com 
> (mailto:puppet-users@googlegroups.com).
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com 
> (mailto:puppet-users+unsubscr...@googlegroups.com).
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppetrun/puppet kick

[Craig White]

On Jul 14, 2011, at 10:50 AM, Nick Lewis wrote:

> On Tuesday, July 12, 2011 at 4:21 PM, Craig White wrote:
> 
>> Can't seem to make it work
>> 
>> puppet 2.6.8 (client/server)
>> 
>> # puppet kick -f ubuntu4.ttinet
>> Triggering ubuntu4.ttinet
>> Host ubuntu4.ttinet failed: Error 400 on SERVER: 'save ' is not an allowed 
>> value for method directive
>> ubuntu4.ttinet finished with exit code 2
>> Failed: ubuntu4.ttinet
>> 
>> root@ubuntu4:~# cat /etc/puppet/auth.conf
>> path /run 
>> method save 
>> allow *
>> 
>> root@ubuntu4:~# cat /etc/puppet/namespaceauth.conf
>> [puppetrunner]
>> allow *
>> 
>> root@ubuntu4:~# grep listen /etc/puppet/*
>> /etc/puppet/puppet.conf: listen = true
>> 
> It looks like you have a trailing space on your "method save" line, and 
> Puppet is taking that to mean method "save " (note the space). Remove that 
> and you should be okay.
> 
> See ticket #5010.
> http://projects.puppetlabs.com/issues/5010

indeed - which of course comes from Pro Puppet which gives it all as a one 
liner...

path /run method save allow foreman.example.com

which clearly didn't work which is when I put them on separate lines but 
obviously leaving the space there for it to give me that error. Ugh

Thanks

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] LDAP ENC

[Rob McBroom]

On Jul 14, 2011, at 1:16 PM, Craig White wrote:

> Seems straight forward enough but I keep getting errors. On a client...
> 
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed when searching for node ubuntu5.ttinet: LDAP Search failed

Have you looked at the logs on the LDAP server to see if the connection is 
being made and what the results are?

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade

[Gustavo Soares]

Hi Nigel,

here we go...

* all my classes are "included" (I was still using 0.25.x...)
* In my $confdir/manifests/classes/roles I have a very generic class for all
puppet hosts declared as follow:

class role_puppet_common {
$role = "puppet_common"
include common
 include puppet::common
include puppet::user
}

in $confdir/manifests/site.pp I have the following line...

[...]

import "classes/roles/*"

[...]


the weird "Could not find class" problem occurs for class puppet::common

my directory structure is as follow:

...
$confdir/modules/puppet/
$confdir/modules/puppet/manifests
$confdir/modules/puppet/manifests/init.pp
$confdir/modules/puppet/manifests/classes/
$confdir/modules/puppet/manifests/classes/common.pp
...

in $confdir/modules/puppet/manifests/init.pp  I have:

import "puppet/classes/*"

and in $confdir/modules/puppet/manifests/classes/common.pp

class puppet::common {

...

}


* my modulepath declared in puppet.conf is as follow:

modulepath  = /mnt/puppet/conf/modules:/mnt/puppet/othermodules

where /mnt/puppet/conf is set to $confdir.


That's it!

As I said before, when I downgraded to version 2.6.9 everything worked fine.

Thanks in advance,
Gus


On Thu, Jul 14, 2011 at 11:59 AM, Nigel Kersten wrote:

>
>
> On Wed, Jul 13, 2011 at 2:26 PM, Gus  wrote:
>
>> Hi!
>>
>> I've also noticed this (weird) behaviour. I am planning an (huge)
>> upgrade (from 0.25.x to 2.7.1) in all my puppet's boxes...
>>
>> I've installed puppet's 2.7.1 gem and got a lot of "Could not find
>> class" problem... and everything worked just fine with 0.25.x.
>>
>> So, I decided to uninstall the gem for version 2.7.1 and install
>> puppet version 2.6.9.
>>
>> Everything worked just fine... no weird "Could not find class"
>> problem...
>>
>> am I missing something?
>>
>
> You need to give us a few more details.
>
> * name of the classes that are failing and succeeding autoloading
>
* How you're declaring the classes (include vs parameterized class
> declaration)
>
* the file paths that contain the classes that fail and succeed
> * some info about the modulepath for this environment.
> * whether you're using 'import' anywhere.
>
>
>
>
>
>>
>> Thanks in advance,
>> Gus
>>
>> On Jul 13, 11:03 am, Nigel Kersten  wrote:
>> > On Tue, Jul 12, 2011 at 11:29 PM, Peter Meier > >wrote:
>> >
>> >
>> >
>> > > Puppet has quite a powerfull autoloading feature of classes and I
>> think
>> > > it can be seen as a general best practice to have one class in a file
>> in
>> > > its corresponding path on the filesystem.
>> >
>> > What he said. :)
>> >
>> > Life really does become a lot simpler if you avoid 'import' everywhere
>> you
>> > can and just rely upon the class autoloader.
>> >
>> > --
>> > Nigel Kersten
>> > Product Manager, Puppet Labs
>> > Twitter: @nigelkersten
>> >
>> > *Join us for **PuppetConf *
>> > September 22nd and 23rd in Portland, Oregon, USA.
>> > *
>> > *
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
>
> --
> Nigel Kersten
> Product Manager, Puppet Labs
> Twitter: @nigelkersten
>
> *Join us for **PuppetConf *
> September 22nd and 23rd in Portland, Oregon, USA.
> *
> *
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] LDAP ENC

[Craig White]

On Jul 14, 2011, at 11:16 AM, Rob McBroom wrote:

> On Jul 14, 2011, at 1:16 PM, Craig White wrote:
> 
>> Seems straight forward enough but I keep getting errors. On a client...
>> 
>> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
>> Failed when searching for node ubuntu5.ttinet: LDAP Search failed
> 
> Have you looked at the logs on the LDAP server to see if the connection is 
> being made and what the results are?
-
doesn't appear to actually do anything other than bind - I don't see the 
results of any search operation when I run slapd trace level (-d 1)

slap_listener_activate(7): 
>>> slap_listener(ldap:///)
connection_get(18): got connid=1000
connection_read(18): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 39 contents:
op tag 0x60, time 1310668120
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: 
<<< dnPrettyNormal: , 
do_bind: version=3 dn="cn=admin,dc=ttinet,dc=local" method=128
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=53
ber_flush2: 67 bytes to sd 18
do_bind: v3 anonymous bind
slap_listener_activate(7): 
>>> slap_listener(ldap:///)
connection_get(19): got connid=1001
connection_read(19): checking for input on id=1001
ber_get_next
ber_get_next: tag 0x30 len 39 contents:
op tag 0x60, time 1310668120
ber_get_next
conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
>>> dnPrettyNormal: 
<<< dnPrettyNormal: , 
do_bind: version=3 dn="cn=admin,dc=ttinet,dc=local" method=128
send_ldap_result: conn=1001 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=53
ber_flush2: 67 bytes to sd 19
do_bind: v3 anonymous bind
^Cdaemon: shutdown requested and initiated.
connection_close: conn=1000 sd=18
connection_close: conn=1001 sd=19

and running slapd at -d 32 (filters) dead silence after startup and issuing 
command from a client

;-(

This may have something to do with it... Puppet documentation on LDAP ENC says

ruby -rldap -e 'puts :installed'

If this returns installed then you can try:

ruby -rpuppet -e 'p Puppet.features.ldap?'

but the second fails - perhaps because I am using puppet 2.6.8 installed from 
gem.

ruby: no such file to load -- puppet (LoadError)

# gem list --local | grep -e "activeldap" -e "ruby-ldap"
activeldap (3.1.0)
ruby-ldap (0.9.11)

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] LDAP ENC

[Rob McBroom]

On Jul 14, 2011, at 2:41 PM, Craig White wrote:

> doesn't appear to actually do anything other than bind - I don't see the 
> results of any search operation when I run slapd trace level (-d 1)

It’s reporting error 53 when you bind, which is “unwilling to perform”. I think 
the only time I’ve seen that is using proxy authorization for chained updates 
(which are already proxied). But that wouldn’t explain this. It could be 
something with the access rules. For instance, my server won’t accept simple 
authentication unless TLS or SSL are used (but I had to explicitly configure 
that). Are you able to bind with that user from the command line?

Or another approach: It looks like you were able to get the details for that 
host anonymously on the command-line. Is there any reason you want Puppet to 
authenticate when searching?

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] LDAP ENC

[Craig White]

On Jul 14, 2011, at 12:32 PM, Rob McBroom wrote:

> On Jul 14, 2011, at 2:41 PM, Craig White wrote:
> 
>> doesn't appear to actually do anything other than bind - I don't see the 
>> results of any search operation when I run slapd trace level (-d 1)
> 
> It’s reporting error 53 when you bind, which is “unwilling to perform”. I 
> think the only time I’ve seen that is using proxy authorization for chained 
> updates (which are already proxied). But that wouldn’t explain this. It could 
> be something with the access rules. For instance, my server won’t accept 
> simple authentication unless TLS or SSL are used (but I had to explicitly 
> configure that). Are you able to bind with that user from the command line?
> 
> Or another approach: It looks like you were able to get the details for that 
> host anonymously on the command-line. Is there any reason you want Puppet to 
> authenticate when searching?

Yes, I allow an anonymous bind to read from there but my ultimate plan is to 
try to get foreman to write configurations there which is why I need to bind as 
a user - which does work from CLI (obviously I can't use %s as in the filter)

# ldapsearch -x '(&(objectclass=puppetClient)(cn=ubuntu5.ttinet))' -D 
'cn=admin,dc=ttinet,dc=local' -W
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (&(objectclass=puppetClient)(cn=ubuntu5.ttinet))
# requesting: ALL
#

# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu.ttinet
cn: ubuntu5.ttinet
puppetClass: baseclass
puppetClass: nginx::configure: {$fqdn}
puppetClass: nginx::vhost: {$fqdn: port => 80, ssl => false, priority => 10, p
 assenger_enable => 'Yes', serveraliases => ['alias1', 'alias2']}

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

same user/password as I have configured in puppet.conf

It does happen to work if I comment out the username & password

It doesn't work even if I use rootbinddn and rootbinddn password

;-(

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: how to write classes to install package from source

[Scott Smith]

Use fpm  http://github.com/jordansissel/fpm
On Jul 14, 2011 10:08 AM, "KarthiKeyan. Kesavan"  wrote:
> Hi guys,
>
> Thanks a lot for the suggestions .
>
> Regards
>
> K.Karthikeyan
>
> On Thu, Jul 14, 2011 at 7:33 PM, Al @ Lab42  wrote:
>
>> Thanks for the suggestions, they are going to be merged.
>> That's a define I did various years ago that actually has been useful in
>> various cases (I do agree that it's better to use packages, but sometimes
>> this is the quickest and saner approach).
>>
>> Al
>>
>>
>> On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
>>>
>>> On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
>>> > command => "mkdir -p $destination_dir ; cd
>>> > $destination_dir ; $extract_command $work_dir/$source_filename",
>>> Nice. But I would suggest changing ';' to '&&'. That way, if the
>>> mkdir or cd fail you don't end up
>>> trying to extract the archive in the wrong directory.
>>>
>>> command => "mkdir -p $destination_dir && cd $destination_dir &&
>>> $extract_command $work_dir/$source_filename",
>>>
>>> Also consider
>>>
>>> unless => "test -d ${destination_dir }/${extracted_dir}",
>>>
>>> or even better
>>>
>>> creates => "${destination_dir }/${extracted_dir}",
>>>
>>> for the repetition guard.
>>>
>>> --
>>> vagn
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
>>
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] facts_terminus = rest

[Glenn Bailey]

Anyone using this? I'm trying to setup a separate inventory server for
multiple puppet masters to report back. For testing purposes I have in
my auth.conf:

path /facts
auth any
method find, search
allow *

Then on the "slave" puppet masters I have in the puppet.conf [master] section:

facts_terminus = rest
inventory_server = SERVER.DOMAIN.BLAH
inventory_port = 8140

Then when I run I puppet agent --test, I simply get the following:

err: Could not retrieve catalog from remote server: Error 400 on
SERVER: certificate verify failed

Throwing the puppet master into debug mode and I see the exact same
error w/o anything else. I can't seem to find any documentation on
this sans the standard:

http://docs.puppetlabs.com/guides/inventory_service.html

I saw a previous mention about a possible bug on the mailing list here:

http://groups.google.com/group/puppet-users/browse_thread/thread/682402305dc01ea9

But never saw anything else .. :-( Does the "master fact" server need
to be a certificate authority as well?

-- 
I've seen things you people wouldn't believe. Attack ships on fire off
the shoulder of Orion. I watched C-beams glitter in the dark near the
Tannhauser gate. All those moments will be lost in time... like tears
in rain... Time to die.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: What is the best practice to clean up installed components on a node?

[jcbollinger]

On Jul 14, 12:16 pm, Darrell Fuhriman  wrote:
> > Puppet does not keep track of the state before applying a resource.
> > Even if Puppet *did* track prior state, there would still be an issue
> > of choosing which of possibly many prior states to revert to.
>
> I'm not asking puppet to know what to do, which I agree is ridiculous. I'm 
> saying that if and only if I've defined X::disabled, automatically run it on 
> every host which does not include X. If X::disabled isn't defined, then don't 
> do anything.  Probably a better way to think of it instead of X::disabled is 
> that for ever class X there is an implicitly defined not-X class, which is 
> empty until I define it. For example:
>
> class webserver {
>         package {apache: ensure => installed}
>         service {apache: ensure => running}}
>
> class !webserver {
>         package {apache: ensure => absent}}
>
> class dnsserver {
>         [...]
>
> }
>
> node "foo" {
>  include webserver}
>
> node "bar" {
>  include dnsserver
>
> }
>
> On node bar, !webserver would get executed, but because I haven't defined 
> !dnsserver, node foo wouldn't do anything related to dnsserver.


That still isn't sensible.  It simply is not safe to assume that the
absence of class X in a node's catalog is a signal that X::disabled
should be included in that catalog.  For instance, suppose I have a
pair X, X::disabled of classes specific to OS X.  I don't want *either
one* on my CentOS boxes.

Consider also what happens when X, Y, X::disabled, and Y::disabled all
exist, and Y::disabled includes X. Suppose that after Puppet's initial
pass to choose which classes to include, it sees that neither X nor Y
is included, so it adds X::disabled and Y::disabled.  But Y::disabled
includes X, so X::disabled shouldn't be included after all!  Or should
it?


> >> As it is now, one still has to go through and add X::disabled to every 
> >> host, which is largely defeating the purpose of having a X::disabled class 
> >> in the first place. (That purpose, for those not paying attention, is to 
> >> make sure that things are in a known state, including services *not* 
> >> running where they shouldn't be.)
>
> > I disagree.  The purpose of having an X::disabled is to define what
> > exactly you do want when you explicitly want to exclude X.  Which
> > nodes should have that state ensured is an entirely separate (and not
> > clear-cut) question.  "Unmanaged" may not be the state you want for
> > certain resources, but it is not inherently undesirable for all
> > resources.
>
> I'm not sure I understand what you're saying here. It is perfectly reasonable 
> to want to ensure that things which aren't webservers are, in fact, not 
> running as webservers,


No argument there.


> If I want to leave a particular resource unmanaged, then just don't put 
> anything in the !X class (or the X class, for that matter).


Fair enough.  Your clarification of how you imagined the feature
working clears up that bit.


>  Maybe we have different approaches to how we manage resources, but I 
> genuinely can't think of an example of where you would want some hosts to be 
> X, some to be !X, and some to be unknown, which is kind of what I think 
> you're saying here, because I can't think of anyway that "unmanaged" doesn't 
> mean "unknown".


Classes specific to a particular OS are such an example with respect
to nodes running a different OS.  Dev and test boxes present a wide
variety of examples where looser management of some resources may be
desired than for production boxes.



John


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] More ENC / LDAP difficulty

[Craig White]

Ignoring my inability to authenticate for the time being, if I define classes 
in LDAP, it seems that doesn't work:

# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu5.ttinet
parentNode: baseclass
puppetClass: etc
puppetClass: apt
puppetClass: apt::get_update
puppetClass: subversion
puppetClass: mongodb
puppetClass: gems::passenger
puppetClass: apache::service
puppetClass: apache::install
puppetClass: prerequisite::apache
puppetClass: prerequisite::compiler
puppetClass: prerequisite::compression
puppetClass: prerequisite::ssl

and a puppet apply comand on this client spits out...

info: Applying configuration version '1310682102'
err: /Stage[main]/Mongodb::Service/Service[mongodb]: Could not evaluate: Could 
not find init script for 'mongodb'
err: /Stage[main]/Apache::Service/Service[apache2]: Could not evaluate: Could 
not find init script for 'apache2'
notice: Finished catalog run in 0.43 seconds

It seems to completely ignore 'require' items - for example, apache2 and 
mongodb init scripts are not there because the package needs to be installed 
before the service is run (obviously)

but the 'require' functions work fine if I comment out the enc/ldap setup and 
go back to my flat file configuration and don't change a single manifest file...

(from nodes.pp)
node 'ubuntu5.ttinet' {
  include baseclass
  include everyone_but_puppetmaster
  include mongodb
  include nginx_server
}
(from templates.pp)
class nginx_server {
  include gems::passenger
  include prerequisite::compiler
  include prerequisite::compression
  include prerequisite::ssl
}
class everyone_but_puppetmaster {
  include etc
  include mod_puppet
  include apt::updates
}

info: Applying configuration version '1310682488'
notice: /Stage[main]/Nginx::Install/File[/etc/init.d/nginx]/ensure: defined 
content as '{md5}a0a5d4b2974a6903f62b417d313f25b8'
info: /Stage[main]/Nginx::Install/File[/etc/init.d/nginx]: Scheduling refresh 
of Service[nginx]
notice: /Stage[main]/Nginx::Install/Exec[Installing nginx via 
passenger]/returns: executed successfully
notice: /Stage[main]/Nginx::Install/File[/opt/nginx/sites]/ensure: created
notice: 
/Stage[main]//Node[ubuntu5.ttinet]/Nginx::Vhost[test5.ttinet]/File[/opt/nginx/sites/11-test5.ttinet]/ensure:
 defined content as '{md5}dd8587e4c99f91c5857ec6f9b8e31e83'
info: 
/Stage[main]//Node[ubuntu5.ttinet]/Nginx::Vhost[test5.ttinet]/File[/opt/nginx/sites/11-test5.ttinet]:
 Scheduling refresh of Service[nginx]
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed 
'stopped' to 'running'
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 2 
events
notice: /Stage[main]/Mongodb::Install/Package[mongodb-10gen]/ensure: ensure 
changed 'purged' to 'present'
info: /Stage[main]/Mongodb::Install/Package[mongodb-10gen]: Scheduling refresh 
of Service[mongodb]
notice: /Stage[main]/Mongodb::Service/Service[mongodb]/enable: enable changed 
'false' to 'true'
notice: /Stage[main]/Mongodb::Service/Service[mongodb]: Triggered 'refresh' 
from 1 events
notice: Finished catalog run in 5.89 seconds

I'm on puppet 2.6.8 and by all readings of the web site and Pro Puppet, I 
should not be having these problems with ENC on LDAP

I gave up on trying to 'chain' using parentnode in LDAP because that simply 
hasn't worked and tried to simplify things but still...

-- 
Craig White ~~  craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?

[Darrell Fuhriman]

> 
> That still isn't sensible.  It simply is not safe to assume that the
> absence of class X in a node's catalog is a signal that X::disabled
> should be included in that catalog.  For instance, suppose I have a
> pair X, X::disabled of classes specific to OS X.  I don't want *either
> one* on my CentOS boxes.

Fair enough.  I habitually write classes with something like:
class foo {
case $operatingsystem {
default: { fail ("X is not implemented for $operatingsystem") }
centos {[...]}
darwin: {[...]}
   }
  []
}

So your scenario wouldn't affect me anyway. But I'm anal-rententive that way. I 
can't imagine why you *wouldn't* do that if you're going to be running on more 
than one platform.

I actually wish puppet had a 'confine' parameter for classes like it does for 
custom facts. It would make it easier to avoid shooting yourself in the foot.

  class foo {
confine $kernel => ['Linux', 'Darwin']
  }

Anyway, it's a problem, yes, but not an insurmountable one.


> Consider also what happens when X, Y, X::disabled, and Y::disabled all
> exist, and Y::disabled includes X. Suppose that after Puppet's initial
> pass to choose which classes to include, it sees that neither X nor Y
> is included, so it adds X::disabled and Y::disabled.  But Y::disabled
> includes X, so X::disabled shouldn't be included after all!  Or should
> it?

Well, in that situation the right answer would be that only X is included. How 
much work that is to implement in the current puppet parser, I have no idea. 
But that's irrelevant to the question at hand.

Plus, why the hell would anyone want to do that? If you put includes into your 
!X classes, you've clearly failed to understand the concept and should be taken 
far away from any keyboards and put into a systems administration re-education 
camp. I'd go so far as to say that any !X class could not include another class 
at all. (And obviously !X classes could not be included explicitly anywhere, 
since that's also fundamentally missing the point.)

> 
>>  Maybe we have different approaches to how we manage resources, but I 
>> genuinely can't think of an example of where you would want some hosts to be 
>> X, some to be !X, and some to be unknown, which is kind of what I think 
>> you're saying here, because I can't think of anyway that "unmanaged" doesn't 
>> mean "unknown".
> 
> 
> [...] Dev and test boxes present a wide
> variety of examples where looser management of some resources may be
> desired than for production boxes.


*shudder*  Down that path lies madness, if you ask me.  To my mind, either 
something's managed or it isn't – there is no alternative that doesn't end in 
tears. But again, these things are easily solved by saying something like:

class !foo {
  case $environment {
default: { #do nothing }
   production: { # do stuff }
  }
}

Because then at least you're forced to be explicit about what your management 
policy is, even if that policy is "we let dev machines do whatever they want to 
service foo".

But that's because I want the puppet configs to be the first (and ideally only) 
place I need to go to find out what a given system's state is. That's why I 
automate in the first place. It's also the basis for my wanting a !X class – 
because currently I have no easy way of knowing if node Y is running a 
webserver or not without logging into it and checking. If I had a !webserver 
class, I could feel confident that node Y is not a webserver just by looking at 
the puppet configs.

That's good for security, good for auditing, good for performance, and good for 
piece of mind. :)

Darrell

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Problem to start puppet

[Anton]

Hello
Im following this guide
http://aaronwalrath.wordpress.com/2010/09/03/installing-and-configuring-puppet-on-centos-linux/
(running centos 5.6). But when i try  puppetmasterd --verbose --no-
daemonize on the supposed server machine it only prints (like cat) /
etc/puppet/puppet.conf. in the terminal and nothing more.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5

[Michael Stahnke]

I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6  available

http://stahnma.fedorapeople.org/puppetlabs/


I'm working on Fedora 14/15 builds currently also.

These also are not currently signed, and there is no stahnma-repo rpm
or anything like that.  I'm basically just trying scratch an itch a
few people have.

This won't be a permanent location.  We are working on updating and
official puppet labs repository as well.



Mike

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using puppet to import database on client side

[newguy]

Hi guys
I have database dump available on pastebin/exzxzxz

I want the puppet server to download the dump from pastebin and store
it at a fixed location(suppose /home/dump) and then open mysql on the
client side(mysql is installed on the client)  and run the import
command so that the downloaded dump is used to make a database on the
client .

Please help guys.

Both client and server are Ubuntu 10.04.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

[Sriramu Singaram]

Hi Guyz,

After lot of changes, I finally found out the solution for the
problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet
file.

Once I removed this file everything works perfectly. Apparently this
file I guess overrides the  commandline flags I give to puppetd when
starting it up like this usr/sbin/puppetd --certname=xxx.xx --
logdest=/var/log/cloud/puppet/puppet.log

when I did a ps aux | grep puppet, I found that the puppet process
eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd
-logdest=/var/log/puppet/puppet.log

the certname option was totally ignored here also note that the log is
actually stored under /log/puppet. I still do not understand how this
file could affect the hostname for certificate creation strangely
things are working perfectly now even when I do not force the puppetd
with the --certname flag.


Thanks,
Sriramu




On Jul 1, 9:02 pm, Sriramu Singaram  wrote:
> Thank you very much for the reply Guyz. I really appreciate it. I am
> working on CentOS and as suggested I tried turning off the nscd
> service with no success.
>
> I am curently working setting the hostname in the different
> configuration files, hope it works.
>
> will keep you guys posted.
>
> Thanks,Sriramu
>
> On Jul 1, 9:01 am, jcbollinger  wrote:
>
>
>
> > On Jun 30, 10:57 am, Nigel Kersten  wrote:
>
> > > As an aside that really isn't that relevant to the OP, I've had good 
> > > success
> > > with nsscache in the past.
>
> > >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache
>
> > That's cool.  I'll have to study it is a possible solution for some of
> > my current problems, such as laptops that can't reach our name
> > services when they're off our internal network.  Thanks!
>
> > John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname

[Sriramu Singaram]

Also, I did not have to modify any of the other files like /etc/hosts
or /etc/sysconfig/network.

Thanks,
Sriramu

On Jul 14, 5:47 pm, Sriramu Singaram  wrote:
> Hi Guyz,
>
> After lot of changes, I finally found out the solution for the
> problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet
> file.
>
> Once I removed this file everything works perfectly. Apparently this
> file I guess overrides the  commandline flags I give to puppetd when
> starting it up like this usr/sbin/puppetd --certname=xxx.xx --
> logdest=/var/log/cloud/puppet/puppet.log
>
> when I did a ps aux | grep puppet, I found that the puppet process
> eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd
> -logdest=/var/log/puppet/puppet.log
>
> the certname option was totally ignored here also note that the log is
> actually stored under /log/puppet. I still do not understand how this
> file could affect the hostname for certificate creation strangely
> things are working perfectly now even when I do not force the puppetd
> with the --certname flag.
>
> Thanks,Sriramu
>
> On Jul 1, 9:02 pm,SriramuSingaram  wrote:
>
>
>
> > Thank you very much for the reply Guyz. I really appreciate it. I am
> > working on CentOS and as suggested I tried turning off the nscd
> > service with no success.
>
> > I am curently working setting the hostname in the different
> > configuration files, hope it works.
>
> > will keep you guys posted.
>
> > Thanks,Sriramu
>
> > On Jul 1, 9:01 am, jcbollinger  wrote:
>
> > > On Jun 30, 10:57 am, Nigel Kersten  wrote:
>
> > > > As an aside that really isn't that relevant to the OP, I've had good 
> > > > success
> > > > with nsscache in the past.
>
> > > >http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache
>
> > > That's cool.  I'll have to study it is a possible solution for some of
> > > my current problems, such as laptops that can't reach our name
> > > services when they're off our internal network.  Thanks!
>
> > > John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ANNOUNCE: Puppet Dashboard 1.2rc1

[Michael Stahnke]

This a feature release candidate of Puppet Dashboard.


This release is available for download at:
http://downloads.puppetlabs.com/dashboard/

We have included Debian and RPM packages as well as a tarball.

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an
affected version of 1.2rc1
http://projects.puppetlabs.com/projects/dashboard


Highlights Include:

* Moved to Apache 2.0 License
* LOTS of UI improvements
* Updated version of Rails
* Now Requires Ruby 1.8.7
* Has Delayed Jobs (puppet-dashboard-workers) for async actions
* Several performance improvements


More Details
===
d389d8b (#7568) Relicense to Apache-2.0 License
57d0122 (#8276) Remove MaRuKu dependency
a44d9ff (#8262) Show node groups even when node classification is disabled
3996b29 (#8262) Create callbacks for each section of node_classification partial
5dac13a (#8199) Move 'failed' resources to the top when viewing report events
2a3a73c (#7967) Improved user-facing design for delayed job warnings
c78b85a (#8266) Back-end logic for splitting read and unread DJ failures.
15bba31 (#8121) Properly generate CSS from SASS in production.
a9abf41 (#8101) Updated to new version of Tipsy plugin
9cb5e55 (Maint) More generalized tabbed interface
fbe11aa (#8196) Adjust content width based on body classes.
e756c25 (#8196) Add a body class describing sidebar state.
23cbef1 (#8196) Clean up body class manipulation.
3670e2b (#8146) Change default DASHBOARD_URL in external_node to localhost
81ec3c0 (#8090) Update .gitignore to ignore plugin files
6f117fc (#8022) Don't fail when installing plugin without `public` directory
07a9407 (#8022) Create a hook for plugins to add items to  in layout
64be352 (#7967) Add default value for read column of delayed_job_failures
240c548 (#7967) Infrastructure for displaying background failures.
8038cce (#7389) Don't auto-start DelayedJob workers.
933ae04 (#7389) Cheaper unique filenames for spooled reports.
b4384eb (#7398) Support externally managed DelayedJob workers.
184e65b (#7689) Rake task to support parallel report POSTing.
2333c08 (#5947) Rename Destroy button to Delete
2fb0ac1 (#7976) Fixed static debug data in view
393970d (#7976) Node filter links in sidebar work in all cases
4ba3d23 (#7398) Configurable DelayedJob worker count.
e839884 (#7938) Delayed import from file, not YAML string.
d24c323 (#7973) Refactor colors for changed/unchanged
58c2b52 (#7398) Use DelayedJob for background processing.
6aefc60 (#7938) Add daemons gem to support DelayedJob
7395369 (#7398) Vendor DelayedJob for background tasks.
05040d9 (#7958) Allow plugins to add top level navigation
c4d2f26 (#7597) Better integration of node summaries
4ad9cbc (#7913) Upgrade rspec and rspec-rails vendored gems
c09b650 (#7913) Fix tap deprecation warning
d88da0e (#7913) Update README to say we only support Ruby 1.8.7
acdc31f (#7913) upgrade will_paginate gem to avoid deprecation warnings
e935b8d (#7913) vendor newer version of RDoc
ce9be98 (#7913) Fix deprecation warning for config.load_paths
dd8f277 (#7913) Upgrade vendored haml gem and vendor sass
dd88d74 (#7913) vendor json_pure since it was an undocumented dependency
789c1b7 (#7913) Upgrading from Rails 2.3.4 to 2.3.12
060799f (#7597) Reformat node view CSV link
3726771 (#7280) Edit outdated information about the inventory service
a02113a (#7597) Change empty tab display, report tab ordering, link expansion
b62bf4c (#7597) Add count to pagination link, fix duplicate tags
9f06f58 (#7597) Display only relevant columns in node tables
96bb99c (#7597) Add "help" link to node summary.
95f870e (#6992) Add totals row for resource status counts to node view
44a145c (#7544) Group report resources by status
c2e2c63 (#7840) Increase consistency of status definitions and remove old code
dd5e610 (#7674) Add pending to the run status stacked bar graph
a58d06d (#6992) Show a summary of nodes x resources on home page.
9d71cd2 (#7630) Denormalize ResourceStatus status and count calculations
6e03872 (#6528) Cleanup implementation of `::words`.
2b53c29 (#6528) Remove hideous Array monkeypatch.
0312ea2 (#7007) Stream node CSV download
87b3e91 (#7007) Add a link to the home page to download nodes in CSV
1af5e86 (#7007) Add support for CSV to nodes index
2829a8b (#7007) Add custom CSV output for nodes with resources
11aa643 (#7007) Use a custom property list for ResourceStatus.to_csv
fc0fe85 (#7007) Add support for CSV output
d2184e4 (#7537) Use #titleize for report tab names.
12b035d (#7537) Add reasonable defaults for report tab names.
b230077 (#7560) Clean up the Dashboard index for 0 nodes.
6fe8513 (#6991) Add the Node Status summary graph.
8e70035 (#6991) Massage Node named scopes.
57d6b6b (#6991) Cleanup of excessively long lines.
db61b1b (#6537) Add a pending scope to nodes
552c760 (#5126) Support HTTP basic auth in bin/external_node
a85c681 (#6537) Add a pending scope to nodes
cf1410a

[Puppet Users] new variable scoping in templates

[lurdan]

hi,

What's the best way to refer variables which pass as defined resource
parameter
from template erbs?

I've been made many modules which has resource definitions containing
file templating.
After I upgrade my puppet version to 2.7.0rc (debian experimental),
I'm getting many
warnings "Dynamic lookup is deprecated.  Support will be removed in
Puppet 2.8.".

I can surpress this warnings with rewriting from:
<%= some_arg %>
to:
<%= scope.to_hash.fetch('some_arg') %>, but this should be bad way
because
it seems ugly and meaningless.
(It's not an explicit scope declaration, simply variable-syntax
longed...)

regards,
--
KURASHIKI Satoru

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?

[Scott Smith]

You never heard of nmap, eh? If you want to start talking about security and
auditing, that's a whole other can of worms.

It's a bad idea to assume that Defined State and Actual State will match.

Anyway, I think you're forgetting that node state in Puppet is explicit by
nature. What you're asking for defies this.

If your node changes roles, reinstall the OS.

On Thu, Jul 14, 2011 at 4:48 PM, Darrell Fuhriman wrote:
>
> But that's because I want the puppet configs to be the first (and ideally
> only) place I need to go to find out what a given system's state is. That's
> why I automate in the first place. It's also the basis for my wanting a !X
> class – because currently I have no easy way of knowing if node Y is running
> a webserver or not without logging into it and checking. If I had a
> !webserver class, I could feel confident that node Y is not a webserver just
> by looking at the puppet configs.
>
> That's good for security, good for auditing, good for performance, and good
> for piece of mind. :)
>
> Darrell
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] facts_terminus = rest

[Scott Smith]

I personally couldn't get it to work (no facts in Dashboard), but only spent
a short amount of time on it.

On Thu, Jul 14, 2011 at 1:50 PM, Glenn Bailey wrote:

> Anyone using this? I'm trying to setup a separate inventory server for
> multiple puppet masters to report back. For testing purposes I have in
> my auth.conf:
>
> path /facts
> auth any
> method find, search
> allow *
>
> Then on the "slave" puppet masters I have in the puppet.conf [master]
> section:
>
> facts_terminus = rest
> inventory_server = SERVER.DOMAIN.BLAH
> inventory_port = 8140
>
> Then when I run I puppet agent --test, I simply get the following:
>
> err: Could not retrieve catalog from remote server: Error 400 on
> SERVER: certificate verify failed
>
> Throwing the puppet master into debug mode and I see the exact same
> error w/o anything else. I can't seem to find any documentation on
> this sans the standard:
>
> http://docs.puppetlabs.com/guides/inventory_service.html
>
> I saw a previous mention about a possible bug on the mailing list here:
>
>
> http://groups.google.com/group/puppet-users/browse_thread/thread/682402305dc01ea9
>
> But never saw anything else .. :-( Does the "master fact" server need
> to be a certificate authority as well?
>
> --
> I've seen things you people wouldn't believe. Attack ships on fire off
> the shoulder of Orion. I watched C-beams glitter in the dark near the
> Tannhauser gate. All those moments will be lost in time... like tears
> in rain... Time to die.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using puppet to import database on client side

[newguy]

Guys somebody please help


On Jul 14, 5:32 pm, newguy  wrote:
> Hi guys
> I have database dump available on pastebin/exzxzxz
>
> I want the puppet server to download the dump from pastebin and store
> it at a fixed location(suppose /home/dump) and then open mysql on the
> client side(mysql is installed on the client)  and run the import
> command so that the downloaded dump is used to make a database on the
> client .
>
> Please help guys.
>
> Both client and server are Ubuntu 10.04.
>
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Using puppet to import database on client side

[Al @ Lab42]

The quick way is to apply a pair of exec resources on the client machine:
- One that downloads the sql file and the other one (that requires the first 
one) that applies it.
Something like:

exec {
"Retrieve $url":
cwd => "$work_dir",
command => "wget $url",
creates => "$work_dir/$sql_filename",
timeout => 3600,
}

exec {
"Extract $sql_filename":
command => "mysql $mysql_options < $work_dir/$sql_filename",
unless  => "command that checks if the queryfile has been 
processed",
require => Exec["Retrieve $url"],
}


An alternative approach would be to use puppi to "deploy" the sql file using 
this define:
http://github.com/example42/puppi/blob/master/manifests/project/mysql.pp
In order to do this you should:
- Include puppi in your modules ( http://github.com/example42/puppi )
- Write a define like for your client node
puppi::project::mysql { "mysite_sql":
source   => "http://url_to/mysite.sql";,
mysql_user   => "$mysql_user",
mysql_host   => "$mysql_host",
mysql_database   => "$mysql_database",
mysql_password   => "$mysql_password",
report_email => "my@mail",
enable   => "true",
}
- MANUALLY TYPE "puppi deploy mysite_sql" on the client node (or trigger it 
via Puppet with an exec resource like the ones at the beginning).

Note that this Puppi approach might be a bit overkill for your needs: if you 
have to apply the sql file statements only once the first approach is 
quicker, if you plan to manage more or less continuous application 
deployments where developers leave on http://url_to/mysite.sql the changes 
on the database they require, the puppi approach saves time in the long term 
(and gives a lot of extra features).

My2c
Al

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/5rmN0_gmyQ4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Using puppet to import database on client side

[Marek Dohojda]

Personally I don't think using puppet for this would not be the best 
solution.  However here is what I would do.  Write a shell script to do what 
you need, and than use puppet's EXEC statement to launch this command as 
needed.


You could also use custom Fact for this.

For instance have you custom script do the export, while within puppet class 
you have an "if" that looks if a particular fact is true.  if it is set to 
true than launch that exec command to do copy and import on your other host.


Does that make sense?


-Original Message- 
From: newguy

Sent: Thursday, July 14, 2011 10:10 PM
To: Puppet Users
Subject: [Puppet Users] Re: Using puppet to import database on client side

Guys somebody please help


On Jul 14, 5:32 pm, newguy  wrote:

Hi guys
I have database dump available on pastebin/exzxzxz

I want the puppet server to download the dump from pastebin and store
it at a fixed location(suppose /home/dump) and then open mysql on the
client side(mysql is installed on the client)  and run the import
command so that the downloaded dump is used to make a database on the
client .

Please help guys.

Both client and server are Ubuntu 10.04.

Thanks


--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.

To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en. 


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.