Re: [Puppet Users] puppet manifest execution orders
Thanks Nigel. Right now i am using two shell scripts for Mysql Database creation and database restore. These shell scripts are calling from puppet manifest through exec.Can we do these from pure puppet manifest, without shell scripts. Roni On Wed, Jul 13, 2011 at 7:32 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Tue, Jul 12, 2011 at 11:51 PM, Roni roni...@gmail.com wrote: I created manifest for our webserver. manifest included git clone, database creation and restore database etc How to order the installation and exec exactly Roni, you really should have a run through our Learning Puppet series. http://docs.puppetlabs.com/learning/ordering.html -- Nigel Kersten Product Manager, Puppet Labs Twitter: @nigelkersten *Join us for **PuppetConf *http://www.bit.ly/puppetconfsig September 22nd and 23rd in Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet custom fuction run as user pupprt?
I wrote a custom fuction to read a root read-only file, it raised an Permission Denied error. During debug, i found this fuction seems to run as user puppet, it is this a feature or a bug? -- System Administrator, Focus on System Management and Basic Development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet manifest execution orders
Hi All,
I am new in Puppet.I am using github for manifest store.I created following
these three manifest for installing our web based application in ubuntu
systems.I am not using any variables in these.
1. how to implement variables for dbname, document root folder path etc...
in nods.pp file.
2. right now i am using sed command for editing
/etc/apache2/sites-available/default file. is there any other option for
editing this?
3. for installing our application i run puppet -v nodes.pp. this will call
everything. I am using these three manifests.Some time mysql database
restore starts with gitclone database backup from git hub. I set required
with it. I got timeout error on that time.
4.
*A.*
nodes.pp
class web-server {
import 'common/consolidated-common-manifests.pp'
import 'xxx/consolidated-xxx-manifests.pp'
}
node default {
include web-server
}
*B.*
consolidated-xxx-manifests.pp'
# This will execute git clone
exec { gitclone-drupal-db:
command = git clone g...@github.com:XXX/drupal-db.git
/xx/drupal-db/,
}
# This will execute
exec { gitclone-drupal:
command = git clone g...@github.com:netspective/xxx-drupal.git
/var/www/html/xxx.com/xxx-drupal,
require = Exec['gitclone-drupal-db']
}
# This will create
exec { xxx-devl-db-create:
command
=/home/ubuntu/operations/configuration/server/puppet/manifests/xxx/create-xxx-devl-database.sh,
require = Package [mysql-server],
}
# This will restore xxx database
exec { restore-xxx-devl-db:
command =
/home/ubuntu/operations/configuration/server/puppet/manifests/xxx/restore-xxx-master-branch-db-into-mysql.sh,
require = Exec['xxx-devl-db-create']
}
# This will create sym link for files folder
exec { symlink-for-files-folder:
command = ln -s /xxx/xxx-drupal-db/files /var/www/html/.
xxx.com/xxx-drupal/public_site/sites/default/files,
require = Exec['gitclone-xxx-drupal'],
}
*C:*
consolidated-common-manifests.pp'
# CentOS v.5 only
case $operatingsystem {
CentOS: {
$wantedpackages = [
httpd,php,php-mysql,php-mcrypt,php-mhash,php-mbstring ]
package { $wantedpackages:
ensure = installed
}
service { httpd:
ensure = running,
hasstatus = true,
hasrestart = true,
require = Package[httpd],
restart = true;
}
}
# Ubuntu servers
#assume Ubuntu/Debian base..
Ubuntu: {
$wantedpackages = [
apache2,php5,libapache2-mod-php5,php5-cli,php5-mysql,mysql-server,mysql-client
]
package { $wantedpackages:
ensure = installed
}
service { apache2:
hasstatus = true,
hasrestart = true,
ensure = running,
require = Package[apache2]
}
}
} # end case
# put this somewhere global,
Exec { path = [ /bin/, /sbin/ , /usr/bin/, /usr/sbin/ ] }
# This will edit default apache2 conf file
exec { edit-apache2-conf-file:
command = sed -i 's/AllowOverride None/AllowOverride All/'
/etc/apache2/sites-available/default,
require = Package[apache2]
}
# This will increase php memory limit
exec { increase-php-memory-limit:
command = sed -i 's/memory_limit = .*/memory_limit = 384M/'
/etc/php5/apache2/php.ini,
require = Package[php5]
}
exec { edit-documentRoot-folder-path:
command =
/home/ubuntu/operations/configuration/server/puppet/manifests/common/edit-documentRoot-folder-path.sh,
require = Package[apache2]
}
On Thu, Jul 14, 2011 at 11:37 AM, Rony KB roni...@gmail.com wrote:
Thanks Nigel.
Right now i am using two shell scripts for Mysql Database creation and
database restore. These shell scripts are calling from puppet manifest
through exec.Can we do these from pure puppet manifest, without shell
scripts.
Roni
On Wed, Jul 13, 2011 at 7:32 PM, Nigel Kersten ni...@puppetlabs.comwrote:
On Tue, Jul 12, 2011 at 11:51 PM, Roni roni...@gmail.com wrote:
I created manifest for our webserver. manifest included git clone,
database creation and restore database etc How to order the
installation and exec exactly
Roni, you really should have a run through our Learning Puppet series.
http://docs.puppetlabs.com/learning/ordering.html
--
Nigel Kersten
Product Manager, Puppet Labs
Twitter: @nigelkersten
*Join us for **PuppetConf *http://www.bit.ly/puppetconfsig
September 22nd and 23rd in Portland, Oregon, USA.
*
*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
[Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade
I think the way I posted the contents of the modules may have been
misleading, as I do actually have each class in it's own file so
kvm::host class has it's own host.pp file. So far I've actually
noticed this problem only on my modules that make use of the
autoloading, so each class in it's own *.pp file. Not all my modules
suffer from this, but that's one common thing among the ones that do
fail. I'm in the process of moving my other modules to that layout as
they currently have all classes in init.pp, but interestingly enough
none of those modules have had random failures.
- Trey
On Jul 13, 1:29 am, Peter Meier peter.me...@immerda.ch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is using an empty class in init.pp problematic ? All of these modules
worked just fine before going from 2.6.8 to 2.7.1.
I have no idea, whether this is the problem. But why do you do:
# manifests/init.pp
import classes/*.pp
class kvm {
}
# manifests/classes/host.pp
class kvm::host {
?
Why not just have one file manifests/host.pp that contains the kvm::host
class? Everything else is not really necessary.
Puppet has quite a powerfull autoloading feature of classes and I think
it can be seen as a general best practice to have one class in a file in
its corresponding path on the filesystem.
With your current way you would need a global import kvm, so that the
init.pp class is actually parsed, so that the files in classes/ are
imported.
If this is not the case and the kvm::host class is not in a file that
can be found by the autoloader it won't find the class.
This becomes even trickier as other hosts can now interfere which
classes are available while compiling the next hosts classes, as an
import statement might only have been executed if Host A is compiled and
only this would then make these imported classes that Host B requires
available.
Actually, I remember that the autoloader should also look into init.pp
for the kvm::host class. But it's possible that something like that
might have changed in 2.7. But I don't know it.
Due to these two reasones (magic availability of classes, possible
changes in how classes become available in 2.7) I would generally
recommend to *not* use import statements and instead use puppet's
autoloading feature. They're rather hard to debug.
~pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB
M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p
=lWHm
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
All, I used to download the Puppet and Facter RHEL5 rpm packages from http://people.fedoraproject.org/~tmz/repo/puppet/epel/ but the latest version on that site is puppet 2.6.9 and facter 1.5.9. Does anyone know if this site is the still maintained ? or if there are other locations where the rpm's are published Regards, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppet custom fuction run as user pupprt?
On Jul 14, 1:15 am, flex frostyn...@gmail.com wrote: I wrote a custom fuction to read a root read-only file, it raised an Permission Denied error. During debug, i found this fuction seems to run as user puppet, it is this a feature or a bug? This is a feature. Puppet functions run in the master process, which is intentionally unprivileged. Compare with other service daemons, such as web or database servers, which also run without privilege. There are two main possibilities for how you can proceed: 1) If you really did want the function to run on the master then just make the file readable by the Puppet user or group. If there's some reason why that is unsatisfactory, then you'll need to tell us more about what you're trying to do. 2) If you meant the function to be evaluated on the client then a function is the wrong tool. Instead you want a custom fact, a custom type or provider, or possibly an Exec. Any of these will be evaluated / run by the Puppet agent (on the client), which normally runs as root. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Exported Resources with --noop
On Jul 13, 7:03 pm, Gabriel Filion lelu...@gmail.com wrote: On 11-07-13 12:06 PM, Andrew Thompson wrote: When I puppet with the noop flag resources are being exported to the db. Is this expected or a bug? Hmm what version of puppet are you using? I've just encountered exactly this with puppet 0.25.4. ran puppet with -t --noop on a node that has yet never run puppet, and it exported a nagios host. I think it's a bug. If you open an issue about it, send the URL here and I'll go vote for it. https://projects.puppetlabs.com/issues/8417 I would expect it to simulate the transaction with the db... I would too. It could for example warn if there's a conflict (redefinition of an exported resource) but it shouldn't commit resources to database. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
rvlinden wrote: I used to download the Puppet and Facter RHEL5 rpm packages from http://people.fedoraproject.org/~tmz/repo/puppet/epel/ but the latest version on that site is puppet 2.6.9 and facter 1.5.9. Does anyone know if this site is the still maintained ? or if there are other locations where the rpm's are published Yes, it's still maintained. I need to get puppet 2.6.x pushed into Feodra and EPEL stable repos before I want to push 2.7.x into the fedorapeople.org repos. I haven't had enough time the past few weeks to make that happen, so I'm a little behind. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Teach a man to make fire, and he will be warm for a day. Set a man on fire, and he will be warm for the rest of his life. -- John A. Hrastar pgpEfCWDclarK.pgp Description: PGP signature
Re: [Puppet Users] Re: how to write classes to install package from source
Thanks for the suggestions, they are going to be merged.
That's a define I did various years ago that actually has been useful in
various cases (I do agree that it's better to use packages, but sometimes
this is the quickest and saner approach).
Al
On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
command = mkdir -p $destination_dir ; cd
$destination_dir ; $extract_command $work_dir/$source_filename,
Nice. But I would suggest changing ';' to ''. That way, if the
mkdir or cd fail you don't end up
trying to extract the archive in the wrong directory.
command = mkdir -p $destination_dir cd $destination_dir
$extract_command $work_dir/$source_filename,
Also consider
unless = test -d ${destination_dir }/${extracted_dir},
or even better
creates = ${destination_dir }/${extracted_dir},
for the repetition guard.
--
vagn
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What is the best practice to clean up installed components on a node?
On Jul 13, 11:39 am, Darrell Fuhriman darr...@garnix.org wrote: I've always thought there should be an implicit X::disabled class that gets included for every host where X isn't included. Then if I create said class, it gets automatically executed on all hosts that don't include X. It is not practical to do this even at resource level, because for many resources it is unclear what the opposite resource would be. Exec resources are the canonical example (don't run is not at all the same thing as reverse the changes produced by running). There are in fact issues with most, if not all, resource types because Puppet does not keep track of the state before applying a resource. Even if Puppet *did* track prior state, there would still be an issue of choosing which of possibly many prior states to revert to. To do this at class level is worse, because in addition to not knowing how to reverse a class's resources, it is very difficult in the general case to determine even which resources would need to be reversed. Conditional statements, selectors, variables, virtual and exported resources, and class parameters are some of the many things that complicate the analysis. And even if all the above could somehow be satisfactorily resolved, there remains the problem that the concept is fundamentally flawed. Declining to include a class simply cannot reliably be interpreted as an intention to unmanage the resources managed by that class. As just one example, consider classes that are omitted because they are inapplicable to the node in question: maybe they are for a different OS than the node's, or maybe they are one of a series of alternative classes. Furthermore, that analysis ignores the question of whether the behavior described would be desirable even if it were possible. It would not be for me, as it would make writing classes a lot more difficult. I would have to be careful to write each class so that the automatic opposite would also work, and I am confident that that would not be trivial. As it is now, one still has to go through and add X::disabled to every host, which is largely defeating the purpose of having a X::disabled class in the first place. (That purpose, for those not paying attention, is to make sure that things are in a known state, including services *not* running where they shouldn't be.) I disagree. The purpose of having an X::disabled is to define what exactly you do want when you explicitly want to exclude X. Which nodes should have that state ensured is an entirely separate (and not clear-cut) question. Unmanaged may not be the state you want for certain resources, but it is not inherently undesirable for all resources. It is yet another separate question how to achieve the correct casses being included on each node. For example, if you want X to be disabled on every node where it is not enabled, then one alternative is to invert the class inheritence: class X defines the *disabled* state of X, and is included in a default node definition inherited by all other node definitions. Then a class X::enabled subclasses X and overrides resources as necessary to establish the enabled state; nodes that want X enabled include X::enabled. That avoids explicitly including a specific X class in every node declaration. Alternatively, the issue is easily addressed if you use an external node classifier. Or you can indeed put one of X and X::(enabled| disabled) in every node declaration if that is indeed what you want to do. Some would prefer the explicitness of that style. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade
Hi Trey,
same problem for me.. I've notice the problem on modules using
autoloading...
I think I will stick to version 2.6.9...
Gus
On Thu, Jul 14, 2011 at 8:57 AM, treydock treyd...@gmail.com wrote:
I think the way I posted the contents of the modules may have been
misleading, as I do actually have each class in it's own file so
kvm::host class has it's own host.pp file. So far I've actually
noticed this problem only on my modules that make use of the
autoloading, so each class in it's own *.pp file. Not all my modules
suffer from this, but that's one common thing among the ones that do
fail. I'm in the process of moving my other modules to that layout as
they currently have all classes in init.pp, but interestingly enough
none of those modules have had random failures.
- Trey
On Jul 13, 1:29 am, Peter Meier peter.me...@immerda.ch wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Is using an empty class in init.pp problematic ? All of these modules
worked just fine before going from 2.6.8 to 2.7.1.
I have no idea, whether this is the problem. But why do you do:
# manifests/init.pp
import classes/*.pp
class kvm {
}
# manifests/classes/host.pp
class kvm::host {
?
Why not just have one file manifests/host.pp that contains the kvm::host
class? Everything else is not really necessary.
Puppet has quite a powerfull autoloading feature of classes and I think
it can be seen as a general best practice to have one class in a file in
its corresponding path on the filesystem.
With your current way you would need a global import kvm, so that the
init.pp class is actually parsed, so that the files in classes/ are
imported.
If this is not the case and the kvm::host class is not in a file that
can be found by the autoloader it won't find the class.
This becomes even trickier as other hosts can now interfere which
classes are available while compiling the next hosts classes, as an
import statement might only have been executed if Host A is compiled and
only this would then make these imported classes that Host B requires
available.
Actually, I remember that the autoloader should also look into init.pp
for the kvm::host class. But it's possible that something like that
might have changed in 2.7. But I don't know it.
Due to these two reasones (magic availability of classes, possible
changes in how classes become available in 2.7) I would generally
recommend to *not* use import statements and instead use puppet's
autoloading feature. They're rather hard to debug.
~pete
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
iEYEARECAAYFAk4dOygACgkQbwltcAfKi39akACcCwslVzxzrTy3/H0r7kGyi4dB
M4gAn1LHtc/LGk7OtbVfDolhm5cXwm/p
=lWHm
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade
On Wed, Jul 13, 2011 at 2:26 PM, Gus gustavosoa...@gmail.com wrote: Hi! I've also noticed this (weird) behaviour. I am planning an (huge) upgrade (from 0.25.x to 2.7.1) in all my puppet's boxes... I've installed puppet's 2.7.1 gem and got a lot of Could not find class problem... and everything worked just fine with 0.25.x. So, I decided to uninstall the gem for version 2.7.1 and install puppet version 2.6.9. Everything worked just fine... no weird Could not find class problem... am I missing something? You need to give us a few more details. * name of the classes that are failing and succeeding autoloading * How you're declaring the classes (include vs parameterized class declaration) * the file paths that contain the classes that fail and succeed * some info about the modulepath for this environment. * whether you're using 'import' anywhere. Thanks in advance, Gus On Jul 13, 11:03 am, Nigel Kersten ni...@puppetlabs.com wrote: On Tue, Jul 12, 2011 at 11:29 PM, Peter Meier peter.me...@immerda.ch wrote: Puppet has quite a powerfull autoloading feature of classes and I think it can be seen as a general best practice to have one class in a file in its corresponding path on the filesystem. What he said. :) Life really does become a lot simpler if you avoid 'import' everywhere you can and just rely upon the class autoloader. -- Nigel Kersten Product Manager, Puppet Labs Twitter: @nigelkersten *Join us for **PuppetConf *http://www.bit.ly/puppetconfsig September 22nd and 23rd in Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Nigel Kersten Product Manager, Puppet Labs Twitter: @nigelkersten *Join us for **PuppetConf *http://www.bit.ly/puppetconfsig September 22nd and 23rd in Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
On 14 July 2011 15:00, Todd Zullinger t...@pobox.com wrote: rvlinden wrote: I used to download the Puppet and Facter RHEL5 rpm packages from http://people.fedoraproject.org/~tmz/repo/puppet/epel/ but the latest version on that site is puppet 2.6.9 and facter 1.5.9. Does anyone know if this site is the still maintained ? or if there are other locations where the rpm's are published Yes, it's still maintained. I need to get puppet 2.6.x pushed into Feodra and EPEL stable repos before I want to push 2.7.x into the fedorapeople.org repos. I haven't had enough time the past few weeks to make that happen, so I'm a little behind. How does this relate to yum.puppetlabs.com? That's where I installed 2.6.7 from. Thanks Chris -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to use notify to invoke something prior to a change
I have a Chicken and Egg scenario here and trying to come up with a
way to solve it.
I have a mount definition that manages mount points. The problem
arises when the mount point changes after it is in use. Case in
point, we have mount points for the mysql data and logs directories.
If we change the configuration of the mount (i.e. options) then Puppet
will unmount and remount the directory automatically. MySQL will not
be to happy with that.
So, what I want to do is to optionally pass the service name to the
define and to shut it down, but ONLY if the mount command detects a
change and mysql is running.
The problem I have is that if the mount command notifies shutdown,
then the shutdown happens to late and I only what to shutdown if mount
detects a change. It would be great if there was a pre-notify
option to force an exec to run beforehand.
I tried putting a Notify and Require from the mount to the stop
service exec but that causes a circular reference and just the require
in the mount does not trigger the stop service exec because of the
refreshonly=true which is necessary so that it doesn't always run.
Any thoughts?
Thanks, John
Here's what I have:
exec { stop service for remount $name:
onlyif = [test -f /etc/init.d/$service, service
$service status],
command = service $service stop,
refreshonly = true,
notify = Exec[restart service for remount $name],
}
# Mount the file system
mount { $name:
name= $mount_point,
ensure = mounted,
options = $options,
atboot = $atboot,
fstype = $fstype,
device = $device,
dump= 0,
pass= 0,
require = Exec[stop service for remount $name],
# notify = Exec[stop service for remount $name],
}
exec { restart service for remount $name:
command = service $service start,
refreshonly = true,
require = Mount[$name],
}
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.6.x fate
It was decided earlier this week that the 2.6 series will have it's last release at 2.6.10 (we're currently at 2.6.9). However, we are not doing a 2.6.10 RC/release this month. That will wait until August. If you have patches waiting on some final tweaks or any other work that you feel like just *has* to be in the 2.6 series, please get it filed with us ASAP. Right now the bug-fix list is not huge, and we're pretty happy about that. As always, if a security issue is discovered in 2.6.x, we will issue updates to fix those. Mike (You're coming to PuppetConf http://www.bit.ly/puppetconfsig right?) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: wrong nodes.pp being accessed by the client
Also you should specify the environments that the master supports: [master] # Environments that are defined for this PuppetMaster environments=development,main HTH, John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: how to write classes to install package from source
Hi guys,
Thanks a lot for the suggestions .
Regards
K.Karthikeyan
On Thu, Jul 14, 2011 at 7:33 PM, Al @ Lab42 lab42...@gmail.com wrote:
Thanks for the suggestions, they are going to be merged.
That's a define I did various years ago that actually has been useful in
various cases (I do agree that it's better to use packages, but sometimes
this is the quickest and saner approach).
Al
On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
command = mkdir -p $destination_dir ; cd
$destination_dir ; $extract_command $work_dir/$source_filename,
Nice. But I would suggest changing ';' to ''. That way, if the
mkdir or cd fail you don't end up
trying to extract the archive in the wrong directory.
command = mkdir -p $destination_dir cd $destination_dir
$extract_command $work_dir/$source_filename,
Also consider
unless = test -d ${destination_dir }/${extracted_dir},
or even better
creates = ${destination_dir }/${extracted_dir},
for the repetition guard.
--
vagn
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] LDAP ENC
Seems straight forward enough but I keep getting errors. On a client...
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed
when searching for node ubuntu5.ttinet: LDAP Search failed
on the puppet master...
puppet.conf [master]
# ENC (external node classificiations)
node_terminus = ldap
ldapnodes = true
ldapclassattrs = puppetclass
# LDAP
ldapserver = ubuntu.ttinet
ldapbase = ou=Hosts,dc=ttinet,dc=local
ldapuser = cn=admin,dc=ttinet,dc=local
ldappasswd =
ldapstring = ((objectclass=puppetClient)(cn=%s))
ldaptls = false
ldapssl = false
ldapport = 389
and this is a piece of cake from CLI
# ldapsearch -x '((objectclass=puppetClient)(cn=ubuntu5.ttinet))'
# extended LDIF
#
# LDAPv3
# base dc=ttinet,dc=local (default) with scope subtree
# filter: ((objectclass=puppetClient)(cn=ubuntu5.ttinet))
# requesting: ALL
#
# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu.ttinet
cn: ubuntu5.ttinet
puppetClass: baseclass
puppetClass: nginx::configure: {$fqdn}
puppetClass: nginx::vhost: {$fqdn: port = 80, ssl = false, priority = 10, p
assenger_enable = 'Yes', serveraliases = ['alias1', 'alias2']}
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
puppet 2.6.8
# ruby -rldap -e puts :installed
installed
ruby-ldap-ro is installed
--
Craig White ~~ craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com
Need help communicating between generations at work to achieve your desired
success? Let us help!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?
Puppet does not keep track of the state before applying a resource.
Even if Puppet *did* track prior state, there would still be an issue
of choosing which of possibly many prior states to revert to.
I'm not asking puppet to know what to do, which I agree is ridiculous. I'm
saying that if and only if I've defined X::disabled, automatically run it on
every host which does not include X. If X::disabled isn't defined, then don't
do anything. Probably a better way to think of it instead of X::disabled is
that for ever class X there is an implicitly defined not-X class, which is
empty until I define it. For example:
class webserver {
package {apache: ensure = installed}
service {apache: ensure = running}
}
class !webserver {
package {apache: ensure = absent}
}
class dnsserver {
[...]
}
node foo {
include webserver
}
node bar {
include dnsserver
}
On node bar, !webserver would get executed, but because I haven't defined
!dnsserver, node foo wouldn't do anything related to dnsserver.
As it is now, one still has to go through and add X::disabled to every host,
which is largely defeating the purpose of having a X::disabled class in the
first place. (That purpose, for those not paying attention, is to make sure
that things are in a known state, including services *not* running where
they shouldn't be.)
I disagree. The purpose of having an X::disabled is to define what
exactly you do want when you explicitly want to exclude X. Which
nodes should have that state ensured is an entirely separate (and not
clear-cut) question. Unmanaged may not be the state you want for
certain resources, but it is not inherently undesirable for all
resources.
I'm not sure I understand what you're saying here. It is perfectly reasonable
to want to ensure that things which aren't webservers are, in fact, not running
as webservers, If I want to leave a particular resource unmanaged, then just
don't put anything in the !X class (or the X class, for that matter). Maybe we
have different approaches to how we manage resources, but I genuinely can't
think of an example of where you would want some hosts to be X, some to be !X,
and some to be unknown, which is kind of what I think you're saying here,
because I can't think of anyway that unmanaged doesn't mean unknown.
Darrell
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet 2.6.x fate
On Thu, 14 Jul 2011 09:53:36 -0700, PBWebGuy wrote: Hi Mike, I wanted to comment on bug http://projects.puppetlabs.com/issues/7680 which is a regression introduced in 2.6.8. I recently ran into this issue and had to downgrade to 2.6.7 from 2.6.8. When I discovered the issue I tried upgrading to 2.6.9 and it was still an issue. The problem is simply that if the source points to a symlinked file, the md5 calculation fails. This bug has prevented me from moving forward and would love to see it get fixed. I wanted to vote on the bug but I have not figured out how to get some level of access to the bug tracking system. I also have a few other bugs that I would like to report but the process is not clearly documented. Thanks, John You should be able to vote on the issue once you've logged in. It shouldn't require any special permissions. I'm guessing you've already created an account on the Redmine instance[1]? As far as reporting other bugs: Once you've logged in, you should be able to click the New Issue link[2] when you're viewing the appropriate project. There isn't really much process around it. We appreciate if you check for a pre-existing ticket before filing a new one, but it's not like we'll get angry if you don't spot that it's duplicate. [1] https://projects.puppetlabs.com/account/register [2] https://projects.puppetlabs.com/projects/puppet/issues/new -- Jacob Helwig , | Join us for PuppetConf, September 22nd and 23rd in Portland, OR | http://bit.ly/puppetconfsig ` signature.asc Description: Digital signature
[Puppet Users] Re: puppetrun/puppet kick
Too stupid a question? (puppet kick seems to be identical to puppetrun command as discussed in Pro Puppet book) I spent enough time looking through puppet documentation and googling and couldn't solve it so I asked... On Jul 12, 2011, at 4:21 PM, Craig White wrote: Can't seem to make it work puppet 2.6.8 (client/server) # puppet kick -f ubuntu4.ttinet Triggering ubuntu4.ttinet Host ubuntu4.ttinet failed: Error 400 on SERVER: 'save ' is not an allowed value for method directive ubuntu4.ttinet finished with exit code 2 Failed: ubuntu4.ttinet root@ubuntu4:~# cat /etc/puppet/auth.conf path /run method save allow * root@ubuntu4:~# cat /etc/puppet/namespaceauth.conf [puppetrunner] allow * root@ubuntu4:~# grep listen /etc/puppet/* /etc/puppet/puppet.conf: listen = true -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetrun/puppet kick
On Tuesday, July 12, 2011 at 4:21 PM, Craig White wrote: Can't seem to make it work puppet 2.6.8 (client/server) # puppet kick -f ubuntu4.ttinet Triggering ubuntu4.ttinet Host ubuntu4.ttinet failed: Error 400 on SERVER: 'save ' is not an allowed value for method directive ubuntu4.ttinet finished with exit code 2 Failed: ubuntu4.ttinet root@ubuntu4:~# cat /etc/puppet/auth.conf path /run method save allow * root@ubuntu4:~# cat /etc/puppet/namespaceauth.conf [puppetrunner] allow * root@ubuntu4:~# grep listen /etc/puppet/* /etc/puppet/puppet.conf: listen = true It looks like you have a trailing space on your method save line, and Puppet is taking that to mean method save (note the space). Remove that and you should be okay. See ticket #5010. http://projects.puppetlabs.com/issues/5010 -- Craig White ~~ craig.wh...@ttiltd.com (mailto:craig.wh...@ttiltd.com) 1.800.869.6908 ~~~ www.ttiassessments.com (http://www.ttiassessments.com) Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] LDAP ENC
On Jul 14, 2011, at 1:16 PM, Craig White wrote: Seems straight forward enough but I keep getting errors. On a client... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed when searching for node ubuntu5.ttinet: LDAP Search failed Have you looked at the logs on the LDAP server to see if the connection is being made and what the results are? -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Seemingly random failures after 2.7.1 upgrade
Hi Nigel,
here we go...
* all my classes are included (I was still using 0.25.x...)
* In my $confdir/manifests/classes/roles I have a very generic class for all
puppet hosts declared as follow:
class role_puppet_common {
$role = puppet_common
include common
include puppet::common
include puppet::user
}
in $confdir/manifests/site.pp I have the following line...
[...]
import classes/roles/*
[...]
the weird Could not find class problem occurs for class puppet::common
my directory structure is as follow:
...
$confdir/modules/puppet/
$confdir/modules/puppet/manifests
$confdir/modules/puppet/manifests/init.pp
$confdir/modules/puppet/manifests/classes/
$confdir/modules/puppet/manifests/classes/common.pp
...
in $confdir/modules/puppet/manifests/init.pp I have:
import puppet/classes/*
and in $confdir/modules/puppet/manifests/classes/common.pp
class puppet::common {
...
}
* my modulepath declared in puppet.conf is as follow:
modulepath = /mnt/puppet/conf/modules:/mnt/puppet/othermodules
where /mnt/puppet/conf is set to $confdir.
That's it!
As I said before, when I downgraded to version 2.6.9 everything worked fine.
Thanks in advance,
Gus
On Thu, Jul 14, 2011 at 11:59 AM, Nigel Kersten ni...@puppetlabs.comwrote:
On Wed, Jul 13, 2011 at 2:26 PM, Gus gustavosoa...@gmail.com wrote:
Hi!
I've also noticed this (weird) behaviour. I am planning an (huge)
upgrade (from 0.25.x to 2.7.1) in all my puppet's boxes...
I've installed puppet's 2.7.1 gem and got a lot of Could not find
class problem... and everything worked just fine with 0.25.x.
So, I decided to uninstall the gem for version 2.7.1 and install
puppet version 2.6.9.
Everything worked just fine... no weird Could not find class
problem...
am I missing something?
You need to give us a few more details.
* name of the classes that are failing and succeeding autoloading
* How you're declaring the classes (include vs parameterized class
declaration)
* the file paths that contain the classes that fail and succeed
* some info about the modulepath for this environment.
* whether you're using 'import' anywhere.
Thanks in advance,
Gus
On Jul 13, 11:03 am, Nigel Kersten ni...@puppetlabs.com wrote:
On Tue, Jul 12, 2011 at 11:29 PM, Peter Meier peter.me...@immerda.ch
wrote:
Puppet has quite a powerfull autoloading feature of classes and I
think
it can be seen as a general best practice to have one class in a file
in
its corresponding path on the filesystem.
What he said. :)
Life really does become a lot simpler if you avoid 'import' everywhere
you
can and just rely upon the class autoloader.
--
Nigel Kersten
Product Manager, Puppet Labs
Twitter: @nigelkersten
*Join us for **PuppetConf *http://www.bit.ly/puppetconfsig
September 22nd and 23rd in Portland, Oregon, USA.
*
*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
Nigel Kersten
Product Manager, Puppet Labs
Twitter: @nigelkersten
*Join us for **PuppetConf *http://www.bit.ly/puppetconfsig
September 22nd and 23rd in Portland, Oregon, USA.
*
*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] LDAP ENC
On Jul 14, 2011, at 11:16 AM, Rob McBroom wrote:
On Jul 14, 2011, at 1:16 PM, Craig White wrote:
Seems straight forward enough but I keep getting errors. On a client...
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed when searching for node ubuntu5.ttinet: LDAP Search failed
Have you looked at the logs on the LDAP server to see if the connection is
being made and what the results are?
-
doesn't appear to actually do anything other than bind - I don't see the
results of any search operation when I run slapd trace level (-d 1)
slap_listener_activate(7):
slap_listener(ldap:///)
connection_get(18): got connid=1000
connection_read(18): checking for input on id=1000
ber_get_next
ber_get_next: tag 0x30 len 39 contents:
op tag 0x60, time 1310668120
ber_get_next
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
dnPrettyNormal: cn=admin,dc=ttinet,dc=local
dnPrettyNormal: cn=admin,dc=ttinet,dc=local, cn=admin,dc=ttinet,dc=local
do_bind: version=3 dn=cn=admin,dc=ttinet,dc=local method=128
send_ldap_result: conn=1000 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=53
ber_flush2: 67 bytes to sd 18
do_bind: v3 anonymous bind
slap_listener_activate(7):
slap_listener(ldap:///)
connection_get(19): got connid=1001
connection_read(19): checking for input on id=1001
ber_get_next
ber_get_next: tag 0x30 len 39 contents:
op tag 0x60, time 1310668120
ber_get_next
conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt (m}) ber:
dnPrettyNormal: cn=admin,dc=ttinet,dc=local
dnPrettyNormal: cn=admin,dc=ttinet,dc=local, cn=admin,dc=ttinet,dc=local
do_bind: version=3 dn=cn=admin,dc=ttinet,dc=local method=128
send_ldap_result: conn=1001 op=0 p=3
send_ldap_response: msgid=1 tag=97 err=53
ber_flush2: 67 bytes to sd 19
do_bind: v3 anonymous bind
^Cdaemon: shutdown requested and initiated.
connection_close: conn=1000 sd=18
connection_close: conn=1001 sd=19
and running slapd at -d 32 (filters) dead silence after startup and issuing
command from a client
;-(
This may have something to do with it... Puppet documentation on LDAP ENC says
ruby -rldap -e 'puts :installed'
If this returns installed then you can try:
ruby -rpuppet -e 'p Puppet.features.ldap?'
but the second fails - perhaps because I am using puppet 2.6.8 installed from
gem.
ruby: no such file to load -- puppet (LoadError)
# gem list --local | grep -e activeldap -e ruby-ldap
activeldap (3.1.0)
ruby-ldap (0.9.11)
Craig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] LDAP ENC
On Jul 14, 2011, at 2:41 PM, Craig White wrote: doesn't appear to actually do anything other than bind - I don't see the results of any search operation when I run slapd trace level (-d 1) It’s reporting error 53 when you bind, which is “unwilling to perform”. I think the only time I’ve seen that is using proxy authorization for chained updates (which are already proxied). But that wouldn’t explain this. It could be something with the access rules. For instance, my server won’t accept simple authentication unless TLS or SSL are used (but I had to explicitly configure that). Are you able to bind with that user from the command line? Or another approach: It looks like you were able to get the details for that host anonymously on the command-line. Is there any reason you want Puppet to authenticate when searching? -- Rob McBroom http://www.skurfer.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: how to write classes to install package from source
Use fpm http://github.com/jordansissel/fpm
On Jul 14, 2011 10:08 AM, KarthiKeyan. Kesavan ksd@gmail.com wrote:
Hi guys,
Thanks a lot for the suggestions .
Regards
K.Karthikeyan
On Thu, Jul 14, 2011 at 7:33 PM, Al @ Lab42 lab42...@gmail.com wrote:
Thanks for the suggestions, they are going to be merged.
That's a define I did various years ago that actually has been useful in
various cases (I do agree that it's better to use packages, but sometimes
this is the quickest and saner approach).
Al
On Wednesday, July 13, 2011 8:53:33 AM UTC+2, vagn wrote:
On 07/12/2011 06:19 AM, Al @ Lab42 wrote:
command = mkdir -p $destination_dir ; cd
$destination_dir ; $extract_command $work_dir/$source_filename,
Nice. But I would suggest changing ';' to ''. That way, if the
mkdir or cd fail you don't end up
trying to extract the archive in the wrong directory.
command = mkdir -p $destination_dir cd $destination_dir
$extract_command $work_dir/$source_filename,
Also consider
unless = test -d ${destination_dir }/${extracted_dir},
or even better
creates = ${destination_dir }/${extracted_dir},
for the repetition guard.
--
vagn
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/EjT5lFqc31MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] facts_terminus = rest
Anyone using this? I'm trying to setup a separate inventory server for multiple puppet masters to report back. For testing purposes I have in my auth.conf: path /facts auth any method find, search allow * Then on the slave puppet masters I have in the puppet.conf [master] section: facts_terminus = rest inventory_server = SERVER.DOMAIN.BLAH inventory_port = 8140 Then when I run I puppet agent --test, I simply get the following: err: Could not retrieve catalog from remote server: Error 400 on SERVER: certificate verify failed Throwing the puppet master into debug mode and I see the exact same error w/o anything else. I can't seem to find any documentation on this sans the standard: http://docs.puppetlabs.com/guides/inventory_service.html I saw a previous mention about a possible bug on the mailing list here: http://groups.google.com/group/puppet-users/browse_thread/thread/682402305dc01ea9 But never saw anything else .. :-( Does the master fact server need to be a certificate authority as well? -- I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time... like tears in rain... Time to die. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What is the best practice to clean up installed components on a node?
On Jul 14, 12:16 pm, Darrell Fuhriman darr...@garnix.org wrote:
Puppet does not keep track of the state before applying a resource.
Even if Puppet *did* track prior state, there would still be an issue
of choosing which of possibly many prior states to revert to.
I'm not asking puppet to know what to do, which I agree is ridiculous. I'm
saying that if and only if I've defined X::disabled, automatically run it on
every host which does not include X. If X::disabled isn't defined, then don't
do anything. Probably a better way to think of it instead of X::disabled is
that for ever class X there is an implicitly defined not-X class, which is
empty until I define it. For example:
class webserver {
package {apache: ensure = installed}
service {apache: ensure = running}}
class !webserver {
package {apache: ensure = absent}}
class dnsserver {
[...]
}
node foo {
include webserver}
node bar {
include dnsserver
}
On node bar, !webserver would get executed, but because I haven't defined
!dnsserver, node foo wouldn't do anything related to dnsserver.
That still isn't sensible. It simply is not safe to assume that the
absence of class X in a node's catalog is a signal that X::disabled
should be included in that catalog. For instance, suppose I have a
pair X, X::disabled of classes specific to OS X. I don't want *either
one* on my CentOS boxes.
Consider also what happens when X, Y, X::disabled, and Y::disabled all
exist, and Y::disabled includes X. Suppose that after Puppet's initial
pass to choose which classes to include, it sees that neither X nor Y
is included, so it adds X::disabled and Y::disabled. But Y::disabled
includes X, so X::disabled shouldn't be included after all! Or should
it?
As it is now, one still has to go through and add X::disabled to every
host, which is largely defeating the purpose of having a X::disabled class
in the first place. (That purpose, for those not paying attention, is to
make sure that things are in a known state, including services *not*
running where they shouldn't be.)
I disagree. The purpose of having an X::disabled is to define what
exactly you do want when you explicitly want to exclude X. Which
nodes should have that state ensured is an entirely separate (and not
clear-cut) question. Unmanaged may not be the state you want for
certain resources, but it is not inherently undesirable for all
resources.
I'm not sure I understand what you're saying here. It is perfectly reasonable
to want to ensure that things which aren't webservers are, in fact, not
running as webservers,
No argument there.
If I want to leave a particular resource unmanaged, then just don't put
anything in the !X class (or the X class, for that matter).
Fair enough. Your clarification of how you imagined the feature
working clears up that bit.
Maybe we have different approaches to how we manage resources, but I
genuinely can't think of an example of where you would want some hosts to be
X, some to be !X, and some to be unknown, which is kind of what I think
you're saying here, because I can't think of anyway that unmanaged doesn't
mean unknown.
Classes specific to a particular OS are such an example with respect
to nodes running a different OS. Dev and test boxes present a wide
variety of examples where looser management of some resources may be
desired than for production boxes.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] More ENC / LDAP difficulty
Ignoring my inability to authenticate for the time being, if I define classes
in LDAP, it seems that doesn't work:
# ubuntu5.ttinet, Hosts, ttinet.local
dn: cn=ubuntu5.ttinet,ou=Hosts,dc=ttinet,dc=local
objectClass: device
objectClass: top
objectClass: puppetClient
objectClass: ipHost
ipHostNumber: 10.1.1.13
environment: production
cn: ubuntu5.ttinet
parentNode: baseclass
puppetClass: etc
puppetClass: apt
puppetClass: apt::get_update
puppetClass: subversion
puppetClass: mongodb
puppetClass: gems::passenger
puppetClass: apache::service
puppetClass: apache::install
puppetClass: prerequisite::apache
puppetClass: prerequisite::compiler
puppetClass: prerequisite::compression
puppetClass: prerequisite::ssl
and a puppet apply comand on this client spits out...
info: Applying configuration version '1310682102'
err: /Stage[main]/Mongodb::Service/Service[mongodb]: Could not evaluate: Could
not find init script for 'mongodb'
err: /Stage[main]/Apache::Service/Service[apache2]: Could not evaluate: Could
not find init script for 'apache2'
notice: Finished catalog run in 0.43 seconds
It seems to completely ignore 'require' items - for example, apache2 and
mongodb init scripts are not there because the package needs to be installed
before the service is run (obviously)
but the 'require' functions work fine if I comment out the enc/ldap setup and
go back to my flat file configuration and don't change a single manifest file...
(from nodes.pp)
node 'ubuntu5.ttinet' {
include baseclass
include everyone_but_puppetmaster
include mongodb
include nginx_server
}
(from templates.pp)
class nginx_server {
include gems::passenger
include prerequisite::compiler
include prerequisite::compression
include prerequisite::ssl
}
class everyone_but_puppetmaster {
include etc
include mod_puppet
include apt::updates
}
info: Applying configuration version '1310682488'
notice: /Stage[main]/Nginx::Install/File[/etc/init.d/nginx]/ensure: defined
content as '{md5}a0a5d4b2974a6903f62b417d313f25b8'
info: /Stage[main]/Nginx::Install/File[/etc/init.d/nginx]: Scheduling refresh
of Service[nginx]
notice: /Stage[main]/Nginx::Install/Exec[Installing nginx via
passenger]/returns: executed successfully
notice: /Stage[main]/Nginx::Install/File[/opt/nginx/sites]/ensure: created
notice:
/Stage[main]//Node[ubuntu5.ttinet]/Nginx::Vhost[test5.ttinet]/File[/opt/nginx/sites/11-test5.ttinet]/ensure:
defined content as '{md5}dd8587e4c99f91c5857ec6f9b8e31e83'
info:
/Stage[main]//Node[ubuntu5.ttinet]/Nginx::Vhost[test5.ttinet]/File[/opt/nginx/sites/11-test5.ttinet]:
Scheduling refresh of Service[nginx]
notice: /Stage[main]/Nginx::Service/Service[nginx]/ensure: ensure changed
'stopped' to 'running'
notice: /Stage[main]/Nginx::Service/Service[nginx]: Triggered 'refresh' from 2
events
notice: /Stage[main]/Mongodb::Install/Package[mongodb-10gen]/ensure: ensure
changed 'purged' to 'present'
info: /Stage[main]/Mongodb::Install/Package[mongodb-10gen]: Scheduling refresh
of Service[mongodb]
notice: /Stage[main]/Mongodb::Service/Service[mongodb]/enable: enable changed
'false' to 'true'
notice: /Stage[main]/Mongodb::Service/Service[mongodb]: Triggered 'refresh'
from 1 events
notice: Finished catalog run in 5.89 seconds
I'm on puppet 2.6.8 and by all readings of the web site and Pro Puppet, I
should not be having these problems with ENC on LDAP
I gave up on trying to 'chain' using parentnode in LDAP because that simply
hasn't worked and tried to simplify things but still...
--
Craig White ~~ craig.wh...@ttiltd.com
1.800.869.6908 ~~~ www.ttiassessments.com
Need help communicating between generations at work to achieve your desired
success? Let us help!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?
That still isn't sensible. It simply is not safe to assume that the
absence of class X in a node's catalog is a signal that X::disabled
should be included in that catalog. For instance, suppose I have a
pair X, X::disabled of classes specific to OS X. I don't want *either
one* on my CentOS boxes.
Fair enough. I habitually write classes with something like:
class foo {
case $operatingsystem {
default: { fail (X is not implemented for $operatingsystem) }
centos {[...]}
darwin: {[...]}
}
[]
}
So your scenario wouldn't affect me anyway. But I'm anal-rententive that way. I
can't imagine why you *wouldn't* do that if you're going to be running on more
than one platform.
I actually wish puppet had a 'confine' parameter for classes like it does for
custom facts. It would make it easier to avoid shooting yourself in the foot.
class foo {
confine $kernel = ['Linux', 'Darwin']
}
Anyway, it's a problem, yes, but not an insurmountable one.
Consider also what happens when X, Y, X::disabled, and Y::disabled all
exist, and Y::disabled includes X. Suppose that after Puppet's initial
pass to choose which classes to include, it sees that neither X nor Y
is included, so it adds X::disabled and Y::disabled. But Y::disabled
includes X, so X::disabled shouldn't be included after all! Or should
it?
Well, in that situation the right answer would be that only X is included. How
much work that is to implement in the current puppet parser, I have no idea.
But that's irrelevant to the question at hand.
Plus, why the hell would anyone want to do that? If you put includes into your
!X classes, you've clearly failed to understand the concept and should be taken
far away from any keyboards and put into a systems administration re-education
camp. I'd go so far as to say that any !X class could not include another class
at all. (And obviously !X classes could not be included explicitly anywhere,
since that's also fundamentally missing the point.)
Maybe we have different approaches to how we manage resources, but I
genuinely can't think of an example of where you would want some hosts to be
X, some to be !X, and some to be unknown, which is kind of what I think
you're saying here, because I can't think of anyway that unmanaged doesn't
mean unknown.
[...] Dev and test boxes present a wide
variety of examples where looser management of some resources may be
desired than for production boxes.
*shudder* Down that path lies madness, if you ask me. To my mind, either
something's managed or it isn't – there is no alternative that doesn't end in
tears. But again, these things are easily solved by saying something like:
class !foo {
case $environment {
default: { #do nothing }
production: { # do stuff }
}
}
Because then at least you're forced to be explicit about what your management
policy is, even if that policy is we let dev machines do whatever they want to
service foo.
But that's because I want the puppet configs to be the first (and ideally only)
place I need to go to find out what a given system's state is. That's why I
automate in the first place. It's also the basis for my wanting a !X class –
because currently I have no easy way of knowing if node Y is running a
webserver or not without logging into it and checking. If I had a !webserver
class, I could feel confident that node Y is not a webserver just by looking at
the puppet configs.
That's good for security, good for auditing, good for performance, and good for
piece of mind. :)
Darrell
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Problem to start puppet
Hello Im following this guide http://aaronwalrath.wordpress.com/2010/09/03/installing-and-configuring-puppet-on-centos-linux/ (running centos 5.6). But when i try puppetmasterd --verbose --no- daemonize on the supposed server machine it only prints (like cat) / etc/puppet/puppet.conf. in the terminal and nothing more. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 2.7.x and Facter 1.6 packages for Redhat/CentOS 5
I have builds of facter 1.6 and puppet 2.7.2 for EL 5 and 6 available http://stahnma.fedorapeople.org/puppetlabs/ I'm working on Fedora 14/15 builds currently also. These also are not currently signed, and there is no stahnma-repo rpm or anything like that. I'm basically just trying scratch an itch a few people have. This won't be a permanent location. We are working on updating and official puppet labs repository as well. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Using puppet to import database on client side
Hi guys I have database dump available on pastebin/exzxzxz I want the puppet server to download the dump from pastebin and store it at a fixed location(suppose /home/dump) and then open mysql on the client side(mysql is installed on the client) and run the import command so that the downloaded dump is used to make a database on the client . Please help guys. Both client and server are Ubuntu 10.04. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Hi Guyz, After lot of changes, I finally found out the solution for the problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet file. Once I removed this file everything works perfectly. Apparently this file I guess overrides the commandline flags I give to puppetd when starting it up like this usr/sbin/puppetd --certname=xxx.xx -- logdest=/var/log/cloud/puppet/puppet.log when I did a ps aux | grep puppet, I found that the puppet process eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd -logdest=/var/log/puppet/puppet.log the certname option was totally ignored here also note that the log is actually stored under /log/puppet. I still do not understand how this file could affect the hostname for certificate creation strangely things are working perfectly now even when I do not force the puppetd with the --certname flag. Thanks, Sriramu On Jul 1, 9:02 pm, Sriramu Singaram sriramus@gmail.com wrote: Thank you very much for the reply Guyz. I really appreciate it. I am working on CentOS and as suggested I tried turning off the nscd service with no success. I am curently working setting the hostname in the different configuration files, hope it works. will keep you guys posted. Thanks,Sriramu On Jul 1, 9:01 am, jcbollinger john.bollin...@stjude.org wrote: On Jun 30, 10:57 am, Nigel Kersten ni...@puppetlabs.com wrote: As an aside that really isn't that relevant to the OP, I've had good success with nsscache in the past. http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache That's cool. I'll have to study it is a possible solution for some of my current problems, such as laptops that can't reach our name services when they're off our internal network. Thanks! John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet agent creates certificates for localhost.localdomain and does not pick up the changed hostname
Also, I did not have to modify any of the other files like /etc/hosts or /etc/sysconfig/network. Thanks, Sriramu On Jul 14, 5:47 pm, Sriramu Singaram sriramus@gmail.com wrote: Hi Guyz, After lot of changes, I finally found out the solution for the problem, it was the /etc/sysconfig/puppet and /etc/logrotate.d/puppet file. Once I removed this file everything works perfectly. Apparently this file I guess overrides the commandline flags I give to puppetd when starting it up like this usr/sbin/puppetd --certname=xxx.xx -- logdest=/var/log/cloud/puppet/puppet.log when I did a ps aux | grep puppet, I found that the puppet process eventually ran with different settings: /usr/bin/ruby usr/sbin/puppetd -logdest=/var/log/puppet/puppet.log the certname option was totally ignored here also note that the log is actually stored under /log/puppet. I still do not understand how this file could affect the hostname for certificate creation strangely things are working perfectly now even when I do not force the puppetd with the --certname flag. Thanks,Sriramu On Jul 1, 9:02 pm,SriramuSingaram sriramus@gmail.com wrote: Thank you very much for the reply Guyz. I really appreciate it. I am working on CentOS and as suggested I tried turning off the nscd service with no success. I am curently working setting the hostname in the different configuration files, hope it works. will keep you guys posted. Thanks,Sriramu On Jul 1, 9:01 am, jcbollinger john.bollin...@stjude.org wrote: On Jun 30, 10:57 am, Nigel Kersten ni...@puppetlabs.com wrote: As an aside that really isn't that relevant to the OP, I've had good success with nsscache in the past. http://code.google.com/p/nsscache/wiki/MotivationBehindNssCache That's cool. I'll have to study it is a possible solution for some of my current problems, such as laptops that can't reach our name services when they're off our internal network. Thanks! John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ANNOUNCE: Puppet Dashboard 1.2rc1
This a feature release candidate of Puppet Dashboard. This release is available for download at: http://downloads.puppetlabs.com/dashboard/ We have included Debian and RPM packages as well as a tarball. See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.2rc1 http://projects.puppetlabs.com/projects/dashboard Highlights Include: * Moved to Apache 2.0 License * LOTS of UI improvements * Updated version of Rails * Now Requires Ruby 1.8.7 * Has Delayed Jobs (puppet-dashboard-workers) for async actions * Several performance improvements More Details === d389d8b (#7568) Relicense to Apache-2.0 License 57d0122 (#8276) Remove MaRuKu dependency a44d9ff (#8262) Show node groups even when node classification is disabled 3996b29 (#8262) Create callbacks for each section of node_classification partial 5dac13a (#8199) Move 'failed' resources to the top when viewing report events 2a3a73c (#7967) Improved user-facing design for delayed job warnings c78b85a (#8266) Back-end logic for splitting read and unread DJ failures. 15bba31 (#8121) Properly generate CSS from SASS in production. a9abf41 (#8101) Updated to new version of Tipsy plugin 9cb5e55 (Maint) More generalized tabbed interface fbe11aa (#8196) Adjust content width based on body classes. e756c25 (#8196) Add a body class describing sidebar state. 23cbef1 (#8196) Clean up body class manipulation. 3670e2b (#8146) Change default DASHBOARD_URL in external_node to localhost 81ec3c0 (#8090) Update .gitignore to ignore plugin files 6f117fc (#8022) Don't fail when installing plugin without `public` directory 07a9407 (#8022) Create a hook for plugins to add items to head in layout 64be352 (#7967) Add default value for read column of delayed_job_failures 240c548 (#7967) Infrastructure for displaying background failures. 8038cce (#7389) Don't auto-start DelayedJob workers. 933ae04 (#7389) Cheaper unique filenames for spooled reports. b4384eb (#7398) Support externally managed DelayedJob workers. 184e65b (#7689) Rake task to support parallel report POSTing. 2333c08 (#5947) Rename Destroy button to Delete 2fb0ac1 (#7976) Fixed static debug data in view 393970d (#7976) Node filter links in sidebar work in all cases 4ba3d23 (#7398) Configurable DelayedJob worker count. e839884 (#7938) Delayed import from file, not YAML string. d24c323 (#7973) Refactor colors for changed/unchanged 58c2b52 (#7398) Use DelayedJob for background processing. 6aefc60 (#7938) Add daemons gem to support DelayedJob 7395369 (#7398) Vendor DelayedJob for background tasks. 05040d9 (#7958) Allow plugins to add top level navigation c4d2f26 (#7597) Better integration of node summaries 4ad9cbc (#7913) Upgrade rspec and rspec-rails vendored gems c09b650 (#7913) Fix tap deprecation warning d88da0e (#7913) Update README to say we only support Ruby 1.8.7 acdc31f (#7913) upgrade will_paginate gem to avoid deprecation warnings e935b8d (#7913) vendor newer version of RDoc ce9be98 (#7913) Fix deprecation warning for config.load_paths dd8f277 (#7913) Upgrade vendored haml gem and vendor sass dd88d74 (#7913) vendor json_pure since it was an undocumented dependency 789c1b7 (#7913) Upgrading from Rails 2.3.4 to 2.3.12 060799f (#7597) Reformat node view CSV link 3726771 (#7280) Edit outdated information about the inventory service a02113a (#7597) Change empty tab display, report tab ordering, link expansion b62bf4c (#7597) Add count to pagination link, fix duplicate tags 9f06f58 (#7597) Display only relevant columns in node tables 96bb99c (#7597) Add help link to node summary. 95f870e (#6992) Add totals row for resource status counts to node view 44a145c (#7544) Group report resources by status c2e2c63 (#7840) Increase consistency of status definitions and remove old code dd5e610 (#7674) Add pending to the run status stacked bar graph a58d06d (#6992) Show a summary of nodes x resources on home page. 9d71cd2 (#7630) Denormalize ResourceStatus status and count calculations 6e03872 (#6528) Cleanup implementation of `::words`. 2b53c29 (#6528) Remove hideous Array monkeypatch. 0312ea2 (#7007) Stream node CSV download 87b3e91 (#7007) Add a link to the home page to download nodes in CSV 1af5e86 (#7007) Add support for CSV to nodes index 2829a8b (#7007) Add custom CSV output for nodes with resources 11aa643 (#7007) Use a custom property list for ResourceStatus.to_csv fc0fe85 (#7007) Add support for CSV output d2184e4 (#7537) Use #titleize for report tab names. 12b035d (#7537) Add reasonable defaults for report tab names. b230077 (#7560) Clean up the Dashboard index for 0 nodes. 6fe8513 (#6991) Add the Node Status summary graph. 8e70035 (#6991) Massage Node named scopes. 57d6b6b (#6991) Cleanup of excessively long lines. db61b1b (#6537) Add a pending scope to nodes 552c760 (#5126) Support HTTP basic auth in bin/external_node a85c681 (#6537) Add a pending scope to nodes
[Puppet Users] new variable scoping in templates
hi,
What's the best way to refer variables which pass as defined resource
parameter
from template erbs?
I've been made many modules which has resource definitions containing
file templating.
After I upgrade my puppet version to 2.7.0rc (debian experimental),
I'm getting many
warnings Dynamic lookup is deprecated. Support will be removed in
Puppet 2.8..
I can surpress this warnings with rewriting from:
%= some_arg %
to:
%= scope.to_hash.fetch('some_arg') %, but this should be bad way
because
it seems ugly and meaningless.
(It's not an explicit scope declaration, simply variable-syntax
longed...)
regards,
--
KURASHIKI Satoru
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: What is the best practice to clean up installed components on a node?
You never heard of nmap, eh? If you want to start talking about security and auditing, that's a whole other can of worms. It's a bad idea to assume that Defined State and Actual State will match. Anyway, I think you're forgetting that node state in Puppet is explicit by nature. What you're asking for defies this. If your node changes roles, reinstall the OS. On Thu, Jul 14, 2011 at 4:48 PM, Darrell Fuhriman darr...@garnix.orgwrote: But that's because I want the puppet configs to be the first (and ideally only) place I need to go to find out what a given system's state is. That's why I automate in the first place. It's also the basis for my wanting a !X class – because currently I have no easy way of knowing if node Y is running a webserver or not without logging into it and checking. If I had a !webserver class, I could feel confident that node Y is not a webserver just by looking at the puppet configs. That's good for security, good for auditing, good for performance, and good for piece of mind. :) Darrell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facts_terminus = rest
I personally couldn't get it to work (no facts in Dashboard), but only spent a short amount of time on it. On Thu, Jul 14, 2011 at 1:50 PM, Glenn Bailey replic...@dallaslamers.orgwrote: Anyone using this? I'm trying to setup a separate inventory server for multiple puppet masters to report back. For testing purposes I have in my auth.conf: path /facts auth any method find, search allow * Then on the slave puppet masters I have in the puppet.conf [master] section: facts_terminus = rest inventory_server = SERVER.DOMAIN.BLAH inventory_port = 8140 Then when I run I puppet agent --test, I simply get the following: err: Could not retrieve catalog from remote server: Error 400 on SERVER: certificate verify failed Throwing the puppet master into debug mode and I see the exact same error w/o anything else. I can't seem to find any documentation on this sans the standard: http://docs.puppetlabs.com/guides/inventory_service.html I saw a previous mention about a possible bug on the mailing list here: http://groups.google.com/group/puppet-users/browse_thread/thread/682402305dc01ea9 But never saw anything else .. :-( Does the master fact server need to be a certificate authority as well? -- I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time... like tears in rain... Time to die. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Using puppet to import database on client side
Guys somebody please help On Jul 14, 5:32 pm, newguy aimanparv...@gmail.com wrote: Hi guys I have database dump available on pastebin/exzxzxz I want the puppet server to download the dump from pastebin and store it at a fixed location(suppose /home/dump) and then open mysql on the client side(mysql is installed on the client) and run the import command so that the downloaded dump is used to make a database on the client . Please help guys. Both client and server are Ubuntu 10.04. Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
