[Puppet Users] copying files to the agent that matched hostname
Dear all, I need to copy some files to the various clients in some logical way. The files are named in this way: farm001-cert.pem, where the forst part of the name (i.e. nfarm001) is the name of host where it should be copied. How can I do that? Any help greatly appreciated. Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] using host resource with hiera data source
On Mon, Aug 15, 2011 at 10:47:05AM -0700, Nan Liu wrote:
On Sun, Aug 14, 2011 at 10:18 AM, Alex L. Demidov
alexeydemi...@gmail.com wrote:
I'm trying to implement /etc/hosts handling using hiera as data
source, but my current implementation requires data duplication
because I could pass only array of strings as $name to host resource.
Is there any way to avoid such data duplication? Or maybe it is
possible to use templates but keep ability to have local modifications
to /etc/hosts file?
class hosts ($hosts = hiera(hosts), $hostsdefs =
hiera(hostsdefs)) {
define hostentry( ) {
host{ $name: ip = $hostsdefs[$name][ipaddress],
host_aliases = $hostsdefs[$name][host_aliases] }
}
hostentry{ $hosts: }
}
common.yaml
hosts:
- host1.example.com
- host2.example.com
hostsdefs:
host1.example.com:
ipaddress: 10.0.0.1
host_aliases: host1
host2.example.com:
ipaddress: 10.0.0.2
host_aliases: host2
Write a puppet function that returns hash key as an array and you can
avoid this data duplication.
Thanks for suggestion. While looking for documentation about how to
create custom function I've spotted that there is already exists
`create_resources` function and using this function I was able to
replace my code above with following:
class hosts ($hosts = hiera_hash(hosts)) {
create_resources( 'host', $hosts )
}
# using hiera_hash allows merging data from different yaml files but
# requires hiera 0.2.1
common.yaml
hosts:
host1.example.com:
ip: 10.0.0.1
host_aliases: host1
host2.example.com:
ip: 10.0.0.2
host_aliases: host2
There is only one drawback with this solution - it is impossible to
have multiple lines in /etc/hosts with same hostname like this:
127.0.0.1 localhost
::1 localhost
--
Alex L. Demidov (ALD9-RIPE).
http://alexeydemidov.com/
Freelance Consulting.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Notify/Require in config tests
Thanks for your response. Having before in the configtest exec and
notify in the dhcpd service causes an error about a circular dependency.
Dropping the notify but keeping the before makes the order work
properly, but the configtest doesn't get triggered when the service
restarts.
Is there a way to trigger the test when and only when the service
restarts, and guaranteed before the service restarts?
The only other idea I've had is to trigger the notify from the File
declaration of the config file. This isn't really practical for me
because some of my daemons have 20+ config files.
Thanks,
Jonathan
On 15/08/11 23:00, Denmat wrote:
Hi,
A couple of ways come to mind. Use the 'before' metaparameter in your
configtest exec.
You can use ordering syntax '-' between your resources, see
http://docs.puppetlabs.com/guides/language_guide.html#chaining-resources
See this for a complete overview:
http://docs.puppetlabs.com/learning/ordering.html
Cheers,
Den
On 15/08/2011, at 23:29, Jonathan Gazeleyjonathan.gaze...@bristol.ac.uk
wrote:
Hi all,
I'm trying to set up a routine in puppet where if a service is scheduled for a
restart, eg because of new configs, then a config test is executed first. If
the config test fails, the service is not restart (and so keeps running with
the old config, rather than stopping and causing an outage).
So far I've tried this kind of thing:
# DHCP service
service { dhcpd:
require = [ File[dhcpd.conf], Package['dhcp'] ],
ensure = running,
enable = true,
hasstatus = true,
hasrestart = true,
notify = Exec['dhcpd-config-test'],
}
# This exec tests the dhcpd config and fails if it's bad
exec { dhcpd-config-test:
command = '/etc/init.d/dhcpd configtest 21 | grep Syntax: OK | wc -l',
returns = 0,
refreshonly = true
}
In this context, is it better to use notify or require in the service declaration? Using
only notify seems to not care about the order, and sometimes the
dhcpd-config-test is executed *after* the dhcpd service has already been restarted, which
is useless.
Using only require doesn't always trigger dhcpd-config-test when dhcpd
restarts.
Is there a better way of reliably triggering a config test before the service
restarts, but only when it restarts, and then failing if necessary?
Thanks,
Jonathan
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Nagios hostgroups
Righto. The puppetmaster is 0.25.5-1.el5 on CentOS 5, while the puppet client is 0.25.5-1.el6 on CentOS 6. I'm aware this version is quite old now, but it looks like a significant amount of trouble to package a newer version for deployment via RPM along with its various dependencies. I'm successfully using exported resources in several places, for Nagios and for other things. My @@nagios_host, @@nagios_service and @@nagios_hostgroup all work on any host and the entries show up in my storeconfigs database. In the manifest that is applied to the nagios server, I am using the following lines to realise these resources: Nagios_host|| Nagios_service|| Nagios_hostextinfo|| Nagios_servicedependency|| Nagios_contact|| Nagios_command|| Nagios_servicegroup|| Nagios_hostgroup|| There's nothing more than this. All of these realisations work, except Nagios_hostgroup. The other realisations write out /etc/nagios/nagios_host.cfg and similar files, while the Nagios_hostgroup one produces no output. As I mentioned in my last email, no errors are reported in the puppet log on either the puppetmaster or the client, hence I'm a bit stuck debugging, with nothing to go on. Thanks, Jonathan On 15/08/11 21:53, Denmat wrote: Hi, http://docs.puppetlabs.com/guides/exported_resources.html You will need to include more detail for further help, like version of puppet and a snippet of how you are realizing them. Do any other exported resources work in your manifest? Cheers, Den On 16/08/2011, at 2:08, key...@gmail.com wrote: Sent from my Verizon Wireless BlackBerry -Original Message- From: Jonathan Gazeleyjonathan.gaze...@bristol.ac.uk Sender: puppet-users@googlegroups.com Date: Mon, 15 Aug 2011 17:03:02 To: Puppet Userspuppet-users@googlegroups.com Reply-To: puppet-users@googlegroups.com Subject: [Puppet Users] Nagios hostgroups Hi all, I'm using various exported resources for Nagios, including @@nagios_host, @@nagios_service and others. Elsewhere in my manifest I am using all of these commands to realise the resources on my Nagios server. All of these commands work fine except for Nagios_hostgroup which does not produce the file, as expected. Nagios_host|| Nagios_service|| Nagios_hostextinfo|| Nagios_servicedependency|| Nagios_contact|| Nagios_command|| Nagios_servicegroup|| Nagios_hostgroup|| There's nothing in the puppet log either on the puppetmaster or my Nagios server. Any ideas why this realisation isn't working, or where I should to debug it? Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] question about tags
According to the docs, you can specify tags on the command line and in the puppet.conf but can you specify them in something like the nodes.pp on the puppetserver. Interested to see if the tags can be managed from a central spot Thanks Harold -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] question about tags
Hi Harold,
On 08/16/2011 01:56 PM, Harold Ditchfield wrote:
According to the docs, you can specify tags on the command line and in the
puppet.conf but can you specify them in something like the nodes.pp on the
puppetserver. Interested to see if the tags can be managed from a central spot
Thanks
Harold
Every class is also usable as tag:
e.g.
class ssh { ... }
the string ssh can be used as tag.
I have not yet used tags in nodes.pp.
Kind regards,
Martin
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] mount remounts not working
Hi all,
I have some code like:
{
'/srv/cloud' :
name = '/srv/cloud/' ,
atboot = true ,
device = 'iscsidisk01.domain.org:/volumes/POOL/one' ,
fstype = 'nfs' ,
remounts = true ,
options = 'defaults' ,
ensure = 'mounted' ,
require = File['/srv/cloud'] ;
}
So I'd like to use remount at mount time, but puppet does:
Execution of '/bin/mount -o defaults /srv/cloud/' instead of:
/bin/mount -o remount /srv/cloud/
and that make puppet fail.
Am I miss-understanding remount option? is there any problem with it?
$rpm -qa|grep puppet
puppet-2.6.8-1.el6.noarch
$cat /etc/redhat-release
Scientific Linux release 6.0 (Carbon)
TIA,
Arnau
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Corrupted inventory.txt - how to rebuild?
0x is typically the CA cert, was the inventory.txt file blank when this occurred? If you have all the certificates, you can use puppet cert -pa and extract the serial number, date, and CN info. I'm not sure if there's an automated way using openssl commands. This might be reasonably close (output should be sorted by serial number): Here's the problem as I understand it. We have several puppetmaster servers, due to the large number of clients and networks that need to be supported. We synchronize SSL certs between load balanced hosts using rsync. Somehow or other we occasionally end up getting a host in the inventory.txt file with 0x serial number. Unfortunately this seems to reset the counter and new hosts will end up with duplicate serials to other hosts previously listed in the file. How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Random error in the recovery catalog
Hello, I just set up Puppet / Passenger by following the documentation. For servers already authenticated key I do not encounter problems, but for new I have these errors: pre root@server2:~# puppetd --test --no-daemonize info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://PUPPETMASTER.fqdn/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed /pre Also, I get a new type of error by mail: pre Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog from remote server: Error 414 on SERVER: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title414 Request-URI Too Large/title /headbody h1Request-URI Too Large/h1 pThe requested URL's length exceeds the capacity limit for this server.br / /p hr addressApache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140/ address /body/html Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using cached catalog Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog; skipping run /pre I have set the variable: pre PassengerMaxRequests 1 /pre But I doubt that this impact on this error. Again, thank you! Jimmy On 26 juil, 14:33, ji...@goffaux.fr ji...@goffaux.fr wrote: Passenger is already installed, but was not configured to Puppet. I will do the migration and I will return here. Thank you! On 25 juil, 17:21, Peter Meier peter.me...@immerda.ch wrote: I have about 130 customer puppet. I left the default time interval. Are you still running with default webrick on the puppetmaster? (If you didn't change anything, then yes you are). If yes, it's time to scale out and use either a Mongrel or Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger ~pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: copying files to the agent that matched hostname
On Aug 16, 2:59 am, Sans r.santanu@gmail.com wrote:
Dear all,
I need to copy some files to the various clients in some logical way.
The files are named in this way: farm001-cert.pem, where the forst
part of the name (i.e. nfarm001) is the name of host where it should
be copied. How can I do that? Any help greatly appreciated. Cheers!!
You can interpolate the 'hostname' fact into the name of the resouce,
the name of the file on the file server, or both. For example:
file { ${hostname}-cert.pem:
...
source = puppet://puppet.internalnet/modules/certs/${hostname}-
cert.pem
}
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Random error in the recovery catalog
Hello, I just set up Puppet / Passenger by following the documentation. For servers already authenticated key I do not encounter problems, but for new I have these errors: -- root@server2:~# puppetd --test --no-daemonize warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session info: Creating a new SSL certificate request for server2.fqdn info: Certificate Request fingerprint (md5): F1:2E:F6:D6:8C:B3:F6:6B:D2:4B:C4:72:1C:E4:24:D9 warning: peer certificate won't be verified in this SSL session err: Could not request certificate: Error 405 on SERVER: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title405 Method Not Allowed/ title / headbody h1Method Not Allowed/ h1 pThe requested method PUT is not allowed for the URL /production/ certificate_request/server2.fqdn./ p hr addressApache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at puppetmaster.fqdn Port 8140/ address /body/ html Exiting; failed to retrieve certificate and waitforcert is disabled root@server2:~# --- Also, I get a new type of error by mail: --- Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog from remote server: Error 414 on SERVER: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title414 Request-URI Too Large/title /headbody h1Request-URI Too Large/h1 pThe requested URL's length exceeds the capacity limit for this server.br / /p hr addressApache/2.2.9 (Debian) DAV/2 SVN/1.5.1 Phusion_Passenger/3.0.7 mod_ssl/2.2.9 OpenSSL/0.9.8g Server at PUPPETMASTER.fqdn Port 8140/ address /body/html Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (notice): Using cached catalog Tue Aug 16 15:52:08 +0200 2011 //server1.fqdn/Puppet (err): Could not retrieve catalog; skipping run I have set the variable: --- PassengerMaxRequests 1 --- But I doubt that this impact on this error. Again, thank you! Jimmy On 26 juil, 14:33, ji...@goffaux.fr ji...@goffaux.fr wrote: Passenger is already installed, but was not configured to Puppet. I will do the migration and I will return here. Thank you! On 25 juil, 17:21, Peter Meier peter.me...@immerda.ch wrote: I have about 130 customer puppet. I left the default time interval. Are you still running with default webrick on the puppetmaster? (If you didn't change anything, then yes you are). If yes, it's time to scale out and use either a Mongrel or Passenger-based Setup:http://projects.puppetlabs.com/projects/puppet/wiki/Using_Passenger ~pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: ANNOUNCE: Puppet 2.7.3
On Aug 15, 8:22 pm, David L Ballenger d...@davidlballenger.com wrote: Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the following error whenever a Puppet agent runs: err: Failed to apply catalog: Parameter options failed: Options must be provided as an array, not a comma separated list I ran the puppet agent with --test and --debug and got the output below. You'll notice that the error seems to occur when it's attempting to load service providers. I was doing some work on some custom types and providers and thought maybe there was a problem with one of those. So I removed them from /var/lib/puppet and the from the modules tree of the puppet master configuration so they wouldn't be reinstalled. I got the same results as below, so I'm guessing it's something else, but the error message isn't very helpful in figuring that out. I didn't see anything related in the release notes. It strikes me oddly that the master appears to have successfully compiled the catalog, but the agent doesn't like the result. Is the node running a newer version of Puppet than the master? Even 2.7.3 vs. 2.7.1? Even if you upgraded the master at the same time you updated the client, you might need to restart the puppetmaster service to actually get the new version running. The error message itself appears to be complaining about a resource poperty named 'options'. The only two built-in resource types that are documented to have such a property are 'mount' and 'ssh_authorized_key'. The latter resource explicitly specifies that multiple options must be provided as an array, which aligns pretty well with the error message you received. I would generally expect (perhaps unjustifiedly) that any 2.7.x client would work correctly with any 2.7.x master. If, therefore, the behavior change indeed arose from the upgrade then it is worthwhile filing a bug report, if only for documentary purposes. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing 'rpm' using puppet
On Aug 15, 9:37 am, Sans r.santanu@gmail.com wrote: err: /Stage[main]/Xx_emi/Package[emi-release]/ensure: change from absent to present failed: Execution of '/bin/rpm -i --oldpackage puppet:///modules/g_repo/emi-release-1.0.0-1.sl5.noarch.rpm' returned 1: error: open of puppet:///modules/g_repo/emi-release-1.0.0-1.sl5.noarch.rpm failed: No such file or directory Why No such file or directory? the file: emi- release-1.0.0-1.sl5.noarch.rpm does exist in /etc/puppet/modules/ g_repo/files/ directory. So, what's the reason for being failed? Typically, the puppetmaster daemon runs as a non-root user, often one named 'puppet'. That user must have sufficient privilege to traverse the directory structure under /etc/puppet and to read all the files in it. In all likelihood, the file in question or one of the directories in its path is not readable to that user, or possibly one of the directories in the path is not traversible by him. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Corrupted inventory.txt - how to rebuild?
Sean, Previously I've set up a cluster of Puppet Masters with one machine acting as the software load balancer (IPVS) as well as the Puppet Certificate Authority. The relevant puppet.conf options are ca_port and ca_server to specify where your CA is. The Puppet Master service on the CA server listened on the ca_port and signed CA requests. The default puppet port 8140 was load balanced to a pool of slave Puppet Masters and these masters all NFS mounted the ssl/ca/ directory so they knew about all signed puppet agents. You could then go even further and make your CA server resilient with Pacemaker / Heartbeat or other HA techniques. I didn't bother to go that far though ;) Hope that helps, -Luke On Aug 16, 3:25 pm, Sean Carolan scaro...@gmail.com wrote: How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Installing 'rpm' using puppet
Or, even more likely, Puppet is passing the file URL to RPM. RPM does not understand the puppet: URL scheme. Note the Puppet documentation for this property, which explicitly says This must be a [path ...] or a URL that your specific packaging type understands; Puppet will not retrieve [the package file] for you. I'd recommend setting up your own local Yum repository, and serving the RPM from that. Use the Yumrepo resource to manage the definition of your local repository. You could also set up the emi-release repository via Yumrepo, if you wanted to do, but that would not perform tasks such as installing GPG keys, and you would not be able to use Yum / RPM to remove it again. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Corrupted inventory.txt - how to rebuild?
Also I think Nigel posted a load balanced solution using entirely Apache that's floating around on the list, configs and all. Was a few months ago now if you want to go searching. On Aug 16, 4:12 pm, Luke Bigum luke.bi...@lmax.com wrote: Sean, Previously I've set up a cluster of Puppet Masters with one machine acting as the software load balancer (IPVS) as well as the Puppet Certificate Authority. The relevant puppet.conf options are ca_port and ca_server to specify where your CA is. The Puppet Master service on the CA server listened on the ca_port and signed CA requests. The default puppet port 8140 was load balanced to a pool of slave Puppet Masters and these masters all NFS mounted the ssl/ca/ directory so they knew about all signed puppet agents. You could then go even further and make your CA server resilient with Pacemaker / Heartbeat or other HA techniques. I didn't bother to go that far though ;) Hope that helps, -Luke On Aug 16, 3:25 pm, Sean Carolan scaro...@gmail.com wrote: How do you all handle load balancing and certificate management? Is there a way to have a master authority cert server, that all the other nodes turn to for all things SSL? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Need feedback on Dashboard/filebucket interaction
Good people ~ We're in an unfortunate situation with Dashboard, having to patch a bug half-way for the Dashboard 1.2 release because we don't have time for a complete fix, and because a complete fix may require Puppet changes. Within Dashboard's report interface we show links to the filebucket even if we don't have the file in question. If there's no content, we show an unhelpful error. The silly part is that we can't easily tell if we have file content without asking filebucket directly, which won't scale. We can address it in two ways: 1. Always show the links, just like we do now. If there's no content, show a helpful error when the link is clicked. 2. Only show the links where we know we have content. But in some situations (e.g., a new file) content will be available, but we won't show a link. This is because filebucket only works as a backup, not as a cache for new content. If this affects your life, or if you have an opinion, please comment on the bug or reply here. Thanks in advance. http://projects.puppetlabs.com/issues/7934 r -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] creating a puppet resource from existing cron
Is there a puppetized way for puppet to create a resource file from
an existing crontab?
Here's an example of what has worked for me:
$ crontab -l
* * * * * date /tmp/date.log
$ ralsh cron
Could not run: You must specify a name or title for resources
$ crontab -l | awk '!/^ *#/ {print # Puppet Name: item- NR ; print }
' | crontab
$ crontab -l
# Puppet Name: item-1
* * * * * date /tmp/date.txt
$ ralsh cron
cron { 'item-1':
user = 'foobar',
command = 'date /tmp/date.txt',
ensure = 'present',
target = 'foobar'
}
$ puppet -V
0.25.4
$ cat /etc/issue.net
Ubuntu 10.04.3 LTS
Regards,
- Robert
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: scoping question - I want a node specific global var
On Tue, Aug 16, 2011 at 6:23 AM, jcbollinger john.bollin...@stjude.org wrote:
[Lots of good ideas]
Of those, I would recommend either extlookup() or your ENC (if you
have one), with my personal preference being extlookup(). I think
Hiera may offer an even better solution (though similar to
extlookup()), but I'm not familiar enough with it to feel comfortable
recommending it.
Unfortunately I've thought of some of those and they don't quite fit
with our existing infrastructure.
* We're not using ENC
* I want the special information right alongside the node decl. This
reduces chance for error and makes the data more maintainable.
Let me give more background:
We have a nodes.pp with a lot of hosts in it. We map a nodename to a
single class...
node /our-squid\d+/ { include system:our_squid }
node /our-db\d+/ { include system:our_db }
and so on.
We are making a failover site.
node /special-our-squid\d+/ { include system::our_squid}
node /special-our-db\d+/ { include system::our_db }
I don't want to confuse the issue with more details, but due to some
legacy naming conventions, we can't (..shouldn't...) use /^special-*/
to determine the sites are failover. We would like the attribute in
puppet.
I could do class { system::our_db: failover = failover }, except I
want that failover attribute within the class that system::our_db
derives from.
class system {
// Am I special?
}
class system::our_db($failover) inherits system {
// Am I special, too?
}
So ideally (except that this won't work with the new scoping rules in
the future), I'd like to
node /special-our-db\d+/ { $SPECIAL=true
include system::our_db }
Now, I could make a class
class special($yesorno = false) {
$SPECIAL = $yesorno
}
and include that in all nodes, and change it to false in the special
nodes It isn't very elegant and makes our node file a lot
messier. Each node is two lines now.. there must be a more elegant
solution.
Maybe the answer is to make a case statement in the nodes.pp that sets
$IMSPECIAL globally based on the hostname... which was one of your
suggestions. But I don't like maintaining two lists of host regex's,
which could get out of date.
Is there no specifier to reach my node's scope? i.e.,
$mynode::IMSPECIAL? Maybe in Ruby?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] mount remounts not working
On Tue, Aug 16, 2011 at 03:34:02PM +0200, Arnau Bria wrote:
Hi all,
I have some code like:
{
'/srv/cloud' :
name = '/srv/cloud/' ,
atboot = true ,
device = 'iscsidisk01.domain.org:/volumes/POOL/one' ,
fstype = 'nfs' ,
remounts = true ,
options = 'defaults' ,
ensure = 'mounted' ,
require = File['/srv/cloud'] ;
}
If you dont specify name, puppet will use the title as the name, so
/srv/cloud
The problem you're having is the trailing slash because when puppet runs
mount to check if /srv/cloud/ is already mounted it doesnt find the
mount. So puppet will always try to mount the device.
Solution: remove the name (so name will implicitly be /srv/cloud) or
change name to /srv/cloud (with no trailing slash)
FTW: This is filed as https://projects.puppetlabs.com/issues/6793
-Stefan
pgp6wzoIjkDiB.pgp
Description: PGP signature
Re: [Puppet Users] Re: ANNOUNCE: Puppet 2.7.3
On Aug 16, 2011, at 7:56 AM, jcbollinger wrote: On Aug 15, 8:22 pm, David L Ballenger d...@davidlballenger.com wrote: Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the following error whenever a Puppet agent runs: err: Failed to apply catalog: Parameter options failed: Options must be provided as an array, not a comma separated list I ran the puppet agent with --test and --debug and got the output below. You'll notice that the error seems to occur when it's attempting to load service providers. I was doing some work on some custom types and providers and thought maybe there was a problem with one of those. So I removed them from /var/lib/puppet and the from the modules tree of the puppet master configuration so they wouldn't be reinstalled. I got the same results as below, so I'm guessing it's something else, but the error message isn't very helpful in figuring that out. I didn't see anything related in the release notes. It strikes me oddly that the master appears to have successfully compiled the catalog, but the agent doesn't like the result. Is the node running a newer version of Puppet than the master? Even 2.7.3 vs. 2.7.1? Even if you upgraded the master at the same time you updated the client, you might need to restart the puppetmaster service to actually get the new version running. The agent and master are on the same system. In the course of trying to track down the problem I restarted the master, several times. The error message itself appears to be complaining about a resource poperty named 'options'. The only two built-in resource types that are documented to have such a property are 'mount' and 'ssh_authorized_key'. The latter resource explicitly specifies that multiple options must be provided as an array, which aligns pretty well with the error message you received. No uses of the mount resource, but three uses of ssh_authorized_key. Only one ssh_authorized_key had multiple options and these were specified as an array, the other two had a single option specified as a string. I changed those two to specify the option as a single element array, but that didn't help. I'll try a few more things to see if I can narrow things down to an offending module, then submit a bug report. I would generally expect (perhaps unjustifiedly) that any 2.7.x client would work correctly with any 2.7.x master. If, therefore, the behavior change indeed arose from the upgrade then it is worthwhile filing a bug report, if only for documentary purposes. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.7.3
On Mon, Aug 15, 2011 at 6:22 PM, David L Ballenger d...@davidlballenger.comwrote: Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the following error whenever a Puppet agent runs: err: Failed to apply catalog: Parameter options failed: Options must be provided as an array, not a comma separated list Can you generate a catalog with the older version and the newer and compare them? Does --debug --trace add any more info ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: copying files to the agent that matched hostname
Thanks John! Is $hostname a puppet built-in variable like
$operatingsystem, $fqdn etc?
-San
On Aug 16, 3:38 pm, jcbollinger john.bollin...@stjude.org wrote:
You can interpolate the 'hostname' fact into the name of the resouce,
the name of the file on the file server, or both. For example:
file { ${hostname}-cert.pem:
...
source = puppet://puppet.internalnet/modules/certs/${hostname}-
cert.pem
}
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: scoping question - I want a node specific global var
I used extlookup to do something similar to this. For our Redis slaves
I set redis_master,master01.my.domain.com in the $fqdn.csv
%- if redis_master != then -%
slaveof %= redis_master % 6379
%- end -%
It's a bit of a hack, but it works cleanly. The pros are data is kept
in extlookup and the template can decide what to do based on whether
redis_master has a real value. Something along these lines may work
for you.
Ramin
On Aug 16, 9:24 am, Rich Rauenzahn rraue...@gmail.com wrote:
On Tue, Aug 16, 2011 at 6:23 AM, jcbollinger john.bollin...@stjude.org
wrote:
[Lots of good ideas]
Of those, I would recommend either extlookup() or your ENC (if you
have one), with my personal preference being extlookup(). I think
Hiera may offer an even better solution (though similar to
extlookup()), but I'm not familiar enough with it to feel comfortable
recommending it.
Unfortunately I've thought of some of those and they don't quite fit
with our existing infrastructure.
* We're not using ENC
* I want the special information right alongside the node decl. This
reduces chance for error and makes the data more maintainable.
Let me give more background:
We have a nodes.pp with a lot of hosts in it. We map a nodename to a
single class...
node /our-squid\d+/ { include system:our_squid }
node /our-db\d+/ { include system:our_db }
and so on.
We are making a failover site.
node /special-our-squid\d+/ { include system::our_squid}
node /special-our-db\d+/ { include system::our_db }
I don't want to confuse the issue with more details, but due to some
legacy naming conventions, we can't (..shouldn't...) use /^special-*/
to determine the sites are failover. We would like the attribute in
puppet.
I could do class { system::our_db: failover = failover }, except I
want that failover attribute within the class that system::our_db
derives from.
class system {
// Am I special?
}
class system::our_db($failover) inherits system {
// Am I special, too?
}
So ideally (except that this won't work with the new scoping rules in
the future), I'd like to
node /special-our-db\d+/ { $SPECIAL=true
include system::our_db }
Now, I could make a class
class special($yesorno = false) {
$SPECIAL = $yesorno
}
and include that in all nodes, and change it to false in the special
nodes It isn't very elegant and makes our node file a lot
messier. Each node is two lines now.. there must be a more elegant
solution.
Maybe the answer is to make a case statement in the nodes.pp that sets
$IMSPECIAL globally based on the hostname... which was one of your
suggestions. But I don't like maintaining two lists of host regex's,
which could get out of date.
Is there no specifier to reach my node's scope? i.e.,
$mynode::IMSPECIAL? Maybe in Ruby?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dashboard table resource_statuses growing uncontrollably
I've inherited the administration of a puppet-dashboard (version 1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a problem I'm hoping for some help with. In short, one table, resource_statuses appears to be growing at a rate far higher then the other tables: mysql select count(*) from nodes; +--+ | count(*) | +--+ | 107 | +--+ mysql select count(*) from resource_statuses; +---+ | count(*) | +---+ | 188068011 | +---+ Yeah, that's over 188 million rows. Currently, the entire mysql data directory for the dashboard database is taking up 51 GB; the resource_statuses.MYD file is 47 GB of that. We've got a weekly cron job that runs /usr/share/puppet-dashboard/ Rakefile RAILS_ENV=production reports:prune upto=2 unit=wk, and I've run it manually, but it doesn't seem to impact that table. Is there a safe way to reduce the number of rows in that table, and limit it to keeping either X number of rows, or rows going back only to a specific timespan (like, 2 weeks)? Thanks in advance! -- Sandy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.7.3
On Aug 16, 2011, at 10:48 AM, Nigel Kersten wrote:
On Mon, Aug 15, 2011 at 6:22 PM, David L Ballenger d...@davidlballenger.com
wrote:
Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the following
error whenever a Puppet agent runs:
err: Failed to apply catalog: Parameter options failed: Options must be
provided as an array, not a comma separated list
Can you generate a catalog with the older version and the newer and compare
them?
Does --debug --trace add any more info ?
Thanks for the suggestion about --trace, I didn't see that in the puppet help
info.
With --trace on I got:
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
..
followed by more trace info. So it looks like I am having an issue with the
ssh_authorized_key option parameter. When I looked at the line specified in
the trace I found:
validate do |value|
raise Puppet::Error, Options must be provided as an array, not a
comma separated list if value != :absent and
value.include?(',')
end
I think the value.Include?(',') is a little too inclusive. It is catching
a comma within a string that is part of a from option for the
ssh_authorized_key to limit the systems from which the key will allow
connections. For example:
from=\a.b.com,x.y.org\
I also tried 'from=a.b.com,x.y.org' with the same results.
This was working in 2.7.1.
Thanks - David
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.7.3
On Tue, Aug 16, 2011 at 4:00 PM, David L Ballenger
d...@davidlballenger.comwrote:
On Aug 16, 2011, at 10:48 AM, Nigel Kersten wrote:
On Mon, Aug 15, 2011 at 6:22 PM, David L Ballenger
d...@davidlballenger.com wrote:
Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the
following error whenever a Puppet agent runs:
err: Failed to apply catalog: Parameter options failed: Options must be
provided as an array, not a comma separated list
Can you generate a catalog with the older version and the newer and compare
them?
Does --debug --trace add any more info ?
Thanks for the suggestion about --trace, I didn't see that in the puppet
help info.
With --trace on I got:
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
..
followed by more trace info. So it looks like I am having an issue with
the ssh_authorized_key option parameter. When I looked at the line
specified in the trace I found:
validate do |value|
raise Puppet::Error, Options must be provided as an array, not a comma
separated list if value != :absent and
value.include?(',')
end
I think the value.Include?(',') is a little too inclusive. It is
catching a comma within a string that is part of a from option for the
ssh_authorized_key to limit the systems from which the key will allow
connections. For example:
from=\a.b.com,x.y.org\
I also tried 'from=a.b.com,x.y.org' with the same results.
This was working in 2.7.1.
Ugh. I can't see an obvious test to distinguish this from a comma-separated
string. Maybe if an = exists as well? I wonder what other options would
pass/fail that test
We definitely have enough for a bug report here if you wouldn't mind filing
one, and we may have to abandon whatever it was that led us to have to
implement that check.
--
Nigel Kersten
Product Manager, Puppet Labs
*Join us for **PuppetConf *
http://www.bit.ly/puppetconfsig
Sept 22/23 Portland, Oregon, USA.
*
*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.7.3
Okay, I'll file a bug report on this later today. I seem to be having problems
contacting the bug tracker right now.
On Aug 16, 2011, at 4:08 PM, Nigel Kersten wrote:
On Tue, Aug 16, 2011 at 4:00 PM, David L Ballenger d...@davidlballenger.com
wrote:
On Aug 16, 2011, at 10:48 AM, Nigel Kersten wrote:
On Mon, Aug 15, 2011 at 6:22 PM, David L Ballenger
d...@davidlballenger.com wrote:
Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the following
error whenever a Puppet agent runs:
err: Failed to apply catalog: Parameter options failed: Options must be
provided as an array, not a comma separated list
Can you generate a catalog with the older version and the newer and compare
them?
Does --debug --trace add any more info ?
Thanks for the suggestion about --trace, I didn't see that in the puppet help
info.
With --trace on I got:
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
..
followed by more trace info. So it looks like I am having an issue with the
ssh_authorized_key option parameter. When I looked at the line specified in
the trace I found:
validate do |value|
raise Puppet::Error, Options must be provided as an array, not a
comma separated list if value != :absent and
value.include?(',')
end
I think the value.Include?(',') is a little too inclusive. It is
catching a comma within a string that is part of a from option for the
ssh_authorized_key to limit the systems from which the key will allow
connections. For example:
from=\a.b.com,x.y.org\
I also tried 'from=a.b.com,x.y.org' with the same results.
This was working in 2.7.1.
Ugh. I can't see an obvious test to distinguish this from a comma-separated
string. Maybe if an = exists as well? I wonder what other options would
pass/fail that test
We definitely have enough for a bug report here if you wouldn't mind filing
one, and we may have to abandon whatever it was that led us to have to
implement that check.
--
Nigel Kersten
Product Manager, Puppet Labs
Join us for PuppetConf
http://www.bit.ly/puppetconfsig
Sept 22/23 Portland, Oregon, USA.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ANNOUNCE: Puppet 2.7.3
It's not just you. Unfortunately, it's down right now. Seems to be a
hosting issue, so hopefully they'll get things sorted out quickly.
On Tue, Aug 16, 2011 at 16:16, David L Ballenger
d...@davidlballenger.comwrote:
Okay, I'll file a bug report on this later today. I seem to be having
problems contacting the bug tracker right now.
On Aug 16, 2011, at 4:08 PM, Nigel Kersten wrote:
On Tue, Aug 16, 2011 at 4:00 PM, David L Ballenger
d...@davidlballenger.com wrote:
On Aug 16, 2011, at 10:48 AM, Nigel Kersten wrote:
On Mon, Aug 15, 2011 at 6:22 PM, David L Ballenger
d...@davidlballenger.com wrote:
Since upgrading for Puppet 2.7.1 to 2.7.3 I have been getting the
following error whenever a Puppet agent runs:
err: Failed to apply catalog: Parameter options failed: Options must be
provided as an array, not a comma separated list
Can you generate a catalog with the older version and the newer and
compare them?
Does --debug --trace add any more info ?
Thanks for the suggestion about --trace, I didn't see that in the puppet
help info.
With --trace on I got:
/Library/Ruby/Gems/1.8/gems/puppet-2.7.3/lib/puppet/type/ssh_authorized_key.rb:95:in
`unsafe_validate'
..
followed by more trace info. So it looks like I am having an issue with
the ssh_authorized_key option parameter. When I looked at the line
specified in the trace I found:
validate do |value|
raise Puppet::Error, Options must be provided as an array, not a comma
separated list if value != :absent and
value.include?(',')
end
I think the value.Include?(',') is a little too inclusive. It is
catching a comma within a string that is part of a from option for the
ssh_authorized_key to limit the systems from which the key will allow
connections. For example:
from=\a.b.com,x.y.org\
I also tried 'from=a.b.com,x.y.org' with the same results.
This was working in 2.7.1.
Ugh. I can't see an obvious test to distinguish this from a comma-separated
string. Maybe if an = exists as well? I wonder what other options would
pass/fail that test
We definitely have enough for a bug report here if you wouldn't mind filing
one, and we may have to abandon whatever it was that led us to have to
implement that check.
--
Nigel Kersten
Product Manager, Puppet Labs
*Join us for **PuppetConf *
http://www.bit.ly/puppetconfsig
Sept 22/23 Portland, Oregon, USA.
*
*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: scoping question - I want a node specific global var
Some times doing things the right way requires going through the pain of
changing your current practices for the better.
On Tue, Aug 16, 2011 at 9:24 AM, Rich Rauenzahn rraue...@gmail.com wrote:
On Tue, Aug 16, 2011 at 6:23 AM, jcbollinger john.bollin...@stjude.org
wrote:
[Lots of good ideas]
Of those, I would recommend either extlookup() or your ENC (if you
have one), with my personal preference being extlookup(). I think
Hiera may offer an even better solution (though similar to
extlookup()), but I'm not familiar enough with it to feel comfortable
recommending it.
Unfortunately I've thought of some of those and they don't quite fit
with our existing infrastructure.
* We're not using ENC
* I want the special information right alongside the node decl. This
reduces chance for error and makes the data more maintainable.
Let me give more background:
We have a nodes.pp with a lot of hosts in it. We map a nodename to a
single class...
node /our-squid\d+/ { include system:our_squid }
node /our-db\d+/ { include system:our_db }
and so on.
We are making a failover site.
node /special-our-squid\d+/ { include system::our_squid}
node /special-our-db\d+/ { include system::our_db }
I don't want to confuse the issue with more details, but due to some
legacy naming conventions, we can't (..shouldn't...) use /^special-*/
to determine the sites are failover. We would like the attribute in
puppet.
I could do class { system::our_db: failover = failover }, except I
want that failover attribute within the class that system::our_db
derives from.
class system {
// Am I special?
}
class system::our_db($failover) inherits system {
// Am I special, too?
}
So ideally (except that this won't work with the new scoping rules in
the future), I'd like to
node /special-our-db\d+/ { $SPECIAL=true
include system::our_db }
Now, I could make a class
class special($yesorno = false) {
$SPECIAL = $yesorno
}
and include that in all nodes, and change it to false in the special
nodes It isn't very elegant and makes our node file a lot
messier. Each node is two lines now.. there must be a more elegant
solution.
Maybe the answer is to make a case statement in the nodes.pp that sets
$IMSPECIAL globally based on the hostname... which was one of your
suggestions. But I don't like maintaining two lists of host regex's,
which could get out of date.
Is there no specifier to reach my node's scope? i.e.,
$mynode::IMSPECIAL? Maybe in Ruby?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard table resource_statuses growing uncontrollably
There should probably be a rake task for this (tbh, all that stuff should be rewritten, loading the whole Rails env to do it is ...ugly), but you can probably (caveat emptor, I don't know this table very well) do something like *delete from resource_statuses where time = date_sub(now(), interval 2 weeks)* That'd delete rows older than two weeks. -scott On Tue, Aug 16, 2011 at 2:34 PM, Sandor W. Sklar ssk...@gmail.com wrote: I've inherited the administration of a puppet-dashboard (version 1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a problem I'm hoping for some help with. In short, one table, resource_statuses appears to be growing at a rate far higher then the other tables: mysql select count(*) from nodes; +--+ | count(*) | +--+ | 107 | +--+ mysql select count(*) from resource_statuses; +---+ | count(*) | +---+ | 188068011 | +---+ Yeah, that's over 188 million rows. Currently, the entire mysql data directory for the dashboard database is taking up 51 GB; the resource_statuses.MYD file is 47 GB of that. We've got a weekly cron job that runs /usr/share/puppet-dashboard/ Rakefile RAILS_ENV=production reports:prune upto=2 unit=wk, and I've run it manually, but it doesn't seem to impact that table. Is there a safe way to reduce the number of rows in that table, and limit it to keeping either X number of rows, or rows going back only to a specific timespan (like, 2 weeks)? Thanks in advance! -- Sandy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard table resource_statuses growing uncontrollably
Thanks, Scott. After posting this, I did some googling and pretty much came up with the same solution. Unfortunately, because we're using ISAM tables, the only way I know of to reclaim the space used by the datafiles is to do a mysqldump and then restore after clearing out the older reports. -- Sandy On Aug 16, 2011, at 5:44 PM, Scott Smith wrote: There should probably be a rake task for this (tbh, all that stuff should be rewritten, loading the whole Rails env to do it is ...ugly), but you can probably (caveat emptor, I don't know this table very well) do something like delete from resource_statuses where time = date_sub(now(), interval 2 weeks) That'd delete rows older than two weeks. -scott On Tue, Aug 16, 2011 at 2:34 PM, Sandor W. Sklar ssk...@gmail.com wrote: I've inherited the administration of a puppet-dashboard (version 1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a problem I'm hoping for some help with. In short, one table, resource_statuses appears to be growing at a rate far higher then the other tables: mysql select count(*) from nodes; +--+ | count(*) | +--+ | 107 | +--+ mysql select count(*) from resource_statuses; +---+ | count(*) | +---+ | 188068011 | +---+ Yeah, that's over 188 million rows. Currently, the entire mysql data directory for the dashboard database is taking up 51 GB; the resource_statuses.MYD file is 47 GB of that. We've got a weekly cron job that runs /usr/share/puppet-dashboard/ Rakefile RAILS_ENV=production reports:prune upto=2 unit=wk, and I've run it manually, but it doesn't seem to impact that table. Is there a safe way to reduce the number of rows in that table, and limit it to keeping either X number of rows, or rows going back only to a specific timespan (like, 2 weeks)? Thanks in advance! -- Sandy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Sandor W. Sklar Unix Systems Administrator Digital Libraries Systems Services Stanford University Libraries -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dashboard table resource_statuses growing uncontrollably
Try running optimize on it. -scott On Tue, Aug 16, 2011 at 5:53 PM, Sandor W. Sklar ssk...@gmail.com wrote: Thanks, Scott. After posting this, I did some googling and pretty much came up with the same solution. Unfortunately, because we're using ISAM tables, the only way I know of to reclaim the space used by the datafiles is to do a mysqldump and then restore after clearing out the older reports. -- Sandy On Aug 16, 2011, at 5:44 PM, Scott Smith wrote: There should probably be a rake task for this (tbh, all that stuff should be rewritten, loading the whole Rails env to do it is ...ugly), but you can probably (caveat emptor, I don't know this table very well) do something like delete from resource_statuses where time = date_sub(now(), interval 2 weeks) That'd delete rows older than two weeks. -scott On Tue, Aug 16, 2011 at 2:34 PM, Sandor W. Sklar ssk...@gmail.com wrote: I've inherited the administration of a puppet-dashboard (version 1.1.0, installed on RHEL 5.6 from puppetlabs RPM), and have hit a problem I'm hoping for some help with. In short, one table, resource_statuses appears to be growing at a rate far higher then the other tables: mysql select count(*) from nodes; +--+ | count(*) | +--+ | 107 | +--+ mysql select count(*) from resource_statuses; +---+ | count(*) | +---+ | 188068011 | +---+ Yeah, that's over 188 million rows. Currently, the entire mysql data directory for the dashboard database is taking up 51 GB; the resource_statuses.MYD file is 47 GB of that. We've got a weekly cron job that runs /usr/share/puppet-dashboard/ Rakefile RAILS_ENV=production reports:prune upto=2 unit=wk, and I've run it manually, but it doesn't seem to impact that table. Is there a safe way to reduce the number of rows in that table, and limit it to keeping either X number of rows, or rows going back only to a specific timespan (like, 2 weeks)? Thanks in advance! -- Sandy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Sandor W. Sklar Unix Systems Administrator Digital Libraries Systems Services Stanford University Libraries -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Redmine and Forge outages
Hey folks, Due to continuing problems with our datacenter, we're moving some infrastructure this evening. During this period, both Redmine (https://projects.puppetlabs.com/) and the Forge (http://forge.puppetlabs.com) will be unavailable. Sorry about the short notice of this, and the outage earlier too [1]. If you have any issues in a couple of hours once it's all back up, feel free to hunt me down and ask me. Thanks. 1. http://status.linode.com/2011/08/partial-outage-in-fremont.html -- Ben Hughes || Come to PuppetConf http://bit.ly/puppetconfsig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Redmine and Forge outages
On Tue, Aug 16, 2011 at 06:53:03PM -0700, Ben Hughes wrote: Due to continuing problems with our datacenter, we're moving some infrastructure this evening. Both Forge and Redmine are back, we have normality. (With the obligatory Hitch-Hikers Guide to the Galaxy reference of: Anything you still can't cope with is therefore your own problem... (; -- Ben Hughes || Come to PuppetConf http://bit.ly/puppetconfsig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] fighting packaging
On Fri, Aug 12, 2011 at 9:53 AM, Craig White craig.wh...@ttiltd.com wrote: Clearly not a problem caused by puppet but something I can't apparently deploy with puppet unless someone has an idea. Trying to automate a way to deploy mod_mono for apache from CLI, the problem seems obvious... apt-get install -y --assume-yes libapache2-mod-mono mono-apache-server libmono-firebirdsql1.7-cil a massive pile of packages installs and it finally arrives at the truth moment: Configuration file `/etc/apache2/mods-available/mod_mono.conf' == File on system created by you or by a script. == File also in package provided by package maintainer. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : background this process to examine the situation The default action is to keep your current version. *** mod_mono.conf (Y/I/N/O/D/Z) [default=N] ? So it appears that the same target, mod_mono.conf is being created both by script and a file in the package itself and it appears that all of the '-y' or '--assume-yes' logic in the command itself will not allow an install to progress without an interactive answer to the question - the answer to which is essentially meaningless because I can control the file anyway with puppet. Anyone have an idea how to defeat well intentioned but defective packager logic? In this case I would probably modify the package itself to work around decisions made upstream that negatively affect what I do. Relatively smoothly, this can be done by downloading the debian source package, modifying it to not be silly (by your defintions), rolling it into your own local apt repo, and telling puppet to go to town installing it. I already do lots of package modifications to remove maintainer scripts (post install etc) from many many upstream packages in Ubuntu in my local repo. Much better, in my experience, than trying to make exceptions in puppet to handle misaligned upstream assumptions. -Jordan -- Craig White ~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
