[Puppet Users] mount type is constantly remounting
Hi, I have defined mount resource like this: mount { /mnt/test/: device = //test/test, fstype = cifs, ensure = mounted, options= defaults,acl,soft,uid=test,gid=test=x, remounts = true, } For the first time (mount point is not mounted) it mounts perfectly, but after that it keeps mounting to that mount point with every puppet client run and piling up mounts. After while I have many the same mounts on this mount point. For now I've changed ensure = present, but this is not ideal. Is there any way how prevent this behaviour. Thank you, Filip puppet client 2.6.9 puppet server 2.6.9 CentOS release 5.7 (Final) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] mount type is constantly remounting
On 15/09/11 07:59, slune wrote: Hi, I have defined mount resource like this: mount { /mnt/test/: device = //test/test, fstype = cifs, ensure = mounted, options= defaults,acl,soft,uid=test,gid=test=x, remounts = true, } For the first time (mount point is not mounted) it mounts perfectly, but after that it keeps mounting to that mount point with every puppet client run and piling up mounts. After while I have many the same mounts on this mount point. For now I've changed ensure = present, but this is not ideal. Is there any way how prevent this behaviour. Remove the / at the end of the /mnt/test/. Basically a mismatch on what the list of mounted devices returns and what puppet is looking for. See Stefan Schulte's reply in this thread for more verbose details: http://groups.google.com/group/puppet-users/browse_thread/thread/c6cb361ba7da32f2/5e305ca7ddbbabb8 Dan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet and kerberos keytabs
Hi, we use kerberos with keytabs on our clients. We do *not* trust root on the clients! One client should never have access to any other client's keytab. This is my proposed solution to get the keytabs to the clients, any comments welcome! 1. Use file to get /root/.ssh/authorized_keys 2. Use exported resource to let the client notify the server that it wants a keytab 3. On the serverside 3.1 Generate keytab (if not exist) 3.2 Push keytab using ssh with key Problems: 1. As far as I understand we can't use file to get the keytab as local root on clients then could get other client's keytabs. (solved in solution) 2. Reinstallation. How do I tell the server to push the key once more to the same client? (not solved in solution) A suggestion here is to use a custom fact = has og has not keytab. Any other suggetions? Regards Bjørge -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How To Expand an .erb Template Without Doing a Full Puppet Run?
On 15/09/11 04:24, Jon Forrest wrote: In fact, this is only a special case of the more general problem of getting access to any file generated by a puppet run without actually putting the files in the ultimate destination. In other words, it would be like a --test run except files will be generated and kept. I have two ideas. The first is to introduce a preflight check run stage which has a clone of whatever you use to generate the zonefile, but puts it somewhere else and then does an exec with named-checkzone etc. If run stage main depends on preflight that should do the right thing assuming that failures of earlier run stages prevent execution of later ones. I'm not sure if that could lead to a race condition should someone update the data between the preflight check and the main manifest run though. Also you may find that your preflight stage requires things which are in your main stage (installation of packages etc) which will just get messy. The other option which I think I prefer is to have puppet deploy your zone files to a staging area, exec named-checkzone and whatever else you want to do and then have an exec or similar which moves the staged zonefiles into place on your nameserver. Make that exec depend on your sanity checks and it will only run if the zonefiles check out OK. You could even go so far as to stage your zonefiles into a git repo or similar on your nameserver and end up with something like: vcsrepo { /staging/location: # Set up git repo } file { /staging/location/zone.a: # whatever gets zone.a there } exec { check /staging/location/zone.a: command = named-checkzone /staging/location/zone.a, require = [File[/staging/location/zone.a],Vcsrepo[/staging/location]], } exec { commit staged zonefiles, command = git commit ..., require = Exec[check /staging/location/zone.a], # ... } exec { deploy zonefiles to nameserver, command = tar cp . -C /staging/location | tar xp -C /var/lib/named/zones, require = Exec[commit staged zonefiles], notify = Service[named], } -- Russell Howe rh...@moonfruit.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Scope and puppet 2.7
On Wed, 14 Sep 2011 15:16:45 +0200 Arnau Bria wrote: Hi all, Hi ! I reply myself... maybe it's useful for someone in the future. I'm planning to upgrade our server/client to 2.7 and would like to completely understand the big change in the dynamic scope deprecation. It says that 2.7 will issue deprecation warning. Ok, so I've upgraded a test server, test node and moved my code there. ran puppet and no warnings. Great! Warning are logged into puppetmaster log, not at client level. [...] So,i.e, $mcast_ip and $cluster which refer to ganglia module should they be renamed to $common::ganglia::mcast_ip and $common::ganglia::cluster ? Cause this is not working and giving a error: Cannot assign to variables in other namespaces from: http://docs.puppetlabs.com/guides/language_guide.html Qualified variables are read-only — you cannot set a variable’s value from other class. so, the var's value must be set inside the class (local scope) or in the top (outside any class in site.pp). Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How To Expand an .erb Template Without Doing a Full Puppet Run?
Hello Jon, Here is a process that I follow to avoid the type of misconfiguration problem you encountered. This process is used to *avoid* the mis- configured system problem. It is not a direct test that Puppet will generate a valid configuration file from a template. 1) A local environment is used to deploy the entire system (which is called a 'role' for the system). While I may be developing a single class, I still confirm that the entire role can be deployed to my local environment. The local server is typically rebuilt 30-50 times during the course of development of a new manifest. This allows me to catch errors early, as many of the mistakes I make result in spurious errors on Puppet. The manifests are then committed to SVN and automatically deployed to a DEV environment, which is identical to the production environment. This allows live testing against my other servers. The manifests then are merged to the 'trunk' branch and get deployed to a TESTING environment where selenium regression tests exercise the applications to make sure they still work as expected. The manifests get deployed to QA for manual testing and review and finally to PRODUCTION. 2) Include configuration checks before making a configuration file live. One example is with the sudoers file. I use a file-fragment approach to generate a sudoers testing file and only make that file live if the check passes. Your zone file can use a similar check. In situations where checks are not possible, I include a 'testing' flag to prevent a configuration file from being made live. I manually check the testing file to make sure it is valid. The APF firewall script is an example where this is important. When I first deployed APF, puppet exploded with spurious errors because I forgot to open a port. I now confirm (using the below process) that the APF configuration is valid before allowing APF to be started on the remote servers. 3) Each of my servers has a Dokuwiki page that is generated by puppet during the deployment. I use a file fragments pattern for this as well, where each class and define puts a dokuwik-formatted fragment into a specific directory. The configuration templates are included into the dokuwiki file fragments using this approach. These fragments are assembled into a single wiki page that is SCP'd to my documentation server. I then review the server's configuration directly on this wiki page to confirm that the destination server is configured in the manner I expect. In the case of APF, I then change the 'testing' flag to false and re-run puppet to make the configuration live. This is a process, not an answer to your original question about Puppet generating the configuration file from a template without actually applying the changes. That would be a nice feature which I don't believe currently exists. Your mis-configured zone file would have been spotted in steps 1 and 2; maybe step 3. Regards, Jon On Sep 10, 8:36 pm, Jon Forrest nob...@gmail.com wrote: We use puppet to distribute named zone files, like many of you do. We use git to maintain these files, which are then pulled by the puppet master machine. These zone files are actually puppet template .erb files. The other day, I made a mistake which resulted in some zone files with syntax errors in them. Puppet faithfully distributed the erroneous zone files to the name servers, which killed them. To prevent this from happening again, I want to be able to somehow expand the template files and run named-checkzone as part of a git pre-commit hook. I want this expansion to occur without making a normal puppet run so that the bad files won't get distributed. Can anybody point me to a technique for doing this? Cordially, Jon Forrest -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deployment of applications
Everyone's right, you don't want puppet to do application deployments. You want it to setup your application server, but stop there. Case in point, use Puppet to setup Rails/LAMP/Tomcat, but don't use it to deploy your actual application. Instead use Capistrano, Fabric, Func, etc. If you're already familiar with Rundeck, be sure to check out http://www.kartar.net/2010/12/puppet-and-rundeck/ - it may do exactly what you want (export Puppet facter info to rundeck) Justin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Email Protection? (NON SUBJECT ORIENTED)
Are you guys doing anything to protect our email addresses? Ever since I made my first post on here, I have been getting some VERY malicious stuff coming to my account? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Email Protection? (NON SUBJECT ORIENTED)
I blame Luke himself. ...wait what?! It's google groups, bro On Sep 15, 2011 7:08 AM, Matthew Hand mattxh...@gmail.com wrote: Are you guys doing anything to protect our email addresses? Ever since I made my first post on here, I have been getting some VERY malicious stuff coming to my account? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Definitions in a external node classifier
Hi everybody We would like to have the possibility to use definitions in an external node classifier. There is already a ticket about this with a possible solution: https://projects.puppetlabs.com/issues/2408 . We are open for other solutions and your opinions about naked resources on site.pp level, so please give us some comments :) regards raf -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Namespace weirdness
Hi, probably a bit noobish question, but browsing docs and googling didn't provide an answer for my problem, so maybe someone here can help. I have a modules for managing users layout something like this (named 'users') account.pp init.pp usergroup-a.pp usergroup-b.pp account.pp is where is define my resource define users::account (...) { } usergroup-a.pp and usergroup-b.pp are where I define some actual users, wrapped in classes: class users::usergroup-a { @account { ... } } init.pp is simply: import 'account' class users { include users::usergroup-a include users::usergroup-b } But when I try to realize users in my nodes.pp the following does not work node 'x' { include users realize ( Account[username] ) } (neither Account | title == 'username' | The following, however, works for some reason: class users::group-a { include users realize( Account['username']) } node 'x' { include users::group-a } Probably something really simple, but I don't see what. I'm using debian and its version 2.6.2 of puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Apache/Passenger RHEL6 not working
Hi Passenger is a rack application - will run out of httpd . Have you got anything like the following in your passenger (httpd) configuration file: DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] cron provider fails to parse some entries with leading whitespace
Background: the vixie-cron documentation states (and crontab -e agrees) that leading whitespace in crontab files is acceptable, and it is simply ignored. It is therefore possible to have valid crontabs with indentation. However, the puppet provider - crontab.rb - only allows for leading whitespace in actual *cron job* entries, and fails to properly parse *comments* or *environment variable* lines that have such leading whitespace. I've submitted a bug with additional details, however that bug was erroneously closed as a duplicate of a parsefile destroys your files bug, so I'm posting here in hopes that this may be re-opened: https://projects.puppetlabs.com/issues/9440 Note that this bug will certainly *lead to* the destruction of your (perfectly valid) crontab file, but that's just an unhappy side effect; the real problem is the cron provider failing to recognize valid syntax in crontabs to begin with. Jeremy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Email Protection? (NON SUBJECT ORIENTED)
On 9/15/2011 7:08 AM, Matthew Hand wrote: Are you guys doing anything to protect our email addresses? Ever since I made my first post on here, I have been getting some VERY malicious stuff coming to my account? If you get malicious email as a result of posting to any email list then I suggest you improve your junk email filter. I believe it's not the job of the list maintainer to protect email addresses unless the maintainer claims up from that postings will be anonymous. Cordially, Jon Forrest -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apache/Passenger RHEL6 not working
Here's a script that should deploy a stack with apache+passenger for you (tested on CentOS 6); https://raw.github.com/mstanislav/Veewee-Definitions/master/CentOS-6_x86_64-PuppetStack/postinstall.sh Maybe you can take a look at the steps and see if there's something you're missing. Hope it helps! -Mark On Thu, Sep 15, 2011 at 12:30 AM, Ashwin N ashy.n...@gmail.com wrote: Hi Passenger is a rack application - will run out of httpd . Have you got anything like the following in your passenger (httpd) configuration file: DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Email Protection? (NON SUBJECT ORIENTED)
On Thu, Sep 15, 2011 at 7:29 AM, Jon Forrest nob...@gmail.com wrote: On 9/15/2011 7:08 AM, Matthew Hand wrote: Are you guys doing anything to protect our email addresses? Ever since I made my first post on here, I have been getting some VERY malicious stuff coming to my account? If you get malicious email as a result of posting to any email list then I suggest you improve your junk email filter. I believe it's not the job of the list maintainer to protect email addresses unless the maintainer claims up from that postings will be anonymous. There's a reasonable expectation that the list mods aren't dumping the subscriber addresses and selling them off to spammers. We're not doing that. :) Seriously, it is Google Groups, so you get the protection it offers, requiring logins and CAPTCHA to view full email addresses on the web archives, etc etc, but it's difficult to stop people subscribing to lists and collecting addresses that way. -- Nigel Kersten Product Manager, Puppet Labs *Join us for **PuppetConf * http://www.bit.ly/puppetconfsig Sept 22/23 Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Definitions in a external node classifier
On Thu, Sep 15, 2011 at 1:44 AM, Raffael Schmid raff...@yux.ch wrote: Hi everybody We would like to have the possibility to use definitions in an external node classifier. There is already a ticket about this with a possible solution: https://projects.puppetlabs.com/issues/2408 . We are open for other solutions and your opinions about naked resources on site.pp level, so please give us some comments :) So to be clear, we're talking about assigning resources in general, not just definitions. The proposal is something like: classes: common: apt: resources: - add local repo: type: apt::repo ensure: present content: deb localrepo.magpie.lan/ubuntu lucid vendor - touch restart.txt: type: exec user: root command: touch /var/www/rails/tmp/restart.txt unless: /var/www/rails/tmp/restart.txt require: - file: /var/www/ - file: /var/www/rails There are a few related questions to consider. Classes with parameters are much like resources at this level, and we don't want to end up having them be significantly second-class with an ENC compared to resources. Should a parameterized class be expressed as: classes: - common: param1: value1 param2: value2 or: resources: - common: type: class param1: value1 param2: value2 ? -- Nigel Kersten Product Manager, Puppet Labs *Join us for **PuppetConf * http://www.bit.ly/puppetconfsig Sept 22/23 Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How To Expand an .erb Template Without Doing a Full Puppet Run?
On Sep 14, 2011, at 8:24 PM, Jon Forrest wrote: On 9/14/2011 1:58 PM, Dominik Zyla wrote: named-checkzone(8) should be suitable tool for your needs. I already knew that. To repeat, what I'm trying to find out is a way to get an expanded template without doing a full run of puppet. I could then run named-checkzone on that and then do a regular run. In fact, this is only a special case of the more general problem of getting access to any file generated by a puppet run without actually putting the files in the ultimate destination. In other words, it would be like a --test run except files will be generated and kept. I use /etc/puppet/deployment_files for situations such as this. Puppet pseudo code... file {/etc/puppet/deployment_files/zone_name source = puppet:///modules/bind/zone_name.erb notify = Exec[zone_name.un-deploy] exec {zone_name.un-deploy /bin/rm /etc/puppet/deployment_files/zone_name.deployed exec {zone_name.deploy touch /etc/puppet/deployment_files/zone_name.deployed notify = Exec[test - deploy if test successful] exec {test - deploy if test successful command = cat /etc/puppet/deployment_files/zone_name unless = bind-checkzone /etc/puppet/deployment_files/zone_name 0 AND ls ! /etc/puppet/deployment_files/zone_name.deployed require = File[/etc/puppet/deployment_files/zone_name] notify = [ Class[bind::service], Exec[zone_name.deploy] ] That's not all - you might want some notice statements but that's the general idea anyway. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Email Protection? (NON SUBJECT ORIENTED)
On Thu, Sep 15, 2011 at 7:46 AM, Nigel Kersten ni...@puppetlabs.com wrote: Seriously, it is Google Groups, so you get the protection it offers, requiring logins and CAPTCHA to view full email addresses on the web archives, etc etc, but it's difficult to stop people subscribing to lists and collecting addresses that way. That's one good argument to use a unique address for email list subscriptions, right there... particularly if your junk mail filter is not up to snuff. Using a gmail address for google groups has always seemed like a reasonable compromise, to me (and my personal and professional addresses are kept separate, of course). Care *always* should be taken when you're taking an email address public. Regards, Russell -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet and kerberos keytabs
On 15/09/11 10:34, Bjorge Solli wrote: Hi, we use kerberos with keytabs on our clients. We do *not* trust root on the clients! One client should never have access to any other client's keytab. This is my proposed solution to get the keytabs to the clients, any comments welcome! 1. Use file to get /root/.ssh/authorized_keys 2. Use exported resource to let the client notify the server that it wants a keytab 3. On the serverside 3.1 Generate keytab (if not exist) 3.2 Push keytab using ssh with key Problems: 1. As far as I understand we can't use file to get the keytab as local root on clients then could get other client's keytabs. (solved in solution) 2. Reinstallation. How do I tell the server to push the key once more to the same client? (not solved in solution) A suggestion here is to use a custom fact = has og has not keytab. Any other suggetions? A co-worker suggested using the certs with apache to deny access to all other than the requesting puppet client, and thus eliminate step 3.2 and problem 2 and negate problem 1:-) This will probably be our solution if noone has an even better idea. Regards Bjørge -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apache/Passenger RHEL6 not working
On Wed, Sep 14, 2011 at 12:33 PM, Gary Larizza g...@puppetlabs.com wrote: On Wed, Sep 14, 2011 at 11:12 AM, Kenton Brede kbr...@gmail.com wrote: I'm attempting to move from a working puppetmaster setup to Apache/Passenger. I'm following the instructions in the Pro Puppet book. I'm using the epel repo and running puppet 2.6.6. Passenger version 3.0.9 from the stealthymonkeys repo. Running puppetd -t -d doesn't seem to tell me anything significant. There's no complaining about SSL issues. My nodes can't find the catalog, based on the error message puppetd -t spits out: err: Could not retrieve catalog from remote server: Puppet::Resource::Catalog does not respond to from_s; can not intern instances from text/plain warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run I've googled the error and haven't found anything that helps so far. The catalog is currently in /etc/puppet/modules/. I really don't know anything about Passenger. I fail to see in the apache/passenger configuration how the puppetmaster is called when a client connects to port 8140. I see that apache is handling the SSL stuff but how does the puppetmaster fit into this? Any help appreciated. Thanks, -- Kent Brede Kent, I recommend taking a look at the online document here -- http://docs.puppetlabs.com/guides/passenger.html There are specific versions of Passenger and the Rack gem that are necessary for Puppet to work properly. I suspect you're using a version of one (possibly Rack) that's incompatible here. Gary, I using gem I installed the version for rhel6, listed in the document you recommended: Passenger 3.0.7 and Rack 1.2.2. I also removed these and installed the versions cited in the Pro Puppet book: Passenger 2.2.11 and Rack 1.1.0. Both configurations resulted in the same error as I had before: # puppetd -t err: Could not retrieve catalog from remote server: Puppet::Resource::Catalog does not respond to from_s; can not intern instances from text/plain warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run If you have any other ideas, let me know. Thanks, Kent -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apache/Passenger RHEL6 not working
On Thu, Sep 15, 2011 at 1:46 PM, Kenton Brede kbr...@gmail.com wrote: On Wed, Sep 14, 2011 at 11:30 PM, Ashwin N ashy.n...@gmail.com wrote: Hi Passenger is a rack application - will run out of httpd . Have you got anything like the following in your passenger (httpd) configuration file: DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory Yep I have this in my configuration: DocumentRoot /etc/puppet/rack/puppetmaster/public/ Directory /etc/puppet/rack/puppetmaster/ Options None AllowOverride None Order allow,deny allow from all /Directory Is there something I'm suppose to be putting in these directories? Ultimately following error messages I created directories and an empty file: /etc/puppet/rack/puppetmaster/public/production/catalog/puppet2.example.com. Is there suppose to be something put in puppet2.example.com? Thanks, To answer my own question, no do not put files in this directory. When I removed the puppet2.example.com, the Apache/Passenger setup started to work. -- Kent Brede http://gplus.to/kbrede http://sandhillsnaps.com/ http://aphotoaday.sandhillsnaps.org/ http://www.pentaxphotogallery.com/kentonbrede -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] debugging new custom type
hi! Does anyone have any advice on debugging a new custom type? Any thoughts would be greatly appreciated . . . BTW, I'm getting the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `merge' for []:Array with some very rough code. The Type (vncserver.rb): module Puppet newtype(:vncserver) do ensurable newproperty(:port) do desc The vnc servers port assignment. Will be +5900 on the server validate do |value| unless value.is_i? raise Puppet::Error, Invalid Port number end end end newproperty(:username) do desc The user who will own the VNC session. isnamevar validate do |value| unless value !~ /\s/ raise Puppet::Error, Must be a valid username. No spaces, please. end end end newproperty(:geometry) do desc Resolution for VNC, in XxY, e.g. 1024x768. validate do |value| unless value !~ /^\d*x\d*$/ raise Puppet::Error, Must be a valid geometry. e.g., 1024x768. end end end newparam(:password) do desc Password to be put into users .vnc/passwd. validate do |value| unless hostpart =~ /^([\d\w]+|[\d\w][\d\w\-]+[\d\w])$/ raise Puppet::Error, Invalid host name end end end newparam(:args) do desc Optional arguments to be added to the vncserver command-line. end end @doc = Installs and manages entries for vncservers. For Redhat-bases systems, and likely many others, these entries will be in /etc/sysconfig/vncservers. end The Provider (parsed.rb): require 'puppet/provider/parsedfile' vncservers = /etc/sysconfig/vncservers Puppet::Type.type(:vncserver).provide(:parsed, :parent = Puppet::Provider::ParsedFile, :default_target = vncservers, :filetype = :flat ) do desc The vncserver provider that uses the ParsedFile class confine :exists = vncservers text_line :comment, :match = /^#/; text_line :blank, :match = /\s*$/; text_line :blank, :match = /\s*$/; record_line :parsed, :fields = %w{vncservers}, :match = /^VNCSERVERS=(.*)/ end And The Manifest: class vncserver { include common::vnc package { 'tigervnc-server': ensure = 'installed'; } vncserver { 'gmatz': port = '92', geometry = '1024x768', password = 'gmatz'; } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apache/Passenger RHEL6 not working
I finally got this to work with passenger-3.0.7 and rack-1.2.2 by removing a file I'd created in: /etc/puppet/rack/puppetmaster/public/production/catalog/. Now that I know how this works, I'll try using a more current passenger and rack and see if it works. Kent On Thu, Sep 15, 2011 at 1:37 PM, Kenton Brede kbr...@gmail.com wrote: On Wed, Sep 14, 2011 at 12:33 PM, Gary Larizza g...@puppetlabs.com wrote: On Wed, Sep 14, 2011 at 11:12 AM, Kenton Brede kbr...@gmail.com wrote: I'm attempting to move from a working puppetmaster setup to Apache/Passenger. I'm following the instructions in the Pro Puppet book. I'm using the epel repo and running puppet 2.6.6. Passenger version 3.0.9 from the stealthymonkeys repo. Running puppetd -t -d doesn't seem to tell me anything significant. There's no complaining about SSL issues. My nodes can't find the catalog, based on the error message puppetd -t spits out: err: Could not retrieve catalog from remote server: Puppet::Resource::Catalog does not respond to from_s; can not intern instances from text/plain warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run I've googled the error and haven't found anything that helps so far. The catalog is currently in /etc/puppet/modules/. I really don't know anything about Passenger. I fail to see in the apache/passenger configuration how the puppetmaster is called when a client connects to port 8140. I see that apache is handling the SSL stuff but how does the puppetmaster fit into this? Any help appreciated. Thanks, -- Kent Brede Kent, I recommend taking a look at the online document here -- http://docs.puppetlabs.com/guides/passenger.html There are specific versions of Passenger and the Rack gem that are necessary for Puppet to work properly. I suspect you're using a version of one (possibly Rack) that's incompatible here. Gary, I using gem I installed the version for rhel6, listed in the document you recommended: Passenger 3.0.7 and Rack 1.2.2. I also removed these and installed the versions cited in the Pro Puppet book: Passenger 2.2.11 and Rack 1.1.0. Both configurations resulted in the same error as I had before: # puppetd -t err: Could not retrieve catalog from remote server: Puppet::Resource::Catalog does not respond to from_s; can not intern instances from text/plain warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run If you have any other ideas, let me know. Thanks, Kent -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet 2.7.3 Cannot alias .. already defined
Hi all, Today I upgraded both my puppet server (2.7.1) a puppet client(s) (2.6.9) to 2.7.3 and suddenly my modules didn't work anymore. I don't know if 2.7.3 is more strict than 2.7.1, or if it's a bug, so I hope someone can help me. I have several modules where the file and/or directory are separated from the permissions I set on them This is because I sometimes want to create a single directory, and later set specific user/group and permissions to one or all files (recurse) in it. Here is an example for the ntp module class ntp ( $autoupgrade = 'false' ){ require ntp::params # Create var directory file { ${ntp::params::var_directory}: ensure = directory, } # Set var permissions sysconfig::permissions { ${ntp::params::module_label}_permissions$ {ntp::params::var_directory}: sysconfig_module = ${ntp::params::module_label}, sysconfig_name = ${ntp::params::var_directory}, sysconfig_owner = ${ntp::params::user_name}, sysconfig_group = ${ntp::params::group_name}, sysconfig_mode = ${ntp::params::var_permissions}, } .. removed some lines } # End class and also the sysconfig::permissions define module define sysconfig::permissions ( $sysconfig_module, $sysconfig_name, $sysconfig_recurse = 'false', $sysconfig_owner, $sysconfig_group, $sysconfig_mode = undef ) { # Load defaults require sysconfig::params # Set permissions file { ${sysconfig_module}_${sysconfig_name}: name= ${sysconfig_name}, recurse = ${sysconfig_recurse}, owner = ${sysconfig_owner}, group = ${sysconfig_group}, } if $sysconfig_mode != undef { File[${sysconfig_module}_${sysconfig_name}] { mode = ${sysconfig_mode}, } } } # End define When puppet runs, I get the following error err: Could not retrieve catalog from remote server: Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias File[ntp_/var/lib/ntp] to [/var/lib/ntp] at /etc/puppet/ modules/sysconfig/manifests/permissions.pp:47; resource [File, /var/ lib/ntp] already defined at /etc/puppet/modules/ntp/manifests/init.pp: 18 at /etc/puppet/modules/sysconfig/manifests/permissions.pp:47 on node client.mydomain.com In the previous version, this would not be a problem as the file in the ntp module would be file { /var/lib/ntp: } and the file in the sysconfig::permissions module would be file { ntp_/var/lib/ntp: } I would reference from back from the sysconfig::permissions module to the ntp module file by specifying name = /var/lib/ntp Do I need to change all my modules because I used a feature of puppet which should not be there, and if so, how could I best fix this. Kind regards, Rene -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet and kerberos keytabs
On Thu, Sep 15, 2011 at 10:12 AM, Bjorge Solli bjo...@solli.priv.no wrote: On 15/09/11 10:34, Bjorge Solli wrote: Hi, we use kerberos with keytabs on our clients. We do *not* trust root on the clients! One client should never have access to any other client's keytab. This is my proposed solution to get the keytabs to the clients, any comments welcome! 1. Use file to get /root/.ssh/authorized_keys 2. Use exported resource to let the client notify the server that it wants a keytab 3. On the serverside 3.1 Generate keytab (if not exist) 3.2 Push keytab using ssh with key Problems: 1. As far as I understand we can't use file to get the keytab as local root on clients then could get other client's keytabs. (solved in solution) 2. Reinstallation. How do I tell the server to push the key once more to the same client? (not solved in solution) A suggestion here is to use a custom fact = has og has not keytab. Any other suggetions? A co-worker suggested using the certs with apache to deny access to all other than the requesting puppet client, and thus eliminate step 3.2 and problem 2 and negate problem 1:-) This will probably be our solution if noone has an even better idea. You could create custom fileserver mount points with explicit access privileges so only the specific clients can access those files. You could create a function that returned the correct keytab for a given host, so the content was only available in the catalogs, not as files. file { /path/to/my_keytab: content = retrieve_keytab_for($certname), } or something along those lines. keytab distribution sucks :( -- Nigel Kersten Product Manager, Puppet Labs *Join us for **PuppetConf * http://www.bit.ly/puppetconfsig Sept 22/23 Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Source of external node data?
I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deployment of applications
On Thu, Sep 15, 2011 at 7:04 AM, Justin Ellison jus...@techadvise.com wrote: Everyone's right, you don't want puppet to do application deployments. You want it to setup your application server, but stop there. Case in point, use Puppet to setup Rails/LAMP/Tomcat, but don't use it to deploy your actual application. Instead use Capistrano, Fabric, Func, etc. If you're already familiar with Rundeck, be sure to check out http://www.kartar.net/2010/12/puppet-and-rundeck/ - it may do exactly what you want (export Puppet facter info to rundeck) I would use mcollective (which can stop/start services, and upgrade packages), wrapped up inside some simple shell scripts to control it's operation. Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
Could you provide the output of puppet agent --trace in a pastebin to accompany this? On Thu, Sep 15, 2011 at 1:22 PM, Guy Matz gm...@matz.org wrote: hi! Does anyone have any advice on debugging a new custom type? Any thoughts would be greatly appreciated . . . BTW, I'm getting the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `merge' for []:Array with some very rough code. The Type (vncserver.rb): module Puppet newtype(:vncserver) do ensurable newproperty(:port) do desc The vnc servers port assignment. Will be +5900 on the server validate do |value| unless value.is_i? raise Puppet::Error, Invalid Port number end end end newproperty(:username) do desc The user who will own the VNC session. isnamevar validate do |value| unless value !~ /\s/ raise Puppet::Error, Must be a valid username. No spaces, please. end end end newproperty(:geometry) do desc Resolution for VNC, in XxY, e.g. 1024x768. validate do |value| unless value !~ /^\d*x\d*$/ raise Puppet::Error, Must be a valid geometry. e.g., 1024x768. end end end newparam(:password) do desc Password to be put into users .vnc/passwd. validate do |value| unless hostpart =~ /^([\d\w]+|[\d\w][\d\w\-]+[\d\w])$/ raise Puppet::Error, Invalid host name end end end newparam(:args) do desc Optional arguments to be added to the vncserver command-line. end end @doc = Installs and manages entries for vncservers. For Redhat-bases systems, and likely many others, these entries will be in /etc/sysconfig/vncservers. end The Provider (parsed.rb): require 'puppet/provider/parsedfile' vncservers = /etc/sysconfig/vncservers Puppet::Type.type(:vncserver).provide(:parsed, :parent = Puppet::Provider::ParsedFile, :default_target = vncservers, :filetype = :flat ) do desc The vncserver provider that uses the ParsedFile class confine :exists = vncservers text_line :comment, :match = /^#/; text_line :blank, :match = /\s*$/; text_line :blank, :match = /\s*$/; record_line :parsed, :fields = %w{vncservers}, :match = /^VNCSERVERS=(.*)/ end And The Manifest: class vncserver { include common::vnc package { 'tigervnc-server': ensure = 'installed'; } vncserver { 'gmatz': port = '92', geometry = '1024x768', password = 'gmatz'; } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Adrien Thebo adr...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Configuration error on 0.25.5 (default provider)
There is no need to copy _anything_ from /var/lib/puppet from another machine, actually i think it breaks stuff. As youre running 0.25.5 you need to run puppetd once so that it can create its private key and cert, sign the cert on the master with puppetca --sign machine-name. Then puppet should run and apply the manifests you have for the node. Regards Nicolai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/habr6hlvwIUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Namespace weirdness
Hi, Instead of using 'import account' in your init.pp - use 'include' instead. Cheers, Den On 15/09/2011, at 23:46, isido ilja.sidor...@gmail.com wrote: Hi, probably a bit noobish question, but browsing docs and googling didn't provide an answer for my problem, so maybe someone here can help. I have a modules for managing users layout something like this (named 'users') account.pp init.pp usergroup-a.pp usergroup-b.pp account.pp is where is define my resource define users::account (...) { } usergroup-a.pp and usergroup-b.pp are where I define some actual users, wrapped in classes: class users::usergroup-a { @account { ... } } init.pp is simply: import 'account' class users { include users::usergroup-a include users::usergroup-b } But when I try to realize users in my nodes.pp the following does not work node 'x' { include users realize ( Account[username] ) } (neither Account | title == 'username' | The following, however, works for some reason: class users::group-a { include users realize( Account['username']) } node 'x' { include users::group-a } Probably something really simple, but I don't see what. I'm using debian and its version 2.6.2 of puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
I'm pulling Hiera data inside the modules. It's less conceptually elegant than passing the data but much easier to actually make work. On Sep 15, 2011 2:33 PM, Douglas Garstang doug.garst...@gmail.com wrote: I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
Hm, doesn't address your issue but you could probably do thus with just a definition instead of writing a new type. On Sep 15, 2011 1:22 PM, Guy Matz gm...@matz.org wrote: hi! Does anyone have any advice on debugging a new custom type? Any thoughts would be greatly appreciated . . . BTW, I'm getting the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `merge' for []:Array with some very rough code. The Type (vncserver.rb): module Puppet newtype(:vncserver) do ensurable newproperty(:port) do desc The vnc servers port assignment. Will be +5900 on the server validate do |value| unless value.is_i? raise Puppet::Error, Invalid Port number end end end newproperty(:username) do desc The user who will own the VNC session. isnamevar validate do |value| unless value !~ /\s/ raise Puppet::Error, Must be a valid username. No spaces, please. end end end newproperty(:geometry) do desc Resolution for VNC, in XxY, e.g. 1024x768. validate do |value| unless value !~ /^\d*x\d*$/ raise Puppet::Error, Must be a valid geometry. e.g., 1024x768. end end end newparam(:password) do desc Password to be put into users .vnc/passwd. validate do |value| unless hostpart =~ /^([\d\w]+|[\d\w][\d\w\-]+[\d\w])$/ raise Puppet::Error, Invalid host name end end end newparam(:args) do desc Optional arguments to be added to the vncserver command-line. end end @doc = Installs and manages entries for vncservers. For Redhat-bases systems, and likely many others, these entries will be in /etc/sysconfig/vncservers. end The Provider (parsed.rb): require 'puppet/provider/parsedfile' vncservers = /etc/sysconfig/vncservers Puppet::Type.type(:vncserver).provide(:parsed, :parent = Puppet::Provider::ParsedFile, :default_target = vncservers, :filetype = :flat ) do desc The vncserver provider that uses the ParsedFile class confine :exists = vncservers text_line :comment, :match = /^#/; text_line :blank, :match = /\s*$/; text_line :blank, :match = /\s*$/; record_line :parsed, :fields = %w{vncservers}, :match = /^VNCSERVERS=(.*)/ end And The Manifest: class vncserver { include common::vnc package { 'tigervnc-server': ensure = 'installed'; } vncserver { 'gmatz': port = '92', geometry = '1024x768', password = 'gmatz'; } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
I wrote my own with a Redis storage backend. So I use the external node exec terminus. On Sep 15, 2011 5:43 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I'm pulling Hiera data inside the modules. It's less conceptually elegant than passing the data but much easier to actually make work. On Sep 15, 2011 2:33 PM, Douglas Garstang doug.garst...@gmail.com wrote: I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
On 16 September 2011 07:32, Douglas Garstang doug.garst...@gmail.comwrote: Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. Both. The rule we have is: - extlookup - more than one host where we can group data - ENC for one off's -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Deployment of applications
Thats because puppet isn't a tool meant to build applications from source. You could do it but its one of those things where it doesn't make sense. If you need to build from SVN, you might as well look at something like Jenkins that can monitor an SCM and pull out changes and do a bunch of things around it. Then package it up into an RPM, which puppet handles nicely from my experience. run deck might be a good solution for you on your problem in terms of deploying to one system first before the others. If you had the knowledge with writing web applications you could easily use MCollective to do that too and put a nice GUI in front of the job. On Sep 13, 2011, at 6:33 PM, Ashley Penney wrote: can't think of any other good way to say do a one time run of project::build_core on the following matching nodes: x, y, z. I am really just using rundeck for the equivalent of that. Other things I would think of using this for is handling deploying a bunch of servers where server 1 has to be fully provisioned before 2 and on 2 at least one service has to be up before 3 can do its thing. It's something that's still a hassle to do well within Puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
It depends on the job you want to do. My project we use an oracle db backend to store our whole environment information for application deployments. So we have a ruby DSL class that is an entry point where it looks up the node in the database and processes it depending on its function. The solution depends on how complex you need it to be. On Sep 15, 2011, at 5:32 PM, Douglas Garstang wrote: I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Source of external node data?
On Thu, Sep 15, 2011 at 8:18 PM, Matthew Black mjbl...@gmail.com wrote: It depends on the job you want to do. My project we use an oracle db backend to store our whole environment information for application deployments. So we have a ruby DSL class that is an entry point where it looks up the node in the database and processes it depending on its function. The solution depends on how complex you need it to be. On Sep 15, 2011, at 5:32 PM, Douglas Garstang wrote: I asked this question a few weeks ago. Didn't get a reply, so I thought I'd try again. Where are people more likely to source external node data from? a) By using extlookup, hiera etc within each puppet module to load data specific to that module, OR b) Having the external node script source everything at once from, say a database, and then dump all the variables that the node will ever need. ? Doug. Thanks guys. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.