Re: [Puppet Users] automatic certificate signing for CloudPack
On Mon, Sep 19, 2011 at 4:56 PM, hamoun wrote:
> Hi All
>
> Despite several tries I have been unable to setup automatic
> certificate signing for CloudPack.
> This is part of typical output:
>
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> notice: Did not receive certificate
> warning: peer certificate won't be verified in this SSL session
> notice: Did not receive certificate
> ^CCancelling startup
>
> when I run:
> puppet node install ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com --
> login ec2-user --keyfile x --install-script gems --puppet-version
> 2.7.3 --debug --certname cloudadmin
>
> Although in the master I can see that the certificate is requested by
> client, I couldnt figure out where and how the automatic signing takes
> place. I looked into modules/cloud_provisioner/lib/puppet/cloudpack.rb
> where "install" is handled and thought maybe provisioner pulls cert
> requests and signs them but I could not find any code or log.
>
right now, certificate signing is a step that needs to be performed after
the installation script runs.
The controller node (or the node from which you invoke puppet node) should
be authorized to remotely sign certificates
For this, you need to add the following line to the master's auth.conf
path /certificate_status
method save
auth yes
allow #{controller.to_s}
you also need to ensure that auth is set to any on the following config
sections:
# allow access to the master CA
path /certificate/ca
auth any
method find
allow *
path /certificate/
auth any
method find
allow *
path /certificate_request
auth any
method find, save
allow *
Once the controller node has permission to sign certificates, you can run:
puppet certificate sign #{agent_certname} --ca-location remote --mode agent
the bootstrap action should be able to create nodes in ec2, run install and
sign the certs in one action
hope this helps
-Dan
> Thank you
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
"Join us for PuppetConf , September 22nd and
23rd in Portland, OR."
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet on VPC-Virtual private cloud
Hi guys am running puppet clients as Ubuntu machines and am under a VPC, now the problem is that due to a bug in ubuntu (lets not get in to the bug details) I cant run apt-get update, upgrade remotely from the new VPC puppet client but I can connect to my puppetmaster(I have a script which takes care of that when a new system comes up), so what am looking for is that when I connect to puppetmaster only one module (ex: source.list) is pushed to the client which would allow me to change source.list file and hence I can do update/ upgrade and then client connects again to master to get all other modules(the connecting again part is already there). Is there a way to do it? Please help Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] automatic certificate signing for CloudPack
Hi All Despite several tries I have been unable to setup automatic certificate signing for CloudPack. This is part of typical output: warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate ^CCancelling startup when I run: puppet node install ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com -- login ec2-user --keyfile x --install-script gems --puppet-version 2.7.3 --debug --certname cloudadmin Although in the master I can see that the certificate is requested by client, I couldnt figure out where and how the automatic signing takes place. I looked into modules/cloud_provisioner/lib/puppet/cloudpack.rb where "install" is handled and thought maybe provisioner pulls cert requests and signs them but I could not find any code or log. Thank you -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet is very slow when running in AWS
I had some issues on my first trial with Puppet on AWS because of DNS resolution. I used Amazon R53 and the all damn thing was very slow (however you could clearly see this issue with wireshark). Maybe this hint will help you... On 20 September 2011 00:14, Troy Stribling wrote: > I am using Puppet 2.7.2 with ruby 1.8.7 (2010-01-10 patchlevel 249) > and 64 bit Ubuntu 10.4. > > I have a Vagrant environment which I have been using for development. > In the vagrant environment about 5 minutes is required to run all of > the modules used for the configuration I have been developing. When I > run exactly the same modules in AWS several hours are required. The > Vagrant VM has 1 CPU and 1 GB of memory. The AWS VM is an M1.Large > with 2 CPUs and 8GB of memory, When running in AWS the puppet process > is consuming most a CPU the entire time. Memory usage is low and their > is no excessive disk or network IO. The modules are eventually > executed without error. > > Has anyone seen similar behavior? > > Thanks, > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Romain PELISSE, *"The trouble with having an open mind, of course, is that people will insist on coming along and trying to put things in it" -- Terry Pratchett* http://belaran.eu/wordpress/belaran -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] A question about refresh events
In the puppet log file I see refresh events for Service and Mount resources. During the refresh event the Service is stopped and started and the Mount is mounted and unmounted. What is the purpose of this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet is very slow when running in AWS
I am using Puppet 2.7.2 with ruby 1.8.7 (2010-01-10 patchlevel 249) and 64 bit Ubuntu 10.4. I have a Vagrant environment which I have been using for development. In the vagrant environment about 5 minutes is required to run all of the modules used for the configuration I have been developing. When I run exactly the same modules in AWS several hours are required. The Vagrant VM has 1 CPU and 1 GB of memory. The AWS VM is an M1.Large with 2 CPUs and 8GB of memory, When running in AWS the puppet process is consuming most a CPU the entire time. Memory usage is low and their is no excessive disk or network IO. The modules are eventually executed without error. Has anyone seen similar behavior? Thanks, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Deployment of applications
You might be interested in Puppi, which is a Puppet module and a bash
command that i've written exactly for this reason.
Code: https://github.com/example42/puppi
More info: http://www.example42.com (now terribly slow) or
http://puppetlabs.com/blog/deploying-applications-and-bringing-puppet-information-to-the-cli-with-puppi/
It mixes the possibility of defining inside puppet manifests what you
need to make a deploy with a simple command that is actually used to
launch the deploy (by hand, via cron, via mcollective or triggered by
whatever tool).
The deploy procedure (commands to execute) can be totally customized,
but there are some ready examples to deploy from a Nexus repository,
or deploy directly wars, tarballs, zip archives and so on.
In few words, in order to be able to issue a command like:
puppi deploy supersite
you write Puppet code like this:
puppi::project::war { "supersite":
source => "http://repo.example42.com/deploy/prod/
supersite.war",
deploy_root => "/store/tomcat/myapp/webapps",
report_email => "sysadm...@example42.com",
}
but you can have more complex arguments like:
puppi::project::maven { "supersite":
source => "http://nexus.example42.com/nexus/content/
repositories/releases/it/example42/supersite/",
deploy_root => "/usr/local/tomcat/supersite/webapps",
config_suffix=> "cfg",
config_root => "/srv/htdocs/supersite",
document_suffix => "css",
document_root=> "/srv/htdocs/supersite",
firewall_src_ip => $site ? {
dr => "192.168.101.1/30",
main=> "192.168.1.1/30",
},
backup_retention => "3",
init_script => "tomcat",
report_email => "sysadm...@example42.com",
enable => "true",
}
And, if you need it, there's the mcollective agent and relevant mc-
puppi command.
Hope it might help,
al
On Sep 13, 9:53 pm, Ashley Penney wrote:
> I know this has come up on the list numerous times before but I
> thought it would be a good time to see if the state of the art has
> advanced for this kind of thing. I wanted to know how people are
> handling higher level deployment of applications - things that have to
> be done repeatedly but not all the time. An example of this is
> checking an application out of svn, building it, creating a package
> and then moving it off to a repo. Or even just building/installing
> locally for developers.
>
> It never seems to fit well into Puppet for me and I end up with crazy
> complicated manifests to deal with this kind of thing. I recently
> moved these jobs into Rundeck (www.rundeck.org) which works pretty
> well but doesn't really leverage any of the stuff I have within
> Foreman/Puppet. I've seen suggestions to use mcollective but this
> doesn't easily integrate our existing scripts (written in many
> languages) or processes and would require me to force a lot of
> developers to work differently. I could just have classes that
> trigger scripts only when some condition is met (like /.buildapp
> files) or something along those lines but nothing seems elegant.
>
> What I'm trying to find out is what other people did to handle this?
> I want something I can build up over time and slowly migrate legacy
> apps and processes into without having to do a massive up front
> development. It should also be relatively simple and not require me
> to code anything as anyone on the list who knows me can tell you that
> I am absolutely awful at coding.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet environment can't be used in extlookup (precedence)
It looks like this problem is related to the use of ENC and to the extremely-annoying-more-than-one-year-old #3910 bug :( I wonder what people are doing as a viable workaround. I know the Nokia guys solved it with a hack detecting the environment discrepancy it in their ENC but I don't know the code. Any nice tips anyone ? On Fri, Apr 22, 2011 at 1:08 PM, Marcello de Sousa wrote: > Tested with 2.6.7-1 > > I'll try to reproduce it with 2.6.6 > > On Fri, Apr 22, 2011 at 12:22 PM, R.I.Pienaar wrote: >> >> >> - Original Message - >>> This is bugging me for a couple of days now as I don't seem to find a >>> reasonable explanation for the different behavior on the 2 puppet >>> variables. Not sure if it's a puppet issue or an extlookup issue (or >>> maybe my own issue). >> >> your example looks fine, and it works for me on 2.6.6, not tried on newer >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet installation and configuration (Master and Client)
On Sep 19, 2011, at 11:23 AM, Mr. E. wrote: > I need latest documentation on how to install and configure Puppet > master and Puppet client in CentOS environment. The CentOS version is > 5.4 and Puppet version is 0.22.4. Puppet 0.22.4 is quite old. Why don't you enable epel-testing repo and get 2.6.6 from there? There is nothing unique about CentOS, fwiw. Any puppet installation instructions will apply to CentOS. > I'm having problem with configuring > between the Puppet master and Puppet client. The Puppet master is not > seeing the CA certificate of the Puppet client. If you phrased that accurately, you're somewhere off the reservation. The puppet master *IS* the CA for the client's certificate in normal configuration. I suspect you phrased that wrong. Certificate problems are very common FAQ. Lots of pages about this. If you really can't find the answer online, post the exact error you are seeing. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet installation and configuration (Master and Client)
I need latest documentation on how to install and configure Puppet master and Puppet client in CentOS environment. The CentOS version is 5.4 and Puppet version is 0.22.4. I'm having problem with configuring between the Puppet master and Puppet client. The Puppet master is not seeing the CA certificate of the Puppet client. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Open Source Team iteration & planning summary 2011-09-19
Getting & setting permissions on Windows now works (#9186). For full details on how this works, please see the commit that introduces the functionality[1]. Patch provided by Josh Cooper. This has been merged into the 2.7.x branch. Pluginsync will now only load Ruby files (#4135). Pluginsync will still sync all files, but will only attempt to load files ending in '.rb'. Patch provided by Nan Liu. This is particularly notable since this was the first merge from Stefan Schulte, our newest committer (there will be a separate annoucement about this and a few other details in the very near future). This has been merged into the 2.7.x branch. "puppet device" now resets all cached attributes (#7982). Since not ppall caches were being reset appropriately, there was some odd behavior such as the wrong SSL certificate being used for a device. Patch provided by Brice Figureau. This has been merged into the 2.7.x branch. "-" is now allowed in device certificate names (#9164). Patch provided by Brice Figureau. This has been merged into the 2.7.x branch. [1] https://github.com/puppetlabs/puppet/commit/42c998233ba188d94f4b903f802f075ffe87f0d6 Completed items: * #9186 - Windows file security support * #4135 - pluginsync tries to parse readme files * #7982 - puppet device fails on second device * #9164 - The certname in /etc/puppet/device.conf may not include a - Current backlog: * #9329 - (Review) Puppet agent daemonize option doesn't work on Windows * #9435 - (Review) Log destinations are broken on Windows * #9458 - (Review) Puppet fails to run when no subcommand specified * #9459 - (Review) Puppet fails to create user when groups are specified * #9326 - (Review) Password management on windows * #8414 - Task scheduler type/provider for Windows * #8411 - File type working on Windows * #9460 - Puppet agent fails if the PuppetLabs/puppet directory doesn't exist on Windows * #9461 - Puppet resource package fails on Windows * #9328 - Retrieve user and group SIDs on windows * #9190 - Windows documentation * #7316 - puppet applications delivered via pluginsync don't work. * #5517 - Overriding parameters on included & inherited classes * #3741 - Custom facts loaded multiple times * #4916 - Plugins should not be able to override core functionality. -- Jacob Helwig , | Join us for PuppetConf, September 22nd and 23rd in Portland, OR | http://bit.ly/puppetconfsig ` signature.asc Description: Digital signature
Re: [Puppet Users] debugging new custom type
On Thu, Sep 15, 2011 at 04:22:45PM -0400, Guy Matz wrote:
> hi! Does anyone have any advice on debugging a new custom type?
>
> Any thoughts would be greatly appreciated . . .
>
> BTW, I'm getting the error:
> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Could not render to pson: undefined method `merge' for []:Array
>
> with some very rough code.
>
> The Type (vncserver.rb):
> module Puppet
> newtype(:vncserver) do
>
> ensurable
>
> newproperty(:port) do
[...]
> newproperty(:username) do
[...]
> newproperty(:geometry) do
[...]
> end
>
> The Provider (parsed.rb):
[...]
> record_line :parsed, :fields => %w{vncservers}, :match =>
> /^VNCSERVERS="(.*)"/
>
> end
>
You have defined three properties (port, username, geometry) but your
provider is not able to retrieve or write any of these properties. So
how does a line in vncservers actually looks like? How can you get port,
username and geometry of a certain vncserver?
-Stefan
pgpGqCrU2Avkk.pgp
Description: PGP signature
Re: [Puppet Users] How to dynamically edit node definitions
Perhaps you want to use an external node classifier? It can give you the
dynamic definition of nodes per run. See
http://docs.puppetlabs.com/guides/external_nodes.html
On Fri, Sep 16, 2011 at 1:00 PM, Sav wrote:
> I would like to find out a way... given a host (or node), to
> dynamically add or remove from that node's definition. Does anybody
> know if this is possible?
>
> I am currently running a find statement in the /etc/puppet/ directory
> for all files that end in ".pp", grepping for "node 'hostname' ... {",
> and using a sed command to insert include statements. Is there a more
> simple way to do this?
>
> If not, is there at least an easier way to find the ".pp" file where a
> particular node is defined?
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
Adrien Thebo
adr...@puppetlabs.com
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
With respect to this recent error, I'm guessing that the path to the pid
file doesn't exist. With the issue you've been having on the type/provider
itself, I believe that I found that the parsedfile provider generally has
name hard coded as the namevar. This may be a bit far fetched, but see if
changing the name of the namevar to 'name' and see if it fixes things. It's
a hack really, but perhaps it'll get you what you want.
On Sat, Sep 17, 2011 at 8:44 AM, Guy Matz wrote:
> ok, i found out what pastebin is. All on my own!! :-) But puppet agent
> --trace doesn't give me very much output. Only:
> [root@gmatzpupnode ~]# puppet agent --trace
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/daemon.rb:47:in `create_pidfile'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/util.rb:38:in `synchronize_on'
> /opt/puppet/lib/ruby/1.8/sync.rb:230:in `synchronize'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/util.rb:38:in `synchronize_on'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/daemon.rb:46:in `create_pidfile'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/daemon.rb:22:in `daemonize'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:255:in
> `setup'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in
> `exit_on_fail'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/application.rb:286:in `run'
> /opt/puppet/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:55:in
> `execute'
> /usr/local/bin/puppet:4
> Could not prepare for execution: Could not create PID file:
> /var/run/pe-puppet/agent.pid
>
>
> it looks like it's failing, actually . . .
>
> thanks,
> guy
>
>
> On Thu, Sep 15, 2011 at 6:50 PM, Adrien Thebo wrote:
>
>> Could you provide the output of puppet agent --trace in a pastebin to
>> accompany this?
>>
>> On Thu, Sep 15, 2011 at 1:22 PM, Guy Matz wrote:
>>
>>> hi! Does anyone have any advice on debugging a new custom type?
>>>
>>> Any thoughts would be greatly appreciated . . .
>>>
>>> BTW, I'm getting the error:
>>> err: Could not retrieve catalog from remote server: Error 400 on SERVER:
>>> Could not render to pson: undefined method `merge' for []:Array
>>>
>>> with some very rough code.
>>>
>>> The Type (vncserver.rb):
>>> module Puppet
>>> newtype(:vncserver) do
>>>
>>> ensurable
>>>
>>> newproperty(:port) do
>>> desc "The vnc servers port assignment. Will be +5900 on the
>>> server"
>>> validate do |value|
>>> unless value.is_i?
>>> raise Puppet::Error, "Invalid Port number"
>>> end
>>> end
>>> end
>>>
>>> newproperty(:username) do
>>> desc "The user who will own the VNC session."
>>> isnamevar
>>> validate do |value|
>>> unless value !~ /\s/
>>> raise Puppet::Error, "Must be a valid username. No spaces,
>>> please."
>>> end
>>> end
>>> end
>>>
>>> newproperty(:geometry) do
>>> desc "Resolution for VNC, in XxY, e.g. 1024x768."
>>> validate do |value|
>>> unless value !~ /^\d*x\d*$/
>>> raise Puppet::Error, "Must be a valid geometry. e.g.,
>>> 1024x768."
>>> end
>>> end
>>> end
>>>
>>> newparam(:password) do
>>> desc "Password to be put into users .vnc/passwd."
>>> validate do |value|
>>> unless hostpart =~ /^([\d\w]+|[\d\w][\d\w\-]+[\d\w])$/
>>> raise Puppet::Error, "Invalid host name"
>>> end
>>> end
>>> end
>>>
>>> newparam(:args) do
>>> desc "Optional arguments to be added to the vncserver
>>> command-line."
>>> end
>>> end
>>>
>>> @doc = "Installs and manages entries for vncservers. For
>>> Redhat-bases
>>> systems, and likely many others, these entries will be in
>>> /etc/sysconfig/vncservers."
>>>
>>> end
>>>
>>>
>>> The Provider (parsed.rb):
>>> require 'puppet/provider/parsedfile'
>>>
>>> vncservers = "/etc/sysconfig/vncservers"
>>>
>>> Puppet::Type.type(:vncserver).provide(:parsed,
>>> :parent =>
>>> Puppet::Provider::ParsedFile,
>>> :default_target => vncservers,
>>> :filetype => :flat
>>> ) do
>>>
>>> desc "The vncserver provider that uses the ParsedFile class"
>>>
>>> confine :exists => vncservers
>>> text_line :comment, :match => /^#/;
>>> text_line :blank, :match => /\s*$/;
>>>
>>> text_line :blank, :match => /\s*$/;
>>>
>>> record_line :parsed, :fields => %w{vncservers}, :match =>
>>> /^VNCSERVERS="(.*)"/
>>>
>>> end
>>>
>>>
>>> And The Manifest:
>>> class vncserver {
>>>
>>> include common::vnc
>>>
>>>
>>> package {
>>> 'tigervnc-server':
>>> ensure => 'installed';
>>> }
>>>
>>> vncserver {
>>> 'gmatz':
>>> port => '92',
>>> geometry => '1024x768',
>>> password => 'gmatz';
>>> }
>>> }
>>>
>>> --
>>> You received this message because
[Puppet Users] Node dependency
Hi, I am looking for a solution for a problem of node dependency. Suppose I have node A where service xyz is running. Now the node B service 123 is dependent on service xyz of node A i.e. to update node B service 123, the service xyz of node A should be stopped as a prerequisite. How I can achieve this in puppet? A simple case for above is the hadoop datanode and namenode where the datanode update should only happen after stopping hadoop's namenode. Thanks, -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] testing exec
On Sep 19, 2011, at 8:52 AM, Tim Coote wrote:
> I've clearly not approaching this correctly, so would appreciate some
> advice.
>
> I have a trivial shell script to execute. I've whittled this down to a
> one line invocation of true. The file is called test and has mode 755
>
> I'm testing with:
> sudo puppetd --debug --test
>
> I'm using puppet-0.25.5-2.fc15.noarch on the client and
> puppet-0.25.5-1.fc14.noarch on the server.
>
> I have an exec component that looks like this:
>
>exec { "initMysql":
>cwd => "/home/tim/backups",
>path => ["/usr/bin", "/bin"],
>command => "/home/tim/backups/test", # fails
> #command => "/home/tim/backups/test 2>&1", # works
> #command => "/home/tim/backups/test > /tmp/wibble", # works
> #command => "/home/tim/backups/test 2> /tmp/wibble", # works
>logoutput => true,
>creates => "/home/tim/backups/inited",
>}
>
> Failure looks like this:
>
> debug: //Node[uranustest]/Exec[initMysql]: Changing returns
> debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
> debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
> backups/test'
> debug: Executing '/home/tim/backups/test'
> err: //Node[uranustest]/Exec[initMysql]/returns: change from notrun to
> 0 failed: /home/tim/backups/test returned 1 instead of one of [0] at /
> etc/puppet/manifests/nodes.pp:117
>
>
> An example of success looks like this:
>
> debug: //Node[uranustest]/Exec[initMysql]: Changing returns
> debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
> debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
> backups/test 2>&1'
> debug: Executing '/home/tim/backups/test 2>&1'
> notice: //Node[uranustest]/Exec[initMysql]/returns: executed
> successfully
>
> I'm pretty sure that I shouldn't need to redirect the output to get
> the command to work.
>
> Any thoughts?
Do you recognize that puppet executions are performed by user 'root'?
Does this file have 777 permissions?
Is the first line of 'test' something like "#!/bin/bash" ? Probably a good idea
to get in the practice of naming shell script files with a recognizable
extension (i.e. test.sh)
I suppose that the reason the other commands success is simply because the
redirection exists so the redirection occurs and the command is true,
regardless of anything that occurs or fails in your shell script itself.
Craig
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] testing exec
Here's an idea: the first one is probably not run by the shell, as there
is no shell meta-characters in it. The latter three all have shell
meta-characters in them.
I don't know for certain that puppet does it this way, but it is common
to do things in this manner in scripting languages all over the place.
Is this possible?
If this is true, then using any shell meta-character (such as
backquotes, wildcards, pipes, or other things) will cause your script to
succeed.
--
David Douthitt
ddouth...@acm.org
On Monday, September 19, 2011 8:52 AM, "Tim Coote"
wrote:
> I've clearly not approaching this correctly, so would appreciate some
> advice.
>
> I have a trivial shell script to execute. I've whittled this down to a
> one line invocation of true. The file is called test and has mode 755
>
> I'm testing with:
> sudo puppetd --debug --test
>
> I'm using puppet-0.25.5-2.fc15.noarch on the client and
> puppet-0.25.5-1.fc14.noarch on the server.
>
> I have an exec component that looks like this:
>
> exec { "initMysql":
> cwd => "/home/tim/backups",
> path => ["/usr/bin", "/bin"],
> command => "/home/tim/backups/test", # fails
> #command => "/home/tim/backups/test 2>&1", # works
> #command => "/home/tim/backups/test > /tmp/wibble", # works
> #command => "/home/tim/backups/test 2> /tmp/wibble", # works
> logoutput => true,
> creates => "/home/tim/backups/inited",
> }
>
> Failure looks like this:
>
> debug: //Node[uranustest]/Exec[initMysql]: Changing returns
> debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
> debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
> backups/test'
> debug: Executing '/home/tim/backups/test'
> err: //Node[uranustest]/Exec[initMysql]/returns: change from notrun to
> 0 failed: /home/tim/backups/test returned 1 instead of one of [0] at /
> etc/puppet/manifests/nodes.pp:117
>
>
> An example of success looks like this:
>
> debug: //Node[uranustest]/Exec[initMysql]: Changing returns
> debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
> debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
> backups/test 2>&1'
> debug: Executing '/home/tim/backups/test 2>&1'
> notice: //Node[uranustest]/Exec[initMysql]/returns: executed
> successfully
>
> I'm pretty sure that I shouldn't need to redirect the output to get
> the command to work.
>
> Any thoughts?
>
> Tim
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] testing exec
I've clearly not approaching this correctly, so would appreciate some
advice.
I have a trivial shell script to execute. I've whittled this down to a
one line invocation of true. The file is called test and has mode 755
I'm testing with:
sudo puppetd --debug --test
I'm using puppet-0.25.5-2.fc15.noarch on the client and
puppet-0.25.5-1.fc14.noarch on the server.
I have an exec component that looks like this:
exec { "initMysql":
cwd => "/home/tim/backups",
path => ["/usr/bin", "/bin"],
command => "/home/tim/backups/test", # fails
#command => "/home/tim/backups/test 2>&1", # works
#command => "/home/tim/backups/test > /tmp/wibble", # works
#command => "/home/tim/backups/test 2> /tmp/wibble", # works
logoutput => true,
creates => "/home/tim/backups/inited",
}
Failure looks like this:
debug: //Node[uranustest]/Exec[initMysql]: Changing returns
debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
backups/test'
debug: Executing '/home/tim/backups/test'
err: //Node[uranustest]/Exec[initMysql]/returns: change from notrun to
0 failed: /home/tim/backups/test returned 1 instead of one of [0] at /
etc/puppet/manifests/nodes.pp:117
An example of success looks like this:
debug: //Node[uranustest]/Exec[initMysql]: Changing returns
debug: //Node[uranustest]/Exec[initMysql]: 1 change(s)
debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/
backups/test 2>&1'
debug: Executing '/home/tim/backups/test 2>&1'
notice: //Node[uranustest]/Exec[initMysql]/returns: executed
successfully
I'm pretty sure that I shouldn't need to redirect the output to get
the command to work.
Any thoughts?
Tim
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Sep 19, 3:52 pm, John Kennedy wrote: > > Would it be possible to create a class to install Glassfish and require that > class to be fulfilled before? I actually thought that > require => Package['glassfish'] > would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. $ puppet apply --modulepath modules/ manifests/test.pp --noop Could not find a default provider for domain $ touch ~/bin/asadmin && chmod +x ~/bin/asadmin $ puppet apply --modulepath modules/ manifests/test.pp --noop Parameter passwordfile failed: /opt/glassfish/.aspass does not exists at /home/matt/devel/puppet/modules/glassfish/manifests/testdomain.pp: 10 $ puppet -V 2.6.9 On a slightly seperate note, I've also had to set RUBYLIB to the lib in the module folder as well, which I wasn't expecting. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Requiring a package to satisfy a provider requirement
On Mon, Sep 19, 2011 at 15:18, Matt wrote:
> Hi there,
>
> I'm not sure the subject is entirely clear, so I'll do my best to
> explain it here.
>
> I'm trying to use the larstobi-puppet-glassfish module to configure
> Oracle Glassfish. I have the following for a domain:
>
> 1 class glassfish::testdomain {
> 2 domain {
> 3 "testdomain":
> 4 user => 'appserv',
> 5 asadminuser => 'admin',
> 6 passwordfile => '/opt/glassfish/.aspass',
> 7 ensure => 'present',
> 8 portbase => '9001',
> 9 require => Package['glassfish']
> 10 }
> 11 }
>
> The problem is that when I run this, the glassfish module causes it
> all to fail because asadmin, required as a provider, isn't available,
> nor is the passwordfile. But then it won't be available because
> glassfish isn't installed.
>
> Is there a way to pend the domain item until the glassfish package
> requirement is satisfied?
>
> Thanks
> Matt
>
>
Would it be possible to create a class to install Glassfish and require that
class to be fulfilled before? I actually thought that
require => Package['glassfish']
would have the desired effect...
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Requiring a package to satisfy a provider requirement
Hi there,
I'm not sure the subject is entirely clear, so I'll do my best to
explain it here.
I'm trying to use the larstobi-puppet-glassfish module to configure
Oracle Glassfish. I have the following for a domain:
1 class glassfish::testdomain {
2 domain {
3 "testdomain":
4 user => 'appserv',
5 asadminuser => 'admin',
6 passwordfile => '/opt/glassfish/.aspass',
7 ensure => 'present',
8 portbase => '9001',
9 require => Package['glassfish']
10 }
11 }
The problem is that when I run this, the glassfish module causes it
all to fail because asadmin, required as a provider, isn't available,
nor is the passwordfile. But then it won't be available because
glassfish isn't installed.
Is there a way to pend the domain item until the glassfish package
requirement is satisfied?
Thanks
Matt
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
