Re: [Puppet Users] automatic certificate signing for CloudPack
On Mon, Sep 19, 2011 at 4:56 PM, hamoun hamoun...@gmail.com wrote: Hi All Despite several tries I have been unable to setup automatic certificate signing for CloudPack. This is part of typical output: warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate warning: peer certificate won't be verified in this SSL session notice: Did not receive certificate ^CCancelling startup when I run: puppet node install ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com -- login ec2-user --keyfile x --install-script gems --puppet-version 2.7.3 --debug --certname cloudadmin Although in the master I can see that the certificate is requested by client, I couldnt figure out where and how the automatic signing takes place. I looked into modules/cloud_provisioner/lib/puppet/cloudpack.rb where install is handled and thought maybe provisioner pulls cert requests and signs them but I could not find any code or log. right now, certificate signing is a step that needs to be performed after the installation script runs. The controller node (or the node from which you invoke puppet node) should be authorized to remotely sign certificates For this, you need to add the following line to the master's auth.conf path /certificate_status method save auth yes allow #{controller.to_s} you also need to ensure that auth is set to any on the following config sections: # allow access to the master CA path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_request auth any method find, save allow * Once the controller node has permission to sign certificates, you can run: puppet certificate sign #{agent_certname} --ca-location remote --mode agent the bootstrap action should be able to create nodes in ec2, run install and sign the certs in one action hope this helps -Dan Thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf http://bit.ly/puppetconfsig, September 22nd and 23rd in Portland, OR. http://bit.ly/puppetconfsig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: testing exec
That's it! I was getting lazy and not putting the #! /bin/bash at the top of the shell script. This was a pig to pull out tho': when run under the debugger I flushed out an 'Exec format error', which just didn't make it to the log when run normally. Google found the 'Exec format error' on a unix bash blog as a side comment that 'some scripting languages won't use the shell to run a script unless you're specific in the source file'. Good shout David. Disappointing that I had to learn a/ ruby, b/ the ruby debugger, to pin this down. Do you think that I should record a bug/feature request that all errors get logged? On 19 Sep, 16:58, David Douthitt ddouth...@acm.org wrote: Here's an idea: the first one is probably not run by the shell, as there is no shell meta-characters in it. The latter three all have shell meta-characters in them. I don't know for certain that puppet does it this way, but it is common to do things in this manner in scripting languages all over the place. Is this possible? If this is true, then using any shell meta-character (such as backquotes, wildcards, pipes, or other things) will cause your script to succeed. -- David Douthitt ddouth...@acm.org On Monday, September 19, 2011 8:52 AM, Tim Coote tim.coo...@googlemail.com wrote: I've clearly not approaching this correctly, so would appreciate some advice. I have a trivial shell script to execute. I've whittled this down to a one line invocation of true. The file is calledtestand has mode 755 I'm testing with: sudo puppetd --debug --test I'm using puppet-0.25.5-2.fc15.noarch on the client and puppet-0.25.5-1.fc14.noarch on the server. I have anexeccomponent that looks like this: exec{ initMysql: cwd = /home/tim/backups, path = [/usr/bin, /bin], command = /home/tim/backups/test, # fails # command = /home/tim/backups/test21, # works # command = /home/tim/backups/test /tmp/wibble, # works # command = /home/tim/backups/test2 /tmp/wibble, # works logoutput = true, creates = /home/tim/backups/inited, } Failure looks like this: debug: //Node[uranustest]/Exec[initMysql]: Changing returns debug: //Node[uranustest]/Exec[initMysql]: 1 change(s) debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/ backups/test' debug: Executing '/home/tim/backups/test' err: //Node[uranustest]/Exec[initMysql]/returns: change from notrun to 0 failed: /home/tim/backups/testreturned 1 instead of one of [0] at / etc/puppet/manifests/nodes.pp:117 An example of success looks like this: debug: //Node[uranustest]/Exec[initMysql]: Changing returns debug: //Node[uranustest]/Exec[initMysql]: 1 change(s) debug: //Node[uranustest]/Exec[initMysql]: Executing '/home/tim/ backups/test21' debug: Executing '/home/tim/backups/test21' notice: //Node[uranustest]/Exec[initMysql]/returns: executed successfully I'm pretty sure that I shouldn't need to redirect the output to get the command to work. Any thoughts? Tim -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] qualified variables in templates
Hi all, is there a way for qualifying variables inside a template? I've tried : Name = %= ${::hostname} % but the var gets ${::hostname} value. thinking in version 2.8, is it needed? http://docs.puppetlabs.com/guides/scope_and_puppet.html says nothing about this... TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Parameterized class of Parameterized classes
Hi all, is there any problem in creating a parameterized class of parameterized classes? something like: class A ($var1,$var2,$var3) { class { 'B' : param = ${var1} ; 'C' : param = ${var2} ; 'D' : param = ${var3} ; } } node Z { class { 'A' : var1= 'value1', var2= 'value2', var3= 'value3', } } This is working fine in my test set (2.7.3), but I'm wondering if this could cause issues in any way (most probably scope), or there's a better way for grouping several classes into one (avoiding inheritance). TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Deployment of applications
This looks fascinating and I'm absolutely going to do some experimentation with it this week as a way to do some of the awkward deploys that exist. I love the idea. As a recent 2.7 upgrader I look forward to seeing the faces version you talk about. I guess today I'll finally get mcollective rolled out in advance of testing with Puppi. Thanks! (As for the rest of this thread Volcane convinced me that I was being stupid and my approach to the problem was wrong and to put the build logic in Jenkins and keep the deploy logic to package{}. On Mon, Sep 19, 2011 at 5:01 PM, Alessandro Franceschi a...@lab42.it wrote: You might be interested in Puppi, which is a Puppet module and a bash command that i've written exactly for this reason. Code: https://github.com/example42/puppi More info: http://www.example42.com (now terribly slow) or http://puppetlabs.com/blog/deploying-applications-and-bringing-puppet-information-to-the-cli-with-puppi/ It mixes the possibility of defining inside puppet manifests what you need to make a deploy with a simple command that is actually used to launch the deploy (by hand, via cron, via mcollective or triggered by whatever tool). The deploy procedure (commands to execute) can be totally customized, but there are some ready examples to deploy from a Nexus repository, or deploy directly wars, tarballs, zip archives and so on. In few words, in order to be able to issue a command like: puppi deploy supersite you write Puppet code like this: puppi::project::war { supersite: source = http://repo.example42.com/deploy/prod/ supersite.war, deploy_root = /store/tomcat/myapp/webapps, report_email = sysadm...@example42.com, } but you can have more complex arguments like: puppi::project::maven { supersite: source = http://nexus.example42.com/nexus/content/ repositories/releases/it/example42/supersite/, deploy_root = /usr/local/tomcat/supersite/webapps, config_suffix= cfg, config_root = /srv/htdocs/supersite, document_suffix = css, document_root= /srv/htdocs/supersite, firewall_src_ip = $site ? { dr = 192.168.101.1/30, main= 192.168.1.1/30, }, backup_retention = 3, init_script = tomcat, report_email = sysadm...@example42.com, enable = true, } And, if you need it, there's the mcollective agent and relevant mc- puppi command. Hope it might help, al On Sep 13, 9:53 pm, Ashley Penney apen...@gmail.com wrote: I know this has come up on the list numerous times before but I thought it would be a good time to see if the state of the art has advanced for this kind of thing. I wanted to know how people are handling higher level deployment of applications - things that have to be done repeatedly but not all the time. An example of this is checking an application out of svn, building it, creating a package and then moving it off to a repo. Or even just building/installing locally for developers. It never seems to fit well into Puppet for me and I end up with crazy complicated manifests to deal with this kind of thing. I recently moved these jobs into Rundeck (www.rundeck.org) which works pretty well but doesn't really leverage any of the stuff I have within Foreman/Puppet. I've seen suggestions to use mcollective but this doesn't easily integrate our existing scripts (written in many languages) or processes and would require me to force a lot of developers to work differently. I could just have classes that trigger scripts only when some condition is met (like /.buildapp files) or something along those lines but nothing seems elegant. What I'm trying to find out is what other people did to handle this? I want something I can build up over time and slowly migrate legacy apps and processes into without having to do a massive up front development. It should also be relatively simple and not require me to code anything as anyone on the list who knows me can tell you that I am absolutely awful at coding. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Custom the puppet CA settings
Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. Thanks Yunfeng -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Sep 20, 1:02 pm, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. Sorry to post to my own reply and so soon afterwards, but stages appear not to have resolved this. It seems that the provider tests are done irrespective of stages, so at this point it looks as though it's not possible to use providers that exist as the result of the action of another resource. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
Stefan, thanks again for your reply. I'm just trying to get something working, even if it doesn't actually do anything yet . . . On Mon, Sep 19, 2011 at 1:48 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Sep 15, 2011 at 04:22:45PM -0400, Guy Matz wrote: hi! Does anyone have any advice on debugging a new custom type? Any thoughts would be greatly appreciated . . . BTW, I'm getting the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `merge' for []:Array with some very rough code. The Type (vncserver.rb): module Puppet newtype(:vncserver) do ensurable newproperty(:port) do [...] newproperty(:username) do [...] newproperty(:geometry) do [...] end The Provider (parsed.rb): [...] record_line :parsed, :fields = %w{vncservers}, :match = /^VNCSERVERS=(.*)/ end You have defined three properties (port, username, geometry) but your provider is not able to retrieve or write any of these properties. So how does a line in vncservers actually looks like? How can you get port, username and geometry of a certain vncserver? -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Requiring a package to satisfy a provider requirement
On Tue, Sep 20, 2011 at 5:27 AM, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 20, 1:02 pm, Matthew Willsher matthew.wills...@gmail.com wrote: On Sep 19, 4:06 pm, Matt matthew.wills...@gmail.com wrote: On Sep 19, 3:52 pm, John Kennedy skeb...@gmail.com wrote: Would it be possible to create a class to install Glassfish and require that class to be fulfilled before? I actually thought that require = Package['glassfish'] would have the desired effect... That's what I was expecting but it fails when it can't find asadmin then if I create a dummy asadmin it files when it can't find passwordfile. Further reading reveals this to be a function of the provider suitability checks. Apparently the use of stages (=2.6) can be used to resolve this, so there's my way forward. Sorry to post to my own reply and so soon afterwards, but stages appear not to have resolved this. It seems that the provider tests are done irrespective of stages, so at this point it looks as though it's not possible to use providers that exist as the result of the action of another resource. stages were definitely not designed to solve this. It has been a known issue for a while and has a few work-arounds. The pip provider works around this by not using the commands method, and instead implements lazy pip. Another example of a work around if to create a default provider that does nothing except determine suitability, then you can explicitly specify provider = 'real_provider' during compile time you can see an example of this approach in the rabbitmq provider https://github.com/puppetlabs/puppetlabs-rabbitmq -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf http://bit.ly/puppetconfsig, September 22nd and 23rd in Portland, OR. http://bit.ly/puppetconfsig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet on VPC-Virtual private cloud
On Sep 19, 2011, at 7:20 PM, newguy wrote: Hi guys am running puppet clients as Ubuntu machines and am under a VPC, now the problem is that due to a bug in ubuntu (lets not get in to the bug details) I cant run apt-get update, upgrade remotely from the new VPC puppet client but I can connect to my puppetmaster(I have a script which takes care of that when a new system comes up), so what am looking for is that when I connect to puppetmaster only one module (ex: source.list) is pushed to the client which would allow me to change source.list file and hence I can do update/ upgrade and then client connects again to master to get all other modules(the connecting again part is already there). Is there a way to do it? Of course there's a way to do that... this is how I handle it. # cat manifests/nodes.pp # Note: this is what is installed on the first pass for a new puppet client node default { include apt ... irrelevant snip ... } # cat modules/apt/manifests/apt.pp class apt { include apt::updates package { apt: ensure = installed, } # Puppet maintained file /etc/apt/sources.list file{/etc/apt/sources.list: ensure = present, owner = root, group = root, mode= 0444, content = template(apt/sources.list.erb), require = Package[apt], notify = File[/etc/puppet/deployment_files/apt_update_initiator], } } # cat modules/apt/templates/sources.list.erb # This file is managed by puppet # # MANUAL EDITS OF THIS FILE WILL BE OVERWRITTEN! # deb http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename % main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename % main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename %-updates main restricted universe multiverse deb-src http://archive.ubuntu.com/ubuntu/ %= lsbdistcodename %-updates main restricted universe multiverse deb http://security.ubuntu.com/ubuntu %= lsbdistcodename %-security main restricted universe multiverse deb-src http://security.ubuntu.com/ubuntu %= lsbdistcodename %-security main restricted universe multiverse # deb http://archive.canonical.com/ %= lsbdistcodename % partner deb-src http://archive.canonical.com/ %= lsbdistcodename % partner # cat modules/apt/manifests/apt_updates.pp # apt::updates class # # Last update 07/20/2011 # # Craig White # # Maintains puppet deployment files executes apt updates/upgrades # # Causes clients to 'apt update', 'aptitude safe_upgrade' or 'aptitude full_upgrade' # merely by changing the appropriate file. On the client machine, this file is # in /etc/puppet/deployment_files directory. # # On the puppet master, the files that can be twiddled are in /etc/puppet/modules/apt/files # # I have been executing the 'date' command. Example... # # date /etc/puppet/modules/apt/files/apt_update_initiator which will cause all puppet # client systems to run 'apt-get update' at their next cycle. The plan is to implement # a cron script that does this automatically each day. # class apt::updates { include mod_puppet::deployment_files # Puppet maintained file /etc/puppet/deployment_files/apt_update_initiator file { /etc/puppet/deployment_files/apt_update_initiator: source = puppet:///modules/apt/apt_update_initiator, require = Class[mod_puppet::deployment_files], ensure = present, owner = root, group = root, mode= 0644, } exec { /usr/bin/aptitude update: refreshonly = true, subscribe = File[/etc/puppet/deployment_files/apt_update_initiator], } # Puppet maintained file /etc/puppet/deployment_files/apt_safe_upgrade_initiator file { /etc/puppet/deployment_files//apt_safe_upgrade_initiator: source = puppet:///modules/apt/apt_safe_upgrade_initiator, require = [ Class[mod_puppet::deployment_files], Exec[/usr/bin/aptitude update] ], ensure = present, owner = root, group = root, mode= 0644, } exec { /usr/bin/aptitude -y safe-upgrade: refreshonly = true, subscribe = File[/etc/puppet/deployment_files/apt_safe_upgrade_initiator], } # Puppet maintained file /etc/puppet/deployment_files/apt_full_upgrade_initiator file { /etc/puppet/deployment_files/apt_full_upgrade_initiator: source = puppet:///modules/apt/apt_full_upgrade_initiator, require = [ Class[mod_puppet::deployment_files], Exec[/usr/bin/aptitude update] ], ensure = present, owner = root, group = root, mode= 0644, } exec { /usr/bin/aptitude -y full-upgrade: refreshonly = true, subscribe = File[/etc/puppet/deployment_files/apt_full_upgrade_initiator], } } Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more
[Puppet Users] Re: troubles with require parametre
Hi is there any news on this topic, did you find a workaround? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/FZaXGxabmpcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] facter fails to detect network interfaces with long names
I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
Hi Alex, What happens when you run 'ip addr list' instead? ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Join us for PuppetConf, September 22nd and 23rd in Portland, OR: http://bit.ly/puppetconfsig; -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet installation and configuration (Master and Client)
On Sep 19, 1:40 pm, Jo Rhett jrh...@netconsonance.com wrote: On Sep 19, 2011, at 11:23 AM, Mr. E. wrote: I need latest documentation on how to install and configure Puppet master and Puppet client in CentOS environment. The CentOS version is 5.4 and Puppet version is 0.22.4. Puppet 0.22.4 is quite old. Why don't you enable epel-testing repo and get 2.6.6 from there? There is nothing unique about CentOS, fwiw. Any puppet installation instructions will apply to CentOS. I'm having problem with configuring between the Puppet master and Puppet client. The Puppet master is not seeing the CA certificate of the Puppet client. If you phrased that accurately, you're somewhere off the reservation. The puppet master *IS* the CA for the client's certificate in normal configuration. I suspect you phrased that wrong. Certificate problems are very common FAQ. Lots of pages about this. If you really can't find the answer online, post the exact error you are seeing. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness You can also enable the Puppetlabs yum repo. For CentOS 5 look here, http://yum.puppetlabs.com/el/5/products/. I have a brief writeup on how to build Puppet RPMs, and also have a link to download the 2.6.9 RPM which is the same as the one in that repo. Here, http://itscblog.tamu.edu/creating-your-own-puppet-rpms-part-1/ . - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
On Tue, Sep 20, 2011 at 06:50:25PM +0100, Ken Barber wrote: I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. It seems that they (and RHEL/Fedora) patched this long ago. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405521 Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). Luckily all my interface names under 15 chars length. ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet - Update a custom debian pkg
Hello folks, We're starting using Puppet in our production environment and now we're with some preformance issues. For example, we've some large(200MB) recursives directories for puppet's deploy, and that was totally inefficient. (Minimize recursive file serving: http://docs.puppetlabs.com/guides/scaling.html). So we made a test creating our custom debian package (.deb) for our files and libs. Doing that Puppet don't need to recursively check all the file's md5sum. And now we've this catalog : file { /tmp/my-custom.deb: ensure = present, source = puppet:///modules/test/deb/my-custom.deb, } package {my-custom: require = File['/tmp/my-custom.deb'], ensure = installed, source = /tmp/my-custom.deb, provider = dpkg, } That way, works great (less than 30 sec), but when updated our custom package puppet just copy the file and do not execute the dpkg to install. How can I achive this goal? And there is a best way to manage large files? Can someone indicate me some references of the best deployment practices (puppet+custom debian or something else) ? Best regards, Sidarta Oliveira -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] debugging new custom type
But to answer your question, vncservers file is a little different . . . there are two type of lines: 1. contains a space-separated list of port and usernames separated by colons, e.g.: VNCSERVERS=92:gmatz 44:wsmith 2. contains arguments to be supplied to vncserver, with port number acting as an aray index, e.g.: VNCSERVERARGS[92]=-geometry 1280x1024 VNCSERVERARGS[44]=-geometry 1280x1024 I was hoping to parse the vncserver config file using two different type of record_lines, one for each of the line types . . . thanks, guy On Mon, Sep 19, 2011 at 1:48 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Sep 15, 2011 at 04:22:45PM -0400, Guy Matz wrote: hi! Does anyone have any advice on debugging a new custom type? Any thoughts would be greatly appreciated . . . BTW, I'm getting the error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not render to pson: undefined method `merge' for []:Array with some very rough code. The Type (vncserver.rb): module Puppet newtype(:vncserver) do ensurable newproperty(:port) do [...] newproperty(:username) do [...] newproperty(:geometry) do [...] end The Provider (parsed.rb): [...] record_line :parsed, :fields = %w{vncservers}, :match = /^VNCSERVERS=(.*)/ end You have defined three properties (port, username, geometry) but your provider is not able to retrieve or write any of these properties. So how does a line in vncservers actually looks like? How can you get port, username and geometry of a certain vncserver? -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: qualified variables in templates
Use something like %= scope.lookupvar('hostname') % On Sep 20, 11:06 am, Arnau Bria arnaub...@pic.es wrote: Hi all, is there a way for qualifying variables inside a template? I've tried : Name = %= ${::hostname} % but the var gets ${::hostname} value. thinking in version 2.8, is it needed?http://docs.puppetlabs.com/guides/scope_and_puppet.htmlsays nothing about this... TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: qualified variables in templates
There's also more documentation on using puppet specific methods in templates at http://docs.puppetlabs.com/guides/templating.html On Tue, Sep 20, 2011 at 11:53 AM, Alessandro Franceschi a...@lab42.it wrote: Use something like %= scope.lookupvar('hostname') % On Sep 20, 11:06 am, Arnau Bria arnaub...@pic.es wrote: Hi all, is there a way for qualifying variables inside a template? I've tried : Name = %= ${::hostname} % but the var gets ${::hostname} value. thinking in version 2.8, is it needed? http://docs.puppetlabs.com/guides/scope_and_puppet.htmlsays nothing about this... TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Adrien Thebo Puppet Labs Operations adr...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet - Update a custom debian pkg
Use apt On Sep 20, 2011 11:24 AM, Sidarta sidarta...@gmail.com wrote: Hello folks, We're starting using Puppet in our production environment and now we're with some preformance issues. For example, we've some large(200MB) recursives directories for puppet's deploy, and that was totally inefficient. (Minimize recursive file serving: http://docs.puppetlabs.com/guides/scaling.html). So we made a test creating our custom debian package (.deb) for our files and libs. Doing that Puppet don't need to recursively check all the file's md5sum. And now we've this catalog : file { /tmp/my-custom.deb: ensure = present, source = puppet:///modules/test/deb/my-custom.deb, } package {my-custom: require = File['/tmp/my-custom.deb'], ensure = installed, source = /tmp/my-custom.deb, provider = dpkg, } That way, works great (less than 30 sec), but when updated our custom package puppet just copy the file and do not execute the dpkg to install. How can I achive this goal? And there is a best way to manage large files? Can someone indicate me some references of the best deployment practices (puppet+custom debian or something else) ? Best regards, Sidarta Oliveira -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Review of new type provider
Hello, I'm new to both Ruby and Puppet. Puppet is fantastic - loving it so far. I created a new type provider (of parsed file type) for modifying newsyslog.conf files and am hoping some folks would be willing to review it to make sure there are no glaring mistakes or perhaps some shortcuts or language features I've missed since I'm new to both. Any input would be welcome. Either email directly or just comment on the gist if it gets to be off topic: https://gist.github.com/1230749 How often do new types/providers make it into the base system? Should one pursue that avenue (or perhaps the puppet modules project?). Thanks for any assistence or guidance, - Jesse -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] facter fails to detect network interfaces with long names
All, I put in a request to have the gentoo bug reopened and see if we can apply the same patch that the other distributions used. Thanks, Matt On Tue, Sep 20, 2011 at 11:16 AM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:50:25PM +0100, Ken Barber wrote: I think this gives a little weight to this ticket for Facter then: http://projects.puppetlabs.com/issues/1346 Although - I don't see a 9 char limitation on Debian Wheezy. Not sure where that patch came from though. I wonder how many other distros suffer from this. It seems that they (and RHEL/Fedora) patched this long ago. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405521 Of slightly related interest - I do see a 15 character limit when using 'brctl addbr somelongnamefoo' to create a named interface - and that seems to exist for both ifconfig and ip addr when reading the interfaces. So I'm guessing 15 chars is the kernel limit or perhaps brctl limit :-). Luckily all my interface names under 15 chars length. ken. On Tue, Sep 20, 2011 at 6:31 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: On Tue, Sep 20, 2011 at 06:24:40PM +0100, Ken Barber wrote: Hi Alex, What happens when you run 'ip addr list' instead? It shows interface names properly and not truncated. ken. On Tue, Sep 20, 2011 at 6:20 PM, Alex L. Demidov alexeydemi...@gmail.com wrote: I have Gentoo host where `ifconfig -a` prints long interface names truncated to 9 chars (there is closed bug report [1]). Unfortunately, `facter` uses `ifconfig -a` output to get list of interface names and because of truncation it generates `interfaces` fact with incorrect interface names. Also it fails to retrieve individual interface information with following message for each interface with name myinterface: Device myinterfa does not exist. myinterfa: error fetching interface information: Device not found [1]: https://bugs.gentoo.org/show_bug.cgi?id=179920 -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Alex L. Demidov (ALD9-RIPE). http://alexeydemidov.com/ Freelance Consulting. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
Hi, Craig I know your meaning,but it seems not working. These are my steps: 1. Run puppetca --clean vmsz014 on the master to remove certificate. vmsz014 is the agent. 2. Rerun puppetd --test on the vmsz014 agent, but I still got the same err: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I guess there must be something wrong that can't be simply resolved by removing the old certificate. On Tue, Sep 20, 2011 at 11:40 PM, Craig White craig.wh...@ttiltd.comwrote: On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Custom the puppet CA settings
Hi Yunfeng, I implemented a ca that works with puppet. (including putting the right file into right places). Somewhere here: http://code.google.com/p/cloudcrv/source/browse/trunk/CRV/crv/model/centos5_puppet_clientmaker.py You might need to dig around a bit. But most of the stuff are in this file and the crvclient folder. Cheers, Yushu +-+ | Yushu Yao | Ph:1-510-486-4690 | | Lawrence Berkeley National Lab | Mailstop 50B-6222 | 1 Cyclotron Road | Berkeley CA 94720-8147 - USA +-+ On Tue, Sep 20, 2011 at 8:34 PM, Yunfeng Xu hyw...@gmail.com wrote: Hi, Craig I know your meaning,but it seems not working. These are my steps: 1. Run puppetca --clean vmsz014 on the master to remove certificate. vmsz014 is the agent. 2. Rerun puppetd --test on the vmsz014 agent, but I still got the same err: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key I guess there must be something wrong that can't be simply resolved by removing the old certificate. On Tue, Sep 20, 2011 at 11:40 PM, Craig White craig.wh...@ttiltd.comwrote: On Sep 20, 2011, at 3:32 AM, Yunfeng Xu wrote: Hi, I am trying to use my self-signed CA and certificates instead of the built-in CA.That is what I do: create a self-signed CA by openssll issue a certificate for puppet master by CA above then, add the private key files, ca files and pub key files into the folowing location(use the default values) on master server: localcacert hostprivkey hostcert hostpubkey cacert cakey capub Finally, I run 'puppet --test' on the agent,and get the error: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Is it possible to use customized CAs instead of the builtin CA?If answer is yes, did I miss some steps for the error above? Sorry for my bad English. your English is fine http://projects.puppetlabs.com/projects/1/wiki/Certificates_And_Security#Manual-CA-Configuration-optional short answer, yes, the problem you are having is described in the 'err' Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.