Re: [Puppet Users] can I use puppet for security configuration check in centos
On Sun, Nov 13, 2011 at 4:00 AM, modversion wrote: > hi all,can I use puppet for security configuration check in centos ? > 1.check the kernel version whether great than 2.8.18.237-1 or not. > 2.check the glibc,systemtap and udev version whether great than secure > version or not. > 3.check the php.ini whether set safe_mode to on or not. > 4.check the sshd_config whether set PermitRootLogin to no or not. > > If puppet can make it ,would you like to be kind enough to tell me > which class I should use? or which keyword I should search for. You might want to have a look at http://www.open-scap.org, and in particular the secstate tool, which is based on puppet. I never used it myself, and therefore I dont know whats its current state, but it might fit to your needs. Ohad > > Thank you very much ! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to use built-in resource in custom provider?
I'm trying to use the existing type: file in a custom provider. I've tried about every single thing I can find, and each way presents a different problem. Here's how it looks now: --- require 'puppet/file_serving/configuration' require 'puppet/file_serving/fileset' require 'puppet/type' require 'fileutils' Puppet::Type.type(:tmfile).provide(:pupfile) do def create @catalog.add_resource Puppet::Type.type(:file).new({ :name => @resource.value(:path), :path => @resource.value(:path), :source => @resource.value(:source), :ensure => 'present', }) @catalog.apply #def generate #Puppet::Type.type(:file).new(:path => resource[:path], :source => resource[:path], :ensure => 'present') #end end def destroy FileUtils.rm_rf resource[:path] end def exists? File.exists?(@resource[:path]) end end As you can see, another method I tried is commented out: Puppet::Type.type(:file).new(:path => resource[:path], :source => resource[:path], :ensure => 'present'). With this method, the puppet run actually succeeds and it says it created the resource. However, the file doesn't actually get created, and next run, it simply creates the resource again without error. However, the file is never there. With the current method (not commented out), I get: ".. ensure: change from absent to present failed: Could not set 'present on ensure: undefined method `add_resource' for nil:NilClass at .." I will admit that I'm pretty new at custom types and providers. I have researched as much as I can but can't really find any clear documentation on how to do this. Any ideas/suggestions would be greatly appreciated! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] can I use puppet for security configuration check in centos
hi all,can I use puppet for security configuration check in centos ? 1.check the kernel version whether great than 2.8.18.237-1 or not. 2.check the glibc,systemtap and udev version whether great than secure version or not. 3.check the php.ini whether set safe_mode to on or not. 4.check the sshd_config whether set PermitRootLogin to no or not. If puppet can make it ,would you like to be kind enough to tell me which class I should use? or which keyword I should search for. Thank you very much ! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet in a bash script
Hello, I'm using puppet via a bash script when I spin up a machine to configure it. I'd like to restart the instance after puppet's run is complete. In my bash script I have: puppet agent --test shutdown -r now Puppet runs to completion, but "shutdown -r now" never executes. I'm not sure why not - these are the last two lines in my bash script and everything else executes successfully. Any help would be greatly appreciated. -Harish -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/LRQu7aiD9q8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Need a second set of eyes... cannot find a class..
Try removing the hyphen from the class name. If that fixes it then you've hit this: http://projects.puppetlabs.com/issues/5268 On Nov 12, 2011 3:14 PM, "Peter Berghold" wrote: > > In one of my modules I have the following : > > postfix/ >manifests/ > conf.pp > conf/access-all.pp > (as well as the obligatory init.pp and a few others) > > and the access-all.pp file contains: > > class postfix::conf::access-all inherits postfix::conf { > $hosts = $all_hosts > $domains = $all_domains > $ips = $all_ips > > @file { > postfix-access-file: > path => "/etc/postfix/access", > owner => root, group => root, mode => 0644, > content => template("postfix/templates/access.erb"), > notify => Exec[ hash-access] > } > exec { > hash-access: > path=>"/usr/bin:/usr/sbin:/usr/local/bin:/bin:/sbin", > cwd => "/etc/postfix", > command => "postmap access" > } > realize File[postfix-access-file] > > } > > > and yet when I run puppetd on my configured host: > > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Could not find class postfix::conf::access-all for > chicweb0.chi.sharkrivertech.com at > /etc/puppet/manifests/nodes/chicweb0.pp:2 on node > chicweb0.chi.sharkrivertech.com > > Can anybody spot anything I'm fat fingering? > > > -- > Peter L. Berghold > Owner, Shark River Technical Solutions LLC > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How does puppet copy files?
On Sun, Nov 13, 2011 at 02:59:45AM -0800, Dmitry wrote: > > > On Nov 11, 9:46 pm, Peter Meier wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > > When agent notices that master.passwd should be refreshed, how > > > exactly does copy process happen? Is it atomic (e.g. fetch to some > > > temp filename on local filesystem and then rename)? > > > > it does it this way. > > > > Okay, thanks. > > Imagine now that I want to update several config files related to each > other. > It would be error to update some of them and leave others in older > state. > So I want either all of them to be refreshed, or, if disk is full, to > keep all them untouched. > > How can I accomplish this? Have an exec or custom function checking for a full disk, with the file refreshes depending on that exec. On the other hand, you should already be monitoring for full or filling disks, and have alerting or remediative action available. > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Incorrect "architecture" fact value during catalog run
On Sunday, November 13, 2011 4:12:51 AM UTC+4, R.I. Pienaar wrote: > > - Original Message - > > Could you get the versions of facter in > > /usr/lib/ruby/vendor_ruby/facter.rb and > > /usr/lib/vservers/*/usr/lib/ruby/1.8/facter.rb and see if they > > differ? > > > Not been following this thread but this kind of wrong facts was > previously observed under heavily loaded webrick based installs. > > What web server are you using? > Yes, I'm using WEBrick, but my setup is very far from heavy load. I have only 4 servers under Puppet control. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0lThruNGYFYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Incorrect "architecture" fact value during catalog run
On Sunday, November 13, 2011 4:08:37 AM UTC+4, Adrien Thebo wrote: > > Could you get the versions of facter in > /usr/lib/ruby/vendor_ruby/facter.rb and > 1.6.2 > /usr/lib/vservers/*/usr/lib/ruby/1.8/facter.rb and see if they differ? Old (1.5.x), but these are old vservers, not in use. I can safely remove them, but I doubt it will help. > On Fri, Nov 11, 2011 at 11:01 PM, Alexander Azarov > wrote: > > No problems, I've isolated the part of manifest that depends on > > "architecture", so everything works through a hack right now. > > > > # find / -name architecture.rb > > /usr/lib/ruby/vendor_ruby/facter/architecture.rb > > /var/lib/vservers/worker/usr/lib/ruby/1.8/facter/architecture.rb > > /var/lib/vservers/mongo/usr/lib/ruby/1.8/facter/architecture.rb > > > > > > On Friday, November 11, 2011 11:07:42 PM UTC+4, Adrien Thebo wrote: > >> > >> Sorry for the slow response on this, it's been a chaotic few days. I'm > >> still very baffled by this. Could you do something like `find / -name > >> 'architecture.rb'` to see if there's any way there could be another > >> fact definition for this? Although at this point I'm starting to > >> suspect bogons. > >> > >> On Fri, Nov 4, 2011 at 1:53 PM, Alexander Azarov > wrote: > >> > Yes, I had an idea I have different versions and simply searched the > >> > system > >> > for different RubyGems installations.. for no result. I have the only > >> > one. > >> > > >> > Here it is the output you requested: > >> > > >> > r3:/var/log# facter --puppet | grep '\(archit\|facterv\|operatings\)' > >> > architecture => amd64 > >> > facterversion => 1.6.2 > >> > operatingsystem => Debian > >> > operatingsystemrelease => 6.0.3 > >> > > >> > > >> > > >> > r3:/var/log# facter | grep '\(archit\|facterv\|operatings\)' > >> > architecture => amd64 > >> > facterversion => 1.6.2 > >> > operatingsystem => Debian > >> > operatingsystemrelease => 6.0.3 > >> > > >> > > >> > r3:/var/log# puppet agent --test > >> > ... > >> > notice: operatingsystem: Debian facterversion: 1.6.2 architecture: > >> > x86_64 > >> > notice: /Stage[main]/Nginx/Notify[operatingsystem: Debian > facterversion: > >> > 1.6.2 architecture: x86_64]/message: defined 'message' as > >> > 'operatingsystem: > >> > Debian facterversion: 1.6.2 architecture: x86_64' > >> > > >> > > >> > On Friday, November 4, 2011 11:34:19 PM UTC+4, Adrien Thebo wrote: > >> >> > >> >> Okay, that's seriously weird. The only thing that comes to mind is > >> >> that running facter on the command line is using one version of > >> >> facter, and puppet's using another. Could you post the output of > >> >> facter and puppet with the architecture, operatingsystem, and > >> >> facterversion facts? > >> >> > >> >> On Thu, Nov 3, 2011 at 10:25 PM, Alexander Azarov > >> >> wrote: > >> >> > > >> >> > > >> >> > On Thursday, November 3, 2011 8:27:01 PM UTC+4, Adrien Thebo wrote: > >> >> >> > >> >> >> Could you post the operatingsystem fact alongside the architecture > >> >> >> fact for facter by itself, and then the facts as presented by > >> >> >> puppet? > >> >> > > >> >> > r3:/var/log# facter | grep -e '\(operatingsys\|architec\)' > >> >> > architecture => amd64 > >> >> > operatingsystem => Debian > >> >> > operatingsystemrelease => 6.0.3 > >> >> > > >> >> > r3:/var/log# puppet agent --test > >> >> > > >> >> > notice: operatingsystem='Debian' architecture='x86_64' > >> >> > notice: /Stage[main]/Nginx/Notify[operatingsystem='Debian' > >> >> > architecture='x86_64']/message: defined 'message' as > >> >> > 'operatingsystem='Debian' architecture='x86_64'' > >> >> > > >> >> > > >> >> >> > >> >> >> On Mon, Oct 31, 2011 at 11:33 AM, Alexander Azarov > >> >> >> > >> >> >> wrote: > >> >> >> > The simplest default, that is WEBrick I guess. > >> >> >> > > >> >> >> > On Monday, October 31, 2011 10:28:12 PM UTC+4, Adrien Thebo > wrote: > >> >> >> >> > >> >> >> >> Just as a curiosity, what web server are you using for your > >> >> >> >> puppet > >> >> >> >> master? > >> >> >> >> > >> >> >> >> On Mon, Oct 31, 2011 at 10:55 AM, Alexander Azarov > >> >> >> >> > >> >> >> >> wrote: > >> >> >> >> > This is Debian 6.0.3 > >> >> >> >> > > >> >> >> >> > On Monday, October 31, 2011 8:43:50 PM UTC+4, Adrien Thebo > >> >> >> >> > wrote: > >> >> >> >> >> > >> >> >> >> >> What operating system is this? I'm looking at the > >> >> >> >> >> documentation > >> >> >> >> >> for > >> >> >> >> >> the architecture fact, and theres this: > >> >> >> >> >> > >> >> >> >> >> # Resolution: > >> >> >> >> >> # On OpenBSD, Linux and Debian's kfreebsd, use the > >> >> >> >> >> hardwaremodel > >> >> >> >> >> fact. > >> >> >> >> >> # Gentoo and Debian call "x86_86" "amd64". > >> >> >> >> >> # Gentoo also calls "i386" "x86". > >> >> >> >> >> > >> >> >> >> >> On Mon, Oct 31, 2011 at 9:25 AM, Alexander Azarov > >> >> >> >> >> > >> >> >> >> >> wrote: > >> >> >> >> >> > Hi all, > >> >> >> >> >> > > >> >> >> >> >> > Can you help me diagnose a problem please? > >> >> >> >> >> > > >>
[Puppet Users] Dashboard not working (406 Not Acceptable)
Hi all, I've created a replication of my puppet environment in order to set it up in a new location. I've created an exact replication of my master server which is running the puppet master, dashboard server, and mysql. Everything is working fine except for the dashboard. The master is configured to send reports to dashboard and indeed is sending them, but looking at production.log in dashboard I see this: Processing ReportsController#upload (for 127.0.0.1 at 2011-11-13 12:43:26) [POST] Parameters: {"action"=>"upload", "controller"=>"reports"} Completed in 1ms (View: 0, DB: 0) | 406 Not Acceptable [http://localhost/reports/upload] For every attempt of the master to send a report. This is a working configuration so I guess I missed something when I changed the setting of the new server, any idea what might be wrong here? puppet master configuration: [master] storeconfigs = true dbadapter = mysql dbuser = ... dbpassword = ... dbserver = localhost dbsocket = /var/run/mysqld/mysqld.sock reports = store, http reporturl = http://localhost:3000/reports/upload Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/mGPKjqlxWY0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How does puppet copy files?
On Nov 11, 9:46 pm, Peter Meier wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > When agent notices that master.passwd should be refreshed, how > > exactly does copy process happen? Is it atomic (e.g. fetch to some > > temp filename on local filesystem and then rename)? > > it does it this way. > Okay, thanks. Imagine now that I want to update several config files related to each other. It would be error to update some of them and leave others in older state. So I want either all of them to be refreshed, or, if disk is full, to keep all them untouched. How can I accomplish this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.