Re: [Puppet Users] Uninstall Puppet and Facter from OSX
On 11/28/11 5:59 PM, Nigel Kersten wrote: You should, yes. I'd actually suggest the best thing to do is to run conf/osx/createpackage.sh to generate a proper Mac pkg out of the tarball. That will do some extra things like set up the right directory ownership for you. The previous install.rb install should have put files into: /usr/lib/ruby/site_ruby/1.8/puppet* /usr/bin/puppet* /usr/bin/filebucket /usr/bin/pi /usr/bin/ralsh /usr/sbin/puppet* and removing all those should effectively remove the install. Thanks Nigel, I've followed your suggestion and now I'm running puppet v2.7.6 installed via gem PS I wasn't able to find the createpackage.sh script you suggested though -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to create a oracle 11g database through puppet module
You can use the exec type to execute commands: http://docs.puppetlabs.com/references/stable/type.html#exec On Nov 28, 12:25 pm, Nani anjankumar.mad...@gmail.com wrote: Hi This is Anjan and I am creating a module to create a database for oracle 11g. I have a problem to execute a cmd ie sqlplus /as sysdba @/home/oracle/cr_$dbn Please tell how to exucute the above cmds through puppet module. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] All nodes inherits default except for one module
Den 2011-11-24 12:07, Denmat skrev:
Hi,
You might want to try something like:
node default {
if $hostname != 'nameserver' {
include resolve.conf
}
Thanks. It is also quite easy to get an overview of which modules one
server gets
1. Look at the particular node
2. Look at the default node
--
Venlig hilsen
Hans Schou
tel:46923438
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Skipped schedule resources in reports
i met this problem too, and also don't know why some resource's type turned into Schedule, are there someone can give me a reason? On Tue, Sep 6, 2011 at 10:21 PM, Greg Sutcliffe greg.sutcli...@gmail.comwrote: Hi all, Since upgrading a few test machines from 2.6.7 to 2.7.3, I've noticed something slightly odd. Every single run reports 6 skipped resources, yet the reports are empty - they only state the execution time as per usual). On digging further it seems that the auto-generated Schedule resources (type/schedule.rb, line 307) are the entities being skipped, presumably because I'm not using them in any of my manifests. This is leading to a lot of reports with spurious data in them - since I don't use schedules, why should I care that Puppet skipped the default ones? This wouldn't be an issue, but I'm processing the reports and producing emails which summarize activity in the last hour, so for every 2.7.3 node, I'm seeing 12 skipped resources per hour, which is noise that swamps the real data of resources that have changed for good reason. Is there a way to disable these default schedules, or the reporting of them? I tried --ignoreschedules on the commandline, but I get the impression that this causes other resources to run outside their normal schedule, rather than disabling the schedules themselves. As a hack, I added return Array.new to the self.mkdefaultschedules listed above, which stops the resources being generated, but this seems an ugly hack, and one I seem to have to make on every node. Is there a better way? Regards, Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KUcUT4hu148J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- System Administrator, Focus on System Management and Basic Development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Skipped schedule resources in reports
oh, i make a mistake, the schedule resources are not turned from other resources, they are created by default. my puppet is 2.7.6 On Tue, Nov 29, 2011 at 5:49 PM, flex frostyn...@gmail.com wrote: i met this problem too, and also don't know why some resource's type turned into Schedule, are there someone can give me a reason? On Tue, Sep 6, 2011 at 10:21 PM, Greg Sutcliffe greg.sutcli...@gmail.comwrote: Hi all, Since upgrading a few test machines from 2.6.7 to 2.7.3, I've noticed something slightly odd. Every single run reports 6 skipped resources, yet the reports are empty - they only state the execution time as per usual). On digging further it seems that the auto-generated Schedule resources (type/schedule.rb, line 307) are the entities being skipped, presumably because I'm not using them in any of my manifests. This is leading to a lot of reports with spurious data in them - since I don't use schedules, why should I care that Puppet skipped the default ones? This wouldn't be an issue, but I'm processing the reports and producing emails which summarize activity in the last hour, so for every 2.7.3 node, I'm seeing 12 skipped resources per hour, which is noise that swamps the real data of resources that have changed for good reason. Is there a way to disable these default schedules, or the reporting of them? I tried --ignoreschedules on the commandline, but I get the impression that this causes other resources to run outside their normal schedule, rather than disabling the schedules themselves. As a hack, I added return Array.new to the self.mkdefaultschedules listed above, which stops the resources being generated, but this seems an ugly hack, and one I seem to have to make on every node. Is there a better way? Regards, Greg -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KUcUT4hu148J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- System Administrator, Focus on System Management and Basic Development -- System Administrator, Focus on System Management and Basic Development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Using puppet+augeas to modify multiple files
Hi Graham,
On Nov 28, 9:17 am, Graham Leggett minf...@sharp.fm wrote:
On 27 Nov 2011, at 20:04, Graham Leggett wrote:
I have a task to convince puppet and augeas to modify multiple postfix
files, most specifically /etc/postfix/main.cf and /etc/postifx/
acceptdomains.cf (and other LDAP related files), and I'm struggling to
find out how to do that. I have found examples on how to use augeas to
modify just one file at a time, but no information seems to be
available when multiple files are involved.
I started with the config published here, and have no idea what to
change to convince puppet+augeas to edit both /etc/postfix/main.cf
and /etc/postfix/acceptdomains.cf at the same time:
https://github.com/camptocamp/puppet-postfix/blob/master/manifests/co...
Does anyone have a sample configuration on how you would modify
multiple files at once, or have a clue on where to start?
Answering my own question, I've discovered that augeas doesn't support
multiple files at all without a custom lens being created to support it.
It sure does. Once Augeas maps all the files it knows about to the
tree, you can manipulate them altogether. In fact, you don't even have
to care about files, since you're manipulating a single tree which
contains them all.
For this reason, you can actually modify multiple files with a single
command.
Or to declare it more accurately, augeas only knows about specific files
defined in specific locations, it has no concept of a general file in a
general location that you might want to apply a lens to.
I'm not sure to understand what you mean there. Can you be specific
about your need?
I eventually worked around the issue by making a custom lens copied from the
augeas postfix_main.aug lens that listed the extra ldap templates as matching
a wildcard, at this point augeas started working correctly.
Are there standard loading paths missing from postfix_main.aug? In
this case, I'd be happy to add them so everybody can benefit from it.
Something else I discovered is that augeas has no error handling of any kind
- if it doesn't recognise a file as matching one of the predetermined
locations built into the lens, it will silently ignore the file, and not tell
you why.
If Augeas fails to load a file it knows about, it reports the errors
in /augeas/files/${file_path}/error, so you can list all the errors
generated by Augeas with a `print /augeas//error`.
Cheers,
Raphaël
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is it possible to conditionally replace a file ?
On 28.11.2011, at 19:18, Stefan Schulte wrote:
[...]
Thanks for responding.
I agree, globally customizing the defaults is one way to go, but I am
shooting for the second option.
If you do not want the gobal defaults copied why are you using
managehome = true?
If you really have to go this awkward path you can create a conditional
exec resoure that removes the dotfiles if they are equal to the skel files
so puppet will copy the correct files again. (fileresources with replace
= false)
A second solution is to create a custom fact that tells you if puppet
should manage the dotfiles and wrap your fileresources in an if-clause
(fileresources with replace = true)
-Stefan
We have another usecase for conditional file replacement:
if a developer would like to forbid any puppet changes on a certain file he
creates a flagfile $name.nopuppet
instead of normal file resource we use a parameterized define:
define configfile ($source) {
exec { check_${name}:
command = '/usr/bin/true',
unless = /usr/bin/test -e ${name}.nopuppet,
}
file { $name:
source = $source,
requires = Exec[check_${name}],
}
}
we then use this define on certain files.
e.g.
configfile { /etc/apache2/apache2.conf: source =
puppet:///modules/apache2/apache2.conf }
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Which package repository for puppet installation (rh/centos) ?
Hello, For some time I have been looking for some solution to manage more then a few servers. After some time of searching puppet became by choice :-) I'd like to deploy it on some testing servers (RH/Centos). Which repository would you recommend to use as a source of puppet packages ? I guess that EPEL has newer packages then standard RH/Centos repositories. But if I use EPEL does it invoke many changes in standard RH/Centos packages related to packages dependencies ? I am considering EPEL or yum.puppetlabs.com repositories (what is a difference between them ?). Best regards -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Setup Difficulty With SuSE
Oh where to begin? I work for a company that has not taken our Linux or Unix server configuration management very seriously. We are primarily a Windows shop but long story short upper-management has taken the advice of our Windows Server admins and purchased BigFix which is now IBM Tivoli Endpoint Management (TEM). I have tried for over a month to get one of my SuSE Linux Enterprise Server (SLES) 11 patched using TEM when I discovered a bug with their client. It took over 5 hours to apply 30 patches. Performing this task manually, could have been accomplished in under 15 - 30 minutes. I was trying to get buy in to abandon TEM for our SLES servers but was told to make TEM work and just do the patching manual until IBM corrects the client bug. IBM doesn't have an ETA for my APAR which is their bug report, I guess. The price for Puppet Enterprise was reasonable and far less expensive than TEM so I am thinking about getting Puppet installed, non-Enterprise version, to really show upper- management how superior this tool is. I've seen a couple webinar sessions of the new PE 2.0 version and wondered if this can all be accomplished with the community version. Also, anyone have any good step-by-step guides to get Puppet up and running, the community version? I understand that PE 2.0 does all the installation and configurations and provides a very easy to use GUI. I am a new user to Puppet but read many articles and it sounds like the tool to use to manage the SLES servers. I just don't know where to begin. What is the average time for a user to get Puppet community edition up and running? Thanks in advanced! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Artifactory Module
I want to use Puppet to fetch artifacts from Artifactory, deploy them and start the required services. How do I achieve it? I did not find any documentation or demo on this. Regards, Pranav -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could find template at /modules/modules name/templates
Hi, I have a problem. I have a modules name emacs. Under /modules/emacs, I have: - templates - files - manifests I cannot use template file from templates folder, It's say cold not find template ... But when I place the template file in $templatedir folder, everything works well. How can I solve this problem? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Host home directory from Puppetmaster if users exists
Thanks for your reply. The files are user-specific, so the suggested approach will not work very well. But it's a neat solution for generic files. Kenneth On Fri, Nov 25, 2011 at 12:10 PM, Richard Clark n...@fohnet.co.uk wrote: On Fri, Nov 25, 2011 at 08:53:43AM +0100, Kenneth Holter wrote: Hi all, When our LDAP users log into a server for the first time, PAM creates their home directory. We use Puppet to define which groups of users (i.e. LDAP groups) than may log into the server, by setting a parameter ldap_allowed_users in Puppet Dashboard for the specific server. Our ldap_allowed_users is a string than may contain multiple groups such as linuxadmins oracleadmins networkadmins. Now, what I'd like to get working is having puppet host some of the users' home directory files such as .bash_profile. So for example if Puppet could start hosting those files for users that have access to the server that would be great. Puppet could either extract the users names based on the groups listed in ldap_allowed_users, or based on the existance of their home directories. The latter would cause a (small) delay from the users logs in the first time to puppet starts hosting the files, but I'm pretty sure our users would be ok with that. So, does anyone have a idea as to how to get kind of thing working? Best regards, Kenneth Holter If it's just generic files and not user-specific: Have puppet manage those files in /etc/skel, the contents of which is used to populate new home directories created my pam_mkhomedir. -- Richard Clark rich...@fohnet.co.uk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk7Pd6AACgkQp6c03gd+P793AQCcCgTkPfHgfavnMefzQ3KmLIAW Ms0AnRmRZmbGX0ZP17rTVgzpql3DVlaA =jrjG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could find template at /modules/modules name/templates
Hi, On 29.11.2011, at 09:56, Diep Pham Van wrote: Hi, I have a problem. I have a modules name emacs. Under /modules/emacs, I have: - templates - files - manifests I cannot use template file from templates folder, It's say cold not find template ... But when I place the template file in $templatedir folder, everything works well. within modules you have to use special path when using templates: e.g. content = template (emacs/template.erb) Do you have modulepath configured in puppet.conf? Also have a look on the wiki: http://projects.puppetlabs.com/projects/1/wiki/Puppet_Modules Kind regards, Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Which package repository for puppet installation (rh/centos) ?
Hello, If you're not managing your own repositories for your own RPMs then second best is the Puppet Labs repo - it will have the latest versions with all the latest bug fixes and features. I'm fairly certain you will need EPEL anyway this for some of the Ruby dependencies (ruby-shadow, ruby-augeas, etc). In answer to your question about dependencies: No. EPEL should not replace any packages in base RHEL/CentOS - they are extra software that hasn't made it into the mainline (yet). For your third question, the difference between EPEL and Puppetlabs Repo: EPEL contains a host of extra packages for RHEL/CentOS whereas Puppetlabs Repos will only be for Puppet Labs products. The Puppet Labs repos are generally very fast (you can get an RPM for the latest release in a few days). I'd expect EPEL to be slower, however I know people have been trying to push Puppet into EPEL faster and faster so how far behind the Puppet releases it is I don't know. -Luke On 29/11/11 11:43, seamie wrote: Hello, For some time I have been looking for some solution to manage more then a few servers. After some time of searching puppet became by choice :-) I'd like to deploy it on some testing servers (RH/Centos). Which repository would you recommend to use as a source of puppet packages ? I guess that EPEL has newer packages then standard RH/Centos repositories. But if I use EPEL does it invoke many changes in standard RH/Centos packages related to packages dependencies ? I am considering EPEL or yum.puppetlabs.com repositories (what is a difference between them ?). Best regards -- Luke Bigum Information Systems +44 (0) 20 3192 2520 luke.bi...@lmax.com | http://www.lmax.com LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] ensure = file, creating directories
Hi all,
Recently upgraded one of our puppet servers from 2.6.4 to 2.7.5, and
we're noticing some rather odd behaviour.
What's always traditionally worked for creating ini files and the
like, is now creating directories instead of files (indeed, replacing
my existing files with directories, which had some rather catastrophic
consequences for the poor poor test systems).
Even when hard coding ensure = file, instead of a passing a
parameter... it creates a directory.
The type parameter just doesn't seem to be doing as it's told. Roll
back to previous version of puppet server, it's all happy again
(though it can't convert the directory back to a file, but that'll be
a separate issue entirely).
Anybody have any clues as where else would be worth looking in trying
to resolve this?
relevant section of files:
file { $name:
name = ${path}${name},
mode = $mode,
owner = $owner,
group = $group,
backup = $backup,
recurse = $recurse,
ensure = $ensure,
source = [
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$fqdn,
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$operatingsystem,
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$default,
puppet://puppet/modules/standalone-configs/$folder/$name-$fqdn,
puppet://puppet/modules/standalone-configs/$folder/$name-
$operatingsystem,
puppet://puppet/modules/standalone-configs/$folder/$name-default
],
notify = $notify
Thanks!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
AW: [Puppet Users] Puppet Setup Difficulty With SuSE
I recently set up our CI system using two Puppet masters and some 50 Puppet agents. If you follow some installation instruction it will not take longer than a day for having set up your first Puppet master and some agents. Once this is done the actual work starts: * create/configure the Puppet modules * add more nodes to Puppet * establish monitoring (Icinga/Puppet processes) * analyze/fix errors * ... For our system with two Puppet masters, some 50 nodes and one Icinga host monitoring everything, it took me about two months to have all set up and stable running. This may give you a hint of how long it would take for you. If you want to see some details of what I've done or what may happen when setting up a Puppet system, you may want to have a look at some articles in my blog https://berndadamowicz.wordpress.com or of course the Puppet documentation. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von jkinning Gesendet: Dienstag, 29. November 2011 03:13 An: Puppet Users Betreff: [Puppet Users] Puppet Setup Difficulty With SuSE Oh where to begin? I work for a company that has not taken our Linux or Unix server configuration management very seriously. We are primarily a Windows shop but long story short upper-management has taken the advice of our Windows Server admins and purchased BigFix which is now IBM Tivoli Endpoint Management (TEM). I have tried for over a month to get one of my SuSE Linux Enterprise Server (SLES) 11 patched using TEM when I discovered a bug with their client. It took over 5 hours to apply 30 patches. Performing this task manually, could have been accomplished in under 15 - 30 minutes. I was trying to get buy in to abandon TEM for our SLES servers but was told to make TEM work and just do the patching manual until IBM corrects the client bug. IBM doesn't have an ETA for my APAR which is their bug report, I guess. The price for Puppet Enterprise was reasonable and far less expensive than TEM so I am thinking about getting Puppet installed, non-Enterprise version, to really show upper- management how superior this tool is. I've seen a couple webinar sessions of the new PE 2.0 version and wondered if this can all be accomplished with the community version. Also, anyone have any good step-by-step guides to get Puppet up and running, the community version? I understand that PE 2.0 does all the installation and configurations and provides a very easy to use GUI. I am a new user to Puppet but read many articles and it sounds like the tool to use to manage the SLES servers. I just don't know where to begin. What is the average time for a user to get Puppet community edition up and running? Thanks in advanced! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Which package repository for puppet installation (rh/centos) ?
On Tue, Nov 29, 2011 at 6:43 AM, seamie mail...@gmail.com wrote: But if I use EPEL does it invoke many changes in standard RH/Centos packages related to packages dependencies ? I am considering EPEL or yum.puppetlabs.com repositories (what is a difference between them ?). Hi, I've adopted the practice of using gem to install puppet and facter on my systems. Most of the yum repositories that I was looking at were several revs behind in what version of puppet they had. Just my US$0.02 worth... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ensure = file, creating directories
On Tue, Nov 29, 2011 at 2:06 PM, jasper.hargrea...@m-w.co.uk
jasper.hargrea...@m-w.co.uk wrote:
Hi all,
Recently upgraded one of our puppet servers from 2.6.4 to 2.7.5, and
we're noticing some rather odd behaviour.
What's always traditionally worked for creating ini files and the
like, is now creating directories instead of files (indeed, replacing
my existing files with directories, which had some rather catastrophic
consequences for the poor poor test systems).
Even when hard coding ensure = file, instead of a passing a
parameter... it creates a directory.
The type parameter just doesn't seem to be doing as it's told. Roll
back to previous version of puppet server, it's all happy again
(though it can't convert the directory back to a file, but that'll be
a separate issue entirely).
Anybody have any clues as where else would be worth looking in trying
to resolve this?
relevant section of files:
file { $name:
name = ${path}${name},
mode = $mode,
owner = $owner,
group = $group,
backup = $backup,
recurse = $recurse,
ensure = $ensure,
source = [
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$fqdn,
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$operatingsystem,
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$default,
puppet://puppet/modules/standalone-configs/$folder/$name-$fqdn,
puppet://puppet/modules/standalone-configs/$folder/$name-
$operatingsystem,
puppet://puppet/modules/standalone-configs/$folder/$name-default
],
notify = $notify
I can't say for sure, but a few things to help you troubleshoot. On
the master run puppet master --compile $hostname and compare the
output for the file resource in 2.6 v.s. 2.7. Here's a simple example:
{
exported: false,
line: 21,
title: /tmp/sample,
parameters: {
ensure: file
},
...
type: File,
file: /etc/puppet/manifests/site.pp
},
So the first thing is making sure they are the same, the second is
write a test manifests with all your attributes on the 2.7 system and
see how it behaves:
file { /path/to/file:
ensure = file,
...
source = [...],
}
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Uninstall Puppet and Facter from OSX
On Tue, Nov 29, 2011 at 8:53 AM, Alexander Fortin alexander.for...@gmail.com wrote: On 11/28/11 5:59 PM, Nigel Kersten wrote: You should, yes. I'd actually suggest the best thing to do is to run conf/osx/createpackage.sh to generate a proper Mac pkg out of the tarball. That will do some extra things like set up the right directory ownership for you. The previous install.rb install should have put files into: /usr/lib/ruby/site_ruby/1.8/puppet* /usr/bin/puppet* /usr/bin/filebucket /usr/bin/pi /usr/bin/ralsh /usr/sbin/puppet* and removing all those should effectively remove the install. Thanks Nigel, I've followed your suggestion and now I'm running puppet v2.7.6 installed via gem PS I wasn't able to find the createpackage.sh script you suggested though https://github.com/puppetlabs/puppet/tree/master/conf/osx HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dynamic configuration file
On Tue, Nov 29, 2011 at 4:23 AM, Gonzalo Servat gser...@gmail.com wrote:
Hi All,
We use a package called Torque Scheduler which is based on a configuration
file that defines nodes, the queues they handle, how many slots, etc. The
config file format is similar to:
unlimited node1 node2 ... nodeN
node node1 load slots queue1:priority queue2:priority ...
queueN:priority
node node2 load slots queue1:priority queue2:priority ...
queueN:priority
...
node nodeN load slots queue1:priority queue2:priority ...
queueN:priority
(a node may or may not be listed as unlimited)
We would normally store this file as-is in Puppet and push it out using file
{}, but I'd like to Puppetize it. Ideally, I'd like to be able to do the
following:
node { node1:
unlimited = true,
load = XX,
slots = XX,
queues = {
queue1 = 80,
queue2 = 20,
queueN = XX
}
}
So basically to build the config file, I'd have to process all the nodes and
where unlimited is true, add to the unlimited line.
I know what I want the config file to look like, but I'm not sure how to
achieve this in Puppet. Does this sound like a job for a custom Puppet
provider? I can't figure out how I would build the unlimited line over
time.
Can anyone suggest a module that does something similar to this so I can get
some ideas flowing?
Just write the files on the master via generate function. Let's say we
store all this in:
/etc/puppet/data/torq.d
class torq::store (
$unlimited = true,
$slots,
...
) {
if $unlimited {
# write a file to /etc/puppet/data/torq.d/${hostname}
# node node1 load slots queue1:priority queue2:priority
generate(' ... ')
}
}
class torq::load {
file { '/etc/torq.conf':
content = template('torq/torq.conf.erb')
}
}
torq.conf.erb template
unlimited %= Dir.glob('/etc/puppet/data/torq.d/*').join(' ')
# include each file in the directory below here:
...
Thanks,
Nan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] ensure = file, creating directories
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 29/11/11 14:06, jasper.hargrea...@m-w.co.uk wrote:
Hi all,
Recently upgraded one of our puppet servers from 2.6.4 to 2.7.5, and
puppet://puppet/modules/standalone-configs/$folder/$name-$type-
$fqdn,
Try
puppet://puppet/modules/standalone-configs/${folder}/${name}-${type}-${fqdn},
See http://projects.puppetlabs.com/issues/10146
I don't know if that will fix your directories issue, but it can't hurt
and shouldn't break even if you downgrade I think.
- --
Russell Howe
rh...@moonfruit.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJO1R7gAAoJEJ2trZuuThLOUVUH/iMg+hNS18hrOtqx9+4NGlp4
1BJP4iWchjsdX3RCaj6jjJMnVFwwJ1UG8yJyS9+7WspjGnsQlZ04nBPz5JsLB9/H
T3y4+2NdRvXTQeDctE4u9e3N330FSlRxvYp6A3NHjfldjX7zn6AQj6JYRedxq9NF
afz0F5cSZYqkZ+gffcOhWwQS7ZxyPMD0XsgWftpA+G402GgZca2ZO8yIdb79iQlD
Y3fuW4wH2CU+KUFDAcAEdqhN7NgChrUFJYAJpLeZ5EdZdznZFk9mQbyMfSZwvgxk
sEShQTvYo1ft7EEQnBgCRSen2LwzQSIWAPeffxR/TajkJYHEnoSLEFCyWVZmdyw=
=07Ph
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet does not connect to ldap at secure port because of ssl certificate signed by cacert.org
Hi Den, Sure I can provide the debug information as well, though I could see nothing much. I concatenated cacert's root.crt and class3.crt to /var/lib/puppet/ssl/ ca/ca_crt.pem. That did not help me. In the next post I provide my debug information i.e the output of: puppetmasterd --no-daemonize --verbose --debug Kindly let me know if you want to see the output of any other commands as well. I'll provide those too. --- Thanks Ganesh On Nov 29, 2:51 am, Denmat tu2bg...@gmail.com wrote: Hi, Can you provide any debug information? If you say it was working, can you think of any change that might have contributed? The only other thing I can think of without looking at the code would be to append the cacert.org ca to thepuppetca and see if that helps. Logs onLDAPmight also point to clue. Den On 29/11/2011, at 6:31, Ganesh Sharma worldiswelc...@gmail.com wrote: Let me ask my question more specifically: How canpuppettrustthe certificate presented by myldapserver which is signed by cacerts.org? If I am able to do that somehow, my problem can be resolved. Any ideas? On Nov 29, 12:29 am, Ganesh Sharma worldiswelc...@gmail.com wrote: Thanks Den for your reply. Yes search works perfectly. I tried it multiple times and it still works. It works at non-ssl port as well. So far as non-standard port is concerned, openDSLDAPuses 1636 port as standard. Moreover it had been working in past at port 1636. Here is thepuppet.conf file in use: At present ssl settings are commented out. === [main] # ThePuppetlog directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # WherePuppetPID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl node_terminus = ldap [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig server =puppet-server.domain.com report = false runinterval = 30 [master] node_terminus = ldap ldapssl = false #ldapssl = true ldapserver =ldap-server.domain.com ldapbase = ou=appliances,o=gluu #ldapport = 1636 ldapport = 1389 ldapuser = cn=directory manager ldappassword = === On Nov 26, 2:22 am, Denmat tu2bg...@gmail.com wrote: Hi, I don't useldapmyself so I may be of limited value. First it would also useful to confirm thatldapworks as expected over ssl by performing a ldapsearch -vx -ZZ whatever you need to test your search from your puppetmaster using the credentials you need. It would also be good to see thepuppet.conf you are using that shows yourldapsettings. I do notice you're using non standard ldaps port. Cheers, Den On 26/11/2011, at 7:24, Ganesh Sharma worldiswelc...@gmail.com wrote: Hello, First of all thanks for such a great software and that too for no cost. I'm describing the problem below along with my Environment Details: 1.LDAP: openDS 2.Puppet: Version 2.7.3 (Both clients and servers) 3. Certificates being used: Signed by cacert.org 4. Node Definitions: in openDS 5.LDAP(SSL) Port: 1636 6.PuppetPort: 8140 7.PuppetRuns by: Webrick Problem: We have lot of servers which we control bypuppetand thepuppetnode definitions are stored inLDAP. Everything was going perfect earlier. But for few days I see below error: --- warning: RetryingLDAPconnection err: Failed when searching for node x.domain.com :LDAPSearch failed --- This error is for all the nodes. The server runs perfectly at port 1389 which is non-ssl port. Solutions Applied: 1. Installed cacert's root certificate ca-bundle.crt in /etc/pki/tls/ certs/ atpuppetserver. 2. Tried to run the server at 1389 and still running it. But we fear due to security reasons. 3. Tried to install the cacert in openssl way i.e created soft link of server to `hash of ca-bundle.crt`.0, but that too did not work. Any help provided will be highly appreciated. Since this is my first post, please ignore my errors, but do let me know. And also, before posting this, I searched this group for any possible solutions, but did not find any. --- Thanks Ganesh -- You received this
[Puppet Users] Puppet client port to be open
Hi, Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet client port to be open
Thanks Nan. So, my puppetmaster should be able to install modules on puppet client if the port 8139 is open? On Nov 29, 10:24 am, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 29, 2011 at 6:19 PM, Namrata namratakulka...@gmail.com wrote: Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? You don't need that port unless you plan to enable listen and use puppet kick. 8140 is the default puppet master port and not for the agent. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is it possible to conditionally replace a file ?
On Tue, Nov 29, 2011 at 04:07, Martin Alfke tux...@gmail.com wrote: On 28.11.2011, at 19:18, Stefan Schulte wrote: [...] Thanks for responding. I agree, globally customizing the defaults is one way to go, but I am shooting for the second option. If you do not want the gobal defaults copied why are you using managehome = true? If you really have to go this awkward path you can create a conditional exec resoure that removes the dotfiles if they are equal to the skel files so puppet will copy the correct files again. (fileresources with replace = false) A second solution is to create a custom fact that tells you if puppet should manage the dotfiles and wrap your fileresources in an if-clause (fileresources with replace = true) -Stefan We have another usecase for conditional file replacement: if a developer would like to forbid any puppet changes on a certain file he creates a flagfile $name.nopuppet instead of normal file resource we use a parameterized define: This path is going to cause you nothing but pain. Instead of allowing conditional opt-out based on the machine, you should rather prefer to have the central authority own that - if the developer needs their machine to have a custom HTTP setup, don't try and manage it on that machine. Record that fact in your central configuration system. If you really need that control to be allowed on a per-user or per-machine basis, invest in an ENC and provide an interface to that which allows the developers to exclude their machine from this management. Daniel -- ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Uninstall Puppet and Facter from OSX
As createpackage has not been updated for quite some time, an alternative method of generating the package has been developed. It utilizes Apple's Developer Tools/GCC and a project called the Luggage, which in turn uses make to generate the package. It also can be dynamically fed new version numbers, for both Puppet and Facter. https://github.com/unixorn/luggage https://github.com/unixorn/luggage-examples/tree/master/puppet https://github.com/unixorn/luggage-examples/tree/master/facter If you are deploying it using a patch management tool like Munki (munki.googlecode.com), it can use the proper protocol of querying the receipt db and therefore remove all the bits and pieces that were installed based upon their bill of materials. Allister Banks @sacrilicious On Nov 29, 3:53 am, Alexander Fortin alexander.for...@gmail.com wrote: On 11/28/11 5:59 PM, Nigel Kersten wrote: You should, yes. I'd actually suggest the best thing to do is to run conf/osx/createpackage.sh to generate a proper Mac pkg out of the tarball. That will do some extra things like set up the right directory ownership for you. The previous install.rb install should have put files into: /usr/lib/ruby/site_ruby/1.8/puppet* /usr/bin/puppet* /usr/bin/filebucket /usr/bin/pi /usr/bin/ralsh /usr/sbin/puppet* and removing all those should effectively remove the install. Thanks Nigel, I've followed your suggestion and now I'm running puppet v2.7.6 installed via gem PS I wasn't able to find the createpackage.sh script you suggested though -- Alexander Fortinhttp://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs-firewall: How does it work?
Hello, Could someone clarify the philosiphy of this module... I need a way to manage iptables on all my systmes, and trying to imagine how this module would fit in, How does this module work? Does it check each supplied rule, for a node, against its current rules, then insert rule if missing? or does it just inserts the rules each time it is run? How are you using this module? Do you have all standard rules listed in one class/module, then various modules inserting their own specific rules elsewhere (in their own manifests)? Thanks a lot, Mohamed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetlabs-firewall: How does it work?
To clarify why I am asking how does this work...The doc has this intriguing advise: If you wish to ensure any reject rules are executed last, try using stages... Isn't the rule order integer in the resource name solving that problem? Thanks, Mohamed. On Tue, Nov 29, 2011 at 2:30 PM, Mohamed Lrhazi lrh...@gmail.com wrote: Hello, Could someone clarify the philosiphy of this module... I need a way to manage iptables on all my systmes, and trying to imagine how this module would fit in, How does this module work? Does it check each supplied rule, for a node, against its current rules, then insert rule if missing? or does it just inserts the rules each time it is run? How are you using this module? Do you have all standard rules listed in one class/module, then various modules inserting their own specific rules elsewhere (in their own manifests)? Thanks a lot, Mohamed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Artifactory Module
Hi, Artifactory is a another product. It's probably up to yourself to do the research here. Den On 29/11/2011, at 21:31, Pranav vpra...@gmail.com wrote: I want to use Puppet to fetch artifacts from Artifactory, deploy them and start the required services. How do I achieve it? I did not find any documentation or demo on this. Regards, Pranav -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] RubyCocoa
Hi, I built a primitive type/provider for computergroups on Mac OS X. To implement the standard provider#exists? method, I tried to grab a plist from dscl and compare it with the resource definition. I didn't get very far... err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not autoload computergroup: Could not autoload /etc/ puppet/modules/mymodule/lib/puppet/provider/computergroup/ computergroup.rb: no such file to load -- osx/cocoa at /etc/puppet/ modules/mymodule/manifests/policy/mcx.pp:20 on node foo.bar.com I am guessing this to be expected, but I was hoping somebody might be able to explain why? Thanks, -- B. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Profiling Puppet?
On Nov 29, 2011, at 3:15 PM, Justin Lloyd wrote: Is there any way to profile Puppet recipes? You can try the (undocumented?) options --evaltrace and --summarize to puppet agent. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet client port to be open
I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months. Craig On Nov 29, 2011, at 1:18 PM, Denmat wrote: Hi, Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client. If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all. Den On 30/11/2011, at 5:29, Namrata namratakulka...@gmail.com wrote: Thanks Nan. So, my puppetmaster should be able to install modules on puppet client if the port 8139 is open? On Nov 29, 10:24 am, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 29, 2011 at 6:19 PM, Namrata namratakulka...@gmail.com wrote: Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? You don't need that port unless you plan to enable listen and use puppet kick. 8140 is the default puppet master port and not for the agent. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How do I require a resource in a definition based on an array parameter?
I have a define that looks like this:
define user::sys_user($fullname, $uid, $groups, $shell='/bin/bash',
$authkey, $authkey_type=rsa) {
$username = sys_${name}
group { $username:
gid = $uid,
}
user { $username:
require = Group[$username],
ensure = present,
uid = $uid,
gid = $uid,
groups = $groups,
comment = $fullname,
shell = $shell,
managehome = true,
allowdupe = false,
}
ssh_authorized_key { ${username}_authkey:
user = $username,
ensure = present,
key = $authkey,
type = $authkey_type,
}
}
In the user resource, I am requiring the user's default group. I also
want to require supplemental groups if provided by the parameter
$groups.
Also, is the way I do groups = $groups going to fail if it's empty or
if it's just a string (i.e., defines just one group instead of an
array)?
Links to the appropriate documentation would be greatly appreciated of
course!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs-firewall: source param as array
Hi,
am trying this rule:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
is my syntax incorrect?
Thanks,
Mohamed.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet client port to be open
Thanks everyone for the clarifications to a puppet newbie aka me :) It is much clear now. It is just that one of my puppet client is a cloud server on Rackspace and while it can connect to the puppetmaster and apply basic configurations(like write a file) from puppetmaster manifest but unable configure things (such as install apache/tomcat etc.) On Nov 29, 12:57 pm, Craig White craig.wh...@ttiltd.com wrote: I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months. Craig On Nov 29, 2011, at 1:18 PM, Denmat wrote: Hi, Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client. If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all. Den On 30/11/2011, at 5:29, Namrata namratakulka...@gmail.com wrote: Thanks Nan. So, my puppetmaster should be able to install modules on puppet client if the port 8139 is open? On Nov 29, 10:24 am, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 29, 2011 at 6:19 PM, Namrata namratakulka...@gmail.com wrote: Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? You don't need that port unless you plan to enable listen and use puppet kick. 8140 is the default puppet master port and not for the agent. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] storeconfgs not initializing database
Hello, I'm attempting to setup puppet 2.7.6 to use the storeconfigs but it's failing to create the database and I'm not seeing any error or messages in the logs related to initializing the database. I'm using mysql and have created the user/role and the database and I'm able to connect successfully on both localhost and remotely. I'm running the dashboard on the same system and it's able to connect to it's db without issue. When I run lsof against the master process it hasn't loaded the ruby mysql library, which I can see when I lsof the dashboard process. Any thoughts? System: OpenSUSE 11.3 puppet 2.7.6 apache2 + passenger-3.0.9 [master] # required for Apache with Passenger (aka mod_rails) ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY #dbmigrate = true dbadapter = mysql dbname = puppet dbuser = puppet dbpassword = password #dbsocket = /var/run/mysql/mysql.sock dbserver = localhost storeconfigs = true -- Later, Darin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetlabs-firewall: source param as array
Hello,
While I have never used this particular package, I am curious about that
trailing comma:
source = ['10.0.0.0/8','192.168.0.0/16',],
or
source = ['10.0.0.0/8','192.168.0.0/16'],
Charles Buckley
On Tue, Nov 29, 2011 at 2:05 PM, Mohamed Lrhazi lrh...@gmail.com wrote:
Hi,
am trying this rule:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
is my syntax incorrect?
Thanks,
Mohamed.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetlabs-firewall: source param as array
On Tue, Nov 29, 2011 at 10:05 PM, Mohamed Lrhazi lrh...@gmail.com wrote:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
Hi Mohamed,
See: http://projects.puppetlabs.com/issues/10116
accepted bug.
Steve.
--
Steve Traylen
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetlabs-firewall: source param as array
On 2011-11-29 13:05 , Mohamed Lrhazi wrote:
Hi,
am trying this rule:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
is my syntax incorrect?
Thanks,
Mohamed.
The type doesn't appear to be written to handle accepting arrays in the
source property, so given how it's written it's expected behavior,
though sounds like it's rather undesirable.
--
Jacob Helwig
http://about.me/jhelwig
signature.asc
Description: OpenPGP digital signature
Re: [Puppet Users] puppetlabs-firewall: source param as array
Cool. Thanks guys.
On Tue, Nov 29, 2011 at 5:23 PM, Jacob Helwig ja...@puppetlabs.com wrote:
On 2011-11-29 13:05 , Mohamed Lrhazi wrote:
Hi,
am trying this rule:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
is my syntax incorrect?
Thanks,
Mohamed.
The type doesn't appear to be written to handle accepting arrays in the
source property, so given how it's written it's expected behavior,
though sounds like it's rather undesirable.
--
Jacob Helwig
http://about.me/jhelwig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet client port to be open
Oh dear ... Yes. On 30/11/2011, at 7:57, Craig White craig.wh...@ttiltd.com wrote: I hope that you were having a dyslexic moment and really meant to say 8139 instead of 1839 because then I would have to wonder how it's been working for me the past few months. Craig On Nov 29, 2011, at 1:18 PM, Denmat wrote: Hi, Just further clarifying what Nan has already said, the client initiates the connection to the master when it polls in. The master listens on 8140 for those connections. This is all you need for puppet to compile and apply the manifest on the client. If you use the 'puppet kick' command (where the master initiates the connection to the client) then you need 1839 open on the client. Otherwise you don't need 1839 open on the client at all. Den On 30/11/2011, at 5:29, Namrata namratakulka...@gmail.com wrote: Thanks Nan. So, my puppetmaster should be able to install modules on puppet client if the port 8139 is open? On Nov 29, 10:24 am, Nan Liu n...@puppetlabs.com wrote: On Tue, Nov 29, 2011 at 6:19 PM, Namrata namratakulka...@gmail.com wrote: Just a quick question. In order for puppet run to execute successfully on puppet client (ubuntu 10.04), the port 8139 on puppet client should be open and listening correct? Do we also require that port 8140 be open and running on puppet client? You don't need that port unless you plan to enable listen and use puppet kick. 8140 is the default puppet master port and not for the agent. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Craig White ~ craig.wh...@ttiltd.com 1.800.869.6908 ~~ www.ttiassessments.com Need help communicating between generations at work to achieve your desired success? Let us help! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
I'm not the OP Nigel, I think you meant Graham. It sounds like Augeas has some capabilities that I just wasn't aware of. In any case Augeas is not something I use if I can avoid it. Templates and concat are my preferred methods for managing config files. Straightforward clever for the general case. On Mon, Nov 28, 2011 at 12:47 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Nov 28, 2011 at 9:59 AM, Aaron Grewell aaron.grew...@gmail.com wrote: I'm not aware of any file editing method in Puppet that will modify multiple files as part of the same resource. The usual approach would be to create multiple resources, one for each file, and then cause each resource to notify the postfix service to restart. Note that you can wrap these multiple resources in a single defined resource so that it looks like a single resource from the point of view of the person editing the manifest code. Puppet's smart enough to only restart it once. As far as setting up the files the way you want them, if you need to edit the files in place Augeas is your only built-in option. You can also do hacky things with exec but it's not pleasant. Most folks don't edit in place, they replace the file with known good contents. For that you can use templates or something like puppet-concat (a third-party module that allows you to build files from fragments). On Mon, Nov 28, 2011 at 6:17 AM, Graham Leggett minf...@sharp.fm wrote: On 27 Nov 2011, at 20:04, Graham Leggett wrote: I have a task to convince puppet and augeas to modify multiple postfix files, most specifically /etc/postfix/main.cf and /etc/postifx/ acceptdomains.cf (and other LDAP related files), and I'm struggling to find out how to do that. I have found examples on how to use augeas to modify just one file at a time, but no information seems to be available when multiple files are involved. I started with the config published here, and have no idea what to change to convince puppet+augeas to edit both /etc/postfix/main.cf and /etc/postfix/acceptdomains.cf at the same time: https://github.com/camptocamp/puppet-postfix/blob/master/manifests/config.pp Does anyone have a sample configuration on how you would modify multiple files at once, or have a clue on where to start? Answering my own question, I've discovered that augeas doesn't support multiple files at all without a custom lens being created to support it. Or to declare it more accurately, augeas only knows about specific files defined in specific locations, it has no concept of a general file in a general location that you might want to apply a lens to. I eventually worked around the issue by making a custom lens copied from the augeas postfix_main.aug lens that listed the extra ldap templates as matching a wildcard, at this point augeas started working correctly. Something else I discovered is that augeas has no error handling of any kind - if it doesn't recognise a file as matching one of the predetermined locations built into the lens, it will silently ignore the file, and not tell you why. Do you get the same results with the command line 'augtool' Aaron? If not, please bug report that we need to fix this in the Puppet Augeas integration. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] template does not print variables
Jacob,
Thank you that worked!
[root@puppet manifests]# cat motd.pp
file { /etc/motd:
group = 'root',
owner = 'root',
mode = '440',
content = template(/etc/puppet/templates/motd.erb)
}
[root@puppet manifests]# cat /etc/motd
memory free = 389.88 MB
domain = jokefire.com
operating system = CentOS
On Tue, Nov 29, 2011 at 6:39 PM, Jacob Helwig ja...@puppetlabs.com wrote:
On 2011-11-29 15:37 , Tim Dunphy wrote:
Hello list,
I am having a problem with template file. Why are variables not
interpolated?
[root@puppet manifests]# cat /etc/motd
memory free = %= memoryfree %
domain = %= domain %
operating system = %= operatingsystem %
This is the template file
[root@puppet manifests]# cat ../templates/motd.erb
memory free = %= memoryfree %
domain = % domain %
operating system = % operatingsystem %
This is the puppet resource
[root@puppet manifests]# cat /etc/puppet/manifests/motd.pp
file { /etc/motd:
group = 'root',
owner = 'root',
mode = '440',
source = /etc/puppet/templates/motd.erb
}
thanks in advance
tim
You need to tell Puppet that it's actually a template, not a raw file.
Try something like this?
file { /etc/motd:
group = 'root',
owner = 'root',
mode = '440',
content = template(motd.erb),
}
--
Jacob Helwig
http://about.me/jhelwig
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppetlabs-firewall: source param as array
in case it help someone, I got it too do what I needed this way:
# Allow netbackup
define allow_netbackup() {
firewall { 300 allow netbackup traffic from ${name}:
proto = 'tcp',
dport = [13724,1556,10102,10082],
source = $name,
action = accept,
}
}
allow_netbackup { $netbackup_master_servers:}
allow_netbackup { $netbackup_media_servers: }
You're right Jacob. The bug in the module is really a documentation
bug. The doc says it expects an array for source and for destination,
when it should not.
Looking at the code it seems the module cannot provide anything
iptables itself does not, and iptables does not provide for list of
ips/networks in source and dest.
Thanks,
Mohamed.
On Tue, Nov 29, 2011 at 5:25 PM, Mohamed Lrhazi lrh...@gmail.com wrote:
Cool. Thanks guys.
On Tue, Nov 29, 2011 at 5:23 PM, Jacob Helwig ja...@puppetlabs.com wrote:
On 2011-11-29 13:05 , Mohamed Lrhazi wrote:
Hi,
am trying this rule:
firewall { '100 allow ssh from GUNET':
proto = 'tcp',
dport = '22',
source = ['10.0.0.0/8','192.168.0.0/16',],
action = accept,
}
and it only seems to add a rule for the first subnet. The second is
silently ignored.
is my syntax incorrect?
Thanks,
Mohamed.
The type doesn't appear to be written to handle accepting arrays in the
source property, so given how it's written it's expected behavior,
though sounds like it's rather undesirable.
--
Jacob Helwig
http://about.me/jhelwig
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs-firewall: hostnames Vs IP addresses
Hello,
The source and destination parameters accept both IP address or a
hostname. If using a hostname, the firewall module thinks the rule
changed each time it runs reporting:
notice: /Firewall[300 allow netbackup traffic from
nbmaster2-63.example.com]/source: current_value 192.168.63.42/32,
should be nbmaster2-63.example.com (noop)
Is there an easy workaround to this? other than not using hostnames?
A similar issue is also seen with the value of debug-level. From some
reason it always thinks it needs to be reset:
notice: /Firewall[998 drop noisy local traffic]/log_level:
current_value , should be warning (noop)
# Log everything else, then reject it with the default deny rule
firewall { '998 drop noisy local traffic':
state = 'NEW',
log_level = warning,
jump= 'LOG',
}
iptables -nL shows this rule as:
LOGtcp -- 0.0.0.0/00.0.0.0/0 /* 998
drop noisy local traffic */ state NEW LOG flags 0 level 4
I tried setting log_level to 4, instead of warning and got :
notice: /Firewall[998 drop noisy local traffic]/log_level:
current_value , should be 4 (noop)
Thanks a lot.
Mohamed.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Could find template at /modules/modules name/templates
Thanks for your answer. I misread it. How strange, In the shared directory ($templatedir), we don't need to specify 'module name' But in the /modules folder, we have to specify it. From: Martin Alfke tux...@gmail.com Subject: Re: [Puppet Users] Could find template at /modules/modules name/templates Date: Tue, 29 Nov 2011 13:59:16 +0100 Hi, On 29.11.2011, at 09:56, Diep Pham Van wrote: Hi, I have a problem. I have a modules name emacs. Under /modules/emacs, I have: - templates - files - manifests I cannot use template file from templates folder, It's say cold not find template ... But when I place the template file in $templatedir folder, everything works well. within modules you have to use special path when using templates: e.g. content = template (emacs/template.erb) Do you have modulepath configured in puppet.conf? Also have a look on the wiki: http://projects.puppetlabs.com/projects/1/wiki/Puppet_Modules Kind regards, Martin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Uninstall Puppet and Facter from OSX
On Tue, Nov 29, 2011 at 10:19 AM, Allister Banks a...@aru-b.com wrote: As createpackage has not been updated for quite some time, an alternative method of generating the package has been developed. It utilizes Apple's Developer Tools/GCC and a project called the Luggage, which in turn uses make to generate the package. It also can be dynamically fed new version numbers, for both Puppet and Facter. https://github.com/unixorn/luggage https://github.com/unixorn/luggage-examples/tree/master/puppet https://github.com/unixorn/luggage-examples/tree/master/facter If you are deploying it using a patch management tool like Munki (munki.googlecode.com), it can use the proper protocol of querying the receipt db and therefore remove all the bits and pieces that were installed based upon their bill of materials. Allister Banks @sacrilicious On Nov 29, 3:53 am, Alexander Fortin alexander.for...@gmail.com wrote: On 11/28/11 5:59 PM, Nigel Kersten wrote: You should, yes. I'd actually suggest the best thing to do is to run conf/osx/createpackage.sh to generate a proper Mac pkg out of the tarball. That will do some extra things like set up the right directory ownership for you. The previous install.rb install should have put files into: /usr/lib/ruby/site_ruby/1.8/puppet* /usr/bin/puppet* /usr/bin/filebucket /usr/bin/pi /usr/bin/ralsh /usr/sbin/puppet* and removing all those should effectively remove the install. Thanks Nigel, I've followed your suggestion and now I'm running puppet v2.7.6 installed via gem PS I wasn't able to find the createpackage.sh script you suggested though -- Alexander Fortinhttp://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Just to add some clarity, The createpackage.sh script in conf/osx actually works quite well, regardless of how old it is. Untar or git clone Puppet from source, make sure you're in the root of the directory, and run: sudo conf/osx/createpackage.sh That should build a package for you and place it in the same directory (puppet-2.7.7.pkg). I initially created the recipe in The Luggage as a proof of concept so I could build multiple packages from different Puppet versions, and it works quite well for that, but you should find it much easier to use the package bundled with source. Let us know if you have any issues :) Cheers! -- Gary Larizza Professional Services Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
