Re: [Puppet Users] RFC: Deprecate defined() function for Telly.
Hi, On 01/26/2012 02:25 AM, Ashley Penney wrote: This is a fantastic reply and I appreciate the work you put into it. I have just one question. As it stands functions can only apply to partial catalogs and not to the full catalog. Is this a fundamental design decision that cannot be changed? Perhaps it would be interesting to speculate on what could be done if you had the ability to use the entire catalog when fully parsed. This goes in a similar direction as Trevor's comment: On 01/26/2012 01:55 AM, Trevor Vaughan wrote: It feels like Puppet is working its way toward a two pass compile, one for static code portions and one for dynamic portions. While potentially less efficient, it would add greater room for the flexibility that people seem to want overall. Please let's NOT go down that road. You won't get away with two passes. Think about it: After every pass, some if { } could switch values depending on what defined() or some other function now returns. The compiler would need to recursively repeat all its work (don't even get me started on infinite loops). That's another road to pain right there IMO. I still dislike the third module refactoring. I think it removes a lot of power of self- contained modules and makes things significantly uglier and more difficult when combining modules from multiple sources. I wish it could be solved in a better way within Puppet and I believe it could be with (perhaps optional) merging of identical resources. Modules that work in and of itself are desirable, seeing as they're very elegant. On the other hand, in the worst case you duplicate lots of code (yes, package { java: } is not a lot of code), which modules should normally keep you from doing. All I know is that telling users If you download 5 modules from puppet forge make sure you go through them all, extract any duplicating resources into random modules that exist purely to allow you to realize packages instead leads to a really bad user experience. Uhm, what? o_O That's not at all what I had in mind. This is a job for *authors*, not end users. Thinking about other examples of similar systems (CPAN, Gems, Pear, you name it), module dependencies are commonplace (and usually coupled with a system that will automatically resolve them for the end user). I stronly believe that the Forge is in need of such a system (I believe Nigel brought up the proposal of metadata for this), and it should be best practice to design modules to rely on this as much as possible. BTW Nigel: Separating this thread from the Cross-module (package) dependencies hasn't really worked out, has it? ;) Sincerely, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Deprecate defined() function for Telly.
On 26/01/12 00:55, Trevor Vaughan wrote: I mentioned in a previous thread that I don't see an issue with having multiple identical resources compiled across the code base and I'd like to add that to this thread since it's related. class a { package { 'foo': ensure = 'present' } } class b { package { 'foo': ensure = 'present' } } include 'a' include 'b' Should work. However, if the two resources differ, this should be a compile error. In a perfect world, you wouldn't have this issue, but it shouldn't be an error since you're applying identical code. I think this is a small improvement, but it is still forcing strong coupling - two parts of the manifest have to know about each other and agree on how things are defined. It means writing self-contained manifests will still be hard or impossible, unless *everyone* adopts the (arbitrary) convention of defining only ensure = present or somesuch. For example, suppose in one place I need a file to exist, and in another I also need it to be executable. Oh dear, I can't do that. N -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Deprecate defined() function for Telly.
On 26/01/12 01:25, Ashley Penney wrote: All I know is that telling users If you download 5 modules from puppet forge make sure you go through them all, extract any duplicating resources into random modules that exist purely to allow you to realize packages instead leads to a really bad user experience. +1 from me. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] RFC: Deprecate defined() function for Telly.
On 01/26/2012 11:21 AM, Nick wrote: For example, suppose in one place I need a file to exist, and in another I also need it to be executable. Oh dear, I can't do that. That, and you'd need to merge require/before etc. Such things aren't trivial. Nan put it this way: On 01/25/2012 03:59 PM, Nan Liu wrote: Module a: file { /foo/bar: ensure = 'present', owner = 'root', content = blah blah, } Module b: file { /foo/bar: ensure = 'present', mode = '0774', } Currently Puppet doesn't allow them to co-exist. It would be nice if instead it could be told to check these definitions are consistent, and then enforce the union of the two. The same principle could apply to users, groups, packages, and presumably any other resources. How would this be implemented in a sane way to deal with any attributes that are hash/array? Merge, merge+unique, fail? What if we add relationship (require/before) or other meta-parameters to the mix? If I use the puppet config_version feature to track what resource is changed by which line of puppet code for auditing purpose, how would I audit a single attribute that can be due to multiple line of code? Once I started thinking about define types (which behave like a resource), it's gets rather complex especially with conditional branching in the define type. Don't get me wrong, this clearly would be a useful feature, but I'm interested only if the rules of how this would behave can be clearly expressed and understood, otherwise this will be a maze of pain trying to figure out what part of the code broke something. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error at the end of a puppet agent run...
On 01/26/2012 12:15 PM, Felix Frank wrote: On 01/24/2012 08:21 PM, Aaron Grewell wrote: If you didn't specifically configure Puppet to use Passenger then you're using Mongrel by default. Scalability = false. Isn't that webrick? AFAIK mongrel would be fine, webrick is indeed a problem, and passenger is known to be a good alternative. Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Managing SSH host private keys
Hi all, I already use Puppet to collect and distribute SSH host public keys between machines I manage. I now want to collect private host keys from each node and store them on the puppetmaster, so when I rebuild a node it receives the same key. Is there an easy way of doing this? Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
Hi all, Upgraded a master and a couple of clients to 2.7.10 and now see the following when running an agent if the daemon is also running: [steph@somehost ~]$ sudo puppet agent --onetime --verbose --no-daemonize info: Caching catalog for somehost.example.com info: Applying configuration version '1327578407' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: created notice: /Stage[main]/Mysql-server/Service[mysqld]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 20.11 seconds err: Could not remove PID file /var/run/puppet/agent.pid [steph@somehost ~]$ I see that 2.7.10 fixed a bug http://projects.puppetlabs.com/issues/5246 and wonder if they're related? in 2.7.9 this would run without throwing the error, indeed in .10 the onetime run completes and the agent daemon is happy too: It's just unnerving to see pink messages :) Environment is CentOS 6.2 fwiw. -- Steph Gosling st...@chuci.org -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
I am seeing the same message printed on each run, on CentOS 6.2. Puppet still works, so it's not critical. Just waiting for a fix :) Jonathan On 26/01/12 12:00, Steph Gosling wrote: Hi all, Upgraded a master and a couple of clients to 2.7.10 and now see the following when running an agent if the daemon is also running: [steph@somehost ~]$ sudo puppet agent --onetime --verbose --no-daemonize info: Caching catalog for somehost.example.com info: Applying configuration version '1327578407' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: created notice: /Stage[main]/Mysql-server/Service[mysqld]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 20.11 seconds err: Could not remove PID file /var/run/puppet/agent.pid [steph@somehost ~]$ I see that 2.7.10 fixed a bug http://projects.puppetlabs.com/issues/5246 and wonder if they're related? in 2.7.9 this would run without throwing the error, indeed in .10 the onetime run completes and the agent daemon is happy too: It's just unnerving to see pink messages :) Environment is CentOS 6.2 fwiw. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
Yeah everything does work, I just really don't like seeing pink :) Cheers, Steph On Thu, 26 Jan 2012 12:26:14 + Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: I am seeing the same message printed on each run, on CentOS 6.2. Puppet still works, so it's not critical. Just waiting for a fix :) Jonathan On 26/01/12 12:00, Steph Gosling wrote: Hi all, Upgraded a master and a couple of clients to 2.7.10 and now see the following when running an agent if the daemon is also running: [steph@somehost ~]$ sudo puppet agent --onetime --verbose --no-daemonize info: Caching catalog for somehost.example.com info: Applying configuration version '1327578407' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: created notice: /Stage[main]/Mysql-server/Service[mysqld]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 20.11 seconds err: Could not remove PID file /var/run/puppet/agent.pid [steph@somehost ~]$ I see that 2.7.10 fixed a bug http://projects.puppetlabs.com/issues/5246 and wonder if they're related? in 2.7.9 this would run without throwing the error, indeed in .10 the onetime run completes and the agent daemon is happy too: It's just unnerving to see pink messages :) Environment is CentOS 6.2 fwiw. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Steph Gosling st...@chuci.org -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
Looks like the code paths in Puppet::Agent changed a lot and the patch that was applied and worked for 2.6.x would need to be different for 2.7.x Will set up a 2.7 master and see if i can reproduce/fix - Original Message - Yeah everything does work, I just really don't like seeing pink :) Cheers, Steph On Thu, 26 Jan 2012 12:26:14 + Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: I am seeing the same message printed on each run, on CentOS 6.2. Puppet still works, so it's not critical. Just waiting for a fix :) Jonathan On 26/01/12 12:00, Steph Gosling wrote: Hi all, Upgraded a master and a couple of clients to 2.7.10 and now see the following when running an agent if the daemon is also running: [steph@somehost ~]$ sudo puppet agent --onetime --verbose --no-daemonize info: Caching catalog for somehost.example.com info: Applying configuration version '1327578407' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: created notice: /Stage[main]/Mysql-server/Service[mysqld]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 20.11 seconds err: Could not remove PID file /var/run/puppet/agent.pid [steph@somehost ~]$ I see that 2.7.10 fixed a bug http://projects.puppetlabs.com/issues/5246 and wonder if they're related? in 2.7.9 this would run without throwing the error, indeed in .10 the onetime run completes and the agent daemon is happy too: It's just unnerving to see pink messages :) Environment is CentOS 6.2 fwiw. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Steph Gosling st...@chuci.org -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
- Original Message - Is the puppet agent daemon running when you run the agent by hand? Ah! thats it, I'll take a look -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] A Related Question - (Was: Template Help Please)
On 01/26/2012 02:20 PM, Dick Davies wrote: That kind of thing should work (been using similar tricks since 0.25.x); I think Dan was addressing this: scope.lookupvar('resolver::params::resolvers') I'm not sure when this was new, I believe it works with 2.6.x -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] A Related Question - (Was: Template Help Please)
Thanks for replying. I will try it on my 2.6.12 and report back to the list “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Felix Frank felix.fr...@alumni.tu-berlin.de wrote: On 01/26/2012 02:20 PM, Dick Davies wrote: That kind of thing should work (been using similar tricks since 0.25.x); I think Dan was addressing this: scope.lookupvar('resolver::params::resolvers') I'm not sure when this was new, I believe it works with 2.6.x -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
I'm having the same thing, I use puppetd -tv all the time and now it's trying to delete a .pid at the end: err: Could not remove PID file /var/run/puppet/agent.pid It's super annoying but not fatal I suppose. I stopped the daemon from running and tried running puppetd again but it still gave the same error. On Thu, Jan 26, 2012 at 8:14 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - Is the puppet agent daemon running when you run the agent by hand? Ah! thats it, I'll take a look -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Why is 'notify' acting as a 'before' and not a 'require' ?
On Jan 24, 3:51 am, Alexandre alexandre.fou...@gmail.com wrote: Think about it. You want puppet to send a notification to a resource. Puppet must decide whether this notification gets sent. So it must process the notifying resource. After that, *if* a notification was in fact generated, it can process the notified resource. I see. I was making a difference between parsing the notified ressource and applying this resource. That is why i -though- the notify would require the parsing, but Puppet would then apply/refresh the notified resource afterwards. But it seems that for Puppet, parsing and applying the notified ressource is one operation, which means, if i understand correctly, that it is not possible to require and notify the same resource as i was expecting erroneously. No, that is incorrect. Parsing and applying are always distinct operations to Puppet. In general, they don't even happen on the same machine. Testing for dependency cycles is part of parsing manifests and compiling them into a catalog. This does not conflict with Felix's explanation of why 'subscribe' and 'notify' [must] establish resource relationships. Perhaps you meant you thought the 'require' was needed for correct parsing? That is incorrect, precisely *because* Puppet separates parsing / compiling from applying, but we need to be careful because you use two semantically different 'require's in your manifest: 1) The 'require' function -- require 'apache' 2) The 'require' metaparameter -- require = [ Class['apache'] ] You must first understand that the latter is redundant with the former, because the former causes the entire class in which it appears to have a requirement on the named class. This is an order-of- application consideration, not a parsing consideration, and it seems to be the key problem in your manifest. The 'require' function (but not the metaparameter) ADDITIONALLY has the same effect as the 'include' function, and part of *that* effect is indeed necessary to ensure that your manifest always parses cleanly. Perhaps this is the source of your confusion. It looks like what you want might be modules/apache/manifests/init.pp: class apache { #(...) exec { 'apache-reload': command = '/sbin/service httpd reload', refreshonly = true, require = Service['apache'], } } modules/backup/manifests/backuppc/web.pp: class backup::backuppc::web { #(...) include 'apache' # NOTE file { '/etc/httpd/conf.d/BackupPC.conf': #(...) # NO REQUIRE notify = Exec['apache-reload'], } } John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone seeing odd agent behaviour with 2.7.10?
- Original Message - I'm having the same thing, I use puppetd -tv all the time and now it's trying to delete a .pid at the end: err: Could not remove PID file /var/run/puppet/agent.pid It's super annoying but not fatal I suppose. I stopped the daemon from running and tried running puppetd again but it still gave the same error. that's weird, did the daemon leave behind a pid file or somethign? my testing werent showing this error when the daemon wasnt running. anyway, opened https://projects.puppetlabs.com/issues/12188 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issues with new puppet install...
Based on what Nigel said I checked my auth.conf file lo and behold it was MIA. Don't know why but I created a new one at any rate and tried again. Still getting errors, but they are at least different errors. Looking in the apache2 log I find an intriguing error: from config.ru:1 [ pid=7913 thr=70073891451320 file=utils.rb:176 time=2012-01-26 15:03:21.940 ]: *** Exception LoadError in PhusionPassenger::Rack::ApplicationSpawner (no such file to load -- puppet/network/http_server/rack) (process 7913, thread #Thread:0x7f76b2d0e370): I checked the directory /usr/lib/ruby/gems/1.8/doc/puppet-2.7.9/rdoc/files/lib/puppet/network/http_server and checked its contents and found there was no rack.rb in there. Where should this come from? On Wed, Jan 25, 2012 at 7:02 PM, Nan Liu n...@puppetlabs.com wrote: I ran into the same error briefly on RHEL 6 with Puppet 2.7.9. After downgrading to 2.7.8 master, everything works as expected. There's so few difference when running git diff 2.7.8..2.7.9, I can't see what could possibly cause this bug. And in the process of trying to confirm the bug and upgrading it again to 2.7.9 it went away. I have to stand up a few more masters and I'll dig into this a bit more if I can repeat it. Thanks, Nan On Wed, Jan 25, 2012 at 4:57 PM, Peter Berghold salty.cowd...@gmail.com wrote: Just for completeness: # type --all puppet{,d,masterd} puppet is /usr/bin/puppet puppetd is /usr/bin/puppetd puppetmasterd is /usr/bin/puppetmasterd # puppet --version 2.7.9 # puppetd --version 2.7.9 # puppetmasterd --version 2.7.9 On Wed, Jan 25, 2012 at 4:37 PM, Peter Berghold salty.cowd...@gmail.com wrote: There is only one version of puppet (agent and master) on the system. This system was installed from bare metal this morning. On Jan 25, 2012 4:24 PM, Nigel Kersten ni...@puppetlabs.com wrote: do you have multiple versions of puppet installed? If you're in bash: $ type --all puppet{,d,masterd} Do you get different versions returned for: $ puppet --version $ puppetd --version On newer installs you should be using puppet agent instead of puppetd (We moved to git-style subcommands a while ago) On Wed, Jan 25, 2012 at 1:03 PM, Peter Berghold salty.cowd...@gmail.com wrote: master and ... -- You received this message because you are subscribed to the Google Groups Puppet Users group. ... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issues with new puppet install...
Here is my config.ru by the way... checking to make sure it is correct... # This file is mostly based on puppetmasterd, which is part of # the standard puppet distribution. require 'rack' require 'puppet' require 'puppet/network/http_server/rack' # startup code stolen from bin/puppetmasterd Puppet.parse_config Puppet::Util::Log.level = :info Puppet::Util::Log.newdestination(:syslog) # A temporary solution, to at least make the master work for now. Puppet::Node::Facts.terminus_class = :yaml # Cache our nodes in yaml. Currently not configurable. Puppet::Node.cache_class = :yaml # The list of handlers running inside this puppetmaster handlers = { :Status = {}, :FileServer = {}, :Master = {}, :CA = {}, :FileBucket = {}, :Report = {} } # Fire up the Rack-Server instance server = Puppet::Network::HTTPServer::Rack.new(handlers) # prepare the rack app app = proc do |env| server.process(env) end # Go. run app On Thu, Jan 26, 2012 at 10:19 AM, Peter Berghold salty.cowd...@gmail.comwrote: Based on what Nigel said I checked my auth.conf file lo and behold it was MIA. Don't know why but I created a new one at any rate and tried again. Still getting errors, but they are at least different errors. Looking in the apache2 log I find an intriguing error: from config.ru:1 [ pid=7913 thr=70073891451320 file=utils.rb:176 time=2012-01-26 15:03:21.940 ]: *** Exception LoadError in PhusionPassenger::Rack::ApplicationSpawner (no such file to load -- puppet/network/http_server/rack) (process 7913, thread #Thread:0x7f76b2d0e370): I checked the directory /usr/lib/ruby/gems/1.8/doc/puppet-2.7.9/rdoc/files/lib/puppet/network/http_server and checked its contents and found there was no rack.rb in there. Where should this come from? On Wed, Jan 25, 2012 at 7:02 PM, Nan Liu n...@puppetlabs.com wrote: I ran into the same error briefly on RHEL 6 with Puppet 2.7.9. After downgrading to 2.7.8 master, everything works as expected. There's so few difference when running git diff 2.7.8..2.7.9, I can't see what could possibly cause this bug. And in the process of trying to confirm the bug and upgrading it again to 2.7.9 it went away. I have to stand up a few more masters and I'll dig into this a bit more if I can repeat it. Thanks, Nan On Wed, Jan 25, 2012 at 4:57 PM, Peter Berghold salty.cowd...@gmail.com wrote: Just for completeness: # type --all puppet{,d,masterd} puppet is /usr/bin/puppet puppetd is /usr/bin/puppetd puppetmasterd is /usr/bin/puppetmasterd # puppet --version 2.7.9 # puppetd --version 2.7.9 # puppetmasterd --version 2.7.9 On Wed, Jan 25, 2012 at 4:37 PM, Peter Berghold salty.cowd...@gmail.com wrote: There is only one version of puppet (agent and master) on the system. This system was installed from bare metal this morning. On Jan 25, 2012 4:24 PM, Nigel Kersten ni...@puppetlabs.com wrote: do you have multiple versions of puppet installed? If you're in bash: $ type --all puppet{,d,masterd} Do you get different versions returned for: $ puppet --version $ puppetd --version On newer installs you should be using puppet agent instead of puppetd (We moved to git-style subcommands a while ago) On Wed, Jan 25, 2012 at 1:03 PM, Peter Berghold salty.cowd...@gmail.com wrote: master and ... -- You received this message because you are subscribed to the Google Groups Puppet Users group. ... -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
Hi Jonathan, On Thu, Jan 26, 2012 at 5:40 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: Hi all, I already use Puppet to collect and distribute SSH host public keys between machines I manage. I now want to collect private host keys from each node and store them on the puppetmaster, so when I rebuild a node it receives the same key. Sure. Is there an easy way of doing this? I don't know about easy, but here is what I am doing: Set up a private fileserver for your nodes. This is where I put sensitive node data (like ssh host keys). Then configure your manifest to pull in the files from there. Here are some of the relevant files: $ cat /etc/puppet/fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny [files] path /etc/puppet/files # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [plugins] # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [private] path /etc/puppet/private/%h allow * $ cat /etc/puppet/modules/ssh/manifests/init.pp class ssh::install { package { ssh: ensure = present, } } class ssh::service { service { ssh: ensure = running, enable = true, hasrestart = true, require= Class[ssh::install], } } class ssh::config($sshd_config_source = puppet:///modules/ssh/etc/ssh/sshd_config) { file { /etc/ssh/sshd_config: owner = root, group = root, mode= 0644, source = $sshd_config_source, require = Class[ssh::install], notify = Service[ssh], } file { /etc/ssh/ssh_host_dsa_key: owner = root, group = root, mode= 0600, source = puppet:///private/etc/ssh/ssh_host_dsa_key, require = Class[ssh::install], notify = Service[ssh], } file { /etc/ssh/ssh_host_dsa_key.pub: owner = root, group = root, mode= 0644, source = puppet:///private/etc/ssh/ssh_host_dsa_key.pub, require = Class[ssh::install], notify = Service[ssh], } file { /etc/ssh/ssh_host_rsa_key: owner = root, group = root, mode= 0600, source = puppet:///private/etc/ssh/ssh_host_rsa_key, require = Class[ssh::install], notify = Service[ssh], } file { /etc/ssh/ssh_host_rsa_key.pub: owner = root, group = root, mode= 0644, source = puppet:///private/etc/ssh/ssh_host_rsa_key.pub, require = Class[ssh::install], notify = Service[ssh], } } class ssh($sshd_config_source = puppet:///modules/ssh/etc/ssh/sshd_config) { include ssh::install, ssh::service class { ssh::config: sshd_config_source = $sshd_config_source } } $ ls -alh /etc/puppet/private/nodehostname/etc/ssh total 24K drwxr-xr-x 2 root root 4.0K Jan 18 11:35 . drwxr-xr-x 5 root root 4.0K Jan 18 11:35 .. -rw-r--r-- 1 root root 668 Jan 18 11:35 ssh_host_dsa_key -rw-r--r-- 1 root root 598 Jan 18 11:35 ssh_host_dsa_key.pub -rw-r--r-- 1 root root 1.7K Jan 18 11:35 ssh_host_rsa_key -rw-r--r-- 1 root root 390 Jan 18 11:35 ssh_host_rsa_key.pub HTH, -Matt Zagrabelny -- This space was intentionally left blank as to not advertise to you what cellular provider nor what iDevice was used to send you an email. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On Jan 20, 4:34 pm, Cody c.a.herri...@gmail.com wrote: On Jan 20, 6:39 am, jcbollinger john.bollin...@stjude.org wrote: On Jan 20, 3:00 am, Dan Bode d...@puppetlabs.com wrote: * the big reason I keep on leaning on it is for package dependencies. Often something needs an additional package installed (and it is possible that other modules may have that same package dependency, and I don't want to have to create a new class every time that I need another package (especially for something complicated that may have tons of package dependencies) You describe one of the core use cases for virtual resources. Instead of relying on the defined() function, you can 1) define virtual Package resources in some central place(s) for all the packages your nodes might want to manage, 2) include that class wherever needed, and 3) *realize* Packages as appropriate wherever you know you need certain ones. That avoids parse-order issues, doesn't require you to keep multiple definitions of the same resource synchronized, and makes it easier to find specific Package definitions among your manifests. In some cases you might even be able to leverage collections with selection predicates to simplify and clarify your manifests. I don't see a single reason to prefer use of 'defined' for this case. Defining all somewhat common packages in a central location becomes unrealistic when you no longer control the code that is in every module you use. If you obtain five modules from the forge and they all require a specific package and so all define that package your not going to convince, nor is it a good design to require everyone to move the package definitions from that collection of modules. They need to function as a collection out of the box. On the contrary, if that's what is required for modules to be interoperable, and module authors indeed want their modules to be interoperable, then I think it would be relatively easy to persuade most authors to do it. I can think of ways to make it work, and I'll write more on that in some other thread. Sticking to the subject at hand, however, there remains the issue that defined() does not adequately solve the shared resource problem anyway. If two modules both rely on the same resource then it is not safe for one to assume that the definition of that resource provided by the other meets all its needs. The 'defined' function can maybe ensure that the manifests compile, but it cannot ensure that the resulting configuration is correct. That makes it worse than useless for the purpose, as far as I'm concerned. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On 01/26/2012 04:28 PM, jcbollinger wrote: The 'defined' function can maybe ensure that the manifests compile, but it cannot ensure that the resulting configuration is correct. That makes it worse than useless for the purpose, as far as I'm concerned. Exceptionally good point. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Moving to RVM Ruby 1.9 and Puppet
Has anyone had any experience with using RVM with Puppet? I know with puppet 2.6 it directly invokes /usr/bin/ruby on RHEL based OSes but in 2.7 I see that its using env to invoke ruby. Is there a noticable performance increase with ruby 1.9 over 1.8? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] future use of fully qualified variable names
hi, in the logs of our 2.7.10 puppet master we find messages like these: Dynamic lookup of $functie at /etc/puppet/manifests/server_classes.pp:52 is deprecated. Support will be removed in Puppet 2.8. Use a fully-qualified variable name (e.g., $classname::variable) or parameterized classes. However, I'm a bit worried that a key functionality will be removed in 2.8: we set a param/value in every node telling the node what it's funtion is and use that in a variety of manifests to decide how to configure the server. we use something like: node servera { $function = 'webserver' include function_dependent_services } node serverb { $function = 'dbserver' include function_dependent_services } class function_dependent_services { include iptables include motd } class iptables { file { /etc/iptables/cfg-firewall: content = template(iptables/cfg-firewall.erb); } } and then, somewhere in the erb we evaluate %= function % will this be broken in 2.8? and, if yes: how should we tell the erb the param that changes for a lot of nodes? or should I file this as a bug for v2.8? please help us out, thanks in advance Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cRhSzVjWDNQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?
Hi, After upgrading a server and client from 2.6.13 to 2.7.10 my configuration with array attributes are behaving differently. 3 examples: (1) k5login {'/root/.k5login-test': principals = ['m...@cern.ch', 't...@cern.ch'], } while .k5login file is created perfectly but every puppet run updates the file with. notice: /Stage[main]/Kerberos::Root/K5login[/root/.k5login-test]/principals: principals changed ['m...@cern.ch', 't...@cern.ch'] to 'm...@cern.ch t...@cern.ch' Notice how the ['A','B'] is compared to 'A B' (2) I see the same thing elsewhere as well, e.g. (puppetlabs-firewall-0.0.4) e.g: firewall { '000 allow packets with valid state': proto = all, state = ['RELATED', 'ESTABLISHED'], action = accept, } info: /Firewall[000 allow packets with valid state]/state: state changed ['ESTABLISHED', 'RELATED'] to 'ESTABLISHED,RELATED' or (3) firewall{'100 openup for glusterfs': state = 'NEW', proto = 'tcp', dport = ['111','24007-24047','38465-38467'], action = accept, } info: /Firewall[100 openup for glusterfs]/dport: dport changed ['111', '24007-24047', '38465-38467'] to '111,24007-24047,38465-38467' This is on RHEL/SLC6 I did not see this for the brief time I had a 2.7.10 server and 2.6 client, only with the client update did it appear. A colleague has reproduced the k5login example above with a 2.7.9 server and client. Any suggestions.. ? Steve. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
On 26/01/12 16:02, Matt Zagrabelny wrote: On Thu, Jan 26, 2012 at 9:35 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: On 26/01/12 15:22, Matt Zagrabelny wrote: I don't know about easy, but here is what I am doing: Thanks Matt, that's helpful. This addresses how to distribute keys to node from the fileserver, but I wonder if there is a mechanism where if the key doesn't exist on the fileserver, the key that currently exists on the node is pulled in and saved for future reference - i.e. when new nodes are created. I'm trying to avoid any situation where I have to remember to do anything manually, you see. It always leads to failure down the line! I think the consensus is that puppet drives the state of a node. It is somewhat unconventional to have the node drive the state of the node. Remember, there is always some amount of manual stuff to do. 1) Install the OS (or clone your VM.) 2) Set the IP/hostname 3) Install puppet 4) Have the puppetmaster sign the cert Adding on scp'ing the host keys to your puppetmaster isn't too big of a deal. OK. I just wondered if there was an equivalent way of using exported resources for private keys, similar to this for public keys: @@sshkey { $fqdn: type = rsa, key = $sshrsakey } I'll have a think. Thanks, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cross-module dependencies
Since Felix seems not to have gotten around to doing this in the past couple of days, or else was unable to do so, On Jan 24, 3:28 am, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: there was a discussion in the can we deprecate defined() in Telly thread about how we can even begin to design Forge modules without it. A recurring problem is that multiple modules rely on certain packages, and there is no good model (yet) to unite their resource declarations. Therefore it's a common (although imho disgusting) workaround to do things like if !defined(Package[foo]) { package { foo: ensure = installed } } On 01/20/2012 11:34 PM, Cody wrote: Defining all somewhat common packages in a central location becomes unrealistic when you no longer control the code that is in every module you use. If you obtain five modules from the forge and they all require a specific package and so all define that package your not going to convince, nor is it a good design to require everyone to move the package definitions from that collection of modules. They need to function as a collection out of the box. Agreed. How can this be accomplished? I'm not sure it can be, though I have some ideas for how we can do better than we do now. To start, consider the extreme case where modules have conflicting essential requirements. For example, they require packages that declare conflicts with each other, or they differ about whether some service must be enabled or disabled. Such modules cannot *ever* work correctly together, out of the box or otherwise, therefore it is impossible to achieve a system that ensures that any random collection of modules will automatically work together. Furthermore, I think that its probably the wrong goal that even compatible modules should always work together automatically. The goal should be that compatible modules work together without modification, but it is altogether reasonable for that to require extra code somewhere else (e.g. extra classes assigned to the node, intermodule relationships defined, etc.). Perhaps there needs to be some kind of Forge common module that by policy can only ever declare virtual resources (packages are a prominent example). A user who wishes to retain the capability of using modules from the Forge would be required to install this common module, and replace their own resource declarations with realizations of the common resources. For this to work, it's definitely a plus that you can override attributes in collections: Package| title == apache2: | { ensure = 2.2.12 } ...although that does bear some caveats. Does this still work in recent versions? If we can take this for granted, all Forge modules can adhere to that same standard. This is a rough sketch of how things might possibly work, and surely has lots of wrinkles of its own. Still, I'm quite sure we need a proper way to rid ourselves of the horror that is the parse order dependent check for defined resources ;-) If we must rely only on features already present in Puppet, then I think that's heading in the right direction. I doubt it's feasible to rely on a single Forge Common module, however. Aside from the problem of maintaining a Common module as other modules are created and maintained, there is also the same essential problem I began with: different modules may have conflicting requirements. With respect to a given module, we need to distinguish between two three types of resources: 1) Resources owned by that module 2) All other resources Modules provide definitions of resources that they own. For the most part, those definitions should be virtual to avoid unnecessary inter- module coupling, but some resources are reasonable to define concretely. Modules may realize virtual resources belonging to other modules (without necessarily needing to know which module actually provides the definition), but they must not override properties of resources they do not own. The set of resources owned by a module and the set of other resources it depends on are parts of its external interface, and modules whose sets of owned resources overlap are inherently incompatible. Because of that source of incompatibility, modules should seek to keep their lists of owned resources small. But how, then, can optional inter- module dependencies be handled, or equivalently, how can a module be made able both to interoperate and to stand on its own? I see two elements to this: 1) It is the site's responsibility to ensure that all other resources required by each module in use be provided. That is the role that Felix's Forge Common module is aimed at, though I don't much care for that particular solution. Instead, I think in many cases it will be necessary for sites to provide at least some resource definitions via local custom modules. 2) Modules can ease the task for users by providing *optional* classes virtually defining some or all of the other resources they need.
Re: [Puppet Users] future use of fully qualified variable names
On Thu, Jan 26, 2012 at 7:55 AM, Alexander Swen alex.s...@gmail.com wrote: hi, in the logs of our 2.7.10 puppet master we find messages like these: Dynamic lookup of $functie at /etc/puppet/manifests/server_classes.pp:52 is deprecated. Support will be removed in Puppet 2.8. Use a fully-qualified variable name (e.g., $classname::variable) or parameterized classes. However, I'm a bit worried that a key functionality will be removed in 2.8: we set a param/value in every node telling the node what it's funtion is and use that in a variety of manifests to decide how to configure the server. we use something like: node servera { $function = 'webserver' include function_dependent_services } node serverb { $function = 'dbserver' include function_dependent_services } class function_dependent_services { include iptables include motd } class iptables { file { /etc/iptables/cfg-firewall: content = template(iptables/cfg-firewall.erb); } } and then, somewhere in the erb we evaluate %= function % will this be broken in 2.8? and, if yes: how should we tell the erb the param that changes for a lot of nodes? or should I file this as a bug for v2.8? please help us out, thanks in advance Alex Hi Alex, We have a page on our website that should help you out with this -- http://docs.puppetlabs.com/guides/scope_and_puppet.html Have you seen that yet? That's a great place to start. You have parameterized classes that can help you out, as well as data lookup methods like Hiera ( http://github.com/puppetlabs/hiera) that are also available. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cRhSzVjWDNQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gary Larizza Professional Services Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Advice/Best practices inter-module dependencies
Hello list, I am looking for advice/best-practices on how to handle inter-module dependencies. We have a fairly large/complex code base (100+ modules) with a lot of history (we started at 0.24) and lately we have taken into looking how we can improve the quality of the codebase. Parametrized classes, the style guide are all quick wins and no-brainers. But we have some inter module dependencies, mostly because of ordering, for which a proper design pattern is more elusive. A good example is our ldap setup, this setup needs to happen after the initialization of our packaging system. It also has to happen before a lot of the other modules, because ldap provides the details for some of the file owners/groups that are used. We have experimented with a few methods of getting this setup, but have always found significant drawbacks. Without stages we tried three ways of doing this: Creating a dependency chain between classes. Class['Ldap'] - Class['Mysql']. This is very easy to do, but doesn't work if we inherit from Ldap, say: class ldap::server inherits ldap The ordering between ldap::server and Mysql is not guaranteed. It also requires the maintainer of the ldap module to know about all modules that depend on ldap and update them if he decides to inherit. A task that is likely to be forgotten. Creating a dependency chains between resources in the modules, f.e. notify's. Every module that is part of an dependency defines an notify{ 'endpoint': } and makes sure that everything within the module is executed before the notify. If we inherit from the base class, the overriding class is responsible for making sure that endpoint is still the last thing executed in this module. Making it more likely that the ordering of events will remain as we want it after a continued year of development. But because of assumptions about out base image, and the rarity of reinstalls. it is easy to forgot the requirements in modules that actually need them, Leading to some subtle bugs where the first puppet run on a fresh install might not work but subsequent runs do. Luckily execution is now in fixed-order, otherwise that would have been a problem as well. The third is the use of stages for the ordering of actions, but this seems to be an all or nothing approach, and the result is a very splintered module. For example, our packaging setup is quite complex. First we initialise the packaging system and configure all the default package source, then custom sources could be configured on top of that we allow (un)masking of specific package versions. And after all this one can install a package. We could define 4 stages and each module that needs to do one of these actions would need to run classes in the designated stage, this results in some very splintered packages. Or we could define only 2 stages and have the base setup run before everything else and then wrap all other actions with defines that specify the ordering between them using some self-build ordering mechanism based on notify's or classes. A problem with this would be that those defines could only be used in the main stage, because of the built-in ordering. Modules adding more stages, like ldap, would need to do something custom for installing the required packages, which again makes maintenance of the package module more difficult to do right. So after this rather longer email explaining our problem and some of the options we explored, how do you guys handle these kind of complex inter-module dependencies? Cheers, Jos Houtman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/zn97r8lyAtwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client only install on Gentoo
Hi, I'm using Gentoo and puppet-2.6.12. The puppet master and client are wrapped up in the same package, app-admin/puppet. Can someone suggest a simple way of installing only the puppet client (I'm new to Gentoo)? Thanks, P. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Multiple Service definitions of the same type
Hello, I am trying to make it so that more than 1 instance of memcached can run on a single service. I have a special init.d script that can handle this, but want to define the service multiple times in a puppet class. Here is the definition I am using: service { $service_name: name = memcached, ensure = running, enable = true, start = $init_script start $service_name, stop = $init_script stop $service_name, status = $init_script status $service_name, restart = $init_script restart $service_name, hasstatus = true, require = [Package[memcached],File[$file_name]] } I used the $service_name so that the defintion would be unique, but now puppet is throwing this error: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Service[11411] to [memcached]; resource [Service, [memcached]] already exists at How can I achieve what I am trying to achieve? Any ideas? Thanks, Bryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Conditionally replace in file type
Hello, I'm making the deployment of an application configuration as follows: file {/home/user/foo/bar: ensure = directory, recurse = remote, source = puppet:///configs/${hostname}/home/user/foo/bar, ignore = [file1.cfg,file2.cfg], } I am ignoring these two files (file1.cfg,file2.cfg), cause they are dynamically modified by the application. So, not puppet managed. And here's my problem. Because on the other hand I have to initialize both files in the first run. What can I do? Is there any way of mix ignore and replace parameters? PS: I cannot define other resource with the path of not-managed files, because depending on hostname that path changes. Thanks in advance and apolgize my poor english! ;) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/HYtz0hP88Y8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] intermodule dependency
Hello list, I am looking for advice/best-practices on how to handle inter module dependency's. We have a fairly large/complex code base (100+ modules) with a lot of history (we started at 0.24) and lately we have taken into looking how we can improve the quality of the codebase. Parameterized classes, the style guide are all quick wins and no brainers. But we have some intermodule dependency's, mostly because of ordering, for which a proper design pattern is more elusive. A good example is our ldap setup, this setup needs to happen after the initialization of our packaging system. It also has to happen before a lot of the other modules, because ldap provides the details for some of the file owners/groups that are used. We have experimented with a few methods of getting this setup, but have always found significant drawbacks. Without stages we tried three ways of doing this: Creating a dependency chain between classes. Class['Ldap'] - Class['Mysql']. This is very easy to do, but doesn't work if we inherit from Ldap, say: class ldap::server inherits ldap The ordering between ldap::server and Mysql is not guaranteed. It also requires the maintainer of the ldap module to know about all modules that depend on ldap and update them if he decides to inherit. A task that is likely to be forgotten. Creating a dependency chains between resources in the modules, f.e. notify's. Every module that is part of an dependency defines an notify{ 'endpoint': } and makes sure that everything within the module is executed before the notify. If we inherit from the base class, the overriding class is responsible for making sure that endpoint is still the last thing executed in this module. Making it more likely that the ordering of events will remain as we want it after a continued year of development. But because of assumptions about out base image, and the rarity of reinstalls. it is easy to forgot the requirements in modules that actually need them, Leading to some subtle bugs where the first puppet run on a fresh install might not work but subsequent runs do. Luckily execution is now in fixed-order, otherwise that would have been a problem as well. The third is the use of stages for the ordering of actions, but this seems to be an all or nothing approach, and the result is a very splintered module. For example, our packaging setup is quite complex. First we initialise the packaging system and configure all the default package source, then custom sources could be configured on top of that we allow (un)masking of specific package versions. And after all this one can install a package. We could define 4 stages and each module that needs to do one of these actions would need to run classes in the designated stage, this results in some very splintered packages. Or we could define only 2 stages and have the base setup run before everything else and then wrap all other actions with defines that specify the ordering between them using some self-build ordering mechanism based on notify's or classes. A problem with this would be that those defines could only be used in the main stage, because of the built-in ordering. Modules adding more stages, like ldap, would need to do something custom for installing the required packages, which again makes maintenance of the package module more difficult to do right. So after this rather longer email explaining our problem and some of the options we explored, how do you guys handle these kind of complex inter-module dependencies? Cheers, Jos Houtman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Anyone know a good tool for 'watching' configurations?
Now that we have configuration management for our OS and we are actively managing our operating systems nearly hands off we want to now start doing some configuration mgmt of our applications. We don't frankly see having all our application teams use puppet or anything else to actively manage their applications. What we would like to do is watch the applications and know when things change. Basically, watch the directories that the developers put their applications into and keep a history of what changes and when. Does anyone have any idea on if there are any tools that can provide the ability to watch directories for changes like that. I know there is auditd that can do this, as well as maybe an intrusion detection tool like AIDE, but those solutions would involve lots of raw data and not much human readable stuff. I suppose we could write something to take all that data, digest it and report on it. But I was wondering if anyone knows of a tool that would do this type of function and provide some human friendly data and reports etc.. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Considering LDAP ENC
Having just gone through this conversion recently, it's not as hard as it seems. - Puppet variables are managed through the puppetVar entries for the objectClass so theres no need to extend the schema. - All variables are passed to the manifests as a string. You need to identify your hashes in your manifests and split them over a delimiter. - No parametrized classes (as of 2.6.x) can be called directly from LDAP. We had to locate our paramterized classes that were impacted and convert them over to using variables, and throwing a parse error if required variables were not located. This took maybe an hour to do. - At least as of 2.6.x it appears that the environment variable is completely ignored from the client. This behavior is actually desired but if you have gotten used to --environment=newfeatureenv it can be a change. We are also leveraging dynamic environments as described in http://puppetlabs.com/blog/git-workflow-and-puppet-environments/ which helps separate development from production. On Wed, Jan 25, 2012 at 10:44 AM, Brian Wong bwl...@gmail.com wrote: I have been reading about the LDAP ENC at the wiki http://projects.puppetlabs.com/projects/puppet/wiki/LDAP_Nodes. I am considering using the LDAP ENC, but I have a couple of concerns when it comes to the implementation. - It seems that the example using the entry attribute 'ipHostNumber' as a puppet variable is not really viable, for the LDAP schema would have to be updated to support arbitrary LDAP attributes such as this. Or perhaps this is an attribute that is part of the 'core' LDAP schema? - To support arrays it would require puppet parser functions and extraneous code in manifests to expand the LDAP arrays to puppet arrays. - It is not clear how parameterized classes can be handled. One of the important advantages of the LDAP ENC in my opinion is that modification can be tied directly to LDAP authorization. I want developers to be able to modify the classes pulled in by their development hosts and the write access to a specific LDAP OU containing these hosts can be granted. Another LDAP OU containing the configuration of productions hosts will only be writable by a select few. In addition, there are many tools available which can modify LDAP entries. This lowers the entry barrier to using such the LDAP backend. Can someone confirm or dispel my concerns? Are there any other ENC backends which would be appropriate given my goals? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Exporting local resources
Hi all, can I export a file present on a puppet client not created by puppet itself? In example: On host A I have a file /var/www/my_intranet_site/htusers that I like to have on host B too class exporter { @@file { /var/www/my_intranet_site/htusers: tag = basic_auth_users, ensure = present, } } class importer { File | tag == basic_auth_users | } host A { include exporter } host B { include importer } Thanks, L. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Writing a resource type provider in Python
Is it possible to write a provider in Python? I have to access something via a library that is written in Python. I'd rather not rewrite the library in Ruby, or call out to shell. I couldn't find any references on how to do this on the Puppet website and web searches for [puppet providers in python] or [writing puppet resources in python] mostly turn up links about using Puppet to manage Python and Python packages. Tom -- http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Selecting modlues based on subnet in nodes.pp
I have four major zones in my nework: Development, Quality Assurance, User Acceptanc Testing, and Production. I am able to deply different modules to these zones based on the simple regular expressions posted in the example at the bottom of this message. I have two data centers in my network: Salt Lake City and Santa Clara. I would like to be able to deploy different modules to servers based on the data center that they reside it. I have tried simple if statements and case statements but don't seem to be able to deploy my site based modules. Can you give me some imput on the best approach to my problem? I know I can manually define ever server in the enterprise in my nodes.pp, but I would prefer a more dynamic approach based IP subnet. $sal_nets = ['10.131.21.0','10.131.31.0','10.131.40.0','10.134.40.0','10.135.1.0','10.135.2.0','10.135.20.0','10.135.3.0','10.135.6.0','10.142.20.0','10.142.23.0'] $scl_nets = ['10.146.1.0','10.146.16.0','10.146.19.0','10.146.20.0','10.146.24.0','10.146.24.0','10.146.28.0','10.146.31.0','10.151.21.0','192.168.119.0','192.168.43.0','192.168.99.0'] node /^.+\.dev\.svbank\.com/ { # if ($network_eth0 in $sal_nets) or ($network_bond0 in $sal_nets) { #notice('salt lake city net') # } # if (($network_eth0 and ($network_eth0 in $sal_nets))) or ($network_bond0 and (($network_bond0 in $scl_nets))) { #notice('santa clara net') # } case $network_eth0 { $sal_nets: { include svb-sal-sendmail-cf } # use SAL repository $scl_nets: { include svb-scl-sendmail-cf } # else use SCL repository } include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos include svb-snmpd # include svb-sendmail-cf } node /^.+\.qa\.svbank\.com/ { include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos include svb-snmpd # include svb-sendmail-cf } node /^.+\.uat\.svbank\.com/ { include svb-core-config include svb-core-encase include svb-core-packages include svb-puppet include svb-sshd include svb-sudo include svb-repos # include svb-sendmail-cf include svb-users } node /^.+\.corp\.svbank\.com/ { include svb-core-config include svb-repos include svb-puppet } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Advice/Best practices inter-module dependencies
Hello list, I am looking for advice/best-practices on how to handle inter-module dependencies. We have a fairly large/complex code base (100+ modules) with a lot of history (we started at 0.24) and lately we have taken into looking how we can improve the quality of the codebase. Parametrized classes, the style guide are all quick wins and no-brainers. But we have some inter module dependencies, mostly because of ordering, for which a proper design pattern is more elusive. A good example is our ldap setup, this setup needs to happen after the initialization of our packaging system. It also has to happen before a lot of the other modules, because ldap provides the details for some of the file owners/groups that are used. We have experimented with a few methods of getting this setup, but have always found significant drawbacks. Without stages we tried three ways of doing this: Creating a dependency chain between classes. Class['Ldap'] - Class['Mysql']. This is very easy to do, but doesn't work if we inherit from Ldap, say: class ldap::server inherits ldap The ordering between ldap::server and Mysql is not guaranteed. It also requires the maintainer of the ldap module to know about all modules that depend on ldap and update them if he decides to inherit. A task that is likely to be forgotten. Creating a dependency chains between resources in the modules, f.e. notify's. Every module that is part of an dependency defines an notify{ 'endpoint': } and makes sure that everything within the module is executed before the notify. If we inherit from the base class, the overriding class is responsible for making sure that endpoint is still the last thing executed in this module. Making it more likely that the ordering of events will remain as we want it after a continued year of development. But because of assumptions about out base image, and the rarity of reinstalls. it is easy to forgot the requirements in modules that actually need them, Leading to some subtle bugs where the first puppet run on a fresh install might not work but subsequent runs do. Luckily execution is now in fixed-order, otherwise that would have been a problem as well. The third is the use of stages for the ordering of actions, but this seems to be an all or nothing approach, and the result is a very splintered module. For example, our packaging setup is quite complex. First we initialise the packaging system and configure all the default package source, then custom sources could be configured on top of that we allow (un)masking of specific package versions. And after all this one can install a package. We could define 4 stages and each module that needs to do one of these actions would need to run classes in the designated stage, this results in some very splintered packages. Or we could define only 2 stages and have the base setup run before everything else and then wrap all other actions with defines that specify the ordering between them using some self-build ordering mechanism based on notify's or classes. A problem with this would be that those defines could only be used in the main stage, because of the built-in ordering. Modules adding more stages, like ldap, would need to do something custom for installing the required packages, which again makes maintenance of the package module more difficult to do right. So after this rather longer email explaining our problem and some of the options we explored, how do you guys handle these kind of complex inter-module dependencies? Cheers, Jos Houtman -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Question about puppet module development
Hi all. I want to write module for kerberos configuration. I planned configure realms by using subclasses like in saz-sudo module: ... ### Adding sudoers definition (includes installation of sudo) sudo::conf { 'admins': priority = 10, content = '%admins ALL=(ALL) NOPASSWD: ALL', } ... But this module just createing file in sudoers.d directory. krb5.conf did not provide 'include' directive, so i need to manage whole file. First i want to use augeas for this purposes, but find that augeas supplied with debian squeeze have troubles with krb5.conf. File have next structure: [section1] option1 = value option2 = value [section2] option3 = value option4 = value For example configuration of two realms looks like: [realms] ATHENA.MIT.EDU = { kdc = kerberos.mit.edu:88 kdc = kerberos-1.mit.edu:88 kdc = kerberos-2.mit.edu:88 admin_server = kerberos.mit.edu default_domain = mit.edu } MEDIA-LAB.MIT.EDU = { kdc = kerberos.media.mit.edu admin_server = kerberos.media.mit.edu } [domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU .media.mit.edu = MEDIA-LAB.MIT.EDU media.mit.edu = MEDIA-LAB.MIT.EDU Anybody have idea, how i can manage krb5.conf without augeas? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is it possible to conditionally replace a file ?
Hi, I would like to achieve a conditional file replacement but lightly different. I deploy recusively a directory with a lot of config files. This is my resource: file {/foo: ensure = directory, recurse = remote, source = puppet:///modules/module_name/configs/${hostname}/foo, ignore = [no_replace1.cfg,no_replace2.cfg], } I need to ignore these two files because they will not be puppet managed but initializated by puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/UWBdytLFhZ8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Cipher is not a module
Hi, I'm trying to install puppet as a client on a new machine. I received this weird error when trying to start up as /etc/init.d/ puppet start : /usr/lib/ruby/1.8/openssl/cipher.rb:22: Cipher is not a module (TypeError) from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `gem_original_require' from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `require' from /usr/lib/ruby/1.8/openssl.rb:20 from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `gem_original_require' from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `require' from /usr/lib/ruby/site_ruby/1.8/puppet/ssl.rb:3 from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `gem_original_require' from /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb: 36:in `require' from /usr/lib/ruby/site_ruby/1.8/puppet.rb:155 from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:271:in `require' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:271:in `initialize' from /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb: 60:in `new' from /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb: 60:in `execute' from /usr/bin/puppet:4 My Linux is 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux which is a Centos 5.6 and the packages I installed using yum install are: ruby-libs-1.8.7.352-5.el5 ruby-libs-1.8.5-5.el5_4.8 rubygem-activesupport-2.1.1-2.el5 ruby-1.8.7.352-5.el5 ruby-augeas-0.4.1-1.el5 ruby-irb-1.8.7.352-5.el5 rubygems-1.8.10-1.el5 rubygem-activerecord-2.1.1-2.el5 ruby-shadow-1.4.1-7.el5 ruby-rdoc-1.8.7.352-5.el5 libselinux-ruby-1.33.4-5.7.el5 facter-1.6.3-1.el5 puppet-2.7.6-2.el5 puppet-server-2.7.6-2.el5 I even removed the /usr/lib/ruby before reinstalling but it doesn't work. Funny thing is , it worked for my puppet master and one of my clients, and repeated the same way for this machine, but I kept getting this Cipher is not a module error. Please point out what I'm missing... thanks, K -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Dependencies: packages and repos
Hello, What's the best way of handling package installs that rely on a yum repository, which in turn relies on a gpg key? At the moment I have only RHEL6 boxes which have a few yumrepos defined and a few packages installed. The yumrepos in turn rely on an rpm-gpg key. I now need to add some RHEL5 boxes. The repos contain the major version name and require a different rpm-gpg key. I could hack around with some variables in the yumrepos module but this seems dirty. How are others handling this situation? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
This addresses how to distribute keys to node from the fileserver, but I wonder if there is a mechanism where if the key doesn't exist on the fileserver, the key that currently exists on the node is pulled in and saved for future reference - i.e. when new nodes are created. I believe a filebucket is what you are looking for: http://docs.puppetlabs.com/man/filebucket.html http://docs.puppetlabs.com/references/latest/type.html#filebucket Should be able to use it to back up your SSH keys during a puppet run. -Steve -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Set hourly of execution with service puppet
Hi guys! I'm from Brazil, and i'm learning puppet. I need set interval in puppet client for sync with puppetmaster... How i do it? Sorry my english Douglas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How do *you* handle yumrepo dependency chains?
Say you have a RHEL6 environment. You have some packages you want installed, these rely on a yumrepo. That yumrepo relies on an rpm-gpg key being installed. Now you get some RHEL5 boxes to add to the network. Your yumrepo RHEL6.2 with a dependency on the RHEL6 signing key now causes a problem: all of the rpms you need are the same, but those rpms rely on the RHEL6.2 yumrepo which is wrong, and that relies on the RHEL6 signing key which is wrong too. What approach do you use? Thanks. JB -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/94RonUV1yYYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Exported and Collected Resource With User Defined Resource Broken?
Hello all, The key issue is, if I uncomment the line: Myresource | | { ensure = present } I get the error: err: Could not find type Myresource on node hmaster I'm attempting to follow the instructions from the book Pro Puppet pgs. 143-145; however, it seems that there's a parser issue or I'm very lost, as I am unable to export and collect my resource while I am able to export and collect both host and sshkey resources fine. Am I doing something incorrectly? I am using Puppet 2.7.5 on both my puppet master (Debian with puppet built from source) and clients (CentOS 5 with puppet from rpmforge). A unit test to show the failure is as follows (everything in site.pp): -- node /hslave[0-9].local/ { class{hslave:} } node /hmaster.local/ { class{hslave: before = Class[hslave_file]} class{hslave_file:} } class hslave { # This works @myresource{ ${::hostname}-virtual: } # This works but can't seem to be collected @@myresource{ ${::hostname}: } } class hslave_file{ # This fails with: # err: Could not find type Myresource on node hmaster # Myresource | | { ensure = present } # This works fine Myresource | | { ensure = present } # This works fine myresource { ${::hostname}-extra: ensure = present } } define myresource($ensure = present) { file { /tmp/puppet_test$name: ensure = $ensure } } For reference, after running this on hmaster I have: [hadmin@hmaster ~]$ ls -l /tmp/*hmaster* -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster-extra -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster-virtual Thank you, Clay -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Password not changing during polling event but does using puppetd -vt
I have created a class for the root user that uses the User resource to manages the root password. All seems to work well and as expected when I use puppetd -vt on a machine (or if I restart the service on the client) but during a regular polling event the password is not changed and when I go into the dashboard I can see that the event for running my class is run. Just to make sure the clients are working properly, I added a line to a managed file and got the expected results of the file being replaced. Is this expected behaviour that I don't know about? Is there a way to put a client puppetd process into debug and trace so I can see the results? Any thoughts? Thanks a lot Andre -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Investigating catalog compile times and cpu utilization
https://github.com/rodjek/puppet-profiler ? -Dave On Jan 19, 7:12 am, Jake - USPS jacob.m.mcc...@usps.gov wrote: So recently I deployed some new puppet code in our environment and noticed CPU utilization on our puppetmasters went up a bit. This lead me to wonder what exactly did I add to cause catalog compiling to utilize more CPU? I was wondering if there is a way to check how long different parts in a recipe take to compile for a node(s) ... I know sometimes things I want to do can maybe be done in several different ways so if I was able to find a part in my recipe that is causing compiling to take longer maybe I can change it to be handled in a different way. I'll obviously be going back to see exactly what changes I actually made, but just curious if there is some way to check into something like this. Thanks, Jake -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Failed to Allocate Memory When Connected to LDAP
On 01/19/2012 03:37 PM, James Lee wrote: Hello, I have a Solaris 10 system running Puppet 2.6.8 that is experiencing a very unusual problem. It has been running fine up until I configured the system to use LDAP for users and groups. The problem is easily reproducible. Take ldap out of /etc/nsswitch.conf and it runs fine, once it's added back in, Puppet crashes: I've narrowed down what is triggering this problem, but I still do not know how to fix it. I created a barebones node configuration: node 'acad.es.gwu.edu' { package { SUNWzsh: ensure = installed, provider = sun, } notify { SUNWzsh is installed: require = Package[SUNWzsh], } } The 'package' resource will cause Puppet to crash with: acad ~ # puppet agent --test --environment=jameslee --no-report --noop /opt/csw/lib/ruby/gems/1.8/gems/puppet-2.6.12/lib/puppet/provider/package/apt.rb:15:in `[]=': failed to allocate memory (NoMemoryError) from /opt/csw/lib/ruby/gems/1.8/gems/puppet-2.6.12/lib/puppet/provider/package/apt.rb:15 ... Any other resource in the node configuration and Puppet runs without complaint. For example, I can manage users and everything. The weird thing is, once I disable 'ldap' in /etc/nsswitch.conf, Puppet will run with the packages resource too: acad ~ # puppet agent --test --environment=jameslee --no-report --noop info: Caching catalog for acad.es.gwu.edu info: Applying configuration version '1327080824' notice: /Stage[main]//Node[acad.es.gwu.edu]/Notify[SUNWzsh is installed]/message: current_value absent, should be SUNWzsh is installed (noop) notice: Finished catalog run in 4.66 seconds WEIRD! So I took a look at the 'apt.rb' file from the stack trace above and see that it is failing trying to set an environmental variable. To see whether it was that line or something else, I added: ENV[TEST] = foo to the very first line of the file. Should be harmless, but lo and behold: acad ~ # puppet agent --test --environment=jameslee --no-report --noop /opt/csw/lib/ruby/gems/1.8/gems/puppet-2.6.12/lib/puppet/provider/package/apt.rb:1:in `[]=': failed to allocate memory (NoMemoryError) Just trying to set the environmental variable crashed Puppet. Next, to see if 'ENV' was really growing out of control, I added 'p ENV' to the top of 'apt.rb' and the result wasn't anything out of the ordinary: acad ~ # puppet agent --test --environment=jameslee --no-report --noop {_=/usr/local/bin/puppet, PAGER=less, EDITOR=vim, OLDPWD=/opt/csw/lib/ruby/gems/1.8/gems/puppet-2.6.12/lib, PWD=/export/home/jameslee, SHLVL=1, HOME=/export/home/jameslee, PATH=/usr/local/sbin:/usr/local/bin:/opt/csw/sbin:/opt/csw/bin:/usr/sfw/bin:/usr/sbin:/usr/bin:/sbin:/bin, MAIL=/var/mail//jameslee, TZ=US/Eastern, LANG=C, TERM=xterm, DISPLAY=localhost:13.0, SHELL=/bin/zsh, LOGNAME=root, USER=root, SUDO_COMMAND=/bin/zsh, SUDO_USER=jameslee, SUDO_UID=19374, SUDO_GID=14} /opt/csw/lib/ruby/gems/1.8/gems/puppet-2.6.12/lib/puppet/provider/package/apt.rb:2:in `[]=': failed to allocate memory (NoMemoryError) I don't understand how setting ENV variables is fine without LDAP and crashes Puppet/Ruby with LDAP. At this point I suspect I am looking at a weird consequence of another problem, but I have no idea. I've been able to replicate this problem with Puppet 2.6.8, 2.6.12 running on Ruby 1.8.4 (from Sun Freeware) and 1.8.7 (from OpenCSW). If anyone has any ideas, I'd love to hear them. I really just need a fresh set of eyes at this point. Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Blocking or gating service restarts?
On 10 January 2012 18:36, Wolf Noble wno...@datapipe.com wrote: just a thought; what if you made a fact for number of apache workers currently serving something, and base the service restart off of that. Might not be the best option; might not even work, but it makes more sense to me to have the service restart dependent on a local fact than be dependent on something external to the server Interesting, making the machines LB status ( apache worker count etc would be pretty straightforward, machines already know if they are IS/OOS) - how do I use the fact to influence the restart - still needs a hook in the service resource type right? -- Simon McCartney E: si...@mccartney.ie M: +44 7710 836 915 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet on Windows - client installer?
I've been watching Puppet on Windows and may be interested in trying it out - our Linux team is already working with it in a pilot... The issue I see is it doesn't seem to have a msi or exe I could install on client computers, instead it looks like it'd need a ruby environment installed to get started (if I understand correctly)... Is this the case, or am I missing where the installer is? Is there any thought to creating a msi / exe installer in the future that would have puppet be self contained and run a service? Thank... -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Exported and Collected Resource With User Defined Resource Broken?
Hello all, The key issue is, if I uncomment the line: Myresource | | { ensure = present } (Despite having defined the resource) I get the error: err: Could not find type Myresource on node hmaster I'm attempting to follow the instructions from the book Pro Puppet pgs. 143-145; however, it seems that I'm very lost, as I am unable to export and collect my resource while I am able to export and collect both host and sshkey resources fine. Am I doing something incorrectly? I am using Puppet 2.7.5 on both my puppet master (Debian with puppet built from source) and clients (CentOS 5 with puppet from rpmforge). A unit test to show the failure is as follows (everything in site.pp): -- node /hslave[0-9].local/ { class{hslave:} } node /hmaster.local/ { class{hslave: before = Class[hslave_file]} class{hslave_file:} } class hslave { # This works @myresource{ ${::hostname}-virtual: } # This works but can't seem to be collected @@myresource{ ${::hostname}: } } class hslave_file{ # This fails with: # err: Could not find type Myresource on node hmaster # Myresource | | { ensure = present } # This works fine Myresource | | { ensure = present } # This works fine myresource { ${::hostname}-extra: ensure = present } } define myresource($ensure = present) { file { /tmp/puppet_test$name: ensure = $ensure } } For reference, after running this on hmaster I have: [hadmin@hmaster ~]$ ls -l /tmp/*hmaster* -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster-extra -rw-r--r-- 1 root root 0 Jan 11 07:54 /tmp/puppet_testhmaster-virtual Thank you, Clay -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Looking for real world server setup example
Hi, I am looking for real world server setups to learn more from others. The ones I know of are The Repository of David Schmitt http://projects.puppetlabs.com/projects/1/wiki/Complete_Configuration The Wikimedia Server repository http://blog.wikimedia.org/2011/09/19/ever-wondered-how-the-wikimedia-servers-are-configured/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64
Hello All, Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64. [root@1801 puppet-enterprise-2.0.0-el-5-x86_64]# ./puppet-enterprise- installer -a answers/full_suite.answer.sample Puppet Enterprise v2.0.0 installer for el-5-x86_64 STEP 1: READ ANSWERS FROM FILE ## Reading answers from file: answers/full_suite.answer.sample STEP 2: SELECT AND CONFIGURE ROLES This installer will offer to install the puppet master, console, cloud provisioner, and puppet agent roles. - puppet master The puppet master serves configurations to a group of puppet agent nodes. This role also provides MCollective's message queue and client interface. It should be installed on a robust, dedicated server. ?? Install puppet master? [y/N] y - cloud provisioner The cloud provisioner can create and bootstrap new machine instances and add them to your Puppet infrastructure. It should be installed on a trusted node where site administrators have shell access. ?? Install the cloud provisioner? [y/N] y - console The console is a web interface for viewing reports, classifying nodes, directly managing resources, controlling Puppet runs, and invoking MCollective agents. It should usually be installed on the puppet master server, but can also installed separately. ?? Install the console? [Y/n] y - puppet agent The puppet agent role is automatically installed with the console and puppet master roles. ?? Puppet master's unique certname? [Default: 1801.corp.st.org] 1801.corp.st.org ?? Puppet master's valid DNS names (comma-separated list)? [Default: 1801,1801.corp.st.org,puppet,puppet.corp.st.org] djaxlhpo9000,djaxlhpo9000.corp.citistreet.org,puppet,puppet.corp.citistreet.org ?? Port to serve the console over? [Default: 443] 443 ?? User name for accessing the console interface? [Default: console] console ?? Password for user console (minimum 4 characters)? ?? The console requires a MySQL database server. Install a new database server from your operating system's repository? [Y/n] n The console requires a MySQL database and a user account able to edit it.?? Is your existing MySQL server running on a remote host? [Y/ n] y ?? Database server hostname? [Default: localhost] 1801.corp.st.org ?? Database port? [Default: 3306] 3306 ?? Database name? [Default: console] console ?? Database user (must have all privileges on the database 'console')? [Default: console] console ?? Database user password (minimum 4 characters)? If the database and user have not yet been created on your database server, please log in as a privileged user now and set them up manually. Example SQL commands: CREATE DATABASE console CHARACTER SET utf8; CREATE USER 'console'@'localhost' IDENTIFIED BY 'consolepassword'; GRANT ALL PRIVILEGES ON console.* TO 'console'@'localhost'; CREATE DATABASE console_inventory_service CHARACTER SET utf8; GRANT ALL PRIVILEGES ON console_inventory_service.* TO 'console'@'localhost'; ?? Unique certname for this puppet agent node? [Default: 1801.corp.st.org] 1801.corp.st.org ?? Puppet master hostname to connect to? [Default: 1801.corp.st.org] 1801.corp.st.org - Convenience Links The selected Puppet software will be installed into /opt/puppet, which may not be included in your default shell PATH. For ease of use, this installer can create symbolic links to these executables in /usr/local/bin. ?? Create symbolic links to Puppet executables in /usr/local/bin? [Y/ n] y ## Saved answers to file: ./answers.lastrun STEP 3: CONFIRM PLAN ?? Perform installation? [Y/n] y ## Saved answers to file: /etc/puppetlabs/installer/answers.install Warning: overwriting /etc/puppetlabs/facter/facts.d/ puppet_enterprise_installer.txt Creating Backup: /etc/puppetlabs/facter/facts.d/ puppet_enterprise_installer.txt.bak STEP 4: INSTALL PACKAGES ## Installing packages from files... Preparing... ### [100%] 1:pe-httpd ### [ 2%] 2:pe-libevent ### [ 4%] 3:pe-augeas-libs ### [ 6%]
Re: [Puppet Users] Static Puppet Binary
I just wanted to ask a question here, is it possible to build a static binary that I could sep to a client machine, and have it do it's first run to connect to a puppet master? My plan is to use a static binary as a sort of installer for particular systems, as I don't really want to have to install puppet client on 70 systems by hand! These are all production servers already, so I'm not getting the opportunity to build them from the ground up. We have a script that preps a machine for puppet, it's usually called like this, on the remote box: curl http://puppetmaster.example.com/install-puppet.sh | bash -x the script just sets up the yum repos, removes any crufty ruby installed, yum installs our puppet rpms, pulling in the right ruby rpm runs the first puppet apply, with wait for cert then sets up the service. We also do a few other steps that trip us up (clock drift being one for certs, so ntpd is configured time pulled from a known good source etc). I can sanitize post this if you want. Simon. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Workaround for file syncing bug 6004
Hi, Does anyone by any chance know a work-around for the bug: https://projects.puppetlabs.com/issues/6004 ? I tried out 2.7.6 and the bug persisted in this version. Work-around, beta code fixes, tricks are greatly appreciated. Thanks, Rob -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] mysql errors
I'm currently running three puppet masters (version 2.7.3 via apache +passenger) in a cluster, 2 on CentOS 5.7, 1 on CentOS 6.1 On the 6.1 master, I am frequently getting the following error (approximately 50% of the time when a client connects): err: Could not retrieve catalog from remote server: Error 400 on SERVER: Mysql::Error: Unknown prepared statement handler (7) given to mysqld_stmt_execute: INSERT INTO `inventory_facts` (`name`, `node_id`, `value`) VALUES (?, ?, ?) I don't see any errors on the other two masters running CentOS 5.7. I have a separate server running CentOS 6.1 and MySQL 5.1.52 for the inventory db. On the masters, I have inventory configured in the puppet.conf as follows: facts_terminus = inventory_active_record dbadapter = mysql dbname = inventory dbuser = inventory dbpass = dbserver = x.x.x.x The masters are running ruby enterprise 1.8.7 and all have exactly the same versions of ruby gems installed. *** LOCAL GEMS *** activemodel (3.1.3) activerecord (3.1.3) activesupport (3.1.3) arel (2.2.1) builder (3.0.0) facter (1.6.3) fastthread (1.0.7) i18n (0.6.0) multi_json (1.0.3) mysql (2.8.1) mysql2 (0.3.10) passenger (2.2.9) puppet (2.7.3) rack (1.1.0) rake (0.8.7) tzinfo (0.3.31) The only (potentially related) differences I can see between the masters are with the mysql-libs package (5.1.52-1 on EL6.1 and 5.0.77-4 on EL5.7) and the ruby-mysql package (ruby-mysql-2.8.2-1 on EL6.1, ruby-mysql-2.7.3-1 on EL5.7), although I'm not sure if this is relevant. Any help regarding these errors would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: mysql errors
Looks like this message didn't reach the group for some reason. For clarity though, I found that this was occurring on all three masters. I was able to resolve this by downgrading the activerecord gem on the puppet masters from 3.1.3 to 3.0.5. On 13 January 2012 08:31, jamese james.eckers...@gmail.com wrote: I'm currently running three puppet masters (version 2.7.3 via apache +passenger) in a cluster, 2 on CentOS 5.7, 1 on CentOS 6.1 On the 6.1 master, I am frequently getting the following error (approximately 50% of the time when a client connects): err: Could not retrieve catalog from remote server: Error 400 on SERVER: Mysql::Error: Unknown prepared statement handler (7) given to mysqld_stmt_execute: INSERT INTO `inventory_facts` (`name`, `node_id`, `value`) VALUES (?, ?, ?) I don't see any errors on the other two masters running CentOS 5.7. I have a separate server running CentOS 6.1 and MySQL 5.1.52 for the inventory db. On the masters, I have inventory configured in the puppet.conf as follows: facts_terminus = inventory_active_record dbadapter = mysql dbname = inventory dbuser = inventory dbpass = dbserver = x.x.x.x The masters are running ruby enterprise 1.8.7 and all have exactly the same versions of ruby gems installed. *** LOCAL GEMS *** activemodel (3.1.3) activerecord (3.1.3) activesupport (3.1.3) arel (2.2.1) builder (3.0.0) facter (1.6.3) fastthread (1.0.7) i18n (0.6.0) multi_json (1.0.3) mysql (2.8.1) mysql2 (0.3.10) passenger (2.2.9) puppet (2.7.3) rack (1.1.0) rake (0.8.7) tzinfo (0.3.31) The only (potentially related) differences I can see between the masters are with the mysql-libs package (5.1.52-1 on EL6.1 and 5.0.77-4 on EL5.7) and the ruby-mysql package (ruby-mysql-2.8.2-1 on EL6.1, ruby-mysql-2.7.3-1 on EL5.7), although I'm not sure if this is relevant. Any help regarding these errors would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] multiple versions of a package (gems) in puppet
Hi -- I'm setting our servers up to use puppet, and have hit a bit of a sticking point with the gems we require. For some of our servers, we need to install multiple versions of the same gem, so I tried something like this: class gems::gems::rails { define gempackage::rails ( $version = $title ) { Class[ gems::params ] - Gempackage::Rails[ $version ] package { rails-${ version }: name = rails, ensure = $version, provider = gem, } } gempackage::rails { $gems::params::railsversions: } } The variable $gems::params::railsversions is something like [ 2.1.1, 2.3.4 ] for one of the (ancient!) cases. What I was hoping to do, here, was to have the package installed for each version. It wouldn't allow a package of the same title to be declared twice, so I made that unique, but am still failing on the name of the package not being unique. I can't be the only person who needs to do something like this, but I've failed to google up anything that might help me get the multiple versions installed. Could anyone please advise me on how I might get around this problem? I'm completely stumped! Thanks in advance for any all assistance, Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] courier imap/pop not refreshing
(My apologies for the attachment, I'm sleepy and did -a not -i in mutt.) This electronic message contains information from Primus Telecommunications Canada Inc. (PRIMUS) , which may be legally privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or e-mail (to the number or address above) immediately. Any views, opinions or advice expressed in this electronic message are not necessarily the views, opinions or advice of PRIMUS. It is the responsibility of the recipient to ensure that any attachments are virus free and PRIMUS bears no responsibility for any loss or damage arising in any way from the use thereof.The term PRIMUS includes its affiliates. Pour la version en français de ce message, veuillez voir http://www.primustel.ca/fr/legal/cs.htm -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Failed to Allocate Memory When Connected to LDAP
Hello, I have a Solaris 10 system running Puppet 2.6.8 that is experiencing a very unusual problem. It has been running fine up until I configured the system to use LDAP for users and groups. The problem is easily reproducible. Take ldap out of /etc/nsswitch.conf and it runs fine, once it's added back in, Puppet crashes: acad ~ # puppet agent --test --environment=jameslee --no-report info: Caching catalog for acad.es.gwu.edu info: Applying configuration version '1327003919' --- /etc/nsswitch.conf Thu Jan 19 15:11:54 2012 +++ /tmp/puppet-file5186.0 Thu Jan 19 15:13:04 2012 @@ -13,8 +13,8 @@ # hosts: and services: in this file are used only if the # /etc/netconfig file has a - for nametoaddr_libs of inet transports. -passwd: files -group: files +passwd: files ldap +group: files ldap hosts: files dns ipnodes:files networks: files info: FileBucket got a duplicate file {md5}4dc29d1e26abeda92f07cbf7ea8c8184 info: /Stage[main]/Solaris/File[/etc/nsswitch.conf]: Filebucketed /etc/nsswitch.conf to puppet with sum 4dc29d1e26abeda92f07cbf7ea8c8184 notice: /Stage[main]/Solaris/File[/etc/nsswitch.conf]/content: content changed '{md5}4dc29d1e26abeda92f07cbf7ea8c8184' to '{md5}42577aabe4178912e5f5c030a7d72634' notice: Finished catalog run in 59.61 seconds acad ~ # puppet agent --test --environment=jameslee --no-report /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/provider/package/apt.rb:15:in `[]=': failed to allocate memory (NoMemoryError) from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/provider/package/apt.rb:15 from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/classgen.rb:117:in `genthing' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/classgen.rb:28:in `genclass' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/type.rb:1446:in `provide' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/provider/package/apt.rb:1 from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/autoload.rb:113:in `loadall' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/autoload.rb:109:in `loadall' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/autoload.rb:108:in `loadall' ... 51 levels... from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/application.rb:305:in `run' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/lib/puppet/util/command_line.rb:62:in `execute' from /usr/local/lib/ruby/gems/1.8/gems/puppet-2.6.8/bin/puppet:4 from /usr/local/bin/puppet:19 This system has 6 GB of memory of which only 168 MB are being used. It does not appear that the puppet process running under the LDAP configuration balloons out of control either, so I can't imagine it's actually running out of memory. I tested Puppet 2.6.12 and it has the same problem. Unfortunately trying 2.7 is not possible at the moment. For what it's worth, I can reduce the node's configuration down to basically nothing and the problem goes away, so there is something in one of our modules that is triggering the problem, but I have no idea what. The stack trace above gives me no real clues (it's a Solaris system, there is no APT system, and removing the apt provider just pushes the crash to another file, same message). I don't have any LDAP related resources in the Puppet configuration (like LDAP user resources). What is it about LDAP that simply enabling it could cause Puppet to crash? How might I go about debugging this? The full debug output is shown below. Thanks, James acad ~ # puppet agent --test --environment=jameslee --no-report --debug debug: Failed to load library 'shadow' for feature 'libshadow' debug: Puppet::Type::User::ProviderPw: file pw does not exist debug: Failed to load library 'ldap' for feature 'ldap' debug: Puppet::Type::User::ProviderLdap: feature ldap is missing debug: Puppet::Type::User::ProviderUseradd: file chage does not exist debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dscl does not exist debug: Failed to load library 'selinux' for feature 'selinux' debug: Puppet::Type::File::ProviderMicrosoft_windows: feature microsoft_windows is missing debug: /File[/var/lib/puppet/state/last_run_report.yaml]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/state/classes.txt]: Autorequiring File[/var/lib/puppet/state] debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/puppet] debug: /File[/etc/puppet/ssl/certs]: Autorequiring File[/etc/puppet/ssl] debug: /File[/etc/puppet/ssl/certs/ca.pem]: Autorequiring File[/etc/puppet/ssl/certs] debug: /File[/etc/puppet/ssl/public_keys]: Autorequiring File[/etc/puppet/ssl] debug: /File[/var/lib/puppet/state/last_run_summary.yaml]: Autorequiring
[Puppet Users] Setup examples
Hi, I am looking for real world server setups to learn more from others. The ones I know of are The Repository of David Schmitt http://projects.puppetlabs.com/projects/1/wiki/Complete_Configuration The Wikimedia Server repository http://blog.wikimedia.org/2011/09/19/ever-wondered-how-the-wikimedia-servers-are-configured/ Regards, Kai -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Configuring Puppet from Master to Agent
Hi, We have a specific configuration where Puppet Agents are in an internet DMZ, Puppet Master is on the LAN and there's no way for Puppet Agents to connect to the Puppet Master. We have opened port 8139 for the Master to establish the connection to the Agents. So, we have the problem for configuration. We need the Agents to connect to the Master so that the Master can generate the certificate and accept the Agent request. Usually this is done via the Agent requesting the Master to sign and accept. We need this done the other way, the Master generating signed certificates for the Agents and distributing the certificates to the Agents. We didn't find the documentation on the specific procedure. Thanks for your hints, Regards, Gilles -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet client server connection refused when I use puppet kick
I have very strange problem. I set up puppet client on serveral servers but have problem with one of them. When I invoke: root@www ~ # puppet agent --server puppetmaster.domain.ltd --test notice: Ignoring --listen on onetime run info: Caching catalog for puppetclient.domain.ltd info: Applying configuration version '132631' notice: Finished catalog run in 3.15 seconds everything works ok. New changes are applied to system. When I try to pull changes to client from server: root@www ~ # puppet kick puppetclient.domain.ltd I got errors on client's syslog: Jan 15 14:01:23 www puppet-agent[20903]: triggered run Jan 15 14:01:24 www puppet-agent[20903]: Could not retrieve catalog from remote server: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: Using cached catalog Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Cronapt/ File[/etc/cron.daily/cronapt]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///cronapt/cronapt: Connection refused - connect(2) at /etc/puppet/modules/cronapt/ manifests/init.pp:7 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/usr/lib/nagios/plugins/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/usr/lib/nagios/plugins/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/usr/lib/nagios/plugins: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:27 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/nrpe.cfg]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/nrpe.cfg: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:18 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ Exec[/etc/init.d/nagios-nrpe-server reload]) Dependency File[/etc/ nagios/nrpe.cfg] has failures: true Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ Exec[/etc/init.d/nagios-nrpe-server reload]) Skipping because of failed dependencies Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/etc/apache2/conf.d/deny.conf]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/conf.d/deny.conf: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:7 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ Service[apache2]) Dependency File[/etc/apache2/conf.d/deny.conf] has failures: true Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ Service[apache2]) Skipping because of failed dependencies Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/cfg.d/]) Failed to generate additional resources using 'eval_generate: Connection refused - connect(2) Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Nagios/ File[/etc/nagios/cfg.d/]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///nagios/etc/nagios/cfg.d: Connection refused - connect(2) at /etc/puppet/modules/nagios/ manifests/init.pp:37 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/etc/apache2/.htpasswd]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/etc/apache2/.htpasswd: Connection refused - connect(2) at /etc/puppet/modules/apache2/ manifests/init.pp:31 Jan 15 14:01:24 www puppet-agent[20903]: (/Stage[main]/Apache2/ File[/usr/share/phpmyadmin/.htaccess]) Could not evaluate: Connection refused - connect(2) Could not retrieve file metadata for puppet:///apache2/usr/share/phpmyadmin/.htaccess: Connection refused - connect(2) at /etc/puppet/modules/apache2/manifests/init.pp:23 Jan 15 14:01:24 www puppet-agent[20903]: Finished catalog run in 0.33 seconds Jan 15 14:01:24 www puppet-agent[20903]: Could not send report: Connection refused - connect(2) Here are configuration files at puppetclient.domain.ltd puppet.conf [main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates prerun_command=/etc/puppet/etckeeper-commit-pre postrun_command=/etc/puppet/etckeeper-commit-post listen = true runinterval=1800 splay=true summarize = true auth.conf: path / method find, search, save auth yes allow puppetmaster.domain.ltd namespaceauth.conf [fileserver] allow * [puppetmaster] allow * [puppetrunner] allow * [puppetbucket] allow * [puppetreports] allow * [resource] allow * Puppet master version 2.7.9 Puppet client version 2.7.6
[Puppet Users] Using LDAP with puppet
Does anyone have experience using LDAP as the ENC at medium to large scale? We have around 600 nodes but will quickly grow that to 2000 or so in short order. If so, is it working well? Would you do it again? If it didn't work what did you replace it with? We are thinking of using it and was looking for a little feedback from the group if anyone has done this. On the surface it sounds very nice to have the flexibility of a standards based system like LDAP and I know LDAP can scale very well for read intensive operations. Cheers! -Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Blocking or gating service restarts?
Generally, Puppet uses a service's init script to manipulate it, so you can alter services' restart behavior by modifying their init scripts. That has the additional advantage that you get the same behavior if the service is ever restarted any other way. good point, but now I have to repackge or overlay standard init scripts (httpd mysql at least, others are ours so less of an issue) There is no way to tell Puppet to start processing one resource, switch to processing a different resource, and later resume with the I'd be happy enough for the puppet apply to just stall during bleed-down etc first. You could possibly split the load balancer bleed-down and spin- up into separate resources, however, and use standard Puppet 'require' and 'before' relationships or resource chaining to establish order of application. That might be advantageous if there are multiple resources you want to manage only while the load-balancer is down. That sounds interesting, but how would you get the require/before to apply to just a service restart as a result of the subscription? eg if i have: service { 'mysqld': ensure = running, enable = true, subscribe = File['/etc/my.cnf'], require = [ Package['mysql-server'], File['/prod/mysql'] ], } I'm want mysql to restart for any changes to /etc/my.cnf, but only when the machine is OOS. We have tools that coordinate restarts atm, but from the CC out, not boxes asking of they can restart, I'm thinking along the lines of a hook in the service resource type to call a user-defined script to check if it's ok to restart, blocking the puppet run until it gets an answer, the user defined script then does what ever comms required to see if CC are ok with the OOS/restart. (we do rolling deploys by allowing up to X% of machines in a given service to go OOS for deployments) Simon. -- Simon McCartney E: si...@mccartney.ie M: +44 7710 836 915 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
Remember, there is always some amount of manual stuff to do. 1) Install the OS (or clone your VM.) 2) Set the IP/hostname 3) Install puppet 4) Have the puppetmaster sign the cert Meh :P .. If you're using a Xen environment, we've taken care of this part already, where a puppet recipe creates a new vm, sets ip addr, installs puppet and gets the certs signed. So when the new vm boots its already pulling changes as per its node definition on master :) We plan to open source the module soon at github :) -- Krish olindata.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Cross-module dependencies
On Jan 26, 11:00 am, jcbollinger john.bollin...@stjude.org wrote: If we must rely only on features already present in Puppet, then I think that's heading in the right direction. On the other hand, if we can wish for new features to address this area, then there may be altogether different approaches available. In particular, it is useful to recognize that dependencies are not just on a particular resource generally -- rather, they are on a particular resource having certain specific properties. For example, a web server module doesn't just rely on, say, Package['httpd']. Rather, it relies on that package having an 'ensure' parameter different from 'absent' and 'purged'. Puppet DSL does not currently have a means to express that. Consider, then, a new metaresource type, Constraint. The purpose of the Constraint resource type would be to allow multiple unrelated classes to collaborate on defining the properties of a single resource, and it would do so by allowing classes to limit the values that chosen resource properties may have. At compilation time, Puppet would collect and combine all the constraints on any particular resource, and use the results to set unspecified property values and validate specified ones. Usage might look something like this: constraint { 'webserver-httpd_package-present': resource = Package['httpd'], property = 'ensure', forbidden_value = [ 'absent', 'purged' ], # also available: allowed_value # maybe: default_value } Not only would this nicely meet the needs of different modules to express their requirements on shared resources, it would also make it much easier to recognize resource conflicts. If Puppet automatically generated empty resource definitions to constrain when it discovered constraints on otherwise-undefined resources, then that would also overcome the problem of deciding where to define particular resources. I can imagine many -- perhaps most -- resource definitions being replaced or supplemented by constraint declarations. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Apologies for massive message queue
We found that we had several messages awaiting moderation. That problem is being resolved, but that's the reason for high-volume on the list today. Mike -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do *you* handle yumrepo dependency chains?
On Thu, Jan 26, 2012 at 6:56 AM, jimbob palmer jimbobpal...@gmail.com wrote: Say you have a RHEL6 environment. You have some packages you want installed, these rely on a yumrepo. That yumrepo relies on an rpm-gpg key being installed. Now you get some RHEL5 boxes to add to the network. Your yumrepo RHEL6.2 with a dependency on the RHEL6 signing key now causes a problem: all of the rpms you need are the same, but those rpms rely on the RHEL6.2 yumrepo which is wrong, and that relies on the RHEL6 signing key which is wrong too. What approach do you use? I read this description a couple times and don't think I quite understand the question. You can specify keys per client repo. You can also use execs to install rpm-gpg keys. Is the issue you have one yum repo and you're pointing both EL5 and EL6 boxes at it? Thanks. JB -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/94RonUV1yYYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Question about puppet module development
On Jan 26, 2012, at 12:03 PM, Spirit wrote: Hi all. I want to write module for kerberos configuration. I planned configure realms by using subclasses like in saz-sudo module: snip Anybody have idea, how i can manage krb5.conf without augeas? The following uses the concat module to manage a krb5.conf file. http://cern.ch/go/vSK8 Steve. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dependencies: packages and repos
On Jan 25, 2012, at 11:10 AM, jimbob palmer wrote: Hello, What's the best way of handling package installs that rely on a yum repository, which in turn relies on a gpg key? At the moment I have only RHEL6 boxes which have a few yumrepos defined and a few packages installed. The yumrepos in turn rely on an rpm-gpg key. I now need to add some RHEL5 boxes. The repos contain the major version name and require a different rpm-gpg key. I could hack around with some variables in the yumrepos module but this seems dirty. How are others handling this situation? http://cern.ch/go/Cq7D Is an example of a case statement setting a yum path based on OS version,yum can pull in gpg direct from a remote URL rather than pushing it to the box first which is then one less step for puppet to handle. Steve. Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is it possible to conditionally replace a file ?
2012/1/25 Juan José Presa Rodal juan...@gmail.com: Hi, I would like to achieve a conditional file replacement but lightly different. I deploy recusively a directory with a lot of config files. This is my resource: file {/foo: ensure = directory, recurse = remote, source = puppet:///modules/module_name/configs/${hostname}/foo, ignore = [no_replace1.cfg,no_replace2.cfg], } I need to ignore these two files because they will not be puppet managed but initializated by puppet. A recursive file resource is less specific than a file resource managing an individual file. If you install those two configuration files with `file { .../no_replace1.cfg: ensure = present, ... }`, Puppet will put them in place if they are missing, but otherwise ignore their content. It will also prevent the recurse from overwriting them. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Is it possible to conditionally replace a file ?
Ok, I understand. But i have not control about these individual noreplace files because are $hostname dependent. In different hostnames, have different specific source locations. So that was the reason for I need something similar to ignore parameter. (Or a workaround) Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/4IQqlPIF6YwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Multiple Service definitions of the same type
I think if you remove this line, name = memcached, you should be fine as long as $service_name is unique per instance. Ramin On Jan 24, 2:50 pm, Bryan Beaudreault bbeaudrea...@hubspot.com wrote: Hello, I am trying to make it so that more than 1 instance of memcached can run on a single service. I have a special init.d script that can handle this, but want to define the service multiple times in a puppet class. Here is the definition I am using: service { $service_name: name = memcached, ensure = running, enable = true, start = $init_script start $service_name, stop = $init_script stop $service_name, status = $init_script status $service_name, restart = $init_script restart $service_name, hasstatus = true, require = [Package[memcached],File[$file_name]] } I used the $service_name so that the defintion would be unique, but now puppet is throwing this error: Puppet::Parser::AST::Resource failed with error ArgumentError: Cannot alias Service[11411] to [memcached]; resource [Service, [memcached]] already exists at How can I achieve what I am trying to achieve? Any ideas? Thanks, Bryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
I am relatively new to both Puppet and ssh-keys, but is it possible for the PuppetMaster to generate all the keys rather that each client creating their own ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How do *you* handle yumrepo dependency chains?
Cobbler “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - jimbob palmer jimbobpal...@gmail.com wrote: Say you have a RHEL6 environment. You have some packages you want installed, these rely on a yumrepo. That yumrepo relies on an rpm-gpg key being installed. Now you get some RHEL5 boxes to add to the network. Your yumrepo RHEL6.2 with a dependency on the RHEL6 signing key now causes a problem: all of the rpms you need are the same, but those rpms rely on the RHEL6.2 yumrepo which is wrong, and that relies on the RHEL6 signing key which is wrong too. What approach do you use? Thanks. JB -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/94RonUV1yYYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?
On 26 Jan 2012, at 19:29, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Jan 26, 2012 at 03:57:08PM +, Steve Traylen wrote: Hi, After upgrading a server and client from 2.6.13 to 2.7.10 my configuration with array attributes are behaving differently. 3 examples: (1) k5login {'/root/.k5login-test': principals = ['m...@cern.ch', 't...@cern.ch'], } while .k5login file is created perfectly but every puppet run updates the file with. notice: /Stage[main]/Kerberos::Root/K5login[/root/.k5login-test]/principals: principals changed ['m...@cern.ch', 't...@cern.ch'] to 'm...@cern.ch t...@cern.ch' Notice how the ['A','B'] is compared to 'A B' The ['A','B'] vs 'A B' *seems* to be just a display thing because the current value and the desired value are handled differently when printing them out (should_to_s vs. is_to_is in property.rb). Can you please tell me the ruby version you are using? So we can rule 1.8.5 incompabilities out? Hi, Stefan, other than puppet and facter which are from the puppetlabs repo everything is rhel6 defaults so ruby 1.8.7 and facter 1.6.5 -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing SSH host private keys
On Thu, Jan 26, 2012 at 06:32:49PM +, Dan White wrote: I am relatively new to both Puppet and ssh-keys, but is it possible for the PuppetMaster to generate all the keys rather that each client creating their own ? This might be one of the places where erb (templates) being evaluated on the puppetmaster will help. I'm just speculating, but there's no technological reason why the puppetmaster shouldn't use erb/ruby to fork ssh-keygen and store the result in some local directory. The puppet template can either create a private key, or copy in the results of a previous ssh-keygen run. I don't see technical obstacles, only security obstacles. You may not want all your ssh private keys stored in one place, for instance. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Configuring Puppet from Master to Agent
http://serverfault.com/questions/137292/how-can-i-pre-sign-puppet-certificates “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Gilles gilles.antone...@gmail.com wrote: Hi, We have a specific configuration where Puppet Agents are in an internet DMZ, Puppet Master is on the LAN and there's no way for Puppet Agents to connect to the Puppet Master. We have opened port 8139 for the Master to establish the connection to the Agents. So, we have the problem for configuration. We need the Agents to connect to the Master so that the Master can generate the certificate and accept the Agent request. Usually this is done via the Agent requesting the Master to sign and accept. We need this done the other way, the Master generating signed certificates for the Agents and distributing the certificates to the Agents. We didn't find the documentation on the specific procedure. Thanks for your hints, Regards, Gilles -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Writing a resource type provider in Python
On Fri, Jan 20, 2012 at 4:14 PM, Tom Limoncelli t...@whatexit.org wrote: Is it possible to write a provider in Python? I have to access something via a library that is written in Python. I'd rather not rewrite the library in Ruby, or call out to shell. I couldn't find any references on how to do this on the Puppet website and web searches for [puppet providers in python] or [writing puppet resources in python] mostly turn up links about using Puppet to manage Python and Python packages. AFAIK, currently only in Ruby. Maybe something like http://rubypython.rubyforge.org/ can bridge the gap. Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Now that we have puppet node install....
I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Is anyone using Rump...?
A couple of months ago I stumbled across a presentation of Rump (https://github.com/railsmachine/rump) and I thought that it was kind of interesting to use this when developing new modules. But I tend to shy away from it, as it doesn't seem to be used (a google search on rump puppet does _not_ give you the results you want, mind you!). So, I'll ask here: Is anyone using it..? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] constraint checking
On Jan 25, 2012, at 8:59 AM, Christopher Wood wrote: (Define generalized?) Works in more than one specific situation. Also, could you expound? I don't know any production scenario where it's desirable to have anything other than an exact known configuration of hosts. One thing about a well-written piece of generic code is that it can be used in many environments. A lot of my modules do things like do I have an external interface or am I behind the firewall? and do different things based on those answers. Likewise, when dealing with software components you could be on a system dedicated to just that one component, or you could be on a Dev/QA box which has dozens of such components installed. The behavior calls for different actions there. It is very tricky, to the point of impossible in some scenarios, to write this kind of intelligent decision choices in Puppet today. You can successfully determine if a given class is loaded in the client's manifest, but determining if certain things are set within the class is only possible in situations where ordering can be clearly constrained. This makes it truly impossible for someone on a different team to write a generic purpose module to fit Dev/QA/Prod-US/Prod-EU/Prod-AP/etc environments without having someone sit down and carefully work out the dependency flow through the modules to make this happen. And frankly, that kind of hardcore one-two-three ordering goes against the design philosophy of Puppet. It's also nearly impossible when the ordering is more like 1, 2...67588, 67589 operations. I don't believe that Puppet 2.x is capable of solving this problem. But I believe it should be a heavy design criteria for Puppet v3. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: constraint checking
On Jan 26, 2012, at 6:19 AM, jcbollinger wrote: For the most part, I think this reflects the difficulty of the underlying problem more than any inadequacy of Puppet. If multiple independent subsystems place different demands on the same resources, then you have a mess to sort out no matter what tools you use to do it. On the other hand, if multiple independent subsystems place the same demands on certain resources, then that's pretty easy to handle, with Puppet or otherwise. I disagree. I have about 12 different modules, any combination of which may be applied to a given system, all of which need to ensure that sshd is installed and running on a system. They all have a single, common need. However, some of those modules also run on systems where we don't need to ensure that sshd is running. The solution to this is an interlocking maze of module dependancies which is downright terrifying. You can't import because of redefinitions. You yourself know well and deeply the issues involved with calling the same class from different places with different parameters. It is nearly impossible to get there from here. The ability for puppet to say oh, I've seen this definition before and it's exactly the same so that's not an error would be a tremendous improvement. That's not to deny that there is room for Puppet to improve here, but I suspect there is less room than you suppose. I did an intensive deep dive on the current puppet code base regarding this issue, and my diagnosis was that it was currently impossible without a complete rewrite of the dependency hierarchy, and likely the addition of a third phase between the current two to improve this situation. Assuming I am right, this is a major overhaul. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Now that we have puppet node install....
On Jan 26, 2012, at 12:06 PM, Juri Rischel Jensen wrote: I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? that's what I do (use the gem) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Now that we have puppet node install....
On Thu, Jan 26, 2012 at 11:06, Juri Rischel Jensen juri.risc...@gmail.com wrote: I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? Gems are generally a pretty bad user experience for install - we have lots of feedback here to indicate that they cause lots of headaches. I would suggest, instead, that you either use the OS packages we produce, or roll your own deb or RPM package that you can easily enough track trunk with. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Now that we have puppet node install....
On Thu, Jan 26, 2012 at 2:49 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Jan 26, 2012 at 11:06, Juri Rischel Jensen juri.risc...@gmail.com wrote: I've been playing a bit with the puppet node install command, and I was wondering if I should change to using puppet installed as a gem instead of deb/rpm/whatever? That would allow me to use the very latest puppet versions, without building my own deb/rpm packages or waiting for them to become available upstream. What's your thoughts on this...? Gems are generally a pretty bad user experience for install - we have lots of feedback here to indicate that they cause lots of headaches. I would suggest, instead, that you either use the OS packages we produce, or roll your own deb or RPM package that you can easily enough track trunk with. Also apt.puppetlabs.com and yum.puppetlabs.com are reasonably up to date. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?
On Thu, Jan 26, 2012 at 10:39, Steve Traylen steve.tray...@cern.ch wrote: On 26 Jan 2012, at 19:29, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Jan 26, 2012 at 03:57:08PM +, Steve Traylen wrote: After upgrading a server and client from 2.6.13 to 2.7.10 my configuration with array attributes are behaving differently. 3 examples: […] Can you please tell me the ruby version you are using? So we can rule 1.8.5 incompabilities out? Hi, Stefan, other than puppet and facter which are from the puppetlabs repo everything is rhel6 defaults so ruby 1.8.7 and facter 1.6.5 Hrm. Looks like that might be a bug. Can you file tickets reflecting the different issues you are hitting? -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64
On Thu, Jan 12, 2012 at 10:05, Ramesh Kumar rameshkumar...@gmail.com wrote: Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64. You are likely to get better responses over on the PE users mailing list: https://groups.google.com/forum/#!forum/puppet-users -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: constraint checking
On Thu, Jan 26, 2012 at 6:19 AM, jcbollinger john.bollin...@stjude.orgwrote: On Jan 25, 10:53 am, Jo Rhett jrh...@netconsonance.com wrote: On Jan 25, 2012, at 8:30 AM, Nick wrote: But then I have to anticipate every possible value of $shell and define resources for them. Anything which is not defined like this is not usable within the scheme, because there will be no file resource to realize and require. And of course, it also means nothing else can say anything about any of these files without blowing up, because my code owns them. So far as I can see, this property of resources makes it hard to write self-contained and reusable modules, and this is frustrating. I just want to say +1 to this. I have found Puppet to be a wonderful way to deeply tie all your automation to an exact known configuration of hosts, but pretty much useless for dealing with situations in a generalized fashion. It is hard enough to track all the dependencies on modules being written by different people within the same team. I cannot image the pain which must be felt by people who have modules written by geographically and politically disperse teams. It's actually not that bad at all from past experience when all the content is being written in-house, even if the authors are organizationally, politically and geographically disperse. If you have dependencies upon foreign content you didn't author, express it at the class level. This allows the other authors to refactor their own classes internally, and not break your dependencies. If you can't do this, one or both sides need to do refactoring so that it's possible. If you're building content you expect others to use more than once within a given catalog, provide it in the form of defined types with well-named parameters. You do need to have a robust release process in place along the lines of the classic dev - test - prod environments. If your teams push out change at significantly different rates, you may need to break up environments more to allow for this flexibility. For the most part, I think this reflects the difficulty of the underlying problem more than any inadequacy of Puppet. If multiple independent subsystems place different demands on the same resources, then you have a mess to sort out no matter what tools you use to do it. On the other hand, if multiple independent subsystems place the same demands on certain resources, then that's pretty easy to handle, with Puppet or otherwise. That's not to deny that there is room for Puppet to improve here, but I suspect there is less room than you suppose. +1 There are some things we could all do collectively to improve the situation, particularly around pre-commit hooks to version control. Functionality I've found useful in the past here was: * check whether the changed manifests parse * verify whether foreign class dependencies are fulfilled * verify whether references to file sources actually exist etc etc -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Problem with not installing package, exec do an error
On Fri, Jan 13, 2012 at 11:04, coralie ve coralie...@gmail.com wrote: I have a list of successive package, and it occured that some package are not installed. […] So i try something desperate : exec { 'sudo apt-get install libmemcached-dev': path = ['/usr/bin'], alias = memDev, require = Exec[updateGem], } Unfortunatly it doesn't work either : err: /Stage[main]//Exec[sudo apt- get install libmemcached-dev]/returns: change from notrun to 0 failed: sudo apt-get install libmemcached-dev returned 1 instead of one of [0] at /mnt/hgfs/puppet/install.pp:10 I would prefer to do it with package, so if someone have an idea. It looks to me like your problem is with `apt-get` itself, rather than Puppet - we can't install a package if the underlying tool refuses to do so. At a guess, the `sudo` in the exec is not going to help, but since the agent runs as root you shouldn't have a problem. So, can you try running the `apt-get install libmemcached-dev` package by hand and see what the output is? Paste it into this thread if you can't figure it out directly from that. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Password not changing during polling event but does using puppetd -vt
On Thu, Jan 12, 2012 at 14:08, Andre an...@andaff.com wrote: I have created a class for the root user that uses the User resource to manages the root password. All seems to work well and as expected when I use puppetd -vt on a machine (or if I restart the service on the client) but during a regular polling event the password is not changed and when I go into the dashboard I can see that the event for running my class is run. Just to make sure the clients are working properly, I added a line to a managed file and got the expected results of the file being replaced. Is this expected behaviour that I don't know about? Nope. Is there a way to put a client puppetd process into debug and trace so I can see the results? If you run it with `--debug` and `--trace` as a daemon, those log messages will go to syslog like everything else. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Set hourly of execution with service puppet
On Fri, Jan 20, 2012 at 10:22, Douglas Brancaglion douglas.rea...@gmail.com wrote: I'm from Brazil, and i'm learning puppet. I need set interval in puppet client for sync with puppetmaster... How i do it? The documentation on all the settings is here: http://docs.puppetlabs.com/references/stable/configuration.html You can find the appropriate setting, and the rest of our configuration, documented in there. (You want the `runinterval` setting this time. :) -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Anyone know a good tool for 'watching' configurations?
On Tue, Jan 24, 2012 at 08:02, NixFU nixfu.ni...@gmail.com wrote: Now that we have configuration management for our OS and we are actively managing our operating systems nearly hands off we want to now start doing some configuration mgmt of our applications. We don't frankly see having all our application teams use puppet or anything else to actively manage their applications. What we would like to do is watch the applications and know when things change. Basically, watch the directories that the developers put their applications into and keep a history of what changes and when. Does anyone have any idea on if there are any tools that can provide the ability to watch directories for changes like that. The Puppet Enterprise suite includes some compliance tools that use the Puppet model to watch the system and note changes - at the level of resources, rather than just files, so you can monitor, eg, user and service resources. Beyond that, I don't know of anything that works at a higher level that this file changed - but I have never really invested much effort in looking. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Moving to RVM Ruby 1.9 and Puppet
On Thu, Jan 26, 2012 at 07:52, Matt mjbl...@gmail.com wrote: Has anyone had any experience with using RVM with Puppet? Many, probably most, of the developers here use RVM around Puppet development. I know with puppet 2.6 it directly invokes /usr/bin/ruby on RHEL based OSes but in 2.7 I see that its using env to invoke ruby. It should just work™ the same way anything else Ruby-ish does. Is there a noticable performance increase with ruby 1.9 over 1.8? Not that you are likely to see; most of the performance issues people hit with Puppet are caused by things other than MRI or 1.8.7 being slow. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] arrays after upgrade to 2.7 and ['A','B'] compared to 'A B'?
On Thu, Jan 26, 2012 at 11:52:52AM -0800, Daniel Pittman wrote: On Thu, Jan 26, 2012 at 10:39, Steve Traylen steve.tray...@cern.ch wrote: On 26 Jan 2012, at 19:29, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Thu, Jan 26, 2012 at 03:57:08PM +, Steve Traylen wrote: After upgrading a server and client from 2.6.13 to 2.7.10 my configuration with array attributes are behaving differently. 3 examples: […] Can you please tell me the ruby version you are using? So we can rule 1.8.5 incompabilities out? Hi, Stefan, other than puppet and facter which are from the puppetlabs repo everything is rhel6 defaults so ruby 1.8.7 and facter 1.6.5 Hrm. Looks like that might be a bug. Can you file tickets reflecting the different issues you are hitting? I was able to reproduce the issue and filed a bug: http://projects.puppetlabs.com/issues/12197 I've tried the following combinations puppet 2.7.9 / ruby 1.8.7 - No issue puppet 2.7.9 / ruby 1.9.3 - No issue puppet 2.7.10 / ruby 1.8.7 - Bug as described earlier puppet 2.7.10 / ruby 1.9.3 - No issue -Stefan pgpwO1ix9S7aR.pgp Description: PGP signature
Re: [Puppet Users] Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64
On Thu, Jan 26, 2012 at 2:56 PM, Daniel Pittman dan...@puppetlabs.com wrote: On Thu, Jan 12, 2012 at 10:05, Ramesh Kumar rameshkumar...@gmail.com wrote: Unable to install Puppet Enterprise v2.0.0 for RHEL 5-x86_64. Pretty old email. I've responded in the past and for reference, I think this was the missing step on the remote mysql server: CREATE DATABASE console CHARACTER SET utf8; CREATE USER 'console'@'localhost' IDENTIFIED BY 'consolepassword'; GRANT ALL PRIVILEGES ON console.* TO 'console'@'localhost'; CREATE DATABASE console_inventory_service CHARACTER SET utf8; GRANT ALL PRIVILEGES ON console_inventory_service.* TO 'console'@'localhost'; Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Is there a particular order
... to which puppet, passenger, activerecord and dashboard should be installed in? This is my third try at getting these three to play nice together and my third epic fail. puppet is now complaining about err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not autoload active_record: uninitialized constant ActiveRecord warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run and this is localhost to localhost so all the versions should be right. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Set hourly of execution with service puppet
On Fri, Jan 20, 2012 at 11:52 PM, Douglas Brancaglion douglas.rea...@gmail.com wrote: Hi guys! I'm from Brazil, and i'm learning puppet. I need set interval in puppet client for sync with puppetmaster... How i do it? Sorry my english Either use cron with puppetd onetime no daemon option or checkout puppet kick -- Krish olindata.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.