Re: [Puppet Users] Testing catalog run on REAL node as git pre-push hook?

[Brian Troutwine]

It's not uncommon to run a small staging environment for just this
purpose. Have you evaluated something like that and found it wanting?

On Fri, Mar 2, 2012 at 7:26 PM, Ryan Bowlby  wrote:
> Hi All,
>
> We'd like to do some form of testing of our module changes against
> production nodes before being released into production. While somewhat
> expensive it seems doing a noop against all nodes using the modified
> module is the best way to determine unexpected results.
>
> The question then is how are people implementing this? Any real world
> talks or posts describing something like this would be great. Ideally
> we want to put a git pre-push hook in place within the production
> branch that performs a noop catalog run against the affected nodes and
> reports results and determines if errors were encountered.
>
> Thanks!!!
> Ryan Bowlby
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Brian L. Troutwine

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Developers having access to deploy

[Brian Gallew]

I did up a nifty deployment engine using Jenkins.  Give the devs/CM a form
(e.g. "silo", application versions, etc).  It would figure out what it
needed to deploy and then do so, complete with telling the Nagios system to
disable checks while everything was going on.  Foreman/Puppet could be the
right tool for a *production* environment, particularly if your
applications can be deployed piecemeal, but doing it for dev seems like it
would add increased overhead without any real benefit.

On Fri, Mar 2, 2012 at 12:15 PM, Adam Heinz  wrote:

> We do something similar to what you describe with foreman (which can
> be used as an ENC).  The user sets the my-app-version parameter on the
> node, then runs puppet on that node.  The main drawback is that
> foreman does not currently have a permission for puppetrun, so the
> users have to be admins, so I have a test puppet master for this
> purpose.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Testing catalog run on REAL node as git pre-push hook?

[Ryan Bowlby]

Hi All,

We'd like to do some form of testing of our module changes against
production nodes before being released into production. While somewhat
expensive it seems doing a noop against all nodes using the modified
module is the best way to determine unexpected results.

The question then is how are people implementing this? Any real world
talks or posts describing something like this would be great. Ideally
we want to put a git pre-push hook in place within the production
branch that performs a noop catalog run against the affected nodes and
reports results and determines if errors were encountered.

Thanks!!!
Ryan Bowlby

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5

[Russell Van Tassell]

The gem includes everything you will need... the (basic) difference is
simply running "puppet agent" versus "puppet master" -- some packages just
hide the simplicity (probably a legacy thing?).

Note: I do not believe things like the sysconfig, logrotate and startup
scripts get installed by default with the gem (it's been a while since I've
done a fresh/virgin install in an environment) ... but those should be easy
enough to find. Many folks seem to run things out of cron, anyway...


On Fri, Mar 2, 2012 at 3:58 PM, rjl  wrote:

> I can only find the puppet gem. Isn't there a puppet-server gem? I have a
> working environment without rails. The following is installed on my puppet
> master:
>
> puppet-2.6.7-1.el5
> puppet-server-2.6.7-1.el5
>
> And the following is installed on my clients:
>
> puppet-2.6.7-1.el5
>
> You mention only one gem. Is there not a server gem? Obviously I am very
> confused.
>
> On Friday, March 2, 2012 4:28:10 PM UTC-7, Craig White wrote:
>>
>>
>> On Mar 2, 2012, at 3:43 PM, rjl wrote:
>>
>> > Thanks Michael,
>> > I have a working environment using ruby 1.8.5 (The Centos 5 default).
>> However, I want to change my puppet framework to be database driven. For
>> that, I  would like to use rails activerecord. Now the problem is that
>> rails is not supported in 1.8.5.
>> >
>> > Any suggestions would be greatly appreciated.
>> 
>> you're on the right track but on CentOS 5, you pretty much should forget
>> about using ruby/gems from rpm packages. Ruby 1.8.5 isn't going to get you
>> anywhere with a Rails application.
>>
>> Use gems...
>> gem install puppet
>> gem install rails
>>
>> Craig
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/LCusiYG84zoJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Puppet in NFS fools Facter

[Russell Van Tassell]

Any chance you copied over a bare metal box image, or something?

In any case, facter would seem to have only a handful of checks to
determine "virtual" or non-virtual... unfortunately I don't have a vmware
box in front of me to verify this, but you should be able to find facter's
"virtual" tests in some place like:

/usr/lib/ruby/1.[89]/facter/util/virtual.rb

(slightly more convoluted if you're running puppet under rvm)

At first glance, for VMWare, it appears to be looking for /proc/self/status
and/or /proc/virtual.


On Fri, Mar 2, 2012 at 3:42 PM, Forrie  wrote:

> I'm not sure I understand his setup, or what he means by "minimal
> install".
>
> My environment on the VMware image is CentOS 5.7, it is a full release
> and the NFS mount contains a full release of Puppet and Ruby 1.8.x.
>
> Perhaps there's something that Facter gets wrong when it's being
> called from a non-system location?
>
> Another possibility, is the previous run of Puppet was local -- each
> machine still has a local /var/lib/puppet layout with all the
> information that was stored (I'm not doing storedconfigs, yet).
> Could information in there play into this somehow.
>
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5

[rjl]

I can only find the puppet gem. Isn't there a puppet-server gem? I have a 
working environment without rails. The following is installed on my puppet 
master:

puppet-2.6.7-1.el5
puppet-server-2.6.7-1.el5

And the following is installed on my clients:

puppet-2.6.7-1.el5

You mention only one gem. Is there not a server gem? Obviously I am very 
confused.

On Friday, March 2, 2012 4:28:10 PM UTC-7, Craig White wrote:
>
>
> On Mar 2, 2012, at 3:43 PM, rjl wrote:
>
> > Thanks Michael,
> > I have a working environment using ruby 1.8.5 (The Centos 5 default). 
> However, I want to change my puppet framework to be database driven. For 
> that, I  would like to use rails activerecord. Now the problem is that 
> rails is not supported in 1.8.5.
> > 
> > Any suggestions would be greatly appreciated.
> 
> you're on the right track but on CentOS 5, you pretty much should forget 
> about using ruby/gems from rpm packages. Ruby 1.8.5 isn't going to get you 
> anywhere with a Rails application.
>
> Use gems...
> gem install puppet
> gem install rails
>
> Craig
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/LCusiYG84zoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet in NFS fools Facter

[Forrie]

I'm not sure I understand his setup, or what he means by "minimal
install".

My environment on the VMware image is CentOS 5.7, it is a full release
and the NFS mount contains a full release of Puppet and Ruby 1.8.x.

Perhaps there's something that Facter gets wrong when it's being
called from a non-system location?

Another possibility, is the previous run of Puppet was local -- each
machine still has a local /var/lib/puppet layout with all the
information that was stored (I'm not doing storedconfigs, yet).
Could information in there play into this somehow.


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet in NFS fools Facter

[Russell Van Tassell]

Potentially related?

http://projects.puppetlabs.com/issues/10232


On Fri, Mar 2, 2012 at 2:44 PM, Forrie  wrote:

> I have Puppet mounted to a couple of machines via NFS (along with
> Ruby) -- and it works fine.   Except, I just noticed that it fools
> Facter in to believing it's a physical machine, when in fact one of
> them is a VMware host.
>
> We don't really use this setting, but I'm concerned other settings
> might not be accurate.
>
> Anyone know why this is happening?
>
>
> Thanks.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5

[Craig White]

On Mar 2, 2012, at 3:43 PM, rjl wrote:

> Thanks Michael,
> I have a working environment using ruby 1.8.5 (The Centos 5 default). 
> However, I want to change my puppet framework to be database driven. For 
> that, I  would like to use rails activerecord. Now the problem is that rails 
> is not supported in 1.8.5.
> 
> Any suggestions would be greatly appreciated.

you're on the right track but on CentOS 5, you pretty much should forget about 
using ruby/gems from rpm packages. Ruby 1.8.5 isn't going to get you anywhere 
with a Rails application.

Use gems...
gem install puppet
gem install rails

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet in NFS fools Facter

[Forrie]

I have Puppet mounted to a couple of machines via NFS (along with
Ruby) -- and it works fine.   Except, I just noticed that it fools
Facter in to believing it's a physical machine, when in fact one of
them is a VMware host.

We don't really use this setting, but I'm concerned other settings
might not be accurate.

Anyone know why this is happening?


Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5

[rjl]

Thanks Michael,
I have a working environment using ruby 1.8.5 (The Centos 5 default). 
However, I want to change my puppet framework to be database driven. For 
that, I  would like to use rails activerecord. Now the problem is that 
rails is not supported in 1.8.5.

Any suggestions would be greatly appreciated.

On Friday, March 2, 2012 2:39:37 PM UTC-7, rjl wrote:
>
> I have compiled and installed ruby 1.9.3 on Centos 5
>
> # ruby -v
>  ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]
>
> Now I am trying to install puppet 2.7.11. However, it is requiring that 
> ruby version 1.8.5-5.el5_4.8.
>
> # yum install puppet
> Installing:
>  puppet   noarch   
>2.7.11-2.el5   
> lvlt-tools-updates  1.0 M
> Installing for dependencies:
>  ruby x86_64   
>1.8.5-5.el5_4.8
>
> Any idea why it is requiring that version as a dependency?
>
> Thanks in advance
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/OF4-Rlf8oJQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Best practices for excluding certain modules from certain nodes

[Justin Lloyd]

I just dealt with something similar regarding installing puppet agent vs.
master and whether mcollective client (and thus activemq) should be
installed. However, I'm including my base class rather than inheriting it.
So how about something like this?

# templates.pp (imported into site.pp)
class system_base ( $zabbix = true ) {
include motd # etc.
if $zabbix {
include zabbix::stuff
   }
}

# nodes.pp (imported into site.pp)
node 'basic_host' {
class { 'system_base': }
}
node 'special_case' {
class { 'system_base': zabbix => false }
}


On Fri, Mar 2, 2012 at 12:12 PM, Romeo Theriault
wrote:

> On Fri, Mar 2, 2012 at 08:56, Romeo Theriault 
> wrote:
> > Hi, I'm just getting started with puppet and am looking for some best
> > practices on how to handle node and module inheritance issues. I'm
> > planning to start using heira so want to plan my implementation around
> > hiera specifics.
> >
> > Specifically, one item I can't seem to find a clean way of dealing
> > with is one-off nodes. For example, let's say I want to apply a class
> > called zabbix::agent to my whole infrastructure, so I put it in
> > common.yaml. But then I find out there are a few nodes that for
> > whatever reason I can't apply this class to. Short of just not
> > inheriting anything from common.yaml is there a clean way to say
> > "inherit everything from common except zabbix::agent"?
> >
> > How are people dealing with the slight variations in their
> > infrastructure? I realize it's possible to code some logic into the
> > classes for these specific one-off hosts but that seems really hackish
> > and brittle.
>
> After a bit more googling I found this informative puppet-users thread:
>
>
> http://groups.google.com/group/puppet-users/browse_thread/thread/6b59ae2470acfa14/810eb8671a5b3cdd
>
> which talks about creating special "disabled" classes which inherit
> the widely used class and set certain values to 'undef'. This seems
> like it's probably the way to go since it's the best method I've
> seen/heard of so far to deal with this.
>
>
> > I think a lot of shops do this by creating special "disabling" classes
> > for those one-off systems.  To use your puppetmaster example (untested
> > pseudocode ahead):
> >class puppet::client {
> >  file { '/etc/puppet/puppet.conf':
> >ensure => present,
> >source => 'puppet:///puppet/configfile',
> >  }
> >}
> >class puppet::client::disabled inherits puppet::client {
> >  File['/etc/puppet/puppet.conf'] {
> >ensure => undef,
> >source => undef,
> >  }
> >}
> >class puppet::server {
> >  include puppet::client::disabled
> >}
> > Now it's safe to apply puppet::client to all your nodes, including
> > your puppetmaster, because the ::disabled class will override the
> > management of puppet.conf on the puppetmaster (which presumably
> > includes the puppet::server class).
>
>
>
> Anyone else dealing with this in a different way?
>
> Thanks,
> Romeo
>
>
>
> --
> Romeo
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
“We don’t need to increase our goods nearly as much as we need to scale
down our wants. Not wanting something is as good as possessing it.” --
Donald Horban

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet 2.7.11 requires ruby = 1.8.5

[Michael Stahnke]

It actually require ruby(abi) = 1.8

This is likely only satisfied by Ruby 1.8.5 in your repositories.

This is the way the rpm package is currently built.  This is in the
problem of changing, as 1.9.3 is now becoming the default in Fedora
17.  I suspect a spec version very soon will have a this updated to
run with Ruby 1.9.

There are a couple of other 1.9 compatibility issues with packaging.
For example, ruby-shadow doesn't quite work with Ruby 1.9 and now
rubygem-ruby-shadow should be used.



Mike



On Fri, Mar 2, 2012 at 1:39 PM, rjl  wrote:
> I have compiled and installed ruby 1.9.3 on Centos 5
>
> # ruby -v
>      ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]
>
> Now I am trying to install puppet 2.7.11. However, it is requiring that ruby
> version 1.8.5-5.el5_4.8.
>
> # yum install puppet
> Installing:
>  puppet                                       noarch
>          2.7.11-2.el5
> lvlt-tools-updates                                  1.0 M
> Installing for dependencies:
>  ruby                                         x86_64
>          1.8.5-5.el5_4.8
>
> Any idea why it is requiring that version as a dependency?
>
> Thanks in advance
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/pJAfy-Frl2AJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Automatic Puppet deployment over a cluster

[Denmat]

Hi,

No, puppet won't install and configure itself.

However you can provision puppet onto your cluster at build time and configure 
it at that time. We use cobbler to provision machines with the required 
software and initial configuration. Foreman is another option here.

On an existing small cluster you can easily install and configure puppet via a 
ssh for loop. You might even look at something like RunDeck. 

You can also include configuration files inside deb or rpm packages that you 
will need to create.

HTH,
Den


On 02/03/2012, at 16:27, Abhijit Shingate  wrote:

> Hi All,
> I am very new to Puppet. Need some help regarding following.
> 
> Lets say we have a cluster of 20 machines which i want to manage
> through Puppet.
> 
> Do I need to deploy Puppet itself manually on each machine?
> OR
> Is there a way that i install Puppet Master and ask it to deploy the
> puppet on remaining 19 machines automatically?
> OR
> Is there any other way to deploy puppet itself automatically on all
> the machines in the cluster?
> 
> Any help will be very much appreciated.
> 
> Thanks & Regards,
> Abhijit
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet 2.7.11 requires ruby = 1.8.5

[rjl]

I have compiled and installed ruby 1.9.3 on Centos 5

# ruby -v
 ruby 1.9.3p125 (2012-02-16 revision 34643) [x86_64-linux]

Now I am trying to install puppet 2.7.11. However, it is requiring that 
ruby version 1.8.5-5.el5_4.8.

# yum install puppet
Installing:
 puppet   noarch   
   2.7.11-2.el5   
lvlt-tools-updates  1.0 M
Installing for dependencies:
 ruby x86_64   
   1.8.5-5.el5_4.8

Any idea why it is requiring that version as a dependency?

Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/pJAfy-Frl2AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet <=> puppet dashboard interoperability

[Brendan O'Bra]

Have you setup Dashboard as an ENC?
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html

On Fri, Mar 2, 2012 at 7:55 AM, Peter Berghold wrote:

> Is there something on the puppet master or puppet agent that needs to be
> tweaked for class assignments to be picked up form dasbhboard when a puppet
> agent runs?
>
> wondering if I missed something...
>
>
> --
> Peter L. Berghold
> Owner, Shark River Technical Solutions LLC
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
GVoice: 707.646.9180
LinkedIn: http://www.linkedin.com/in/brendanobra

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Collabograte: An Open Source Integration Platform for Collaboration Components

[Kartik Subbarao]

I'm using Puppet as a configuration management tool in the open source 
Collabograte project that I recently announced:

http://kartiksubbarao.com/announcing-collabograte

Currently, the puppet manifests enable integration points among the 
following software packages: Cyrus IMAP, ejabberd, INN, MediaWiki, 
OpenLDAP, Postfix, Sympa, WordPress

I'd be very interested in hearing any comments, ideas, suggestions, or 
questions you might have on this. I want to help Enterprise IT do a better 
job of integrating open source into their environments, as well as improve 
the collaboration between Enterprise IT and open source project communities.

Please feel free to respond here, on the Collabograte mailing list, or 
email me directly, whichever you prefer.

Thanks,

-Kartik

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/z0H9wgwmfawJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Developers having access to deploy

[Adam Heinz]

We do something similar to what you describe with foreman (which can
be used as an ENC).  The user sets the my-app-version parameter on the
node, then runs puppet on that node.  The main drawback is that
foreman does not currently have a permission for puppetrun, so the
users have to be admins, so I have a test puppet master for this
purpose.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Best practices for excluding certain modules from certain nodes

[Romeo Theriault]

On Fri, Mar 2, 2012 at 08:56, Romeo Theriault  wrote:
> Hi, I'm just getting started with puppet and am looking for some best
> practices on how to handle node and module inheritance issues. I'm
> planning to start using heira so want to plan my implementation around
> hiera specifics.
>
> Specifically, one item I can't seem to find a clean way of dealing
> with is one-off nodes. For example, let's say I want to apply a class
> called zabbix::agent to my whole infrastructure, so I put it in
> common.yaml. But then I find out there are a few nodes that for
> whatever reason I can't apply this class to. Short of just not
> inheriting anything from common.yaml is there a clean way to say
> "inherit everything from common except zabbix::agent"?
>
> How are people dealing with the slight variations in their
> infrastructure? I realize it's possible to code some logic into the
> classes for these specific one-off hosts but that seems really hackish
> and brittle.

After a bit more googling I found this informative puppet-users thread:

http://groups.google.com/group/puppet-users/browse_thread/thread/6b59ae2470acfa14/810eb8671a5b3cdd

which talks about creating special "disabled" classes which inherit
the widely used class and set certain values to 'undef'. This seems
like it's probably the way to go since it's the best method I've
seen/heard of so far to deal with this.


> I think a lot of shops do this by creating special "disabling" classes
> for those one-off systems.  To use your puppetmaster example (untested
> pseudocode ahead):
>        class puppet::client {
>          file { '/etc/puppet/puppet.conf':
>            ensure => present,
>            source => 'puppet:///puppet/configfile',
>          }
>        }
>        class puppet::client::disabled inherits puppet::client {
>          File['/etc/puppet/puppet.conf'] {
>            ensure => undef,
>            source => undef,
>          }
>        }
>        class puppet::server {
>          include puppet::client::disabled
>        }
> Now it's safe to apply puppet::client to all your nodes, including
> your puppetmaster, because the ::disabled class will override the
> management of puppet.conf on the puppetmaster (which presumably
> includes the puppet::server class).



Anyone else dealing with this in a different way?

Thanks,
Romeo



--
Romeo

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet (ruby?) equivalent of defiend()

[Jeff McCune]

On Fri, Mar 2, 2012 at 10:37 AM, Peter Berghold wrote:

>
> In Perl we have the functionality of
>
> if ( defined($somevar) ) {
> ... do something 
> }
>

if ( $somevar != undef) {
  ...
}

You can test this quickly using the --execute flag to puppet apply:

% puppet apply -e 'if $foo == undef { notice "foo is undefined" } else {
notice "foo is defined" }'
notice: Scope(Class[main]): foo is undefined
notice: Finished catalog run in 0.01 seconds

% FACTER_foo=bar puppet apply -e 'if $foo == undef { notice "foo is
undefined" } else { notice "foo is defined" }'
notice: Scope(Class[main]): foo is defined
notice: Finished catalog run in 0.01 seconds

-Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: certificate issue...

[Peter Berghold]

On Fri, Mar 2, 2012 at 1:45 PM, Peter Berghold wrote:

> My puppet master server has a fqdn of chidpmaster.some.domain.tld with a
> cname pointing to it of puppet.domain.tld.
>
>
Figured this one out on my own.  Seems in my site.pp file I have:
filebucket { "main":
server=>"chidpmaster.some.domain.tld",
path => false
}

File { backup => "main" }

The server name for the main filebucket was originally defined as
puppet.domain.tld so when I changed it to the real FQDN instead of the
"logical name" it worked.




-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Creating domain zone files

[Al]

Thanks for the suggested method, I will put up a pilot environment and  
see if this solution works for me!


On Feb 28, 2012, at 9:41 PM, Brian Gallew wrote:


Allow me to offer a couple of alternatives:
1) If Puppet is not otherwise doing stuff with the domains, then  
stop trying to manage the bind configs purely with Puppet.  Instead,  
have your configs in revision control (best practice) and have the  
puppet run do an update/reload (e.g. have the exec something like  
onlyif =>"bzr status", command => "bzr update", notify =>  
Service["bind9"]
2) Use augeas to ensure the appropriate include stanza appreas in  
your zones.conf file, and have the included fragment be generated  
via template on Puppet.
3) Use R.I.P.'s snippets extension to construct your zone file from  
whole cloth.
4) if you are using storedconfigs AND your zones are tied into your  
infrastructure appropriately, it might be nice to collect exported  
resources (files) on the DNS servers.


To give you something of an example of #4, I want to see that  
NetBackup is installed on all my servers.  However, doing so  
requires the execution of a script from the Netbackup server.  So  
each host checks the installed Netbackup version against the  
configured version.  If they differ, and *only* then, they will  
export an exec{} that will be collected (and run) on the Netbackup  
server.  What this means is that the only time my Netbackup server  
runs any execs is when I either upgrade Netbackup or add a new host.


You could do something similar.  If you DNS zones are, for instance,  
tied to, say, web services, when the web service configures, it  
could do a DNS lookup.  If the results of that lookup are not  
satisfactory, it could then export the appropriate updates for use  
on the DNS servers.


On Tue, Feb 28, 2012 at 2:43 PM, Mailing Lists > wrote:
I'm currently looking for a more efficient method of creating domain  
zone files.  At the moment I have a shell script that I run to  
create the domain zone, then add the domain to puppet define list so  
it'll know to add the domain to the dns servers.


The new method I'm working on, I add the domain to a puppet define,  
then let puppet run the shell script for me to create the zone  
file.  Only problem once its done validating that the domain exists  
are not (using the shell script) its about 55 minutes when complete!


Below is what I've written and I'll add comment along the way.  If  
any has any suggestions of how I can make it complete faster, I'm  
all ears!


class s_domain {
# This is where I add the domain to define the new domain, I  
will paste the code below...

include s_domain::all_zone

# The shell script that runs to create the zone file
file {
"domain.sh":
mode => 700, owner => root, group => root,
ensure => present,
path => "/root/domain.sh",
source => "puppet://$servername/s_domain/domain.sh",
}
   # The text that puppet looks at before running the domain.sh  
script

file {
"zones":
mode => 600, owner => root, group => root,
ensure => present,
replace => true,
path => "/root/zones",
}
   # It creates the file for domain.sh
exec { "domain_check":
command => "/bin/ls /var/shared/bind/zones > /root/zones",
logoutput => true,
}

}

 # Taking the information from the include to define
define s_domain::zones($domains) {

s_domain::zonefile { $domains: }

file { "/var/named/chroot/etc/zones.conf":
owner   => "named",
group   => "named",
mode=> "0644",
}
}
# File it creates with the domain.sh script
define s_domain::zonefile() {
file { $name:
path => "/var/shared/bind/zones/$name.zone",
owner => "root",
group => "root",
mode  => "0644",
}
# The domain.sh script runs only if the domain isn't in the  
zones file it create above

exec { "domain $name":
command => "/root/domain.sh $name",
logoutput => true,
unless => "/bin/grep -o $name /root/zones 2>/dev/null",
}
}

INCLUDE code:

class s_domain::all_zone {
s_domain::zones { "company.com":
domains => [ "thedomain.com", }
  }
}

The above code is short, the whole list of domains we have is about  
2,000, reason it takes so long.  I'm new to puppet coding, what I  
would like to do is not have file created or puppet using the  
"unless" variable.  I've been trying to figure how to get puppet to  
just look at the all_zone.pp file only, but haven't been able to  
figure a method to implement.  Thanks in advance!




--
You received this message because you are subscribed to the Google  
Groups "Puppet Users" group.

To post to this group, send email to puppet-

[Puppet Users] Best practices for excluding certain modules from certain nodes

[Romeo Theriault]

Hi, I'm just getting started with puppet and am looking for some best
practices on how to handle node and module inheritance issues. I'm
planning to start using heira so want to plan my implementation around
hiera specifics.

Specifically, one item I can't seem to find a clean way of dealing
with is one-off nodes. For example, let's say I want to apply a class
called zabbix::agent to my whole infrastructure, so I put it in
common.yaml. But then I find out there are a few nodes that for
whatever reason I can't apply this class to. Short of just not
inheriting anything from common.yaml is there a clean way to say
"inherit everything from common except zabbix::agent"?

How are people dealing with the slight variations in their
infrastructure? I realize it's possible to code some logic into the
classes for these specific one-off hosts but that seems really hackish
and brittle.

Thanks for any insight!

-- 
Romeo

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dashboard, node classes, what do they do part 2

[Peter Berghold]

I actually have figured this out (with some help from the list.)  Seems I
was encountering a PEBKAC error. :-)

I hadn't set up puppet to use dashboard for external node classification.
(so that's what it's useful for! hmmm...)


>


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] certificate issue...

[Peter Berghold]

My puppet master server has a fqdn of chidpmaster.some.domain.tld with a
cname pointing to it of puppet.domain.tld.

For the first time since I started playing around with puppet I'm now
seeing an error when applying a template --

err: /Stage[main]/Sudo/File[sudoers]/content: change from
{md5}c5dab0f2771411ed7e67d6dab60a311f to
{md5}69cf8d89af228c42e7e1b5b5c93dd58e failed: Could not back up
/etc/sudoers: Server hostname 'puppet.domain.tld' did not match server
certificate; expected one of chidpmaster.some.domain.tld,
DNS:chidpmaster.some.domain.tld, DNS:puppet, DNS:puppet.some.domain.tld

(actual domain name has been obfuscated)

Do I need to do something silly like regen my cert?

puppet 2.7.11 on the master
puppet 2.7.9 on the agent

Now, any other functionality that doesn't involve file buckets seems to
work just fine!


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dashboard, node classes, what do they do part 2

[Romeo Theriault]

On Fri, Mar 2, 2012 at 04:12, Peter Berghold  wrote:
>
>
> On Fri, Mar 2, 2012 at 12:55 AM, Romeo Theriault 
> wrote:
>>
>>
>> In the Dashboard, when they say "classes" they really mean "module".
>>
>
>
>
> This begs a follow-on question:
>
> if classes == modules in Dashboard then maybe I need to take a second look
> here.

Actually, after I sent this I started thinking about it a bit more.
I'm just getting started with Dashboard and it's been working for me
to just put in the "module" name in the Dashboard and not the
class-name. But I'm not sure if this is because my "class" name up
till now has always been same as the module name and it has up till
now always resided inside of the init.pp in the module. So, I guess
what I'm saying is that I'm not so sure if classes == modules in
Dashboard. It may be that if you have other classes in the module you
may be able to call them directly with "modulename::classname" (?) but
I'm not really sure. I'd just test it out for a while to figure it
out.

-- 
Romeo

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet (ruby?) equivalent of defiend()

[Peter Berghold]

In Perl we have the functionality of

if ( defined($somevar) ) {
... do something 
}


Is there an equivalent you can use within a puppet manifest?


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Hiera and Nodeless Puppet HELP

[Daysmen]

Ok i did some reading and watched a youtube clip on it also.

Heira can be set in the params manifest which is what ll do - quite
dangerous that ill be using this approach at a company i work for :-)

Next i have established my hierarachy as such :
hierarchy: - %{_domain}/%{_environment}/%{_cluster}/%{_class}
%{_domain}/%{_environment}/%{_cluster}
%{_domain}/%{_environment}
%{_domain}
: yaml:
:datadir: /etc/puppet/hierdatadb

So the filesystem looks like this:

/etc/puppet/hierdatadb/ri3k.com/preprod/uk1/web.yaml
/etc/puppet/hierdatadb/ri3k.com/preprod/uk1.yaml
/etc/puppet/hierdatadb/ri3k.com/preprod.yaml

because im using a nodeless approach ill have to create a factor
plugin that will read the following values

/etc/system_facts
role:apache
_domain:ri3k.com
_cluster:dc1
_environment:systest
_class:web

ill have to figure out better fact names but i hope im making sence
here.  The factor pluging and files will be setup at deployment time -
and puppet can then be run manually which will use the values to set
the host and define its role

Can anyone suggest a better way of doing this ?




On Mar 2, 1:15 pm, Daysmen  wrote:
> Hi Folks
>
> To begin with i am looking to deploy a completely new puppet config
> based on the truth 
> modulehttps://github.com/jordansissel/puppet-examples/tree/master/nodeless-...
>
> However i want a way of separating data from modules based on this
> hierarchy:
>
> domain - ie blogs.com => common data distributed to all nodes/devices
> cluster ie. DC1 => ip address changes for services like ntp, resolver
> etc
> environment/zone - ie UAT => data and modules common to this
> environment
> server class ie web => include a role for apache, jboss, etc
>
> Is it possible to structure hiera to use this hierarchy ?
>
> Anybody have any ideas - remember i wont be using node resources but
> truth statements

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Dashboard / inventory service question

[bg]

I have several hundred nodes I'm migrating to being managed by Puppet. We 
do have a handful of older servers that can't run Puppet (RH8 etc), and 
won't be upgraded any time soon, unfortunately. I'd like to be able to have 
an 'artificial' node created with accurate inventory data displayed in 
Puppet Dashboard.  I realize that the inventory information accuracy will 
be dependent on my statically generated yaml content (uploaded via REST 
API), and I'm fine with that.  

I do have a fully functioning server with CentOS 6 / Puppet 2.7.11-2 / 
Puppet Dashboard 1.2.6-1.  It's just this last bit that I'm trying to sort 
out.

What I've been trying is:
puppet cert --generate test.example.org
puppet agent --certname test.example.org -tv# this is run on Puppet 
master as part of the node being displayed in the Dashboard
curl -k -X PUT -H 'Content-Type: text/yaml' --data-binary 
@/root/test.example.org.yaml 
https://localhost:8140/production/facts/test.example.org  

As far as I can tell, these steps should work, but after step 2, any 
certificate generated is immediately revoked. 

Can anyone offer any insight or better recommendations on how to accomplish 
this?

Brian Green

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/rIhS3bqoN40J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet <=> puppet dashboard interoperability

[Peter Berghold]

On Fri, Mar 2, 2012 at 11:09 AM, Kenneth Lo  wrote:

>  Texternal_nodes parameter to point to a process that returns a yaml
> formatted "node catalogs". If your ENC configuration is correct (in this
> case dashboard), puppet would do the rest.
>
>

That was it!

I think I am going to take the time to write an article about all this for
Linux Journal or some such (at least a blog entry) to outline this for
folks.  This has been a wild trip...


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet <=> puppet dashboard interoperability

[Kenneth Lo]

The way I understand it is that, if your puppet installation utilize ENC, you 
simply setup the puppet.conf's [master] external_nodes parameter to point to a 
process that returns a yaml formatted "node catalogs". If your ENC 
configuration is correct (in this case dashboard), puppet would do the rest.

I believe by default installation for dashboard (I use PE), that would be a 
script called external_node, which simply does a curl call to pull your 
configuration list down.

--KL

From: Peter Berghold mailto:salty.cowd...@gmail.com>>
Reply-To: "puppet-users@googlegroups.com" 
mailto:puppet-users@googlegroups.com>>
Date: Fri, 2 Mar 2012 10:55:06 -0500
To: "puppet-users@googlegroups.com" 
mailto:puppet-users@googlegroups.com>>
Subject: [Puppet Users] puppet <=> puppet dashboard interoperability

Is there something on the puppet master or puppet agent that needs to be 
tweaked for class assignments to be picked up form dasbhboard when a puppet 
agent runs?

wondering if I missed something...


--
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to 
puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.
This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise private information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the email by you is prohibited.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet <=> puppet dashboard interoperability

[Peter Berghold]

Is there something on the puppet master or puppet agent that needs to be
tweaked for class assignments to be picked up form dasbhboard when a puppet
agent runs?

wondering if I missed something...


-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: issues with new clients certs

[Matthew Nicholson]

Furthermore I can verify the cert client side w/ the ca:

root::wave { 10:34:20 Fri Mar 02 }
~-> openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem
/var/lib/puppet/ssl/certs/wave.pem
/var/lib/puppet/ssl/certs/wave.pem: OK


?

On Fri, Mar 2, 2012 at 10:14 AM, Matthew Nicholson
 wrote:
> So,I made a stupid move this morning I'm trying to correct. While
> trying to getthe puppet master to config itself, i moved its certs
> sideways, and regenerated. Durring this time i did a ntp sync and
> found i was about 2 seconds off.  This little test failed and I
> decided I had a better way to do it(manual puppet apply's are safer
> for me for this.. currently), so I put the "original" certs back in
> place, and restarted. Existing clients are fine since they have signed
> certs, however new clients (i cleaned a cert to "force' a new client)
> cannot get their cert verified. The clients report time may be off,
> but it is 00% in sync. Normally we autosign but I've disabled that for
> now and its made no difference. the client cert comes in fine, and I
> can sign it just fine, but its the verify on the client end that
> fails:
>
> root::wave { 10:07:25 Fri Mar 02 }
> ~-> puppet agent -t
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for wave.
> info: Retrieving plugin
> info: Caching certificate_revocation_list for ca
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources using 'eval_generate: certificate verify failed.  This is
> often because the time is out of sync on the server or client
> err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate
> verify failed.  This is often because the time is out of sync on the
> server or client Could not retrieve file metadata for
> puppet://provisions/plugins: certificate verify failed.  This is often
> because the time is out of sync on the server or client
> info: Loading facts in vlan
> 
> err: Could not retrieve catalog from remote server: certificate verify
> failed.  This is often because the time is out of sync on the server
> or client
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: certificate verify failed.  This is often
> because the time is out of sync on the server or client
>
>
> Any thoughts/help? I'd rather not start over and regenerate a
> clean/new master cert, and have to clear client certs on everything
> (about 2k systems)...
>
> Help?
> --
> Matthew Nicholson



-- 
Matthew Nicholson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] issues with new clients certs

[Matthew Nicholson]

So,I made a stupid move this morning I'm trying to correct. While
trying to getthe puppet master to config itself, i moved its certs
sideways, and regenerated. Durring this time i did a ntp sync and
found i was about 2 seconds off.  This little test failed and I
decided I had a better way to do it(manual puppet apply's are safer
for me for this.. currently), so I put the "original" certs back in
place, and restarted. Existing clients are fine since they have signed
certs, however new clients (i cleaned a cert to "force' a new client)
cannot get their cert verified. The clients report time may be off,
but it is 00% in sync. Normally we autosign but I've disabled that for
now and its made no difference. the client cert comes in fine, and I
can sign it just fine, but its the verify on the client end that
fails:

root::wave { 10:07:25 Fri Mar 02 }
~-> puppet agent -t
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for wave.
info: Retrieving plugin
info: Caching certificate_revocation_list for ca
err: /File[/var/lib/puppet/lib]: Failed to generate additional
resources using 'eval_generate: certificate verify failed.  This is
often because the time is out of sync on the server or client
err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate
verify failed.  This is often because the time is out of sync on the
server or client Could not retrieve file metadata for
puppet://provisions/plugins: certificate verify failed.  This is often
because the time is out of sync on the server or client
info: Loading facts in vlan

err: Could not retrieve catalog from remote server: certificate verify
failed.  This is often because the time is out of sync on the server
or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: certificate verify failed.  This is often
because the time is out of sync on the server or client


Any thoughts/help? I'd rather not start over and regenerate a
clean/new master cert, and have to clear client certs on everything
(about 2k systems)...

Help?
-- 
Matthew Nicholson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Dashboard, node classes, what do they do part 2

[Peter Berghold]

On Fri, Mar 2, 2012 at 12:55 AM, Romeo Theriault
wrote:

>
> In the Dashboard, when they say "classes" they really mean "module".
>
>


This begs a follow-on question:

if classes == modules in Dashboard then maybe I need to take a second look
here.

The module that I am writing from scratch to work with Dashboard is called
postfix.   If I understand what you are saying and what the documentation
infers I need to re-architect my module a bit.

This module is supposed to handle four distinct postfix cases:

   1. null client
   2. post office box (handles IMAP/POP accounts, receives email but sends
   through a relay)
   3. inbound only
   4. outbound only


Given that I guess I should be setting a parameter within Dashboard (I'll
call it postfix_mode) and set up within the postfix class inside of init.pp
file within the postfix module such that:

case $:postfix_mode {
"null client" : { include postfix::nullclient }
"inbound"   : { include postfix::inbound}
 etc 
}

Am I on the right track?

-- 
Peter L. Berghold
Owner, Shark River Technical Solutions LLC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] zombie child process

[Elias Abacioglu]

Hi,

This is the third or fourth time this happens. But puppetd gets a zombie
shell childprocess and then never finishes the run.

/opt/tc-puppet/bin/ruby /opt/tc-puppet/sbin/puppetd
 \_ [sh] 

How do I begin looking on what can be wrong?
This error has appeared on both 2.7.6 and 2.7.11.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet 2.7.11 + ruby 1.9.3 + passenger

[Ron]

Based on everything I have read thus far and my experiences working with 
Ruby 1.9.{2,3} and Puppet 2.7.x, you should stick with Ruby 1.8.7 until 
later versions of Puppet 2.7.x/2.8. IMHO

On Thursday, March 1, 2012 2:40:08 PM UTC-5, Chad Huneycutt wrote:
>
> So does anyone have a working setup with puppet 2.7.11 + ruby 1.9.3 + 
> passenger?
>
> I am currently using rack-1.0.1 (rack-1.4.1 had same behavior) and
> passenger 3.0.11, and I get some authentication problems (shown
> below).  If I use an auth.conf that is wide open (auth any, allow *),
> the agent can successfully retrieve his catalog and plugins and apply
> them.  Using webrick works fine as well.
>
> The agent shows this:
>
> err: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources using 'eval_generate: Error 403 on SERVER: Forbidden
> request: garth.cc.gatech.edu(130.207.127.12) access to
> /file_metadata/plugins [search] at line 0
>
> err: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on
> SERVER: Forbidden request: garth.cc.gatech.edu(130.207.127.12) access
> to /file_metadata/plugins [find] at line 0 Could not retrieve file
> metadata for puppet://garth.cc.gatech.edu/plugins: Error 403 on
> SERVER: Forbidden request: garth.cc.gatech.edu(130.207.127.12) access
> to /file_metadata/plugins [find] at line 0
>
>
> The master shows only:
>
> [error] [client 130.207.127.12] (104)Connection reset by peer:
> ap_content_length_filter: apr_bucket_read() failed
>
>
> I have tried both rack 1.4.1 and rack 1.0.1, and several versions of
> passenger, including 2.2.2, 2.2.15, and pretty much all the 3.0.X
> versions.  With passenger versions from 3.0.0 to 3.0.7, I get much
> more serious sounding errors for both the agent and master.  passenger
> 2.2.2 didn't seem to really work at all.
>
> So my question is, can this work, and if so, what versions should I use?
>
>
> -- 
> Chad M. Huneycutt
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/aAshbAWqWTEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Developers having access to deploy

[JasonAntman]

We haven't actually done this in production yet, but we've discussed
it quite a bit. Our current theory for things like this is:

1) MySQL-based External Node Classifier. Developers get
(authenticated, ACL'ed) access to a simple PHP script with two
options: a dropdown list of modules for their app (i.e. myapp_v1,
myapp_v2, etc.), and a link that triggers a puppet run on the client
(via the API call used by "puppet kick").

The lab42 examples make use of their "puppi" tool, but our theory was
based on us having to approve modules (or at least review them), and
explicitly add them to the list of options for a given app.

Another, simpler option would be to store your manifests/modules in
SVN, and grant developers read/write access to certain paths. If you
don't want to mess with an authenticated interface to trigger client
runs, you could just grant them sudo access to a script that triggers
the run.

Of course, all of this is making two pretty large assumptions: 1) that
you're using a puppet master, and it's also used for stuff more
critical than this, and 2) you're using Puppet to manage the entire
systems (or at least stuff other than the app deployment)

I know many here may disagree with me, but I'd say that if you're
intending to use Puppet to manage just the app deployment (not the
whole system build/provisioning, or at least other components), you
can probably find a better/easier solution.

-Jason

On Mar 2, 4:42 am, Thomas Rasmussen 
wrote:
> Hi
>
> I'm in the process of looking for a way to have developers deploying
> on their test systems without intervention of sysadmins, to solve this
> i'd like to use Puppet (either the OSS version or Enterprise,
> whichever solves the problem).
>
> I can manage to only grant access to certain systems and limit the
> ability to execute puppetd --test, however, the developers would like
> to create a new version of the application and then this should be put
> into place instead of the old version, but I can't seem to find a
> solution to this.
>
> I was thinking somewhat on the option to issue a command like this:
> puppetd --test --my-app-version 3.2.1
>
> And then the puppet manifests will use the my-app-version variable to
> fetch and deploy this specific version. I know that the manifests
> should be developed with care, which is also the idea.
>
> Or what solutions do people use in case where developers should have
> access to deploy, but not have access to the puppetmaster server?
>
> hope that this can be done.
>
> Regards
> Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] cross module require

[Peter Horvath]

I've not but it is a good idea :)

thanks

On 2 March 2012 11:23, denmat  wrote:
> HI,
>
> have you tried including the mounts module in your application.pp?
>
> include mounts::mount1
>
> Either there or in your node definition should do it.
>
> Cheers,
> Den
>
> On Fri, Mar 2, 2012 at 9:39 PM, Peter Horvath  
> wrote:
>> Hello,
>>
>> I have 2 modules and 1 modul has a resource type in a class which
>> would require an other class from and other module:
>> module/mounts/manifest/mount1.pp
>> module/server/manifres/applicaton.pp
>>
>> Application creates a directory under /srv for itself and /srv should
>> be mounted from the shared storage first.
>>
>> file{'/srv/application':
>>     ensure   => directory,
>>     require   => Class['mounts::mount1'],
>> }
>>
>> this in the application.pp gives class cannot be found error.
>>
>> How can i require cross module?
>>
>> Thank you
>> Peter
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Automatic Puppet deployment over a cluster

[Abhijit Shingate]

Hi All,
I am very new to Puppet. Need some help regarding following.

Lets say we have a cluster of 20 machines which i want to manage
through Puppet.

Do I need to deploy Puppet itself manually on each machine?
OR
Is there a way that i install Puppet Master and ask it to deploy the
puppet on remaining 19 machines automatically?
OR
Is there any other way to deploy puppet itself automatically on all
the machines in the cluster?

Any help will be very much appreciated.

Thanks & Regards,
Abhijit

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Hiera and Nodeless Puppet HELP

[Daysmen]

Hi Folks

To begin with i am looking to deploy a completely new puppet config
based on the truth module 
https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/modules/truth

However i want a way of separating data from modules based on this
hierarchy:

domain - ie blogs.com => common data distributed to all nodes/devices
cluster ie. DC1 => ip address changes for services like ntp, resolver
etc
environment/zone - ie UAT => data and modules common to this
environment
server class ie web => include a role for apache, jboss, etc

Is it possible to structure hiera to use this hierarchy ?

Anybody have any ideas - remember i wont be using node resources but
truth statements

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Template condition based on variable

[Will S. G.]

I have a template for zabbix_agentd.conf.erb that has the following line in 
it: 

<% if has_variable?( "mysqlsrv" ) then %>
UserParameter=FromDual.MySQL.check,/usr/local/mysql_performance_monitor/FromDualMySQLagent.pl
 
/usr/local/mysql_performance_monitor/etc/FromDualMySQLagent.conf <% end %>

I defined the variable $mysqlsrv = "true" in node.pp. However, it seems the 
file is really never updated based on the condition. 

Any suggestions how to troubleshoot this issue? I feel a bit lost.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/SABAP8BPcxwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Developers having access to deploy

[Jos Houtman]

Hi,

For deployment we do not usually use puppet. The deployment we do with are 
puppet are for stable in house packages.
This is then done by releasing a new version in our package environment and 
utilizing  ensure => latest for the package type.

But for frequent deployment methods I would personally look towards other 
means of deployment.
We are currently utilizing the python fabric library for deployments.

Jos

On Friday, March 2, 2012 10:42:28 AM UTC+1, Thomas Rasmussen wrote:
>
> Hi 
>
> I'm in the process of looking for a way to have developers deploying 
> on their test systems without intervention of sysadmins, to solve this 
> i'd like to use Puppet (either the OSS version or Enterprise, 
> whichever solves the problem). 
>
> I can manage to only grant access to certain systems and limit the 
> ability to execute puppetd --test, however, the developers would like 
> to create a new version of the application and then this should be put 
> into place instead of the old version, but I can't seem to find a 
> solution to this. 
>
> I was thinking somewhat on the option to issue a command like this: 
> puppetd --test --my-app-version 3.2.1 
>
> And then the puppet manifests will use the my-app-version variable to 
> fetch and deploy this specific version. I know that the manifests 
> should be developed with care, which is also the idea. 
>
> Or what solutions do people use in case where developers should have 
> access to deploy, but not have access to the puppetmaster server? 
>
> hope that this can be done. 
>
> Regards 
> Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/MA3s32mKkTAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] cross module require

[denmat]

HI,

have you tried including the mounts module in your application.pp?

include mounts::mount1

Either there or in your node definition should do it.

Cheers,
Den

On Fri, Mar 2, 2012 at 9:39 PM, Peter Horvath  wrote:
> Hello,
>
> I have 2 modules and 1 modul has a resource type in a class which
> would require an other class from and other module:
> module/mounts/manifest/mount1.pp
> module/server/manifres/applicaton.pp
>
> Application creates a directory under /srv for itself and /srv should
> be mounted from the shared storage first.
>
> file{'/srv/application':
>     ensure   => directory,
>     require   => Class['mounts::mount1'],
> }
>
> this in the application.pp gives class cannot be found error.
>
> How can i require cross module?
>
> Thank you
> Peter
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Casting Fixnum to String (Hiera/YAML)

[Lars Francke]

Hi Krzysztof,

>> I guess the question boils down to: Is there a way to cast from Fixnum
>> to String?
>
> Yes, look below :)

Excellent!

> Take a look on this:
>
> https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/num2str.rb
>
> And this:
>
> https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/type.rb
>
> I hope it helps a little :)

Yes, thank you very much!

This looks like a good addition for puppet-stdlib, no?

Thanks for taking the time to answer.

Cheers,
Lars

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet condition based on variable.

[denmat]

Here is an example using inline templates.  Should describe how you can do it.

class myclass {
}

class myclass::config {
  $myvar = "this is class text"
}

class myclass::template {
  include myclass::config

  $myvar = $myclass::config::myvar

  $mytemplate = inline_template("
Here is some text.
Myvar should go here:
<% if has_variable?('myvar') -%>
<% if myvar =~ /text/ -%>
<%= myvar %>
this is your node var:
<%= scope.lookupvar('nodevar') -%>
<% else -%>
Don't put text in.
<% end -%>
<% end -%>
")

  notify {$mytemplate: }
}

node default {
  $nodevar = 'this is node text'
  include myclass::template
}

notice: /Stage[main]/Myclass::Template/Notify[
Here is some text.
Myvar should go here:
this is class text
this is your node var:
this is node text]/message: current_value absent, should be
Here is some text.
Myvar should go here:
this is class text
this is your node var:
this is node text (noop)
notice: Class[Myclass::Template]: Would have triggered 'refresh' from 1 events
notice: Stage[main]: Would have triggered 'refresh' from 1 events
notice: Finished catalog run in 0.07 seconds

In version 2.7.10 (which I'm using) I get a deprecation warning while
trying to access the node variable - I don't declare variables that
way so I don't know off hand how to fix it (tried several ways
quickly).

That should give you an idea anyway.

Den

On Fri, Mar 2, 2012 at 4:54 PM, Will S. G.  wrote:
> I'm not being descriptive, I know. I'll clarify as pseudo-code; I'm
> essentially attempting to declare a variable in node.pp as such:
>
> node 'util-mysql0' inherits default {
>     $mysqlsr = [define value]
>     
> }
>
> So:
>
> - Define variable
> - Create the condition in the template
> - If var condition is met. Add line to the file for that node.
> - Rinse, lather and repeat.
>
> As you can see, by defining the variable, I'm attempting to predefine the
> condition. I would like to re-write the template, rather include the extra
> line (the aforementioned) when the variable is defined for the node. If my
> approach is incorrect, I suppose I would ask that you let me know. If not
> then, please let me know what I might be missing.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/kT1GluO0QTkJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] cross module require

[Peter Horvath]

Hello,

I have 2 modules and 1 modul has a resource type in a class which
would require an other class from and other module:
module/mounts/manifest/mount1.pp
module/server/manifres/applicaton.pp

Application creates a directory under /srv for itself and /srv should
be mounted from the shared storage first.

file{'/srv/application':
 ensure   => directory,
 require   => Class['mounts::mount1'],
}

this in the application.pp gives class cannot be found error.

How can i require cross module?

Thank you
Peter

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Developers having access to deploy

[Thomas Rasmussen]

Hi

I'm in the process of looking for a way to have developers deploying
on their test systems without intervention of sysadmins, to solve this
i'd like to use Puppet (either the OSS version or Enterprise,
whichever solves the problem).

I can manage to only grant access to certain systems and limit the
ability to execute puppetd --test, however, the developers would like
to create a new version of the application and then this should be put
into place instead of the old version, but I can't seem to find a
solution to this.

I was thinking somewhat on the option to issue a command like this:
puppetd --test --my-app-version 3.2.1

And then the puppet manifests will use the my-app-version variable to
fetch and deploy this specific version. I know that the manifests
should be developed with care, which is also the idea.

Or what solutions do people use in case where developers should have
access to deploy, but not have access to the puppetmaster server?

hope that this can be done.

Regards
Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.