[Puppet Users] New hiera backend for mysql
Hi all, Over the weekend I came up with a new backend for hiera for looking up configuration values directly from a MySQL database that may be useful to some http://www.craigdunn.org/2012/03/introducing-hiera-mysql-mysql-backend-for-hiera/ http://github.com/crayfishx/hiera-mysql Regards Craig -- Craig Dunn | http://www.craigdunn.org Yahoo/Skype: craigrdunn | Twitter: @crayfishX -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] - vs = for dependency
This happed to concern the LVM module, but I don't think that is important in this case. What is the difference between using - and = to enforce a requirement that one class cannot be applied if the other fails to be asserted? In this case I have:- mount { /addon/work2 : device = /dev/vga/work2, ensure = mounted, } filesystem { /dev/vga/work2 : ensure = present, } Filesystem[/dev/vga/work2]- Mount[/addon/work2] All the stansas have additional parameters as needed, but do not have any require = statements, this being left to the ordering statements with -. Is this a mistake? I have just come across a machine that had failed to ensure the existence of the file system (the disk was too small) but had then gone on to generate a mount in /etc/fstab. As a result the machine needed manual intervention. Would using require = have behaved differently? Chris Ritson (Computing Officer and School Safety Officer) Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk School of Computing Science, PHONE: +44 191 222 8175 Newcastle University, FAX : +44 191 222 8232 Newcastle upon Tyne, UK NE1 7RU. WEB : http://www.cs.ncl.ac.uk/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] require custom ruby code in custom function
hi, all: i want to require my own ruby class in a custom function, now i put the ruby file in the same directory with custom function, and require it in the function file like this: require File.join([File.expand_path(File.dirname(__FILE__)), 'test.rb']) but i think this is too ugly, is there any other way? -- System Administrator, Focus on System Management and Basic Development -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: zombie child process
Ok, it fails at early run. Mar 5 03:57:33 srzarnsas007 puppet-agent[22690]: Retrieving plugin Mar 5 03:57:35 srzarnsas007 puppet-agent[22690]: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Mar 5 03:57:35 srzarnsas007 puppet-agent[22690]: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Mar 5 03:57:35 srzarnsas007 puppet-agent[22690]: Loading facts in /var/lib/puppet/lib/facter/operatingsystemmajor.rb Mar 5 03:57:35 srzarnsas007 puppet-agent[22690]: Loading facts in /var/lib/puppet/lib/facter/hpov.rb Mar 5 03:57:40 srzarnsas007 puppet-agent[22690]: Caching catalog for srzarnsas007.fqdn.com Mar 5 03:57:41 srzarnsas007 puppet-agent[22690]: Applying configuration version '1330900136' Mar 5 04:00:02 srzarnsas007 puppet-agent[22690]: Finished catalog run in 141.02 seconds Mar 5 04:30:06 srzarnsas007 puppet-agent[22690]: Retrieving plugin So /bin/sh gets defunc on Retrieving plugin.. What's my next step? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/q64JHzBgIloJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: zombie child process
Hi, So /bin/sh gets defunc on Retrieving plugin.. What's my next step? I would imagine, that adding code to either ignore SIGCHLD, or collect child status (exit code), or use Process.detach could help :-) KW -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Mi_JyQmdX7QJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: zombie child process
On Monday, March 5, 2012 12:23:52 PM UTC+1, Krzysztof Wilczynski wrote: I would imagine, that adding code to either ignore SIGCHLD, or collect child status (exit code), or use Process.detach could help :-) How and what in the what what now? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ljexHDROX0IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Running command in server
Dear Puppet users, I'm quite new to Puppet, and I know less about ruby. That's probably why I have this question, hopefully you could answer it. I have google'd quite a lot about it, without success: I install nodes on a private subnet, and they get their FQDN from a local DHCP server, so the $hostname variable is correct. But then I want to make puppet configure the machine's interface with the public IP address, and that's known by the production DNS server (not accessible from the client on the private subnet). Puppet Master has access to the production DNS, so I thought I could run a template (they run in the master, right?) to get the right IP, and pass it on to the puppet client. So I specify this inside the node {}: $new_ip=inline_template(%= system(\host $hostname|awk '{print \ $4}'\) -%) notify { New IP: $new_ip: } But I get: notice: New IP: true The weird thing is that the command is actually running well. If I run puppetmasterd by hand, with --no-daemonize, I can see the IP being written to stdout on the masterd. So, it seems the problem is that the template is not capturing the output of the system command. Do you know what am I doing wrong? How do I capture the system() output? Thanks! Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New hiera backend for mysql
Sounds like a great idea, but I am still trying to get a basic understanding of just puppet and hiera. I really like the idea of separating the. ode unique data from the general manifest, but I would like to see a beginner's guide to puppet/hiera. The other piece that I am very interested in is the hiera-gpg for storing things like MySQL passwords and other sensitive junque -Original Message- From: Craig Dunn To: puppet-users Sent: 2012-03-05 09:18:50 + Subject: [Puppet Users] New hiera backend for mysql Hi all, Over the weekend I came up with a new backend for hiera for looking up configuration values directly from a MySQL database that may be useful to some http://www.craigdunn.org/2012/03/introducing-hiera-mysql-mysql-backend-for-hiera/ http://github.com/crayfishx/hiera-mysql Regards Craig -- Craig Dunn | http://www.craigdunn.org Yahoo/Skype: craigrdunn | Twitter: @crayfishX -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Running command in server
Hi, Try using %x{} instead of system. The system() function returns the return code of the process, not the output. irb %x{hostname --fqdn}.chomp = dagon.fnord.no That worked, thanks! For the record, this is how it looks like: $new_ip=inline_template(%= %x{host $hostname|awk '{print \$4}'}.chomp %) notify { New IP: $new_ip: } Kind regards, Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Best practices for excluding certain modules from certain nodes
On Mar 2, 2:12 pm, Romeo Theriault romeo.theria...@maine.edu wrote: On Fri, Mar 2, 2012 at 08:56, Romeo Theriault romeo.theria...@maine.edu wrote: [...] one item I can't seem to find a clean way of dealing with is one-off nodes. For example, let's say I want to apply a class called zabbix::agent to my whole infrastructure, so I put it in common.yaml. But then I find out there are a few nodes that for whatever reason I can't apply this class to. Short of just not inheriting anything from common.yaml is there a clean way to say inherit everything from common except zabbix::agent? How are people dealing with the slight variations in their infrastructure? I realize it's possible to code some logic into the classes for these specific one-off hosts but that seems really hackish and brittle. After a bit more googling I found this informative puppet-users thread: http://groups.google.com/group/puppet-users/browse_thread/thread/6b59... which talks about creating special disabled classes which inherit the widely used class and set certain values to 'undef'. This seems like it's probably the way to go since it's the best method I've seen/heard of so far to deal with this. That is one of the standard approaches to the kind of problem you describe, and it is simultaneously one of the few appropriate uses for class inheritance. The post you referenced provides a rather specific solution, however, and your description of it suggests that you may not yet see how that generalizes. In particular, 1) Overriding resource properties is the entire purpose of class inheritance. 2) A subclass can override resource properties to any value, not just undef. In fact, I think overriding to undef is unusual. 3) Although setting a resource property to undef generally means that *property* is unmanaged, that's a very different thing from making the entire resource be unmanaged. 4) Not managing a resource (or property) is very different from managing it to an atypical state. Either might be what you want. Anyone else dealing with this in a different way? Not I, but I can offer some alternatives anyway. Hiera provides several: A) Put an if block in Class['zabbix-agent'] around everything else in the class body. Use hiera to look up the value controlling whether the condition is satisfied. That provides an opt-out that any node can be made to use simply by setting an appropriate value in its hiera data. B) As I recall (but have not used), hiera provides an ENC-like function whereby you can cause it to declare classes for your nodes based on class names it looks up in your data. You could use that to decide whether to apply Class['zabbix-agent'] instead of declaring it in a class / node declaration that every node uses. Leverage hiera's hierarchical structure. C) Instead of overriding certain resource properties in a subclass, have the erstwhile parent class use hiera to look up the wanted property values in the first place. This is a general-purpose alternative to class inheritance. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: fully qualified array of variables
On Mar 4, 4:47 am, Eslam Mamdouh emamd...@cloud9ers.com wrote: $replicas works now by replacing % if has_variable?(scope.lookupvar('class_name::params::replicas')) then % with % if has_variable?(class_name::params::replicas) then % but the problem now with $dbhost variable else condition i got that error after defining $mongodb variable instead of mongodb_replicas in nodes.pp undefined method `join' for :undef:Symbol any ideas ? As far as I can tell, nothing in your else block invokes a 'join' method, so I have to assume that either you have mischaracterized the error case or you have not shown the real template code. We will be able to help you better if you reduce the problem to a simpler test case, and present not only the template code but also all the relevant classes. A one-line template and a five-line class would be sufficient to test join()ing a host array in a template. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Module reusability
Hi, yesterday I published some ideas about improving the reusability of chef cookbooks on my blog. As I don't consider this issue chef-specific, you might be interested in this as well: http://blog.nistu.de/2012/03/04/reusability-in-configuration-management-systems/ I would love to discuss these ideas and see what people think about it. Do you see any fundamental differences in puppet that would render these ideas useless? cheers, Nikolay -- It's all part of my Can't-Do approach to life. Wally -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Master VMs
I am. I run ours on a 1GB RAM VM with 2 vCPUs. We manage about 500 Linux servers, each checking in every 30 mins. It's pretty much idle, though I'm gradually rolling out our modules so our catalog currently compiles fast. I'm using Webrick, and plan on moving to Passenger/Apache whenever it starts slowing down. Jeffrey On Thursday, March 1, 2012, Scott Merrill wrote: Is anyone running their Puppet Master server(s) as virtual guests? If so, how big are those VMs in terms of memory and virtual CPUs, and how many Puppet clients are they serving? Thanks! Scott -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet 2.7.11 requires ruby = 1.8.5
On Mar 2, 2012, at 5:19 PM, Russell Van Tassell wrote: The gem includes everything you will need... the (basic) difference is simply running puppet agent versus puppet master -- some packages just hide the simplicity (probably a legacy thing?). Note: I do not believe things like the sysconfig, logrotate and startup scripts get installed by default with the gem (it's been a while since I've done a fresh/virgin install in an environment) ... but those should be easy enough to find. Many folks seem to run things out of cron, anyway... I think you will find the various bits in the gem/conf directory (init/sysconfig/logrotate/etc.) Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: issues with new clients certs
On Fri, Mar 2, 2012 at 9:07 PM, Matthew Nicholson matthew.a.nichol...@gmail.com wrote: Furthermore I can verify the cert client side w/ the ca: root::wave { 10:34:20 Fri Mar 02 } ~- openssl verify -CAfile /var/lib/puppet/ssl/certs/ca.pem /var/lib/puppet/ssl/certs/wave.pem /var/lib/puppet/ssl/certs/wave.pem: OK My suggestion might only be tangentially related: SSL is handled a bit differently in the newer versions of ruby, http://projects.puppetlabs.com/issues/9084 Saw these kinds of errors all days and fixed it by running the client and server in the lower version of ruby(1.8.5). Hope it helps. -- Kish --- krisk.wordpress.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] File class overwritten by other classes
Dear Puppeteers, After many hours of reading manuals, books and google, I'm starting to thing there is no right way to edit files in puppet, and I must be wrong. A massive work is ahead (puppetizing our whole cluster) and I would like to start with the right foot. My idea is to make puppet a tool that describes the system as it should be, and files are no different. I don't want to have old entries in the /root/.ssh/authorized_keys, or in the /etc/sysctl.conf. I want that, when I remove a configuration item in Puppet, the file comes back to the situation it was before (as much as possible). Because of this, using Augeas, or Ssh_authorized_key, or custom shell-scripts add_line_if_not_present do not help by themselves (removing the item - or unimporting the containing class - does not remove the line). So, what I thought, is that I should use default files for those cases, and then edit afterwards. I do this, for example: class parent: file { /root/.ssh/authorized_keys: content = } class child inherits parent: ssh_authorized_key { Pablo: blabla } File [/root/.ssh/authorized_keys] - Ssh_authorized_key [Pablo] The problem I have is that, every time I run puppetd -t, I see how puppet is emptying the file, and populating it again, on the same run. And no matter how many times I run it (no changes in the manifests) it tells me the diffs of what the changes would be, that leave the file exactly like it was. And I noticed this happens with Augeas all the same, and if a file has a notification on a service, it will trigger a restart. Do you know a way to avoid this? Having a file changing all the time (even if it's wrong just for a second) is not what I want, and the same goes for restarting the service every 30 minutes for no reason. Or is there any other method to ensure a file is what you want it to be, without having all the possible options in different files? Thanks a lot! Pablo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] storeconfigs duplicate hosts?
So, we use storconfigs (thin) in our environment and recetly start to see thw following issue: First of all we use thin storeconfigs, and the only thing we really use it for currently is ssh keys, however we plan on using ti for nagios at some point. In our shop (HPC), we frequently rebuild hosts. Part of that process has always to clean the clients key from the master with puppet cert clean hostname1.domain, of course. Recently, however, I've started seeing more and more often systems that have been rebuilt, seemingly causing other systems to loop when added/modifying the rebuild hosts ssh key, specifically the alias's for it... Our manifest for doing this looks like: #Collect the host rsa key class ssh::hostkeys { @@sshkey { ${fqdn}_rsa: host_aliases = [ $fqdn, $hostname, $ipaddress ], type = rsa, key = $sshrsakey } } #Export known ssh keys to known_hosts file, aliases by ip, fqdn, and hostname class ssh::knownhosts { Sshkey | type == 'rsa' | {ensure = present} } Pretty simple/straight forward. However, on systems, after somehost1.domain has been rebuilt, show this over multiple runs: host_aliases changed [somehost1', 'somehost1.domain', '10.242.67.162'] to '10.242.67.162 somehost somehost1.domain' I've found the only way to prevent this to to use the puppetstoredconfigclean.rb script and kill the host from the database. For now I've simply wrapped this so one can clean the cert and kill the db entry in one pass. Is this correct/normal? I assumed, and have been told in IRC, that the host should overwrite itself in the db. Worthy of a bug report? A simple mis-config on our end? Any help would be great. -- Matthew Nicholson -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Duplicate definition + parameterized classes + class scope
I apologize if this horse has already been beaten to death, but I'm new here and very, very confused. I'm just starting to work with Puppet and I can not make heads or tails of the language: specifically how to use parameterized classes. I've spent a week reading the docs and testing manifests and I can't make any progress. I have a feeling that my confusion comes from the fact I have a programming background and that my understanding of certain terms (i.e. 'class' and 'scope') don't mean the same thing for Puppet as they do everywhere else. (And I thought I understood the concept of 'declarative language', but maybe not.) Here's an example of what I feel should work: class bar ($x='default') { notify { x=${x}: } } class foo { notify { 'Inside class foo': } class { 'bar' : x = 'inside foo', } } class baz { notify { 'Inside class baz': } class { 'bar' : x = 'inside baz', } } class { 'foo' : } class { 'baz' : } However, when I run this I get the following error: Duplicate definition: Class[Bar] is already defined in file test5.pp at line 10; cannot redefine at test5.pp:15 As I understand it, each class definition has it's own scope. So why can't I declare the same parameterized class from two different classes, especially when the parameters are different? If you can't do this then what's the point of having them? My understanding of the docs and how the scoping rules are moving towards 2.8, seems to imply that 'include' is bad and 'parameterized classes' are good. I'm cool with that, in fact I prefer that - it matches more of style of coding for other languages. Can somebody please explain what is going on? thx Chris. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] net ads join
Trying to set up a puppet module that runs through most of my samba/ domain joining steps. I have an exec statement where I run my net ads join -U administrator%password command. I would like to include an additional test statement where the command runs only if it hasn't already been joined to the domain yet; however, I cannot figure out how to syntactically use the test command so it works. The exec I was trying to use looks like: exec { path = /usr/bin, onlyif = 'test `net ads testjoin 21 | grep Join | sed -e \'s/ *Join is OK*/1/g\' -ne 1' command = 'net ads join -U administrator%password createcomputer=Samba } The onlyif doesn't work if the result of the testjoin returns Join is OK, depending on the test syntax, it just runs or doesnt regardless. There has to be a better way to do this... anyone with experience setting this up that cares to share? Anyone try using the refreshonly option somehow? Again, my goal here is just for the net ads join to run when the server is NOT joined to the domain (which should be rarely). Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to test functions in 2.7.X
So, many moons ago, the following used to work: require 'puppet' Puppet::Parser::Functions::function(:mangle_ip_address) s = Puppet::Parser::Scope.new # Mask the ipaddress variable s.setvar('ipaddress','11.22.33.44') s.mangle_ip_address However, now that we have to call 'lookupvar' in our functions, this doesn't work and gives the error: NoMethodError: undefined method `known_resource_types' for nil:NilClass from /usr/lib/ruby/site_ruby/1.8/puppet/resource/type_collection_helper.rb:5:in `known_resource_types' Does anyone have any ideas on how to get this working again? Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] net ads join
exec { path = /usr/bin, onlyif = 'test `net ads testjoin 21 | grep Join | sed -e \'s/ *Join is OK*/1/g\' -ne 1' command = 'net ads join -U administrator%password createcomputer=Samba } The onlyif doesn't work if the result of the testjoin returns Join is OK, depending on the test syntax, it just runs or doesnt regardless. There has to be a better way to do this... anyone with experience That regex doesn't look very nice. Are you sure running it from a regular shell produces what you want? What exactly is the net ads testjoin output look like? It would be much simpler to use: onlyif = net ads testjoin 21 | grep 'Join is OK' Which will use the return code of grep. If your code is exactly as shown in this email you are also missing a ` in your only if test, and your command = is not closed either. setting this up that cares to share? Anyone try using the refreshonly option somehow? Again, my goal here is just for the net ads join to run when the server is NOT joined to the domain (which should be rarely). Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Duplicate definition + parameterized classes + class scope
Hi, Here's what the docs say: Okay, we can pass parameters into classes now and change their behavior. Great! But classes are still always singletons; you can’t declare more than one copy and get two different sets of behavior simultaneously. And you’ll eventually want to do that! What if you had a collection of resources that created a vhost definition for a web server, or cloned a Git repository, or managed a user account complete with group, SSH key, home directory contents, sudoers entry, and .bashrc/.vimrc/etc. files? What if you wanted more than one Git repo, user account, or vhost on a single machine? Well, you’d whip up a defined resource type. So have a look at changing the bar class to a define instead. Cheers, Den On 06/03/2012, at 7:23, chris_sny...@sra.com chris_sny...@sra.com wrote: I apologize if this horse has already been beaten to death, but I'm new here and very, very confused. I'm just starting to work with Puppet and I can not make heads or tails of the language: specifically how to use parameterized classes. I've spent a week reading the docs and testing manifests and I can't make any progress. I have a feeling that my confusion comes from the fact I have a programming background and that my understanding of certain terms (i.e. 'class' and 'scope') don't mean the same thing for Puppet as they do everywhere else. (And I thought I understood the concept of 'declarative language', but maybe not.) Here's an example of what I feel should work: class bar ($x='default') { notify { x=${x}: } } class foo { notify { 'Inside class foo': } class { 'bar' : x = 'inside foo', } } class baz { notify { 'Inside class baz': } class { 'bar' : x = 'inside baz', } } class { 'foo' : } class { 'baz' : } However, when I run this I get the following error: Duplicate definition: Class[Bar] is already defined in file test5.pp at line 10; cannot redefine at test5.pp:15 As I understand it, each class definition has it's own scope. So why can't I declare the same parameterized class from two different classes, especially when the parameters are different? If you can't do this then what's the point of having them? My understanding of the docs and how the scoping rules are moving towards 2.8, seems to imply that 'include' is bad and 'parameterized classes' are good. I'm cool with that, in fact I prefer that - it matches more of style of coding for other languages. Can somebody please explain what is going on? thx Chris. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] @@file tricks..
Folks, I haven't tried this yet, but I certainly intend to. If I set up an exported file definition such that: @@file{'munin-node-file': content= template('blah'), path = /etc/munin.d/${hostname}.cfg } and then File 'munin-node-file' Do I understand correctly that I would see multiple files created for the path I've given? Or am I reaching? -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: @@file tricks..
This is exactly how I handle things. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] net ads join
I'm not sure how much membership-specific code you have, but if it's more than just this you may want a custom fact rather than using unless/onlyif every time. We use QAS instead of Samba for domain membership but the idea is the same: --vas_status.rb-- require 'facter' vastool = '/opt/quest/bin/vastool' if File.exists? vastool `#{vastool} status` if $?.success? Facter.add(vas_status) do setcode { joined } end else Facter.add(vas_status) do setcode { unjoined } end end else Facter.add(vas_status) do setcode { uninstalled } end end On 03/05/2012 12:35 PM, Kinzel, David wrote: exec { path = /usr/bin, onlyif = 'test `net ads testjoin 21 | grep Join | sed -e \'s/ *Join is OK*/1/g\' -ne 1' command = 'net ads join -U administrator%password createcomputer=Samba } The onlyif doesn't work if the result of the testjoin returns Join is OK, depending on the test syntax, it just runs or doesnt regardless. There has to be a better way to do this... anyone with experience That regex doesn't look very nice. Are you sure running it from a regular shell produces what you want? What exactly is the net ads testjoin output look like? It would be much simpler to use: onlyif = net ads testjoin 21 | grep 'Join is OK' Which will use the return code of grep. If your code is exactly as shown in this email you are also missing a ` in your only if test, and your command = is not closed either. setting this up that cares to share? Anyone try using the refreshonly option somehow? Again, my goal here is just for the net ads join to run when the server is NOT joined to the domain (which should be rarely). Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: @@file tricks..
I do check_mk configuration and Netbackup work via this method. On Mon, Mar 5, 2012 at 1:57 PM, windowsrefund windowsref...@gmail.comwrote: This is exactly how I handle things. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] net ads join
On Mon, Mar 05, 2012 at 12:26:24PM -0800, Adam wrote: Trying to set up a puppet module that runs through most of my samba/ domain joining steps. I have an exec statement where I run my net ads join -U administrator%password command. I would like to include an additional test statement where the command runs only if it hasn't already been joined to the domain yet; however, I cannot figure out how to syntactically use the test command so it works. -snip- I created a module that joins AD **unless** `verify_active_directory` returns good. It depends on 2 essential scripts: * verify_active_directory - has machine been joined? - is gssapi delegation enabled? * join_active_directory - join the domain - enable gssapi delegation I've posted the manifest and the templates for {verify,join}_active_directory at: https://gist.github.com/1982804 As written, the scripts also depend on... * `unldif`, which is at: https://github.com/jumanjiman/unldif * `wd`, which as at: https://github.com/jumanjiman/wd If you don't want to install eiffelstudio in order to compilet `wd`, simply remove `wd` from {verify,join}_active_directory. `wd` is a watchdog that protects me from broken DNS lookups. `unldif.sed` is absolutely essential to the scripts as written. The scripts are somewhat commented, but please let me know if you have specific questions about the scripts (and by me, I mean the list). If necessary, I can probably find some time during the day to sanitize company info from the other files in the module and post the other files, too. But the gist should get you started. hth, -paul -- Paul Morgan jumanji...@gmail.com RHCE, RHCDS, RHCVA, RHCSS, RHCA http://github.com/jumanjiman GPG Public Key ID: 0xf59e77c2 Fingerprint = 3248 D0C8 4B42 2F7C D92A AEA0 7D20 6D66 F59E 77C2 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Developers having access to deploy
Thanks for the replies, I can see that there is no easy setup to allow what I'm looking for :-( I will be looking a bit more on the External Node Classifier to see if this will solve my problem. We will be using puppet to fully automate everything that has to be performed on servers, so I will not be interested in using a different system to do the app-deployment than to do the OS deployment. I was hoping that maybe it was possible to do this task through the Dashboard, but I discovered that it was only a standard htpassword setup without any group knowledge or ACLs on nodes. Thomas On Friday, March 2, 2012 10:42:28 AM UTC+1, Thomas Rasmussen wrote: Hi I'm in the process of looking for a way to have developers deploying on their test systems without intervention of sysadmins, to solve this i'd like to use Puppet (either the OSS version or Enterprise, whichever solves the problem). I can manage to only grant access to certain systems and limit the ability to execute puppetd --test, however, the developers would like to create a new version of the application and then this should be put into place instead of the old version, but I can't seem to find a solution to this. I was thinking somewhat on the option to issue a command like this: puppetd --test --my-app-version 3.2.1 And then the puppet manifests will use the my-app-version variable to fetch and deploy this specific version. I know that the manifests should be developed with care, which is also the idea. Or what solutions do people use in case where developers should have access to deploy, but not have access to the puppetmaster server? hope that this can be done. Regards Thomas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_RYGb5crYiUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Avoiding duplicate definitions
Hello Puppeteers, one problem we stumble upon quite often is duplicate definition of resources. For instance we install the package git-core in our base- class every node is in. Now we want to use a module from github, e.g. https://github.com/uggedal/puppet-module-git, but this one also defines the package git-core and we have to find ugly fixes around the resulting error. As far as I understood puppet, there are two solutions: 1) wrapping each possibly problematic statement into a if ! defined(Type[bla]). 2) Defining all those resources virtually and just realize them in the modules. Both solutions don't help when taking this git module from github, because we'd have to change it, it would no longer be an atomic piece of logic one can just take and use unchanged. Is there some kind of best practice for this problem? Or is there some other workaround I don't know of or I didn't understand so far? Thanks for any suggestions! Thomas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] net ads join
On Mar 5, 2012 3:36 PM, Kinzel, David david.kin...@encana.com wrote: It would be much simpler to use: onlyif = net ads testjoin 21 | grep 'Join is OK' Which will use the return code of grep. Idk the onlyif interface offhand but you probably want a -q on the grep to suppress output. So, grep -q 'Join is OK' or fgrep -q 'Join is OK' -Jeremy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.