RE: [Puppet Users] Re: No child processes error message in dashboard
Possibly the UID under which the process is running has a resource limit and is not able to spawn a new process? You likely need to unlimit nproc for the puppet process. Steve Steve Shipway University of Auckland ITS UNIX Systems Design Lead s.ship...@auckland.ac.nz Ph: +64 9 373 7599 ext 86487 From: puppet-users@googlegroups.com [puppet-users@googlegroups.com] on behalf of mukulm [smilemukul2...@gmail.com] Sent: Tuesday, 13 March 2012 5:17 p.m. To: Puppet Users Subject: [Puppet Users] Re: No child processes error message in dashboard Can anyone assist whats the root cause of Could not evaluate: No child processes error message in dashboard how this can be resolved ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera and Nodeless Puppet HELP
On 02. mars 2012 14:15, Daysmen wrote: Hi Folks To begin with i am looking to deploy a completely new puppet config based on the truth module https://github.com/jordansissel/puppet-examples/tree/master/nodeless-puppet/modules/truth Just a general comment of nodeless Puppet and the truth-enforcer design: It is a great solution if you know what you are doing. First, you must really consider what and where is your source of truth, security wise. If not you could end up with root at any server in the design being able to override its truth to be whatever it wants to. If that is ok with you, then please go ahead. Our Puppet installation is multi-everything, platforms, roles, admins, organizational units and so on. A model where each node possibly could decide and/or override its truth would not work for us. -- http://www.uib.no/personer/Jan.Ivar.Beddari -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Database and user not created (Puppetlabs mysql module)
Hi, still no tiny step forward :( From puppet agent log: moteo@myHOST:~$ sudo puppet agent --no-daemonize --onetime --debug --verbose | grep ysql debug: /Stage[main]//Node[myHOST]/Php::Module[mysql]/Package[php-mysql]/notify: subscribes to Service[apache] debug: /Stage[main]/Mysql::Config/File[/root/.my.cnf]/require: requires Package[mysql-server] debug: /Stage[main]/Mysql::Config/File[/root/.my.cnf]/notify: subscribes to Exec[mysqld-restart] debug: /Stage[main]/Mysql::Config/File[/etc/mysql/my.cnf]/require: requires Package[mysql-server] debug: /Stage[main]/Mysql::Config/File[/etc/mysql/my.cnf]/notify: subscribes to Exec[mysqld-restart] debug: /Stage[main]//Node[myHOST]/Mysql::Db[mydb1]/Database_user[mydbuser@localhost]/require: requires Database[mydb1] debug: /Stage[main]/Mysql::Server/Package[mysql-server]/notify: subscribes to Service[mysqld] debug: /Stage[main]/Mysql::Config/Exec[set_mysql_rootpw]/require: requires Package[mysql-server] debug: /Stage[main]/Mysql::Config/Exec[set_mysql_rootpw]/require: requires Service[mysqld] debug: /Stage[main]/Mysql::Config/Exec[set_mysql_rootpw]/before: requires File[/root/.my.cnf] debug: /Stage[main]/Mysql::Config/Exec[set_mysql_rootpw]/notify: subscribes to Exec[mysqld-restart] debug: /Stage[main]//Node[myHOST]/Mysql::Db[mydb1]/Database_grant[mydbuser@localhost/mydb1]/require: requires Database_user[mydbuser@localhost] debug: /Stage[main]//Node[myHOST]/Mysql::Db[mydb1]/Database[mydb1]/require: requires Class[Mysql::Server] debug: /Stage[main]/Mysql::Config/File[/etc/mysql]/require: requires Package[mysql-server] debug: /Stage[main]/Mysql::Config/File[/etc/mysql]/notify: subscribes to Exec[mysqld-restart] debug: /Stage[main]/Mysql::Config/File[/etc/mysql/my.cnf]: Autorequiring File[/etc/mysql] debug: Service[mysqld](provider=debian): Executing '/etc/init.d/mysql status' debug: Exec[set_mysql_rootpw](provider=posix): Executing check 'mysqladmin -u root -pXXX status /dev/null' debug: Executing 'mysqladmin -u root -pXXX status /dev/null' There is: requires Database[mydb1] and requires Database_user[mydbuser@localhost], but user and database aren't created. And no errors also... Very strange... Can be anything Ubuntu specific? Thank You Moteo 2012/3/12 Moteo moteo@gmail.com: Hi everyone, I am new to Puppet and try to make some simple automation things. I have succeed with apache2, ssh modules, but have problems with Puppetlabs mysql module. It installs mysql server, changes/creates admin user password, but does not create database and user. I cannot find anything wrong in logs (--debug --verbose). I see that manifests is read, but no db/user in mysql. There is all my node config: include openssh include apache include php php::module { mysql: } include mysql class { 'mysql::server': config_hash = { root_password = } } mysql::db { 'mydb1': user = 'user1', password = 'x1', host = 'localhost', grant = ['all'], } apache::virtualhost { s1.test.com: } apache::virtualhost { s2.test.com: } What I have missed? Thank You Moteo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] CentOS 5 packages in EPEL are outdated ?
Hi, I tried using EPEL repositories as stated here: http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Red_Hat_Centos The Puppet version there is 2.6.14 or did I miss something? My concern is: will I have reports with that version? I'm using dashboard to keep an eye on my deployment and I need to know if there is a problem without checking on each server... Regards, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/rxMFQAtXVv0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: CentOS 5 packages in EPEL are outdated ?
Answering to myself: no 2.6.14 doesn't send reports. I'll have a look at yum.puppetlabs.com Le mardi 13 mars 2012 10:16:11 UTC+1, Julien C. a écrit : Hi, I tried using EPEL repositories as stated here: http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Red_Hat_Centos The Puppet version there is 2.6.14 or did I miss something? My concern is: will I have reports with that version? I'm using dashboard to keep an eye on my deployment and I need to know if there is a problem without checking on each server... Regards, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/HPKhWgzG_nwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet on OpenSuSE SLES
By the way, I just noticed the version in your repo is 2.7.10, which shouldn't be used according to puppetlabs. Any chance you can make the time to push a new version ? Le lundi 12 mars 2012 15:26:19 UTC+1, Darin Perusich a écrit : You can still build for unsupported SuSE distro's via the build service, we're doing this in the server:monitoring repo for SLES10, you just need to manually add. them. It shouldn't be a problem as long as all the ruby requirements are there. I'll take a look at enabling this. -- Later, Darin On Mon, Mar 12, 2012 at 9:47 AM, Julien C. cornu...@gmail.com wrote: Hi, thank you for your answer, I didn't know about your repository. It will definitely help on my most recent servers. However, that only solves part of my problem : about two thirds of my servers still run SLES 10. Even if SLES 10 isn't listed in the Supported Operating Systems page, puppet (installed by hand) runs fine on it. Le lundi 12 mars 2012 14:03:20 UTC+1, Darin Perusich a écrit : http://download.opensuse.org/repositories/home:/eclipseagent:/puppet/ http://download.opensuse.org/repositories/systemsmanagement/ http://forge.puppetlabs.com/darin/zypprepo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/viotSZofy8MJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yfkT93nEabAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet on OpenSuSE SLES
You mean like 2.7.12 that was just announced ? http://www.mail-archive.com/puppet-users@googlegroups.com/msg29190.html :) - Julien C. cornu...@gmail.com wrote: By the way, I just noticed the version in your repo is 2.7.10, which shouldn't be used according to puppetlabs. Any chance you can make the time to push a new version ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet dns requests
On Mar 12, 3:06 pm, Hugo Deprez hugo.dep...@gmail.com wrote: Thank you for the answer guys. I am currently migrating all the server on Debian Squeeze with puppet 2.6.2 I'll consider migrating to your packages repository. For the number of DNS requests, that's not an issue, I was just having a look at the DNS logs. But I think this is not optimized. What is the point for one execution of the daemon to request 80 times the same thing ? I can only speculate, but my first guess would be that the client is making a separate connection to download each of many 'source'd files. Perhaps some correspond to syncing plugins, though it's less clear why plugins would require multiple separate connections. Supposing that your client is not suffering from some kind of misconfiguration(*), it is anyway virtually certain that substantially all the DNS requests presage new connections being initiated from client to server. (*) Evidently your clients are not configured to perform hostname resolution caching. It could be argued that that constitutes a client misconfiguration. Turning on caching ought to reduce the number of DNS requests without interfering with your ability to change the master's IP or play other fun DNS games. Anyway using a record in the /etc/hosts could be an alternative. And that would certainly work too, as long as you are willing to accept the loss of flexibility. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet on OpenSuSE SLES
Or fallback to 2.7.9 maybe ? Le mardi 13 mars 2012 12:48:37 UTC+1, Ygor a écrit : You mean like 2.7.12 that was just announced ? http://www.mail-archive.com/puppet-users@googlegroups.com/msg29190.html :) - Julien C. cornu...@gmail.com wrote: By the way, I just noticed the version in your repo is 2.7.10, which shouldn't be used according to puppetlabs. Any chance you can make the time to push a new version ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yde3hk_wA10J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: CentOS 5 packages in EPEL are outdated ?
Use the rpmforge repos. That version is 2.7.9 http://wiki.centos.org/AdditionalResources/Repositories/RPMForge#head-5aabf02717d5b6b12d47edbc5811404998926a1b On Tuesday, March 13, 2012 5:29:54 AM UTC-4, Julien C. wrote: Answering to myself: no 2.6.14 doesn't send reports. I'll have a look at yum.puppetlabs.com Le mardi 13 mars 2012 10:16:11 UTC+1, Julien C. a écrit : Hi, I tried using EPEL repositories as stated here: http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Red_Hat_Centos The Puppet version there is 2.6.14 or did I miss something? My concern is: will I have reports with that version? I'm using dashboard to keep an eye on my deployment and I need to know if there is a problem without checking on each server... Regards, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Y8rG9Sk_SPwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can't sign certificate
Sorry for not responding since a long time. I still have the same problem. I checked the clocks by running: /usr/sbin/ntpdate fr.pool.ntp.org on client and server. I just did noticed that my are not under debian lenny but under ubuntu 8.04 for my server and ubuntu 10.04 for my new client. All my working client are running under ubuntu 8.04. Do you think that the problem could be coming from the differencies betwwen the OS ? On 15 fév, 19:12, Dan White y...@comcast.net wrote: Make sure the clocks are in sync “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -Kkweitarnold.ka...@gmail.com wrote: Not in my case. I do have the puppetmaster service started. On Feb 15, 5:31 pm, Eric Lake el...@lexmark.com wrote: I had the same kind of thing happening to me today I think. Turns out in my case that the puppetmaster service was not started on my puppet server. On Feb 15, 11:04 am,Kkweitarnold.ka...@gmail.com wrote: Hi, I'm new with using Puppet. Both my clients and the master are under debian lenny. I have to add a client on a Puppet master which is already running. I did put for my new client the same config than the others client running have. On Puppet client when i run: puppetd --server puppet --waitforcert 60 --test I get the following message: warning: peer certificate won’t be verified in this SSL session notice: Did not receive certificate Then, on my Puppet master I run: puppetca --list And that's my problem ! I don't see my new client in the list ! I did add my new client's hostname in the Puppett master's /etc/host file. My new client is on a network that is allowed to communicate with my Puppet master and when i run tcpdump on port 8140 i can see packets coming from my client. Does anybody have a clue to help me ? thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet-dashboard running on puppet-server (SL6)
Hi all, I've installed a new puppet-server and I wanted to add puppet-dash-board for reports (only). # rpm -qa|grep puppet|sort puppet-2.7.11-2.el6.noarch puppet-dashboard-1.2.6-1.el6.noarch puppet-server-2.7.11-2.el6.noarch So, I've followed http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html + http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#configuring-puppet but I don't see any report in my dash-board. Logs periodically show: Processing ReportsController#upload (for X.Y.Z.W at 2012-03-13 14:38:09) [POST] Parameters: {controller=reports, action=upload} Completed in 104ms (View: 0, DB: 100) | 200 OK [http://puppet-server-alias.domain.com/reports/upload] and dashboard shows: 456 pending tasks. My database.tml looks like: production: database: dashboard username: X password: Y encoding: utf8 adapter: mysql Mysql databases has the correct tables; mysql show tables - ; +--+ | Tables_in_dashboard | +--+ | delayed_job_failures | | delayed_jobs | [...] | timeline_events | +--+ 18 rows in set (0.00 sec) Puppet.conf at master: [master] [...] reports = http, store reporturl = http://puppet-server-alias.domain.com:3000/reports/upload and clients have reports enabled (but they run puppet 2.6.X). I can see reports in the master: # ls -lsa /var/lib/puppet/reports/ Display all 101 possibilities? (y or n) Could someone help me to find what I'm missing in this conf? TIA, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Can't send certificate request
I can't get a new client working with my puppet master. When I try to run 'puppet agent --test' on the client, I get err: Could not request certificate: Connection refused - connect(2) Exiting; failed to retrieve certificate and waitforcert is disabled I can't telnet from the client to the server on port 8140. There are no firewalls between the 2 servers. I've turned off iptables and ip6tables on both servers. The times are sync'd. Both servers can ping each other by IP address and hostname. Doing a netstat -an on the puppet master server shows that it is not listening on port 8140. Yet, I have verified that pe-puppet is running. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WEyyqRVvbgsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-dashboard running on puppet-server (SL6)
On Mar 13, 2012, at 9:37 AM, Arnau Bria wrote: Hi all, I've installed a new puppet-server and I wanted to add puppet-dash-board for reports (only). # rpm -qa|grep puppet|sort puppet-2.7.11-2.el6.noarch puppet-dashboard-1.2.6-1.el6.noarch puppet-server-2.7.11-2.el6.noarch So, I've followed http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html + http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#configuring-puppet but I don't see any report in my dash-board. Logs periodically show: Processing ReportsController#upload (for X.Y.Z.W at 2012-03-13 14:38:09) [POST] Parameters: {controller=reports, action=upload} Completed in 104ms (View: 0, DB: 100) | 200 OK [http://puppet-server-alias.domain.com/reports/upload] and dashboard shows: 456 pending tasks. This high number of pending tasks mean the reports are coming in, but the dashboard workers that ingest the reports are not started. Go into your dashboard installation directory and run: env RAILS_ENV=production script/delayed_job -p dashboard -n 4 -m start The '-n 4' argument is for a four core machine. You should use a number that matches the number of cores in your own server. This is documented here: http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#starting-and-managing-delayed-job-workers -- Peter M. Bukowinski Sr. Systems Engineer Janelia Farm Research Campus, HHMI -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
AW: [Puppet Users] Can't send certificate request
Von: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] Im Auftrag von Mike Gesendet: Dienstag, 13. März 2012 15:04 An: puppet-users@googlegroups.com Betreff: [Puppet Users] Can't send certificate request I can't get a new client working with my puppet master. When I try to run 'puppet agent --test' on the client, I get err: Could not request certificate: Connection refused - connect(2) Exiting; failed to retrieve certificate and waitforcert is disabled I can't telnet from the client to the server on port 8140. There are no firewalls between the 2 servers. I've turned off iptables and ip6tables on both servers. The times are sync'd. Both servers can ping each other by IP address and hostname. Doing a netstat -an on the puppet master server shows that it is not listening on port 8140. Yet, I have verified that pe-puppet is running. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WEyyqRVvbgsJ. To post to this group, send email to puppet-users@googlegroups.commailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.commailto:puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
AW: [Puppet Users] Can't send certificate request
Try puppet agent --verbose --debug --server your.server --environment your_env --waitforcert 60 --no-daemonize Bernd Von: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] Im Auftrag von Bernd Adamowicz Gesendet: Dienstag, 13. März 2012 15:54 An: 'puppet-users@googlegroups.com' Betreff: AW: [Puppet Users] Can't send certificate request Von: puppet-users@googlegroups.commailto:puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] Im Auftrag von Mike Gesendet: Dienstag, 13. März 2012 15:04 An: puppet-users@googlegroups.commailto:puppet-users@googlegroups.com Betreff: [Puppet Users] Can't send certificate request I can't get a new client working with my puppet master. When I try to run 'puppet agent --test' on the client, I get err: Could not request certificate: Connection refused - connect(2) Exiting; failed to retrieve certificate and waitforcert is disabled I can't telnet from the client to the server on port 8140. There are no firewalls between the 2 servers. I've turned off iptables and ip6tables on both servers. The times are sync'd. Both servers can ping each other by IP address and hostname. Doing a netstat -an on the puppet master server shows that it is not listening on port 8140. Yet, I have verified that pe-puppet is running. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WEyyqRVvbgsJ. To post to this group, send email to puppet-users@googlegroups.commailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.commailto:puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.commailto:puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.commailto:puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-dashboard running on puppet-server (SL6)
On Tue, 13 Mar 2012 10:20:37 -0400 Peter Bukowinski wrote: Hi Peter, This is documented here: http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#starting-and-managing-delayed-job-workers Thanks a lot, I can't figure out how I did not see that part of the doc. Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can't send certificate request
I think I've found the solution. I'm not sure what the original root issue was, but at some point during the troubleshooting process, I cleared out the certs on the puppet master server. This was preventing pe-httpd from starting. Once I restored the certs, pe-httpd could start, and everything worked. On Tuesday, March 13, 2012 9:04:15 AM UTC-5, Mike wrote: I can't get a new client working with my puppet master. When I try to run 'puppet agent --test' on the client, I get err: Could not request certificate: Connection refused - connect(2) Exiting; failed to retrieve certificate and waitforcert is disabled I can't telnet from the client to the server on port 8140. There are no firewalls between the 2 servers. I've turned off iptables and ip6tables on both servers. The times are sync'd. Both servers can ping each other by IP address and hostname. Doing a netstat -an on the puppet master server shows that it is not listening on port 8140. Yet, I have verified that pe-puppet is running. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/d8FK_Ycgp2QJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Master server migration and problem? 2.6 to 2.7
Thanks. I tried to touch sites.pp and nodes.pp but still no luck. On Mar 12, 5:32 pm, vagn scott vagnsc...@gmail.com wrote: On 03/12/2012 08:22 PM, MF wrote: Hello, I am setting up a new master server and migrating my configuration from my current master server. I am also upgrading from 2.6 to 2.7. I have the new server built and integrated with Apache, Passenger, and Dashboard just like on my current server. I moved over all my modules in /etc/puppet/modules as well as my site and node manifests in /etc/ puppet/manifests. I did not move over the entire /var/lib/puppet/ssl dir. At this point I am just testing with two nodes. The two clients connect fine and have their certs verified and can connect to puppet and be seen in dashboard. But when I try to add one of my existing module/class to the nodes the configuration is never updated. The puppet agent runs fine and says finished catalog run but the configuration is not modified. I see no errors on either the server or the client and the certs seem to be just fine. Anyone have any suggestions? Thanks in advance for your help. Maybe you need to do this: touch /etc/puppet/manifests/site.pp -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Master server migration and problem? 2.6 to 2.7
On Mon, Mar 12, 2012 at 5:22 PM, MF mfc...@gmail.com wrote: Hello, I am setting up a new master server and migrating my configuration from my current master server. I am also upgrading from 2.6 to 2.7. I have the new server built and integrated with Apache, Passenger, and Dashboard just like on my current server. I moved over all my modules in /etc/puppet/modules as well as my site and node manifests in /etc/ puppet/manifests. I did not move over the entire /var/lib/puppet/ssl dir. At this point I am just testing with two nodes. The two clients connect fine and have their certs verified and can connect to puppet and be seen in dashboard. But when I try to add one of my existing module/class to the nodes the configuration is never updated. The puppet agent runs fine and says finished catalog run but the configuration is not modified. I see no errors on either the server or the client and the certs seem to be just fine. Anyone have any suggestions? Dashboard data is retrieved from an ENC script configured in puppet.conf [master] section: node_terminus = exec external_nodes = /etc/puppetlabs/puppet-dashboard/external_node If you run this script with the node name it should reflect the changes made in dashboard: /etc/puppetlabs/puppet-dashboard/external_node hostname If it's not retrieving the correct data, check the script and make sure it connecting to the right system: ENC_BASE_URL=https://localhost:443/nodes; HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Labs Monthly Newsletter - March 2012
* PUPPET LABS MONTHLY NEWSLETTER - MARCH 2012 ** Getting Started With Puppet **Weekly Webinar: Ask Your Puppet Enterprise Questions. Get a Live Management demo, and ask your burning PE questions. http://bit.ly/wniXs0 **NEW: Puppet Module Cheat Sheet. A one-page reference to Puppet module layout, covering classes and defined types, files, templates, and plugins. http://bit.ly/zNeN7F **HOWTO: Automatically Test Your Puppet Modules with rspec-puppet, puppet-lint and Travis CI. Tim Sharpe does it again! http://bit.ly/youwga **Download the Learning Puppet VM: Learn and practice your Puppet skills in safety. http://bit.ly/xRdAs2 **Use Case: Tumblr. Read how Puppet helps Tumblr scale. http://bit.ly/xmMUat Puppet Master Power-Ups **Use Case: Puppet at Gov.uk. Pulling the servers' strings. http://bit.ly/wBKNGg **How-to: Continous Delivery for Enterprise Java Applications. Build a Java Platform-as-a-Service cloud. http://bit.ly/yqH4lx **SLIDES: OpenNMS Puppet: Who Pulls the Strings? One of the must-reads from FOSDEM. http://bit.ly/zeKZLG **Silicon Angle: Why Model-Drive Configuration Management Rules. Find out directly from Luke Kanies. http://bit.ly/Ay9kzp Graphic of the Month **Check out our upcoming Puppet Camps (Edinburgh on March 23, Stockholm on March 28, Amsterdam on April 2, and New York on April 27), and contact us if you want a Camp in your region. http://bit.ly/ygRC1L DevOps In Action **Decentralize your DevOps with Masterless Puppet and supply_drop. In our ever-changing infrastructure, Puppet allows us to quickly provision and re-provision servers in multiple environments. http://bit.ly/wm4lft Puppet Community **Introducing the Puppet Labs Community Manager. Get to know @stahnma, and read up on his plans for the community. http://bit.ly/xpNo9f **2012 FOSDEM recap. Highlights from the trip, and see you in 2013. http://bit.ly/y7uax0 Puppet In The News **TechTarget: Hybrid Cloud Management Tools and Strategies. Tips on getting the most from your cloud deployment. http://bit.ly/xWn8yX **2011 LinuxQuestions.org Members Choice Awards. Can you guess the Configuration Management Tool of the Year? http://bit.ly/xUyOXw **Read Write Web: Is Your Cloud Over-Provisioned? Measure your provisioning for fun and profit. http://rww.to/AqRO1T Upcoming Puppet Camps **Edinburgh - March 23: http://bit.ly/Ahlqg2 **Stockholm - March 28: http://bit.ly/yh048m **Amsterdam - April 2: http://bit.ly/zKQ2cR **New York City - April 27: http://bit.ly/zef3ff more: http://http://bit.ly/ygRC1L Upcoming Events **Puppet Enterprise 2.0 QA webinars, Fri, Jan 13: http://bit.ly/ABI3X4 **Cascadia IT Conf - Seattle, Fri, Mar 23 - Sat, Mar 24: http://bit.ly/Ax4326 Upcoming Trainings **Dallas Puppet Master, Tue, Mar 13 - Thu, Mar 15: http://bit.ly/whFihI **Sydney Puppet Master, Tue, Mar 13 - Thu, Mar 15: http://bit.ly/yVYJ5W **Melbourne Puppet Master, Mon, Mar 19 - Wed, Mar 21: http://bit.ly/z5rrD0 **London Developer, Tue, Mar 27 - Thu, Mar 29: http://bit.ly/ArZqmi **Bay Area Developer, Tue, Mar 27 - Thu, Mar 29: http://bit.ly/xvx3s3 more: http://bit.ly/z5P1P7 Module of the Week **BenoitCattie/nginx http://bit.ly/zmtNi8 **saz/sudo http://bit.ly/zLwkDK **puppetlabs/stdlib (part 1) http://bit.ly/Acp1GK The Puppet Forge: http://bit.ly/zrImXl New Jobs **Release Engineer: http://bit.ly/wQE1qt **Product Marketing Manager: http://bit.ly/xHqE0E **Account Manager (Inside Sales): http://bit.ly/xVaAmJ **Sr. Sales Engineer: http://bit.ly/ziDUzb **Operations Engineer: http://bit.ly/wYesGJ **Sr. Professional Services
[Puppet Users] Creating multiple resources from an array
Hi, I'm currently trying to write a module to manage Squid, including the SSL certificates it uses. Sometimes you want Squid to listen on multiple IPs with multiple certificates, so I'm trying to get Puppet to push the certificates to the nodes and configure Squid accordingly. I've run into a problem with the idea of pushing multiple certificates though. The module has a definition called squid::config, which is called in each node manifest if you need to override certain settings on the node. For example, if a node needed Squid to use two certificates, you would put this in the manifest: squid::config { www.example.com: certificatename = ['www.example.com','www.example2.com'] } Now, I've got the config file management working fine, but getting it to push the certificates and private keys is a pain. Essentially I need Puppet to iterate over the keys in the array as part of a file resource, like this: file { /etc/squid/keys/$certificatename.crt: ensure = present, source = puppet:///modules/squid/certificates/$certificatename.crt } file { /etc/squid/keys/$certificatename.key.pem: ensure = present, source = puppet:///modules/squid/certificates/ $certificatename.key.pem } It would then grab the .crt files from the /certificates directory and put them on the node. If I was writing this in Bash, I'd just use a for loop, but that isn't an option with Puppet as far as I can see... I've tried a number of different things, but I keep on hitting a brick wall, to the point that I think I'm just approaching this in entirely the wrong way. If anyone could give me some advice on how to proceed it would be much appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announcing stdlib module 2.3.0
Hello, We're pleased to announce the release of the stdlib module at version 2.3.0 [1]. This feature release is fully backwards compatible with all previous releases of the stdlib module since version 2.0.0 and is tested to work with Puppet 2.6 and 2.7. The stdlib module follows semver.org guidelines for version numbers. [1] http://links.puppetlabs.com/stdlib230 The module may be installed from the Forge using the puppet-module tool: puppet-module install stdlib This feature release contains the following new features since version 2.2 * (#10802) add new function get_module_path - Dan Bode * New str2saltedsha512 function for OS X Passwords - Gary Larizza * Update the documentation comment - Richard Clamp * implement #11017 - make file_line type ensurable - Peter Meier * (#12776) Added validate_slength function and rspec test - Chris Spence * (#12357) Fix root_home fact on Windows - Jeff McCune * (#12357) Add puppet_vardir custom fact - Jeff McCune * (#12357) Make facter_dot_d look in Puppet[:confdir]/facts.d - Jeff McCune * (#12357) Add validate_absolute_path() function - Jeff McCune * (#12357) Add ability to display an error message from validate_re - Jeff McCune * Update CHANGELOG, Modulefile for 2.3.0 release - Jeff McCune Cheers, -Jeff McCune -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] vhost creation with and without ssl
Hello, I have this defined resource type which is working perfectly until I want an ssl an http vhost pointing to the same directory in which case the unique $servername variable became a singleton Do you have any idea how to get around this? I am pretty tired at the moment and cant think of any good solution. define vhost ($servername = ${hostname}.${domain}, $serveralias = [ www.${hostname}.${domain} ], $inorout = 1, $owner = root, $group = root, $enabled = link, $rewrite = , $ssl = false, $cacert = , $certchain = , $certfile = , $keyfile = ) { $filename = $ssl ? { 'true' = ${servername}-ssl, 'false' = ${servername}, } file{ /etc/apache2/sites-available/${filename}: ensure = present, content = template(${module_name}/vhost.erb), require = Package['apache2'], notify = Service['apache2'], } file{ /etc/apache2/sites-enabled/${filename}: ensure = ${enabled}, target = /etc/apache2/sites-available/${filename}, require = File[/etc/apache2/sites-available/${filename}], notify = Service['apache2'], } file{ /var/www/${servername}: ensure = directory, owner = ${owner}, group = ${group}, recurse = true, require = Package['apache2'], } file{ /var/www/${servername}/html/: ensure = directory, require = File[/var/www/${servername}], } } Node configuration node eurwebtest03 inherits eurwebtest-template { vhost{ 'test': servername = 'test.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test1': servername = 'test.eurweb.com', enabled = 'link', inorout = '0'; 'test2': servername = 'test2.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test3': servername = 'test3.eurweb.com', enabled = 'link', inorout = '0'; } } Thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Use onlyif in EXEC
On Monday, March 12, 2012 5:52:53 PM UTC-5, ed209 wrote: Checkout the 'creates' property, it seems like a cleaner way of doing this: http://docs.puppetlabs.com/references/2.6.8/type.html#exec Pardon the newbie question, but does work on or de-reference symlinks? Cheers. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uiuySO1RfNMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: vhost creation with and without ssl
I moved out the directory creations into a different class and included that class and it is working now. On Mar 13, 8:05 pm, Peter Horvath peter.horvat...@gmail.com wrote: Hello, I have this defined resource type which is working perfectly until I want an ssl an http vhost pointing to the same directory in which case the unique $servername variable became a singleton Do you have any idea how to get around this? I am pretty tired at the moment and cant think of any good solution. define vhost ($servername = ${hostname}.${domain}, $serveralias = [ www.${hostname}.${domain} ], $inorout = 1, $owner = root, $group = root, $enabled = link, $rewrite = , $ssl = false, $cacert = , $certchain = , $certfile = , $keyfile = ) { $filename = $ssl ? { 'true' = ${servername}-ssl, 'false' = ${servername}, } file{ /etc/apache2/sites-available/${filename}: ensure = present, content = template(${module_name}/vhost.erb), require = Package['apache2'], notify = Service['apache2'], } file{ /etc/apache2/sites-enabled/${filename}: ensure = ${enabled}, target = /etc/apache2/sites-available/${filename}, require = File[/etc/apache2/sites-available/${filename}], notify = Service['apache2'], } file{ /var/www/${servername}: ensure = directory, owner = ${owner}, group = ${group}, recurse = true, require = Package['apache2'], } file{ /var/www/${servername}/html/: ensure = directory, require = File[/var/www/${servername}], } } Node configuration node eurwebtest03 inherits eurwebtest-template { vhost{ 'test': servername = 'test.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test1': servername = 'test.eurweb.com', enabled = 'link', inorout = '0'; 'test2': servername = 'test2.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test3': servername = 'test3.eurweb.com', enabled = 'link', inorout = '0'; } } Thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Use onlyif in EXEC
You might want to rephrase your question, as it is not obvious, at least not to me. Mohamed. On Tue, Mar 13, 2012 at 4:26 PM, Trammael evilen...@gmail.com wrote: On Monday, March 12, 2012 5:52:53 PM UTC-5, ed209 wrote: Checkout the 'creates' property, it seems like a cleaner way of doing this: http://docs.puppetlabs.com/references/2.6.8/type.html#exec Pardon the newbie question, but does work on or de-reference symlinks? Cheers. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uiuySO1RfNMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] restarting the smf services on solaris 10
Maybe you could test setting the start command of that service explicitly to be: /usr/sbin/svcadm disable myservice /usr/sbin/svcadm enable myservice http://docs.puppetlabs.com/references/stable/type.html#service Mohamed. On Tue, Mar 13, 2012 at 3:03 PM, Afroz Hussain hussainaph...@gmail.com wrote: Hi, Is there any way to restart a service based on the status of the service using Puppet service resource? I want to check the status of the service first then disable it , and make sure that the service has disable successfully then start the service. Any help will be appreciated. Thanks in advance Afroz Hussain -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence
The numbering in the firewall resource names is not meant for ordering their executing, but for guaranteeing their uniqueness. I too found that using stages is the only usable way out of this. Just out of curiosity, what do you mean by: We ended up in situations where the drop rules would kick before the allow established rules, and thus kill the puppet run In my experience, what breaks is the reporting attempt puppet clients makes to the master, not the puppet run itself. Mohamed. On Sat, Mar 10, 2012 at 2:14 PM, Christian McHugh christian.mch...@gmail.com wrote: Sounds interesting. As far as I've seen, the puppetlabs-firewall resource activates instantly. I've not tried to have them all write out to a file and trigger an exec iptables-restore. If the firewall resource kicks the only way I think it can, then we had an issue of firewall ordering. While rules are defined as 100 open port and 999 drop all the numbering did not seem to make any difference. We ended up in situations where the drop rules would kick before the allow established rules, and thus kill the puppet run. Our workaround was to run our base open ports rules in a pre stage, normal service stuff in main, and the drop in post. If you have any recommendations for a better way to handle the fireall, I'd love to hear about it. On Saturday, March 10, 2012 1:11:02 AM UTC-6, tujwww wrote: Looks like you are applying the rules in Pre, Main and Post stage using firewall, i wonder what could be the requirement to apply the rules in different stages instead of creating a File resource, Service notify trigger using Exec iptables-restore, if you don't mind giving a little elaboration. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/_GIF40iCIRYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: puppetlabs-firewall stages and persistence
I appreciate the interest but I don't understand how you can tell me you don't have any experience with the module but yet know that I'm doing it wrong. The puppetlabs firewall module does not have classes or anything else to base a dependency on. I agree, I would rather not use stages, which is why I originally posted this to see how folks were making it go. If you do find a way to order rules without stages I'd love to hear about it. On Monday, March 12, 2012 7:49:18 AM UTC-5, jcbollinger wrote: It is incorrect that you must use run stages to achieve your desired ordering. In fact, it is *never* the case that run stages are the only solution to ordering issues in Puppet, because there is nothing you can do with them that you cannot also do with ordinary resource relationships. In many cases, solving an ordering problem by use of run stages is like putting in a tack with a sledgehammer: not only is it overkill, it also doesn't afford much precision or finesse. I have no experience with the module in question, so I have no specific suggestions to offer, but if you find run stages too crude a tool for your task then I can advise you about how to achieve your ordering requirements otherwise. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/t6rnTOXMrNgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence
In the pre main stage I have defined rules to allow outbound and allow related and established. In the post main stage, it does a drop all. Before this was organized into stages, occasionally the drop all would get applied before keep established and allow outbound, and thus the client could lose its connection to the puppet master mid run. On Tuesday, March 13, 2012 4:16:07 PM UTC-5, Mohamed wrote: Just out of curiosity, what do you mean by: We ended up in situations where the drop rules would kick before the allow established rules, and thus kill the puppet run In my experience, what breaks is the reporting attempt puppet clients makes to the master, not the puppet run itself. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xBTznk59RKkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating multiple resources from an array
On Mar 13, 11:28 am, Andy Taylor andytaylo...@gmail.com wrote: Hi, I'm currently trying to write a module to manage Squid, including the SSL certificates it uses. Sometimes you want Squid to listen on multiple IPs with multiple certificates, so I'm trying to get Puppet to push the certificates to the nodes and configure Squid accordingly. I've run into a problem with the idea of pushing multiple certificates though. The module has a definition called squid::config, which is called in each node manifest if you need to override certain settings on the node. For example, if a node needed Squid to use two certificates, you would put this in the manifest: squid::config { www.example.com: certificatename = ['www.example.com','www.example2.com'] } Now, I've got the config file management working fine, but getting it to push the certificates and private keys is a pain. Essentially I need Puppet to iterate over the keys in the array as part of a file resource, like this: file { /etc/squid/keys/$certificatename.crt: ensure = present, source = puppet:///modules/squid/certificates/$certificatename.crt } file { /etc/squid/keys/$certificatename.key.pem: ensure = present, source = puppet:///modules/squid/certificates/ $certificatename.key.pem } It would then grab the .crt files from the /certificates directory and put them on the node. If I was writing this in Bash, I'd just use a for loop, but that isn't an option with Puppet as far as I can see... I've tried a number of different things, but I keep on hitting a brick wall, to the point that I think I'm just approaching this in entirely the wrong way. If anyone could give me some advice on how to proceed it would be much appreciated. Puppet DSL does not support iteration, but it does support declaring multiple resources based on an array of the desired resource titles. That may feel like iteration to you, and it probably will be sufficient for your purposes. One typically combines that with defined types to tackle the sort of problems that are described as I need Puppet to iterate [...].. modules/mysquid/manifests/certificate.pp == define mysquid::certificate () { file { /etc/squid/keys/${name}.crt: ensure = present, source = puppet:///modules/squid/certificates/${name}.crt } file { /etc/squid/keys/${name}.key.pem: ensure = present, source = puppet:///modules/squid/certificates/${name}.key.pem } } somewhere/else/manifests.pp == ... mysquid::certificate { $certificatname: } ... This relies on the facts that 1) When you use an array as a resource title, Puppet interprets it as a declaration of one resource for each array element, with the array element as the resource title, all with the same parameters; and 2) inside the definition body, the variable ${name} automagically refers to the name/title of the resource instance. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Creating multiple resources from an array
And tell Barney I said hey. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: vhost creation with and without ssl
But still the problem with include that it includes the directory creation class once so it creates only the first docroot directory. and the directory for test2 and test3 will not be created. Can you help me a way around this? On 13 March 2012 20:32, Peter Horvath peter.horvat...@gmail.com wrote: I moved out the directory creations into a different class and included that class and it is working now. On Mar 13, 8:05 pm, Peter Horvath peter.horvat...@gmail.com wrote: Hello, I have this defined resource type which is working perfectly until I want an ssl an http vhost pointing to the same directory in which case the unique $servername variable became a singleton Do you have any idea how to get around this? I am pretty tired at the moment and cant think of any good solution. define vhost ($servername = ${hostname}.${domain}, $serveralias = [ www.${hostname}.${domain} ], $inorout = 1, $owner = root, $group = root, $enabled = link, $rewrite = , $ssl = false, $cacert = , $certchain = , $certfile = , $keyfile = ) { $filename = $ssl ? { 'true' = ${servername}-ssl, 'false' = ${servername}, } file{ /etc/apache2/sites-available/${filename}: ensure = present, content = template(${module_name}/vhost.erb), require = Package['apache2'], notify = Service['apache2'], } file{ /etc/apache2/sites-enabled/${filename}: ensure = ${enabled}, target = /etc/apache2/sites-available/${filename}, require = File[/etc/apache2/sites-available/${filename}], notify = Service['apache2'], } file{ /var/www/${servername}: ensure = directory, owner = ${owner}, group = ${group}, recurse = true, require = Package['apache2'], } file{ /var/www/${servername}/html/: ensure = directory, require = File[/var/www/${servername}], } } Node configuration node eurwebtest03 inherits eurwebtest-template { vhost{ 'test': servername = 'test.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test1': servername = 'test.eurweb.com', enabled = 'link', inorout = '0'; 'test2': servername = 'test2.eurweb.com', ssl = 'true', enabled = 'link', inorout = '0'; 'test3': servername = 'test3.eurweb.com', enabled = 'link', inorout = '0'; } } Thank you -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Security Opportunity
I am working on a role that is a hybrid of Security testing and DevOps specifically related to Puppet. Please let me know if anyone is interested in learning more. Thanks, Jennifer Gandy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet eating solaris 10 crontab for lunch
Ugh, this isn't a nice bug to find out about. Just found out that on a few of our Solaris 10 global zones, puppet is destroying the crontab entry of the root user. It seems to be related to a hang in facter. I'm not 100% sure, but it seems the issue is occurring when facter runs 'prtdiag' on the hosts and prtdiag hangs midway (prtdiag is hanging due to the picld daemon being in a funky state and not returning the sensor data). It seems that this in turn puts puppet in a funky state, not sure how or why though. Here are the logs the solaris 10 box returns after it's crontab gets destroyed: ERR Puppet Could not prefetch cron provider 'crontab': Could not read crontab for root: No child processes NOTICE /Stage[main]/Puppet/Cron[puppet]/ensure created NOTICE Puppet Finished catalog run in 2.52 seconds After this the only thing that exists in the crontab is the entry we have puppet adding. I found this bug: http://projects.puppetlabs.com/issues/1672 which says there was a fix and it was merged but we're still seeing this issue... puppet agent v. 2.7.9 facter v. 1.6.5 Any suggestions or work-arounds short of not using the cron provider or completely managing the hosts crontab's centrally? Neither of which are ideal for us at the moment. Puppet should be returning the original crontab file should there be any failure. This is not comforting. -- Romeo -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppetlabs-firewall stages and persistence
This ordering behaviour is as you state, and the numbers in the namevar are ultimately for how they get ordered in the file ruleset as you state - but not what order they are _inserted_. Ideally it would be great to have insertion order and order in the firewall list to be the same - but this doesn't work yet, and there are reasons why this isn't always desirable. Some people have suggested modifying the rule file, instead of changing the rule directly to work around this - and there are certainly merits in that approach (and drawbacks). So I think though the documentation needs updating. This is what I use in top scope, and I've included the pre/post classes that belong in their respective module ultimately: https://gist.github.com/2032141 You'll notice I ultimately don't use stages here, to avoid the problem some people have with the exec being in the main stage. If people can try this methodology and see if it works that would be much appreciated, then the documentation can be updated to reflect this pattern instead. ken. On Tue, Mar 13, 2012 at 2:27 PM, Christian McHugh christian.mch...@gmail.com wrote: In the pre main stage I have defined rules to allow outbound and allow related and established. In the post main stage, it does a drop all. Before this was organized into stages, occasionally the drop all would get applied before keep established and allow outbound, and thus the client could lose its connection to the puppet master mid run. On Tuesday, March 13, 2012 4:16:07 PM UTC-5, Mohamed wrote: Just out of curiosity, what do you mean by: We ended up in situations where the drop rules would kick before the allow established rules, and thus kill the puppet run In my experience, what breaks is the reporting attempt puppet clients makes to the master, not the puppet run itself. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xBTznk59RKkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.