date:20120424

Hi,

On Tuesday, April 24, 2012 6:38:27 PM UTC+1, Nigel Kersten wrote:
>
> This should get reported as a bug though.
>
> We should probably only accept absolute paths for the 'path' parameter, 
> and "false" should get interpreted as the boolean.
>

+1

KW 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/9JTXiNpMVkUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ordering or chaining for generate() function

2012-04-24 Thread psychobyte

Hi,

 I need to run a the generate() function (server side) in order to populate 
a data file for one of my modules.  Is there a way to ensure that the 
generate function is
run before a config file is created (the contents of the file doesn't come 
directly from generate()).

Right now I'm getting around this by creating a bogus File resource and 
chaining that before I write a config file.

=== 
  file { "mp_volumes.yaml":
ensure  => 'present',
path=> '/tmp/cmpllnt_vol.out',
content => generate('/usr/bin/myscript'),
owner   => 'root',
group   => 'root',
mode=> '0644',
  }

  # Make sure mp_volumes.yaml is up to date before we create conf file
  File['mp_volumes.yaml']->File['conffile']
===

Is there a  more appropriate way of doing this?

Thanks,


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/5OeG7J97VsQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: RSpec test to verify variable/parameter declaration

2012-04-24 Thread Shantanu


On Apr 23, 5:49 pm, Tim Sharpe  wrote:
> So, rspec-puppet can't and won't ever work this way.  What it's testing is 
> the resulting catalogue of Puppet resources that your host executes (the 
> behaviour of Puppet).  Instead of testing that a variable is defined, you 
> should be testing the resource(s) that those variables control/adjust.
>
> For example, if your variable changes the templated contents of a file 
> resource, then you should be testing the contents of that file resource.
>

Thanks for the details Tim. That's helpful.

--
Shantanu

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables



On 24 avr, 19:54, Ashley Penney  wrote:
> It checks every layer of the hierarchy, so it would look for:
>
> fqdn/server1.yaml
> environment/staging.yaml
> common.yaml
>
> But the important thing to know is it's looking for an actual variable.  If
> you had defined
> selinux: disabled in common.yaml and nowhere else then it would always
> reach that
> file and pull in that value.  Just because environment/staging.yaml matches
> the state
> of the machine doesn't mean it'll stop processing at that point - it'll
> check every file
> in the hierarchy it matches, in order, until it finds an entry for the
> variable you are
> looking up.  (In a manifest you do $var = hiera(variablename)).

OK, search through the list until the value is found (unless you use
hiera_array which seems to grab all values).

Seems good to me.

Thanks !
G

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables



On 24 avr, 19:10, Les Ault  wrote:
>
> I use facter variables to set dynamic parameters based on the host.  For
> example I created a module to modify sysctl entries:
>
> node dbserver.example.com {
>    include sysctl
>
>    # Modify sysctl values
>    $shmall = inline_template("<%= (memorysizeinbytes.to_i +
> swapsizeinbytes.to_i) / 4096  %>")
>
>    sysctl_entry { "kernel.shmall": value => $shmall, ensure => present }
>
> }
>

Calculation based on facts can indeed reduce the number of explicit
"per host" facts. But on the other hand you're more or less bound by a
single value.

I do have some "fact-based" dynamic settings, but usually on very low
level stuff (pathes depending of i386 vs x86_64, etc ...).

Thanks,
G

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Puppet 2.7.14rc3 Available

2012-04-24 Thread Moses Mendoza

Puppet 2.7.14rc3 is a maintenance release candidate for Puppet in the
2.7.x series.

Downloads are available:
* Source http://downloads.puppetlabs.com/puppet/puppet-2.7.14rc3.tar.gz

## Bug Fixes ##

(#13682) Rename Puppet::Module::Tool to Puppet::ModuleTool

Without this patch, Puppet will monkey patch the existing implementation
of the puppet-module Gem if it is used. This is bad because the two
implementations are all jumbled up inside of one another and behavior
may become unpredictable. Warnings are also displayed directly to the
end user in the form of redefined constants.

This patch fixes the problem by renaming Puppet::Module::Tool inside of
Puppet to Puppet::ModuleTool This fixes the problem because Puppet will
no longer monkey-patch the Puppet::Module::Tool module inside of the
puppet-module Gem.

This patch also has the added benefit of making the Module's name match
up with the CamelCase filepath (puppet/module_tool/ =>
Puppet::ModuleTool) As a result, no file moves are necessary.

(#13682) Fix acceptance test failures

On Lucid, /usr/share/puppet may not exist. The module upgrade tests all
make the assumption that this parent directory exists. This causes
false positive failures when running systest against a Lucid system.

This patch modifies the setup code for all of the tests to ensure the
parent directory exists.

(maint) Ensure every file has a trailing newline

Without this patch some files exist in the tree that don't have trailing
newlines. This is annoying because perl -pli.bak -e will automatically
add a newline to every file it modifies in place. The files that
actually have modifications by the global search and replace need to be
separated from the files that only have newlines added.

This patch simply adds newlines to everything if they don't exist on the
last line.

Yes, the PNG's are perfectly fine with a trailing newline as well.

(#14036) Handle upstart better

Change the upstart provider to better handle the mix of some services
that are upstart controlled and some that are init script controlled.

It includes contributions from the following people:
Jeff McCune and Jeff Weiss

See the Verifying Puppet Download section at:

http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads

Please report feedback via the Puppet Labs Redmine site, using an
affected version of 2.7.14rc3:
http://projects.puppetlabs.com/projects/puppet

Full Release Notes at:
http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.14rc3

Puppet 2.7.14rc2 Changelog
===
Jeff McCune (3):
42b20be (#13682) Fix acceptance test failures
dce3c32 (#13682) Rename Puppet::Module::Tool to Puppet::ModuleTool
5117e12 (maint) Ensure every file has a trailing newlines

Jeff Weiss (2):
c255414 (#14036) Add upstart tests
dc3bb9f (#14036) Handle upstart better

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Migrate installation to different directory

2012-04-24 Thread JA

Thanks!

I am (obviously) very new to ruby/rack!!

Thanks!

On Tue, Apr 24, 2012 at 2:30 PM, Nigel Kersten  wrote:
>
>
> On Tue, Apr 24, 2012 at 11:18 AM, JA  wrote:
>>
>> Stefan;
>>
>> Thanks for the suggestion.  However, we are running puppet via
>> Passenger.  So, I assume I need to update the config.ru file.  Do you
>> have any suggestions about that?  Greatly appreciate your help and
>> advice!
>
>
> Look for the ARGV line like:
>
> ARGV << "--rack"
>
> and modify it to:
>
> ARGV << "--config" << "path/to/your/config" << "--rack"
>
>
>>
>>
>>
>> On Thu, Apr 19, 2012 at 6:17 PM, Stefan Schulte
>>  wrote:
>> > On Thu, Apr 19, 2012 at 03:56:37PM -0400, JA wrote:
>> >> Hi Everyone;
>> >>
>> >> I want puppet to be installed in /app/puppet instead of the default
>> >> /etc.
>> >> I cannot figure out how to get the puppetmasterd to look for the
>> >> config file (puppet.conf) in /app/puppet instead of /etc/puppet.
>> >>
>> >> If anyone can help, I would really appreciate it!
>> >>
>> >
>> > It should work if you start your master with --confdir /app/puppet
>> >
>> > -Stefan
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups "Puppet Users" group.
>> > To post to this group, send email to puppet-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > puppet-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/puppet-users?hl=en.
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Migrate installation to different directory

2012-04-24 Thread Nigel Kersten

On Tue, Apr 24, 2012 at 11:18 AM, JA  wrote:

> Stefan;
>
> Thanks for the suggestion.  However, we are running puppet via
> Passenger.  So, I assume I need to update the config.ru file.  Do you
> have any suggestions about that?  Greatly appreciate your help and
> advice!
>

Look for the ARGV line like:

ARGV << "--rack"

and modify it to:

ARGV << "--config" << "path/to/your/config" << "--rack"



>
>
> On Thu, Apr 19, 2012 at 6:17 PM, Stefan Schulte
>  wrote:
> > On Thu, Apr 19, 2012 at 03:56:37PM -0400, JA wrote:
> >> Hi Everyone;
> >>
> >> I want puppet to be installed in /app/puppet instead of the default
> /etc.
> >> I cannot figure out how to get the puppetmasterd to look for the
> >> config file (puppet.conf) in /app/puppet instead of /etc/puppet.
> >>
> >> If anyone can help, I would really appreciate it!
> >>
> >
> > It should work if you start your master with --confdir /app/puppet
> >
> > -Stefan
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Migrate installation to different directory

2012-04-24 Thread JA

Stefan;

Thanks for the suggestion.  However, we are running puppet via
Passenger.  So, I assume I need to update the config.ru file.  Do you
have any suggestions about that?  Greatly appreciate your help and
advice!


On Thu, Apr 19, 2012 at 6:17 PM, Stefan Schulte
 wrote:
> On Thu, Apr 19, 2012 at 03:56:37PM -0400, JA wrote:
>> Hi Everyone;
>>
>> I want puppet to be installed in /app/puppet instead of the default /etc.
>> I cannot figure out how to get the puppetmasterd to look for the
>> config file (puppet.conf) in /app/puppet instead of /etc/puppet.
>>
>> If anyone can help, I would really appreciate it!
>>
>
> It should work if you start your master with --confdir /app/puppet
>
> -Stefan
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version

2012-04-24 Thread Christopher Wood

err: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 

I've seen that when the clocks on the two hosts were out of sync. Even when I 
brought the clocks back into sync I found that I had to regenerate the certs to 
get it working.

master:

puppet cert --clean
(restart the puppetmaster)

agent:

(remove the certs)
(restart the agent and get the new cert request signed)

On Tue, Apr 24, 2012 at 10:49:00AM -0700, Eric Sorenson wrote:
>I suspect something is wrong with the underlying ssl libraries on the
>client with the problem. Does the output of 'rpm -qa | grep ssl' on the
>non-working client look the same as the client which works? How about 
>ldd -r `rpm -ql ruby-libs | grep openssl.so`
>?
> 
>On Sunday, April 22, 2012 2:19:27 AM UTC-7, Thomas B�trancourt wrote:
> 
>  Hi!
> 
>  I've installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a
>  rpm supplied by [1]yum.puppetlabs.com.
> 
>  I've setup a apache2 vhost with mod_ssl and passenger. The server is
>  configured to autosign the cert requests.
> 
>  The agent installed on the puppetmaster's server works fine. I've a
>  second agent on a server which can sync with the server too. This server
>  is on CentOS 6.2 too. This is a KVM hypervisor helped by the libvirt.
>  All virtual machines are configured to join a network bridge. Some
>  iptables rules forward the traffic from the VM to the world (and
>  vice-et-versa). The world can connect to the VM (i.e. SSH) and the VM
>  can go to the world.
> 
>  On the hypervisor, i've a VM on CentOS 6.2 too. The DNS name 'puppet' is
>  resolved by the hypervisor (which has a dnsmasq server). When i'm
>  launching the puppet agent for the first time, a cert is generated by
>  the server. The client has now the certs and key on its filesystem. But
>  when the client is trying to sync with the server, i've got the
>  following output :
>  [root@machine-1 ~]# puppet agent --test
>  info: Creating a new SSL key for [2]machine-1.test.betrancourt.net
>  warning: peer certificate won't be verified in this SSL session
>  info: Caching certificate for ca
>  warning: peer certificate won't be verified in this SSL session
>  warning: peer certificate won't be verified in this SSL session
>  info: Creating a new SSL certificate request for
>  [3]machine-1.test.betrancourt.net
>  info: Certificate Request fingerprint (md5):
>  BA:1B:67:81:34:11:1B:98:3D:38:FB:1F:21:F4:B4:5E
>  warning: peer certificate won't be verified in this SSL session
>  warning: peer certificate won't be verified in this SSL session
>  info: Caching certificate for [4]machine-1.test.betrancourt.net
>  err: Could not retrieve catalog from remote server: SSL_connect
>  returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert
>  protocol version
>  warning: Not using cache on failed catalog
>  err: Could not retrieve catalog; skipping run
>  err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
>  read server session ticket A: tlsv1 alert protocol version
>  [root@machine-1 ~]#
> 
>  The client cert is into the server cert db :
>  [root@medion ~]# puppetca list --all | grep machine-1
>  + [5]machine-1.test.betrancourt.net  
>  (1C:78:20:02:EB:BB:B8:7B:62:E6:80:ED:A4:06:9D:92)
> 
>  In puppet.conf, on the server, i've the following content:
>  [main]
>      logdir = /var/log/puppet
>      rundir = /var/run/puppet
>      ssldir = $vardir/ssl
> 
>  [agent]
>      classfile = $vardir/classes.txt
>      localconfig = $vardir/localconfig
>      pluginsync = true
> 
>  [master]
>      autosign = true
>      ssl_client_header    = SSL_CLIENT_S_DN
>      ssl_client_verify_header = SSL_CLIENT_VERIFY
> 
>  My apache vhost is configured like this:
>  
>      SSLEngine on
>      SSLProtocol -all +SSLv3 +TLSv1
>      SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
> 
>      SSLCertificateFile 
>  /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem
>      SSLCertificateKeyFile  
>  /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem
>      SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
>      SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
>      # CRL checking should be enabled; if you have problems with Apache
>  complaining about the CRL, disable the next line
>      SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
>      SSLVerifyClient optional
>      SSLVerifyDepth  1
>      SSLOptions +StdEnvVars
> 
>      # The following client headers allow the same configuration to work
>  with Pound.
>      RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
>      RequestHeader set X-Client-DN %{SSL_

Re: [Puppet Users] Re: Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables

2012-04-24 Thread Ashley Penney

It checks every layer of the hierarchy, so it would look for:

fqdn/server1.yaml
environment/staging.yaml
common.yaml

But the important thing to know is it's looking for an actual variable.  If
you had defined
selinux: disabled in common.yaml and nowhere else then it would always
reach that
file and pull in that value.  Just because environment/staging.yaml matches
the state
of the machine doesn't mean it'll stop processing at that point - it'll
check every file
in the hierarchy it matches, in order, until it finds an entry for the
variable you are
looking up.  (In a manifest you do $var = hiera(variablename)).

On Tue, Apr 24, 2012 at 11:55 AM, Calimero wrote:

>
> That's the part I don't really get so far, as I haven't fiddled with
> Hiera yet.
>
> How would Hiera search through the hierarchy ?
>
> Try: fqdn/server1.yml
> ==> not found
> Try: environment/staging.yml
> ==> not found
> Fetch from common.yml
>
> Or:
> Try server1/staging.yml
> ==> not found
> Fetch from common.yml
>
> ie: is it "recursive" or it a list of "fallbacks" ?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version

2012-04-24 Thread Eric Sorenson

I suspect something is wrong with the underlying ssl libraries on the 
client with the problem. Does the output of 'rpm -qa | grep ssl' on the 
non-working client look the same as the client which works? How about 

ldd -r `rpm -ql ruby-libs | grep openssl.so`

?

On Sunday, April 22, 2012 2:19:27 AM UTC-7, Thomas Bétrancourt wrote:
>
> Hi!
>
> I've installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm 
> supplied by yum.puppetlabs.com.
>
> I've setup a apache2 vhost with mod_ssl and passenger. The server is 
> configured to autosign the cert requests.
>
> The agent installed on the puppetmaster's server works fine. I've a second 
> agent on a server which can sync with the server too. This server is on 
> CentOS 6.2 too. This is a KVM hypervisor helped by the libvirt. All virtual 
> machines are configured to join a network bridge. Some iptables rules 
> forward the traffic from the VM to the world (and vice-et-versa). The world 
> can connect to the VM (i.e. SSH) and the VM can go to the world.
>
> On the hypervisor, i've a VM on CentOS 6.2 too. The DNS name 'puppet' is 
> resolved by the hypervisor (which has a dnsmasq server). When i'm launching 
> the puppet agent for the first time, a cert is generated by the server. The 
> client has now the certs and key on its filesystem. But when the client is 
> trying to sync with the server, i've got the following output :
> [root@machine-1 ~]# puppet agent --test
> info: Creating a new SSL key for machine-1.test.betrancourt.net
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for ca
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> info: Creating a new SSL certificate request for 
> machine-1.test.betrancourt.net
> info: Certificate Request fingerprint (md5): 
> BA:1B:67:81:34:11:1B:98:3D:38:FB:1F:21:F4:B4:5E
> warning: peer certificate won't be verified in this SSL session
> warning: peer certificate won't be verified in this SSL session
> info: Caching certificate for machine-1.test.betrancourt.net
> err: Could not retrieve catalog from remote server: SSL_connect returned=1 
> errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol 
> version
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 
> read server session ticket A: tlsv1 alert protocol version
> [root@machine-1 ~]# 
>
> The client cert is into the server cert db :
> [root@medion ~]# puppetca list --all | grep machine-1
> + machine-1.test.betrancourt.net   
> (1C:78:20:02:EB:BB:B8:7B:62:E6:80:ED:A4:06:9D:92)
>
> In puppet.conf, on the server, i've the following content:
> [main]
> logdir = /var/log/puppet
> rundir = /var/run/puppet
> ssldir = $vardir/ssl
>
> [agent]
> classfile = $vardir/classes.txt
> localconfig = $vardir/localconfig
> pluginsync = true
>
> [master]
> autosign = true
> ssl_client_header= SSL_CLIENT_S_DN
> ssl_client_verify_header = SSL_CLIENT_VERIFY
>
> My apache vhost is configured like this:
> 
> SSLEngine on
> SSLProtocol -all +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> SSLCertificateFile  
> /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem
> SSLCertificateKeyFile   
> /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem
> SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
> SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem
> # CRL checking should be enabled; if you have problems with Apache 
> complaining about the CRL, disable the next line
> SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
> SSLVerifyClient optional
> SSLVerifyDepth  1
> SSLOptions +StdEnvVars
>
> # The following client headers allow the same configuration to work 
> with Pound.
> RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
> RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> PassengerHighPerformance on
> PassengerStatThrottleRate 120
> PassengerUseGlobalQueue on
> RackAutoDetect Off
> RailsAutoDetect Off
> RackBaseURI /
>
> DocumentRoot /etc/puppet/puppetmaster/public
>
> 
> Options None
> AllowOverride None
> Order allow,deny
> allow from all
> 
>
>
> ErrorLog /var/log/httpd/puppetmaster_error.log
> CustomLog /var/log/httpd/puppetmaster_access.log combined
> 
>
> On the clients, the puppet.conf has the following content:
> [main]
> logdir = /var/log/puppet
> rundir = /var/run/puppet
> ssldir = $vardir/ssl
>
> [agent]
> classfile = $vardir/classes.txt
> localconfig = $vardir/localconfig
> pluginsync = true
>
> I don't know how solve this problem. I've read the puppet gui

Re: [Puppet Users] What is the "false" directory?

2012-04-24 Thread Nigel Kersten

This should get reported as a bug though.

We should probably only accept absolute paths for the 'path' parameter, and
"false" should get interpreted as the boolean.

On Tue, Apr 24, 2012 at 6:38 AM, Peter Bukowinski  wrote:

> Glad you got it sorted. You've discovered the importance of quoting and
> *not* quoting. The best practice is to single quote any string that does
> not contain a variable. If you're using a variable, use double quotes so it
> gets interpreted properly. Quotes should *not* be used around any of
> puppet's native values, e.g. true/running, false/stopped, present, absent,
> file, directory, link latest, absent, purged, etc.
>
> --
> Peter
>
> On Apr 24, 2012, at 9:21 AM, Sans wrote:
>
> Thanks Peter! Got it now!
>
> You were absolutely right - I had *path   => 'false' *for filebucket (in
> the site.pp).
> But I thought, Puppet recommends to quote around everything (apart from
> variables). That's not true, I see. Cheers!!
>
>
>
> On Tuesday, April 24, 2012 2:12:02 PM UTC+1, Sans wrote:
>>
>> I don't know what exactly you mean: I don't have any path defined with
>> "false" in it.
>> Just figured out that whenever the content of a file is being modified,
>> the "*false*" directory is being created with the old file (as
>> "content") in it. So, looks like it's actually not modifying the file (in
>> question) at all but replacing with the new one and keeping the old (i.e.
>> original) one in the "*false*" directory. Am I making any sense here at
>> all? Cheers!!
>>
>>
>>
>>
>> On Tuesday, April 24, 2012 1:39:16 PM UTC+1, pmbuko wrote:
>>>
>>> Looks like you have an error in your filebucket definition. Did you,
>>> perhaps, put quotes around "false" when you defined the path?
>>>
>>> -- Peter
>>>
>>> On Apr 24, 2012, at 8:13 AM, Sans  wrote:
>>>
>>> Dear all,
>>>
>>> Since last night, Puppet is started creating a directory, named *false*in 
>>> the present working directory, if I run
>>> *puppetd -t* manually on the puppet agent. The directory contents are
>>> like this:
>>>
>>> 8/3/e/5/8/6/5/9/**83e586594432759eb7aed007e888a1**72/contents
 8/3/e/5/8/6/5/9/**83e586594432759eb7aed007e888a1**72/path

>>>
>>>
>>> does any one know what are these and why they are being created?
>>> Cheers!!
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To view this discussion on the web visit https://groups.google.com/d/**
>>> msg/puppet-users/-/**nKerekDGmcoJ
>>> .
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to puppet-users+unsubscribe@*
>>> *googlegroups.com .
>>> For more options, visit this group at http://groups.google.com/**
>>> group/puppet-users?hl=en
>>> .
>>>
>>>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/M9LXUDvJXtYJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
> --
> Peter
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Parametrized classes, definitions and structure

2012-04-24 Thread Andy Taylor

Thank you very much for your detailed reply John. I hadn't looked at
Hiera before, it looks very interesting. On the point of it's not good
to include node/site data in manifests, it's kind of essential in my
eyes to the setup I am trying to implement.

At my company, one server may serve a site which has very different
requirements to another, so I really needed something that was very
flexible. To expand on the structure I outlined in my previous post:
each server has it's own node.pp file. If you need to change something
(e.g. MySQL settings, which will probably the most frequent one that
needs changing), you can simply edit that server's node manifest file.
The great advantage here is that each site's node manifest serves as
documentation of what changes have been made to it. It's also very
easy to read and understand for someone new to Puppet.

>From some quick reading of the Hiera posts on the Puppet Labs blog, I
guess I could simply have a yaml file for each server with overrides
instead of doing it via the node manifest. However, I don't really see
the advantage of this approach, except for it would cut out some of
the clutter in my Puppet modules. The idea of a hierarchical set of
data being considered in line with Facter facts is very interesting
though, especially if I combined it with some custom facts of my own;
I will do some more reading on that.

With the class/definition point, I am wherever possible using classes,
as usually I'm dealing with the nature of a node (e.g. you are a
webserver, database server etc.) The only case I have used definitions
is for these configuration file overrides. So if I'm understanding
your comments on class/definition use properly, I think I'm sort of
taking the right approach to it...

The key concern for me at the moment is flexibility and scalability...
none of my stuff is live yet, and I want to make sure I'm using best
practices before I put it all in place. :)

On Apr 24, 5:13 pm, jcbollinger  wrote:
> On Apr 24, 9:13 am, Andy Taylor  wrote:
>
>
>
>
>
>
>
>
>
> > Hi,
>
> > I've written a set of Puppet modules to manage servers, but am
> > slightly concerned about the structure I've used as it seems to differ
> > significantly from anything else I've seen in Puppet Forge/elsewhere
> > on the internet.
>
> > I've made extensive use of definitions so that defaults for modules
> > can be overridden in the node manifest for a server. For example:
>
> > node examplenode.example.com {
>
> > include apache
> > include mysql
>
> > define apache::config {
> >  listenport => 8080
>
> > }
>
> > define mysql::config
>
> > }
>
> > So in each module, I have a config definition which must be called in
> > each node manifest, even if you don't want to override any defaults
> > (as in the case of MySQL above). I haven't used parametrized classes
> > at all.
>
> > It all works fine,
>
> That it works well is the most important criterion.  With that
> said, ...
>
> > but are there any disadvantages to the sort of
> > structure I'm using? Should I be using more parametrized classes
> > instead of definitions?
>
> One problem with using definitions, especially definitions that are
> required to be instantiated for multiple classes to work, is that each
> instantiation of a definition is a separate resource.  Each must
> therefore have a unique name among the resources of its type, and each
> will be applied separately.  This presents either a management problem
> (who is responsible for instantiating the definition in any given set
> of circumstances?) or an efficiency problem (equivalent definition
> instances are redundantly applied) or both.
>
> Parameterized classes do not present that efficiency problem because
> all classes are singletons.  That intensifies the management problem,
> however, because unlike ordinary classes, each parameterized class can
> be declared only once for any given node.  In general, few problems
> are best solved by parameterized classes.
>
> You should use defined types only when you need *resources* for which
> there is no native type available.  In that case you should know that
> you want resources rather than classes.  That might be because nodes
> can have more than one instance of your 'thing', because you want
> support for virtual or exported 'things', or (best) simply because
> your 'thing' is better characterized as something nodes *have* than as
> something that they *are*.
>
> On the other hand, you should use (ordinary) classes where you want
> their singleton nature -- especially idempotency, which is a far more
> useful property than many appreciate.  You must also use classes where
> you need your 'thing' to be declared via an ENC (the C is for
> CLASSifier, after all).  You should generally use classes where they
> represent an aspect of nodes' type / kind / role / nature, as opposed
> to a tangible thing you can actually manage.
>
> As for default values and value overriding, if your 'things' are a
> better fit for classes th

Re: [Puppet Users] Re: Analysing some puppetmaster logs to find out what's happening on an agent

2012-04-24 Thread Michael Baydoun

Maybe you could use puppet to configure send to a remote syslog.  If that
works, you could then add your problem module back, and get visibility to
exactly what the client is doing, and any errors it is seeing.

Or make some small modification to the existing log file on the remote
server, with filebucketing to your master, and use that to retrieve the
puppet log from the remote

On Tue, Apr 24, 2012 at 9:09 AM, jcbollinger wrote:

>
>
> On Apr 23, 9:43 pm, Walter Heck  wrote:
> > Hi all,
> >
> > in an unfortunate incident, I managed to lock myself out of a client's
> > server. Basically an openssh module that by default disabled remote
> > root logins did that on a server that was only accessed by remote root
> > login (no other use raccounts present on that server). Unfortunately,
> > this is a colocated server and next trip to the dc is scheduled for
> > next thursday. No KVM over IP, no remote hands, pretty much the ideal
> > situation :P. The Xen server is still running, and so are the domU's
> > on it, but this is less then ideal. If any of the domU's goes down,
> > there's nothing we can do :)
> >
> > Now, the puppet agent is running every 30 minutes, but something seems
> > to make it not execute the catalog. I have set the puppetmaster to
> > debug in order to see what's happening, but I can't figure it out.
> > Here's a gist of the puppet master log:https://gist.github.com/2475554
> >
> > x7 is the offending server, x6 has exactly the same puppet definition.
> > Can anyone tell me why the log for x7 just stops, with no error or
> > nothing? What does that indicate is happening on x7? Any help is much
> > appreciated :)
>
>
> In the excerpt you posted, it looks like x7 is getting a cached
> catalog, whereas x6's catalog needed to be recompiled.  The fact that
> their manifests are the same is not inconsistent with that.  Perhaps
> that's why you don't see more.
>
> Alternatively, most of the log lines pertaining to x7 appear to show
> it downloading plugins -- maybe you have a hung client, but successive
> cron-initiated runs are performing plugin sync and fact gathering
> before that stops them.
>
> Since it looks like the client is still (plugin)syncing, however, that
> may be enough of an opening for you to break the server back open.
> You could try sending it a custom fact that has whatever clever side
> effect you like.  I'm not certain whether facts are evaluated with
> privilege, but you should at least be able to collect information and
> write it to your share.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables

2012-04-24 Thread Les Ault


On 04/24/2012 09:19 AM, Calimero wrote:

Hi,

I worked with puppet (<  0.25) back in 2008/2009. We were able to
deploy 200 servers from scratch and manage them. It worked fine.

I'm now with a new customer and I'm pushing Puppet (and I'm also back
to puppet on a side project).

We're considering Puppet 2.6 to manage RHEL/CentOS 5 or 6 hosts. I'm
"upgrading myself" to Puppet 2.6's new concepts and features.

Anyway consider this for the sake of argument:

- node server1.hostingcompanyAlpha.com
-- hosted on a dedicated server at provider Alpha
-- production

- node server2.hostingcompanyBeta.net
-- hosted on a dedicated server at provider Beta
-- production

- node staging.myprivatenetwork.priv
-- hosted on my customer's private network
-- staging/QA

- node dev.myprivatenetwork.priv
-- hosted on my customer's private network
-- development server

Those four nodes must host the same elements:
- Apache HTTPD with multiple VHosts
- PHP
- Extra software ...


There are a few differences between nodes:
- Servers don't have the same capabilities (CPU/Mem/bandwidth): we
need to tweak Apache's MaxClients settings on a per-host basis
- We need to tweak PHP : displaying errors on 'staging' and 'dev' but
hiding them on server1/server2 (ie: setting 'display_errors' to 'on'
or 'off' in php.ini)
- On development and staging/testing servers we need to change some of
the VHosts definitions: add extra serverAliases, etc ...
- server1, server2 and staging/dev must use different DNS servers (/
etc/resolv.conf) and RPM Mirrors (yumrepo{ })

I've read the following blog post:
http://puppetlabs.com/blog/the-problem-with-separating-data-from-puppet-code/

[snip ...]


I use facter variables to set dynamic parameters based on the host.  For 
example I created a module to modify sysctl entries:


node dbserver.example.com {
  include sysctl

  # Modify sysctl values
  $shmall = inline_template("<%= (memorysizeinbytes.to_i +
swapsizeinbytes.to_i) / 4096  %>")

  sysctl_entry { "kernel.shmall": value => $shmall, ensure => present }
}



--
*Les Ault* VCP, RHCE
Linux Systems Administrator, Office of Information Technology
Computing Systems Services

The University of Tennessee
135A3 Kingston Pike Building
2309 Kingston Pike
Knoxville, TN 37996
Phone: 865-974-1640

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] autosign

2012-04-24 Thread Bill Weiss

Autosign works, but not as you're expecting: it will sign new
certificates, but not overwrite existing ones.  At least, that's my
experience here :)

-- 
Bill Weiss
Backstop Solutions Group


On 2012/4/24 3:34 AM, "C R Ritson"  wrote:

>Does autosign work? I have a scratch workstation that may be rebuilt
>frequently and will therefore acquire a new client certificate. I was
>hoping that adding its certificate name to /etc/puppet/autosign.conf on
>the puppetmaster would allow just this one client to have its new
>certificates autosigned. This doesn't appear to work and I can find no
>logged errors telling me what is wrong. Can someone suggest where to
>look, please?
>
>
>Chris Ritson (Computing Officer and School Safety Officer)
>
>Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
>School of Computing Science,  PHONE: +44 191 222 8175
>Newcastle University, FAX  : +44 191 222 8232
>Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/
>
>-- 
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables

2012-04-24 Thread jcbollinger



On Apr 24, 8:19 am, Calimero  wrote:
> Hi,
>
> I worked with puppet (< 0.25) back in 2008/2009. We were able to
> deploy 200 servers from scratch and manage them. It worked fine.
>
> I'm now with a new customer and I'm pushing Puppet (and I'm also back
> to puppet on a side project).
>
> We're considering Puppet 2.6 to manage RHEL/CentOS 5 or 6 hosts. I'm
> "upgrading myself" to Puppet 2.6's new concepts and features.
>
> Anyway consider this for the sake of argument:
>
> - node server1.hostingcompanyAlpha.com
> -- hosted on a dedicated server at provider Alpha
> -- production
>
> - node server2.hostingcompanyBeta.net
> -- hosted on a dedicated server at provider Beta
> -- production
>
> - node staging.myprivatenetwork.priv
> -- hosted on my customer's private network
> -- staging/QA
>
> - node dev.myprivatenetwork.priv
> -- hosted on my customer's private network
> -- development server
>
> Those four nodes must host the same elements:
> - Apache HTTPD with multiple VHosts
> - PHP
> - Extra software ...
>
> There are a few differences between nodes:
> - Servers don't have the same capabilities (CPU/Mem/bandwidth): we
> need to tweak Apache's MaxClients settings on a per-host basis
> - We need to tweak PHP : displaying errors on 'staging' and 'dev' but
> hiding them on server1/server2 (ie: setting 'display_errors' to 'on'
> or 'off' in php.ini)
> - On development and staging/testing servers we need to change some of
> the VHosts definitions: add extra serverAliases, etc ...
> - server1, server2 and staging/dev must use different DNS servers (/
> etc/resolv.conf) and RPM Mirrors (yumrepo{ })
>
> I've read the following blog 
> post:http://puppetlabs.com/blog/the-problem-with-separating-data-from-pupp...
>
> Back with puppet < 0.25, we'd use "global variables" (not even node
> inheritance).
>
> manifest/sites.pp had something like:
>
> $envname = 'prod'
> $envstr = ''
> $dns_servers = [ '10.0.0.42', '10.10.1.42' ]
>
> import "classes/*.pp"
>
> node 'server1.hostingcompanyAlpha.com' {
>
>         $httpd_maxclients = 300
>         $yum_base = "http://mirrors.hostingcompanyAlpha.com/ftp.centos.org/";
>         $dns_servers = [ '1.2.3.4', '1.2.4.4' ] # Hosting Co.'s resolvers
>
>         include mywebserver
>
> }
>
> node 'server2.hostingcompanyBeta.net' {
>
>         $httpd_maxclients = 200
>         $yum_base = "http://repo.hostingcompanyBeta.net/centos/";
>         $dns_servers = [ '8.8.8.8.8' , '8.8.4.4' ]
>
>         include mywebserver
>
> }
>
> node 'staging.myprivatenetwork.priv' {
>
>         $httpd_maxclients = 50
>         $php_display_errors = 'on'
>         $envname = 'staging'
>         $envstr = 'stag'
>
>         include mywebserver
>
> }
>
> node 'dev.myprivatenetwork.priv' {
>
>         $httpd_maxclients = 20
>         $php_error_reporting = "E_ALL"
>         $php_display_errors = 'on'
>         $envname = 'dev'
>         $envstr = 'dev'
>
>         include mywebserver
>
> }
>
> manifests/classes/mywebserver.pp would contain somethine like this:
>
> import "php"
> import "httpd"
>
> class mywebserver {
>
>         include centos # which would in turn include modules 'yum' and
> 'resolv'
>
>         include httpd
>         include php
>         include php::apc
>
>         define httpd::vhost { 'mysite' :
>                 servername      => "www.mysite.com",
>                 documentroot    => "/var/www/html/mysite.com",
>         }
>
> }
>
> modules/httpd/manifests/init.pp had:
>
> # defaults
> $httpd_maxclients = 150
> $httpd_...
>
> class httpd {
>
>         file { "/etc/httpd/conf/httpd.conf" :
>                 content => template("httpd/httpd.conf.default.erb"); # which 
> would
> then use $httpd_maxclients
>         }
>
> }
>
> We also had a httpd::vhost($ip = "*", $port = 80, $servername,
> $documentroot, ...) define which would write VHosts files based on the
> following template:
>
> :<%= port%>>
>         ServerName      <%= servername %>
> <% if envstr != '' -%>
>         ServerAlias     <%= envstr %><%= servername %>
> <% end -%>
>
> <% if envname != 'prod' -%>
>         php_admin_value display_errors on
> <% end -%>
>
> ...
> 
>
> modules/yum/manifests/init.pp had:
>
> # defaults
> $yum_base = "http://myrepo.myprivatenetwork.priv/centos";
>
> class yum {
>         yumrep { "os" :
>                 baseurl = "${yum_base}/RPMS.os",
>         }
>
> }
>
> modules/php/manifests/init.pp:
>
> php_memory_limit = "32M"
> php_error_reporting = "..."
> php_display_errors = "off"
> and so on ... (huge list)
>
> with php.ini.erb :
>
> display_errors = <%= php_display_errors %>
> error_reporting = <%= php_error_reporting %>
> ...
>
> And so on ... If you haven't dozed off already, you get the idea. :-)
>
> That way we could provide safe/sane default settings which could
> easily be tweaked on a per-host or per-class basis.
>
> Parameters were quite easy to track and were in the code (which is
> stored in SVN). There might be some scoping problems from time to
> time, I have to admit. But onc

[Puppet Users] Re: Parametrized classes, definitions and structure

2012-04-24 Thread jcbollinger

On Apr 24, 9:13 am, Andy Taylor  wrote:
> Hi,
>
> I've written a set of Puppet modules to manage servers, but am
> slightly concerned about the structure I've used as it seems to differ
> significantly from anything else I've seen in Puppet Forge/elsewhere
> on the internet.
>
> I've made extensive use of definitions so that defaults for modules
> can be overridden in the node manifest for a server. For example:
>
> node examplenode.example.com {
>
> include apache
> include mysql
>
> define apache::config {
>  listenport => 8080
>
> }
>
> define mysql::config
>
> }
>
> So in each module, I have a config definition which must be called in
> each node manifest, even if you don't want to override any defaults
> (as in the case of MySQL above). I haven't used parametrized classes
> at all.
>
> It all works fine,

That it works well is the most important criterion.  With that
said, ...

> but are there any disadvantages to the sort of
> structure I'm using? Should I be using more parametrized classes
> instead of definitions?

One problem with using definitions, especially definitions that are
required to be instantiated for multiple classes to work, is that each
instantiation of a definition is a separate resource.  Each must
therefore have a unique name among the resources of its type, and each
will be applied separately.  This presents either a management problem
(who is responsible for instantiating the definition in any given set
of circumstances?) or an efficiency problem (equivalent definition
instances are redundantly applied) or both.

Parameterized classes do not present that efficiency problem because
all classes are singletons.  That intensifies the management problem,
however, because unlike ordinary classes, each parameterized class can
be declared only once for any given node.  In general, few problems
are best solved by parameterized classes.

You should use defined types only when you need *resources* for which
there is no native type available.  In that case you should know that
you want resources rather than classes.  That might be because nodes
can have more than one instance of your 'thing', because you want
support for virtual or exported 'things', or (best) simply because
your 'thing' is better characterized as something nodes *have* than as
something that they *are*.

On the other hand, you should use (ordinary) classes where you want
their singleton nature -- especially idempotency, which is a far more
useful property than many appreciate.  You must also use classes where
you need your 'thing' to be declared via an ENC (the C is for
CLASSifier, after all).  You should generally use classes where they
represent an aspect of nodes' type / kind / role / nature, as opposed
to a tangible thing you can actually manage.

As for default values and value overriding, if your 'things' are a
better fit for classes than for definitions, then you should be
looking at external data and Hiera instead of parameterization.  Even
for any definitions you retain, it might be to your advantage to
define certain default values via external data than to code them into
your manifests, or even to remove parameters in favor of external
data.  Really, it is best if your manifests contain no node- or site-
specific data.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables



On 24 avr, 15:34, Ashley Penney  wrote:
> This was a long email!

Yeah, I know it might get a few "TL;DR" but I wanted to provided all
relevant information. :)

> The answer to your problems is definitely something
> like
> Hiera.  You make a common.yaml that has all your "defaults" and then you can
> overwrite these based on any fact you like, when building the hierarchy.
>  You can
> make a hierarchy like:
>
> fqdn
> environment
> common.yaml

That's the part I don't really get so far, as I haven't fiddled with
Hiera yet.

How would Hiera search through the hierarchy ?

Try: fqdn/server1.yml
==> not found
Try: environment/staging.yml
==> not found
Fetch from common.yml

Or:
Try server1/staging.yml
==> not found
Fetch from common.yml

ie: is it "recursive" or it a list of "fallbacks" ?

> Then you could make
>
> environment/staging.yaml
> fqdn/server1.yaml

I assume this matches matches my first example.

Thanks for your help,
G.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to increment variable in erb template ?

Hi,

\o/

KW

On Tuesday, 24 April 2012 15:18:56 UTC+1, AnOnJoe wrote:
>
> I've got it : 
>
> Compteur <%= compteur %>
>> *<% compteur = compteur.to_i  -%>*
>> <% compteur += 1 -%>
>> Compteur <%= compteur %>
>>
>
>
> Le mardi 24 avril 2012 15:38:28 UTC+2, AnOnJoe a écrit :
>>
>> Hi',
>>
>> I'm looking for a way to increment variable in template (erb file).
>>
>> I tried this, but it didn't work
>>
>> Compteur <%= compteur %>
>>> <% compteur = compteur + 1 %>
>>> Compteur <%= compteur %>
>>>
>>
>> I've got this error : 
>>
>>> Error 400 on SERVER: Failed to parse template test/test.erb: undefined 
>>> method `+' for nil:NilClass
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/w1e5oy4P_8sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet and FreeBSD

2012-04-24 Thread Jamie Scott

Have you had any luck with puppeting mysql51-server or mysql55-server ?  
Everything I've read suggests the $operatingsystem won't work for name on 
packages and the application tries to keep installing as posted here: 
https://groups.google.com/forum/?fromgroups#!topic/puppet-users/Yc1Et5dSAHM

Couldn't see a solution there

The agent is running 2.7.6

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VqSkWxfsvokJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppetlabs-firewall: negate operator?

2012-04-24 Thread Mohamed Lrhazi

I also need to figure out how to code this rule:

-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

--checksum-fill is not supported, in puppet-iptables, right? or can
arbitrary iptables parameters be passed along somehow?

I am using the purge option How would you manage iptables when
some rules cannot be managed by puppet, while most can?


Thanks a lot,
Mohamed.


On Sun, Apr 22, 2012 at 11:12 AM, Mohamed Lrhazi  wrote:
> If negation is not possible, then maybe I can just use two rules?
>
> firewall { '100 snat for network foo2':
>  chain  => 'POSTROUTING',
>  action => 'accept',
>  proto  => 'all',
>  source => ['192.168.122.0/24'],
>  destination => ['192.168.122.0/24'],
>  table  => 'nat',
> }
> firewall { '101 snat for network foo2':
>  chain  => 'POSTROUTING',
>  jump   => 'MASQUERADE',
>  proto  => 'all',
>  source => ['192.168.122.0/24'],
>  table  => 'nat',
> }
>
>
> On Sun, Apr 22, 2012 at 11:02 AM, Mohamed Lrhazi  wrote:
>> Hello,
>>
>> How do I code this rule, which I believe says: NOT dest = 192.168.122.0/24 :
>>
>> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
>> MASQUERADE --to-ports 1024-65535
>>
>>
>> Thanks,
>> Mohamed.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to increment variable in erb template ?

2012-04-24 Thread AnOnJoe

I've got it : 

Compteur <%= compteur %>
> *<% compteur = compteur.to_i  -%>*
> <% compteur += 1 -%>
> Compteur <%= compteur %>
>


Le mardi 24 avril 2012 15:38:28 UTC+2, AnOnJoe a écrit :
>
> Hi',
>
> I'm looking for a way to increment variable in template (erb file).
>
> I tried this, but it didn't work
>
> Compteur <%= compteur %>
>> <% compteur = compteur + 1 %>
>> Compteur <%= compteur %>
>>
>
> I've got this error : 
>
>> Error 400 on SERVER: Failed to parse template test/test.erb: undefined 
>> method `+' for nil:NilClass
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7uZXvneHYQkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Parametrized classes, definitions and structure

2012-04-24 Thread Andy Taylor

Hi,

I've written a set of Puppet modules to manage servers, but am
slightly concerned about the structure I've used as it seems to differ
significantly from anything else I've seen in Puppet Forge/elsewhere
on the internet.

I've made extensive use of definitions so that defaults for modules
can be overridden in the node manifest for a server. For example:

node examplenode.example.com {

include apache
include mysql

define apache::config {
 listenport => 8080
}

define mysql::config
}

So in each module, I have a config definition which must be called in
each node manifest, even if you don't want to override any defaults
(as in the case of MySQL above). I haven't used parametrized classes
at all.

It all works fine, but are there any disadvantages to the sort of
structure I'm using? Should I be using more parametrized classes
instead of definitions?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to increment variable in erb template ?

Hi,

On Tuesday, 24 April 2012 14:38:28 UTC+1, AnOnJoe wrote:
>
> Hi',
>
> I'm looking for a way to increment variable in template (erb file).
>
> I tried this, but it didn't work
>
> Compteur <%= compteur %>
>> <% compteur = compteur + 1 %>
>> Compteur <%= compteur %>
>>
>
> I've got this error : 
>
>> Error 400 on SERVER: Failed to parse template test/test.erb: undefined 
>> method `+' for nil:NilClass
>>
>
Would that help?

 kwilczynski@desktop:~$ irb
irb(main):001:0> require 'erb'
=> true
irb(main):002:0> t = ERB.new <<-EOS
irb(main):003:0" <%= c = c ? c += 1 : 1 %>
irb(main):004:0" EOS
=> #
irb(main):005:0> t.result(binding)
=> "1\n"
irb(main):006:0> t.result(binding)
=> "2\n"
irb(main):007:0> t.result(binding)
=> "3\n"
irb(main):008:0> 

KW

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/RTEW8ohAolsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to increment variable in erb template ?

2012-04-24 Thread AnOnJoe

Hi',

I'm looking for a way to increment variable in template (erb file).

I tried this, but it didn't work

Compteur <%= compteur %>
> <% compteur = compteur + 1 %>
> Compteur <%= compteur %>
>

I've got this error : 

> Error 400 on SERVER: Failed to parse template test/test.erb: undefined 
> method `+' for nil:NilClass
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/UJeLGDu-GxAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the "false" directory?

2012-04-24 Thread Peter Bukowinski

Glad you got it sorted. You've discovered the importance of quoting and *not* 
quoting. The best practice is to single quote any string that does not contain 
a variable. If you're using a variable, use double quotes so it gets 
interpreted properly. Quotes should *not* be used around any of puppet's native 
values, e.g. true/running, false/stopped, present, absent, file, directory, 
link latest, absent, purged, etc.

--
Peter

On Apr 24, 2012, at 9:21 AM, Sans wrote:

> Thanks Peter! Got it now!
> 
> You were absolutely right - I had path   => 'false' for filebucket (in the 
> site.pp). 
> But I thought, Puppet recommends to quote around everything (apart from 
> variables). That's not true, I see. Cheers!!
> 
> 
> 
> On Tuesday, April 24, 2012 2:12:02 PM UTC+1, Sans wrote:
> I don't know what exactly you mean: I don't have any path defined with 
> "false" in it.
> Just figured out that whenever the content of a file is being modified, the 
> "false" directory is being created with the old file (as "content") in it. 
> So, looks like it's actually not modifying the file (in question) at all but 
> replacing with the new one and keeping the old (i.e. original) one in the 
> "false" directory. Am I making any sense here at all? Cheers!!
> 
> 
> 
> 
> On Tuesday, April 24, 2012 1:39:16 PM UTC+1, pmbuko wrote:
> Looks like you have an error in your filebucket definition. Did you, perhaps, 
> put quotes around "false" when you defined the path?
> 
> -- Peter
> 
> On Apr 24, 2012, at 8:13 AM, Sans  wrote:
> 
>> Dear all,
>> 
>> Since last night, Puppet is started creating a directory, named false in the 
>> present working directory, if I run puppetd -t manually on the puppet agent. 
>> The directory contents are like this:
>> 
>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
>> 
>> 
>> does any one know what are these and why they are being created? Cheers!! 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/M9LXUDvJXtYJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

--
Peter

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables

2012-04-24 Thread Ashley Penney

This was a long email!  The answer to your problems is definitely something
like
Hiera.  You make a common.yaml that has all your "defaults" and then you can
overwrite these based on any fact you like, when building the hierarchy.
 You can
make a hierarchy like:

fqdn
environment
common.yaml

Then you could make

environment/staging.yaml
fqdn/server1.yaml

And override any of the "defaults" in common.yaml with more specific
values.  You even
just set something like php_errors: true in staging.yaml and then in the
template have
some kind of <% if php_errors %> log with errors <% end %> etc kind of
code.  Hiera
is definitely the solution to what you're trying to do, it lets you extract
all that magic
out of the manifests and keep them clean and then rely on looking for the
most specific
match when traversing down the hierarchy.

On Tue, Apr 24, 2012 at 9:19 AM, Calimero  wrote:

> Hi,
>
> I worked with puppet (< 0.25) back in 2008/2009. We were able to
> deploy 200 servers from scratch and manage them. It worked fine.
>
> I'm now with a new customer and I'm pushing Puppet (and I'm also back
> to puppet on a side project).
>
> We're considering Puppet 2.6 to manage RHEL/CentOS 5 or 6 hosts. I'm
> "upgrading myself" to Puppet 2.6's new concepts and features.
>
> Anyway consider this for the sake of argument:
>
> - node server1.hostingcompanyAlpha.com
> -- hosted on a dedicated server at provider Alpha
> -- production
>
> - node server2.hostingcompanyBeta.net
> -- hosted on a dedicated server at provider Beta
> -- production
>
> - node staging.myprivatenetwork.priv
> -- hosted on my customer's private network
> -- staging/QA
>
> - node dev.myprivatenetwork.priv
> -- hosted on my customer's private network
> -- development server
>
> Those four nodes must host the same elements:
> - Apache HTTPD with multiple VHosts
> - PHP
> - Extra software ...
>
>
> There are a few differences between nodes:
> - Servers don't have the same capabilities (CPU/Mem/bandwidth): we
> need to tweak Apache's MaxClients settings on a per-host basis
> - We need to tweak PHP : displaying errors on 'staging' and 'dev' but
> hiding them on server1/server2 (ie: setting 'display_errors' to 'on'
> or 'off' in php.ini)
> - On development and staging/testing servers we need to change some of
> the VHosts definitions: add extra serverAliases, etc ...
> - server1, server2 and staging/dev must use different DNS servers (/
> etc/resolv.conf) and RPM Mirrors (yumrepo{ })
>
> I've read the following blog post:
>
> http://puppetlabs.com/blog/the-problem-with-separating-data-from-puppet-code/
>
>
>
> Back with puppet < 0.25, we'd use "global variables" (not even node
> inheritance).
>
> manifest/sites.pp had something like:
>
> $envname = 'prod'
> $envstr = ''
> $dns_servers = [ '10.0.0.42', '10.10.1.42' ]
>
> import "classes/*.pp"
>
> node 'server1.hostingcompanyAlpha.com' {
>
>$httpd_maxclients = 300
>$yum_base = "http://mirrors.hostingcompanyAlpha.com/ftp.centos.org/
> "
>$dns_servers = [ '1.2.3.4', '1.2.4.4' ] # Hosting Co.'s resolvers
>
>
>include mywebserver
> }
>
> node 'server2.hostingcompanyBeta.net' {
>
>$httpd_maxclients = 200
>$yum_base = "http://repo.hostingcompanyBeta.net/centos/";
>$dns_servers = [ '8.8.8.8.8' , '8.8.4.4' ]
>
>
>include mywebserver
> }
>
> node 'staging.myprivatenetwork.priv' {
>
>$httpd_maxclients = 50
>$php_display_errors = 'on'
>$envname = 'staging'
>$envstr = 'stag'
>
>include mywebserver
> }
>
>
> node 'dev.myprivatenetwork.priv' {
>
>$httpd_maxclients = 20
>$php_error_reporting = "E_ALL"
>$php_display_errors = 'on'
>$envname = 'dev'
>$envstr = 'dev'
>
>include mywebserver
> }
>
> manifests/classes/mywebserver.pp would contain somethine like this:
>
> import "php"
> import "httpd"
>
> class mywebserver {
>
>include centos # which would in turn include modules 'yum' and
> 'resolv'
>
>include httpd
>include php
>include php::apc
>
>define httpd::vhost { 'mysite' :
>servername  => "www.mysite.com",
>documentroot=> "/var/www/html/mysite.com",
>}
> }
>
>
>
> modules/httpd/manifests/init.pp had:
>
> # defaults
> $httpd_maxclients = 150
> $httpd_...
>
> class httpd {
>
>file { "/etc/httpd/conf/httpd.conf" :
>content => template("httpd/httpd.conf.default.erb"); #
> which would
> then use $httpd_maxclients
>}
>
> }
>
> We also had a httpd::vhost($ip = "*", $port = 80, $servername,
> $documentroot, ...) define which would write VHosts files based on the
> following template:
>
> :<%= port%>>
>ServerName  <%= servername %>
> <% if envstr != '' -%>
>ServerAlias <%= envstr %><%= servername %>
> <% end -%>
>
> <% if envname != 'prod' -%>
>php_admin_value display_errors on
> <% end -%>
>
> ...
> 
>
>
> modules/yum/manifests/init.pp

Re: [Puppet Users] What is the "false" directory?

Thanks Peter! Got it now!

You were absolutely right - I had *path   => 'false' *for filebucket (in 
the site.pp). 
But I thought, Puppet recommends to quote around everything (apart from 
variables). That's not true, I see. Cheers!!



On Tuesday, April 24, 2012 2:12:02 PM UTC+1, Sans wrote:
>
> I don't know what exactly you mean: I don't have any path defined with 
> "false" in it.
> Just figured out that whenever the content of a file is being modified, 
> the "*false*" directory is being created with the old file (as "content") 
> in it. So, looks like it's actually not modifying the file (in question) at 
> all but replacing with the new one and keeping the old (i.e. original) one 
> in the "*false*" directory. Am I making any sense here at all? Cheers!!
>
>
>
>
> On Tuesday, April 24, 2012 1:39:16 PM UTC+1, pmbuko wrote:
>>
>> Looks like you have an error in your filebucket definition. Did you, 
>> perhaps, put quotes around "false" when you defined the path?
>>
>> -- Peter
>>
>> On Apr 24, 2012, at 8:13 AM, Sans  wrote:
>>
>> Dear all,
>>
>> Since last night, Puppet is started creating a directory, named *false*in 
>> the present working directory, if I run 
>> *puppetd -t* manually on the puppet agent. The directory contents are 
>> like this:
>>
>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
>>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
>>>
>>
>>
>> does any one know what are these and why they are being created? Cheers!! 
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/M9LXUDvJXtYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Moving from Puppet 0.25 to Puppet 2.6+ : global scope/variables

Hi,

I worked with puppet (< 0.25) back in 2008/2009. We were able to
deploy 200 servers from scratch and manage them. It worked fine.

I'm now with a new customer and I'm pushing Puppet (and I'm also back
to puppet on a side project).

We're considering Puppet 2.6 to manage RHEL/CentOS 5 or 6 hosts. I'm
"upgrading myself" to Puppet 2.6's new concepts and features.

Anyway consider this for the sake of argument:

- node server1.hostingcompanyAlpha.com
-- hosted on a dedicated server at provider Alpha
-- production

- node server2.hostingcompanyBeta.net
-- hosted on a dedicated server at provider Beta
-- production

- node staging.myprivatenetwork.priv
-- hosted on my customer's private network
-- staging/QA

- node dev.myprivatenetwork.priv
-- hosted on my customer's private network
-- development server

Those four nodes must host the same elements:
- Apache HTTPD with multiple VHosts
- PHP
- Extra software ...


There are a few differences between nodes:
- Servers don't have the same capabilities (CPU/Mem/bandwidth): we
need to tweak Apache's MaxClients settings on a per-host basis
- We need to tweak PHP : displaying errors on 'staging' and 'dev' but
hiding them on server1/server2 (ie: setting 'display_errors' to 'on'
or 'off' in php.ini)
- On development and staging/testing servers we need to change some of
the VHosts definitions: add extra serverAliases, etc ...
- server1, server2 and staging/dev must use different DNS servers (/
etc/resolv.conf) and RPM Mirrors (yumrepo{ })

I've read the following blog post:
http://puppetlabs.com/blog/the-problem-with-separating-data-from-puppet-code/



Back with puppet < 0.25, we'd use "global variables" (not even node
inheritance).

manifest/sites.pp had something like:

$envname = 'prod'
$envstr = ''
$dns_servers = [ '10.0.0.42', '10.10.1.42' ]

import "classes/*.pp"

node 'server1.hostingcompanyAlpha.com' {

$httpd_maxclients = 300
$yum_base = "http://mirrors.hostingcompanyAlpha.com/ftp.centos.org/";
$dns_servers = [ '1.2.3.4', '1.2.4.4' ] # Hosting Co.'s resolvers


include mywebserver
}

node 'server2.hostingcompanyBeta.net' {

$httpd_maxclients = 200
$yum_base = "http://repo.hostingcompanyBeta.net/centos/";
$dns_servers = [ '8.8.8.8.8' , '8.8.4.4' ]


include mywebserver
}

node 'staging.myprivatenetwork.priv' {

$httpd_maxclients = 50
$php_display_errors = 'on'
$envname = 'staging'
$envstr = 'stag'

include mywebserver
}


node 'dev.myprivatenetwork.priv' {

$httpd_maxclients = 20
$php_error_reporting = "E_ALL"
$php_display_errors = 'on'
$envname = 'dev'
$envstr = 'dev'

include mywebserver
}

manifests/classes/mywebserver.pp would contain somethine like this:

import "php"
import "httpd"

class mywebserver {

include centos # which would in turn include modules 'yum' and
'resolv'

include httpd
include php
include php::apc

define httpd::vhost { 'mysite' :
servername  => "www.mysite.com",
documentroot=> "/var/www/html/mysite.com",
}
}



modules/httpd/manifests/init.pp had:

# defaults
$httpd_maxclients = 150
$httpd_...

class httpd {

file { "/etc/httpd/conf/httpd.conf" :
content => template("httpd/httpd.conf.default.erb"); # which 
would
then use $httpd_maxclients
}

}

We also had a httpd::vhost($ip = "*", $port = 80, $servername,
$documentroot, ...) define which would write VHosts files based on the
following template:

:<%= port%>>
ServerName  <%= servername %>
<% if envstr != '' -%>
ServerAlias <%= envstr %><%= servername %>
<% end -%>

<% if envname != 'prod' -%>
php_admin_value display_errors on
<% end -%>

...



modules/yum/manifests/init.pp had:

# defaults
$yum_base = "http://myrepo.myprivatenetwork.priv/centos";

class yum {
yumrep { "os" :
baseurl = "${yum_base}/RPMS.os",
}
}


modules/php/manifests/init.pp:

php_memory_limit = "32M"
php_error_reporting = "..."
php_display_errors = "off"
and so on ... (huge list)

with php.ini.erb :

display_errors = <%= php_display_errors %>
error_reporting = <%= php_error_reporting %>
...


And so on ... If you haven't dozed off already, you get the idea. :-)

That way we could provide safe/sane default settings which could
easily be tweaked on a per-host or per-class basis.

Parameters were quite easy to track and were in the code (which is
stored in SVN). There might be some scoping problems from time to
time, I have to admit. But once we had our "pattern", things would be
smooth.



I do now have trouble understanding how I should proceed with Puppet
2.6 (and 2.7 in the future), if I'm to avoid global variables.

Parameterized class are seemingly not an option and, from what I
understand and read, are more of an alternative to class inheritance
(Nigel Kersten's comment on iss

RE: [Puppet Users] autosign

2012-04-24 Thread C R Ritson

Having read the scary warnings about autosign, I need to think it through some 
more. However the helpful comments about allowing a client to revoke and delete 
its OWN certificate will probably useful on their own. Luke said that his 
addition to auth.conf was not working. It appears that the interpolation of a 
substring only works when a pattern-match path specification is used. This 
works for me (note the ~ ):-

#allow (some) hosts to manage certificates
path ~ /certificate_status/test([^/]+)$
auth any
allow test$1

Then in the kick-start file I use Luke's suggested:-

  # Revoke and delete any previous puppet certificate
  curl -k -X PUT -H "Content-Type: text/pson" \
--data '{"desired_state":"revoked"}' \
https://puppet:8140/production/certificate_status/${HOSTNAME}.ncl.ac.uk

  curl -k -X DELETE -H "Accept: pson" \
https://puppet:8140/production/certificate_status/${HOSTNAME}.ncl.ac.uk

I found I needed to add the domain name here to match the certificate that is 
generated later.

If auto-sign is to be avoided, one possibility is a hand-crafted script to look 
every so-often for new certificate requests and sign them if and only if they 
match some pre-determined pattern. Doing it this way avoids the lack of pattern 
matching in autosign.conf in which a * can only match a complete component of a 
fully qualified domain name and not some other arbitrary substring.

Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/

>-Original Message-
>From: Luke Bigum [mailto:luke.bi...@lmax.com]
>
>... Regarding security, I was originally trying to work with this:
>
>
>#allow a host to manage it's own certificate
>path /certificate_status/([^/]+)$
...
>allow $1

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the "false" directory?

I don't know what exactly you mean: I don't have any path defined with 
"false" in it.
Just figured out that whenever the content of a file is being modified, the 
"*false*" directory is being created with the old file (as "content") in 
it. So, looks like it's actually not modifying the file (in question) at 
all but replacing with the new one and keeping the old (i.e. original) one 
in the "*false*" directory. Am I making any sense here at all? Cheers!!




On Tuesday, April 24, 2012 1:39:16 PM UTC+1, pmbuko wrote:
>
> Looks like you have an error in your filebucket definition. Did you, 
> perhaps, put quotes around "false" when you defined the path?
>
> -- Peter
>
> On Apr 24, 2012, at 8:13 AM, Sans  wrote:
>
> Dear all,
>
> Since last night, Puppet is started creating a directory, named *false*in the 
> present working directory, if I run 
> *puppetd -t* manually on the puppet agent. The directory contents are 
> like this:
>
> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
>>
>
>
> does any one know what are these and why they are being created? Cheers!! 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/C9huAsW--VsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Analysing some puppetmaster logs to find out what's happening on an agent

2012-04-24 Thread jcbollinger

On Apr 23, 9:43 pm, Walter Heck  wrote:
> Hi all,
>
> in an unfortunate incident, I managed to lock myself out of a client's
> server. Basically an openssh module that by default disabled remote
> root logins did that on a server that was only accessed by remote root
> login (no other use raccounts present on that server). Unfortunately,
> this is a colocated server and next trip to the dc is scheduled for
> next thursday. No KVM over IP, no remote hands, pretty much the ideal
> situation :P. The Xen server is still running, and so are the domU's
> on it, but this is less then ideal. If any of the domU's goes down,
> there's nothing we can do :)
>
> Now, the puppet agent is running every 30 minutes, but something seems
> to make it not execute the catalog. I have set the puppetmaster to
> debug in order to see what's happening, but I can't figure it out.
> Here's a gist of the puppet master log:https://gist.github.com/2475554
>
> x7 is the offending server, x6 has exactly the same puppet definition.
> Can anyone tell me why the log for x7 just stops, with no error or
> nothing? What does that indicate is happening on x7? Any help is much
> appreciated :)

In the excerpt you posted, it looks like x7 is getting a cached
catalog, whereas x6's catalog needed to be recompiled.  The fact that
their manifests are the same is not inconsistent with that.  Perhaps
that's why you don't see more.

Alternatively, most of the log lines pertaining to x7 appear to show
it downloading plugins -- maybe you have a hung client, but successive
cron-initiated runs are performing plugin sync and fact gathering
before that stops them.

Since it looks like the client is still (plugin)syncing, however, that
may be enough of an opening for you to break the server back open.
You could try sending it a custom fact that has whatever clever side
effect you like.  I'm not certain whether facts are evaluated with
privilege, but you should at least be able to collect information and
write it to your share.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Analysing some puppetmaster logs to find out what's happening on an agent

2012-04-24 Thread Walter Heck

Hiya,

On Tue, Apr 24, 2012 at 14:07, Sharuzzaman Ahmat Raslan
 wrote:
> Ok, I think that narrows it down to cron issue possibility, as you mentioned
> the other server with the same puppet configurations works well.
>
> Reports only generated if puppet is running, even if there are errors. When
> there are no reports, it could mean that puppet is not running, or things
> that should execute puppet (eg. cron) is not running.
Well, I'd tend to agree on that, but we see this appearing in the logs
every 30 minutes, which means that something is contacting the puppet
master to ask for x7's catalog. I'd just expect an error message or
anything that indicates what's up here, especially in debug mode.

> It looks like nothing you can do remotely right now, other than physical
> access to the server.
We have someone on-site on Thursday morning, it's not the end of the
world, it's more my curiosity then anything else to see what happened
here.

> Maybe others will have better suggestion.
That would be more then welcome :)

-- 
Walter Heck

--
follow @walterheck on twitter to see what I'm up to!
--
Check out my new startup: Server Monitoring as a Service @ http://tribily.com
Follow @tribily on Twitter and/or 'Like' our Facebook page at
http://www.facebook.com/tribily

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the "false" directory?

Not sure what exactly do you mean; I haven't defined and path with "false" 
in it.  
It appears that the "false" directory is being created for this file 
definition:


'facts.yaml':
> name=> '/tmp/facts.yaml',
> content => inline_template("<%= scope.to_hash.reject { |k,v| !( 
> k.is_a?(String) && v.is_a?(String) ) }.to_yaml %>");
>

and the "path" file contents:
 

>  

[root@farm021 ~]# cat 
> false/b/8/5/9/a/4/1/d/b859a41d3c782bbfe768eb8fa70c63b5/paths 
> /tmp/facts.yaml
>


I don't see any error on the agent during the 'puppetd -t' run though. Am I 
making any sense here at all? Cheers!!



On Tuesday, April 24, 2012 1:39:16 PM UTC+1, pmbuko wrote:
>
> Looks like you have an error in your filebucket definition. Did you, 
> perhaps, put quotes around "false" when you defined the path?
>
> -- Peter
>
> On Apr 24, 2012, at 8:13 AM, Sans  wrote:
>
> Dear all,
>
> Since last night, Puppet is started creating a directory, named *false*in the 
> present working directory, if I run 
> *puppetd -t* manually on the puppet agent. The directory contents are 
> like this:
>
> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
>> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
>>
>
>
> does any one know what are these and why they are being created? Cheers!! 
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/2gmJRhBi1OQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the "false" directory?

2012-04-24 Thread Peter Bukowinski

Looks like you have an error in your filebucket definition. Did you, perhaps, 
put quotes around "false" when you defined the path?

-- Peter

On Apr 24, 2012, at 8:13 AM, Sans  wrote:

> Dear all,
> 
> Since last night, Puppet is started creating a directory, named false in the 
> present working directory, if I run puppetd -t manually on the puppet agent. 
> The directory contents are like this:
> 
> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
> 
> 
> does any one know what are these and why they are being created? Cheers!! 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: vcsrepo rake installation?

2012-04-24 Thread Ernest Beinrohr

alright, i was doint it wrong. just enable "pluginsync=true" on the
client.

On Apr 19, 5:05 pm, Ernest Beinrohr  wrote:
> Hi, I have trouble installing vcsrepo. I cloned vcsrepo onto my
> Centos6 and when I run "rake" i get this:
>
> (in /etc/puppet/modules/vcsrepo)
> ** Invoke default (first_time)
> ** Invoke spec (first_time)
> ** Execute spec
> ./spec/unit/puppet/provider/vcsrepo/cvs_spec.rb:3: undefined method
> `describe_provider' for main:Object (NoMethodError)
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> example_group_runner.rb:15:in `load'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> example_group_runner.rb:15:in `load_files'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> example_group_runner.rb:14:in `each'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> example_group_runner.rb:14:in `load_files'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> options.rb:133:in `run_examples'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/runner/
> command_line.rb:9:in `run'
>         from /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/bin/spec:5
> rake aborted!
> Command /usr/bin/ruby -I"lib:lib:spec"  "/usr/lib/ruby/gems/1.8/gems/
> rspec-1.3.0/bin/spec" "spec/unit/puppet/provider/vcsrepo/cvs_spec.rb"
> "spec/unit/puppet/provider/vcsrepo/svn_spec.rb" "spec/unit/puppet/
> provider/vcsrepo/bzr_spec.rb" "spec/unit/puppet/provider/vcsrepo/
> hg_spec.rb" "spec/unit/puppet/provider/vcsrepo/git_spec.rb"  failed
> /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/rake/spectask.rb:
> 177:in `define'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb::in `verbose'
> /usr/lib/ruby/gems/1.8/gems/rspec-1.3.0/lib/spec/rake/spectask.rb:
> 153:in `define'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:635:in `call'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:635:in `execute'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:630:in `each'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:630:in `execute'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:596:in
> `invoke_with_call_chain'
> /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:589:in
> `invoke_with_call_chain'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:606:in
> `invoke_prerequisites'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:603:in `each'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:603:in
> `invoke_prerequisites'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:595:in
> `invoke_with_call_chain'
> /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:589:in
> `invoke_with_call_chain'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:582:in `invoke'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2050:in
> `invoke_task'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2028:in `top_level'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2028:in `each'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2028:in `top_level'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2067:in
> `standard_exception_handling'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2022:in `top_level'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2000:in `run'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:2067:in
> `standard_exception_handling'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/lib/rake.rb:1997:in `run'
> /usr/lib/ruby/gems/1.8/gems/rake-0.8.7/bin/rake:31
> /usr/bin/rake:19:in `load'
> /usr/bin/rake:19
>
> PS: my puppet and ruby packages are from epel:
> puppet-2.7.13-1.el6.noarch
> puppet-dashboard-1.2.4-1.el6.noarch
> puppet-server-2.7.13-1.el6.noarch
> ruby-1.8.7.352-7.el6_2.x86_64
> ruby-augeas-0.4.1-1.el6.x86_64
> rubygem-puppet-lint-0.1.6-1.el6.rf.noarch
> rubygem-rake-0.8.7-2.1.el6.noarch
> rubygem-rspec-1.3.0-2.el6.noarch
> rubygems-1.3.7-1.el6.noarch
> ruby-irb-1.8.7.352-7.el6_2.x86_64
> ruby-libs-1.8.7.352-7.el6_2.x86_64
> ruby-mysql-2.8.2-1.el6.x86_64
> ruby-rdoc-1.8.7.352-7.el6_2.x86_64
> ruby-shadow-1.4.1-13.el6.x86_64

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] What is the "false" directory?

Dear all,

Since last night, Puppet is started creating a directory, named *false* in 
the present working directory, if I run *puppetd -t* manually on the puppet 
agent. The directory contents are like this:

8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/contents
> 8/3/e/5/8/6/5/9/83e586594432759eb7aed007e888a172/path
>


does any one know what are these and why they are being created? Cheers!! 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/nKerekDGmcoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] "Migrating" current installation to use environments

2012-04-24 Thread John Kennedy

Right now all our different environments (test/stage/prod) are being served
by the same puppet master. We have tried some things that tend to break
puppet which obviously is not good on a production machine. I have been
tasked to match our puppet environment with the enterprise environment. I
proposed to do the following and would like to know if I am missing any
fundamental steps:

OS - Puppet master, RHEL 6; clients, RHEL5/6 - All patched weekly
Puppet master and clients Currently puppet 2.7.13 - Installed/updated from
puppet repo
Version Control - SVN

Although puppet files are under version control, I like to back up anyway.
I am guessing/hoping that since nothing will call the environmental
manifests that we can create our other 2 environments without disturbing
our current configuration so I would create /etc/puppet/test and
/etc/puppet/stage directories and likely copy the current environment into
each as a starting point. (or would the duplicate class names be an issue?)
Remove the nodes that are not relevant to the specific environments and
make sure that all the manifests include the environments in any absolute
paths.
Edit /etc/puppet/puppet.conf to accommodate the environments by adding:

[master]
  modulepath = $confdir/environments/$environment/modules:$confdir/modules
  manifest = $confdir/manifests/unknown_environment.pp
[production]
  manifest = $confdir/manifests/site.pp
[stage]
  manifest = $confdir/manifests/site.pp
[test]
  manifest = $confdir/manifests/site.pp

Finally, copy the current modules/manifests in to /etc/puppet/production
and restart puppetmaster

This is a high level task list, I am just making sure that I am not missing
anything important at this point...

Thanks,
John


John Kennedy

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: help with array in a template.

Hi,

[...]

> It is in the split in fact I don't have space between the value but 
> carried returns, so if I split to "\n", it works. 
>

This is slightly worrisome.  I encourage you to go with separating values 
with a comma, not only because it follows style of how other facts return 
values, but also ensures that things will not break by accident (something 
may happen now and/or in the future).  As far as having single space there 
to separate results is also acceptable, then having "\n" there might not be 
what you want.  I do encourage you to strip surplus new lines and join 
values on single comma :)

My 2p, I hope you don't mind :)

KW

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/95nyFfV8ytsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: help with array in a template.

2012-04-24 Thread digrouz

I just found my problem,

It is in the split in fact I don't have space between the value but
carried returns, so if I split to "\n", it works.

Regards

On 24 avr, 10:55, Luke Bigum  wrote:
> Very close:
>
> <% virtualmountpoints.each do |fs| -%>
> [<%= fs %>]
> virtualmountpoint<%= fs %>
> <% end -%>
>
> I don't understand the Ruby in that, I copied it from someone else ;-)
>
> On 24/04/12 09:18, digrouz wrote:
>
>
>
>
>
>
>
>
>
> > Hello guys,
>
> > I would like to get some help with puppet about using an array in a
> > template.
>
> > I've a custom facts that return me this:
>
> > tsm_vmp    / /home /tmp /var/tmp /usr /var
>
> > I have a class that use this facts to split it on every space and to a
> > an entry in a template for each value, here is the code I use for
> > this:
>
> > $virtualmountpoints = split($tsm_vmp, ' ')
> > ...
> >        "/opt/tivoli/tsm/client/ba/bin/dsm.sys":
> >           owner =>  root,
> >           group =>  root,
> >           mode =>  0600,
> >           content =>  template("tsm/dsm.sys.erb"),
>
> > That's what's I have in my template
>
> > <% virtualmountpoints.each do |fs| -%>
> > virtualmountpoint<%= fs %>
> > <% end -%>
>
> > Thats what I get:
> > virtualmountpoint /
> > /home
> > /tmp
> > /var/tmp
> > /usr
> > /var
>
> > but I would like to get instead:
> > virtualmountpoint /
> > virtualmountpoint /home
> > virtualmountpoint /tmp
> > virtualmountpoint /var/tmp
> > virtualmountpoint /usr
> > virtualmountpoint /var
>
> > Do you know how to do this?
>
> --
> Luke Bigum
>
> Information Systems
> Ph: +44 (0) 20 3192 2520
> luke.bi...@lmax.com |http://www.lmax.com
> LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN
>
> FX and CFDs are leveraged products that can result in losses exceeding
> your deposit.  They are not suitable for everyone so please ensure you
> fully understand the risks involved.  The information in this email is not
> directed at residents of the United States of America or any other
> jurisdiction where trading in CFDs and/or FX is restricted or prohibited
> by local laws or regulations.
>
> The information in this email and any attachment is confidential and is
> intended only for the named recipient(s). The email may not be disclosed
> or used by any person other than the addressee, nor may it be copied in
> any way. If you are not the intended recipient please notify the sender
> immediately and delete any copies of this message. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
>
> LMAX operates a multilateral trading facility.  Authorised and regulated
> by the Financial Services Authority (firm registration number 509778) and
> is registered in England and Wales (number 06505809).
> Our registered address is Yellow Building, 1A Nicholas Road, London, W11
> 4AN.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] autosign

Not sure about the first question, are you saying your Agent had a 
non-autosigned certificate waiting on the Puppet Master, then you 
configured auto signing on the Master and expected it to work? I think 
the autosigning is done only when an Agent first connects and it won't 
sign any pending or backlog of certificates (but don't quote me).


Regarding security, I was originally trying to work with this:

#allow a host to manage it's own certificate
#path/certificate_status/([^/]+)$
path/certificate_status/
auth any
allow $1

Which was supposed to only allow a client to delete it's own certificate 
and only it's own. The $1 wasn't working for me though so I fell back to 
* (all hosts).


This allows all Agents full control of all operations under 
/certificate_status/, which basically means someone malicious could 
delete all your signed certificates, preventing all Agents from checking 
in. So definitely some implications ;-)


If you get auth.conf any more secure, let me know.

-Luke

On 24/04/12 10:42, C R Ritson wrote:

Many thanks - this is now working better. What was tripping me up was that if 
the puppet agent has tried to run, and there is a certificate request on the 
master, then the next run of the agent either doesn't try to get the 
coresponding certificate signed or else the auto-signing is silently blocked. 
Is this a bug, a feature, or just a misunderstanding on my part?

What are the security implications of allowing clients to manipulate 
certificates in this way? For now at least I will restrict this to the subset 
that are likely to need frequent rebuilds.

Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/





-Original Message-
From: Luke Bigum [mailto:luke.bi...@lmax.com]
Sent: 24 April 2012 09:42
To: puppet-users@googlegroups.com
Cc: C R Ritson
Subject: Re: [Puppet Users] autosign

Autosigning certificates work, what you're probably running into is that
autosigning does not clear off an old Agent's certificate, so you're
getting certificate mismatch errors. Puppet's RESTful API allows you to
manage certificates. It's been a long time since I tested this but I
have this in my auth.conf:

#allow hosts to manage certificates
#path /certificate_status/([^/]+)$
path /certificate_status/
auth any
allow *

And then I do this in a kickstart file to have each server delete it's
certificate before it generates a new one and contacts the Puppet Master
for the first time:

curl -k -X PUT -H "Content-Type: text/pson" --data
'{"desired_state":"revoked"}'
https://puppet:8140/production/certificate_status/$HOSTNAME
curl -k -X DELETE -H "Accept: pson"
https://puppet:8140/production/certificate_status/$HOSTNAME

Check out this page for more information:

http://docs.puppetlabs.com/guides/rest_api.html

-Luke

On 24/04/12 09:34, C R Ritson wrote:

Does autosign work? I have a scratch workstation that may be rebuilt

frequently and will therefore acquire a new client certificate. I was
hoping that adding its certificate name to /etc/puppet/autosign.conf on the
puppetmaster would allow just this one client to have its new certificates
autosigned. This doesn't appear to work and I can find no logged errors
telling me what is wrong. Can someone suggest where to look, please?


Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/



--
Luke Bigum

Information Systems
Ph: +44 (0) 20 3192 2520
luke.bi...@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN


FX and CFDs are leveraged products that can result in losses exceeding
your deposit.  They are not suitable for everyone so please ensure you
fully understand the risks involved.  The information in this email is not
directed at residents of the United States of America or any other
jurisdiction where trading in CFDs and/or FX is restricted or prohibited
by local laws or regulations.

The information in this email and any attachment is confidential and is
intended only for the named recipient(s). The email may not be disclosed
or used by any person other than the addressee, nor may it be copied in
any way. If you are not the intended recipient please notify the sender
immediately and delete any copies of this message. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is
strictly forbidden.

LMAX operates a multilateral trading facility.  Authorised and regulated
by the Financial Services Authority (firm registration number 509778) and
is registered in England and Wales (number 0650

Re: [Puppet Users] help with array in a template.

2012-04-24 Thread Nicolas Di Gregorio

I just found my problem,

It is in the split in fact I don't have space between the value but carried
returns, so if I split to "\n", it works.

Regards

On Tue, Apr 24, 2012 at 10:55 AM, Luke Bigum  wrote:

> Very close:
>
>
> <% virtualmountpoints.each do |fs| -%>
> [<%= fs %>]
>
> virtualmountpoint<%= fs %>
> <% end -%>
>
> I don't understand the Ruby in that, I copied it from someone else ;-)
>
>
> On 24/04/12 09:18, digrouz wrote:
>
>> Hello guys,
>>
>> I would like to get some help with puppet about using an array in a
>> template.
>>
>> I've a custom facts that return me this:
>>
>> tsm_vmp / /home /tmp /var/tmp /usr /var
>>
>> I have a class that use this facts to split it on every space and to a
>> an entry in a template for each value, here is the code I use for
>> this:
>>
>> $virtualmountpoints = split($tsm_vmp, ' ')
>> ...
>>   "/opt/tivoli/tsm/client/ba/**bin/dsm.sys":
>>  owner =>  root,
>>  group =>  root,
>>  mode =>  0600,
>>  content =>  template("tsm/dsm.sys.erb"),
>>
>> That's what's I have in my template
>>
>> <% virtualmountpoints.each do |fs| -%>
>> virtualmountpoint<%= fs %>
>> <% end -%>
>>
>>
>>
>> Thats what I get:
>> virtualmountpoint /
>> /home
>> /tmp
>> /var/tmp
>> /usr
>> /var
>>
>> but I would like to get instead:
>> virtualmountpoint /
>> virtualmountpoint /home
>> virtualmountpoint /tmp
>> virtualmountpoint /var/tmp
>> virtualmountpoint /usr
>> virtualmountpoint /var
>>
>>
>> Do you know how to do this?
>>
>>
>
> --
> Luke Bigum
>
> Information Systems
> Ph: +44 (0) 20 3192 2520
> luke.bi...@lmax.com | http://www.lmax.com
> LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN
>
>
> FX and CFDs are leveraged products that can result in losses exceeding
> your deposit.  They are not suitable for everyone so please ensure you
> fully understand the risks involved.  The information in this email is not
> directed at residents of the United States of America or any other
> jurisdiction where trading in CFDs and/or FX is restricted or prohibited
> by local laws or regulations.
>
> The information in this email and any attachment is confidential and is
> intended only for the named recipient(s). The email may not be disclosed
> or used by any person other than the addressee, nor may it be copied in
> any way. If you are not the intended recipient please notify the sender
> immediately and delete any copies of this message. Any unauthorised
> copying, disclosure or distribution of the material in this e-mail is
> strictly forbidden.
>
> LMAX operates a multilateral trading facility.  Authorised and regulated
> by the Financial Services Authority (firm registration number 509778) and
> is registered in England and Wales (number 06505809). Our registered
> address is Yellow Building, 1A Nicholas Road, London, W11
> 4AN.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com .
> For more options, visit this group at http://groups.google.com/**
> group/puppet-users?hl=en
> .
>
>


-- 
Nicolas Di Gregorio
25A, Rue des Pyramides
7700 Mouscron
Belgium
Tel: +32479820183
@: nicolas.digrego...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] autosign

2012-04-24 Thread C R Ritson

Many thanks - this is now working better. What was tripping me up was that if 
the puppet agent has tried to run, and there is a certificate request on the 
master, then the next run of the agent either doesn't try to get the 
coresponding certificate signed or else the auto-signing is silently blocked. 
Is this a bug, a feature, or just a misunderstanding on my part?

What are the security implications of allowing clients to manipulate 
certificates in this way? For now at least I will restrict this to the subset 
that are likely to need frequent rebuilds.

Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/




>-Original Message-
>From: Luke Bigum [mailto:luke.bi...@lmax.com]
>Sent: 24 April 2012 09:42
>To: puppet-users@googlegroups.com
>Cc: C R Ritson
>Subject: Re: [Puppet Users] autosign
>
>Autosigning certificates work, what you're probably running into is that
>autosigning does not clear off an old Agent's certificate, so you're
>getting certificate mismatch errors. Puppet's RESTful API allows you to
>manage certificates. It's been a long time since I tested this but I
>have this in my auth.conf:
>
>#allow hosts to manage certificates
>#path /certificate_status/([^/]+)$
>path /certificate_status/
>auth any
>allow *
>
>And then I do this in a kickstart file to have each server delete it's
>certificate before it generates a new one and contacts the Puppet Master
>for the first time:
>
>curl -k -X PUT -H "Content-Type: text/pson" --data
>'{"desired_state":"revoked"}'
>https://puppet:8140/production/certificate_status/$HOSTNAME
>curl -k -X DELETE -H "Accept: pson"
>https://puppet:8140/production/certificate_status/$HOSTNAME
>
>Check out this page for more information:
>
>http://docs.puppetlabs.com/guides/rest_api.html
>
>-Luke
>
>On 24/04/12 09:34, C R Ritson wrote:
>> Does autosign work? I have a scratch workstation that may be rebuilt
>frequently and will therefore acquire a new client certificate. I was
>hoping that adding its certificate name to /etc/puppet/autosign.conf on the
>puppetmaster would allow just this one client to have its new certificates
>autosigned. This doesn't appear to work and I can find no logged errors
>telling me what is wrong. Can someone suggest where to look, please?
>>
>>
>> Chris Ritson (Computing Officer and School Safety Officer)
>>
>> Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
>> School of Computing Science,  PHONE: +44 191 222 8175
>> Newcastle University, FAX  : +44 191 222 8232
>> Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/
>>
>
>
>--
>Luke Bigum
>
>Information Systems
>Ph: +44 (0) 20 3192 2520
>luke.bi...@lmax.com | http://www.lmax.com
>LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN
>
>
>FX and CFDs are leveraged products that can result in losses exceeding
>your deposit.  They are not suitable for everyone so please ensure you
>fully understand the risks involved.  The information in this email is not
>directed at residents of the United States of America or any other
>jurisdiction where trading in CFDs and/or FX is restricted or prohibited
>by local laws or regulations.
>
>The information in this email and any attachment is confidential and is
>intended only for the named recipient(s). The email may not be disclosed
>or used by any person other than the addressee, nor may it be copied in
>any way. If you are not the intended recipient please notify the sender
>immediately and delete any copies of this message. Any unauthorised
>copying, disclosure or distribution of the material in this e-mail is
>strictly forbidden.
>
>LMAX operates a multilateral trading facility.  Authorised and regulated
>by the Financial Services Authority (firm registration number 509778) and
>is registered in England and Wales (number 06505809).
>Our registered address is Yellow Building, 1A Nicholas Road, London, W11
>4AN.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Why latest stable Debian Squeeze package is 2.6.2-5+squeeze4 please ?

2012-04-24 Thread Christophe L

Hello Mike,

Sorry for the late feedback.

On this page
http://docs.puppetlabs.com/guides/installation.html
it is written
"
OS Packages

If installing from a distribution maintained package, such as those
listed on the Downloading Puppet Wiki Page all OS prerequisites should
be handled by your package manager.
"

On this page
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet
it is written
"
Debian Packages

Debian packages are available from the Debian Packages site.
"

So there is no information about the apt.puppetlabs.com debian package
repository on those two pages, and I think it would be nice to have
this information on at least one of them.

Thanks in advance.

Best regards,
Christophe


On 8 avr, 00:42, Michael Stahnke  wrote:
> On Thu, Apr 5, 2012 at 10:34 PM, Christophe L  
> wrote:
> > Thank you all for your answers !
>
> > As a suggestion for the documentation, that would be nice to have
> > information about the http://apt.puppetlabs.com/apt repository on the
> > puppet installation page.
>
> That is currently undergoing some work, and will be there.  If you
> happen to know pages exactly you were referencing, I'll be sure to
> them updated.
>
> Mike
>
>
>
>
>
>
>
>
>
> > Best regards,
> > Christophe
>
> > On 5 avr, 20:58, Gabriel Filion  wrote:
> >> On 12-04-05 07:19 AM, Christophe L wrote:
>
> >> > After some research, I have found that the last stable debian package
> >> > version is
> >> > puppet (2.6.2-5+squeeze4) [security]
> >> >http://packages.debian.org/squeeze/puppet
>
> >> > and that 2.7.12-3 is considered as unstable
> >> >http://packages.qa.debian.org/p/puppet.html
>
> >> In Debian's release cycle, the packages are freezed before a release.
> >> when this happens it means that package versions that are currently in
> >> the "testing" branch will be used for the next debian release, and will
> >> be used until the next release.
>
> >> the "stable" part in all that is the debian branch name that represents
> >> the current release, so what software they support.
>
> >> security patches will be backported to 2.6 as much as possible for as
> >> long as the current "stable" branch is the current one.
>
> >> for now, you can use the squeeze-backports[1] branch, in which you can
> >> find puppet 2.7
>
> >> [1]:http://backports-master.debian.org/Instructions/
>
> >> --
> >> Gabriel Filion
>
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to 
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] help with array in a template.


Very close:

<% virtualmountpoints.each do |fs| -%>
[<%= fs %>]
virtualmountpoint<%= fs %>
<% end -%>

I don't understand the Ruby in that, I copied it from someone else ;-)

On 24/04/12 09:18, digrouz wrote:

Hello guys,

I would like to get some help with puppet about using an array in a
template.

I've a custom facts that return me this:

tsm_vmp / /home /tmp /var/tmp /usr /var

I have a class that use this facts to split it on every space and to a
an entry in a template for each value, here is the code I use for
this:

$virtualmountpoints = split($tsm_vmp, ' ')
...
   "/opt/tivoli/tsm/client/ba/bin/dsm.sys":
  owner =>  root,
  group =>  root,
  mode =>  0600,
  content =>  template("tsm/dsm.sys.erb"),

That's what's I have in my template

<% virtualmountpoints.each do |fs| -%>
virtualmountpoint<%= fs %>
<% end -%>



Thats what I get:
virtualmountpoint /
/home
/tmp
/var/tmp
/usr
/var

but I would like to get instead:
virtualmountpoint /
virtualmountpoint /home
virtualmountpoint /tmp
virtualmountpoint /var/tmp
virtualmountpoint /usr
virtualmountpoint /var


Do you know how to do this?




--
Luke Bigum

Information Systems
Ph: +44 (0) 20 3192 2520
luke.bi...@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN


FX and CFDs are leveraged products that can result in losses exceeding
your deposit.  They are not suitable for everyone so please ensure you
fully understand the risks involved.  The information in this email is not
directed at residents of the United States of America or any other
jurisdiction where trading in CFDs and/or FX is restricted or prohibited
by local laws or regulations.

The information in this email and any attachment is confidential and is
intended only for the named recipient(s). The email may not be disclosed
or used by any person other than the addressee, nor may it be copied in
any way. If you are not the intended recipient please notify the sender
immediately and delete any copies of this message. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is
strictly forbidden.

LMAX operates a multilateral trading facility.  Authorised and regulated 
by the Financial Services Authority (firm registration number 509778) and
is registered in England and Wales (number 06505809). 
Our registered address is Yellow Building, 1A Nicholas Road, London, W11

4AN.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Creating a system module path (starting with Telly)

2012-04-24 Thread Bill Proud

Sounds good.

One problem that I have with the forge is that the extent to which the 
modules have been tested is not clear to me.  Can I take it that the core 
modules that ship with puppet will have been through a similar testing 
cycle as puppet itself?


On Monday, April 23, 2012 11:03:39 PM UTC+2, Michael Stanhke wrote:
>
> There was some discussion and concern about moving the Nagios
> types/providers out of the core area of Puppet for Telly.  We made a
> mistake of talking about a point solution to a problem rather than the
> vision on where we’d like it to go, and why.  We’ve attempted to
> outline this a bit more so you can hopefully have a better
> understanding of our ideas.  As always, feel free to comment and voice
> concerns.  This isn’t set in stone and at this point is a proposal.
>
> == The Problem ==
>
> Bundling types and providers into the core of Puppet has a few problems.
>
> The most important problem is that it ties releases of the types or
> providers to releases of core Puppet.  That is a pretty slow moving
> (for stability) system, and it is also a system where most of the
> investment goes into supporting new releases rather than improving
> older releases.
>
> We want to keep our core stable, while allowing the community platform
> experts, distro maintainers and other users to enhance the experience
> with certain aspects of Puppet without having to wait for the next
> major release.
>
> The secondary problem is that it plays favourites - some platform
> types are in core, others are not.  Some monitoring systems, or disk
> management systems are in core, others are not.  That doesn't reflect
> the real importance of those types, or that some are more special or
> more stable than others - just happenstance of time.
>
> On the other hand, having Puppet work out of the box is awesome.  You
> should be able to install Puppet and immediately get started, managing
> your platform and generally doing awesome things.
>
> Puppet with no types, and no providers, is not awesome.  It can't do
> anything - and "install twenty things, then ..." is not a good
> introductory experience.
>
> == Proposed Solution ==
>
> We want to take some of the great lessons from other platforms - Perl,
> Python, and Ruby - and apply them to this problem:
>
> We are proposing to pull more types and providers out of Puppet, so
> they get the benefit of an independent release cycle, and the
> advantages of full forge integration.
>
> We also propose to have a "system" module path: a set of modules that
> ship with core Puppet, taken from the forge, and available by default
> at install time.  They will ensure that Puppet is still awesome out of
> the box - but that you can list modules and their versions, and can
> update freely.
>
> We also plan a "vendor" module path, and a "site" module path.  Other
> platforms have shown the value of this: when distributions package
> Puppet, they might want more or different modules to support their
> systems better.  Allowing them to drop into the vendor module path and
> operate in the same way as our system modules makes it easy to use
> normal modules in an awesome way.
>
> Finally, the "site" module path allows for easy deployment of modules
> through other packaging systems like yum and apt, internally to
> companies and sites that want a different path for versioning modules.
>  They separate the mutable path used by the local tool and the managed
> path for self-packaged modules.
>
> This seems to offer the best of both worlds: we can take full
> advantage of the strengths of modules, but without giving up the
> awesomeness of Puppet that does great things out of the box.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/LyPHnvAgjQ4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] help with array in a template.

2012-04-24 Thread digrouz

Hello guys,

I would like to get some help with puppet about using an array in a
template.

I've a custom facts that return me this:

tsm_vmp / /home /tmp /var/tmp /usr /var

I have a class that use this facts to split it on every space and to a
an entry in a template for each value, here is the code I use for
this:

$virtualmountpoints = split($tsm_vmp, ' ')
...
  "/opt/tivoli/tsm/client/ba/bin/dsm.sys":
 owner => root,
 group => root,
 mode => 0600,
 content => template("tsm/dsm.sys.erb"),

That's what's I have in my template

<% virtualmountpoints.each do |fs| -%>
virtualmountpoint <%= fs %>
<% end -%>



Thats what I get:
virtualmountpoint /
/home
/tmp
/var/tmp
/usr
/var

but I would like to get instead:
virtualmountpoint /
virtualmountpoint /home
virtualmountpoint /tmp
virtualmountpoint /var/tmp
virtualmountpoint /usr
virtualmountpoint /var


Do you know how to do this?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] autosign

Autosigning certificates work, what you're probably running into is that 
autosigning does not clear off an old Agent's certificate, so you're 
getting certificate mismatch errors. Puppet's RESTful API allows you to 
manage certificates. It's been a long time since I tested this but I 
have this in my auth.conf:


#allow hosts to manage certificates
#path /certificate_status/([^/]+)$
path /certificate_status/
auth any
allow *

And then I do this in a kickstart file to have each server delete it's 
certificate before it generates a new one and contacts the Puppet Master 
for the first time:


curl -k -X PUT -H "Content-Type: text/pson" --data 
'{"desired_state":"revoked"}' 
https://puppet:8140/production/certificate_status/$HOSTNAME
curl -k -X DELETE -H "Accept: pson" 
https://puppet:8140/production/certificate_status/$HOSTNAME


Check out this page for more information:

http://docs.puppetlabs.com/guides/rest_api.html

-Luke

On 24/04/12 09:34, C R Ritson wrote:

Does autosign work? I have a scratch workstation that may be rebuilt frequently 
and will therefore acquire a new client certificate. I was hoping that adding 
its certificate name to /etc/puppet/autosign.conf on the puppetmaster would 
allow just this one client to have its new certificates autosigned. This 
doesn't appear to work and I can find no logged errors telling me what is 
wrong. Can someone suggest where to look, please?


Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/




--
Luke Bigum

Information Systems
Ph: +44 (0) 20 3192 2520
luke.bi...@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN


FX and CFDs are leveraged products that can result in losses exceeding
your deposit.  They are not suitable for everyone so please ensure you
fully understand the risks involved.  The information in this email is not
directed at residents of the United States of America or any other
jurisdiction where trading in CFDs and/or FX is restricted or prohibited
by local laws or regulations.

The information in this email and any attachment is confidential and is
intended only for the named recipient(s). The email may not be disclosed
or used by any person other than the addressee, nor may it be copied in
any way. If you are not the intended recipient please notify the sender
immediately and delete any copies of this message. Any unauthorised
copying, disclosure or distribution of the material in this e-mail is
strictly forbidden.

LMAX operates a multilateral trading facility.  Authorised and regulated 
by the Financial Services Authority (firm registration number 509778) and
is registered in England and Wales (number 06505809). 
Our registered address is Yellow Building, 1A Nicholas Road, London, W11

4AN.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] autosign

2012-04-24 Thread C R Ritson

Does autosign work? I have a scratch workstation that may be rebuilt frequently 
and will therefore acquire a new client certificate. I was hoping that adding 
its certificate name to /etc/puppet/autosign.conf on the puppetmaster would 
allow just this one client to have its new certificates autosigned. This 
doesn't appear to work and I can find no logged errors telling me what is 
wrong. Can someone suggest where to look, please?


Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: c.r.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 222 8175
Newcastle University, FAX  : +44 191 222 8232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Recovering deleted modules