RE: [Puppet Users] 12% of my puppet clients -- Could not retrieve catalog from remote server: execution expired
Not sure if it is the same issue, but we had a lot of timeout errors for catalogue retrieval once we started getting to the 200 nodes/hour point. We changed puppet to be every 2 hours, and all was well, until we had 450 nodes (again, 200/hr) and the problem resurfaced. I take it to be some limitation in the puppet system. Now we've just finished installing a fully distributed puppet setup, with one frontend and four backend puppetmasters. This should be able to handle 800/hr if the previous test were right, and we can expand horizontally indefinitely. It could just be that you've reached the limit of your puppet infrastructure. I also found that such features as storeconfigs greatly slow things down and reduce how many catalogues/hr can be served (thin storeconfigs is much better). We were advised of this limitation when we put it in, but I had to try it out myself and see... Steve Steve Shipway University of Auckland ITS UNIX Systems Design Lead s.ship...@auckland.ac.nz Ph: +64 9 373 7599 ext 86487 From: puppet-users@googlegroups.com [puppet-users@googlegroups.com] on behalf of Tim Lank [timl...@timlank.com] Sent: Wednesday, 9 May 2012 2:59 a.m. To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] 12% of my puppet clients -- Could not retrieve catalog from remote server: execution expired they do run as a daemon pretty much always the same 70 and they don't all run at the same time. Many do, but not all. On Tue, May 8, 2012 at 9:03 AM, Arnau Bria listsar...@gmail.com wrote: On Tue, 8 May 2012 05:35:34 -0700 (PDT) Tim Lank wrote: how do I troubleshoot this error that occurs for about 12% of the puppet clients (~70 out of ~550.) do they run as daemon? always the 70 same hosts are failling? do they run at same time? Cheers, Arnau -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Managing system yum repositories with yumrepo cache issues
Thanks guys. In the end I set up a notify to ping an exec which did a yum clean operation whenever a yumrepo resource was modified. Seems to work fine. Thanks! Andy On May 5, 1:59 am, Eric Shamow e...@puppetlabs.com wrote: Just a note - it's better to do yum clean metadata than all in most cases. There's no reason to drop all that cached package stuff - you just want to get rid of the repo index. -- Eric Shamow Professional Serviceshttp://puppetlabs.com/ (c)631.871.6441 On Friday, May 4, 2012 at 5:11 PM, Jo Rhett wrote: I just have it run a yum clean all exec command every time a repo is updated. Since they all refer to the same exec, it only happens once after the repos are updated. The tricky part is ensuring that anything trying to update software in the same run has a require= set that ensures all the yum repos and the yum clean all are completed before they run, or you get: update yum repo update package yum clean all …. I just require the entire yumrepo class, but there may be better ways. On May 4, 2012, at 6:54 AM, Andy Taylor wrote: I'm trying to get my yum module to manage system repositories like CentOS-Base. My yum module is part of a pre run stage so it puts the necessary repositories in place before other modules try to install anything. I've just run into a problem though; when Puppet installs a repo via yumrepo, it doesn't clear the yum cache. This means that when the modules in the main stage start trying to install packages, many will error as yum doesn't see the new respositories. Running yum clean metadata fixes this, but I'm not sure how best to automate it in the module. I don't want to turn metadata caching off, or have a regular cron flushing it as I've seeen suggested before - an exec subscribed to /etc/yum.repos.d would be perfect, but that doesn't work. I'm posting this here prior to putting something in the Puppet Labs bug tracker, as either a feature request or a bug (I think it's fairly essential that adding repositories leads to a refresh of yum cache... shouldn't really have to work around it in my opinion) Thanks! Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] tlsv1 alert unknown ca
Dear all, I see this error message in my *masterhttp.log* repeatedly: ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca I saw a similar mail in the list but there was no definitive answer to that post. Does anyone know what am I missing here? I do understand what *unknown ca* means but I can't think of any reason. Anyone can give me some hints please? Cheers, San -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Ppvj6VcYw5sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is Could not intern from pson error??
Figured out that the using CNAME is not really the issue but I'm still getting the same error 3 out of 5 or so. If anyone know anything related to this, can you please help? Cheers!! On Monday, May 7, 2012 9:55:24 PM UTC+1, Sans wrote: Hi Jerry, That actually reminds me about something related. I also moved the * alias-name* from the old server on to th new one and used that alias-name as certname and server in my configuration. Should it be a problem? Any one can comment? Cheers!! On Monday, May 7, 2012 3:01:30 PM UTC+1, jerry wrote: I had this strange error after the first in resolv.conf registered (internal) dns-server died. After a restart of the dns-server the error was gone. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/CnErXi40b1UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] The best way to access this node data
I have a MySQL database table that effectively holds key-value pairs which link each node to its parent (ESXi hypervisor). I want to use this information to set the Nagios parent, which is easy to do, client-side. I'm not sure what the best approach is. I considered writing a custom fact that does a brief MySQL query to discover that node's parent. I wasn't able to find any code I was prepared to run in production - is there a neater way of using a ruby module to query MySQL? The example on this page is dirty. http://ppadron.blog.br/2009/09/25/facter-puppet-writing-custom-facts-to-manage-plesk-servers/ Alternatively, is there any way to access this data server-side that can be accessed on a per-node basis? Cheers, Jonathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The best way to access this node data
Your existing DB probably doesn't match what hiera-mysql is expecting, but maybe it's something you could refactor: http://www.craigdunn.org/2012/03/introducing-hiera-mysql-mysql-backend-for-hiera/ On 09/05/12 11:58, Jonathan Gazeley wrote: I have a MySQL database table that effectively holds key-value pairs which link each node to its parent (ESXi hypervisor). I want to use this information to set the Nagios parent, which is easy to do, client-side. I'm not sure what the best approach is. I considered writing a custom fact that does a brief MySQL query to discover that node's parent. I wasn't able to find any code I was prepared to run in production - is there a neater way of using a ruby module to query MySQL? The example on this page is dirty. http://ppadron.blog.br/2009/09/25/facter-puppet-writing-custom-facts-to-manage-plesk-servers/ Alternatively, is there any way to access this data server-side that can be accessed on a per-node basis? Cheers, Jonathan -- Luke Bigum Information Systems Ph: +44 (0) 20 3192 2520 luke.bi...@lmax.com | http://www.lmax.com LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved. The information in this email is not directed at residents of the United States of America or any other jurisdiction where trading in CFDs and/or FX is restricted or prohibited by local laws or regulations. The information in this email and any attachment is confidential and is intended only for the named recipient(s). The email may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not the intended recipient please notify the sender immediately and delete any copies of this message. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. LMAX operates a multilateral trading facility. Authorised and regulated by the Financial Services Authority (firm registration number 509778) and is registered in England and Wales (number 06505809). Our registered address is Yellow Building, 1A Nicholas Road, London, W11 4AN. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Environment] fileserver + auth.conf
Hi everyone, Found the error... A bad directory name in the module directory: file instead of files. Regards, JM On Tue, May 8, 2012 at 3:09 AM, Antidot SAS antidot...@gmail.com wrote: Hi everyone, I am trying to introduce environment use in my puppet setup (Setup with gem/version 2.7.9 on debian squeeze): *1. On my master (Apache+passenger):* *puppet.conf* [main] pluginsync = true confdir = /etc/puppet ... modulepath= $confdir/environments/$environment/modules:$confdir/modules [master] storeconfigs= true .. modulepath = $confdir/environments/$environment/modules:$confdir/modules reports= store, http, tagmail *fileserver.conf:* [modules] allow * *auth.conf:* # inconditionnally allow access to all files services # which means in practice that fileserver.conf will # still be used path /file allow * *2. On my slave:* *puppet.conf:* [main] report = true syslogfacility = daemon pluginsync = true confdir = /etc/puppet templatedir = $confdir/templates modulepath = $confdir/environments/$environment/modules:$confdir/modules # -- [ Environment ]-- environment = testing *3. On my testing module:* */etc/puppet/environments/testing/modules/test/manifest/init.pp * file { 'test_file': path= '/tmp/test', source = puppet:///${::environment}/${module_name}/sources.list.d/test.list, } And: ls -al /etc/puppet/environments/testing/modules/test/file/sources.list.d/test.list -rw-r--r-- 1 root root 110 May 8 01:12 /etc/puppet/environments/testing/modules/test/file/sources.list.d/test.list And when I try to run the module on the client I have the following error: Tue May 08 02:32:12 +0200 2012 File[/tmp/test] (err): Could not evaluate: Error 400 on SERVER: Not authorized to call find on /file_metadata/testing/test/sources.list.d/test.list I tried different stuff with fileserver and auth.conf but nothing worked, so any idea would be helpfull :D. But surely I have missed something. Regards, JM -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 12% of my puppet clients -- Could not retrieve catalog from remote server: execution expired
I was getting timeouts before as well. Usually had to do with apache MaxClients being reached (running apache/passenger setup) so then increased that if the system could handle some more load. Other times it was from too much load on our puppetmasters so needed to increase # of CPU and adjust 'PassengerMaxPoolSize' in the apache config. Finally, we also ran into 'open file' limits issues with the number of connections/sockets which would cause issues with passenger, so I had to bump that up as well (from 1024 default to 2048). We have ~4500 systems running every 30 minutes. We use 4 systems with 16 cores each to support this. The systems run with a load of around 30% right now, so really all we need is probably 2 of these systems ... but we want redundancy. So we have ~9000/hr with this setup. To give you an idea of run/hr and horsepower. Regards, Jake -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/hQExZ1X7pcwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can you override a define parameter
On May 8, 3:47 pm, Jake - USPS jacob.m.mcc...@usps.gov wrote: Should I be able to override a parameter in a define? I've been searching the group and found answers both saying you can and can't CAN:https://groups.google.com/forum/?fromgroups#!searchin/puppet-users/ov... CANT:https://groups.google.com/forum/?fromgroups#!searchin/puppet-users/ov... Those two threads look consistent to me, though one of the responses to the second is wrong. The cases are similar: a class declares an instance of a defined type, and that defined type instance declares a resource of a built-in type. It is possible for a subclass to override the properties of the defined type instance, but not (directly) the properties of the resources declared by the defined type. That showcases the fact that defined type instances are bona fide resources. People sometimes mistake type definitions to be a Puppet variation on macros. That kind of thinking leads to all kinds of wrong expectations, among them that a class should be able to override properties of resources declared by a defined type instance, as the OPs in those threads supposed. That does not appear to be what you are doing. So here is what I have ... Defined in a class: class oracle_db { etc_sysctl_conf { 'kernel.shmall': value = '1', } } define oracle_db::etc_sysctl_conf ( $attr = $name, $value ) { notify{${attr}:${value}: } } Then override with another class: class oracle_db::hugepages inherits oracle_db { Etc_sysctl_conf['kernel.shmall'] { value = '2', } etc_sysctl_conf { vm.nr_hugepages: value = '3'; } } That should be fine. In addition, however -- and forgive me for stating the obvious -- you do need to be sure to actually declare the subclass on the target node. And get: hostA:~ # puppet agent --test | grep -e shmall -e hugepage notice: kernel.shmall:1 notice: /Stage[main]/Oracle_db/Oracle_db::Etc_sysctl_conf[kernel.shmall]/Notify[kernel.shmall:1]/message: defined 'message' as 'kernel.shmall:1' notice: vm.nr_hugepages:3 notice: /Stage[main]/Oracle_db::Hugepages/Oracle_db::Etc_sysctl_conf[vm.nr_hugepages]/Notify[vm.nr_hugepages:3]/message: defined 'message' as 'vm.nr_hugepages:3' I am using 2.7.9 Puppet should issue a catalog compilation error if one of the classes for the node attempts to perform a resource property override that is not permitted. I can't speak to the Notifies in your output, because they're not represented in the manifest fragments you posted. Also, although the debug log output by 'puppet agent --test' will indicate, I think, whether class oracle_db::hugepages is included on the node, I can't tell from the filtered log output above whether it has been. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Lots of problems with Puppet 2.7 and Passenger on FreeBSD
Hello, I continually get error messages about denied requests and can't figure out why...starting to get really frustrated. AFAICT, the SSL stuff doesn't actually work, which makes me think I have something configured incorrectly. This is my first attempt with Passenger. I've previously used Puppet (0.24) with Mongrel and that worked well, I figured I would see how Passenger worked. Seems a lot harder to get going so far. I can see a signing request, I sign it, seems to work, but the agent never attempts again. If I manually restart the agent I start getting 403s. If I wipe out the SSL files and restart, the same thing happens: start agent, get request, sign, restart agent, 403, rinse and repeat. It worked as [user] but when I changed it to [agent], everything broke, even with the same certificates. These are the errors I see: May 8 21:36:06 puppet puppet-master[11776]: Denying access: Forbidden request: backup1(192.168.3.9) access to /catalog/backup1.int.domain.com [find] at line 98 May 8 21:36:06 puppet puppet-master[11776]: Forbidden request: backup1(192.168.3.9) access to /catalog/backup1.int.domain.com [find] at line 98 I also had plugin errors and report errors but I turned those options off. I created the master cert with dns_alt_name=puppet, and I see the extension in the cert ONLY for the master's FQDN cert file, the CA cert file doesn't have an alt name (ssl/certs/ca.pem). Neither does ssl/ca/ca_crt.pem. Is this correct? Does the client also need an alt name in its cert? This, believe it or not, is the default puppet.conf I got on FreeBSD (with comments/whitespace removed, [user] changed to [agent], and my domain replaced): [agent] tagmap = /usr/local/etc/puppet/tagmail.conf lastrunreport = /var/puppet/state/last_run_report.yaml server = puppet.int.domain.com clientyamldir = /var/puppet/client_yaml clientbucketdir = /var/puppet/clientbucket puppetdlog = /var/puppet/log/puppetd.log report_server = puppet runinterval = 10 inventory_port = 8140 classfile = /var/puppet/state/classes.txt ca_port = 8140 puppetdlockfile = /var/puppet/state/puppetdlock report = false localconfig = /var/puppet/state/localconfig splaylimit = 1800 client_datadir = /var/puppet/client_data report_port = 8140 lastrunfile = /var/puppet/state/last_run_summary.yaml graphdir = /var/puppet/state/graphs statefile = /var/puppet/state/state.yaml resourcefile = /var/puppet/state/resources.txt reportserver = puppet inventory_server = puppet ca_name = Puppet CA: jail-5.isc.freebsd.org cakey = /var/puppet/ssl/ca/ca_key.pem caprivatedir = /var/puppet/ssl/ca/private capass = /var/puppet/ssl/ca/private/ca.pass cert_inventory = /var/puppet/ssl/ca/inventory.txt cadir = /var/puppet/ssl/ca capub = /var/puppet/ssl/ca/ca_pub.pem csrdir = /var/puppet/ssl/ca/requests serial = /var/puppet/ssl/ca/serial cacert = /var/puppet/ssl/ca/ca_crt.pem cacrl = /var/puppet/ssl/ca/ca_crl.pem signeddir = /var/puppet/ssl/ca/signed autosign = /usr/local/etc/puppet/autosign.conf masterlog = /var/puppet/log/puppetmaster.log modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules ssl_client_header = SSL_CLIENT_S_DN server_datadir = /var/puppet/server_data masterhttplog = /var/puppet/log/masterhttp.log bucketdir = /var/puppet/bucket ssl_client_verify_header = SSL_CLIENT_VERIFY fileserverconfig = /usr/local/etc/puppet/fileserver.conf manifestdir = /usr/local/etc/puppet/manifests manifest = /usr/local/etc/puppet/manifests/site.pp rest_authconfig = /usr/local/etc/puppet/auth.conf yamldir = /var/puppet/yaml reportdir = /var/puppet/reports inventory_terminus = facter plugindest = /var/puppet/lib privatekeydir = /var/puppet/ssl/private_keys hostcsr = /var/puppet/ssl/csr_jail-5.isc.freebsd.org.pem factsource = puppet://puppet/facts/ hostpubkey = /var/puppet/ssl/public_keys/jail-5.isc.freebsd.org.pem authconfig = /usr/local/etc/puppet/namespaceauth.conf logdir = /var/puppet/log httplog = /var/puppet/log/http.log publickeydir = /var/puppet/ssl/public_keys pluginsource = puppet://puppet/plugins privatedir = /var/puppet/ssl/private factpath = /var/puppet/lib/facter:/var/puppet/facts hostcert = /var/puppet/ssl/certs/jail-5.isc.freebsd.org.pem localcacert = /var/puppet/ssl/certs/ca.pem certdir = /var/puppet/ssl/certs libdir = /var/puppet/lib requestdir = /var/puppet/ssl/certificate_requests pluginsync = false route_file = /usr/local/etc/puppet/routes.yaml passfile = /var/puppet/ssl/private/password hostprivkey = /var/puppet/ssl/private_keys/jail-5.isc.freebsd.org.pem statedir = /var/puppet/state hostcrl = /var/puppet/ssl/crl.pem bindaddress = 0.0.0.0 config = /usr/local/etc/puppet/puppet.conf pidfile = /var/run/puppet/agent.pid rrdinterval
[Puppet Users] Static compiler error
Hi, I try to use static compiler, but it make an error when I change a file on the master. I think the static compiler search the new md5 on the clientbucket but he doesn't find it (it's normal: file has changed). Why the client doesn't search the file on the master ? My trace: 12:48:29 PM 604030151 /usr/share/ruby/puppet/parameter.rb:165:in `fail' 12:48:29 PM 605227458 /usr/share/ruby/puppet/type/file/content.rb:227:in `rescue in read_file_from_filebucket' 12:48:29 PM 606471710 /usr/share/ruby/puppet/type/file/content.rb:222:in `read_file_from_filebucket' 12:48:29 PM 607719655 /usr/share/ruby/puppet/type/file/content.rb:181:in `each_chunk_from' [] 12:48:29 PM 665537013 err: /Stage[main]/Puppet/File[/etc/puppet/puppet.conf]: Could not evaluate: Could not retrieve content for {md5}b9fb1e4ef3aadd49b9ff63b5a0b8caae from filebucket: File not found at /etc/puppet/production/modules/puppet/manifests/init.pp:29 The catalog: - id945 !ruby/object:Puppet::Relationship source: *id052 target: id286 !ruby/object:Puppet::Resource catalog: *id001 exported: false file: /etc/puppet/production/modules/puppet/manifests/init.pp line: 29 parameters: !ruby/sym owner: puppet !ruby/sym group: puppet !ruby/sym mode: 644 !ruby/sym require: Package[puppet] !ruby/sym backup: puppet !ruby/sym ensure: file !ruby/sym content: {md5}b9fb1e4ef3aadd49b9ff63b5a0b8caae !ruby/sym checksum: md5 reference: File[/etc/puppet/puppet.conf] If I add the following lines in lib/puppet/type/file/content.rb it work. rescue = detail +# search on master filebucket +dipper = Puppet::FileBucket::Dipper.new(:Server = Puppet[:server]) +dipper.getfile(sum) +rescue = detail fail Could not retrieve content for #{should} from filebucket: #{detail} It's a bug or I have something wrong ? Emile -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-dashboard issue using apache/passenger
On May 8, 2012, at 2:10 PM, Sans wrote: aahh... that's what I was wondering. So, does it also mean there is no need for reports, reportdir and reporturl in the puppet.conf as well? Cheers!! On Tuesday, May 8, 2012 10:01:02 PM UTC+1, Walter Heck wrote: don't start the puppet-dashboard service anymore. Once you have defined your vhost in apache properly, starting apache will make it start serving your dashboard. - No - you will still want to have configuration for reporting but you should note that if you used specific port notations such as port 3000 for the webrick server that it isn't needed. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] best practice for publishing modules that use Hiera?
I've begun moving some of my modules the using hiera lookups in place of parameters being defined in a host's node entry. For data such as that I figure I can document the format of what the module expects from the yaml files, but if I use hiera to replace the typical module::params, how do I include that in a published module? All the docs I've seen seem to show using paths for hieradata that are not specific to a module. What's the best way to publish a module that has things like package names defined through hiera? How would someone installing such a module make the hiera yaml files distributed with the module available to hiera lookups ? Thanks - Trey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/1uZCT7-VeC4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: forcing user resource provider to be local files only?
On Monday, May 7, 2012 11:39:37 AM UTC-7, jcbollinger wrote: You may be able to base your provider on the ParsedFile general- purpose base provider, though I did not do that with mine. *Sounds* promising. But... no documentation on using this either, that I can find? K.I.S.S. At this point, I feel like just going with the approach of treating /etc/passwd like a generic config file, and using a make sure this line is present in this file resource. That sounds like a nice generic thing to... Wait.. there isnt one already? ! ??? Seriously? I havent just missed one somewhere? Otherwise, I guess I know what my next puppet back-end coding project is :-/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m68k0VOG__UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: forcing user resource provider to be local files only?
Philip, You can use Augeas to do this, or look at a custom file_line type in the Puppetlabs-stdlib module -- https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb On Wed, May 9, 2012 at 11:46 AM, Philip Brown p...@bolthole.com wrote: On Monday, May 7, 2012 11:39:37 AM UTC-7, jcbollinger wrote: You may be able to base your provider on the ParsedFile general- purpose base provider, though I did not do that with mine. *Sounds* promising. But... no documentation on using this either, that I can find? K.I.S.S. At this point, I feel like just going with the approach of treating /etc/passwd like a generic config file, and using a make sure this line is present in this file resource. That sounds like a nice generic thing to... Wait.. there isnt one already? ! ??? Seriously? I havent just missed one somewhere? Otherwise, I guess I know what my next puppet back-end coding project is :-/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m68k0VOG__UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gary Larizza Professional Services Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: forcing user resource provider to be local files only?
On Wednesday, May 9, 2012 11:55:01 AM UTC-7, Gary Larizza wrote: Philip, You can use Augeas to do this, Install a whole new C library/util/ thingie, just to do something trivial? no thanks... or look at a custom file_line type in the Puppetlabs-stdlib module -- https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb Aha, thanks, this sounds appropriate. S.. what's the way to officially use or acquire this thing? $ puppet-module search stdlib returns puppetlabs/stdlib (2.3.1) so... use that? Is there a corresponding best-fit simple resource type already written to go along with it? Hmm.. I'm kinda leery of just typing puppet-module install xyz, without knowing everything thats in it. Is there some undocumneted puppet-module command to show what will be installed, before actually installing it? Something named stdlib seems quite large. and how do I know it will work with my version of puppet? is the number in (), the version of the module, or the required version of puppet? puppet-module --help does not mention this sort of information. On Wed, May 9, 2012 at 11:46 AM, Philip Brown wrote: On Monday, May 7, 2012 11:39:37 AM UTC-7, jcbollinger wrote: You may be able to base your provider on the ParsedFile general- purpose base provider, though I did not do that with mine. *Sounds* promising. But... no documentation on using this either, that I can find? K.I.S.S. At this point, I feel like just going with the approach of treating /etc/passwd like a generic config file, and using a make sure this line is present in this file resource. That sounds like a nice generic thing to... Wait.. there isnt one already? ! ??? Seriously? I havent just missed one somewhere? Otherwise, I guess I know what my next puppet back-end coding project is :-/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ZhG7AAZx2FUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Dashboard 1.2.8rc1 Available
This is a maintenance release candidate of Puppet Dashboard. It includes contributions from Daniel Sauble, Danijel Ilisin, and Patrick Carlisle. This release is available for download at: http://downloads.puppetlabs.com/dashboard/ We have included Debian and RPM packages, as well as a tarball. See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.2.8rc1 http://projects.puppetlabs.com/projects/dashboard Documentation is available at: http://docs.puppetlabs.com/dashboard/index.html 1.2.8rc1 Highlights === * Adds Radiator View link to the node summary sidebar * (#10297) Adds initial radiator view Accessible via /radiator, a link from Dashboard isn't yet available, but this will be added shortly. This feature provides the ability to monitor the summary of node statuses in an Ops environment. * Adds font resizing and auto-refresh (every 60 seconds) * Added autorefresh mechanism 1.2.8rc1 Changelog === Daniel Sauble(14) 48734f7 Adds autorefresh_link styling to application.scss 35d6dc4 Fixing small issues in prep for being merged into master 856e078 Improves font consistency fd6f373 Fixes aspect ratio for portrait orientations 35e10a9 Fixes line-height inconsistencies e9c41d1 Fixes broken font-size algorithm 4a4ba99 Fixes the minimum width of the count column f6e5f76 Cross-browser compatibility fixes 505306c Renames 'All' with 'Total' and exposes it in CSS 9f29984 Adds Radiator View link to the node summary sidebar 6bda9bd Fixing text alignment and margins 0570efe Adds font resizing and auto-refresh (every 60 seconds) c646e60 (#10297) Removes 'All' and borders from bottom of radiator view d63dadc (#10297) Adds initial radiator view Danijel Ilisin (3) 0557bea cleanup 22a9147 renamed autofresh links 89aaa55 added autorefresh mechanism Patrick Carlisle ddffe5b (#13565) Delete junk backup files -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Can you override a define parameter
John, Thanks so much for the response. It sounds to me like what I am trying to do should be working, but because you can not verify a couple things you can't comment on if I've implemented it correctly or not. So firstly, I am including the class 'oracle_db::hugepages'. This is assigned to the system from an ENC and is how resource 'Oracle_db::Hugepages/Oracle_db::Etc_sysctl_conf[vm.nr_hugepages]/Notify[vm.nr_hugepages:3' is getting applied to the system. Next, the notify is in my code fragment, in the define 'oracle_db::etc_sysctl_conf'. oracle_db/manifests/init.pp: class oracle_db { etc_sysctl_conf { 'kernel.shmall': value = '1', } } define oracle_db::etc_sysctl_conf ( $attr = $name, $value ) { *notify{${attr}:${value}: }* } And I'll just post hugepages again quick ... oracle_db/manifests/hugepages.pp class oracle_db::hugepages inherits oracle_db { Etc_sysctl_conf['kernel.shmall'] { value = '2', } etc_sysctl_conf { vm.nr_hugepages: value = '3'; } } So what I would expect is on my system that has BOTH oracle_db and oracle_db::hugepages assigned to it (same results when only hugepages assigned) that I would get the following output: notice: kernel.shmall:*2* notice: /Stage[main]/Oracle_db/Oracle_db::Etc_sysctl_conf[kernel.shmall]/Notify[kernel.shmall: *2*]/message: defined 'message' as 'kernel.shmall:*2*' notice: vm.nr_hugepages:3 notice: /Stage[main]/Oracle_db::Hugepages/Oracle_db::Etc_sysctl_conf[vm.nr_hugepages]/Notify[vm.nr_hugepages:3]/message: defined 'message' as 'vm.nr_hugepages:3' But instead get the following: notice: kernel.shmall:*1* notice: /Stage[main]/Oracle_db/Oracle_db::Etc_sysctl_conf[kernel.shmall]/Notify[kernel.shmall: *1*]/message: defined 'message' as 'kernel.shmall:*1*' notice: vm.nr_hugepages:3 notice: /Stage[main]/Oracle_db::Hugepages/Oracle_db::Etc_sysctl_conf[vm.nr_hugepages]/Notify[vm.nr_hugepages:3]/message: defined 'message' as 'vm.nr_hugepages:3' And here is some unfiltered output: hostA:~ # puppet agent --test info: Retrieving plugin info: Loading facts in usps_bu_eth info: Loading facts in usps_puppet_db_server info: Loading facts in usps_syslog_client_ip info: Loading facts in usps_puppet_master_host info: Loading facts in hcs_service info: Loading facts in packages info: Loading facts in usps_patch_bundle info: Loading facts in usps_bu_net_zone info: Loading facts in memorysize info: Loading facts in usps_puppet_basedir info: Loading facts in usps_os_dist info: Loading facts in usps_is_dmz info: Loading facts in network info: Loading facts in usps_os_version info: Loading facts in jumpver_facts info: Loading facts in usps_bu_macaddress info: Loading facts in usps_patch_repo info: Loading facts in usps_public_int info: Loading facts in usps_patch_status info: Loading facts in concat_basedir info: Loading facts in usps_bu_int info: Loading facts in usps_is_ctm_server info: Loading facts in usps_is_puppet_master info: Loading facts in usps_puppet_env info: Loading facts in usps_puppet_ca_server info: Loading facts in usps_puppet_report_server info: Loading facts in usps_bu_net info: Loading facts in usps_puppet_is_ca info: Loading facts in usps_bu_ip info: Loading facts in usps_patch_env info: Loading facts in usps_bootloader info: Loading facts in usps_patch_date info: Loading facts in usps_bu_eth info: Loading facts in usps_puppet_db_server info: Loading facts in usps_syslog_client_ip info: Loading facts in usps_puppet_master_host info: Loading facts in hcs_service info: Loading facts in packages info: Loading facts in usps_patch_bundle info: Loading facts in usps_bu_net_zone info: Loading facts in memorysize info: Loading facts in usps_puppet_basedir info: Loading facts in usps_os_dist info: Loading facts in usps_is_dmz info: Loading facts in network info: Loading facts in usps_os_version info: Loading facts in jumpver_facts info: Loading facts in usps_bu_macaddress info: Loading facts in usps_patch_repo info: Loading facts in usps_public_int info: Loading facts in usps_patch_status info: Loading facts in concat_basedir info: Loading facts in usps_bu_int info: Loading facts in usps_is_ctm_server info: Loading facts in usps_is_puppet_master info: Loading facts in usps_puppet_env info: Loading facts in usps_puppet_ca_server info: Loading facts in usps_puppet_report_server info: Loading facts in usps_bu_net info: Loading facts in usps_puppet_is_ca info: Loading facts in usps_bu_ip info: Loading facts in usps_patch_env info: Loading facts in usps_bootloader info: Loading facts in usps_patch_date Could not retrieve macaddress_eth2: undefined method `[]' for nil:NilClass Could not retrieve macaddress_eth3: undefined method `[]' for nil:NilClass Could not retrieve macaddress_eth8: undefined method `[]' for nil:NilClass Could not retrieve macaddress_eth9: undefined method `[]' for nil:NilClass Could not retrieve macaddress_eth12: undefined method `[]' for nil:NilClass Could not retrieve
[Puppet Users] 2.7.13 on Ubuntu 10.04 Lucid
I have two questions: 1) I've been using squeeze-backports to install 2.7.13 on Ubuntu 10.04. Besides possible dependency issues (which is my next question) is this best practice for installing 2.7.13? 2) Just today I've been getting dpkg dependency issues installing 2.7.13 through squeeze-backports. Before today, these backports were working fine. Is anyone else running into this? Anyone know if the package changed to cause this? This is the error I'm encountering: The following packages have unmet dependencies: puppet: PreDepends: dpkg (= 1.15.7.2) but 1.15.5.6ubuntu4.5 is to be installed Thanks, Evan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] 2.7.13 on Ubuntu 10.04 Lucid
Evan, As for #1, I'd recommend using the Puppet Labs apt repository at http://apt.puppetlabs.com. If you want an easy way to add the repository, download and install the following deb: http://apt.puppetlabs.com/puppetlabs-release_1.0-2_all.deb, and it will add the source and the repo public key to apt for you. And for #2, it probably depends on how you have squeeze-backports pinned for apt. It seems to be using the lucid repository to find dpkg, but is using squeeze-backports for puppet. HTH On Wed, May 9, 2012 at 12:55 PM, Evan Stachowiak evan.stachow...@gmail.com wrote: I have two questions: 1) I've been using squeeze-backports to install 2.7.13 on Ubuntu 10.04. Besides possible dependency issues (which is my next question) is this best practice for installing 2.7.13? 2) Just today I've been getting dpkg dependency issues installing 2.7.13 through squeeze-backports. Before today, these backports were working fine. Is anyone else running into this? Anyone know if the package changed to cause this? This is the error I'm encountering: The following packages have unmet dependencies: puppet: PreDepends: dpkg (= 1.15.7.2) but 1.15.5.6ubuntu4.5 is to be installed Thanks, Evan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Matthaus Litteken Release Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Partial catalog runs
Hello fellow puppeteers :) I was just wondering: would anyone benefit from puppet's abitity to only do partial catalog runs? Additional explanation: As you manage your hosts with puppet, your catalog tends to grow and puppet runs are becoming longer. If you manage some overseas servers, runtime is even longer. What I was thinking about is being able to run just part of your catalog, for example just one stage, or just one module. This way one could trigger puppet run via mcollective, and only for run stage called appconfig. This would check and/or modify only a dozen resources across clustered application setup, instead of doing the whole catalog run with thousands of resources. What do you guys think? Should I be looking into app deployment tools instead? A separate installation of dedicated puppet for this objective is also an option... Best regards, b. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/H_EXKAgASdwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Partial catalog runs
You could also do this with Tags from the command line (https://puppetlabs.com/references/0.25.3/metaparameter.html#tag). If you run puppet agent -t --tags apache it will only declare the resources that are tagged with the 'apache' tag. Tags are implicitly set through major scope levels (i.e. anything inside class 'ntp' gets a tag of 'ntp') but can also be set with the tag() function or the tag metaparameter. -- Gary Larizza Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Wednesday, May 9, 2012 at 4:45 PM, Bostjan Skufca wrote: Hello fellow puppeteers :) I was just wondering: would anyone benefit from puppet's abitity to only do partial catalog runs? Additional explanation: As you manage your hosts with puppet, your catalog tends to grow and puppet runs are becoming longer. If you manage some overseas servers, runtime is even longer. What I was thinking about is being able to run just part of your catalog, for example just one stage, or just one module. This way one could trigger puppet run via mcollective, and only for run stage called appconfig. This would check and/or modify only a dozen resources across clustered application setup, instead of doing the whole catalog run with thousands of resources. What do you guys think? Should I be looking into app deployment tools instead? A separate installation of dedicated puppet for this objective is also an option... Best regards, b. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/H_EXKAgASdwJ. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Partial catalog runs
Just realized I grabbed an OLD version of the docs. Here's the latest -- https://puppetlabs.com/references/latest/metaparameter.html#tag -- Gary Larizza Sent with Sparrow (http://www.sparrowmailapp.com/?sig) On Wednesday, May 9, 2012 at 4:45 PM, Bostjan Skufca wrote: Hello fellow puppeteers :) I was just wondering: would anyone benefit from puppet's abitity to only do partial catalog runs? Additional explanation: As you manage your hosts with puppet, your catalog tends to grow and puppet runs are becoming longer. If you manage some overseas servers, runtime is even longer. What I was thinking about is being able to run just part of your catalog, for example just one stage, or just one module. This way one could trigger puppet run via mcollective, and only for run stage called appconfig. This would check and/or modify only a dozen resources across clustered application setup, instead of doing the whole catalog run with thousands of resources. What do you guys think? Should I be looking into app deployment tools instead? A separate installation of dedicated puppet for this objective is also an option... Best regards, b. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/H_EXKAgASdwJ. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Partial catalog runs
Aaah, that's useful. I guess I've been searching for the wrong keywords (partial catalog run != tags). Thank you very much! b. On Thursday, 10 May 2012 01:45:24 UTC+2, Bostjan Skufca wrote: Hello fellow puppeteers :) I was just wondering: would anyone benefit from puppet's abitity to only do partial catalog runs? Additional explanation: As you manage your hosts with puppet, your catalog tends to grow and puppet runs are becoming longer. If you manage some overseas servers, runtime is even longer. What I was thinking about is being able to run just part of your catalog, for example just one stage, or just one module. This way one could trigger puppet run via mcollective, and only for run stage called appconfig. This would check and/or modify only a dozen resources across clustered application setup, instead of doing the whole catalog run with thousands of resources. What do you guys think? Should I be looking into app deployment tools instead? A separate installation of dedicated puppet for this objective is also an option... Best regards, b. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/eECavyRwSnwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet class not working after use augeas-0.10.0-3
Thank you, Dom, now its working good, epel already release new puppet and resolved my issue. On 05/04/2012 03:31 PM, Dominic Cleal wrote: On 04/05/12 04:57, heriyanto wrote: Yes nice.. its work thank you Dominic, but its still execute even its already changed its normal for new augeas? because for old augeas not trying to change if already change. returns: executed successfully Which version of Puppet are you using? Bug #11414 affected all Puppet when used with Augeas 0.10.0, which made the resources run on every single run, but never change things. http://projects.puppetlabs.com/issues/11414 This was fixed in Puppet 2.7.10, though I'd strongly recommend using 2.7.14 if you can (due to other bugs). It wasn't fixed in 2.6, though if you're using EPEL then there's a patch in that 2.6 RPM. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.