Re: [Puppet Users] modifying file(s) on the fly
Hi, I think templates would be easier to manage in this setup. http://docs.puppetlabs.com/learning/templates.html It will give good flexibility. It the way I have managed my ganglia setup. Cheers, Den On 22/05/2012, at 7:33, Sans r.santanu@gmail.com wrote: Dear all, I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the Exec['n_desc','n_port'] is being executed but then it changing back to the original one as supplied by: source = 'puppet:///modules/ganglia/gmond.conf', which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] modifying file(s) on the fly
Yes, I did think about using template one point. So, do you generate the entire file using template? For us, it's just a few lines to change in the default gmod.conf file. cheers, San On Tuesday, May 22, 2012 9:02:59 AM UTC+1, denmat wrote: Hi, I think templates would be easier to manage in this setup. http://docs.puppetlabs.com/learning/templates.html It will give good flexibility. It the way I have managed my ganglia setup. Cheers, Den On 22/05/2012, at 7:33, Sans r.santanu@gmail.com wrote: Dear all, I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the *Exec['n_desc','n_port'] *is being executed but then it changing back to the original one as supplied by: *source = 'puppet:///modules/ganglia/gmond.conf'*, which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/YE5OjdOlY3oJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera
On 22/05/12 00:22, Jeff McCune wrote: On Mon, May 21, 2012 at 1:24 AM, Luke Bigum luke.bi...@lmax.com mailto:luke.bi...@lmax.com wrote: I agree with Gary, Dan, it's probably the lack of data in the 'v_ingroups' key in your YAML that create_resources() is complaining about. If it truly can't pass an empty key/val pair you could do something hacky like use the string undef then explicitly check for it in the define. define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { if ($v_ingroups == undef) { Do you really mean to be comparing to the string undef rather than the keyword undef (no quotes)? Yes, unfortunately I did. It's because when using Hiera 0.3 it's a bit difficult to figure out what a Ruby nil gets passed into Puppet as. Consider the following manifest using Dan's example YAML (v_ingroups is a nil value): #--- #users: # beast: # v_username : beast # v_uid : # v_ingroups : # v_info : Let's see if this works define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { notify { $name: message = username = ${v_username}, uid = ${v_uid}, ingroups = ${v_ingroups}, info = ${v_info}, } } $the_users = hiera_hash('users') notice($the_users[beast]) notice(prints as ${the_users[beast][v_ingroups]}) if ($the_users[beast][v_ingroups] == undef) { notice(is == undef) } if (defined($the_users[beast][v_ingroups])) { notice(is not defined) } if ($the_users[beast][v_ingroups] == ) { notice(is empty string) } if (! $the_users[beast][v_ingroups]) { notice(is false) } if ($the_users[beast][v_ingroups]) { notice(is true) } if ($the_users[beast][v_ingroups] == nil) { notice(is nil?) } create_resources('add_virtual_user', $the_users) --- It's not an empty string, it's not undef (but when you print it it comes out as undef), it's not nil (which doesn't exist in Puppet), it's not false but it *is* true? I've came across this once before and can't remember what nil actually gets interpreted as. So if you feed that Puppet hash directly into the create_resources() function, it complains about a missing parameter: - biguml@biguml-laptop:~$ puppet apply test.pp notice: Scope(Class[main]): v_usernamebeastv_uidv_ingroupsundefv_infoLet's see if this works notice: Scope(Class[main]): undef notice: Scope(Class[main]): is true Must pass a parameter or all necessary values at /home/biguml/test.pp:40 on node biguml-laptop - So my suggestion was to explicitly set undef as a string in the yaml, then match on that in the Puppet manifests. It's horrible but would work. -Luke There's a big difference... If you want to test if a variable is undefined the best way is to do this: if ($foo == undef) { notice \$foo is undef } else { notice \$foo is defined as ${foo} } -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Luke Bigum Information Systems Ph: +44 (0) 20 3192 2520 luke.bi...@lmax.com | http://www.lmax.com LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved. The information in this email is not directed at residents of the United States of America or any other jurisdiction where trading in CFDs and/or FX is restricted or prohibited by local laws or regulations. The information in this email and any attachment is confidential and is intended only for the named recipient(s). The email may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not the intended recipient please notify the sender immediately and delete any copies of this message. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. LMAX operates a multilateral trading facility. Authorised and regulated by the Financial Services Authority (firm registration number 509778) and is registered in England and Wales (number 06505809). Our registered address is Yellow Building, 1A Nicholas Road, London, W11 4AN. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Enterprise replacing puppet node private keys?
Hi all, I am seeing some very curious behaviour with puppet enterprise (on a trial license to evaluate, before I get redirected there :) ) I have client systems (RHEL) being kickstarted and installing pe-puppet and a couple of other basic packages, before using puppet agent -t --environment bootstrap --server PUPPETSERVER To ensure the rest of the bootstrapping takes place properly. Only puppet configuration takes place in the 'bootstrap' environment. This part works fine - I have autosigning configured on my puppetmaster for these hosts. I really do not want to have to muck about NFS mounting/copying the entire PE installation directory on all the boxes here, should we decide to deploy it. That's really not scalable at all. It looks like the preliminary puppet run is receiving a cert and then using that to connect to the puppet master, which works just fine, but then once the node has rebooted, a completely new key pair appears to have been generated on the client system, which no longer matches that on the master. for more information (and info to backup my point): http://fpaste.org/WGuW/ I can't quite figure out when this new cert is being created, unless this is buried somewhere in the PE initial run, which appears to configure mcollective among many other things, although thus far I cannot find where this configuration is assigned to nodes, so I'm not 100% clear which classes are applied. With full debugging enabled,I see the first cert being signed in the puppetmaster logs, as I'd expect. Anyone have any ideas or pointers as to where I should start? I'm at a bit of a loss here. Stuart -- Stuart Sears RHCA etc. It's today! said Piglet. My favourite day, said Pooh. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppetlabs firewall module
I'm trying to use the firewall resource and it works fine for me for iptables. However, I'm not sure how I purge ip6tables? doing... resources { firewall: purge = true } only purges iptables. Currently I have 2 execs for persistence, 1 for iptables and 1 for ip6tables depending on which I'm using but my ip6tables don't purge. I would have expected them to purge with the code above. The test examples which come with the module do not have any purge for ip6tables. Any help would be greatly appreciated. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] modifying file(s) on the fly
Yep. Templates are just normal files that go through the ERB parser so you can make adjustments on the fly. And it appears you are trying to push out the file anyway (using the source = param) so it seems like a good fit to me. Cheers Den On 22/05/2012, at 18:45, Sans r.santanu@gmail.com wrote: Yes, I did think about using template one point. So, do you generate the entire file using template? For us, it's just a few lines to change in the default gmod.conf file. cheers, San On Tuesday, May 22, 2012 9:02:59 AM UTC+1, denmat wrote: Hi, I think templates would be easier to manage in this setup. http://docs.puppetlabs.com/learning/templates.html It will give good flexibility. It the way I have managed my ganglia setup. Cheers, Den On 22/05/2012, at 7:33, Sans r.santanu@gmail.com wrote: Dear all, I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the Exec['n_desc','n_port'] is being executed but then it changing back to the original one as supplied by: source = 'puppet:///modules/ganglia/gmond.conf', which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/YE5OjdOlY3oJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] linting manifests with long lines
On May 21, 2012, at 12:13 PM, Nan Liu wrote: like for our manifests to be warning-free. The class of warnings related to long lines has me questioning what the best practice is to avoid lines longer than 80 characters. You can use a variable to shorten it, but I don't know if that actually improves code clarity. Ah, see, it's Very Important that code written today be easy to read and review on CRT terminals that nobody actually uses any more. No valid or logical reasoning need apply. * Personally, I reject any code commits where someone has broken up a perfectly legible line of code into multiple confusing lines of code avoid hitting some arbitrary limit. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Enterprise replacing puppet node private keys?
On May 22, 2012, at 2:15 AM, Stuart Sears wrote: It looks like the preliminary puppet run is receiving a cert and then using that to connect to the puppet master, which works just fine, but then once the node has rebooted, a completely new key pair appears to have been generated on the client system, which no longer matches that on the master. Seems likely that your host name is changing, thus it is generating a new certificate for the new hostname. I'll bet that if you can make the hostname/domain match between the two boots it will work fine. I have also heard of people using a single common cert for bootstrapping which is pre-signed in advance, and then the host gets their real cert after rebooting. YMMV. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] modifying file(s) on the fly
Use a template instead. Then you can install the file already modified for the host. On May 21, 2012, at 2:33 PM, Sans wrote: I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the Exec['n_desc','n_port'] is being executed but then it changing back to the original one as supplied by: source = 'puppet:///modules/ganglia/gmond.conf', which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [SOLVED] Puppet Enterprise replacing puppet node private keys?
Unsurprisingly, all my fault, details below. On 22/05/12 10:15, Stuart Sears wrote: Hi all, I am seeing some very curious behaviour with puppet enterprise (on a trial license to evaluate, before I get redirected there :) ) I have client systems (RHEL) being kickstarted and installing pe-puppet and a couple of other basic packages, before using puppet agent -t --environment bootstrap --server PUPPETSERVER To ensure the rest of the bootstrapping takes place properly. Only puppet configuration takes place in the 'bootstrap' environment. This part works fine - I have autosigning configured on my puppetmaster for these hosts. I really do not want to have to muck about NFS mounting/copying the entire PE installation directory on all the boxes here, should we decide to deploy it. That's really not scalable at all. It looks like the preliminary puppet run is receiving a cert and then using that to connect to the puppet master, which works just fine, but then once the node has rebooted, a completely new key pair appears to have been generated on the client system, which no longer matches that on the master. for more information (and info to backup my point): http://fpaste.org/WGuW/ I can't quite figure out when this new cert is being created, unless this is buried somewhere in the PE initial run, which appears to configure mcollective among many other things, although thus far I cannot find where this configuration is assigned to nodes, so I'm not 100% clear which classes are applied. [ After a helpful comment from Vulcane in IRC. Thanks! ] My understanding of what went wrong, in case it helps others. okay, there is another private key in /var/opt/lib/pe-puppet/ssl that was used for the very first cert request. After the preliminary configuration run, puppet switches to using /etc/puppetlabs/puppet/ssl, where there is no private key yet. On the next run, there being no private key, one is generated. This no longer matches the certificate received from the master. Now running the original bootstrap puppet with --ssldir /etc/puppetlabs/puppet/ssl and all appears well. -- Stuart Sears RHCA etc. It's today! said Piglet. My favourite day, said Pooh. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppet-load forbidden request to /catalog/*
Hi, To try and cut a long story short, foreman is telling us that anywhere between 15-30 of our ~130 nodes are failing to check-in within the last 35 minutes. Hosts that fail to check in continue to fail for roughly 1.5 hours, then check in successfully. The group of failing nodes seems to rotate around the server estate, so the problem doesn't look host specific. I suspect this is a load issue, and therefore am trying to run puppet-load to verify this. I've followed the instructions at http://www.masterzen.fr/2010/10/18/benchmarking-puppetmaster-stacks/ and am running: ./puppet-load.rb --debug --verbose --node server.domain.com --server master.domain.com --factsdir=/var/lib/puppet/yaml/facts --cert /var/ lib/puppet/ssl/certs/puppet-load.domain.com.pem --key /var/lib/puppet/ ssl/private_keys/puppet-load.domain.com.pem I see the following output: 1 requests finished in 0.04288 s 1 requests failed snip timing stats The following appears in /var/log/messages: Denying access: Forbidden request: master.domain.com(10.x.x.x) access to /catalog/server.domain.com [find] at line 99 Forbidden request: master.domain.com(10.x.x.x) access to /catalog/ server.domain.com [find] at line 99 I'm using puppet-2.7.14 running on RHEL-5.8 with Ruby-1.8.7 RPMs from aegisco. In case it matters, Foreman is 0.4.2. Thanks for any help, either in being able to get puppet-load to load test our environment, or in letting me know what might cause our clients to fail to check in reliably if it's not a load issue. Thanks, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Installing up to date puppet on Ubuntu
Hi, Ubuntu Lucid has a very outdated puppet, 0.25.4 according to: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#for-debian-and-ubuntu I did this to enable the repository: wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb sudo dpkg -i puppetlabs-release_1.0-3_all.deb but this still does not result in installing an up to date puppet apt-get remove puppet apt-get install puppet Setting up puppet (0.25.4-2ubuntu6.7) . I tried installing via gems: sudo gem install puppet which does give: Successfully installed puppet-2.7.14 but /usr/bin/puppet -V still gives 0.25.4 If I apt-get remove puppet then there is no longer a /usr/bin/puppet at all and there is no puppet on my path. I find something on a pastebin somewhere: /bin/ln -s /var/lib/gems/1.8/bin/puppet /usr/bin/puppet but surely this can't be the recommended way to install. or am I supposed to have /var/lib/gems/1.8/bin/ on my path ? gems was installed with: apt-get install rubygems Obviously I'm not a ruby person, and I've just read the rubygems docs regarding versions and why its not on the path. (onerous) But how is puppet supposed to use it, what is recommended practice ? I don't want it on MY path since it won't be my user running the puppet agent. Its already tedious installing puppet on each server in this fashion. thanks for any advice ! http://pastebin.com/UGqdE7rL -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/PjFsf6tHxkoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Installing up to date puppet on Ubuntu
Hi, On 22.05.2012, at 13:08, felix wrote: Hi, Ubuntu Lucid has a very outdated puppet, 0.25.4 according to: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#for-debian-and-ubuntu I did this to enable the repository: wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb sudo dpkg -i puppetlabs-release_1.0-3_all.deb but this still does not result in installing an up to date puppet apt-get remove puppet apt-get install puppet Did you run apt-get update after enabling the puppetlabs repository? What versions are shown when running apt-cache policy puppet ? Regards, Martin Setting up puppet (0.25.4-2ubuntu6.7) . I tried installing via gems: sudo gem install puppet which does give: Successfully installed puppet-2.7.14 but /usr/bin/puppet -V still gives 0.25.4 If I apt-get remove puppet then there is no longer a /usr/bin/puppet at all and there is no puppet on my path. I find something on a pastebin somewhere: /bin/ln -s /var/lib/gems/1.8/bin/puppet /usr/bin/puppet but surely this can't be the recommended way to install. or am I supposed to have /var/lib/gems/1.8/bin/ on my path ? gems was installed with: apt-get install rubygems Obviously I'm not a ruby person, and I've just read the rubygems docs regarding versions and why its not on the path. (onerous) But how is puppet supposed to use it, what is recommended practice ? I don't want it on MY path since it won't be my user running the puppet agent. Its already tedious installing puppet on each server in this fashion. thanks for any advice ! http://pastebin.com/UGqdE7rL -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/PjFsf6tHxkoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] modifying file(s) on the fly
Thanks Den, Jo! I did it using template() now. Cheers, San On Tuesday, May 22, 2012 11:10:39 AM UTC+1, Jo wrote: Use a template instead. Then you can install the file already modified for the host. On May 21, 2012, at 2:33 PM, Sans wrote: I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the *Exec['n_desc','n_port'] *is being executed but then it changing back to the original one as supplied by: *source = ' puppet:///modules/ganglia/gmond.conf'*, which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. On Tuesday, May 22, 2012 11:10:39 AM UTC+1, Jo wrote: Use a template instead. Then you can install the file already modified for the host. On May 21, 2012, at 2:33 PM, Sans wrote: I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the *Exec['n_desc','n_port'] *is being executed but then it changing back to the original one as supplied by: *source = ' puppet:///modules/ganglia/gmond.conf'*, which is definitely not what I want. How can I make sure it copy the file first and then make the changes? Or, simply how do I do that? Cheers!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9XQhRACkvOEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. On Tuesday, May 22, 2012 11:10:39 AM UTC+1, Jo wrote: Use a template instead. Then you can install the file already modified for the host. On May 21, 2012, at 2:33 PM, Sans wrote: I'm trying to figure out how to do this - first copy a common file to every node and then modify the file according to the node type. I've tried this: if $node_type == 'wn' { $port = '8649' $desc = 'Worker Nodes' } exec { 'n_desc': command = sed -ic '/cluster {/,/}/s/name = \[^\]*\/name = \\'\$desc\\'\/' '$fname', subscribe = File[$fname], refreshonly = false; 'n_port': command = sed -ic '/port\ =\ /{s:[0-9]*$:$port:g}' '$fname', subscribe = File[$fname], refreshonly = false; } file { 'gmond.conf': name= $fname, source = 'puppet:///modules/ganglia/gmond.conf', require = Exec['n_desc','n_port'], notify = Service['gmond']; } The problem is the *Exec['n_desc','n_port'] *is being executed but then it changing back to the original one as supplied by: *source = ' puppet:///modules/ganglia/gmond.conf'*, which is definitely not what I want. How can I make sure it copy the file first and then
Re: [Puppet Users] Installing up to date puppet on Ubuntu
ah ! thanks before: puppet: Installed: (none) Candidate: 0.25.4-2ubuntu6.7 Version table: 0.25.4-2ubuntu6.7 0 500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages 100 /var/lib/dpkg/status 0.25.4-2ubuntu6 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages after apt-get update puppet: Installed: (none) Candidate: 2.7.14-1puppetlabs1 Version table: 2.7.14-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.13-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.12-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.11-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.9-1puppetlabs3 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.9-1puppetlabs2 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.8-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.7-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.6-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.6.14-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 0.25.4-2ubuntu6.7 0 500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages 100 /var/lib/dpkg/status 0.25.4-2ubuntu6 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages though I think I might stick with the rubygems install as I have gotten that to work now. its the lucid version of rubygems that doesn't fully work, so I installed that from source: cd /usr/local/src sudo wget http://production.cf.rubygems.org/rubygems/rubygems-1.5.2.tgz sudo tar -xzf rubygems-1.5.2.tgz cd rubygems-1.5.2 sudo ruby setup.rb sudo update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1 sudo gem update --system and now re-installing the gem seems to have installed puppet puppetd puppetmaster etc in /usr/bin/ but maybe sticking with the package manager is better ? it seems like ruby community doesn't work so well with the standard package managers, and gems are more up to date. some of my machines are approaching end of life for lucid. but then one of the goals of using puppet is to make it easy to jump to a new machine. On Tuesday, May 22, 2012 1:48:43 PM UTC+2, Martin Alfke wrote: Hi, On 22.05.2012, at 13:08, felix wrote: Hi, Ubuntu Lucid has a very outdated puppet, 0.25.4 according to: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#for-debian-and-ubuntu I did this to enable the repository: wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb sudo dpkg -i puppetlabs-release_1.0-3_all.deb but this still does not result in installing an up to date puppet apt-get remove puppet apt-get install puppet Did you run apt-get update after enabling the puppetlabs repository? What versions are shown when running apt-cache policy puppet ? Regards, Martin Setting up puppet (0.25.4-2ubuntu6.7) . I tried installing via gems: sudo gem install puppet which does give: Successfully installed puppet-2.7.14 but /usr/bin/puppet -V still gives 0.25.4 If I apt-get remove puppet then there is no longer a /usr/bin/puppet at all and there is no puppet on my path. I find something on a pastebin somewhere: /bin/ln -s /var/lib/gems/1.8/bin/puppet /usr/bin/puppet but surely this can't be the recommended way to install. or am I supposed to have /var/lib/gems/1.8/bin/ on my path ? gems was installed with: apt-get install rubygems Obviously I'm not a ruby person, and I've just read the rubygems docs regarding versions and why its not on the path. (onerous) But how is puppet supposed to use it, what is recommended practice ? I don't want it on MY path since it won't be my user running the puppet agent. Its already tedious installing puppet on each server in this fashion. thanks for any advice ! http://pastebin.com/UGqdE7rL -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/PjFsf6tHxkoJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/0vO7ATIkBXwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe
Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera
I found an answer to this particular issue. Thanks for the reminder so I can share the answer: I found the hiera/yaml way to indicate an empty array ! So, to use my earlier example: users: beast: username : beast uid : ingroups : - '' info : Let's see if this works Then, with a hiera call, I get : {beast={ingroups=[], uid=, username=beast, info=Let's see if this works} I was able to more forward past this problem after figuring that out. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Luke Bigum luke.bi...@lmax.com wrote: On 22/05/12 00:22, Jeff McCune wrote: On Mon, May 21, 2012 at 1:24 AM, Luke Bigum luke.bi...@lmax.com mailto:luke.bi...@lmax.com wrote: I agree with Gary, Dan, it's probably the lack of data in the 'v_ingroups' key in your YAML that create_resources() is complaining about. If it truly can't pass an empty key/val pair you could do something hacky like use the string undef then explicitly check for it in the define. define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { if ($v_ingroups == undef) { Do you really mean to be comparing to the string undef rather than the keyword undef (no quotes)? Yes, unfortunately I did. It's because when using Hiera 0.3 it's a bit difficult to figure out what a Ruby nil gets passed into Puppet as. Consider the following manifest using Dan's example YAML (v_ingroups is a nil value): #--- #users: # beast: # v_username : beast # v_uid : # v_ingroups : # v_info : Let's see if this works define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { notify { $name: message = username = ${v_username}, uid = ${v_uid}, ingroups = ${v_ingroups}, info = ${v_info}, } } $the_users = hiera_hash('users') notice($the_users[beast]) notice(prints as ${the_users[beast][v_ingroups]}) if ($the_users[beast][v_ingroups] == undef) { notice(is == undef) } if (defined($the_users[beast][v_ingroups])) { notice(is not defined) } if ($the_users[beast][v_ingroups] == ) { notice(is empty string) } if (! $the_users[beast][v_ingroups]) { notice(is false) } if ($the_users[beast][v_ingroups]) { notice(is true) } if ($the_users[beast][v_ingroups] == nil) { notice(is nil?) } create_resources('add_virtual_user', $the_users) --- It's not an empty string, it's not undef (but when you print it it comes out as undef), it's not nil (which doesn't exist in Puppet), it's not false but it *is* true? I've came across this once before and can't remember what nil actually gets interpreted as. So if you feed that Puppet hash directly into the create_resources() function, it complains about a missing parameter: - biguml@biguml-laptop:~$ puppet apply test.pp notice: Scope(Class[main]): v_usernamebeastv_uidv_ingroupsundefv_infoLet's see if this works notice: Scope(Class[main]): undef notice: Scope(Class[main]): is true Must pass a parameter or all necessary values at /home/biguml/test.pp:40 on node biguml-laptop - So my suggestion was to explicitly set undef as a string in the yaml, then match on that in the Puppet manifests. It's horrible but would work. -Luke There's a big difference... If you want to test if a variable is undefined the best way is to do this: if ($foo == undef) { notice \$foo is undef } else { notice \$foo is defined as ${foo} } -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Luke Bigum Information Systems Ph: +44 (0) 20 3192 2520 luke.bi...@lmax.com | http://www.lmax.com LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN FX and CFDs are leveraged products that can result in losses exceeding your deposit. They are not suitable for everyone so please ensure you fully understand the risks involved. The information in this email is not directed at residents of the United States of America or any other jurisdiction where trading in CFDs and/or FX is restricted or prohibited by local laws or regulations. The information in this email and any attachment is confidential and is intended only for the named recipient(s). The email may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not the intended recipient please notify the sender
[Puppet Users] Puppet First Run after Install failing in module pe_mcollective
I am installing puppet enterprise manager (master) on a RHEL box. Though the install itself succeeds without any issues, the first run of puppet when it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c 'umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0] at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: 138 Source: /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns File: /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp I have uninstalled and cleaned out the dirs before installing, but no change. Looks like something got wacked up with the creation of the keystore.. Any suggestions Thanks Shiva -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] issue with custom types and providers
So I'm trying to follow the example in the Pro Puppet book and I'm running into the issue where resource variable is not defined. Looking at the code for packages, I did something similar but it doesnt work either. newparam(:type) do desc Deprecated form of `provider`. munge do |value| warning 'type' is deprecated; use 'provider' instead @resource[:provider] = value @resource[:provider] end end Here is the error I am getting. *info: Retrieving plugin notice: /File[/var/lib/puppet/lib/puppet/type/repo.rb]/content: content changed '{md5}ed4323af3135341a4c1510a2a1b06ba7' to '{md5}f383a20a73846a4f1d96002c628e4b17' info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/repo.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/type/repo.rb: undefined local variable or method `resource' for Puppet::Type::Repo::Provider:Class info: Redefining repo in Puppet::Type err: Could not retrieve catalog from remote server: Could not intern from pson: Could not autoload repo: undefined local variable or method `resource' for Puppet::Type::Repo::Provider:Class* * * *Here is my code so far.* *Puppet::Type.newtype(:repo) do @doc = Manage repositories ensurable newparam(:name) do desc Name isnamevar end newproperty(:provider) do resource[:provider] = :gem end newparam(:url) do desc Url for repo end newparam(:enable) do desc Whether repo is enabled or not end end * * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Ek8Cg8uMqlwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: issue with custom types and providers
This is with puppet 2.6 and one minor difference was in my code I tried both newparam and newproperty to see if it was potentially just a simple mistake. On Tuesday, May 22, 2012 10:55:19 AM UTC-4, Matt wrote: So I'm trying to follow the example in the Pro Puppet book and I'm running into the issue where resource variable is not defined. Looking at the code for packages, I did something similar but it doesnt work either. newparam(:type) do desc Deprecated form of `provider`. munge do |value| warning 'type' is deprecated; use 'provider' instead @resource[:provider] = value @resource[:provider] end end Here is the error I am getting. *info: Retrieving plugin notice: /File[/var/lib/puppet/lib/puppet/type/repo.rb]/content: content changed '{md5}ed4323af3135341a4c1510a2a1b06ba7' to '{md5}f383a20a73846a4f1d96002c628e4b17' info: Loading downloaded plugin /var/lib/puppet/lib/puppet/type/repo.rb err: Could not load downloaded file /var/lib/puppet/lib/puppet/type/repo.rb: undefined local variable or method `resource' for Puppet::Type::Repo::Provider:Class info: Redefining repo in Puppet::Type err: Could not retrieve catalog from remote server: Could not intern from pson: Could not autoload repo: undefined local variable or method `resource' for Puppet::Type::Repo::Provider:Class* * * *Here is my code so far.* *Puppet::Type.newtype(:repo) do @doc = Manage repositories ensurable newparam(:name) do desc Name isnamevar end newproperty(:provider) do resource[:provider] = :gem end newparam(:url) do desc Url for repo end newparam(:enable) do desc Whether repo is enabled or not end end * * * -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/R_sF9KAfMUAJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to define class inheritance with Puppet Ruby DSL
I have a module Ruby: # init.pp class ruby { package { 'libldap-ruby1.8': ensure = 'installed' } } Then I have a manifest written with Ruby-DSL, which should inherit this module: # ldap.rb hostclass 'ruby::ldap' do (...) end How do I define that *ruby::ldap* inherits *ruby*? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Zet8ackZgnYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Mon, 2012-05-21 at 15:39 -0600, Deepak Giridharagopal wrote: On Mon, May 21, 2012 at 2:04 PM, Marc Zampetti marc.zampe...@gmail.com wrote: Why wouldn't a DB-agnostic model be used? The short answer is performance. To effectively implement things we've got on our roadmap, we need things that (current) MySQL doesn't support: array types are critical for efficiently supporting things like parameter values, recursive query support is critical for fast graph traversal operations, things like INTERSECT are handy for query generation, and we rely on fast joins (MySQL's nested loop joins don't always cut it). It's much easier for us to support databases with these features than those that don't. For fairly divergent database targets, it becomes really hard to get the performance we want while simultaneously keeping our codebase manageable. I understand the need to not support everything. Having designed a number of systems that require some of the features you say you need, I can say with confidence that most of those issues can be handled without having an RDBMS that has all those advanced features. So I will respectfully disagree that you need features you listed. Yes, you may not be able to use something like ActiveRecord or Hibernate, and have to hand-code your SQL more often, but there are a number of techniques that can be used to at least achieve similar performance characteristics. I think it is a bit dangerous to assume that your user base can easily and quickly switch out their RDBMS systems as easy as this announcement seems to suggest. I'm happy to be wrong if the overall community thinks that is true, but for something that is as core to one's infrastructure as Puppet, making such a big change seems concerning. We aren't using ActiveRecord or Hibernate, and we are using hand-coded SQL where necessary to wring maximum speed out of the underlying data store. I'm happy to go into much greater detail about why the features I listed are important, but I think that's better suited to puppet-dev than puppet-users. We certainly didn't make this decision cavalierly; it was made after around a month of benchmarking various solutions ranging from traditional databases like PostgreSQL to document stores like MongoDB to KV stores such as Riak to graph databases like Neo4J. For Puppet's particular type of workload, with Puppet's volume of data, with Puppet's required durability and safety requirements...I maintain this was the best choice. While I don't doubt that given a large enough amount of time and enough engineers we could get PuppetDB working fast enough on arbitrary backing stores (MySQL included), we have limited time and resources. From a pragmatic standpoint, we felt that supporting a database that was available on all platforms Puppet supports, that costs nothing, that has plenty of modules on the Puppet Forge to help set it up, that has a great reliability record, that meets our performance needs, and that in the worst case has free/cheap hosted offerings (such as Heroku) was a reasonable compromise. I didn't had a look to the code itself, but is the postgresql code isolated in its own module? If yes, then that'd definitely help if someone (not saying I'm volunteering :) wants to port the code to MySQL. On a side note, that'd be terriffic Deepak if you would start a thread on the puppet-dev explaining how the postgresql storage has been done to achieve the speed :) -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet First Run after Install failing in module pe_mcollective
What version of PE and RHEL? I've seen this problem a couple of times and I believe we have a fix already. I'll just need to track it down and make sure it's the same issue. -Jeff On Tuesday, May 22, 2012, Shiva wrote: I am installing puppet enterprise manager (master) on a RHEL box. Though the install itself succeeds without any issues, the first run of puppet when it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c 'umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0] at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: 138 Source: /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns File: /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp I have uninstalled and cleaned out the dirs before installing, but no change. Looks like something got wacked up with the creation of the keystore.. Any suggestions Thanks Shiva -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.comjavascript:; . To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com javascript:;. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet master does not list certificate request
This seems to be fairly common, and I've tried master clean and client remove and even tried removing all master / client ssl files and restarted the puppetmaster both client/server are running 2.7.14 I did have master running 2.6.4 the first time I tried and I DID get the certificates recognized. I ran into a problem and decided it was best that they were all running the same version. but now despite removing ssl/ it is still ignoring me the client sees: sudo puppet agent --test server='blah.blah.com' [sudo] password for crucial: warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session warning: peer certificate won't be verified in this SSL session Exiting; no certificate found and waitforcert is disabled the master sees: puppet master version 2.7.14 err: Removing mount files: /etc/puppet/files does not exist info: access[^/catalog/([^/]+)$]: allowing 'method' find info: access[^/catalog/([^/]+)$]: allowing $1 access info: access[/certificate_revocation_list/ca]: allowing 'method' find info: access[/certificate_revocation_list/ca]: allowing * access info: access[/report]: allowing 'method' save info: access[/report]: allowing * access info: access[/file]: allowing * access info: access[/certificate/ca]: adding authentication no info: access[/certificate/ca]: allowing 'method' find info: access[/certificate/ca]: allowing * access info: access[/certificate/]: adding authentication no info: access[/certificate/]: allowing 'method' find info: access[/certificate/]: allowing * access info: access[/certificate_request]: adding authentication no info: access[/certificate_request]: allowing 'method' find info: access[/certificate_request]: allowing 'method' save info: access[/certificate_request]: allowing * access info: access[/]: adding authentication any info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL because none were found in '/etc/puppet/auth.conf' info: Inserting default '/status' (auth true) ACL because none were found in '/etc/puppet/auth.conf' info: Could not find certificate for 'crucial-systems.com' info: Could not find certificate for 'crucial-systems.com' info: Could not find certificate for 'crucial-systems.com' but there are no certs waiting to be signed: sudo puppet cert --list I've tried generating manually on master: sudo puppet cert generate crucial-systems.com which interestingly enough says: notice: crucial-systems.com has a waiting certificate request notice: Signed certificate request for crucial-systems.com notice: Removing file Puppet::SSL::CertificateRequest crucial-systems.com at '/var/lib/puppet/ssl/ca/requests/crucial-systems.com.pem' notice: Removing file Puppet::SSL::CertificateRequest crucial-systems.com at '/var/lib/puppet/ssl/certificate_requests/crucial-systems.com.pem' as though there was something waiting there the client now fails because the certificate does not match warning: peer certificate won't be verified in this SSL session info: Caching certificate for crucial-systems.com err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 7F:7C:65:E6:4B:46:92:BC:47:09:6D:60:F5:EE:96:57 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean crucial-systems.com On the agent: rm -f /var/lib/puppet/ssl/certs/crucial-systems.com.pem puppet agent -t Exiting; failed to retrieve certificate and waitforcert is disabled try doing what I'm told and remove the master (the one just generated) and the local files: # master sudo puppet cert clean crucial-systems.com notice: Revoked certificate with serial 8 notice: Removing file Puppet::SSL::Certificate crucial-systems.com at '/var/lib/puppet/ssl/ca/signed/crucial-systems.com.pem' notice: Removing file Puppet::SSL::Certificate crucial-systems.com at '/var/lib/puppet/ssl/certs/crucial-systems.com.pem' notice: Removing file Puppet::SSL::Key crucial-systems.com at '/var/lib/puppet/ssl/private_keys/crucial-systems.com.pem' # client sudo rm -f /var/lib/puppet/ssl/certs/crucial-systems.com.pem and I'm right back where I started: the master sees the request and just ignores it, never stores any certificate request thanks ! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ODbi_vxj_wIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera
On Tuesday, May 22, 2012, Dan White wrote: I found an answer to this particular issue. Thanks for the reminder so I can share the answer: I found the hiera/yaml way to indicate an empty array ! So, to use my earlier example: users: beast: username : beast uid : ingroups : - '' info : Let's see if this works Then, with a hiera call, I get : {beast={ingroups=[], uid=, username=beast, info=Let's see if this works} This is actually a non-empty array hat had one element, the empt string. This clearly seems like a bug in puppet and how it is handling Hash values. I'll take a look more as soon as I get into the office. -Jeff I was able to more forward past this problem after figuring that out. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Luke Bigum luke.bi...@lmax.com javascript:; wrote: On 22/05/12 00:22, Jeff McCune wrote: On Mon, May 21, 2012 at 1:24 AM, Luke Bigum luke.bi...@lmax.comjavascript:; mailto:luke.bi...@lmax.com wrote: I agree with Gary, Dan, it's probably the lack of data in the 'v_ingroups' key in your YAML that create_resources() is complaining about. If it truly can't pass an empty key/val pair you could do something hacky like use the string undef then explicitly check for it in the define. define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { if ($v_ingroups == undef) { Do you really mean to be comparing to the string undef rather than the keyword undef (no quotes)? Yes, unfortunately I did. It's because when using Hiera 0.3 it's a bit difficult to figure out what a Ruby nil gets passed into Puppet as. Consider the following manifest using Dan's example YAML (v_ingroups is a nil value): #--- #users: # beast: # v_username : beast # v_uid : # v_ingroups : # v_info : Let's see if this works define add_virtual_user ( $v_username, $v_uid, $v_ingroups, $v_info ) { notify { $name: message = username = ${v_username}, uid = ${v_uid}, ingroups = ${v_ingroups}, info = ${v_info}, } } $the_users = hiera_hash('users') notice($the_users[beast]) notice(prints as ${the_users[beast][v_ingroups]}) if ($the_users[beast][v_ingroups] == undef) { notice(is == undef) } if (defined($the_users[beast][v_ingroups])) { notice(is not defined) } if ($the_users[beast][v_ingroups] == ) { notice(is empty string) } if (! $the_users[beast][v_ingroups]) { notice(is false) } if ($the_users[beast][v_ingroups]) { notice(is true) } if ($the_users[beast][v_ingroups] == nil) { notice(is nil?) } create_resources('add_virtual_user', $the_users) --- It's not an empty string, it's not undef (but when you print it it comes out as undef), it's not nil (which doesn't exist in Puppet), it's not false but it *is* true? I've came across this once before and can't remember what nil actually gets interpreted as. So if you feed that Puppet hash directly into the create_resources() function, it complains about a missing parameter: - biguml@biguml-laptop:~$ puppet apply test.pp notice: Scope(Class[main]): v_usernamebeastv_uidv_ingroupsundefv_infoLet's see if this works notice: Scope(Class[main]): undef notice: Scope(Class[main]): is true Must pass a parameter or all necessary values at /home/biguml/test.pp:40 on node biguml-laptop - So my suggestion was to explicitly set undef as a string in the yaml, then match on that in the Puppet manifests. It's horrible but would work. -Luke There's a big difference... If you want to test if a variable is undefined the best way is to do this: if ($foo == undef) { notice \$foo is undef } else { notice \$foo is defined as ${foo} } -Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet First Run after Install failing in module pe_mcollective
Thanks Jeff Puppet enterprise 2.5.1 and RHEL 6.2 Shiva On May 22, 11:37 am, Jeff McCune j...@puppetlabs.com wrote: What version of PE and RHEL? I've seen this problem a couple of times and I believe we have a fix already. I'll just need to track it down and make sure it's the same issue. -Jeff On Tuesday, May 22, 2012, Shiva wrote: I am installing puppet enterprise manager (master) on a RHEL box. Though the install itself succeeds without any issues, the first run of puppet when it tries to deploy the pe_mcollective module fails with the following error. Message: change from notrun to 0 failed: sh -c 'umask 077; keytool - importkeystore -deststorepass puppet -destkeypass puppet -destkeystore broker.ks -srckeystore broker.p12 -srcstorepass puppet -srcstoretype PKCS12 -alias puppet-master.xyz.com' returned 1 instead of one of [0] at /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp: 138 Source: /Stage[main]/Pe_mcollective::Posix/Exec[broker_cert_keystore]/returns File: /opt/puppet/share/puppet/modules/pe_mcollective/manifests/posix.pp I have uninstalled and cleaned out the dirs before installing, but no change. Looks like something got wacked up with the creation of the keystore.. Any suggestions Thanks Shiva -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.comjavascript:; . To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com javascript:;. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet master does not list certificate request
I've gotten it to work by removing the entire /var/lib/puppet/ssl on master and all clients. It seems quite finicky. more SSL errors now when I try to do any connection On Tuesday, May 22, 2012 5:44:35 PM UTC+2, felix wrote: and even tried removing all master / client ssl files -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/etfK45cHs6UJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] How to create run stages from an ENC?
Hello, Is there a way to create run stages using just an ENC? If so, how would it look like in YAML format? I was thinking about something like this, but the YAML parser we use doesn't accept it and a colleague of mine said that maybe Puppet support for this is missing too. Is it true? stages: yum: before: 'main' # and then it could be used like this: classes: yum: stage: 'yum' # this works already as expected and the stage is getting passed to the yum class, but how do I get the stage created from the ENC? Thanks, Cristian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet-load forbidden request to /catalog/*
On Tue, May 22, 2012 at 2:56 AM, Matthew Burgess matthew.2.burg...@googlemail.com wrote: Thanks for any help, either in being able to get puppet-load to load test our environment, or in letting me know what might cause our clients to fail to check in reliably if it's not a load issue. Hi Matt, I ran into this as well, it seems as though puppet-load isn't properly authenticating with its agent certificate to the master. To work around this for now, assuming the client running puppet-load has a certificate named centos6.puppetlabs.vm, insert the following statement into auth.conf path /catalog/centos6.puppetlabs.vm method find allow centos6.puppetlabs.vm auth any This statement allows your node to find its catalog. It's the 'auth any' bit that makes it work, I just chose to make it a separate statement so you don't allow unauthenticated clients to grab catalogs. Reference: http://docs.puppetlabs.com/guides/rest_auth_conf.html HTH, --Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to create run stages from an ENC?
On Tue, May 22, 2012 at 9:42 AM, Cristian Măgherușan-Stanciu cristi.magheru...@gmail.com wrote: Hello, Is there a way to create run stages using just an ENC? If so, how would it look like in YAML format? I was thinking about something like this, but the YAML parser we use doesn't accept it and a colleague of mine said that maybe Puppet support for this is missing too. Is it true? stages: yum: before: 'main' # and then it could be used like this: classes: yum: stage: 'yum' # this works already as expected and the stage is getting passed to the yum class, but how do I get the stage created from the ENC? Stages are like resources, and resources can't be declared directly in the ENC. However you can create a parameter that contains a hash of the stage, and use create_resource to declare it. Here's an old thread which talks about this in more details: https://groups.google.com/d/topic/puppet-users/2f4SBM-_-ws/discussion Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Tuesday, May 22, 2012 8:26:22 AM UTC-7, Brice Figureau wrote: On Mon, 2012-05-21 at 15:39 -0600, Deepak Giridharagopal wrote: On Mon, May 21, 2012 at 2:04 PM, Marc Zampetti marc.zampe...@gmail.com wrote: Why wouldn't a DB-agnostic model be used? The short answer is performance. To effectively implement things we've got on our roadmap, we need things that (current) MySQL doesn't support: array types are critical for efficiently supporting things like parameter values, recursive query support is critical for fast graph traversal operations, things like INTERSECT are handy for query generation, and we rely on fast joins (MySQL's nested loop joins don't always cut it). It's much easier for us to support databases with these features than those that don't. For fairly divergent database targets, it becomes really hard to get the performance we want while simultaneously keeping our codebase manageable. I understand the need to not support everything. Having designed a number of systems that require some of the features you say you need, I can say with confidence that most of those issues can be handled without having an RDBMS that has all those advanced features. So I will respectfully disagree that you need features you listed. Yes, you may not be able to use something like ActiveRecord or Hibernate, and have to hand-code your SQL more often, but there are a number of techniques that can be used to at least achieve similar performance characteristics. I think it is a bit dangerous to assume that your user base can easily and quickly switch out their RDBMS systems as easy as this announcement seems to suggest. I'm happy to be wrong if the overall community thinks that is true, but for something that is as core to one's infrastructure as Puppet, making such a big change seems concerning. We aren't using ActiveRecord or Hibernate, and we are using hand-coded SQL where necessary to wring maximum speed out of the underlying data store. I'm happy to go into much greater detail about why the features I listed are important, but I think that's better suited to puppet-dev than puppet-users. We certainly didn't make this decision cavalierly; it was made after around a month of benchmarking various solutions ranging from traditional databases like PostgreSQL to document stores like MongoDB to KV stores such as Riak to graph databases like Neo4J. For Puppet's particular type of workload, with Puppet's volume of data, with Puppet's required durability and safety requirements...I maintain this was the best choice. While I don't doubt that given a large enough amount of time and enough engineers we could get PuppetDB working fast enough on arbitrary backing stores (MySQL included), we have limited time and resources. From a pragmatic standpoint, we felt that supporting a database that was available on all platforms Puppet supports, that costs nothing, that has plenty of modules on the Puppet Forge to help set it up, that has a great reliability record, that meets our performance needs, and that in the worst case has free/cheap hosted offerings (such as Heroku) was a reasonable compromise. I didn't had a look to the code itself, but is the postgresql code isolated in its own module? If yes, then that'd definitely help if someone (not saying I'm volunteering :) wants to port the code to MySQL. On a side note, that'd be terriffic Deepak if you would start a thread on the puppet-dev explaining how the postgresql storage has been done to achieve the speed :) I'm working on putting together an in-depth look into the technology inside PuppetDB, as well as everything we've done to make it fast. That should be coming soon. -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/y9AAD02ZVYwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet Scalability - any good references
Hi, Could anyone point out a good existing discussion of Puppet scalability? I'm relating to the Puppet master and ecosystem parts that are not the actual agents sitting on the managed servers. In particular anything that would shed insight upon: 1. Does a Puppet master gracefully degrade when overwhelmed? Or does stuff start failing, instead of just performing more slowly. 2. How does changing the Puppet polling interval (runinterval etc.) factor in? Does Puppet make it safe to increase workload and polling frequency knowing that at worst there'll be slowness, or does it leave it to the operator's gut and trial and error figuring how much load is fine, requiring of them to throttle workloads and hold their breaths when rolling out changes. Can workload be cancelled in case of excessive loads same as handling parallel FTP jobs, or this approach is not a design tenet at present? I'm assuming the answers in this area are not 0 nor 1's, so a balanced discussion of how close are things to 0 or to 1 is of interest. Thanks, matan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bNuzUMUUxJIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
I'm a long-term PostgreSQL fan, but MySQL has one feature that makes it a hands-down winner in our environment: trivial replication. I have puppetmasters in two different datacenters. Being able to have my dashboard see the status of systems in both datacenters makes it a lot more useful to the team. The PostgreSQL alternatives just don't work nearly as well, nor as transparently. On Tue, May 22, 2012 at 11:34 AM, Nick Lewis n...@puppetlabs.com wrote: On Tuesday, May 22, 2012 8:26:22 AM UTC-7, Brice Figureau wrote: On Mon, 2012-05-21 at 15:39 -0600, Deepak Giridharagopal wrote: On Mon, May 21, 2012 at 2:04 PM, Marc Zampetti marc.zampe...@gmail.com wrote: Why wouldn't a DB-agnostic model be used? The short answer is performance. To effectively implement things we've got on our roadmap, we need things that (current) MySQL doesn't support: array types are critical for efficiently supporting things like parameter values, recursive query support is critical for fast graph traversal operations, things like INTERSECT are handy for query generation, and we rely on fast joins (MySQL's nested loop joins don't always cut it). It's much easier for us to support databases with these features than those that don't. For fairly divergent database targets, it becomes really hard to get the performance we want while simultaneously keeping our codebase manageable. I understand the need to not support everything. Having designed a number of systems that require some of the features you say you need, I can say with confidence that most of those issues can be handled without having an RDBMS that has all those advanced features. So I will respectfully disagree that you need features you listed. Yes, you may not be able to use something like ActiveRecord or Hibernate, and have to hand-code your SQL more often, but there are a number of techniques that can be used to at least achieve similar performance characteristics. I think it is a bit dangerous to assume that your user base can easily and quickly switch out their RDBMS systems as easy as this announcement seems to suggest. I'm happy to be wrong if the overall community thinks that is true, but for something that is as core to one's infrastructure as Puppet, making such a big change seems concerning. We aren't using ActiveRecord or Hibernate, and we are using hand-coded SQL where necessary to wring maximum speed out of the underlying data store. I'm happy to go into much greater detail about why the features I listed are important, but I think that's better suited to puppet-dev than puppet-users. We certainly didn't make this decision cavalierly; it was made after around a month of benchmarking various solutions ranging from traditional databases like PostgreSQL to document stores like MongoDB to KV stores such as Riak to graph databases like Neo4J. For Puppet's particular type of workload, with Puppet's volume of data, with Puppet's required durability and safety requirements...I maintain this was the best choice. While I don't doubt that given a large enough amount of time and enough engineers we could get PuppetDB working fast enough on arbitrary backing stores (MySQL included), we have limited time and resources. From a pragmatic standpoint, we felt that supporting a database that was available on all platforms Puppet supports, that costs nothing, that has plenty of modules on the Puppet Forge to help set it up, that has a great reliability record, that meets our performance needs, and that in the worst case has free/cheap hosted offerings (such as Heroku) was a reasonable compromise. I didn't had a look to the code itself, but is the postgresql code isolated in its own module? If yes, then that'd definitely help if someone (not saying I'm volunteering :) wants to port the code to MySQL. On a side note, that'd be terriffic Deepak if you would start a thread on the puppet-dev explaining how the postgresql storage has been done to achieve the speed :) I'm working on putting together an in-depth look into the technology inside PuppetDB, as well as everything we've done to make it fast. That should be coming soon. -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit
Re: [Puppet Users] Is there a quick way to export a manifest from a master/client to a new standalone?
On Mon, May 21, 2012 at 7:22 PM, James Glenn thedonkd...@gmail.com wrote: Yes, this sounds like what I am looking for. I need to include file content as well as package and user management. Will this work? Should I try a different tactic? What are your limitations? Why are you unable to rely on the Puppet Agent - Puppet Master model? Perhaps the community can address your concerns and see if there's an opportunity to use this functionality? Shipping pre-compiled catalogs is an alternative to that model but it's got a number of limitations, file serving being one of them. You may also want to experiment with shipping modules and manifests to your remote machines and using Puppet Apply to locally compile a catalog, move files around and so on. --Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Facter 2.0.0rc3 Available
Facter 2.0.0rc3 is a maintenance release candidate with bug fixes. It includes contributions from Hailee Kenney and Moses Mendoza. This release is available for download at: https://downloads.puppetlabs.com/facter/facter-2.0.0rc3.tar.gz https://apt.puppetlabs.com https://yum.puppetlabs.com See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads Please report feedback via the Puppet Labs Redmine site, using an affected version of 2.0.0rc3: http://projects.puppetlabs.com/projects/facter/ Full Release Notes at: https://projects.puppetlabs.com/projects/facter/wiki/Wiki Facter 2.0.0rc3 Highlights == (#14582) Fix noise in LSB facts Redirect LSB fact's stderr to /dev/null to prevent excess noise. Facter 2.0.0rc3 Changelog === Hailee Kenney(3) 653e9e0 (#14466) Fix style issues 5a8547d (14466) Warn when no facts found b050eb1 (#14582) Fix noise in LSB facts Moses Mendoza(1) 6cc881d Use git describe in Rakefile to determine pkg ver -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Hiera 1.0.0rc3 Available
Hiera 1.0.0rc3 is a feature release candidate designed to accompany Puppet 3.0. Changes to Hiera since 1.0.0rc2 were mainly to ease packaging and improve testing. Downloads are available: * Source http://downloads.puppetlabs.com/hiera/hiera-1.0.0rc3.tar.gz It includes contributions from the following people: Kelsey Hightower and Matthaus Litteken See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.0.0rc3: http://projects.puppetlabs.com/projects/hiera ## Hiera 1.0.0rc3 Release Notes ## Remove Puppet parser functions This commit removes all the Puppet parser functions. This is being done to allow hiera to work better in stand-alone setups, and remove the dependency on Puppet for testing. The Parser functions will now live in hiera-puppet. (#14514) Use default config when hiera.yaml is missing Hiera no longer raises an exception when the hiera configuration file is missing; instead log a warning and use the following default config: { :backends = [yaml], :hierarchy = common, :logger= console } This patch includes updated tests. Hiera 1.0.0rc3 Changelog === Kelsey Hightower (5): 9808a64 (#14514) Use default config when hiera.yaml is missing 7312a95 (maint) Add Hiera acceptance tests 0067cd2 (maint) Additional tests for Hiera array and hash lookups 22a98ee Remove Puppet parser functions b6218b9 (maint) Hiera should raise an error when config is missing Matthaus Litteken (8): fe3d509 Remove empty Puppet class definition fd644b6 Add require hiera/backend to test 10f930f Add mac packaging to hiera 1df7201 Update mac packaging to dynamically generate preflight 6910d2d Move conf to ext, replace spec with erb 182fa17 Add debian packaging for hiera e927da2 Add package task for deb, srpm 2b8f0d3 Updating changelog for 1.0.0rc3 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: Puppet 3.0.0rc1 Available
After some tweaks I got a 3.0 puppetmaster and client working. But if I try a 3.0 client against a 2.7 master I get the following error: Error: Failed to apply catalog: Could not intern from pson: source '#Puppet::Node:0x7f' not in PSON! I know it isn't generally supported to run new clients against older master versions. But it would be very practical if it worked, is there anything I could do to get that working? Any clues why this error occurs? On 18 May 2012 08:36, Matthaus Litteken matth...@puppetlabs.com wrote: Puppet 3.0.0rc1 is a feature release candidate for the 3.0 series of Puppet. Puppet 3.0 has breaking changes from the Puppet 2.7 series and has new dependencies of Facter version 2.0.0 or greater, and Hiera (and the hiera puppet functions) version 1.0.0 or greater. There are a lot of new features, bug fixes and other improvements. Many have been captured in the release notes below and the Puppet 3.0.0 docs will have more details when they are published. Puppet 3.0.0rc1 includes contributions from the following people: 20after4, Aditya Patawari, Andrew Parker, Ben Ford, Brice Figureau, Bruno Léon, Cameron Thomas, Carl Caum, Carla Souza, Chris Price, Christian G. Warden, codec, Dan Bode, Daniel Pittman, Dean Wilson, Dieter De Meyer, Dominic Cleal, Dominic Maraglia, Eric Shamow, Eric Sorenson, Erkan Yilmaz, François Beausoleil, Franz Pletz, Greg Sutcliffe, Jacob Helwig, James Turnbull, Jason A. Smith, Jeff Blaine, Jeff McCune, Jeff Weiss, Joe Hillenbrand, Jonathan Grochowski, Josh Cooper, Joshua Harlan Lifton, Kelsey Hightower, Lauri Tirkkonen, Luke Kanies, Matt Robinson, Matthaus Litteken, Matthias Pigulla, Michael Kincaid, Michael Warren, Nan Liu, Nicholas Hubbard, Nick Lewis, Nick Stokoe, Patrick, Patrick Carlisle, Paul Mucur, peter, Piavlo, Ricky Zhou, Russ Allbery, S. Zachariah Sprackett, Sean Millichamp, Tim Bielawa, Uwe Stuehler, and Whyme.Lyu Downloads are available at: * Source http://downloads.puppetlabs.com/puppet/puppet-3.0.0rc1.tar.gz RPMs are available at http://yum.puppetlabs.com Debs are available at http://apt.puppetlabs.com Mac packages are available at http://downloads.puppetlabs.com/mac/puppet-3.0.0rc1.dmg Windows packages are available at http://downloads.puppetlabs.com/windows/puppet-3.0.0rc1.msi See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.0.0rc1: http://projects.puppetlabs.com/projects/puppet/ ## Puppet 3.0.0rc1 Release Notes ## # Breaking and Important Changes in Telly (Puppet 3.0.0) # * String#lines and IO#lines revert to real Ruby semantics. Because the earliest versions of Ruby we support lack these, they were monkey-patched into place. Unfortunately, this emulation had different semantics, which have now been reverted to the Ruby norm. In earlier versions they behaved like split, and now they behave as normal - they include the separator character (default $/ == \n) in the output, and include content where they previously wouldn't. * Puppet::Application: deprecated #should_parse_config, #should_not_parse_config, and #should_parse_config? In previous versions of puppet, individual applications / faces built off of the Puppet::Application class were responsible for determining whether or not the puppet config file should be parsed. This logic is now part of the main puppet engine / framework, and thus applications and faces need no longer specify this via the methods mentioned above. The signatures still exist for now but will print a deprecation warning, and will be removed in a future release. * Puppet::Util::CommandLine: no longer defaults to 'apply' if a subcommand is not specified In recent versions of puppet, if you called puppet without specifying a subcommand, it would default to 'apply'. This behavior has been deprecated for a while (and we've included a warning message for a while), and is now officially removed from Telly. A subcommand is now required, and you will get a usage message if you attempt to run without one. * Puppet agent lockfile The semantics of the puppet agent lockfile have changed. These semantics were being treated as API by some external programs (at least mcollective). For a detailed description of the changes please see telly/developer_docs/agent-lockfiles.md. * Console output formatting changes The format of messages displayed to the console has changed slightly, potentially leading to scripts that watch these messages breaking. This does not change the formatting of messages logged through other channels (eg: syslog, files), which remain as they were before. See bug #13559 for details * Resource Type API changes The API for querying resource types has changed slightly. This is most likely to be visible to any external tools that were using the REST API to
Re: [Puppet Users] Installing up to date puppet on Ubuntu
On Tue, May 22, 2012 at 5:07 AM, felix crucialfe...@gmail.com wrote: ah ! thanks before: puppet: Installed: (none) Candidate: 0.25.4-2ubuntu6.7 Version table: 0.25.4-2ubuntu6.7 0 500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages 100 /var/lib/dpkg/status 0.25.4-2ubuntu6 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages after apt-get update puppet: Installed: (none) Candidate: 2.7.14-1puppetlabs1 Version table: 2.7.14-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.13-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.12-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.11-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.9-1puppetlabs3 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.9-1puppetlabs2 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.8-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.7-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.7.6-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 2.6.14-1puppetlabs1 0 500 http://apt.puppetlabs.com/ lucid/main Packages 0.25.4-2ubuntu6.7 0 500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages 500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages 100 /var/lib/dpkg/status 0.25.4-2ubuntu6 0 500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages though I think I might stick with the rubygems install as I have gotten that to work now. its the lucid version of rubygems that doesn't fully work, so I installed that from source: cd /usr/local/src sudo wget http://production.cf.rubygems.org/rubygems/rubygems-1.5.2.tgz sudo tar -xzf rubygems-1.5.2.tgz cd rubygems-1.5.2 sudo ruby setup.rb sudo update-alternatives --install /usr/bin/gem gem /usr/bin/gem1.8 1 sudo gem update --system and now re-installing the gem seems to have installed puppet puppetd puppetmaster etc in /usr/bin/ but maybe sticking with the package manager is better ? it seems like ruby community doesn't work so well with the standard package managers, and gems are more up to date. In my opinion, the native package experience is *much* better than rubygems. Rubygems doesn't allow for many of the things that puppet needs all that easily (user creation, files in /etc, init scripts, etc). Plus the native packages are designed to work more with the ruby found on the OS rather than whatever the ruby was that gem authors designed. Puppet as a gem, is tested against many rubies and paths, but just can't quite be as good of an experience as a native package. Now that Puppet Labs maintains native packages with every release, I hope there isn't much of a need to user rubygems on Debian or RPM based systems. We also have packages for Windows and Mac. some of my machines are approaching end of life for lucid. but then one of the goals of using puppet is to make it easy to jump to a new machine. On Tuesday, May 22, 2012 1:48:43 PM UTC+2, Martin Alfke wrote: Hi, On 22.05.2012, at 13:08, felix wrote: Hi, Ubuntu Lucid has a very outdated puppet, 0.25.4 according to: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#for-debian-and-ubuntu I did this to enable the repository: wget http://apt.puppetlabs.com/puppetlabs-release_1.0-3_all.deb sudo dpkg -i puppetlabs-release_1.0-3_all.deb but this still does not result in installing an up to date puppet apt-get remove puppet apt-get install puppet Did you run apt-get update after enabling the puppetlabs repository? What versions are shown when running apt-cache policy puppet ? Regards, Martin Setting up puppet (0.25.4-2ubuntu6.7) . I tried installing via gems: sudo gem install puppet which does give: Successfully installed puppet-2.7.14 but /usr/bin/puppet -V still gives 0.25.4 If I apt-get remove puppet then there is no longer a /usr/bin/puppet at all and there is no puppet on my path. I find something on a pastebin somewhere: /bin/ln -s /var/lib/gems/1.8/bin/puppet /usr/bin/puppet but surely this can't be the recommended way to install. or am I supposed to have /var/lib/gems/1.8/bin/ on my path ? gems was installed with: apt-get install rubygems Obviously I'm not a ruby person, and I've just read the rubygems docs regarding versions and why its not on the path. (onerous) But how is puppet supposed to use it, what is recommended practice ? I don't want it on MY path since it won't be my user running the puppet agent. Its already tedious installing puppet on each server in this fashion. thanks for
[Puppet Users] Announce: Hiera-Puppet 1.0.0rc1 Available
Hiera-Puppet 1.0.0rc1 is a feature release candidate designed to accompany Puppet 3.0 and Hiera 1.0. It includes Puppet functions for hiera and also the puppet backend for hiera lookups. Downloads are available: * Source http://downloads.puppetlabs.com/hiera/hiera-puppet-1.0.0rc1.tar.gz * Apt and yum development repositories * Apple package http://puppetlabs.com/downloads/mac/hiera-puppet-1.0.0rc1.dmg It includes contributions from the following people: Gary Larizza, Hunter Haugen, Kelsey Hightower, Ken Barber, Matthaus Litteken, and Nan Liu See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet#Verifying+Puppet+Downloads Please report feedback via the Puppet Labs Redmine site, using an affected version of 1.0.0rc1: http://projects.puppetlabs.com/projects/hiera-puppet Hiera-Puppet 1.0.0rc1 Changelog === Gary Larizza (2): 894a7a4 Fail if a lookup key isn't passed 927de1f Add test coverage for hiera_hash() Hunter Haugen (1): 632457e Rubygems is not required to use hiera Kelsey Hightower (2): 48bfccb (#14461) Remove Puppet parser functions a042de4 Revert (#14461) Remove Puppet parser functions Ken Barber (1): 2df319a (#14124) Load rake tasks directly to fix tests for Ruby 1.9.x Matthaus Litteken (6): cb721c5 Add mac packaging to hiera-puppet 64b7375 Move conf to ext directory 4101d02 Add debian packaging for hiera-puppet 470c5c8 Add Redhat packaging to hiera-puppet 5adc454 Add package task to tasks 1138e65 Updating CHANGELOG for hiera-puppet 1.0.0rc1 Nan Liu (1): eb800e4 (#12037) hiera-puppet should support hash values. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Announce: Puppet 3.0.0rc1 Available
On Tue, May 22, 2012 at 2:59 PM, Erik Dalén erik.gustav.da...@gmail.com wrote: After some tweaks I got a 3.0 puppetmaster and client working. But if I try a 3.0 client against a 2.7 master I get the following error: Error: Failed to apply catalog: Could not intern from pson: source '#Puppet::Node:0x7f' not in PSON! That output is the default Ruby stringification of a class that doesn't otherwise support being turned into PSON. I know it isn't generally supported to run new clients against older master versions. But it would be very practical if it worked, is there anything I could do to get that working? Any clues why this error occurs? The 3.0.0 agent performs a node lookup to determine which environment the ENC (if any) expects it to be in. The 2.7 master doesn't support PSON encoding for the node object that is transferred as part of that - but apparently doesn't correctly error, just returns the default Ruby stringification of the object. You could use the routes.yaml file on the agent to change the node terminus from REST to something else (eg: plain or so) in order to avoid that check. That would bypass the specific issue, although we make absolutely no assurance that anything else will work correctly either. -- Daniel Pittman ⎋ Puppet Labs Developer – http://puppetlabs.com ♲ Made with 100 percent post-consumer electrons -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Trying to get complex data set into Puppet from ENC
Hi everyone, I've been reading the groups here for a while, and have gotten a lot of things fixed by finding other people's posts, so hopefully someone will be able to set me straight. I am working on a Puppet deployment that needs to have a lot of disparate data pulled together, and as far as the ENC I created to pull it all in, everything has worked great. However, I'm running into a problem instantiating Apache virtual hosts. Here is some abridged output from my ENC: --- classes: app::lamp: appdata: sites: Some Website: id: 2 name: Some Website servername: somewebsite.com svntag_prod: trunk svntag_dev: trunk documentroot: ~ Another Website: id: 4 name: Another Website servername: anotherwebsite.com svntag_prod: 1.2.0 svntag_dev: 1.3.0-rc4 documentroot: ~ Third Website: id: 6 name: Third Website servername: thirdwebsite.com svntag_prod: trunk svntag_dev: trunk documentroot: /opt/thirdwebsite/customhtdocs So, I have some other classes that are parameterized and I can reference $appdata[$key] inside those manifests and everything works fine for strings or arrays. My issue is getting this hash of hashes in [appdata][sites] turned into vhosts. I tried using create_resources to no avail, tried dumping the ENC to YAML and using Hiera to parse that, and I have struck out in every way. And, honestly, I think there must be a better way to do this. The data is all in a single MySQL table, so I looked at hiera-mysql backend, but I think I am over my head here. Has anyone got a good example I could reference doing something like this, especially for multi-dimensional hashes? I was starting to look at just converting it to JSON or just comma delimited text and feed it to Puppet as a string to be parsed, but that just seems wrong. I've been at this 4 hours now with no luck, any help anyone can provide would be greatly appreciated. Thanks, -Jared -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Mon, 2012-05-21 at 15:39 -0600, Deepak Giridharagopal wrote: 1) The data stored in PuppetDB is entirely driven by puppetmasters compiling catalogs for agents. If your entire database exploded and lost all data, everything will be 100% repopulated within around $runinterval minutes. I think that this is a somewhat dangerous line of thinking. Please correct me if my understanding of storedconfigs are wrong, but if I am managing a resource with resources { 'type': purge = true } (or a purged directory populated file resources) and any subset of those resources are exported resources then, if my entire database exploded, would I not have Puppet purging resources that haven't repopulated during this repopulation time? They would obviously be replaced, but if those were critical resources (think exported Nagios configs, /etc/hosts entries, or the like) then this could be a really big problem. To me storedconfigs are one of the killer features in Puppet. We are using them for a handful of critical things and I plan to only expand their use. I'm glad that Puppet Labs is focusing some attention on them, but this attitude of we can wait out a repopulation has me worried. Again, maybe I'm misunderstanding how purging with exported resources actually works, but my experience has been that if you clear the exported resource from the database so goes the exported record in a purge situation. In a slightly different vein, does PuppetDB support a cluster or HA configuration? I assume at least active/passive must be okay. Any gotchas to watch for? Thanks, Sean -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Projects.puppetlabs.com outage 5/22/2012
Hi all Due to some required maintenance our provider is doing the Redmine projects site will be down from 6.00PM PST to 6.30PM PST tonight (5/22/2012). We apologize for the inconvenience and the short notice. If you have any questions or concerns please contact me. Thanks James Turnbull -- James Turnbull Puppet Labs 1-503-734-8571 To schedule a meeting with me: http://tungle.me/jamtur01 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Tue, May 22, 2012 at 6:24 PM, Sean Millichamp s...@bruenor.org wrote: ** On Mon, 2012-05-21 at 15:39 -0600, Deepak Giridharagopal wrote: 1) The data stored in PuppetDB is entirely driven by puppetmasters compiling catalogs for agents. If your entire database exploded and lost all data, everything will be 100% repopulated within around $runinterval minutes. I think that this is a somewhat dangerous line of thinking. Please correct me if my understanding of storedconfigs are wrong, but if I am managing a resource with resources { 'type': purge = true } (or a purged directory populated file resources) and any subset of those resources are exported resources then, if my entire database exploded, would I not have Puppet purging resources that haven't repopulated during this repopulation time? They would obviously be replaced, but if those were critical resources (think exported Nagios configs, /etc/hosts entries, or the like) then this could be a really big problem. To me storedconfigs are one of the killer features in Puppet. We are using them for a handful of critical things and I plan to only expand their use. I'm glad that Puppet Labs is focusing some attention on them, but this attitude of we can wait out a repopulation has me worried. Again, maybe I'm misunderstanding how purging with exported resources actually works, but my experience has been that if you clear the exported resource from the database so goes the exported record in a purge situation. I didn't mean to imply that there's no point to backing things up or caring about uptime...I apologize if I gave that impression. I only offered that piece of information to help people understand that the data PuppetDB is storing isn't unique per se; it's easy to recover data that was lost. But just because the data can be easily reconstituted doesn't mean that losing it is consequence-free! You are exactly right about the potential gotchas that exist if that data disappears and agents check in, particularly if you have purge set. The context for that statement was a larger discussion of operational requirements, and I was just trying to articulate the continuum of possible failure scenarios. For any current or future features (upgrades, service restarts, whatever), we *never* assume that it's okay to trash your data. In a slightly different vein, does PuppetDB support a cluster or HA configuration? I assume at least active/passive must be okay. Any gotchas to watch for? Active/passive is perfectly fine; no gotchas. Cheers, deepak -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Tue, May 22, 2012 at 7:02 PM, Deepak Giridharagopal dee...@puppetlabs.com wrote: On Tue, May 22, 2012 at 6:24 PM, Sean Millichamp s...@bruenor.org wrote: In a slightly different vein, does PuppetDB support a cluster or HA configuration? I assume at least active/passive must be okay. Any gotchas to watch for? Active/passive is perfectly fine; no gotchas. Also, as the communication between Puppetmaster and PuppetDB is just HTTPS, you can use something like nginx as a reverse proxy to implement automatic failover if you like. Cheers, deepak -- Deepak Giridharagopal / Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: CA error
Thank you for your repley. I figured it out. Because I has not set FQDN, when clients access server, there would be more than one certificates generated for each client. One of the clients could not generate sencond certificate successfully. This occured error. Now I set FQDN, only one certificate generated for each client, and error fixed. On Mon, May 21, 2012 at 10:24 PM, jcbollinger john.bollin...@stjude.orgwrote: On May 20, 11:53 pm, shanghainese niji...@gmail.com wrote: I have a problem bother me for few days. I install puppet on three nodes which consist of the the same kind of parts. One is used as puppet server and rest two are used as puppet clients. Also, I Synchronized the date before I installed puppet. For puppet server, I use autosign and set puppet certname as ”puppet”. For clients, I use the default configurations. One client can run puppet without any problem. Another client runs puppet without error at the firs time. But error occurs from second time. - err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled - I use command puppetca --clean hostname to clean the ca at puppet server, and use command find /var/lib/puppet -type f -print0 |xargs -0r rm to clean ssl ca at client. If I do not reboot client, I will alway get 403 forbiden error. If I reboot client, I can run puppetd --test for the first time, but get the same error from second time. The problems are: I use the same configuration at clients, Why can one client run without error but another cannot. And how can I solve this problem? The error you describe strongly suggests that your two client nodes are trying to use the same certname on their own SSL certificates. With a default Puppet agent configuration, the certname is the client's hostname at the time the certificate was generated. I speculate that one or both of these are true: 1) The client nodes' hostnames were left at some installation default value up through the time of their first Puppet runs. For example, they might both be named localhost.localdomain. or 2) One client node was created from a disk image of the other, or both were created from the same pre-built image, without assigning distinct names to each client. If you find that the clients indeed have the same name, then I suggest starting completely fresh on the SSL front: shut down the master and agent services, wipe out Puppet's SSL directories on all of the machines, set distinct names on all the machines, then proceed as before. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Announce: Puppet 3.0.0rc2 Available
Puppet 3.0.0rc2 is a feature release candidate for the 3.0 series of Puppet. It addresses issues #14514 and #14609, and includes contributions from Chris Price and Kelsey Hightower. Downloads are available at: * Source http://downloads.puppetlabs.com/puppet/puppet-3.0.0rc2.tar.gz RPMs are available at http://yum.puppetlabs.com Debs are available at http://apt.puppetlabs.com Mac packages are available at http://puppetlabs.com/downloads/mac/puppet-3.0.0rc2.dmg Windows packages are available at http://puppetlabs.com/downloads/windows/puppet-3.0.0rc2.msi See the Verifying Puppet Download section at: http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.0.0rc2: http://projects.puppetlabs.com/projects/puppet/ ## Puppet 3.0.0rc2 Release Notes ## (#14609) Fix master initialization when running under Passenger There is some initialization that happens in CommandLine.rb (such as parsing the puppet config file) which was being bypassed when launching puppetmaster as a Rack/Passenger app. This commit tweaks the rack config to call into CommandLine directly, which is unfortunate but works for now. (#14514) Check for the presence of hiera config Puppet initializes Hiera using a configuration Hash instead of a configuration file. Puppet now checks for the existence of the hiera configuration file and uses an empty configuration and logs a warning if missing. We also ensure Hiera uses the Puppet logger by overriding the configuration hash to set the logger explicitly. ## Puppet 3.0.0rc2 Changelog ## Kelsey Hightower (2): ca5271f (maint) Add data binding Hiera tests b6c5e9d (#14514) Check for the presence of hiera config cprice (1): 0cea47e (#14609) Fix master initialization when running under Passenger -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Announce: PuppetDB 0.9.0 (first release) is available
On Tue, May 22, 2012 at 12:02 AM, Marc Zampetti marc.zampe...@gmail.com wrote: Is Puppet Labs saying they are ending support of MySQL and instead will only support PostgreSQL? That is going to be a big problems for shops that do not support PostgresSQL, or are only allowed to run DB systems on an approved list. Why wouldn't a DB-agnostic model be used? Right now, I can say that due to these types of issues, I cannot even evaluate PuppetDB, and will not be able to for the foreseeable future. (cc'd the mysql list as I'm pretty sure the boys over there have some interest in this) As a provider of puppet consulting I can say it will be a harder sell to clients if we need them to use postgres instead of MySQL in order to use PuppetDB. It's not impossible of course, but introducing an additional barrier for puppet will give us additional trouble convincing our clients :) You mentioned degraded performance, do you have any numbers on what kind of performance degradation we are talking about? I wouldn't mind some degraded performance if that means we can keep smaller clients on MySQL. Also, have you looked at MariaDB 5.5? it is a drop-in replacement for MySQL with much better performance for any query optimiser related things (which I'm pretty sure the nested joins are also part of). -- Walter Heck -- Check out my startup: Puppet training and consulting @ http://www.olindata.com Follow @olindata on Twitter and/or 'Like' our Facebook page at http://www.facebook.com/olindata -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.