[Puppet Users] Re: Installing hiera
hello! On Jun 25, 11:34 pm, llow...@oreillyauto.com llow...@oreillyauto.com wrote: On Monday, June 25, 2012 10:21:20 AM UTC-5, Florian Koch wrote: Hi, Have you the hiera Files in the puppet libdir e.g /var/lib/puppet/lib ? No, I do not, actually. Which files need to go there? The stuff in /var/lib/gems/1.8/gems/hiera-0.3.0/lib/ ? Did you execute the following command in the puppet modulepath directory ? curl -L https://github.com/puppetlabs/hiera-puppet/tarball/master -o \ 'hiera-puppet.tar.gz' mkdir hiera-puppet tar -xzf hiera- puppet.tar.gz \ -C hiera-puppet --strip-components 1 rm hiera-puppet.tar.gz The master branch of hiera-puppet repo seems different from hiera- puppet gem. # gem list|grep hiera-puppet hiera-puppet (0.3.0) Try to use hiera-puppet gem: 1. Change to the modulepath directory. 2. Backup hiera-puppet master branch version. 3. Copy hiera-puppet gem version: cp -a /usr/lib/ruby/gems/1.8/gems/hiera-puppet-0.3.0/ hiera-puppet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: configure apache passenger problem
When I was just setting up passenger, I had to alter that line referencing mod_passenger.so to our apache modules directory. # LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/ext/apache2/mod_passenger.so This needed to be changed to /etc/httpd/modules/mod_passenger.so since that is where apache has the module for passenger. I think you just need to track down where that module is and point the configuration to the right place. On Saturday, July 7, 2012 12:23:29 PM UTC-6, Hai wrote: I am configuring apache passenger by following the doc http://projects.reductivelabs.com/projects/puppet/wiki/Using_Passenger I am getting following erros when start httpd: ]# /etc/init.d/httpd start Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 5 of /etc/httpd/conf.d/10_passenger.conf: Cannot load /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/ext/apache2/mod_passenger.c into server: /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/ext/apache2/mod_passenger.c: invalid ELF header [FAILED] the /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/ext/apache2/mod_passenger.c is the only thing I found in my system, I cannot find a mod_passenger.so file. here is my config, please help: === # ll total 28 -rw-r--r-- 1 root root 861 Jul 7 11:08 10_passenger.conf -rw-r--r-- 1 root root 1299 Jul 7 10:57 rack.conf -rw-r--r-- 1 root root 392 Dec 8 2011 README -rw-r--r-- 1 root root 9473 Dec 8 2009 ssl.conf -rw-r--r-- 1 root root 299 May 20 2009 welcome.conf == # cat 10_passenger.conf # /etc/httpd/conf.d/10_passenger.conf # The passenger module path should match ruby gem version # LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/ext/apache2/mod_passenger.so LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12/ext/apache2/mod_passenger.c PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.12 PassengerRuby /usr/bin/ruby # Recommended Passenger Configuration PassengerHighPerformance on PassengerUseGlobalQueue on # PassengerMaxPoolSize control number of application instances, # typically 1.5x the number of processor cores. PassengerMaxPoolSize 6 # Restart ruby process after handling specific number of request to resolve MRI memory leak. PassengerMaxRequests 4000 # Shutdown idle Passenger instances after 30 min. PassengerPoolIdleTime 1800 # End of /etc/httpd/conf.d/10_passenger.conf = # cat rack.conf # you probably want to tune these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 VirtualHost *:8140 SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/hqd-puppet-01.telenav.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/hqd-puppet-01.telenav.com.pem SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem # If Apache complains about invalid signatures on the CRL, you can try disabling # CRL checking by commenting the next line, but this is not recommended. SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars DocumentRoot /etc/puppet/rack/public/ RackBaseURI / Directory /etc/puppet/rack/ Options None AllowOverride None Order allow,deny allow from all /Directory /VirtualHost -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/SHGyouoA1-IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: configure apache passenger problem
Sound like you only have the passenger gem installed, it needs to install the apache module. Here is a snippet from a Centos puppet build. init.pp # # modules/passenger/manifests/init.pp class passenger { package { 'rack': ensure = '1.1.0', provider = 'gem', require = Class['rubygems'], before = Package['passenger'], } package { 'passenger': ensure = installed, provider = 'gem', require = Package['rack'], before = File['/opt/passenger'], } # auto install passenger apache2 module and create links file { '/opt/passenger': ensure = 'directory', owner = 'root', group = 'root', mode = '0755', before = File['/opt/passenger/auto_passenger_install.sh'], } file { '/opt/passenger/auto_passenger_install.sh': ensure = 'present', owner = 'root', group = 'root', mode = '0755', source = 'puppet:///modules/passenger/auto_passenger_install.sh', before = Exec['auto_passenger_install'], } exec { 'auto_passenger_install': command = '/opt/passenger/auto_passenger_install.sh', timeout = '900', creates = '/etc/passenger', } } The install script. This installs the mod_passenger.so and links the directory to /etc/passenger (which means easy to upgrade version, the link is just swapped - apache still needs to restart as it reads the hardlink when started.) #!/bin/bash auto_passenger_install.sh # # modules/passenger/files/auto_passenger_install.sh # # Script variables SCRIPT=$(readlink -f $0) SCRIPTNAME=$(basename $SCRIPT) SCRIPTPATH=$(dirname $SCRIPT) SERVER=`hostname | cut -d'.' -f1-1` TIMESTAMP=$(date +%s) RUNDATE=`date -d @$TIMESTAMP +%Y%m%d%H%M%S` LOG_PATH=/var/log/scripts/$SCRIPTNAME if [ ! -d $LOG_PATH ]; then mkdir -p $LOG_PATH fi LOGFILE=$LOG_PATH/$RUNDATE.$SCRIPTNAME.log RUBYGEMS_VER_DIR=$(basename `facter rubysitedir`) PASSENGER_VERSION=`gem list --local | grep passenger | sed -e 's/passenger (//g;s/)//g'` cd /usr/lib/ruby/gems/$RUBYGEMS_VER_DIR/gems/passenger-$PASSENGER_VERSION /usr/bin/ruby /usr/bin/rake apache2:clean apache2 RELEASE=yes ln -s /usr/lib/ruby/gems/$RUBYGEMS_VER_DIR/gems/passenger-$PASSENGER_VERSION /etc/passenger -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/CS-7QcEic_IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] create multiple resources from an array of things.
Hi gang, I feel like I'm missing something fundamental here… I've got the following: class snmp::rhel::rh5enable { $collector = ['10.0.0.1', '10.0.0.2'] define add_snmp_hosts_allow ($ip) { exec { hosts_allow_$ip: command = /bin/echo \snmpd : $ip : ALLOW\ /etc/hosts.allow, unless = /bin/grep -c \snmpd : $ip : ALLOW\ /etc/hosts.allow, } } notify { COLLECTOR IS SET TO ${collector}: } add_snmp_hosts_allow{$collector: ip= $collector,} } yet I get borked, as : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Exec[hosts_allow_10..0.0.110.0.0.2] is already declared in file /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp at line 4; cannot redeclare at /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp:4 on node centos how do I go about doing this correctly ? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] create multiple resources from an array of things.
Wolf, Are you calling that parameterized class multiple places? This sounds like a situation where what you want may be a defined type but in fact you are using a parameterized class. You can include paramaterized classes multiple times using include but not using parameters. -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Sunday, July 8, 2012 at 2:00 PM, Wolf Noble wrote: Hi gang, I feel like I'm missing something fundamental here… I've got the following: class snmp::rhel::rh5enable { $collector = ['10.0.0.1', '10.0.0.2'] define add_snmp_hosts_allow ($ip) { exec { hosts_allow_$ip: command = /bin/echo \snmpd : $ip : ALLOW\ /etc/hosts.allow, unless = /bin/grep -c \snmpd : $ip : ALLOW\ /etc/hosts.allow, } } notify { COLLECTOR IS SET TO ${collector}: } add_snmp_hosts_allow{$collector: ip= $collector,} } yet I get borked, as : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Exec[hosts_allow_10..0.0.110.0.0.2] is already declared in file /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp at line 4; cannot redeclare at /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp:4 on node centos how do I go about doing this correctly ? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] create multiple resources from an array of things.
Hi Eric, No, this class is not being called anywhere else. What I think is going on is that I have an array of two strings, but somehow the defined type is getting a concatenated string which contains both values of the array instead of treating each element of the array as an individual. The end goal here is to have an array of each ip address that needs to have an entry in /etc/hosts.allow, and have a defined type which is fed those IPs and verifies the presence of/creates the entries as needed. is there a better direction to approach this than I'm employing? On Jul 8, 2012, at 1:46 PM, Eric Shamow wrote: Wolf, Are you calling that parameterized class multiple places? This sounds like a situation where what you want may be a defined type but in fact you are using a parameterized class. You can include paramaterized classes multiple times using include but not using parameters. -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Sunday, July 8, 2012 at 2:00 PM, Wolf Noble wrote: Hi gang, I feel like I'm missing something fundamental here… I've got the following: class snmp::rhel::rh5enable { $collector = ['10.0.0.1', '10.0.0.2'] define add_snmp_hosts_allow ($ip) { exec { hosts_allow_$ip: command = /bin/echo \snmpd : $ip : ALLOW\ /etc/hosts.allow, unless = /bin/grep -c \snmpd : $ip : ALLOW\ /etc/hosts.allow, } } notify { COLLECTOR IS SET TO ${collector}: } add_snmp_hosts_allow{$collector: ip= $collector,} } yet I get borked, as : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Exec[hosts_allow_10..0.0.110.0.0.2] is already declared in file /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp at line 4; cannot redeclare at /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp:4 on node centos how do I go about doing this correctly ? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: groups dependencies at user creation
Dears all, Thanks nan your your suggestion, I took it (again) in account trying to do something better. Thanks john for your puppet's lesson. I'd never been worked with declarative system, noticeably it's demand a different way of think than in typical imperative system. I have done a new version having : 1) Custom function having input groups membership for all users comming from ENC. Return an array having unique items (groups). I prefer this instead of modify ENC for explicitness reason of input json. 2) New defined type (main_groups) to ensuring group existence. I discard 'defined' function like john suggest me. I suggest to PuppetLabs team write a caution or warning about defined function at documents. 3) New defined type (dep_groups) just like nan suggested to me, which it's to ensuring dependencies. Testing are good and i hope this approach can be less hurtful for puppet design and obviously for my good health. I appreciate all your help Best Regards, eduardo. PD : The following are details of this approach . - class updssh( $users ) { $all_groups = inline_template( % users.each do |usr| -%% usr.each do |k,v| -%%= usr[k] ['groups'] %;% end -%% end -%) # Custom function groups_uniq take all groups field values having user's membership # Return array having unique items(groups) $groups_uniq = groups_uniq($all_groups) # Ensuring group existence for membership of users main_groups { $groups_uniq: } # guarantee main groups existence for user's membership define main_groups { $group = $title group { $group: ensure = present } } - define updssh::add_user ( $email , $groups ) { $username = $title $usr_grp = inline_template( % groups.each do |grp| -%%= username %_%= grp %, % end -% ) $usr_groups = split($usr_grp, ',') dep_groups { $usr_groups: } ... } # Ensuring dependencies define dep_groups { $arr = split($title, '_') $username = $arr[0] $group = $arr[1] notify {Ensuring dependencies ${title}: } Group[$group] - User[$username] } - On 7 jul, 11:19, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Mon, Jul 02, 2012 at 12:20:40PM -0500, Tim Mooney wrote: How to ensure groups dependencies at user creation ?. If you were just talking about the user's default group, then it would be one of the few cases where puppet establishes an ordering relation for you automatically. In other words: user { 'foo': gid = 'bar', } automatically ensures that group 'bar' is present before user 'foo'. I don't know if that same thing is true for supplemental groups It is also true for supplemental groups. You can see puppet creates the relationship when you run puppet agent / puppet apply in debug mode. So when I run # puppet apply -vd --noop EOF group { ['foo', 'bar']:ensure = present } user { 'bob': groups = [ 'foo', 'bar' ], ensure = present } EOF I get debug: /Stage[main]//User[bob]: Autorequiring Group[bar] debug: /Stage[main]//User[bob]: Autorequiring Group[foo] -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet agent won't recognize configuration
On Fri, Jul 6, 2012 at 9:35 AM, catshirt n...@thefuture.fm wrote: hi all, just started using puppet and i think it's great. but i'm having a number of problems surrounding the authentication of the servers. on a fresh master, when i create a new client using the node_aws cloud provisioner (using --certname), the agent doesn't respect the generated configuration. `certname` is certainly listed under [main] in puppet.conf, so why wouldn't the agent recognize it? You are seeing the difference running puppet under root account vs. the ubuntu account. $ sudo puppet master --configprint certname analytics0 $ puppet master --configprint certname analytics0 $ sudo puppet agent --configprint certname analytics0 $ puppet agent --configprint certname domu-x-x-x-x-x-x.compute-1.internal When running as root, puppet use the configuration specified in /etc/puppet/puppet.conf. When running as a normal user such as ubuntu, puppet use the configuration under ~/.puppet/puppet.conf, so in this case this file is likely missing and puppet will use the default certname which is the ec2 instance name as seen above. $ ls -la /etc/puppet/puppet.conf -rw-r--r-- 1 root root puppet.conf this pattern also occurs with the `server` option. i've also other, unrelated but similar sudo discrepancies that i think are leading to other problems (for another post...). for instance: $ sudo puppet agent --configprint ssldir /var/lib/puppet/ssl $ puppet agent --configprint ssldir /home/ubuntu/.puppet/ssl So the settings above are correct between root vs. ubuntu user. In general you need to run sudo puppet to make changes to the system which should use the correct setting in /etc/puppet/puppet.conf. Thanks, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: groups dependencies at user creation
Thanks you very much Stefan. Testing were tell me something like that exactly. But I can't reach an autorequiring reason like you did by debug output. It's a shame not having had prior nevertheless you are not only clarifying me about that but also simplify my recipe. So finally I can rest without any fear about not have Group - User dependencies explicitly in it, in fact puppet is smart enough as i was suspecting . I appreciate all help, this time particularly to Stefan. Best Regards, eduardo. On 7 jul, 11:19, Stefan Schulte stefan.schu...@taunusstein.net wrote: On Mon, Jul 02, 2012 at 12:20:40PM -0500, Tim Mooney wrote: How to ensure groups dependencies at user creation ?. If you were just talking about the user's default group, then it would be one of the few cases where puppet establishes an ordering relation for you automatically. In other words: user { 'foo': gid = 'bar', } automatically ensures that group 'bar' is present before user 'foo'. I don't know if that same thing is true for supplemental groups It is also true for supplemental groups. You can see puppet creates the relationship when you run puppet agent / puppet apply in debug mode. So when I run # puppet apply -vd --noop EOF group { ['foo', 'bar']:ensure = present } user { 'bob': groups = [ 'foo', 'bar' ], ensure = present } EOF I get debug: /Stage[main]//User[bob]: Autorequiring Group[bar] debug: /Stage[main]//User[bob]: Autorequiring Group[foo] -Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] create multiple resources from an array of things.
I figured out what I was doing wrong. I wasn't (maybe I'm still not? :) ) properly taking advantage of the freebie parameter 'title' of defined types. This now seems to behave like I had hoped it would: class snap::rhel::rh5enable { #... $collector = ['10.0.0.1','10.0.0.2'] #… define add_snmp_hosts_allow () { exec { hosts_allow_$title: command = /bin/echo \snmpd : $title : ALLOW\ /etc/hosts.allow, unless = /bin/grep -c \snmpd : $title : ALLOW\ /etc/hosts.allow, } }#end define #... notify { COLLECTOR IS SET TO ${collector}: } add_snmp_hosts_allow{$collector:} #... } notice: /Stage[main]/Snmp::Rhel::Rh5enable/Snmp::Rhel::Rh5enable::Add_snmp_hosts_allow[10.0.0.2]/Exec[hosts_allow_10.0.0.2]/returns: executed successfully notice: COLLECTOR IS SET TO 10.0.0.110.0.0.2 notice: /Stage[main]/Snmp::Rhel::Rh5enable/Notify[COLLECTOR IS SET TO 10.0.0.110.0.0.2]/message: defined 'message' as 'COLLECTOR IS SET TO 10.0.0.110.0.0.2' notice: /Stage[main]/Snmp::Rhel::Rh5enable/Snmp::Rhel::Rh5enable::Add_snmp_hosts_allow[10.0.0.1]/Exec[hosts_allow_10.0.0.1]/returns: executed successfully notice: Finished catalog run in 6.76 seconds On Jul 8, 2012, at 2:38 PM, Wolf Noble wrote: Hi Eric, No, this class is not being called anywhere else. What I think is going on is that I have an array of two strings, but somehow the defined type is getting a concatenated string which contains both values of the array instead of treating each element of the array as an individual. The end goal here is to have an array of each ip address that needs to have an entry in /etc/hosts.allow, and have a defined type which is fed those IPs and verifies the presence of/creates the entries as needed. is there a better direction to approach this than I'm employing? On Jul 8, 2012, at 1:46 PM, Eric Shamow wrote: Wolf, Are you calling that parameterized class multiple places? This sounds like a situation where what you want may be a defined type but in fact you are using a parameterized class. You can include paramaterized classes multiple times using include but not using parameters. -Eric -- Eric Shamow Professional Services http://puppetlabs.com/ (c)631.871.6441 On Sunday, July 8, 2012 at 2:00 PM, Wolf Noble wrote: Hi gang, I feel like I'm missing something fundamental here… I've got the following: class snmp::rhel::rh5enable { $collector = ['10.0.0.1', '10.0.0.2'] define add_snmp_hosts_allow ($ip) { exec { hosts_allow_$ip: command = /bin/echo \snmpd : $ip : ALLOW\ /etc/hosts.allow, unless = /bin/grep -c \snmpd : $ip : ALLOW\ /etc/hosts.allow, } } notify { COLLECTOR IS SET TO ${collector}: } add_snmp_hosts_allow{$collector: ip= $collector,} } yet I get borked, as : err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Exec[hosts_allow_10..0.0.110.0.0.2] is already declared in file /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp at line 4; cannot redeclare at /etc/puppetlabs/puppet/modules/core/snmp/manifests/rhel/rh5enable.pp:4 on node centos how do I go about doing this correctly ? This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com (mailto:puppet-users@googlegroups.com). To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com (mailto:puppet-users+unsubscr...@googlegroups.com). For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. -- You received this message because you are subscribed to the Google Groups
Re: [Puppet Users] Re: proper usage of global variables / node variables / +=
On Thu, Jul 5, 2012 at 2:41 PM, jcbollinger john.bollin...@stjude.org wrote: On Thursday, July 5, 2012 2:59:07 PM UTC-5, fpee wrote: On 07/05/2012 08:30 AM, jcbollinger wrote: If that's so then you are relying on a Puppet bug, or perhaps you have oversimplified your example. The language guide specifically states that the += operator affects the observed value of the affected variable only in the scope where the plussignment is performed. You definitely should not see the modified value in classes that are not declared in the scope of the plussignment. Cool! Let's find out. Here is a working tiny example: node my_standard { $pkg_list += 'one two three ' } node 'testnode' inherits my_standard { include my_test1 include my_test2 } class my_test1 { $pkg_list += 'four five ' notify {pkg_list=$pkg_list:} notice(pkg_list=$pkg_list) } class my_test2 { $pkg_list += 'six seven ' notify {pkg_list=$pkg_list:} notice(pkg_list=$pkg_list) } The output when run on testnode: notice: /Stage[main]/My_test1/Notify[pkg_list=one two three four five ]/message: defined 'message' as 'pkg_list=one two three four five ' notice: /Stage[main]/My_test2/Notify[pkg_list=one two three four five six seven ]/message: defined 'message' as 'pkg_list=one two three four five six seven ' So, the my_test2 scope does have the changes from the my_test1 scope. Using puppet-server 2.7.9-1 (epel version). As the guy who has many modules that use this bug, I like it's functionality :) Should I file a bug report? Not if you like the buggy behavior :-) Personally, I would be very concerned that it might stop working between one point release and another, with no warning. The behavior is not merely undocumented, but contrary to the documentation as far as I can tell. At this point, however, I'm hoping that one of the PuppetLabs guys will jump in to either explain why I'm wrong or confirm that it's a bug. This is not an official Puppet Labs opinion. This seems to be compilation order dependent, so you will have different notify for: include my_test1 include my_test2 v.s. include my_test2 include my_test1 Also at a quick glance I can't see how you would use this in Puppet 3.0 with dynamic scope removed. Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to scale puppet with F5 load balancer?
From what I can tell there is no need to use alternate names. You can make the F5 appear to the clients to be the puppetmaster by leveraging the F5 to do SSL offloading and part of the certificate verification taking some load off your puppet masters. Even more though, since the puppet environments and other calls use pretty consistently organized URI paths, you can do some really neat stuff with F5 HTTP Class profiles to delegate certain requests to certain servers. For example we have one server that acts as a CA, all signing requests go there. Then for normal puppetmaster tasks requests are assigned to a pool of several servers. Further as part of our development setup we have separate environments for our main puppet module developers but these only exist on one puppetmaster so we use the F5 to pick out those requests and direct them to the correct server. In general its a lot like configuring a reverse proxy (Apache, Nginx, etc) in front of puppet. Our setup is quite extensive but I didn't do most of it so I don't want to lead anyone astray with an incomplete explanation. Let me see if I can get some of the details together and make a new wiki page on projects.puppetlabs.com or perhaps expand on the existing page. (linked below) Here's a starting point. http://projects.puppetlabs.com/projects/puppet/wiki/Load_Balancing_F5 Some examples for reverse proxy w/ Apache http://www.puppetmanaged.org/documentation/Reference_Guide-Appendices-Example_SSL_Frontend_Reverse_Proxy_Load_Balancer_Configuration.html http://www.masterzen.fr/2010/03/21/more-puppet-offloading/ -Alan On Sun, Jul 8, 2012 at 12:07 AM, Matthew Black mjbl...@gmail.com wrote: The best I was able to do is when you generate the certificate for the puppet master you use dns alt names flag to specify the alternative names for the puppet master. That is the only way I was able to make it work in my environment with the F5. On Sat, Jul 7, 2012 at 6:17 PM, Hai Tao ehai...@gmail.com wrote: How can I configure F5 load balancer to be infront of multiple puppet masters? The SSL will break as the server name if different, hostname of the VIP on the LB vs hostnames of each masters, right? Can you shed some light? Thanks. -- Hai Tao -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.