Re: [Puppet Users] Re: proper usage of global variables / node variables / +=

[fp]

At this point, however, I'm hoping that one of the PuppetLabs guys will
jump in to either explain why I'm wrong or confirm that it's a bug.


Any PuppetLabs guys reading? I realize they are all busy people, and it 
may take a while. It's all good.



--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problem using apache & passenger to run dashboard

[Denmat]

Hi, 

Haven't got details in front of me but check the puppet docs on passenger - I 
think you haven't set the right perms on your config.ru - should be owned by 
puppet.

Cheers
Den

On 12/07/2012, at 4:28, Hai Tao  wrote:

> The welcome page should only display when there is no webpage to
> display. I tried to remove the welcome page, and it still is not
> working.
> 
> It looks to me that the passenger is not working correctly.
> 
> httpd error log show this errors:
> 
> # tail -f dashboard_error.log
> [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does
> not exist: /usr/share/puppet-dashboard/public/reports
> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
> /usr/share/puppet-dashboard/public/nodes
> 
> 
> 
> On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett  wrote:
>> On Jul 10, 2012, at 4:39 PM, Hai Tao wrote:
>> 
>> but after I restarted httpd, I see a apache welcome page.
>> 
>> 
>> Did you read the page? It probably tells you to remove
>> /etc/httpd/conf.d/welcome.conf ...
>> 
>> --
>> Jo Rhett
>> Net Consonance : net philanthropy to improve open source and internet
>> projects.
>> 
>> 
>> 
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
> 
> 
> 
> -- 
> Hai Tao
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Denmat]

Puppet users and groups are fiddly. My current not implemented thinking is to 
use ldap and manage pam_groups via puppet on the hosts to get the granularity. 

More thinking out loud than anything else.

Den

On 12/07/2012, at 6:03, Jo Rhett  wrote:

> I'm fighting with a ticklish issue.  We have some groups and users that only 
> belong on some systems. So we made all users virtual and then realize them in 
> classes specific to those system types.  This works quite well for the users, 
> but not for the groups. When you specify a user, you have to list all the 
> groups they are in. 
>groups => ['support',ops','dev'],
> 
>  Obviously some groups aren't realized on all systems, so this produces an 
> error when usermod is run.
>   '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: 
> unknown group dev
>   usermod: unknown group dev
> 
> So I tried to get smarter, and put logic to add the group to each member 
> under the appropriate class
>   Class users::dev inherits users { 
>   User['jrhett'] { groups +> ['dev'] }
>   }
> 
> This works… almost. It works for all instances where the user is only 
> subclassed once. But if I do the same technique in multiple classes I get 
> 
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Parameter 'groups' is already set on User_and_key[jrhett] by 
> # at 
> /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
> /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
> 
> So how can this be achieved, short of using an exec with an unless doing 
> another exec to determine if the group exists?
> 
> -- 
> Jo Rhett
> Net Consonance : net philanthropy to improve open source and internet 
> projects.
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Christopher Wood]

I use nss-pam-ldapd and pam_ldap depending on the system, using an ldap filter 
to allow only certain groups per system. I prefer nss-pam-ldapd.

nss-pam-ldapd:

CentOS 6
Debian 6
Ubuntu 10.04

pam_ldap:

CentOS 5
FreeBSD 9

(Solaris is more like pam_ldap in configuration, but fairly unique.)

The manifests to deal with the above are essentially OS-specific.

On Thu, Jul 12, 2012 at 05:52:24PM +1000, Denmat wrote:
>Puppet users and groups are fiddly. My current not implemented thinking is
>to use ldap and manage pam_groups via puppet on the hosts to get the
>granularity. 
>More thinking out loud than anything else.
>Den
> 
>On 12/07/2012, at 6:03, Jo Rhett <[1]jrh...@netconsonance.com> wrote:
> 
>  I'm fighting with a ticklish issue.  We have some groups and users that
>  only belong on some systems. So we made all users virtual and then
>  realize them in classes specific to those system types.  This works
>  quite well for the users, but not for the groups. When you specify a
>  user, you have to list all the groups they are in. 
>   groups => ['support',ops','dev'],
>   Obviously some groups aren't realized on all systems, so this produces
>  an error when usermod is run.
>  '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6:
>  usermod: unknown group dev
>  usermod: unknown group dev
>  So I tried to get smarter, and put logic to add the group to each member
>  under the appropriate class
>  Class users::dev inherits users { 
>  User['jrhett'] { groups +> ['dev'] }
>  }
>  This works� almost. It works for all instances where the user is only
>  subclassed once. But if I do the same technique in multiple classes I
>  get 
>  err: Could not retrieve catalog from remote server: Error 400 on SERVER:
>  Parameter 'groups' is already set on User_and_key[jrhett] by
>  # at
>  /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at
>  /etc/puppet/modules/users/manifests/dev.pp:27 on node
>  [2]s2-d1.company.com
>  So how can this be achieved, short of using an exec with an unless doing
>  another exec to determine if the group exists?
>  -- 
>  Jo Rhett
>  Net Consonance : net philanthropy to improve open source and internet
>  projects.
> 
>  --
>  You received this message because you are subscribed to the Google
>  Groups "Puppet Users" group.
>  To post to this group, send email to [3]puppet-users@googlegroups.com.
>  To unsubscribe from this group, send email to
>  [4]puppet-users+unsubscr...@googlegroups.com.
>  For more options, visit this group at
>  [5]http://groups.google.com/group/puppet-users?hl=en.
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To post to this group, send email to puppet-users@googlegroups.com.
>To unsubscribe from this group, send email to
>puppet-users+unsubscr...@googlegroups.com.
>For more options, visit this group at
>http://groups.google.com/group/puppet-users?hl=en.
> 
> References
> 
>Visible links
>1. mailto:jrh...@netconsonance.com
>2. http://s2-d1.company.com/
>3. mailto:puppet-users@googlegroups.com
>4. mailto:puppet-users+unsubscr...@googlegroups.com
>5. http://groups.google.com/group/puppet-users?hl=en

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] CRAY / BlueGeneQ

[Pablo Fernandez]

Dear all,

I would like to ask you, does anybody here have experience with Puppet 
under CRAY systems, or BlueGeneQ? It would be nice to hear some 
experiences with this, if any.


Thanks!
Pablo

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] What is the intention of thin_storeconfigs?

[Bernd Adamowicz]

I started doing some experiments with the configuration option 
'thin_storeconfigs=true' by adding this option to one of my Puppet masters. 
However, I could not determine any change in behavior. I expected to have the 
resources collected faster, but Puppet still takes some 15min to do the job. So 
maybe I misunderstood something. Should this option instead be placed in the 
client's configuration to make them export only the @@-resources?

Couldn't find any documentation. So any help is appreciated.

Thanks
Bernd

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] What is the intention of thin_storeconfigs?

[Denmat]

Hi,

Thin_storeconfig stores less detail in the database, that won't necessarily 
speed it up but will reduce its footprint.

The actual differences I'm a bit fuzzy on.

Den

On 12/07/2012, at 18:29, Bernd Adamowicz  wrote:

> I started doing some experiments with the configuration option 
> 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. 
> However, I could not determine any change in behavior. I expected to have the 
> resources collected faster, but Puppet still takes some 15min to do the job. 
> So maybe I misunderstood something. Should this option instead be placed in 
> the client's configuration to make them export only the @@-resources?
> 
> Couldn't find any documentation. So any help is appreciated.
> 
> Thanks
> Bernd
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: The Puppet Way to handle slow resources? (newbie)

[Dave Anderson]

Hi Everyone,

First, thanks for all the great feedback!

Chris, I'll take a look at exported resources. I don't have a problem with 
MCollective per se, I just don't want to add a bunch of other software if 
there's a "native puppet" way to solve the problem. From what I've seen, 
Puppet itself isn't supposed to solve this problem, MCollective is.

Felix, yes my aim was to have everything complete in one Puppet run. My 
next-best option would be that Puppet would run again as soon as the 
slow-starting-service is ready - as opposed to waiting until the next 
scheduled run.

Trevor, I'll take a look at Capistrano (that was mentioned at the recent 
Dublin Puppet Camp) but I have the same reservations as I would have with 
MCollective. Func isn't possible for us, due to arcane/licensing issues.

Brian, thanks for your comments too. I will definitely model the service 
dependencies.

My "plan A" right now is that when the slow-running service is up and 
running it will tell Puppet to run. I haven't really thought about how this 
would work for multiple instances of the slow-service, I'm pretty sure 
that's not a hard problem to solve though.

Cheers everyone!

Dave


On Tuesday, 10 July 2012 19:39:58 UTC+1, Dave Anderson wrote:
>
> Hi 
>
> I have a resource that is slow to come into service and I have other 
> resources that are dependent on the service in order to be configured. I've 
> been searching for the "puppet way" to do this, but all the options I've 
> found don't seem optimal, so I'm assuming there is a better way that I'm 
> missing. 
>
> I have several instances, so I want puppet to kick them off in parallel. 
> And I want the reliant services to be configured as soon as possible when 
> the slow services are ready 
>
> So I don't really want to use long timeout/multiple retry because I 
> believe that won't be executed in parallel - and anyway, it's not a retry I 
> want, it's a wait 
>
> I don't want to have Mcollective/AMQP just for this one problem, it feels 
> like a sledgehammer to crack a nut 
>
> I don't want some external process to repeatedly kick puppet repeatedly 
> until the dependency is resolved and the reliant service can be configured 
>
> I'm imagining something like a semaphore, puppet sleeps and wakes up when 
> the semaphore is flipped (the slow resource is available) 
>
> Sorry if this is a dumb question, first post etc ... 
>
> Thanks 
>
> Dave 
> -- 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. 
> If you have received this email in error please notify the system manager. 
> This message contains confidential information and is intended only for 
> the 
> individual named. If you are not the named addressee you should not 
> disseminate, distribute or copy this e-mail. 
>
>
-- 
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you have received this email in error please notify the system manager. 
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/pSQNRuLUHgAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Crontab overwritten by Puppet

[Kmbu]

Thanks for the corroboration. At least I know I'm not crazy.

This needs to be reported as a bug. I'm not sure how to go about it, though.

It seems you know more about this than I do. Do you think you could report 
it?

On Wednesday, 11 July 2012 22:35:21 UTC+2, Romeo Theriault wrote:
>
> On Tue, Jul 10, 2012 at 10:41 PM, Kmbu wrote: 
> > Hi, 
> > 
> > Thanks for supporting. We've been running this environment of around 
> 1000 
> > servers for at least 5 years and have never seen a crontab suddenly 
> > disappear before. We've only had Puppet in place for a month or so. 
> > 
> > Regards, 
>
> Unfortunately, I've seen the same issue occur. I posted to the list 
> about it a while back and had some others say they'd seen similiar. 
> I've only seen this happen on Solaris so far but seeing it happen once 
> was enough for me to pull the plug on using puppet to manage users 
> crontab files on all our boxes, solaris and rhel. 
>
> On RHEL I've worked around the issue by dropping crontab files in 
> /etc/cron.d/ but on solaris I have no viable work-around at the 
> moment. 
>
> Others have mentioned that I  should just manage the whole crontab 
> file in puppet... but this isn't really an option for me at the 
> moment. 
>
> On solaris at least the issue seemed to be related to facter hanging 
> (due to the picld daemon hanging). 
>
> Not that this really solves your problem but if your on a *nix that 
> supports it you might want to look at converting to dropping cron 
> files in /etc/cron.d/ or similar. 
>
> -- 
> Romeo 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/I1OZt8f2u0YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] certname doesn't seem to work on the agent

[Kmbu]

There was no current cert. It was a new host. The cert was generated using 
the FQDN..

On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote:
>
> Hi, 
>
> Your config looks about right. 
> Did you drop the current cert and request and sign a new one? 
>
> On 11 July 2012 19:14, Kmbu wrote: 
> > Hi guys, 
> > 
> > I have a box that needs to identify itself to the puppetmaster as 
> something 
> > different from the FQDN. I added certname to the agent configuration 
> before 
> > the first run, but it doesn't seem to be sufficient. The certificate was 
> > generated for the FQDN, and the host appears in the dashboard as the 
> FQDN, 
> > and the node name used to evaluate the manifest is also the FQDN. I 
> would 
> > like to set it up so that, for all intents and purposes, the node/agent 
> has 
> > a different name. 
> > 
> > I'm running Puppet 2.7.6 via Apache/Passenger. 
> > 
> > Here is my agent config: 
> > 
> > [agent] 
> > 
> > # Whether log files should always flush to disk. 
> > autoflush = true 
> > 
> > # Reporting setup for Puppet Dashboard 
> > report = true 
> > 
> > # Randomize agent runs to avoid clusters 
> > splay = true 
> > 
> > # The main Puppet configuration directory.  The default for this 
> > parameter is calculated based on the user.  If the process 
> > # is running as root or the user that Puppet is supposed to run as, 
> it 
> > defaults to a system directory, but if it's running as any other user, 
> > # it defaults to being in the user's home directory. 
> > # The default value is '/etc/puppet'. 
> > confdir =  
> > 
> > # Where Puppet stores dynamic and growing data.  The default for 
> this 
> > parameter is calculated specially, like `confdir`_. 
> > # The default value is '/var/lib/puppet'. 
> > vardir =  
> > 
> > # Whether to print stack traces on some errors 
> > trace = true 
> > 
> > # How often puppet agent applies the client configuration; in 
> seconds. 
> > Note that a runinterval of 0 means run continuously rather than never 
> run. 
> > # If you want puppet agent to never run, you should start it with 
> the 
> > --no-client option. 
> > runinterval = 300 
> > 
> > # Whether to use colors when logging to the console. 
> > # Valid values are `ansi` (equivalent to `true`), `html` (mostly 
> > # used during testing with TextMate), and `false`, which produces 
> > # no color. 
> > # The default value is 'ansi'. 
> > color = ansi 
> > 
> > # The environment Puppet is running in.  For clients 
> > # (e.g., `puppet agent`) this determines the environment itself, 
> which 
> > # is used to find modules and much more.  For servers (i.e., `puppet 
> > master`) this provides the default environment for nodes 
> > # we know nothing about. 
> > # The default value is 'production'. 
> > environment = pre 
> > 
> > # Where to find information about nodes. 
> > # The default value is 'plain'. 
> > # node_terminus = plain 
> > 
> > # Where the puppet agent web server logs. 
> > # The default value is '$logdir/http.log'. 
> > httplog = /http.log 
> > 
> > # Send the process into the background.  This is the default. 
> > # The default value is 'true'. 
> > daemonize = true 
> > 
> > # The name to use when handling certificates.  Defaults 
> > # to the fully qualified domain name. 
> > certname =  
> > 
> > # Where Puppet should look for facts.  Multiple directories should 
> > # be colon-separated, like normal PATH variables. 
> > # The default value is '$vardir/lib/facter:$vardir/facts'. 
> > factpath = $vardir/lib/facter:$vardir/facts 
> > 
> > # From where to retrieve facts.  The standard Puppet `file` type 
> > # is used for retrieval, so anything that is a valid file source can 
> > # be used here. 
> > # The default value is 'puppet://$server/facts/'. 
> > factsource = puppet:///facts/ 
> > 
> > # The pid file 
> > # The default value is '$rundir/$name.pid'. 
> > pidfile = /agent.pid 
> > 
> > # The user puppet master should run as. 
> > # The default value is 'puppet'. 
> > user = apache 
> > 
> > # The group puppet master should run as. 
> > # The default value is 'puppet'. 
> > group = apache 
> > 
> > # Wether the master should function as a certificate authority. 
> > # The default value is 'true'. 
> > ca = true 
> > 
> > # The search path for modules as a list of directories separated by 
> the 
> > ':' character. 
> > # The default value is '$confdir/modules:/usr/share/puppet/modules'. 
> > modulepath = /modules 
> > 
> > # The explicit value used for the node name for all requests the 
> agent 
> > # makes to the master. WARNING: This setting is mutually exclusive 
> with 
> > # node_name_fact.  Changing this setting also requires changes to 
> the 
> > default 
> > # auth.conf configur

Re: [Puppet Users] PROBLEM: Puppet functions execute during compile time...

[Felix Frank]

Hi,

On 07/11/2012 08:02 PM, Rastio Hodul wrote:
> Hi,
> I'm new to Puppet.
> 
> I'm writing the script that installs LAMP+Drupal.
> 
> At the end of the script I need to setup a cron. But for that I need to
> read certain key that has been generated during install.
> So I'm trying use generate() function, BUT it evaluates during compile
> time at which the key has not been generated yet.

it also evaluates on the *master*, not the agent, so you won't have any
luck with that.

> Is there any way to order the execution of functions (I guess not)?
> Or, is there any other way to read something from database in a
> controlled time and order?

Tricky. I guess the canon approach would be to write a custom fact that
retrieves the value for you after puppet has completed the setup on your
agent. During the next agent run, the cron can be generated using the
information from the fact.

The manifest should look like this:

if $myvalue {
  cron { "mycron": command => "/some/thing/with $myvalue ...", ... }
}

so that the cron will only be created once the fact is indeed available.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Felix Frank]

Hi,

On 07/11/2012 10:03 PM, Jo Rhett wrote:
> So I tried to get smarter, and put logic to add the group to each member
> under the appropriate class
> Class users::dev inherits users { 
> User['jrhett'] { groups +> ['dev'] }
> }
> 
> This works… almost. It works for all instances where the user is only
> subclassed once. But if I do the same technique in multiple classes I get 

sound approach, but I've hit this wall a couple of times as well.

I've resorted to horrors that would add items to array variables that
are declared in a central, well-known class, and use the final value for
the resources in question. Depending on how much flexibility is
required, this may not be feasible at all.

Perhaps hiera can be used to do something clever here?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] CRAY / BlueGeneQ

[Felix Frank]

Hi,

On 07/12/2012 10:01 AM, Pablo Fernandez wrote:
> Dear all,
> 
> I would like to ask you, does anybody here have experience with Puppet
> under CRAY systems, or BlueGeneQ? It would be nice to hear some
> experiences with this, if any.
> 
> Thanks!
> Pablo

I believe that hardware matters less, but what operating system is in
use on your supercomputers?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] certname doesn't seem to work on the agent

[Kmbu]

I just did another test on another new agent. Same behaviour. The value of 
certname does not feature in the log at all. Here is the debug level agent 
log. I've replaced the actual FQDN with . There's no reference to the 
value set in certname. Seems that it's completely ignored.

debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::File::ProviderWindows: feature microsoft_windows is 
missing
debug: Failed to load library 'ldap' for feature 'ldap'
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: /File[/run]: Autorequiring File[]
debug: /File[/state]: Autorequiring File[]
debug: /File[/ssl/private_keys/.pem]: Autorequiring 
File[/ssl/private_keys]
debug: /File[/client_yaml]: Autorequiring File[]
debug: /File[/ssl/certificate_requests]: Autorequiring 
File[/ssl]
debug: /File[/ssl/public_keys/.pem]: Autorequiring 
File[/ssl/public_keys]
debug: /File[/ssl]: Autorequiring File[]
debug: /File[/client_data]: Autorequiring File[]
debug: /File[/ssl/private]: Autorequiring File[/ssl]
debug: /File[/ssl/certs/.pem]: Autorequiring 
File[/ssl/certs]
debug: /File[/lib]: Autorequiring File[]
debug: /File[/ssl/public_keys]: Autorequiring File[/ssl]
debug: /File[/state/graphs]: Autorequiring File[/state]
debug: /File[/log]: Autorequiring File[]
debug: /File[/ssl/certs/ca.pem]: Autorequiring 
File[/ssl/certs]
debug: /File[/puppet.conf]: Autorequiring File[]
debug: /File[/ssl/private_keys]: Autorequiring 
File[/ssl]
debug: /File[/facts]: Autorequiring File[]
debug: /File[/ssl/certs]: Autorequiring File[/ssl]
debug: /File[/clientbucket]: Autorequiring File[]
debug: /File[/ssl/private_keys/.pem]/mode: mode changed 
'640' to '600'
debug: /File[/ssl/private_keys/.pem]: The container 
/ssl/private_keys/.pem will propagate my refresh event
debug: /File[/ssl/public_keys/.pem]/mode: mode changed 
'640' to '644'
debug: /File[/ssl/public_keys/.pem]: The container 
/ssl/public_keys/.pem will propagate my refresh event
debug: /File[/ssl/certs/.pem]/mode: mode changed '640' to 
'644'
debug: /File[/ssl/certs/.pem]: The container 
/ssl/certs/.pem will propagate my refresh event
debug: Finishing transaction 2161652120
debug: /File[/ssl/private_keys/.pem]: Autorequiring 
File[/ssl/private_keys]
debug: /File[/log]: Autorequiring File[]
debug: /File[/state]: Autorequiring File[]
debug: /File[/lib]: Autorequiring File[]
debug: /File[/ssl]: Autorequiring File[]
debug: /File[/run]: Autorequiring File[]
debug: /File[/ssl/public_keys/.pem]: Autorequiring 
File[/ssl/public_keys]
debug: /File[/ssl/private]: Autorequiring File[/ssl]
debug: /File[/ssl/public_keys]: Autorequiring File[/ssl]
debug: /File[/ssl/certificate_requests]: Autorequiring 
File[/ssl]
debug: /File[/ssl/certs]: Autorequiring File[/ssl]
debug: /File[/ssl/certs/ca.pem]: Autorequiring 
File[/ssl/certs]
debug: /File[/ssl/private_keys]: Autorequiring 
File[/ssl]
debug: /File[/facts]: Autorequiring File[]
debug: /File[/ssl/certs/.pem]: Autorequiring 
File[/ssl/certs]
debug: Finishing transaction 2160330700
debug: Using cached certificate for ca
debug: Using cached certificate for 
info: Sleeping for 102 seconds (splay is enabled)
debug: Finishing transaction 2162067520
info: Retrieving plugin
debug: file_metadata supports formats: b64_zlib_yaml marshal pson raw yaml; 
using pson
debug: Using cached certificate for ca
debug: Using cached certificate for 
info: Caching certificate_revocation_list for ca
notice: /File[/lib]/mode: mode changed '755' to '775'
debug: /File[/lib]: The container /lib will propagate 
my refresh event
notice: /File[/lib/facter]/ensure: created
debug: /File[/lib/facter]: The container /lib/facter 
will propagate my refresh event
debug: /lib/facter: The container /lib will propagate 
my refresh event
notice: /File[/lib/facter/opco.rb]/ensure: defined content as 
'{md5}b8c8355306bac503c7a40a41667354bf'
debug: /File[/lib/facter/opco.rb]: The container 
/lib/facter/opco.rb will propagate my refresh event
notice: /File[/lib/facter/env.rb]/ensure: defined content as 
'{md5}e2e9a41cc4f52a8fa807ec3a1f99fdfd'
debug: /File[/lib/facter/env.rb]: The container 
/lib/facter/env.rb will propagate my refresh event
debug: /lib/facter/env.rb: The container /lib will 
propagate my refresh event
debug: /lib/facter/opco.rb: The container /lib will 
propagate my refresh event
debug: Finishing transaction 2161732220
info: Loading downloaded plugin /lib/facter/opco.rb
info: Loading downloaded plugin /lib/facter/env.rb
info: Loading facts in env
info: Loading facts in opco
info: Loading facts in env
info: Loading facts in opco
debug: catalog supports formats: b64_zlib_yaml dot marshal pson raw yaml; 
using pson
/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/rest.rb:56:in
 
`deserialize'
/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/rest.rb:120:in
 
`find'
/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/indirector/indirection.rb:189:in
 
`find'
/lib/ruby/gems/1.8/gems/puppet-2.7.6/lib/puppet/configurer.rb:237:in 
`re

Re: [Puppet Users] What is the intention of thin_storeconfigs?

[Walter Heck]

Thin stored configs only store exported resources in the database Instead
of all resources. There may be more differences though.

Sent from my galaxy tab
On Jul 12, 2012 6:01 PM, "Denmat"  wrote:

> Hi,
>
> Thin_storeconfig stores less detail in the database, that won't
> necessarily speed it up but will reduce its footprint.
>
> The actual differences I'm a bit fuzzy on.
>
> Den
>
> On 12/07/2012, at 18:29, Bernd Adamowicz 
> wrote:
>
> > I started doing some experiments with the configuration option
> 'thin_storeconfigs=true' by adding this option to one of my Puppet masters.
> However, I could not determine any change in behavior. I expected to have
> the resources collected faster, but Puppet still takes some 15min to do the
> job. So maybe I misunderstood something. Should this option instead be
> placed in the client's configuration to make them export only the
> @@-resources?
> >
> > Couldn't find any documentation. So any help is appreciated.
> >
> > Thanks
> > Bernd
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ENC questions

[llow...@oreillyauto.com]

I've been trying to wrap my head around ENCs.

Kelsey Hightower gave me some very useful info in IRC the other day, but 
there are still some things I can't quite get my head around.

>From what I can tell, an ENC allows you to assign classes and parameters 
(top scope variables) to a given node or group of nodes.

They cannot declare/define relationships (chain classes together to order 
them) or declare individual resources.

The purpose is to help separate data and configuration.

>From reading what documentation I could find on the puppet site (some of 
which is potentially inaccurate / outdated from the wiki), the only way to 
get around these limits is to build your modules, then define a series of 
wrapper classes and super classes and assign these to the nodes.

We've got 2 dozen or so systems that we manage with puppet, and so far have 
done it all just using node defs.

What benefits would there be in using an ENC, from an admin side of things? 
Is it something that would be worth my time in setting up?

I'm trying to understand this, and my long term goal is to maximize the 
benefit we get from puppet.

Thanks.

Lee

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Lr4lgnpVWcwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: how to conditionally add users to a virtualized group?

[jcbollinger]

 
On Wednesday, July 11, 2012 3:03:14 PM UTC-5, Jo wrote:
>
> I'm fighting with a ticklish issue.  We have some groups and users that 
> only belong on some systems. So we made all users virtual and then realize 
> them in classes specific to those system types.  This works quite well for 
> the users, but not for the groups. When you specify a user, you have to 
> list all the groups they are in. 
> groups => ['support',ops','dev'],
>
>  Obviously some groups aren't realized on all systems, so this produces an 
> error when usermod is run.
> '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: unknown 
> group dev
> usermod: unknown group dev
>
> So I tried to get smarter, and put logic to add the group to each member 
> under the appropriate class
> Class users::dev inherits users { 
> User['jrhett'] { groups +> ['dev'] }
> }
>
> This works… almost. It works for all instances where the user is only 
> subclassed once. But if I do the same technique in multiple classes I get 
>
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Parameter 'groups' is already set on User_and_key[jrhett] by 
> # at 
> /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
> /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
>
> So how can this be achieved, short of using an exec with an unless doing 
> another exec to determine if the group exists?
>
>
If it is the case that each user always has the same potential secondary 
groups, and you need to narrow the actual secondary groups to those that 
are actually present, then I think you could do it without too much pain.  
The main ingredients would be a list (array) of the groups that are 
supposed to be present, and a custom function that forms the intersection 
of two arrays.  (Or you could use an inline template and split(), but yuck!)

Hiera would probably provide a good means for building the list of 
available groups, which you could then use not only to filter user 
definitions but also to drive virtual group realization.  Here's a skeleton 
of how it might work:

class auth::constants {
  $available_groups = hiera('groups')
}

class auth::groups::virtual {
  # Virtual group declarations, such as
  @group { 'dev': 
gid => 4242,
ensure => present
  }
}

define auth::concrete_group () {
  include 'auth::groups::virtual'
  realize Group[$name]
}

class auth::groups {
  include 'auth::constants'

  auth::concrete_group { $auth::constants::available_groups: }
}

class auth::users::virtual {
  include 'auth::constants'

  # Virtual user declarations, such as
  @user { 'jbolling':
uid => 4200,
gid => 4200,
groups => intersect(['dev', 'support', 'ops'], 
$auth::constants::available_groups)
  }
}

A few bits are omitted, most notably user realization.  The main concept is 
to declare what you want in the first place, rather than throwing up 
something and trying to tweak it afterward, or trying to build values 
incrementally.  The latter two approaches tends to work poorly in Puppet 
(with certain caveats).

Note also that the above is completely hypothetical.  I think it would 
work, but it's not based on anything I have actually implemented.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/uo9sWOQTJyMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Environment and layout questions

[earthgecko]

Hi Tim

I had a similar question in 
https://groups.google.com/forum/?fromgroups#!topic/puppet-users/fhHYT3LkBoE 
but spent a while figuring out and testing what is possible.  Hopefully 
this will help you or someone work their way around a corner.

Puppet Environments

* Common modules, environment/node specific configs
* Environment specific modules and common or environment/node specific 
configs

It is possible to use both and failback/iterate over configs per 
$environment and per node.
And it is possible to have a shared/common module in (modules) that is 
specific to all environments and have the specific $environment or node 
configs being served via environments.  It is a little complicated but does 
work and allows for quite a bit of flexibility serving environments.

I find that I do not want to maintain all modules per environment in 
puppet, as that means maintaining $(( modules * number_of_environments )), 
but do as shown later :)

Some modules lend then themselves to a common module but environment 
specific configuration.  To achieve this some puppet magic is required, a 
few spells :)  I shall try and describe the concept and steps here.

So for example it is possible to achieve something like the following 
(caveat manifests/${environment} dirs are there if you are also using an 
include ${environment}/*.pp for node definitions):

|+-environments/
|  +-dev/
|  | +-configs/
|  | | |+-mysql_proxy/
|  | | |  +-${puppet_env}.mysql-proxy.erb
|  | | |  +-dev-server-1.mysql-proxy.erb
|  | | |+-mysql_server/
|  | |+-$hostname.cnf
|  | |+-mysql.conf
|  | +-modules/
|  | | |+-httpd/
|  | ||+-manifests/
|  | ||  +-init.pp
|  | ||+-templates/
|  | |   +-httpd.conf.erb
|  | +-repo/
|  |   |+-*.rpm
|  +-prod/
|  | +-configs/
|  | | |+-mysql_proxy/
|  | | |  +-${puppet_env}.mysql-proxy.erb
|  | | |  +-prod-server-2.mysql-proxy.erb
|  | | |+-mysql_server/
|  | |+-$hostname.cnf
|  | |+-mysql.conf
|  | +-modules/
|  | | |+-httpd/
|  | ||+-manifests/
|  | ||  +-init.pp
|  | ||+-templates/
|  | |   +-httpd.conf.erb
|  | +-repo/
|  |   |+-*.rpm
|+-manifests/
|  |+-dev/
|  |  +-dev-server-1.pp
|  |  +-dev-server-2.pp
|  |+-prod/
|  |  +-prod-server-1.pp
|  |  +-prod-server-2.pp
|  |+-extdata/
|  |  +-dev.csv
|  |  +-dev.csv
|  |+-dev.pp
|  |+-prod.pp
|  |+-site.pp
|+-modules/
   |+-mysql_proxy/
   |  |+-manifests/
   |  |  +-init.pp
   |  |+-files/
   | +-mysql-proxy.erb
   |+-mysql_server/
  |+-manifests/
 +-init.pp

To achieve this you need to ensure environments are set in the puppet.conf

[agent]
environment = <%= environment %>


Just for clarification I map $environment to $puppet_env (for some backward 
compatability issues as puppet environments has not always been avaiable).


[agent]
environment = <%= puppet_env %>

,
In the node manifest:


  $puppet_env = '$::environment'


In the puppetmaster puppet.conf:


[master]

  # Where the puppet manifests live
  templatedir = /opt/puppet/manifests
  modulepath  = $confdir/environments/$environment/modules:$confdir/modules
  manifest= $confdir/manifests/unknown_environment.pp

[dev]
  manifest = $confdir/manifests/dev.pp
[prod]
  manifest = $confdir/manifests/prod.pp


Environment specific manifests.  As you can see above, here if the node is 
a dev node, the manifest/dev.pp will be served and it does:


import 'site.pp'
import 'dev/*.pp'


site.pp being common dev and prod variables, etc.

Then in the puppetmaster filerserver.conf (example from a erb template), 
change the /opt/puppet path as appropriate.
For further clarification I use extdata and the extlookup function in erb 
templates and have dev.csv and prod.csv extdata files and there is a top 
scope variable of $puppet_repo = '/opt/puppet'
Here is a snippet that serves 
environments/${environment}/{configs,modules,repo} directories to the nodes.

fileserver.conf(.erb):


[configs]
  path /opt/puppet/environments/<%= environment %>/configs

# Environment nodes
<% node_ips.each do |val| -%>
  allow <%= val %>
<% end -%>
<% if cloud_provider == "aws" %># aws allow private IP
  allow <%= ec2_local_ipv4 %><% end %>

[repo]
  path <%= puppet_repo %>/environments/<%= puppet_env %>/repo

# Environment nodes
<% node_ips.each do |val| -%>
  allow <%= val %>
<% end -%>
<% if cloud_provider == "aws" %># aws allow private IP
  allow <%= ec2_local_ipv4 %><% end %>


A note regarding modules and environments, if you have environments 
configured and you have a module is the 
environments/${environment}/modules/module_a you cannot have 
modules/module_a.

Putting it all together

mysql_proxy example init.pp:


# mysql-proxy config
  file { '/etc/sysconfig/mysql-proxy':
owner   => 'root',
group   => 'root',
mode=> '0644',
# Here we use an inline_template that calls the file() resource.  The 
template
# resource does not allow to use the "first file found" like the source 
resource
# does.  However the file () r

[Puppet Users] Re: What is the intention of thin_storeconfigs?

[jcbollinger]

On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote:
>
> I started doing some experiments with the configuration option 
> 'thin_storeconfigs=true' by adding this option to one of my Puppet masters. 
> However, I could not determine any change in behavior. I expected to have 
> the resources collected faster, but Puppet still takes some 15min to do the 
> job. So maybe I misunderstood something. Should this option instead be 
> placed in the client's configuration to make them export only the 
> @@-resources? 
>
> Couldn't find any documentation. So any help is appreciated. 
>
>
Google gave me this as my number one hit: 
http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration.  
It's a bit dated, but it nevertheless contains the key information: "[thin 
storeconfigs] only collects and stores to the database exported resources, 
tags and host facts."

'Thick' storeconfigs additionally stores non-exported resources, and 
possibly other things -- overall, a relational representation of nodes' 
entire catalogs.

I would expect thin storeconfigs to accelerate resource collection relative 
to thick only if the *overall* database size were slowing the DBMS.  If the 
problem is specifically with the number and/or complexity of exported 
resources, then thin vs. thick should not make a difference in that area.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ehNmEJw6uVUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] CRAY / BlueGeneQ

[Dominic Maraglia]

Pablo,

If your Cray systems are running Cray Linux, then it is possible Puppet
will run in your environment, though we have yet to test this ourselves at
Puppet.

Cheers,

Dominic Maragia

On Thu, Jul 12, 2012 at 1:01 AM, Pablo Fernandez wrote:

> Dear all,
>
> I would like to ask you, does anybody here have experience with Puppet
> under CRAY systems, or BlueGeneQ? It would be nice to hear some experiences
> with this, if any.
>
> Thanks!
> Pablo
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com .
> For more options, visit this group at http://groups.google.com/**
> group/puppet-users?hl=en
> .
>
>


-- 
Dominic Maraglia
QA Engineer
Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: What is the intention of thin_storeconfigs?

[jcbollinger]

On Thursday, July 12, 2012 3:29:15 AM UTC-5, badamowicz wrote:
>
> Should [thin_storeconfigs] instead be placed in the client's configuration 
> to make them export only the @@-resources? 
>

No, (thin_)storeconfigs is a function of the master, at catalog compilation 
time.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7_ug4xm5OFAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] CRAY / BlueGeneQ

[Ken Barber]

I dealt with a case that had a Cray XT4 using Redhat Linux
specifically. More or less since the hardware and OS was just like any
other platform we support, it wasn't a problem and we supported it.

If you are using Cray Linux - I believe its based on the SuSE Linux
platform (and we do support SLES 11sp1/2) - so if you have trouble I'm
sure it wouldn't be hard to adapt, although it isn't a platform we
have specifically targeted in the past. Some Facter patches would
probably be needed to identify its version and OS - but if it works
like SuSE in respect to packaging we already have the code to support
zypper packages (if that is indeed what it uses) and other SuSE
facilities - it all depends on the variations that Cray have taken.

>From a support perspective today Cray Linux would fall into a
community effort, but that doesn't mean with some work it couldn't
work for you.

BlueGene/Q on the other hand is a PPC architecture isn't it? So what
OS are you running on it? In most cases when it comes to Puppet - its
the OS that matters.

ken.

On Thu, Jul 12, 2012 at 9:01 AM, Pablo Fernandez
 wrote:
> Dear all,
>
> I would like to ask you, does anybody here have experience with Puppet under
> CRAY systems, or BlueGeneQ? It would be nice to hear some experiences with
> this, if any.
>
> Thanks!
> Pablo
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] nginx-passenger authentication / certificate issue

[Jon Jaroker]

Hello, I have been stumped by an authentication / certificate problem
and would like to know if anyone has resolved a similar issue.

My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
when run standalone, using 'puppet master --verbose --no-daemonize'.

When using nginx-passenger in front of the same puppet master,  puppet
fails with the authentication error:  '… Forbidden request …  access
to /file_metadata/plugins [find] at line 57'

This failure occurs on the same node that had successfully connected
to Puppet Master when it was run standalone.

The full log errors are here: http://pastebin.com/KH8Pyyw3

I can work-around this authentication error by appending 'allow *' for
'path /' in the puppet master's auth.conf file.

Here is the Puppet Master auth.conf file I am using: 
http://pastebin.com/Ju0ke3rP

I don't think this workaround is correct: the default authentication
policy should not allow access to un-authenticated nodes.

Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0

Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE

Does anyone see what I am doing wrong?  I have already tried deleting
and recreating certificates for the agent and master.

Thank you,
Jon

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] nginx-passenger authentication / certificate issue

[Jeff McCune]

Are you sure you want to be using the passenger_set_cgi_param nginx
directive and not proxy_set_header?

The problem definitely seems to be Puppet not picking up the values
that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN
request headers.

-Jeff

On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker  wrote:
>
> Hello, I have been stumped by an authentication / certificate problem
> and would like to know if anyone has resolved a similar issue.
>
> My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
> when run standalone, using 'puppet master --verbose --no-daemonize'.
>
> When using nginx-passenger in front of the same puppet master,  puppet
> fails with the authentication error:  '… Forbidden request …  access
> to /file_metadata/plugins [find] at line 57'
>
> This failure occurs on the same node that had successfully connected
> to Puppet Master when it was run standalone.
>
> The full log errors are here: http://pastebin.com/KH8Pyyw3
>
> I can work-around this authentication error by appending 'allow *' for
> 'path /' in the puppet master's auth.conf file.
>
> Here is the Puppet Master auth.conf file I am using: 
> http://pastebin.com/Ju0ke3rP
>
> I don't think this workaround is correct: the default authentication
> policy should not allow access to un-authenticated nodes.
>
> Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0
>
> Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE
>
> Does anyone see what I am doing wrong?  I have already tried deleting
> and recreating certificates for the agent and master.
>
> Thank you,
> Jon
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: err: Could not request certificate: execution expired

[Ron]

I see this also if the time on the client is too far out of sync with the 
time on the server.  set the time to within a few seconds of the server 
first, then try again.

On Tuesday, July 10, 2012 12:39:13 PM UTC-5, Ganesh Ganesh wrote:
>
> Hi Guys,
>
> I am trying to executed sign client to server,
> I give the command to client #puppetd --test -d -v
>
>
> debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring 
> File[/var/lib/puppet/ssl]
> debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring 
> File[/var/lib/puppet/ssl]
> debug: Finishing transaction 23595599384520
>
>
>
> err: Could not request certificate: execution expired
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
> How to resolve this, please guide me guys.
>
> -Ganesh.
>  
> Did I learn something today? If not, I wasted it.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/K6IyTQw6wesJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: nginx-passenger authentication / certificate issue

[David Wooldridge]

I know when I was setting this up 
(http://z0mbix.github.com/blog/2012/03/01/use-nginx-and-passenger-to-power-your-puppet-master/),
 
the main gotcha I came up against was the permissions of the config.ru file 
have to be the same as your puppet user. I can't remember what error this 
caused though.

Cheers David

On Thursday, 12 July 2012 15:34:06 UTC+1, Jon Jaroker wrote:
>
> Hello, I have been stumped by an authentication / certificate problem 
> and would like to know if anyone has resolved a similar issue. 
>
> My fresh install of Puppet Master 2.7.18 on Debian 6 works normally 
> when run standalone, using 'puppet master --verbose --no-daemonize'. 
>
> When using nginx-passenger in front of the same puppet master,  puppet 
> fails with the authentication error:  '… Forbidden request …  access 
> to /file_metadata/plugins [find] at line 57' 
>
> This failure occurs on the same node that had successfully connected 
> to Puppet Master when it was run standalone. 
>
> The full log errors are here: http://pastebin.com/KH8Pyyw3 
>
> I can work-around this authentication error by appending 'allow *' for 
> 'path /' in the puppet master's auth.conf file. 
>
> Here is the Puppet Master auth.conf file I am using: 
> http://pastebin.com/Ju0ke3rP 
>
> I don't think this workaround is correct: the default authentication 
> policy should not allow access to un-authenticated nodes. 
>
> Here is my nginx.conf file: http://pastebin.com/q7HMuAZ0 
>
> Here is the config.ru configuration file: http://pastebin.com/1aCdsTJE 
>
> Does anyone see what I am doing wrong?  I have already tried deleting 
> and recreating certificates for the agent and master. 
>
> Thank you, 
> Jon 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/2MBuu8evOokJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: nginx-passenger authentication / certificate issue

[Jon Jaroker]

Hello Jeff,

Thank you for your reply.  It pointed me in the right direction.

Regarding 'proxy_set_header', I don't believe this directive has an
effect on passenger.  For passenger, I believe the
'passenger_set_cgi_param' directive must be used instead.

My mistake was using the wrong parameter.  While HTTP_X_CLIENT_* will
work for 'proxy_set_header', I think you need to use SSL_CLIENT_*
parameters for 'passenger_set_cgi_param'.

Here is the change in nginx.conf that solved the problem for me.

# passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
# passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
  passenger_set_cgi_param SSL_CLIENT_S_DN  $ssl_client_s_dn;
  passenger_set_cgi_param SSL_CLIENT_VERIFY$ssl_client_verify;


The puppet client is now able to connect normally.

Regards,
Jon

On Jul 12, 10:44 am, Jeff McCune  wrote:
> Are you sure you want to be using the passenger_set_cgi_param nginx
> directive and not proxy_set_header?
>
> The problem definitely seems to be Puppet not picking up the values
> that should be set in the HTTP_X_CLIENT_VERIFY and HTTP_X_CLIENT_DN
> request headers.
>
> -Jeff
>
>
>
>
>
>
>
> On Thu, Jul 12, 2012 at 7:34 AM, Jon Jaroker  wrote:
>
> > Hello, I have been stumped by an authentication / certificate problem
> > and would like to know if anyone has resolved a similar issue.
>
> > My fresh install of Puppet Master 2.7.18 on Debian 6 works normally
> > when run standalone, using 'puppet master --verbose --no-daemonize'.
>
> > When using nginx-passenger in front of the same puppet master,  puppet
> > fails with the authentication error:  '… Forbidden request …  access
> > to /file_metadata/plugins [find] at line 57'
>
> > This failure occurs on the same node that had successfully connected
> > to Puppet Master when it was run standalone.
>
> > The full log errors are here:http://pastebin.com/KH8Pyyw3
>
> > I can work-around this authentication error by appending 'allow *' for
> > 'path /' in the puppet master's auth.conf file.
>
> > Here is the Puppet Master auth.conf file I am 
> > using:http://pastebin.com/Ju0ke3rP
>
> > I don't think this workaround is correct: the default authentication
> > policy should not allow access to un-authenticated nodes.
>
> > Here is my nginx.conf file:http://pastebin.com/q7HMuAZ0
>
> > Here is the config.ru configuration file:http://pastebin.com/1aCdsTJE
>
> > Does anyone see what I am doing wrong?  I have already tried deleting
> > and recreating certificates for the agent and master.
>
> > Thank you,
> > Jon
>
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com.
> > To unsubscribe from this group, send email to 
> > puppet-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: proper usage of global variables / node variables / +=

[Eric Shamow]

Nan is a Puppet Labs guy. One of our best :)

His warning about dynamic scoping is something to take seriously. That's not a 
gratuitous error message - dynamic scoping causes all kinds of problems and has 
been scheduled for deprecation for a while now, and that's coming in the next 
major release.

Details:

http://docs.puppetlabs.com/guides/scope_and_puppet.html

-Eric 

-- 

Eric Shamow
Professional Services
http://puppetlabs.com/
(c)631.871.6441


On Thursday, July 12, 2012 at 1:27 AM, fp wrote:

> > At this point, however, I'm hoping that one of the PuppetLabs guys will
> > jump in to either explain why I'm wrong or confirm that it's a bug.
> 
> 
> 
> Any PuppetLabs guys reading? I realize they are all busy people, and it 
> may take a while. It's all good.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com 
> (mailto:puppet-users@googlegroups.com).
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com 
> (mailto:puppet-users+unsubscr...@googlegroups.com).
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How can I list classes available on the puppet master?

[llow...@oreillyauto.com]

Is there a way to get a list of all the classes available from the puppet 
master?

I have 2 goals for this - one is documentation in a human readable form, 
and the other is potentially importing that data into dashboard.

I did find some info on the rest API 
(http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
can't make any sense of the output from it.

Thanks.

Lee

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problem using apache & passenger to run dashboard

[Hai Tao]

I do have a config.ru under /etc/puppet/rack, and it is owned by
puppet. And that is the only config.ru I have.

Under /usr/share/puppet-dashboard/public, there is no config.ru. But
there is a 
/usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru.

In the procedure I followed, it never ask me to config a config.ru
file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html


Thanks.

Hai Tao


On Thu, Jul 12, 2012 at 12:47 AM, Denmat  wrote:
> Hi,
>
> Haven't got details in front of me but check the puppet docs on passenger - I 
> think you haven't set the right perms on your config.ru - should be owned by 
> puppet.
>
> Cheers
> Den
>
> On 12/07/2012, at 4:28, Hai Tao  wrote:
>
>> The welcome page should only display when there is no webpage to
>> display. I tried to remove the welcome page, and it still is not
>> working.
>>
>> It looks to me that the passenger is not working correctly.
>>
>> httpd error log show this errors:
>>
>> # tail -f dashboard_error.log
>> [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>> [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does
>> not exist: /usr/share/puppet-dashboard/public/reports
>> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
>> /usr/share/puppet-dashboard/public/nodes
>>
>>
>>
>> On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett  wrote:
>>> On Jul 10, 2012, at 4:39 PM, Hai Tao wrote:
>>>
>>> but after I restarted httpd, I see a apache welcome page.
>>>
>>>
>>> Did you read the page? It probably tells you to remove
>>> /etc/httpd/conf.d/welcome.conf ...
>>>
>>> --
>>> Jo Rhett
>>> Net Consonance : net philanthropy to improve open source and internet
>>> projects.
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>>
>> --
>> Hai Tao
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] problem using apache & passenger to run dashboard

[Hai Tao]

note, I also have a /usr/share/puppet/ext/rack/files/config.ru file.

On Thu, Jul 12, 2012 at 9:04 AM, Hai Tao  wrote:
> I do have a config.ru under /etc/puppet/rack, and it is owned by
> puppet. And that is the only config.ru I have.
>
> Under /usr/share/puppet-dashboard/public, there is no config.ru. But
> there is a 
> /usr/share/puppet-dashboard/vendor/rails/railties/dispatches/config.ru.
>
> In the procedure I followed, it never ask me to config a config.ru
> file. http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html
>
>
> Thanks.
>
> Hai Tao
>
>
> On Thu, Jul 12, 2012 at 12:47 AM, Denmat  wrote:
>> Hi,
>>
>> Haven't got details in front of me but check the puppet docs on passenger - 
>> I think you haven't set the right perms on your config.ru - should be owned 
>> by puppet.
>>
>> Cheers
>> Den
>>
>> On 12/07/2012, at 4:28, Hai Tao  wrote:
>>
>>> The welcome page should only display when there is no webpage to
>>> display. I tried to remove the welcome page, and it still is not
>>> working.
>>>
>>> It looks to me that the passenger is not working correctly.
>>>
>>> httpd error log show this errors:
>>>
>>> # tail -f dashboard_error.log
>>> [Wed Jul 11 11:27:26 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:26 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:32 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:32 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:34 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:34 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:35 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:35 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:43 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:44 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>> [Wed Jul 11 11:27:46 2012] [error] [client 10.224.78.200] File does
>>> not exist: /usr/share/puppet-dashboard/public/reports
>>> [Wed Jul 11 11:27:46 2012] [error] [client ::1] File does not exist:
>>> /usr/share/puppet-dashboard/public/nodes
>>>
>>>
>>>
>>> On Wed, Jul 11, 2012 at 11:13 AM, Jo Rhett  wrote:
 On Jul 10, 2012, at 4:39 PM, Hai Tao wrote:

 but after I restarted httpd, I see a apache welcome page.


 Did you read the page? It probably tells you to remove
 /etc/httpd/conf.d/welcome.conf ...

 --
 Jo Rhett
 Net Consonance : net philanthropy to improve open source and internet
 projects.



 --
 You received this message because you are subscribed to the Google Groups
 "Puppet Users" group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.
>>>
>>>
>>>
>>> --
>>> Hai Tao
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "Puppet Users" group.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> To unsubscribe from this group, send email to 
>>> puppet-users+unsubscr...@googlegroups.com.
>>> For more options, visit this group at 
>>> http://groups.google.com/group/puppet-users?hl=en.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Hai Tao



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: The Puppet Way to handle slow resources? (newbie)

[Tim Mooney]

In regard to: [Puppet Users] Re: The Puppet Way to handle slow resources?...:


Chris, I'll take a look at exported resources. I don't have a problem with
MCollective per se, I just don't want to add a bunch of other software if
there's a "native puppet" way to solve the problem. From what I've seen,
Puppet itself isn't supposed to solve this problem, MCollective is.


Agreed.


My "plan A" right now is that when the slow-running service is up and
running it will tell Puppet to run. I haven't really thought about how this
would work for multiple instances of the slow-service, I'm pretty sure
that's not a hard problem to solve though.


I've only partially followed this thread so I don't know if someone else
has already suggested this, but if the real issue is that the interaction
between software, init script, and puppet isn't working correctly, then
why not have puppet manage and use a "wrapper" init script?  You keep the
init script that came with the software, but instead of having puppet use
that for start/stop/status, you write your own "local-service" or
"mycompany-service" init script and have that script call the original
script and augment the logic in start/stop/status/whatever to do whatever
is needed to work correctly with puppet.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] OpenssL::BN Error

[Ganesh Kumar]

Hi Guys,

I an trying to remove puppetca revoke certification i got openssl error

[root@dvtelx3bayxit55 ~]# puppetca --revoke all
notice: Revoked certificate with serial # Inventory of signed certificates
# SERIAL NOT_BEFORE NOT_AFTER SUBJECT
0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA:
dvtelx3bayxit55.localdomain

err: Could not call revoke: Cannot convert into OpenSSL::BN
[root@dvtelx3bayxit55 ~]#

How to resolve this, please guide me..

-Ganesh.

Did I learn something today? If not, I wasted it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Jo Rhett]

That's great if you have centralized and co-hosted infrastructure and are 
willing to accept the dependancy. Given that this is a small need for a small 
number of users on a very small amount of systems (like 3 out of hundreds) 
without a centralized backbone between them, implementing LDAP makes little 
sense.

On Jul 12, 2012, at 12:52 AM, Denmat wrote:
> Puppet users and groups are fiddly. My current not implemented thinking is to 
> use ldap and manage pam_groups via puppet on the hosts to get the 
> granularity. 
> 
> More thinking out loud than anything else.
> 
> Den
> 
> On 12/07/2012, at 6:03, Jo Rhett  wrote:
> 
>> I'm fighting with a ticklish issue.  We have some groups and users that only 
>> belong on some systems. So we made all users virtual and then realize them 
>> in classes specific to those system types.  This works quite well for the 
>> users, but not for the groups. When you specify a user, you have to list all 
>> the groups they are in. 
>>   groups => ['support',ops','dev'],
>> 
>>  Obviously some groups aren't realized on all systems, so this produces an 
>> error when usermod is run.
>>  '/usr/sbin/usermod -G support,ops,dev jrhett' returned 6: usermod: 
>> unknown group dev
>>  usermod: unknown group dev
>> 
>> So I tried to get smarter, and put logic to add the group to each member 
>> under the appropriate class
>>  Class users::dev inherits users { 
>>  User['jrhett'] { groups +> ['dev'] }
>>  }
>> 
>> This works… almost. It works for all instances where the user is only 
>> subclassed once. But if I do the same technique in multiple classes I get 
>> 
>> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
>> Parameter 'groups' is already set on User_and_key[jrhett] by 
>> # at 
>> /etc/puppet/modules/users/manifests/support.pp:22; cannot redefine at 
>> /etc/puppet/modules/users/manifests/dev.pp:27 on node s2-d1.company.com
>> 
>> So how can this be achieved, short of using an exec with an unless doing 
>> another exec to determine if the group exists?
>> 
>> -- 
>> Jo Rhett
>> Net Consonance : net philanthropy to improve open source and internet 
>> projects.
>> 
>> 
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Jo Rhett]

On Jul 12, 2012, at 4:30 AM, Felix Frank wrote:
> On 07/11/2012 10:03 PM, Jo Rhett wrote:
>> So I tried to get smarter, and put logic to add the group to each member
>> under the appropriate class
>> Class users::dev inherits users { 
>> User['jrhett'] { groups +> ['dev'] }
>> }
>> 
>> This works… almost. It works for all instances where the user is only
>> subclassed once. But if I do the same technique in multiple classes I get 
> 
> sound approach, but I've hit this wall a couple of times as well.
> 
> I've resorted to horrors that would add items to array variables that
> are declared in a central, well-known class, and use the final value for
> the resources in question. Depending on how much flexibility is
> required, this may not be feasible at all.

Hm. That might work, but seems even uglier :(

> Perhaps hiera can be used to do something clever here?


This is actually something that hiera seems perfect for, but we simply don't 
have any backend dataset from which to derive hiera data at this time. That is 
going to change, and I'm looking forward to having hiera access at that point.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Jo Rhett]

On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:
> If it is the case that each user always has the same potential secondary 
> groups, and you need to narrow the actual secondary groups to those that are 
> actually present, then I think you could do it without too much pain.  The 
> main ingredients would be a list (array) of the groups that are supposed to 
> be present, and a custom function that forms the intersection of two arrays.  
> (Or you could use an inline template and split(), but yuck!)
> 
> Hiera would probably provide a good means for building the list of available 
> groups, which you could then use not only to filter user definitions but also 
> to drive virtual group realization.  Here's a skeleton of how it might work:
> 
> class auth::constants {
>   $available_groups = hiera('groups')
> }

Interesting idea, but depends on an external datasource that tells us which 
groups are valid.  Since all of these groups are already defined in puppet, I 
simply don't see the value of managing intersections of data between a hiera 
data source and puppet.

>   # Virtual user declarations, such as
>   @user { 'jbolling':
> uid => 4200,
> gid => 4200,
> groups => intersect(['dev', 'support', 'ops'], 
> $auth::constants::available_groups)
>   }
> }


I think the intersect idea is valid, as long as I can find out if a parameter 
is realized or not.  Basically, write a function that removes from the array 
any group which isn't realized. This removes any need for heira.  However I'm 
poking around and the docs don't show any methods to determine if something has 
been realized or not.

If I am reading this right, intersect is provided by stdlib, right?  So I 
really just need to write a function to determine if something is realized or 
not. I suspect this is going to fall back to the same issues as defined() 
unless I can delay execution until the end.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet 3.0.0 and hiera

[Steve Traylen]

On Tuesday, 10 July 2012 03:18:47 UTC+2, Henrik Lindberg wrote:
>
> On 2012-09-07 19:07, Kelsey Hightower wrote: 
> > You'll need hiera-puppet, which contains the parser functions. Puppet 
> 3.0.0 should bring in both Hiera and hiera-puppet as deps. 
> > 
> Thanks, 
> that is a good start. My issue is however that I don't want to install 
> things in order to scan them for content as I am building an index of 
> functions, types, etc. in the puppet runtime. 
>
> Currently Geppetto does not offer users the ability to do these scans so 
> I can just mash something up to create the index, but ultimately I would 
> want to be able to scan an (any) installation and get all the installed 
> functions. 
>
> So, my questions is really, in an installation, how does puppet find 
> puppet-hiera and know that there are parser functions. Is it added to 
> the module path or is it done via some other mechanism? 
>
> Reading this: 
> http://puppetlabs.com/blog/first-look-installing-and-using-hiera/ It 
> looks like the source needs to be copied into puppet's modulepath 
> drectory - will this be different in 3.0.0 
>

Yes that's exactly what happens. Nothing has to be done. It will "just 
work".
 

>
> Regards 
> - henrik 
>
> > On Jul 9, 2012, at 9:21 AM, Henrik Lindberg <
> henrik.lindb...@cloudsmith.com> wrote: 
> > 
> >> Hi, 
> >> If I have understood it correctly, puppet 3.0.0 will include / require 
> hiera. In order to add support for hiera directly in Geppetto I downloaded 
> the puppet 3.0.0rc tarball expecting to find the puppet-hiera functions, 
> but they where not there. 
> >> 
> >> What is the expected packaging going to be when 3.0.0 is released? 
> >> Where should I expect the hiera "parser functions" to be located? 
> >> 
> >> (For now I can compose the result manually, but I would like to know 
> where they are supposed to be so I do this correctly from the start). 
> >> 
> >> If you want to, you can also comment on 
> https://github.com/cloudsmith/geppetto/issues/282 
> >> 
> >> Regards 
> >> - henrik 
> >> 
> >> -- 
> >> You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> >> To post to this group, send email to puppet-users@googlegroups.com. 
> >> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com. 
> >> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en. 
> >> 
> > 
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/bQXKaarut08J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[Ryan Coleman]

One way to approach this (for documentation) is to build a file
resource backed by a template. The template would contain something
like the following. It prints out all the classes defined in that
agents catalog.

<% classes.each do |klass| -%>
The class <%= klass %> is defined
<% end -%>

This example could be used to build something like /etc/motd on each
system with the list of defined classes.

As for Dashboard, if you chose to use it as your ENC, the class
information is already there. Otherwise, that's not something you can
really do (afaik) outside of a custom fact that each machine populates
into the Dashboards inventory service.

HTH,
--Ryan

On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
 wrote:
> Is there a way to get a list of all the classes available from the puppet
> master?
>
> I have 2 goals for this - one is documentation in a human readable form, and
> the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API
> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Ryan Coleman | about.me/ryc
Modules & Forge @ Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[Ryan Coleman]

Crap, I forgot to mention my source:
http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes

On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman  wrote:
> One way to approach this (for documentation) is to build a file
> resource backed by a template. The template would contain something
> like the following. It prints out all the classes defined in that
> agents catalog.
>
> <% classes.each do |klass| -%>
> The class <%= klass %> is defined
> <% end -%>
>
> This example could be used to build something like /etc/motd on each
> system with the list of defined classes.
>
> As for Dashboard, if you chose to use it as your ENC, the class
> information is already there. Otherwise, that's not something you can
> really do (afaik) outside of a custom fact that each machine populates
> into the Dashboards inventory service.
>
> HTH,
> --Ryan
>
> On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
>  wrote:
>> Is there a way to get a list of all the classes available from the puppet
>> master?
>>
>> I have 2 goals for this - one is documentation in a human readable form, and
>> the other is potentially importing that data into dashboard.
>>
>> I did find some info on the rest API
>> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
>> can't make any sense of the output from it.
>>
>> Thanks.
>>
>> Lee
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>
>
>
> --
> Ryan Coleman | about.me/ryc
> Modules & Forge @ Puppet Labs



-- 
Ryan Coleman | about.me/ryc
Modules & Forge @ Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[llow...@oreillyauto.com]

Comments inline.

On Thursday, July 12, 2012 3:08:10 PM UTC-5, Ryan Coleman wrote:
>
> One way to approach this (for documentation) is to build a file 
> resource backed by a template. The template would contain something 
> like the following. It prints out all the classes defined in that 
> agents catalog. 
>
>
I'm not really wanting a listing of classes currently applied to a given 
node.

I am wanting to get a listing of every class that is defined and available 
to be used in node defs.

 

> <% classes.each do |klass| -%> 
> The class <%= klass %> is defined 
> <% end -%> 
>
> This example could be used to build something like /etc/motd on each 
> system with the list of defined classes. 
>
> As for Dashboard, if you chose to use it as your ENC, the class 
> information is already there. Otherwise, that's not something you can 
> really do (afaik) outside of a custom fact that each machine populates 
> into the Dashboards inventory service. 
>
>
The class info is not already there, it only sees and can use classes that 
you define either through it's web UI or by inserting directly into it's DB.
 

> HTH, 
> --Ryan 
>
> On Thu, Jul 12, 2012 at 8:54 AM, llowder wrote: 
> > Is there a way to get a list of all the classes available from the 
> puppet 
> > master? 
> > 
> > I have 2 goals for this - one is documentation in a human readable form, 
> and 
> > the other is potentially importing that data into dashboard. 
> > 
> > I did find some info on the rest API 
> > (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> > can't make any sense of the output from it. 
> > 
> > Thanks. 
> > 
> > Lee 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ. 
> > To post to this group, send email to puppet-users@googlegroups.com. 
> > To unsubscribe from this group, send email to 
> > puppet-users+unsubscr...@googlegroups.com. 
> > For more options, visit this group at 
> > http://groups.google.com/group/puppet-users?hl=en. 
>
>
>
> -- 
> Ryan Coleman | about.me/ryc 
> Modules & Forge @ Puppet Labs 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/aQ2szZ_TnUcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[Nigel Kersten]

On Thu, Jul 12, 2012 at 8:54 AM, llow...@oreillyauto.com
 wrote:
> Is there a way to get a list of all the classes available from the puppet
> master?

We've actually addressed this more directly in the upcoming Telly
branch, where we've extended the resource_type REST API to make this
simpler:

https://projects.puppetlabs.com/issues/14137

You'll be able to directly ask the question via an API of "what
classes exist in this environment?"

Note you can do this already prior to Telly, but you need to do
filtering yourself on the returned output to just grab class
information.




>
> I have 2 goals for this - one is documentation in a human readable form, and
> the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API
> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Nigel Kersten | http://puppetlabs.com | @nigelkersten
Schedule Meetings at: http://tungle.me/nigelkersten

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[R.I.Pienaar]

- Original Message -
> From: "Ryan Coleman" 
> To: puppet-users@googlegroups.com
> Sent: Thursday, July 12, 2012 9:08:55 PM
> Subject: Re: [Puppet Users] How can I list classes available on the puppet 
> master?
> 
> Crap, I forgot to mention my source:
> http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes
> 
> On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman 
> wrote:
> > One way to approach this (for documentation) is to build a file
> > resource backed by a template. The template would contain something
> > like the following. It prints out all the classes defined in that
> > agents catalog.
> >
> > <% classes.each do |klass| -%>
> > The class <%= klass %> is defined
> > <% end -%>

that classes array is built up during parsing so when used like this it wont be
complete till the end of the compile, so its not reliable.

same reason that defined() doesnt work.

Best way is to check classes.txt on the node.

this code:
-
class one { }
class two { }

include one

notice(inline_template("<%= classes.inspect %>"))

include two

notice(inline_template("<%= classes.inspect %>"))
-

does:
-
notice: Scope(Class[main]): ["settings", "one"]
notice: Scope(Class[main]): ["settings", "one", "two"]
notice: Finished catalog run in 0.04 seconds
-

you can see the contents depend on the parse order and will only be 
complete at the end of the compile.

if you supply a class list from an ENC the whole ENC received list
will be in there from the start though

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[Dan White]

http://docs.puppetlabs.com/man/doc.html

I use a command like this:

puppet doc --outputdir /apache/htdocs/puppetmaster --mode rdoc 
--manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules

And I get a fantastic web-tree describing every class on my PuppetMaster

It does require you to document your code, but it is worth it IMNSHO :)

“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)

- llow...@oreillyauto.com wrote:
> Is there a way to get a list of all the classes available from the puppet 
> master?
> 
> I have 2 goals for this - one is documentation in a human readable form, 
> and the other is potentially importing that data into dashboard.
> 
> I did find some info on the rest API 
> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> can't make any sense of the output from it.
> 
> Thanks.
> 
> Lee
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/wmJFsgZDA8sJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[Walter Heck]

It's pretty ghetto, but we've used this script before, which I can confirm
still works on Puppet 2.7.17:
http://www.devco.net/archives/2010/02/26/what_does_puppet_manage_on_a_node-2.php

cheers,

Walter

On Fri, Jul 13, 2012 at 4:22 AM, R.I.Pienaar  wrote:

>
>
> - Original Message -
> > From: "Ryan Coleman" 
> > To: puppet-users@googlegroups.com
> > Sent: Thursday, July 12, 2012 9:08:55 PM
> > Subject: Re: [Puppet Users] How can I list classes available on the
> puppet master?
> >
> > Crap, I forgot to mention my source:
> >
> http://docs.puppetlabs.com/guides/templating.html#access-to-defined-tags-and-classes
> >
> > On Thu, Jul 12, 2012 at 1:08 PM, Ryan Coleman 
> > wrote:
> > > One way to approach this (for documentation) is to build a file
> > > resource backed by a template. The template would contain something
> > > like the following. It prints out all the classes defined in that
> > > agents catalog.
> > >
> > > <% classes.each do |klass| -%>
> > > The class <%= klass %> is defined
> > > <% end -%>
>
> that classes array is built up during parsing so when used like this it
> wont be
> complete till the end of the compile, so its not reliable.
>
> same reason that defined() doesnt work.
>
> Best way is to check classes.txt on the node.
>
> this code:
> -
> class one { }
> class two { }
>
> include one
>
> notice(inline_template("<%= classes.inspect %>"))
>
> include two
>
> notice(inline_template("<%= classes.inspect %>"))
> -
>
> does:
> -
> notice: Scope(Class[main]): ["settings", "one"]
> notice: Scope(Class[main]): ["settings", "one", "two"]
> notice: Finished catalog run in 0.04 seconds
> -
>
> you can see the contents depend on the parse order and will only be
> complete at the end of the compile.
>
> if you supply a class list from an ENC the whole ENC received list
> will be in there from the start though
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>


-- 
Walter Heck

--
Check out my startup: Puppet training and consulting @
http://www.olindata.com
Follow @olindata on Twitter and/or 'Like' our Facebook page at
http://www.facebook.com/olindata

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: PuppetDB 0.9.2 Available

[Matthaus Litteken]

PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
include new features and bug fixes. For details on changes
in this release, please see the release notes below.

# Downloads

Available in native package format at

http://yum.puppetlabs.com

http://apt.puppetlabs.com

Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb

Available for use with Puppet Enterprise 2.5.1 and later at

http://yum-enterprise.puppetlabs.com/ and http://apt-enterprise.puppetlabs.com/

# Documentation (including how to install): http://docs.puppetlabs.com/puppetdb

# Issues can be filed at:
http://projects.puppetlabs.com/projects/puppetdb/issues

# Upgrading

1. On your puppetdb server, stop the puppetdb daemon
2. On your puppetmaster(s), stop the puppetmaster daemon
3. On your puppetdb server, install the new puppetdb package
4. On your puppetdb server, start the puppetdb daemon
5. On your puppetmaster(s), install the new puppetdb-terminus package
6. On your puppetmaster(s), start the puppetmaster daemon

0.9.2
=

Many thanks to the following people who contributed patches to this
release:

* Jason Ashby
* Kushal Pisavadia
* Erik Dalén
* Deepak Giridharagopal
* Nick Lewis
* Matthaus Litteken
* Chris Price

Notable features:

* Allow more advanced storeconfigs queries

  Now, when using PuppetDB, your puppet manifests can use "and" and
  "or" in collection queries:

File <<| mode == 0755 or content == "bar" |>>

* (#14947) Restrict accetable client certificates by CN

  PuppetDB now implements an optional whitelist for HTTPS clients. If
  enabled by the user, we validate that the CN of the supplied client
  certificate exactly matches an entry in the whitelist. This allows
  users to restrict access to PuppetDB using the same CA
  infrastructure that Puppet already uses. For example, you can
  restrict access to PuppetDB to just your puppetmaster boxes.

  This feature is off by default. Refer to the documentation on the
  `certificate-whitelist` configuration option for details.

Notable fixes:

* (#15388) Add redirect from '/' to the dashboard

  Prior to this fix, if you started up PuppetDB and then attempted to
  browse to "/", you'd get an error message that might lead you to
  believe that the server wasn't actually running (depending on your
  browser).

  This commit simply adds a redirect from "/" to the dashboard index
  page.

* (#14688) Improve stdout/stderr handling for redhat init script

  Prior to this fix, the redhat init script was keeping stdout/stderr
  open when you called "service puppetdb stop". This resulted in some
  undesirable behavior; starting the service over an ssh connection
  would not release the ssh connection, errors would appear on the
  console rather than in the log file, etc. Now, daemon startup
  redirects stdout/stderr to a file (puppetdb-daemon.log) instead of
  spamming the console, and we more properly background the launched
  process to prevent "locking" of a parent SSH connection.

* (#15349) Work around non-string resource titles

  It's possible in some cases for Puppet to generate a resource whose
  title isn't a string. However, since the generated edges refer to
  the resource using a string title, we end up with a mismatch. Now we
  will stringify all resource titles on the way out. In future, Puppet
  should do this for us.

* (#15446) Improve handling of user/group removal on rpm removal

  Fixed the following bugs in our handling of user/group removal
  during rpm removal:

  1. We were not conditioning the calls to groupdel / userdel to avoid
 running them during an upgrade, which meant that we were trying
 to delete them even during upgrades... which would have been bad.
  2. We had an || where we needed an &&, so we weren't actually
 calling the groupdel / userdel commands.
  3. We were hard-coding the user's home dir to a bad path.
  4. We had some '-r' flags that were wrong and/or unnecessary.

* (#15136, #15340) Properly handle non-string node queries

  Previously, these would result in 500 errors as the database failed
  the comparisons because of mismatched types. Now, all equality
  comparisons will be done against strings, and all numeric
  comparisons will be done against numbers.

  For equality comparisons, non-string arguments will be
  converted. This allows natural queries against numbers or booleans
  to work despite all fact values technically being strings.

  For numeric comparisons, non-numeric arguments will be converted.
  However, if the argument doesn't represent a number, the query will
  be rejected.

* (#15075) Improve handling of service start/stop during rpm
  upgrade/uninstall

  On uninstall, we now check to see if this is part of an upgrade or
  not, and we only stop and disable the service if this is *not* part
  of an upgrade. Also, we stop the service before we install the new
  package, and restart it after we finish removing the old package.

* (#15321) Add aliases for namevars th

Re: [Puppet Users] How can I list classes available on the puppet master?

[llow...@oreillyauto.com]

Comments inline
On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote:
>
> http://docs.puppetlabs.com/man/doc.html 
>
> I use a command like this: 
>
> puppet doc --outputdir /apache/htdocs/puppetmaster --mode 
> rdoc --manifestdir /etc/puppet/manifests --modulepath /etc/puppet/modules 
>
> And I get a fantastic web-tree describing every class on my PuppetMaster 
>
> It does require you to document your code, but it is worth it IMNSHO :) 
>
>
I had tried this before, unsuccessfully. But it is working on my dev 
environment (perhaps my prod and test masters don't have rdoc installed? 
Shall have to look into that later).

So I am glad that part is working.

Now I just need to find a good ay to get the info into dashboard.
 

> “Sometimes I think the surest sign that intelligent life exists elsewhere 
> in the universe is that none of it has tried to contact us.” 
> Bill Waterson (Calvin & Hobbes) 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] How can I list classes available on the puppet master?

[R.I.Pienaar]

Here's a little script that finds all .pp files in an environment
parse them an print all the found classes.

I didnt test if it works for .pp files with more than 1 class in them

Just point it at your module path and environment at the top


require 'puppet'
require 'find'

Puppet.settings[:modulepath] = "/etc/puppet/manifests/common/modules"
parser = Puppet::Parser::Parser.new(Puppet::Node::Environment.new("production"))

klasses = []

Find.find(Puppet.settings[:modulepath]) do |f|
  next unless f =~ /\.pp$/

  parser.file = f
  ast = parser.parse

  ast.instantiate('').each do |resource_type|
klasses << resource_type.namespace if resource_type.file == f
  end

end

klasses.sort.each{|k| puts k}
--

- Original Message -
> From: llow...@oreillyauto.com
> To: puppet-users@googlegroups.com
> Sent: Thursday, July 12, 2012 9:55:55 PM
> Subject: Re: [Puppet Users] How can I list classes available on the puppet 
> master?
> 
> 
> Comments inline
> On Thursday, July 12, 2012 3:29:27 PM UTC-5, Ygor wrote:
> 
> http://docs.puppetlabs.com/man/doc.html
> 
> I use a command like this:
> 
> puppet doc --outputdir /apache/htdocs/puppetmaster
> --mode rdoc --manifestdir /etc/puppet/manifests --modulepath
> /etc/puppet/modules
> 
> And I get a fantastic web-tree describing every class on my
> PuppetMaster
> 
> It does require you to document your code, but it is worth it IMNSHO
> :)
> 
> 
> 
> I had tried this before, unsuccessfully. But it is working on my dev
> environment (perhaps my prod and test masters don't have rdoc
> installed? Shall have to look into that later).
> 
> So I am glad that part is working.
> 
> Now I just need to find a good ay to get the info into dashboard.
> 
> 
> “Sometimes I think the surest sign that intelligent life exists
> elsewhere in the universe is that none of it has tried to contact
> us.”
> Bill Waterson (Calvin & Hobbes)
> 
> 
> 
> 
> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/OFj4YYtBmBwJ .
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Crontab overwritten by Puppet

[Stefan Schulte]

On Mon, Jul 09, 2012 at 06:48:41AM -0700, Kmbu wrote:
> Hello folks..
> 
> I suddenly found the crontab on one of my puppet clients overwritten. It 
> had many entries, including one created by Puppet. Suddenly during one run 
> it was overwritten, keeping only the Puppet entry and removing everything 
> else. Nothing changed between the previous runs and the one that re-created 
> the crontab in terms of configuration. I'm running Puppet 2.7.6.
> 
> Fri Jul 06 22:00:16 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:03:58 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.34 seconds
> Fri Jul 06 22:10:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:11:18 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.30 seconds
> Fri Jul 06 22:20:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:23:05 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.81 seconds
> Fri Jul 06 22:30:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:35:04 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.92 seconds
> Fri Jul 06 22:40:15 +0200 2012 Puppet (notice): Reopening log files
> Fri Jul 06 22:44:35 +0200 2012 
> /Stage[main]/Cre-base/Cron[puppet-run]/ensure (notice): created
> Fri Jul 06 22:44:39 +0200 2012 Puppet (notice): Finished catalog run in 
> 5.54 seconds
> 
> Why would one run suddenly do this?
> 
> Regards,
> 

It looks like prefetching (executing »crontab -l root« to get current
cronentries) failed in some way. As a result puppet's in-memory
representation of the crontab is empty. When puppet now evaluates your
Cron['puppet-run'] resource, it detects it to be out of sync (is absent,
should be present), so the in-memory representation now contains only
your 'puppet-run' cronjob. If the new crontab is written back to disk,
you will loose every other cronentry.

Normally I would expect an error message if prefetching failed:

Could not prefetch cron provider

but that doesn't seem to be the case here. On the other hand there is an
outstanding bug about failures beeing silently ignored on solaris [1]

So a failure when running »crontab -l root« (do you manage crontabs of
other users as well? You may hit [2] in that case) would at least
explain the log output but the interesting question now is:
Can you think of a situation *why* the command failed?

[1] http://projects.puppetlabs.com/issues/14283
[2] http://projects.puppetlabs.com/issues/5752

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[jcbollinger]

On Thursday, July 12, 2012 1:42:28 PM UTC-5, Jo wrote:
>
> On Jul 12, 2012, at 6:46 AM, jcbollinger wrote:
>
> If it is the case that each user always has the same potential secondary 
> groups, and you need to narrow the actual secondary groups to those that 
> are actually present, then I think you could do it without too much pain.  
> The main ingredients would be a list (array) of the groups that are 
> supposed to be present, and a custom function that forms the intersection 
> of two arrays.  (Or you could use an inline template and split(), but yuck!)
>
> Hiera would probably provide a good means for building the list of 
> available groups, which you could then use not only to filter user 
> definitions but also to drive virtual group realization.  Here's a skeleton 
> of how it might work:
>
> class auth::constants {
>   $available_groups = hiera('groups')
> }
>
>
> Interesting idea, but depends on an external datasource that tells us 
> which groups are valid.  Since all of these groups are already defined in 
> puppet, I simply don't see the value of managing intersections of data 
> between a hiera data source and puppet.
>

No, it doesn't depend on an external datasource; rather, It depends on 
up-front knowledge of which groups are supposed to be realized for the 
node.  Although I proposed using an external datasource to provide that 
data, it could just as well be provided by an ENC or determined via DSL 
code based on conditionals, node facts, etc.  Even class parameters.

 

>
>   # Virtual user declarations, such as
>   @user { 'jbolling':
> uid => 4200,
> gid => 4200,
> groups => intersect(['dev', 'support', 'ops'], 
> $auth::constants::available_groups)
>   }
> }
>
>
> I think the intersect idea is valid, as long as I can find out if a 
> parameter is realized or not.  Basically, write a function that removes 
> from the array any group which isn't realized. This removes any need for 
> heira.  However I'm poking around and the docs don't show any methods to 
> determine if something has been realized or not.
>
> If I am reading this right, intersect is provided by stdlib, right?
>

If so, then I'm somehow overlooking it.  My suggestion and expectation was 
that you would create it yourself, but it seems sufficiently 
general-purpose that you might find something suitable already made.  You 
can also, of course, jerry-rig something based on inline_template().
 

>  So I really just need to write a function to determine if something is 
> realized or not. I suspect this is going to fall back to the same issues as 
> defined() unless I can delay execution until the end.
>
>
I would avoid that variation on this approach if at all possible.  You 
would sidestep multiple pitfalls if you could determine up front, based on 
node name and facts, which groups are *supposed* to be present, instead of 
attempting to determine after the fact which were realized.  Indeed, you 
might even find it convenient to use that information to drive group 
realization.  If nothing else, doing so would ensure that users aren't 
assigned to secondary groups that don't get realized.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/tO-mgaYJ7-sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: proper usage of global variables / node variables / +=

[jcbollinger]

On Thursday, July 12, 2012 10:52:23 AM UTC-5, Eric Shamow wrote:
>
> Nan is a Puppet Labs guy. One of our best :) 
>
> His warning about dynamic scoping is something to take seriously. That's 
> not a gratuitous error message - dynamic scoping causes all kinds of 
> problems and has been scheduled for deprecation for a while now, and that's 
> coming in the next major release. 
>
> Details: 
>
> http://docs.puppetlabs.com/guides/scope_and_puppet.html 
>
>
Thanks, Eric, but none of that is responsive to the question presently at 
hand, which is whether the behavior the OP observed with += is buggy (as I 
have claimed) or intentional.  Are you or Nan, either one, willing to opine 
on that one?


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/X4j1dAM9TpIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ENC questions

[jcbollinger]

On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:
>
> I've been trying to wrap my head around ENCs.
>
> Kelsey Hightower gave me some very useful info in IRC the other day, but 
> there are still some things I can't quite get my head around.
>
> From what I can tell, an ENC allows you to assign classes and parameters 
> (top scope variables) to a given node or group of nodes.
>
> They cannot declare/define relationships (chain classes together to order 
> them) or declare individual resources.
>
> The purpose is to help separate data and configuration.
>
> From reading what documentation I could find on the puppet site (some of 
> which is potentially inaccurate / outdated from the wiki), the only way to 
> get around these limits is to build your modules, then define a series of 
> wrapper classes and super classes and assign these to the nodes.
>
> We've got 2 dozen or so systems that we manage with puppet, and so far 
> have done it all just using node defs.
>
> What benefits would there be in using an ENC, from an admin side of 
> things? Is it something that would be worth my time in setting up?
>
> I'm trying to understand this, and my long term goal is to maximize the 
> benefit we get from puppet.
>

If your node definitions contain only class and maybe variable declarations 
-- a good practice -- then you would not have much trouble doing the same 
thing with an ENC.  With that said, I don't think there are very many sites 
that would benefit from *writing their own* ENCs.  If you are using Foreman 
or the Puppet Dashboard, however, then you already have an ENC available to 
you, with a spiffy UI and everything.

Overall, as long as you're satisfied with writing node definitions in 
Puppet DSL, I don't think it's worth the time and effort to change.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Yg9jlmWjkEkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ENC questions

[Craig White]

On Jul 12, 2012, at 2:42 PM, jcbollinger wrote:

> 
> 
> On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:
> I've been trying to wrap my head around ENCs.
> 
> Kelsey Hightower gave me some very useful info in IRC the other day, but 
> there are still some things I can't quite get my head around.
> 
> From what I can tell, an ENC allows you to assign classes and parameters (top 
> scope variables) to a given node or group of nodes.
> 
> They cannot declare/define relationships (chain classes together to order 
> them) or declare individual resources.
> 
> The purpose is to help separate data and configuration.
> 
> From reading what documentation I could find on the puppet site (some of 
> which is potentially inaccurate / outdated from the wiki), the only way to 
> get around these limits is to build your modules, then define a series of 
> wrapper classes and super classes and assign these to the nodes.
> 
> We've got 2 dozen or so systems that we manage with puppet, and so far have 
> done it all just using node defs.
> 
> What benefits would there be in using an ENC, from an admin side of things? 
> Is it something that would be worth my time in setting up?
> 
> I'm trying to understand this, and my long term goal is to maximize the 
> benefit we get from puppet.
> 
> If your node definitions contain only class and maybe variable declarations 
> -- a good practice -- then you would not have much trouble doing the same 
> thing with an ENC.  With that said, I don't think there are very many sites 
> that would benefit from writing their own ENCs.  If you are using Foreman or 
> the Puppet Dashboard, however, then you already have an ENC available to you, 
> with a spiffy UI and everything.
> 
> Overall, as long as you're satisfied with writing node definitions in Puppet 
> DSL, I don't think it's worth the time and effort to change.

Just to further this discussion, I would recommend that the OP take a good look 
at Foreman since it not only provides an funcational ENC but also provides a 
listing of puppet classes that can be observed/inspected (another thread).

There are a few instances where I have found Foreman's ENC useful to designate 
a top scoped variable on specific nodes which is then deduced by manifests to 
provide alternate configurations, create 'hostgroups' of grouping of classes so 
I can assign a node to a hostgroup to configure the node and also note that 
these 'hostgroups' are nestable. Lastly, the WebUI of Foreman provides the 
opportunity for others to participate in the configuration of specific nodes 
(or at least view the configuration).

Craig

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: problem using apache & passenger to run dashboard

[Clay]

you don't need a config.ru  for  puppet-dashboard public folder,  I just  
switched to apache passenger for dashboard,  it's working without the 
config.ru file. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ENC questions

[llow...@oreillyauto.com]

On Thursday, July 12, 2012 4:42:12 PM UTC-5, jcbollinger wrote:
>
>
>
> On Thursday, July 12, 2012 8:27:16 AM UTC-5, llo...@oreillyauto.com wrote:
>>
>> I've been trying to wrap my head around ENCs.
>>
>> Kelsey Hightower gave me some very useful info in IRC the other day, but 
>> there are still some things I can't quite get my head around.
>>
>> From what I can tell, an ENC allows you to assign classes and parameters 
>> (top scope variables) to a given node or group of nodes.
>>
>> They cannot declare/define relationships (chain classes together to order 
>> them) or declare individual resources.
>>
>> The purpose is to help separate data and configuration.
>>
>> From reading what documentation I could find on the puppet site (some of 
>> which is potentially inaccurate / outdated from the wiki), the only way to 
>> get around these limits is to build your modules, then define a series of 
>> wrapper classes and super classes and assign these to the nodes.
>>
>> We've got 2 dozen or so systems that we manage with puppet, and so far 
>> have done it all just using node defs.
>>
>> What benefits would there be in using an ENC, from an admin side of 
>> things? Is it something that would be worth my time in setting up?
>>
>> I'm trying to understand this, and my long term goal is to maximize the 
>> benefit we get from puppet.
>>
>
> If your node definitions contain only class and maybe variable 
> declarations -- a good practice -- then you would not have much trouble 
> doing the same thing with an ENC.  With that said, I don't think there are 
> very many sites that would benefit from *writing their own* ENCs.  If you 
> are using Foreman or the Puppet Dashboard, however, then you already have 
> an ENC available to you, with a spiffy UI and everything.
>
> Overall, as long as you're satisfied with writing node definitions in 
> Puppet DSL, I don't think it's worth the time and effort to change.
>
>
Our node defs are mostly classes and variables, but they also do some 
ordering using chaining syntax, because, for an web app server, for 
example, you need to make sure that Java is installed before Tomcat.

We don't currently make use of Stages, and while I see their benefit, I 
don't know that we need them with how we are using puppet currently.

I'm not sure that we need an ENC either, as using the node defs is working 
well for us, and we typically only have one person working on a given 
module or node at any given time, but I want to maximize the benefit we get 
from puppet while making it easy to maintain and, as needed, reuse bits and 
pieces.

 

>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Iw2AYnjcc6EJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: problem using apache & passenger to run dashboard

[Hai Tao]

what version of dashboard you are running?

can you provide your httpd configuration for dashboard?

Thanks.

On Thu, Jul 12, 2012 at 2:50 PM, Clay  wrote:
> you don't need a config.ru  for  puppet-dashboard public folder,  I just
> switched to apache passenger for dashboard,  it's working without the
> config.ru file.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/mCuf6Wbh8HEJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: OpenssL::BN Error

[Eric Sorenson]

That is an (admittedly unhelpful) error which means that the name you gave 
does not match any certificates the CA knows about.  Give it the actual 
certname rather than 'all'.

On Thursday, July 12, 2012 10:52:57 AM UTC-7, Ganesh Ganesh wrote:
>
> Hi Guys, 
>
> I an trying to remove puppetca revoke certification i got openssl error 
>
> [root@dvtelx3bayxit55 ~]# puppetca --revoke all 
> notice: Revoked certificate with serial # Inventory of signed certificates 
> # SERIAL NOT_BEFORE NOT_AFTER SUBJECT 
> 0x0001 2012-07-11T17:29:51GMT 2017-07-11T17:29:51GMT /CN=Puppet CA: 
> dvtelx3bayxit55.localdomain 
>
> err: Could not call revoke: Cannot convert into OpenSSL::BN 
> [root@dvtelx3bayxit55 ~]# 
>
> How to resolve this, please guide me.. 
>
> -Ganesh. 
>
> Did I learn something today? If not, I wasted it. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/2Tl2iX7lqkQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] how to conditionally add users to a virtualized group?

[Jo Rhett]

On Jul 12, 2012, at 2:26 PM, jcbollinger wrote:
> I would avoid that variation on this approach if at all possible.  You would 
> sidestep multiple pitfalls if you could determine up front, based on node 
> name and facts, which groups are supposed to be present, instead of 
> attempting to determine after the fact which were realized.  Indeed, you 
> might even find it convenient to use that information to drive group 
> realization.
> If nothing else, doing so would ensure that users aren't assigned to 
> secondary groups that don't get realized.

This is what policy as expressed in the puppet manifests does. I don't see how 
to avoid the unrealized problem here.

What's funny is that you are expressing exactly what puppet does today, but it 
appears you are suggesting that I need to create another data source and mirror 
the information out of puppet manifests into that for comparison purposes. Huh?

I'm a bit baffled by the fairly constant suggestion by people here that I keep 
spreading out the places where information is stored. The point is to 
centralize the data, not provide more sources to grow inconsistent with each 
other.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How can I list classes available on the puppet master?

[Nick Cammorato]

You could do something like this,  it's not the cleanest in the world(I 
barely ever use sed anymore), but as something quick and dirty:
curl -k -H "Accept: yaml" https://puppet:8140/mgmt/resource_types/class | 
more | grep " name: " | sed -e 's/^ *name: //;s/&id.* //' | sort | uniq

It'll have some bad data you'll have to parse out(built-in classes like 
notify, fail, etc.), but should work.

On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>
> Is there a way to get a list of all the classes available from the puppet 
> master?
>
> I have 2 goals for this - one is documentation in a human readable form, 
> and the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API (
> http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>

On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>
> Is there a way to get a list of all the classes available from the puppet 
> master?
>
> I have 2 goals for this - one is documentation in a human readable form, 
> and the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API (
> http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>

On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>
> Is there a way to get a list of all the classes available from the puppet 
> master?
>
> I have 2 goals for this - one is documentation in a human readable form, 
> and the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API (
> http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>

On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>
> Is there a way to get a list of all the classes available from the puppet 
> master?
>
> I have 2 goals for this - one is documentation in a human readable form, 
> and the other is potentially importing that data into dashboard.
>
> I did find some info on the rest API (
> http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I 
> can't make any sense of the output from it.
>
> Thanks.
>
> Lee
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?

[Nick Cammorato]

I'd like to be able to get a list of all of the classes being applied to 
my nodes and insert this as a list into mcollective's facts.yaml file. The 
reason for this is that I have a couple post-commit hooks that parse out 
changes to specific modules/classes for changelog purposes and I'm 
considering adding in a call to mco find to include a list of affected 
nodes in the report.  Which means the facts need to be there to be found.

Now, puppet stores this in 
/var/lib/puppet/client_yaml/catalog/${fqdn}.yaml, and I could write it up 
as a custom fact extremely easily, or I could drop down to ruby and parse 
it out of the catalog that way, but I'm wondering if there's a built in 
path of exposure to that information somewhere.  Just a list of all 
classes in the catalog.  Anyone know offhand?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

[William Hopper]

1.2.10 is a maintenance release of Puppet Dashboard.
It includes contributions from Will Hopper and Moses Mendoza.
Thanks to Aaron Patterson for the security content in commit
e17269f.

This release is available for download at:
https://downloads.puppetlabs.com/dashboard/puppet-dashboard-1.2.10.tar.gz

Debian packages are available at
https://apt.puppetlabs.com

RPM packages are available at
https://yum.puppetlabs.com

See the Verifying Puppet Download section at:
http://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet

Please report feedback via the Puppet Labs Redmine site, using an
affected version of 1.2.10:
http://projects.puppetlabs.com/projects/dashboard

Documentation is available at:
http://docs.puppetlabs.com/dashboard/index.html

1.2.10 Security Fixes/Highlights
===
*Patch puppet-dashboard for CVE-2012-2660

   This commit adds a patch to actionpack to address
   CVE-2012-2660, unsafe query generation vulnerability. This
   patch is taken from Aaron Patterson on the rails security list:
   
https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/8SA-M3as7A8

*(#11849) Add rake task to install cron job to clean up database reports

   This commit adds a rake task to install a monthly cron
   job to clean up old database reports, as suggested in official
   Puppet Labs documentation. This allows users to easily install
   the optional cron job while not risking undesired data loss for
   those who do not wish to have the job installed by default.

1.2.10 Changelog
===
Will Hopper (1)
   5de691f (#11849) Add rake task to install cron job to clean up database 
reports
Moses Mendoza (3)
   07c75a3 cleanup on puppet-dashboard spec file
   b70344d create certs directory with installation
   d9b7eeb Install a default settings.yml file with database.yml
   e17269f Patch puppet-dashboard for CVE-2012-2660

signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?

[R.I.Pienaar]

- Original Message -
> From: "Nick Cammorato" 
> To: puppet-users@googlegroups.com
> Sent: Thursday, July 12, 2012 5:35:28 PM
> Subject: [Puppet Users] Using catalog inventory/Puppet::Resource::Catalog?
> 
> I'd like to be able to get a list of all of the classes being applied
> to my nodes and insert this as a list into mcollective's facts.yaml
> file. The reason for this is that I have a couple post-commit hooks
> that parse out changes to specific modules/classes for changelog
> purposes and I'm considering adding in a call to mco find to include
> a list of affected nodes in the report. Which means the facts need
> to be there to be found.

mcollective already knows what classes are on a host, you can access it
on the cli:

mco rpc rpcutil inventory -I some.host

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: problem using apache & passenger to run dashboard

[Clay]

I'm running puppet dashboard 1.2.9 ,   just followed document at  
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
 
,  

[root@puppet conf.d]# grep -v ^# dashboard-vhost.conf 

Listen 3000

ServerName puppet.domain.com
DocumentRoot /usr/share/puppet-dashboard/public/

Options None
Order allow,deny
allow from all

  ErrorLog /var/log/httpd/dashboard_error.log
  LogLevel warn
  CustomLog /var/log/httpd/dashboard_access.log combined
  ServerSignature On


I have  the passenger module config in /etc/httpd/conf/httpd.conf because  
puppet master is also using passenger. 

LoadModule passenger_module 
/usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13
PassengerRuby /usr/bin/ruby


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: problem using apache & passenger to run dashboard

[Hai Tao]

that is almost exactly what I have , except I put the mod_passenger.so
to /var/lib instead of /var/lib64.

   LoadModule passenger_module
/usr/lib/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.13
   PassengerRuby /usr/bin/ruby

But I do not think that would affect anything.

The thing is I have no experience with passenger, and I do not know
how to trouble shoot this problem.

Is there suggestions?

Thanks.

On Thu, Jul 12, 2012 at 4:30 PM, Clay  wrote:
> I'm running puppet dashboard 1.2.9 ,   just followed document at
> http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#running-dashboard-in-a-production-quality-server
> ,
>
> [root@puppet conf.d]# grep -v ^# dashboard-vhost.conf
>
> Listen 3000
> 
> ServerName puppet.domain.com
>
> DocumentRoot /usr/share/puppet-dashboard/public/
> 
> Options None
> Order allow,deny
> allow from all
> 
>   ErrorLog /var/log/httpd/dashboard_error.log
>   LogLevel warn
>   CustomLog /var/log/httpd/dashboard_access.log combined
>   ServerSignature On
> 
>
> I have  the passenger module config in /etc/httpd/conf/httpd.conf because
> puppet master is also using passenger.
>
> LoadModule passenger_module
> /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13/ext/apache2/mod_passenger.so
> PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-3.0.13
> PassengerRuby /usr/bin/ruby
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/rl1IMNDZR3MJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Hai Tao

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

[Jo Rhett]

On Jul 12, 2012, at 4:07 PM, William Hopper wrote:
> *(#11849) Add rake task to install cron job to clean up database reports
> 
>   This commit adds a rake task to install a monthly cron
>   job to clean up old database reports, as suggested in official
>   Puppet Labs documentation. This allows users to easily install
>   the optional cron job while not risking undesired data loss for
>   those who do not wish to have the job installed by default.


Where is the documentation for this feature?  How do I invoke it?

The maintaining page still just says to create a cron job.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: How can I list classes available on the puppet master?

[Nan Liu]

So this is turning it into a small coding contest =). I needed
something similar to this, and there's a pretty easy way to do this
with the puppet resource_type face.

require 'puppet'
require 'puppet/face'

Puppet::Face[:resource_type,:current].search('*').find_all {|x|
x.type==:hostclass}.collect{|x| x.name}.sort

You can do some interesting things, such as get all the classes
parameters as well:

Puppet::Face[:resource_type,:current].search('*').find_all {|x|
x.type==:hostclass}.collect{|x| {x.name=>x.arguments.keys}}

Here's an example of classes and parameters it accept:

[{"apt::backports"=>["release", "location"]},
 {"apt::debian::testing"=>[]},
 {"apt::debian::unstable"=>[]},
 {"apt::params"=>[]},
 {"apt::release"=>["release_id"]},
 {"apt::update"=>[]},
 {"apt"=>
   ["purge_sources_list_d",
"purge_sources_list",
"always_apt_update",
"proxy_host",
"proxy_port",
"purge_preferences_d",
"disable_keys"]},
...

Thanks,

Nan

On Thu, Jul 12, 2012 at 9:50 AM, Nick Cammorato  wrote:
> You could do something like this,  it's not the cleanest in the world(I
> barely ever use sed anymore), but as something quick and dirty:
> curl -k -H "Accept: yaml" https://puppet:8140/mgmt/resource_types/class |
> more | grep " name: " | sed -e 's/^ *name: //;s/&id.* //' | sort | uniq
>
> It'll have some bad data you'll have to parse out(built-in classes like
> notify, fail, etc.), but should work.
>
>
> On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>>
>> Is there a way to get a list of all the classes available from the puppet
>> master?
>>
>> I have 2 goals for this - one is documentation in a human readable form,
>> and the other is potentially importing that data into dashboard.
>>
>> I did find some info on the rest API
>> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
>> can't make any sense of the output from it.
>>
>> Thanks.
>>
>> Lee
>
>
> On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>>
>> Is there a way to get a list of all the classes available from the puppet
>> master?
>>
>> I have 2 goals for this - one is documentation in a human readable form,
>> and the other is potentially importing that data into dashboard.
>>
>> I did find some info on the rest API
>> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
>> can't make any sense of the output from it.
>>
>> Thanks.
>>
>> Lee
>
>
> On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>>
>> Is there a way to get a list of all the classes available from the puppet
>> master?
>>
>> I have 2 goals for this - one is documentation in a human readable form,
>> and the other is potentially importing that data into dashboard.
>>
>> I did find some info on the rest API
>> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
>> can't make any sense of the output from it.
>>
>> Thanks.
>>
>> Lee
>
>
> On Thursday, July 12, 2012 11:54:25 AM UTC-4, llo...@oreillyauto.com wrote:
>>
>> Is there a way to get a list of all the classes available from the puppet
>> master?
>>
>> I have 2 goals for this - one is documentation in a human readable form,
>> and the other is potentially importing that data into dashboard.
>>
>> I did find some info on the rest API
>> (http://docs.puppetlabs.com/guides/rest_api.html#resource-types ) but I
>> can't make any sense of the output from it.
>>
>> Thanks.
>>
>> Lee
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/m4XmKKAYwtkJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Peter Brown]

Hi Everyone,

I just upgraded to this on my ubuntu puppetmaster and I am having
issues starting the server.
I am running the openjdk-6-jre
After some digging i found the options the start script was using and
tried to start the daemon manually
It gives me this error.

start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
/var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
-- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
/etc/puppetdb/conf.d
Starting /usr/bin/java...
Exception in thread "main" java.lang.SecurityException: Invalid
signature file digest for Manifest main attributes
at 
sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
at 
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
at java.util.jar.JarVerifier.update(JarVerifier.java:205)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
at java.util.jar.JarFile.getInputStream(JarFile.java:403)
at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
at sun.misc.URLClassPath$JarLoader.(URLClassPath.java:598)
at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Could not find the main class: com.puppetlabs.puppetdb.core. Program will exit.


On 13 July 2012 06:54, Matthaus Litteken  wrote:
> PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
> include new features and bug fixes. For details on changes
> in this release, please see the release notes below.
>
> # Downloads
>
> Available in native package format at
>
> http://yum.puppetlabs.com
>
> http://apt.puppetlabs.com
>
> Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
>
> Available for use with Puppet Enterprise 2.5.1 and later at
>
> http://yum-enterprise.puppetlabs.com/ and 
> http://apt-enterprise.puppetlabs.com/
>
> # Documentation (including how to install): 
> http://docs.puppetlabs.com/puppetdb
>
> # Issues can be filed at:
> http://projects.puppetlabs.com/projects/puppetdb/issues
>
> # Upgrading
>
> 1. On your puppetdb server, stop the puppetdb daemon
> 2. On your puppetmaster(s), stop the puppetmaster daemon
> 3. On your puppetdb server, install the new puppetdb package
> 4. On your puppetdb server, start the puppetdb daemon
> 5. On your puppetmaster(s), install the new puppetdb-terminus package
> 6. On your puppetmaster(s), start the puppetmaster daemon
>
> 0.9.2
> =
>
> Many thanks to the following people who contributed patches to this
> release:
>
> * Jason Ashby
> * Kushal Pisavadia
> * Erik Dalén
> * Deepak Giridharagopal
> * Nick Lewis
> * Matthaus Litteken
> * Chris Price
>
> Notable features:
>
> * Allow more advanced storeconfigs queries
>
>   Now, when using PuppetDB, your puppet manifests can use "and" and
>   "or" in collection queries:
>
> File <<| mode == 0755 or content == "bar" |>>
>
> * (#14947) Restrict accetable client certificates by CN
>
>   PuppetDB now implements an optional whitelist for HTTPS clients. If
>   enabled by the user, we validate that the CN of the supplied client
>   certificate exactly matches an entry in the whitelist. This allows
>   users to restrict access to PuppetDB using the same CA
>   infrastructure that Puppet already uses. For example, you can
>   restrict access to PuppetDB to just your puppetmaster boxes.
>
>   This feature is off by default. Refer to the documentation on the
>   `certificate-whitelist` configuration option for details.
>
> Notable fixes:
>
> * (#15388) Add redirect from '/' to the dashboard
>
>   Prior to this fix, if you started up PuppetDB and then attempted to
>   browse to "/", you'd get an error message that might lead you to
>   believe that the server wasn't actually running (depending on your
>   browser).
>
>   This commit simply adds a redirect from "/" to the dashboard index
>   page.
>
> * (#14688) Improve stdout/stderr handling for redhat init script
>
>   Prior to this fix, the redhat init script was keeping stdout/stderr
>   ope

Re: [Puppet Users] certname doesn't seem to work on the agent

[Peter Brown]

You will need to generate the certificate with the name you want to
use other wise it will use the fqdn.
Try using --certname=name_you_want on the command line when you
request the certificate.

On 12 July 2012 21:04, Kmbu  wrote:
> There was no current cert. It was a new host. The cert was generated using
> the FQDN..
>
>
> On Thursday, 12 July 2012 04:42:51 UTC+2, Pete wrote:
>>
>> Hi,
>>
>> Your config looks about right.
>> Did you drop the current cert and request and sign a new one?
>>
>> On 11 July 2012 19:14, Kmbu wrote:
>> > Hi guys,
>> >
>> > I have a box that needs to identify itself to the puppetmaster as
>> > something
>> > different from the FQDN. I added certname to the agent configuration
>> > before
>> > the first run, but it doesn't seem to be sufficient. The certificate was
>> > generated for the FQDN, and the host appears in the dashboard as the
>> > FQDN,
>> > and the node name used to evaluate the manifest is also the FQDN. I
>> > would
>> > like to set it up so that, for all intents and purposes, the node/agent
>> > has
>> > a different name.
>> >
>> > I'm running Puppet 2.7.6 via Apache/Passenger.
>> >
>> > Here is my agent config:
>> >
>> > [agent]
>> >
>> > # Whether log files should always flush to disk.
>> > autoflush = true
>> >
>> > # Reporting setup for Puppet Dashboard
>> > report = true
>> >
>> > # Randomize agent runs to avoid clusters
>> > splay = true
>> >
>> > # The main Puppet configuration directory.  The default for this
>> > parameter is calculated based on the user.  If the process
>> > # is running as root or the user that Puppet is supposed to run as,
>> > it
>> > defaults to a system directory, but if it's running as any other user,
>> > # it defaults to being in the user's home directory.
>> > # The default value is '/etc/puppet'.
>> > confdir = 
>> >
>> > # Where Puppet stores dynamic and growing data.  The default for
>> > this
>> > parameter is calculated specially, like `confdir`_.
>> > # The default value is '/var/lib/puppet'.
>> > vardir = 
>> >
>> > # Whether to print stack traces on some errors
>> > trace = true
>> >
>> > # How often puppet agent applies the client configuration; in
>> > seconds.
>> > Note that a runinterval of 0 means run continuously rather than never
>> > run.
>> > # If you want puppet agent to never run, you should start it with
>> > the
>> > --no-client option.
>> > runinterval = 300
>> >
>> > # Whether to use colors when logging to the console.
>> > # Valid values are `ansi` (equivalent to `true`), `html` (mostly
>> > # used during testing with TextMate), and `false`, which produces
>> > # no color.
>> > # The default value is 'ansi'.
>> > color = ansi
>> >
>> > # The environment Puppet is running in.  For clients
>> > # (e.g., `puppet agent`) this determines the environment itself,
>> > which
>> > # is used to find modules and much more.  For servers (i.e., `puppet
>> > master`) this provides the default environment for nodes
>> > # we know nothing about.
>> > # The default value is 'production'.
>> > environment = pre
>> >
>> > # Where to find information about nodes.
>> > # The default value is 'plain'.
>> > # node_terminus = plain
>> >
>> > # Where the puppet agent web server logs.
>> > # The default value is '$logdir/http.log'.
>> > httplog = /http.log
>> >
>> > # Send the process into the background.  This is the default.
>> > # The default value is 'true'.
>> > daemonize = true
>> >
>> > # The name to use when handling certificates.  Defaults
>> > # to the fully qualified domain name.
>> > certname = 
>> >
>> > # Where Puppet should look for facts.  Multiple directories should
>> > # be colon-separated, like normal PATH variables.
>> > # The default value is '$vardir/lib/facter:$vardir/facts'.
>> > factpath = $vardir/lib/facter:$vardir/facts
>> >
>> > # From where to retrieve facts.  The standard Puppet `file` type
>> > # is used for retrieval, so anything that is a valid file source can
>> > # be used here.
>> > # The default value is 'puppet://$server/facts/'.
>> > factsource = puppet:///facts/
>> >
>> > # The pid file
>> > # The default value is '$rundir/$name.pid'.
>> > pidfile = /agent.pid
>> >
>> > # The user puppet master should run as.
>> > # The default value is 'puppet'.
>> > user = apache
>> >
>> > # The group puppet master should run as.
>> > # The default value is 'puppet'.
>> > group = apache
>> >
>> > # Wether the master should function as a certificate authority.
>> > # The default value is 'true'.
>> > ca = true
>> >
>> > # The search path for modules as a list of directories separated by
>> > the
>> > ':' character.
>> > # The default value is '$confdir/modules:/usr/share/puppet/modules'.
>> > modulepath = /modules
>> >
>> > # The explicit 

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Peter Brown]

Side note. I downgraded to the old version and it still works so not
as urgent now.

On 13 July 2012 10:54, Peter Brown  wrote:
> Hi Everyone,
>
> I just upgraded to this on my ubuntu puppetmaster and I am having
> issues starting the server.
> I am running the openjdk-6-jre
> After some digging i found the options the start script was using and
> tried to start the daemon manually
> It gives me this error.
>
> start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
> /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
> -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
> /etc/puppetdb/conf.d
> Starting /usr/bin/java...
> Exception in thread "main" java.lang.SecurityException: Invalid
> signature file digest for Manifest main attributes
> at 
> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
> at 
> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
> at java.util.jar.JarVerifier.update(JarVerifier.java:205)
> at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
> at java.util.jar.JarFile.getInputStream(JarFile.java:403)
> at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
> at sun.misc.URLClassPath$JarLoader.(URLClassPath.java:598)
> at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
> at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
> at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
> Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
> exit.
>
>
> On 13 July 2012 06:54, Matthaus Litteken  wrote:
>> PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
>> include new features and bug fixes. For details on changes
>> in this release, please see the release notes below.
>>
>> # Downloads
>>
>> Available in native package format at
>>
>> http://yum.puppetlabs.com
>>
>> http://apt.puppetlabs.com
>>
>> Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
>>
>> Available for use with Puppet Enterprise 2.5.1 and later at
>>
>> http://yum-enterprise.puppetlabs.com/ and 
>> http://apt-enterprise.puppetlabs.com/
>>
>> # Documentation (including how to install): 
>> http://docs.puppetlabs.com/puppetdb
>>
>> # Issues can be filed at:
>> http://projects.puppetlabs.com/projects/puppetdb/issues
>>
>> # Upgrading
>>
>> 1. On your puppetdb server, stop the puppetdb daemon
>> 2. On your puppetmaster(s), stop the puppetmaster daemon
>> 3. On your puppetdb server, install the new puppetdb package
>> 4. On your puppetdb server, start the puppetdb daemon
>> 5. On your puppetmaster(s), install the new puppetdb-terminus package
>> 6. On your puppetmaster(s), start the puppetmaster daemon
>>
>> 0.9.2
>> =
>>
>> Many thanks to the following people who contributed patches to this
>> release:
>>
>> * Jason Ashby
>> * Kushal Pisavadia
>> * Erik Dalén
>> * Deepak Giridharagopal
>> * Nick Lewis
>> * Matthaus Litteken
>> * Chris Price
>>
>> Notable features:
>>
>> * Allow more advanced storeconfigs queries
>>
>>   Now, when using PuppetDB, your puppet manifests can use "and" and
>>   "or" in collection queries:
>>
>> File <<| mode == 0755 or content == "bar" |>>
>>
>> * (#14947) Restrict accetable client certificates by CN
>>
>>   PuppetDB now implements an optional whitelist for HTTPS clients. If
>>   enabled by the user, we validate that the CN of the supplied client
>>   certificate exactly matches an entry in the whitelist. This allows
>>   users to restrict access to PuppetDB using the same CA
>>   infrastructure that Puppet already uses. For example, you can
>>   restrict access to PuppetDB to just your puppetmaster boxes.
>>
>>   This feature is off by default. Refer to the documentation on the
>>   `certificate-whitelist` configuration option for details.
>>
>> Notable fixes:
>>
>> * (#15388) Add redirect from '/' to the dashboard
>>
>>   Prior to this fix, if you started up PuppetDB and then attempted to
>>   browse to "/", you'd get an error message that might lead you to
>>   believe that the server

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Deepak Giridharagopal]

Ouch...I'll take a look at this now! What version of Ubuntu are you
on? I'll bring up a VM and try to reproduce this.

deepak

On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown  
wrote:
> Hi Everyone,
> 
> I just upgraded to this on my ubuntu puppetmaster and I am having
> issues starting the server.
> I am running the openjdk-6-jre
> After some digging i found the options the start script was using and
> tried to start the daemon manually
> It gives me this error.
> 
> start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
> /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
> -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
> /etc/puppetdb/conf.d
> Starting /usr/bin/java...
> Exception in thread "main" java.lang.SecurityException: Invalid
> signature file digest for Manifest main attributes
> at 
> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
> at 
> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
> at java.util.jar.JarVerifier.update(JarVerifier.java:205)
> at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
> at java.util.jar.JarFile.getInputStream(JarFile.java:403)
> at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
> at sun.misc.URLClassPath$JarLoader.(URLClassPath.java:598)
> at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
> at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
> at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
> at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
> Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
> exit.
> 
> 
> On 13 July 2012 06:54, Matthaus Litteken  wrote:
> > PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
> > include new features and bug fixes. For details on changes
> > in this release, please see the release notes below.
> >
> > # Downloads
> >
> > Available in native package format at
> >
> > http://yum.puppetlabs.com
> >
> > http://apt.puppetlabs.com
> >
> > Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
> >
> > Available for use with Puppet Enterprise 2.5.1 and later at
> >
> > http://yum-enterprise.puppetlabs.com/ and 
> > http://apt-enterprise.puppetlabs.com/
> >
> > # Documentation (including how to install): 
> > http://docs.puppetlabs.com/puppetdb
> >
> > # Issues can be filed at:
> > http://projects.puppetlabs.com/projects/puppetdb/issues
> >
> > # Upgrading
> >
> > 1. On your puppetdb server, stop the puppetdb daemon
> > 2. On your puppetmaster(s), stop the puppetmaster daemon
> > 3. On your puppetdb server, install the new puppetdb package
> > 4. On your puppetdb server, start the puppetdb daemon
> > 5. On your puppetmaster(s), install the new puppetdb-terminus package
> > 6. On your puppetmaster(s), start the puppetmaster daemon
> >
> > 0.9.2
> > =
> >
> > Many thanks to the following people who contributed patches to this
> > release:
> >
> > * Jason Ashby
> > * Kushal Pisavadia
> > * Erik Dalén
> > * Deepak Giridharagopal
> > * Nick Lewis
> > * Matthaus Litteken
> > * Chris Price
> >
> > Notable features:
> >
> > * Allow more advanced storeconfigs queries
> >
> >   Now, when using PuppetDB, your puppet manifests can use "and" and
> >   "or" in collection queries:
> >
> > File <<| mode == 0755 or content == "bar" |>>
> >
> > * (#14947) Restrict accetable client certificates by CN
> >
> >   PuppetDB now implements an optional whitelist for HTTPS clients. If
> >   enabled by the user, we validate that the CN of the supplied client
> >   certificate exactly matches an entry in the whitelist. This allows
> >   users to restrict access to PuppetDB using the same CA
> >   infrastructure that Puppet already uses. For example, you can
> >   restrict access to PuppetDB to just your puppetmaster boxes.
> >
> >   This feature is off by default. Refer to the documentation on the
> >   `certificate-whitelist` configuration option for details.
> >
> > Notable fixes:
> >
> > * (#15388) Add redirect from '/' to the dashboard
> >
> >   Prior to this fix, if you 

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Peter Brown]

On 13 July 2012 11:59, Deepak Giridharagopal  wrote:
> Ouch...I'll take a look at this now! What version of Ubuntu are you
> on? I'll bring up a VM and try to reproduce this.

Thanks Deepak.

Ubuntu 12.04 (kubuntu actually but same diff)

I noticed my jre was updated today as well.
my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps

let me know if you need any more info.


Pete.

>
> deepak
>
> On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown  
> wrote:
>> Hi Everyone,
>>
>> I just upgraded to this on my ubuntu puppetmaster and I am having
>> issues starting the server.
>> I am running the openjdk-6-jre
>> After some digging i found the options the start script was using and
>> tried to start the daemon manually
>> It gives me this error.
>>
>> start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
>> /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
>> -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
>> /etc/puppetdb/conf.d
>> Starting /usr/bin/java...
>> Exception in thread "main" java.lang.SecurityException: Invalid
>> signature file digest for Manifest main attributes
>> at 
>> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
>> at 
>> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
>> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
>> at java.util.jar.JarVerifier.update(JarVerifier.java:205)
>> at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
>> at java.util.jar.JarFile.getInputStream(JarFile.java:403)
>> at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
>> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
>> at sun.misc.URLClassPath$JarLoader.(URLClassPath.java:598)
>> at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
>> at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
>> at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
>> Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
>> exit.
>>
>>
>> On 13 July 2012 06:54, Matthaus Litteken  wrote:
>> > PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
>> > include new features and bug fixes. For details on changes
>> > in this release, please see the release notes below.
>> >
>> > # Downloads
>> >
>> > Available in native package format at
>> >
>> > http://yum.puppetlabs.com
>> >
>> > http://apt.puppetlabs.com
>> >
>> > Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
>> >
>> > Available for use with Puppet Enterprise 2.5.1 and later at
>> >
>> > http://yum-enterprise.puppetlabs.com/ and 
>> > http://apt-enterprise.puppetlabs.com/
>> >
>> > # Documentation (including how to install): 
>> > http://docs.puppetlabs.com/puppetdb
>> >
>> > # Issues can be filed at:
>> > http://projects.puppetlabs.com/projects/puppetdb/issues
>> >
>> > # Upgrading
>> >
>> > 1. On your puppetdb server, stop the puppetdb daemon
>> > 2. On your puppetmaster(s), stop the puppetmaster daemon
>> > 3. On your puppetdb server, install the new puppetdb package
>> > 4. On your puppetdb server, start the puppetdb daemon
>> > 5. On your puppetmaster(s), install the new puppetdb-terminus package
>> > 6. On your puppetmaster(s), start the puppetmaster daemon
>> >
>> > 0.9.2
>> > =
>> >
>> > Many thanks to the following people who contributed patches to this
>> > release:
>> >
>> > * Jason Ashby
>> > * Kushal Pisavadia
>> > * Erik Dalén
>> > * Deepak Giridharagopal
>> > * Nick Lewis
>> > * Matthaus Litteken
>> > * Chris Price
>> >
>> > Notable features:
>> >
>> > * Allow more advanced storeconfigs queries
>> >
>> >   Now, when using PuppetDB, your puppet manifests can use "and" and
>> >   "or" in collection queries:
>> >
>> > File <<| mode == 0755 or content == "bar" |>>
>> >
>> > * (#14947) Restrict accetable client certificates by CN
>> >
>> >   PuppetDB now implements an optional whitelist for HTTPS clients. If
>> >   enabled by the user, we validate that the CN of the supplied client
>> >   certificate exactly matches an entry in the whitelist. This allows
>> >   users to restrict access to PuppetDB using the sam

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Peter Brown]

Oh on a whim i installed openjdk-7 and got the same results.

On 13 July 2012 12:12, Peter Brown  wrote:
> On 13 July 2012 11:59, Deepak Giridharagopal  wrote:
>> Ouch...I'll take a look at this now! What version of Ubuntu are you
>> on? I'll bring up a VM and try to reproduce this.
>
> Thanks Deepak.
>
> Ubuntu 12.04 (kubuntu actually but same diff)
>
> I noticed my jre was updated today as well.
> my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps
>
> let me know if you need any more info.
>
>
> Pete.
>
>>
>> deepak
>>
>> On Fri, Jul 13, 2012 at 10:54:10AM +1000, Peter Brown  
>> wrote:
>>> Hi Everyone,
>>>
>>> I just upgraded to this on my ubuntu puppetmaster and I am having
>>> issues starting the server.
>>> I am running the openjdk-6-jre
>>> After some digging i found the options the start script was using and
>>> tried to start the daemon manually
>>> It gives me this error.
>>>
>>> start-stop-daemon --start --chuid puppetdb -v --make-pidfile --pidfile
>>> /var/run/puppetdb.pid --chdir /usr/share/puppet --exec /usr/bin/java
>>> -- -Xmx192m -jar /usr/share/puppetdb/puppetdb.jar services -c
>>> /etc/puppetdb/conf.d
>>> Starting /usr/bin/java...
>>> Exception in thread "main" java.lang.SecurityException: Invalid
>>> signature file digest for Manifest main attributes
>>> at 
>>> sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:239)
>>> at 
>>> sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:193)
>>> at java.util.jar.JarVerifier.processEntry(JarVerifier.java:294)
>>> at java.util.jar.JarVerifier.update(JarVerifier.java:205)
>>> at java.util.jar.JarFile.initializeVerifier(JarFile.java:338)
>>> at java.util.jar.JarFile.getInputStream(JarFile.java:403)
>>> at sun.misc.JarIndex.getJarIndex(JarIndex.java:116)
>>> at sun.misc.URLClassPath$JarLoader$1.run(URLClassPath.java:623)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at sun.misc.URLClassPath$JarLoader.ensureOpen(URLClassPath.java:614)
>>> at sun.misc.URLClassPath$JarLoader.(URLClassPath.java:598)
>>> at sun.misc.URLClassPath$3.run(URLClassPath.java:348)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at sun.misc.URLClassPath.getLoader(URLClassPath.java:337)
>>> at sun.misc.URLClassPath.getLoader(URLClassPath.java:314)
>>> at sun.misc.URLClassPath.getResource(URLClassPath.java:184)
>>> at java.net.URLClassLoader$1.run(URLClassLoader.java:209)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
>>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
>>> Could not find the main class: com.puppetlabs.puppetdb.core. Program will 
>>> exit.
>>>
>>>
>>> On 13 July 2012 06:54, Matthaus Litteken  wrote:
>>> > PuppetDB 0.9.2 is the third beta release on the road to 1.0. Changes
>>> > include new features and bug fixes. For details on changes
>>> > in this release, please see the release notes below.
>>> >
>>> > # Downloads
>>> >
>>> > Available in native package format at
>>> >
>>> > http://yum.puppetlabs.com
>>> >
>>> > http://apt.puppetlabs.com
>>> >
>>> > Source (same license as Puppet):  http://github.com/puppetlabs/puppetdb
>>> >
>>> > Available for use with Puppet Enterprise 2.5.1 and later at
>>> >
>>> > http://yum-enterprise.puppetlabs.com/ and 
>>> > http://apt-enterprise.puppetlabs.com/
>>> >
>>> > # Documentation (including how to install): 
>>> > http://docs.puppetlabs.com/puppetdb
>>> >
>>> > # Issues can be filed at:
>>> > http://projects.puppetlabs.com/projects/puppetdb/issues
>>> >
>>> > # Upgrading
>>> >
>>> > 1. On your puppetdb server, stop the puppetdb daemon
>>> > 2. On your puppetmaster(s), stop the puppetmaster daemon
>>> > 3. On your puppetdb server, install the new puppetdb package
>>> > 4. On your puppetdb server, start the puppetdb daemon
>>> > 5. On your puppetmaster(s), install the new puppetdb-terminus package
>>> > 6. On your puppetmaster(s), start the puppetmaster daemon
>>> >
>>> > 0.9.2
>>> > =
>>> >
>>> > Many thanks to the following people who contributed patches to this
>>> > release:
>>> >
>>> > * Jason Ashby
>>> > * Kushal Pisavadia
>>> > * Erik Dalén
>>> > * Deepak Giridharagopal
>>> > * Nick Lewis
>>> > * Matthaus Litteken
>>> > * Chris Price
>>> >
>>> > Notable features:
>>> >
>>> > * Allow more advanced storeconfigs queries
>>> >
>>> >   Now, when using PuppetDB, your puppet manifests can use "and" and
>>> >   "or" in collection queries:
>>> >
>>> > File <<| mode == 0755 or content == "bar" |>>
>>> >
>>> > * (#14947) Restrict accetable client certificates by CN
>>> >
>>> >   PuppetDB now implements an optional 

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Deepak Giridharagopal]

On Fri, Jul 13, 2012 at 12:12:32PM +1000, Peter Brown  
wrote:
> On 13 July 2012 11:59, Deepak Giridharagopal  wrote:
> > Ouch...I'll take a look at this now! What version of Ubuntu are you
> > on? I'll bring up a VM and try to reproduce this.
> 
> Thanks Deepak.
> 
> Ubuntu 12.04 (kubuntu actually but same diff)
> 
> I noticed my jre was updated today as well.
> my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps
> 
> let me know if you need any more info.

I believe we've found the problem. It looks like when we built the
.debs we used a slightly older version of our build tool, which can't
handle dependencies that are cryptographically signed.

I'm going to work with the release team tonight to get those packages
pulled, and rebuild new ones. We should have new .debs posted in the
morning (US time).

Thanks so much for the thorough diagnostics; it made it really easy to
find the root of the problem. And I sincerely apologize for any
problems this may have caused!

deepak

--
Deepak Giridharagopal / Puppet Labs / grim_radical

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Announce: PuppetDB 0.9.2 Available

[Peter Brown]

On 13 July 2012 13:05, Deepak Giridharagopal  wrote:
> On Fri, Jul 13, 2012 at 12:12:32PM +1000, Peter Brown  
> wrote:
>> On 13 July 2012 11:59, Deepak Giridharagopal  wrote:
>> > Ouch...I'll take a look at this now! What version of Ubuntu are you
>> > on? I'll bring up a VM and try to reproduce this.
>>
>> Thanks Deepak.
>>
>> Ubuntu 12.04 (kubuntu actually but same diff)
>>
>> I noticed my jre was updated today as well.
>> my openjdk-6-jre version is 6b24-1.11.3-1ubuntu0.12.04.1 if that helps
>>
>> let me know if you need any more info.
>
> I believe we've found the problem. It looks like when we built the
> .debs we used a slightly older version of our build tool, which can't
> handle dependencies that are cryptographically signed.

Yeah that sounds like what I imagined the problem to be.

> I'm going to work with the release team tonight to get those packages
> pulled, and rebuild new ones. We should have new .debs posted in the
> morning (US time).

Thank you so very much.
It's Saturday for me tomorrow so I won't see them till Monday.

> Thanks so much for the thorough diagnostics; it made it really easy to
> find the root of the problem. And I sincerely apologize for any
> problems this may have caused!

All part of being an early adopter. :) And I am happy to help.
I hope it will save someone else some grief.


PuppetDB is an excellent addition to the puppet gang by the way.
Eagerly awaiting to see it integrated into things more.


Thanks again for the speedy replies and speedy resolution Deepak.

Pete.

> deepak
>
> --
> Deepak Giridharagopal / Puppet Labs / grim_radical
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Installing and configuring puppetmaster-passenger

[kalaniS]

So I was trying to install puppetmaster-passenger in the server
machine and configure it to communicate with the agent. My server
machine and client machine are both running on Ubuntu 11.04. I
installed puppetmaster-passenger through apt-get and in /etc/apache2/
sites-available/puppetmaster file, in between the  tags
put ServerName as ct-vospuppet.

In the server machine's apache2/httpd.conf I put a record as
ServerName ct-vospuppet. (The hostname of the server is ct-vospuppet)
Then I restarted apache.

In the puppet.conf file in the agent machine, I put a record server=ct-
vospuppet. Then I tried
@cd-vgpereravos:~$ sudo puppet agent --server ct-vospuppet --test --
debug and got the following output.

debug: Failed to load library 'rubygems' for feature 'rubygems'
debug: Failed to load library 'selinux' for feature 'selinux'
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does
not exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting
false
debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/
dscl does not exist
debug: Puppet::Type::File::ProviderMicrosoft_windows: feature
microsoft_windows is missing
debug: Failed to load library 'ldap' for feature 'ldap'
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/public_keys/cd-
vgpereravos.domain.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
public_keys]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/clientbucket]: Autorequiring File[/var/
lib/puppet]
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/etc/puppet/puppet.conf]: Autorequiring File[/etc/puppet]
debug: /File[/var/run/puppet/agent.pid]: Autorequiring File[/var/run/
puppet]
debug: /File[/var/lib/puppet/client_data]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/state/graphs]: Autorequiring File[/var/
lib/puppet/state]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/client_yaml]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/certs/cd-
vgpereravos.virtusa.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
certs]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/private_keys/cd-
vgpereravos.domain.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
private_keys]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: Finishing transaction -614035288
debug: /File[/var/lib/puppet/facts]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/public_keys]: Autorequiring File[/var/
lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certificate_requests]: Autorequiring
File[/var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl/crl.pem]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/lib]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/state]: Autorequiring File[/var/lib/
puppet]
debug: /File[/var/lib/puppet/ssl/public_keys/cd-
vgpereravos.domain.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
public_keys]
debug: /File[/var/lib/puppet/ssl/private]: Autorequiring File[/var/lib/
puppet/ssl]
debug: /File[/var/lib/puppet/ssl/certs/cd-vgpereravos.domain.com.pem]:
Autorequiring File[/var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys]: Autorequiring File[/
var/lib/puppet/ssl]
debug: /File[/var/lib/puppet/ssl]: Autorequiring File[/var/lib/puppet]
debug: /File[/var/lib/puppet/ssl/certs/ca.pem]: Autorequiring File[/
var/lib/puppet/ssl/certs]
debug: /File[/var/lib/puppet/ssl/private_keys/cd-
vgpereravos.domain.com.pem]: Autorequiring File[/var/lib/puppet/ssl/
private_keys]
debug: Finishing transaction -614452648
debug: Using cached certificate for ca
debug: Using cached certificate for cd-vgpereravos.domain.com
debug: Finishing transaction -614639588
debug: Executing '/etc/puppet/etckeeper-commit-pre'
debug: Using cached certificate for ca
debug: Using cached certificate for cd-vgpereravos.domain.com
debug: Using cached certificate_revocation_list for ca
debug: catalog supports formats: b64_zlib_yaml dot pson raw yaml;
using pson
err: Could not retrieve catalog from remote server: execution expired
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skip

Re: [Puppet Users] Announce: Puppet Dashboard 1.2.10 Available

[Stefan Heijmans]

Op vrijdag 13 juli 2012 02:05:29 UTC+2 schreef Jo het volgende: 
>
>  Where is the documentation for this feature?  How do I invoke it?
>
> The maintaining page still just says to create a cron job.
>
 
the maintaining page also mentions;
 
If you run ‘rake reports:prune’ without any arguments, it will display 
further usage instructions.

Just installed in in our sandbox and it shows;

rake reports:prune
EXAMPLE:
  # Prune records upto 1 month old:
  rake reports:prune upto=1 unit=mon

UNITS:
  Valid units of time are: mon,yr,day,min,wk,hr

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/-2VsNh8ZsS0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.