[Puppet Users] Extending Puppet Woes
I am looking to extend one of the puppet modules -"mysql". I found that they
are extending Puppet with types and providers. First off I am having a
difficult time find any documentationo on this and I do not know Ruby that
well. The problem that I am having is this, I have the following code:
Puppet::Type.type(:database).provide(:mysql) do
desc "Manages MySQL database."
defaultfor :kernel => 'Linux'
optional_commands :mysql => 'mysql'
def create
def create
mysql("-u #{resource[:rootuser]} -p\'#{resource[:rootpassword]}\' -h
#{resource[:host]} -NBev", "create database #{@resource[:name]} character set
#{resource[:charset]}")
end
It fails with the following error, if I run the command on the command line it
runs successfully but in Puppet it fails. Can someone help me understand how
the mysql is being executed with mysql?
debug: Puppet::Type::Database::ProviderMysql: Executing '/usr/bin/mysql -u
admin -p'password' -h vm-minux.comm.com -NBev create database mydb character
set utf8'
err:
/Stage[main]//Node[ssat-puppetagent-1.qcomm.com]/Test_mod::Db[mydb]/Database[mydb]/ensure:
change from absent to present failed:
Execution of '/usr/bin/mysql -u admin -p'password' -h vm-mlinux.qcomm.com -NBev
create database mydb character set utf8' returned 1: ERROR 1044 (42000): Access
denied for user ''@'localhost' to database 'create database mydb character set
utf8'
PE
2.5.1
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/gPqNsft3rAYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet Master Forbidding Access to Cert Revocation List
I was pretty close with my first guess, but I might have figured it out. I have not resolved the issue, however I am certain of the issue at hand. In 2.6.16, puppet only searches for the auth.conf file at /etc/puppet/auth.conf and this path appears to be hardcoded. Therefore, because puppet cannot find the auth.conf file, it denies access to everything (all four indirector verbs) within the / (puppet) directory. I have yet to try symlinking the file to /etc/puppet/auth.conf to attempt to fix, however this defeats the purpose of installing in /opt. I doubt that this is a bug because I followed a non-standard installation process. I will post again if I figure out how to patch it. On Thursday, August 9, 2012 11:24:52 AM UTC-7, kp-v wrote: > > I don't think there is an issue with my configuration. I believe I am > running into issues with indirector.rb not finding the correct terminus for > my certificate revocation list. > > On Wednesday, August 8, 2012 10:21:05 AM UTC-7, kp-v wrote: >> >> Hey folks; >> >> I am having issues retrieving the catalog from my master. It seems to be >> an issue with the ACLs for the /certificate_revocation_list/ca, however it >> still produces an error when I set the ACLs to allow everything! I am >> almost certain it has something to do with my non-default installation. >> Puppet gurus please assit me. Any and all advice would be helpful. P.S. I >> have not had issues with Passenger up until I changed the installation root >> except excessively long (400 sec) SSL sessions for initial runs. >> >> I am running an agent/master configuration with passenger (CentOS 6.2). I >> installed puppet from source and my file structure looks like this: >> >> /opt/puppet >> >>- /opt/puppet/etc >>- /opt/puppet/etc/puppet >>- /opt/puppet/usr >>- /opt/puppet/usr/bin >> - /opt/puppet/usr/sbin >> - /opt/puppet/usr/share >>- /opt/puppet/var >>- /opt/puppet/var/ssl >> >> My master is able to receive and complete the certificate handshake >> process. On an agent, after having received confirmation that the >> handshake completed, it attempts to find /certificate_revocation_list/ca >> but fails. It produces this error (full trace): >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:56:in >> `deserialize' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:75:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:188:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:50:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/ssl/host.rb:230:in `ssl_store' >> /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:56:in `cert_setup' >> /usr/lib/ruby/site_ruby/1.8/puppet/network/http_pool.rb:98:in >> `http_instance' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:71:in `network' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:75:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:188:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:50:in `find' >> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:240:in >> `retrieve_new_catalog' >> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:403:in `thinmark' >> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime' >> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:402:in `thinmark' >> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:239:in >> `retrieve_new_catalog' >> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:86:in `retrieve_catalog' >> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:111:in >> `retrieve_and_apply_catalog' >> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:150:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:21:in `lock' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' >> /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:103:in `with_client' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:37:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:172:in `call' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:172:in `controlled_run' >> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:35:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:114:in `onetime' >> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:88:in >> `run_command' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' >> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:305:in `run' >> /usr/sbin/puppetd:4 >> err: Could not retrieve catalog from remote server: Error 403 on SERVER: >> Forbidden request: hostname.fqdn.int (NNN.NNN.NNN.NNN) access to >> /certificate_revocation_list/ca [find] at line 0 >> warning: Not usin
[Puppet Users] Pass array to a define
How can I pass an array to a define? It's not documented in the puppet
language guide.
I've got:
define lvm::create_vg ( $pvdisks ) {
exec {
'pvcreate':
command => "/sbin/pvcreate -yf $pvdisks",
unless => "/sbin/pvdisplay $pvdisks",
...
}
}
class someclass {
lvm::create_vg {
'bcvg01':
pvdisks => ['/dev/xvdb1', '/dev/xvdc1'];
}
}
Inside the define, $pvdisks gets expanded to '/dev/xvdb1/dev/xvdc1'
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New Scope > 2.7
On Aug 10, 2012, at 6:11 PM, Denmat wrote:
>
>
> On 11/08/2012, at 7:27, Douglas Garstang wrote:
>
>> On Fri, Aug 10, 2012 at 2:24 PM, llowder wrote:
>>>
>>>
>>> On Friday, August 10, 2012 3:52:42 PM UTC-5, Douglas wrote:
On Fri, Aug 10, 2012 at 1:42 PM, llowder wrote:
>
>
> On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
>>
>> So...
>>
>> I was just reading the new puppet scoping documentation at
>> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
>>
>> I don't get it. If I have this...
>>
>> class web_server {
>> include common
>> include webserver
>> $my_role = "web_server"
>> }
>>
>> Can I access the $my_role variable in the webserver class?
>
>
> If you use: $web_server::my_role
This seems completely screwed to me. What if your in a general class,
one not necessarily related to the function of a web server (but still
included from a web server), and you need to access the role?
>>>
>>> Then use the fully qualified variable name as I mentioned in my last post.
>>
>> What if the class I am in doesn't KNOW that the parent is $web_server ...?
>>
>> Doug.
>>
> What if you've declared my_role in several classes? This provides certainty.
> Alternatively you could make a fact that has the value you want of my_role
> and reference that in the top scope $::my_role.
It is called: "Making an honest attempt to help you avoid shooting your own
toes off".
By forcing you to specifically reference the class name along with the variable
name (that includes the top scope $::foo), it saves you extensive grief down
the road when you eventually end up with the same variable name in multiple
classes.
Or would you rather have to track all the variable names in all the classes you
use (the ones you write yourself along with ones you pull from places like the
Puppet Forge) to ensure unique variable names ?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Scope > 2.7
On 11/08/2012, at 7:27, Douglas Garstang wrote:
> On Fri, Aug 10, 2012 at 2:24 PM, llowder wrote:
>>
>>
>> On Friday, August 10, 2012 3:52:42 PM UTC-5, Douglas wrote:
>>>
>>> On Fri, Aug 10, 2012 at 1:42 PM, llowder wrote:
On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
>
> So...
>
> I was just reading the new puppet scoping documentation at
> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
>
> I don't get it. If I have this...
>
> class web_server {
>include common
>include webserver
>$my_role = "web_server"
> }
>
> Can I access the $my_role variable in the webserver class?
If you use: $web_server::my_role
>>>
>>> This seems completely screwed to me. What if your in a general class,
>>> one not necessarily related to the function of a web server (but still
>>> included from a web server), and you need to access the role?
>>>
>>
>> Then use the fully qualified variable name as I mentioned in my last post.
>
> What if the class I am in doesn't KNOW that the parent is $web_server ...?
>
> Doug.
>
What if you've declared my_role in several classes? This provides certainty.
Alternatively you could make a fact that has the value you want of my_role and
reference that in the top scope $::my_role.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Error 400 on Server: Another local or imported resource exists with the type and title Sshkey
On Friday, August 10, 2012 9:50:00 AM UTC-5, banjer wrote:
>
>
> If there is a new "foohost" client then you may not need to do anything.
>> If not, then yes, you should clear its configuration out of your
>> storeconfigs DB.
>>
>>
> Its a new hostname as well as a new key. I wasn't clear on that
> earlier. Also, I had run `puppet node clean foohost` before fyi. Lets
> call the old host *foohost* and the new one *newhost.*
>
> My goal is to have 50 hosts with the same ssh_known_hosts file, which will
> contain the keys for the 50 hosts, so from what I understand I need to use
> sshkey as an "exported" resource. Perhaps I'm not understanding local vs
> exported resources though.
>
Exported resources are a good choice for this purpose. They allow each
node to declare its key on behalf of all the others (and it itself), which
can be darn convenient. This is exactly the sort of thing they are
designed for.
The characteristics distinguishing exported resources from ordinary
resources are
1. they are accessible to all nodes, not just the one that declares them,
2. they are added to the catalogs of only those nodes that collect them
(which do not have to include the nodes that declare them), and
3. there is no 3
It is because of (1) that exported resources' (type, title) combinations
should be unique across the site. It is because there is no 3, etc. that
exported nodes' (type, title) cannot duplicate those of resources declared
locally on the nodes that collect them. Ultimately, those both follow from
what I suspect is the key point you're missing: exported resources are no
different from any others once they are collected.
>
> It seems to me that if if the hostnames are different, then there
> shouldn't be a problem with the two resource declarations coexisting in my
> manifest, as the type-title combo should be unique, right?
>
You effectively extend the contents of your manifest to include the
declarations of all the exported resources you collect. So it *is* a
problem if your manifest declares a resource (whether plain, virtual, or
exported) that matches one it collects elsewhere.
> A solution I've come up with is to have ONLY this declared:
>
> # remove key
> @@sshkey { "foohost":
> ensure => absent,
> type => "rsa",
> }
>
>
I'm supposing that the class containing that declaration is assigned to
every node, or at least to every one that in the group that are sharing
keys. So every node is going to export that Sshkey and collect it (or some
other node's copy of it). Why? Every node already knows the key is
supposed to be absent, so it doesn't need any of the others to tell it
that. It would be better, therefore, to make the resource an ordinary
one. Generally speaking, exported resources should always be specific to
the node exporting them.
At this point you may be stuck, however. Making the resource local is a
problem if nodes are going to collect another copy of the same resource.
Ordinarily you would expect cleaning foohost's config from the DB to
resolve that (thus you would do so after decommissioning foohost but before
declaring its key absent on your other nodes), but now that you have all
your other nodes exporting Sshkey['foohost'] you have no easy way to clear
out all those exported records.
> Sshkey <<| |>>
>
> and then let my puppet agents pull down their configs and thus handle the
> removal of foohost from ssh_known_hosts. Later today, I'll remove this
> declaration and put back in:
>
> # add keys
> @@sshkey { $hostname:
>ensure => present,
> type => "rsa",
> key => $sshrsakey,
> }
>
> Sshkey <<| |>>
>
> Not the prettiest solution, but this situation where we rebuild a host
> with a new hostname isn't that common.
>
> Now, with all that said, I can see in my storedconfigs DB which is also
> shared by Foreman, that there are some records for sshkey and foohost that
> still exist. Not sure how to clean this out (is puppet node clean foohost
> the correct way?), other than a postgres query.
>
Since you ran puppet node clean (after foohost was decommissioned, I
presume) I would think that the records you are now seeing for
Sshkey[foohost] are the ones being exported by the other nodes. You are
begging for trouble (and indeed have found some) when you export resources
that are not specific to the nodes for which they are declared.
This is the procedure I would recommend in the future:
1. Decommission a node, "foohost" for example.
2. Once you are confident that foohost will never again contact the
puppetmaster, clean its configuration out of your storeconfig DB by running
"puppet node clean foohost" on the master
3. Declare *local* resources on all your nodes to clean out any of
foohost's exported resources that were previously collected and applied.
That would be very much like what you actually did, but as local resources
instead of exported ones
Re: [Puppet Users] Re: New Scope > 2.7
On Fri, Aug 10, 2012 at 2:24 PM, llowder wrote:
>
>
> On Friday, August 10, 2012 3:52:42 PM UTC-5, Douglas wrote:
>>
>> On Fri, Aug 10, 2012 at 1:42 PM, llowder wrote:
>> >
>> >
>> > On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
>> >>
>> >> So...
>> >>
>> >> I was just reading the new puppet scoping documentation at
>> >> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
>> >>
>> >> I don't get it. If I have this...
>> >>
>> >> class web_server {
>> >> include common
>> >> include webserver
>> >> $my_role = "web_server"
>> >> }
>> >>
>> >> Can I access the $my_role variable in the webserver class?
>> >
>> >
>> > If you use: $web_server::my_role
>>
>> This seems completely screwed to me. What if your in a general class,
>> one not necessarily related to the function of a web server (but still
>> included from a web server), and you need to access the role?
>>
>
> Then use the fully qualified variable name as I mentioned in my last post.
What if the class I am in doesn't KNOW that the parent is $web_server ...?
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Scope > 2.7
On Friday, August 10, 2012 3:52:42 PM UTC-5, Douglas wrote:
>
> On Fri, Aug 10, 2012 at 1:42 PM, llowder >
> wrote:
> >
> >
> > On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
> >>
> >> So...
> >>
> >> I was just reading the new puppet scoping documentation at
> >> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
> >>
> >> I don't get it. If I have this...
> >>
> >> class web_server {
> >> include common
> >> include webserver
> >> $my_role = "web_server"
> >> }
> >>
> >> Can I access the $my_role variable in the webserver class?
> >
> >
> > If you use: $web_server::my_role
>
> This seems completely screwed to me. What if your in a general class,
> one not necessarily related to the function of a web server (but still
> included from a web server), and you need to access the role?
>
>
Then use the fully qualified variable name as I mentioned in my last post.
> Doug.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/WT9kA4LHTvYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: New Scope > 2.7
On Fri, Aug 10, 2012 at 1:42 PM, llowder wrote:
>
>
> On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
>>
>> So...
>>
>> I was just reading the new puppet scoping documentation at
>> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
>>
>> I don't get it. If I have this...
>>
>> class web_server {
>> include common
>> include webserver
>> $my_role = "web_server"
>> }
>>
>> Can I access the $my_role variable in the webserver class?
>
>
> If you use: $web_server::my_role
This seems completely screwed to me. What if your in a general class,
one not necessarily related to the function of a web server (but still
included from a web server), and you need to access the role?
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: New Scope > 2.7
On Friday, August 10, 2012 3:28:33 PM UTC-5, Douglas wrote:
>
> So...
>
> I was just reading the new puppet scoping documentation at
> http://docs.puppetlabs.com/guides/scope_and_puppet.html.
>
> I don't get it. If I have this...
>
> class web_server {
> include common
> include webserver
> $my_role = "web_server"
> }
>
> Can I access the $my_role variable in the webserver class?
>
If you use: $web_server::my_role
> Doug.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/4qMMmWYJtVsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet dashboard suddenly stopped working
Though complains, but works... NOTE: Gem::Specification#installation_path is deprecated, use base_dir. It will be removed on or after 2011-10-01. Gem::Specification#installation_path called from /usr/share/puppet-dashboard/config/../vendor/rails/railties/lib/rails/vendor_gem_source_index.rb:93. On Fri, Aug 10, 2012 at 1:36 PM, Anatoliy Lisovskiy wrote: > Oops... Thank you! > > Catching up now. > > Anatoliy > > > > On Fri, Aug 10, 2012 at 1:29 PM, Corey Hammerton < > corey.hammer...@gmail.com> wrote: > >> Is the puppet-dashboard-workers service running? >> >> >> On Friday, August 10, 2012 4:26:20 PM UTC-4, Anatoliy Lisovskiy >> (Wavebourn) wrote: >>> >>> Today I found that puppet dashboard does not work since Aug,1 >>> >>> It shows all 23 hosts as being non-responsive, and 8,000+ pending tasks. >>> Both server and agents work well, but the dashboard does not reflect that. >>> >>> What could go wrong? I restarted puppet-db and puppet-dashboard, did not >>> help. >>> >>> Anatoliy >>> >>> >>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/ALOzlEUt7I8J. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet dashboard suddenly stopped working
Oops... Thank you! Catching up now. Anatoliy On Fri, Aug 10, 2012 at 1:29 PM, Corey Hammerton wrote: > Is the puppet-dashboard-workers service running? > > > On Friday, August 10, 2012 4:26:20 PM UTC-4, Anatoliy Lisovskiy > (Wavebourn) wrote: >> >> Today I found that puppet dashboard does not work since Aug,1 >> >> It shows all 23 hosts as being non-responsive, and 8,000+ pending tasks. >> Both server and agents work well, but the dashboard does not reflect that. >> >> What could go wrong? I restarted puppet-db and puppet-dashboard, did not >> help. >> >> Anatoliy >> >> >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ALOzlEUt7I8J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet dashboard suddenly stopped working
Is the puppet-dashboard-workers service running? On Friday, August 10, 2012 4:26:20 PM UTC-4, Anatoliy Lisovskiy (Wavebourn) wrote: > > Today I found that puppet dashboard does not work since Aug,1 > > It shows all 23 hosts as being non-responsive, and 8,000+ pending tasks. > Both server and agents work well, but the dashboard does not reflect that. > > What could go wrong? I restarted puppet-db and puppet-dashboard, did not > help. > > Anatoliy > > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ALOzlEUt7I8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New Scope > 2.7
So...
I was just reading the new puppet scoping documentation at
http://docs.puppetlabs.com/guides/scope_and_puppet.html.
I don't get it. If I have this...
class web_server {
include common
include webserver
$my_role = "web_server"
}
Can I access the $my_role variable in the webserver class?
Doug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec executes remote command but the actual script not run
On Friday, August 10, 2012 10:23:16 AM UTC-5, pmbuko wrote: > > On Aug 10, 2012, at 9:04 AM, jcbollinger > > wrote: > > > > On Thursday, August 9, 2012 7:24:23 AM UTC-5, pmbuko wrote: >> >> Adding this parameter to your file resource, >> >> notify => Exec['Deploy Code'], >> >> and these parameters to your exec resource, >> >> require=> File['/var/tmp/deploy.tar'], >> refreshonly => true, >> >> will create the appropriate dependency. Basically, it makes sure the >> file resource must run before the exec. Puppet manifests do not run in a >> top down manner, do it's important to specify the order of resouces when >> necessary. >> > > Technically, either the 'notify' on one side or the 'require' on the other > is sufficient to create a relationship, and 'refreshonly' is a tangential > issue. I prefer to avoid specifying relationships redundantly, as it > complicates maintenance. The Exec's relationship to the File is a true > dependency, so I would express the relationship on that side. > > Inasmuch as it makes sense to deploy the code only when the tarball > changes, 'refreshonly' is a good choice. In that case, I would use: > > In the File: > # nothing special > > In the Exec: > refreshonly => true, > listen => File['/var/tmp/deploy.tar'] > > Note also that if you're going to use this means to deploy code then you > should probably put the tarball in a permanent location and plan on leaving > it there. If you delete it after the deployment then Puppet will copy it > back down (and trigger a new deployment) on its next run. > > > John > > > The listen parameter is new to me. Good to know! > It's new to me, too: I meant to say "subscribe". Sorry about that. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yYnhIE7HA5AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] initial puppet agent --test --verbose upon quick start installation FAILS v2.53
On Fri, Aug 10, 2012 at 6:08 AM, Patrick McCarty wrote: > All, > > I am evaluating Puppet for a client. It has not been a smooth evaluation. :-) Sorry to hear that. It's a great tool, but its still got a few edges that if you fall on can be mighty sharp. > > I have four machines, puppet, console, node1 and node 2- all on the same > segement with no firewall nor router between them. They have sequentially > numbered IP's and I can ping each one from all the others via short name > [puppet, console, node1 or node2] or their FQDN [puppet.vision.com, > console.vision.com, node1.vision.com and node2.vision.com]. > > I get the following error on all four devices: This is an error in the master -> console communication and as every run uses this, every run on every node will fail. > > puppet agent --test --verbose > info: Retrieving plugin > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb > info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb > err: Could not retrieve catalog from remote server: Error 400 on SERVER: The Puppet Master had a 400 (General Error) becuase: > Error 403 on SERVER: Forbidden request: puppet.vision.com(10.197.0.6) access > to /facts/node1.vision.com It doesn't have permission to access the inventory service. > [save] authenticated at line 56 This is the super unhelpful part of the error message, what file? I'd start with your auth.conf. > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > Any help would be appreciated. I've seen a few folks have this error recently and googling to remind myself of their solutions I found a few references to auth.conf, umask, selinux around the inventory service. What platform are you on? Have you done any custom security hardening? I feel like I've seen more pe-users mentioning this problem, but that's a completely un-scientific hunch and I'm not yet sure whether its because of our tightening of default permissions or just more users operating split master/console nodes. Either way there's a pe-users list that I'd recommend you hit for more PE specific help. HTH, Justin > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/jAO6JRia0L0J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple Versions of Gem command Supported?
Thanks for the update, I am assuming I need pluginsync in order for this to work properly. I will test it out, still some limitations with this approach as you stated. No good way as of yet to handle multiple gem versions. Of course this is a moot point once Puppet 3 is released and linked to Ruby 1.9.3. Then I will only have a single version of Ruby to manage. Thanks, Ron On Friday, August 10, 2012 1:27:50 PM UTC-4, Nan Liu wrote: > > On Fri, Aug 10, 2012 at 10:20 AM, Ron > > wrote: > > I have two versions of Ruby on my servers. One that is used for Puppet > and > > system scripts (Ruby 1.8.7) and then one which is a custom package I > built > > running the latest Ruby 1.9.3. This is used for the Ruby/Rails > applications > > that are being developed by our dev team. Is there a way for Puppet to > > control the gems installed by both of these gem versions? I need a way > to > > spin up systems with no user input, right now thats not possible without > > this. Is subclassing the gem provider the only way or is there a more > clean > > way to set path with the current gem provider. I was looking in the > gem.rb > > provider source and didn't see a way there. > > Yeah, that's the only way I'm aware of. The code is only a few lines, > and we have a pe_gem example: > https://github.com/puppetlabs/puppetlabs-pe_gem > > The bigger problem is you can't have duplicate package names, so you > either need to two environments or separate manifests if you wish to > manage the same gems in 1.8.7 and 1.9. There's no way to install in > one puppet run at the moment. > > Thanks, > > Nan > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uWYlqo_j_0AJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Multiple Versions of Gem command Supported?
On Fri, Aug 10, 2012 at 10:20 AM, Ron wrote: > I have two versions of Ruby on my servers. One that is used for Puppet and > system scripts (Ruby 1.8.7) and then one which is a custom package I built > running the latest Ruby 1.9.3. This is used for the Ruby/Rails applications > that are being developed by our dev team. Is there a way for Puppet to > control the gems installed by both of these gem versions? I need a way to > spin up systems with no user input, right now thats not possible without > this. Is subclassing the gem provider the only way or is there a more clean > way to set path with the current gem provider. I was looking in the gem.rb > provider source and didn't see a way there. Yeah, that's the only way I'm aware of. The code is only a few lines, and we have a pe_gem example: https://github.com/puppetlabs/puppetlabs-pe_gem The bigger problem is you can't have duplicate package names, so you either need to two environments or separate manifests if you wish to manage the same gems in 1.8.7 and 1.9. There's no way to install in one puppet run at the moment. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: hiera scope and hiera-foreman
Okay. I figured out my issue.
I'm not a developer so this is probably ugly, but came up with:
begin
fqdn = scope.catalog.tags[4]
rescue
fqdn = scope['fqdn'] if scope.has_key?('fqdn')
Hiera.debug("trying mcollective")
end
Hiera.debug("got fqdn #{fqdn}")
That fqdn with both:
puppet master --debug --compile FQDN
and
hiera -d -c /etc/puppet/hiera.yaml -m FQDN
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/m6nAWXboqQIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Multiple Versions of Gem command Supported?
I have two versions of Ruby on my servers. One that is used for Puppet and system scripts (Ruby 1.8.7) and then one which is a custom package I built running the latest Ruby 1.9.3. This is used for the Ruby/Rails applications that are being developed by our dev team. Is there a way for Puppet to control the gems installed by both of these gem versions? I need a way to spin up systems with no user input, right now thats not possible without this. Is subclassing the gem provider the only way or is there a more clean way to set path with the current gem provider. I was looking in the gem.rb provider source and didn't see a way there. Thanks, Ron -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/xRwCW9vQdFgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Puppet modules for Ceph
On Jul 18 09:41, Mark Nelson wrote: > On 7/18/12 8:58 AM, François Charlier wrote: > >Hi, > > > >I'm currently working on writing a Puppet module for Ceph. > > > >As after some research I found no existing module, I'll start from > >scratch but I would be glad to hear from people who would already have > >started working or this or having any idea or pointers regarding this > >subject. > > > >Thanks, > > > >[ By the way, I'm fc on #ceph ! ] > > > > Hi Francois, > > That's great! You might want to look at the chef work that has been > done as a base to start from. I'm not very familiar with what is in > place, but Tommi or Dan may chime in later with more details. Some > of the folks from Mediawiki were actually just talking about puppet > modules yesterday on the IRC channel so they may be interested in > collaborating too. > > Thanks, > Mark Hi, I'd like to keep you updated on the progress I made so far : - the module is published on github: https://github.com/fcharlier/puppet-ceph - it's currently (only) able to install some MONs - I hope to be able to add support for OSDs before next tuesday (because I'm on vacation after that …) - I listed the necessary “manual” actions needed to install a Ceph cluster (gathered from the Ceph Chef Cookbook and the mkcephfs script) on our wiki : https://labs.enovance.com/projects/puppet/wiki/Puppet-ceph but it might still contain some errors. - I've decided to stick with exported resources to transfer information between the nodes. Any comment or contribution would be much appreciated ! Sincerely, -- François Charlier Software Engineer // eNovance labs http://labs.enovance.com // ✉ francois.charl...@enovance.com ☎ +33 1 49 70 99 81 // fc on OFTC / fc___ on FreeNode -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Running apt-get update on package install
On Thu, Aug 9, 2012 at 2:00 PM, Denmat wrote:
>
>
> On 10/08/2012, at 3:20, Nigel Kersten wrote:
>
>> On Thu, Aug 9, 2012 at 10:10 AM, Douglas Garstang
>> wrote:
>>> I'm on Ubuntu, and I wanted to always have 'apt-get update' run before
>>> attempting to install packages, so I put this in my top level site.pp
>>> file:
>>>
>>> exec {
>>>'refresh-repos':
>>>command => '/usr/bin/apt-get update';
>>> }
>>>
>>> Package {
>>>require => Exec['refresh-repos']
>>> }
>>>
>>> However, that causes a nasty cyclic dependency error. I really HATE
>>> those because the error message makes it impossible to interpret
>>> what's actually going on.
>>>
>>> How can I do this without the awful cyclic error messages?
>>
>> What version of Puppet are you on? Can you paste or link to the error
>> message itself so we can actually tell what the dependency cycle is?
>>
> I have used stages to handle this sort of thing. Setting up a repo stage to
> refresh repos before the main stage.
>
> http://docs.puppetlabs.com/references/stable/metaparameter.html#stage
That's true, but stages aren't required to make this work.
It's impossible for us to tell why there is a dependency cycle here
without more info.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec subscribe debugging?
On Fri, Aug 10, 2012 at 10:14 AM, Matt Zagrabelny wrote:
> On Fri, Aug 10, 2012 at 9:53 AM, David Schmitt wrote:
>> On 10.08.2012 16:19, Matt Zagrabelny wrote:
>>>
>>> Hi!
>>>
>>> I've got a simple file and exec resource coupling that does not seem
>>> to be working as expected:
>>>
>>>file { "/etc/postfix/transport":
>>> source => "puppet:///private/etc/postfix/transport",
>>>}
>>>
>>>exec { "rebuild_transport_index_for_mailman":
>>> command => "postmap /etc/postfix/transport",
>>> path=> "/bin:/sbin:/usr/bin:/usr/sbin",
>>> subscribe => File["/etc/postfix/transport"],
>>> refreshonly => true,
>>>}
>>>
>>> The above postmap command should create the file
>>> "/etc/postfix/transport.db".
>>>
>>> I restart puppet on the node and the exec is not run:
>>>
>>> Aug 10 09:16:11 lists puppet-agent[1099]: Starting Puppet client version
>>> 2.6.2
>>> Aug 10 09:16:13 lists puppet-agent[1099]:
>>> (/Stage[main]/Mailman::Service/Service[mailman]/ensure) ensure changed
>>> 'stopped' to 'running'
>>> Aug 10 09:16:18 lists puppet-agent[1099]: Finished catalog run in 5.43
>>> seconds
>>>
>>> Of course the "transport.db" does not get created:
>>>
>>> % ls -alhrt /etc/postfix
>>> total 84K
>>> drwxr-xr-x 2 root root 4.0K May 4 2011 sasl
>>> -rwxr-xr-x 1 root root 24K May 4 2011 post-install
>>> -rwxr-xr-x 1 root root 8.6K May 4 2011 postfix-script
>>> -rw-r--r-- 1 root root 19K May 4 2011 postfix-files
>>> -rw-r--r-- 1 root root 318 Aug 9 14:57 dynamicmaps.cf
>>> drwxr-xr-x 77 root root 4.0K Aug 9 15:35 ..
>>> -rw-r--r-- 1 root root 1.7K Aug 9 16:26 main.cf
>>> -rw-r--r-- 1 root root 31 Aug 9 16:52 transport
>>> -rw-r--r-- 1 root root 4.0K Aug 9 16:52 master.cf
>>> drwxr-xr-x 3 root root 4.0K Aug 10 09:11 .
>>>
>>> Any ideas of how to debug this?
>
> Hi David,
>
>> You already have all the information. "/etc/postfix/transport" didn't
>> change, and thus didn't notify the exec, which didn't run.
>
> Thanks for the pointer. I had a disconnect between a resource not
> existing (supposing in my head /etc/postfix/transport.db was a file
> resource) and the fact that it resulted from an exec resource.
A followup to this discussion. Is there a more optimal way to ensure
the file (/etc/postfix/transport.db) is created by the exec and is
subscribed to the source file?
file { "/etc/postfix/transport":
source => "puppet:///private/etc/postfix/transport",
}
exec { "build_transport_index_for_mailman_if_it_doesnt_exist":
command => "postmap /etc/postfix/transport",
path=> "/bin:/sbin:/usr/bin:/usr/sbin",
unless => "test -f /etc/postfix/transport.db",
}
exec { "rebuild_transport_index_for_mailman":
command => "postmap /etc/postfix/transport",
path=> "/bin:/sbin:/usr/bin:/usr/sbin",
subscribe => File["/etc/postfix/transport"],
refreshonly => true,
}
Thanks for any hints.
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec executes remote command but the actual script not run
On Aug 10, 2012, at 9:04 AM, jcbollinger wrote: > > > On Thursday, August 9, 2012 7:24:23 AM UTC-5, pmbuko wrote: > Adding this parameter to your file resource, > > notify => Exec['Deploy Code'], > > and these parameters to your exec resource, > > require=> File['/var/tmp/deploy.tar'], > refreshonly => true, > > will create the appropriate dependency. Basically, it makes sure the file > resource must run before the exec. Puppet manifests do not run in a top down > manner, do it's important to specify the order of resouces when necessary. > > Technically, either the 'notify' on one side or the 'require' on the other is > sufficient to create a relationship, and 'refreshonly' is a tangential issue. > I prefer to avoid specifying relationships redundantly, as it complicates > maintenance. The Exec's relationship to the File is a true dependency, so I > would express the relationship on that side. > > Inasmuch as it makes sense to deploy the code only when the tarball changes, > 'refreshonly' is a good choice. In that case, I would use: > > In the File: > # nothing special > > In the Exec: > refreshonly => true, > listen => File['/var/tmp/deploy.tar'] > > Note also that if you're going to use this means to deploy code then you > should probably put the tarball in a permanent location and plan on leaving > it there. If you delete it after the deployment then Puppet will copy it > back down (and trigger a new deployment) on its next run. > > > John The listen parameter is new to me. Good to know! -- Peter -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec subscribe debugging?
On Fri, Aug 10, 2012 at 9:53 AM, David Schmitt wrote:
> On 10.08.2012 16:19, Matt Zagrabelny wrote:
>>
>> Hi!
>>
>> I've got a simple file and exec resource coupling that does not seem
>> to be working as expected:
>>
>>file { "/etc/postfix/transport":
>> source => "puppet:///private/etc/postfix/transport",
>>}
>>
>>exec { "rebuild_transport_index_for_mailman":
>> command => "postmap /etc/postfix/transport",
>> path=> "/bin:/sbin:/usr/bin:/usr/sbin",
>> subscribe => File["/etc/postfix/transport"],
>> refreshonly => true,
>>}
>>
>> The above postmap command should create the file
>> "/etc/postfix/transport.db".
>>
>> I restart puppet on the node and the exec is not run:
>>
>> Aug 10 09:16:11 lists puppet-agent[1099]: Starting Puppet client version
>> 2.6.2
>> Aug 10 09:16:13 lists puppet-agent[1099]:
>> (/Stage[main]/Mailman::Service/Service[mailman]/ensure) ensure changed
>> 'stopped' to 'running'
>> Aug 10 09:16:18 lists puppet-agent[1099]: Finished catalog run in 5.43
>> seconds
>>
>> Of course the "transport.db" does not get created:
>>
>> % ls -alhrt /etc/postfix
>> total 84K
>> drwxr-xr-x 2 root root 4.0K May 4 2011 sasl
>> -rwxr-xr-x 1 root root 24K May 4 2011 post-install
>> -rwxr-xr-x 1 root root 8.6K May 4 2011 postfix-script
>> -rw-r--r-- 1 root root 19K May 4 2011 postfix-files
>> -rw-r--r-- 1 root root 318 Aug 9 14:57 dynamicmaps.cf
>> drwxr-xr-x 77 root root 4.0K Aug 9 15:35 ..
>> -rw-r--r-- 1 root root 1.7K Aug 9 16:26 main.cf
>> -rw-r--r-- 1 root root 31 Aug 9 16:52 transport
>> -rw-r--r-- 1 root root 4.0K Aug 9 16:52 master.cf
>> drwxr-xr-x 3 root root 4.0K Aug 10 09:11 .
>>
>> Any ideas of how to debug this?
Hi David,
> You already have all the information. "/etc/postfix/transport" didn't
> change, and thus didn't notify the exec, which didn't run.
Thanks for the pointer. I had a disconnect between a resource not
existing (supposing in my head /etc/postfix/transport.db was a file
resource) and the fact that it resulted from an exec resource.
Thanks for helping me see that.
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] initial puppet agent --test --verbose upon quick start installation FAILS v2.53
All, I am evaluating Puppet for a client. It has not been a smooth evaluation. :-) I have four machines, puppet, console, node1 and node 2- all on the same segement with no firewall nor router between them. They have sequentially numbered IP's and I can ping each one from all the others via short name [puppet, console, node1 or node2] or their FQDN [puppet.vision.com, console.vision.com, node1.vision.com and node2.vision.com]. I get the following error on all four devices: puppet agent --test --verbose info: Retrieving plugin info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb err: Could not retrieve catalog from remote server: Error 400 on SERVER: Error 403 on SERVER: Forbidden request: puppet.vision.com(10.197.0.6) access to /facts/node1.vision.com [save] authenticated at line 56 warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jAO6JRia0L0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec subscribe debugging?
On 10.08.2012 16:19, Matt Zagrabelny wrote:
Hi!
I've got a simple file and exec resource coupling that does not seem
to be working as expected:
file { "/etc/postfix/transport":
source => "puppet:///private/etc/postfix/transport",
}
exec { "rebuild_transport_index_for_mailman":
command => "postmap /etc/postfix/transport",
path=> "/bin:/sbin:/usr/bin:/usr/sbin",
subscribe => File["/etc/postfix/transport"],
refreshonly => true,
}
The above postmap command should create the file "/etc/postfix/transport.db".
I restart puppet on the node and the exec is not run:
Aug 10 09:16:11 lists puppet-agent[1099]: Starting Puppet client version 2.6.2
Aug 10 09:16:13 lists puppet-agent[1099]:
(/Stage[main]/Mailman::Service/Service[mailman]/ensure) ensure changed
'stopped' to 'running'
Aug 10 09:16:18 lists puppet-agent[1099]: Finished catalog run in 5.43 seconds
Of course the "transport.db" does not get created:
% ls -alhrt /etc/postfix
total 84K
drwxr-xr-x 2 root root 4.0K May 4 2011 sasl
-rwxr-xr-x 1 root root 24K May 4 2011 post-install
-rwxr-xr-x 1 root root 8.6K May 4 2011 postfix-script
-rw-r--r-- 1 root root 19K May 4 2011 postfix-files
-rw-r--r-- 1 root root 318 Aug 9 14:57 dynamicmaps.cf
drwxr-xr-x 77 root root 4.0K Aug 9 15:35 ..
-rw-r--r-- 1 root root 1.7K Aug 9 16:26 main.cf
-rw-r--r-- 1 root root 31 Aug 9 16:52 transport
-rw-r--r-- 1 root root 4.0K Aug 9 16:52 master.cf
drwxr-xr-x 3 root root 4.0K Aug 10 09:11 .
Any ideas of how to debug this?
You already have all the information. "/etc/postfix/transport" didn't
change, and thus didn't notify the exec, which didn't run.
Make a trivial edit to transport, then puppet will overwrite the file
and trigger the exec.
Best Regards, David
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: SSL issues - certificate verify failed
It usually involves doing this one the server: puppet cert clean myhost and on the client: rm -rf /var/lib/puppet/ssl Then try it again on your client: `puppet agent --test` Then back to your master: `puppet cert sign myhost`. On Friday, August 10, 2012 8:30:50 AM UTC-4, Axel Bock wrote: > > hm, nevermind, I solved it somehow, although I don't know how (yet). it > involved a lot of deleting and restarting :) ... > > thanks anyways! > /Axel. > > Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock: >> >> Hello readers, >> >> I have this little issue that my puppet client refuses to do anything >> because of SSL validation errors. Maybe I'll just post dump of what >> happens, that makes it clear I hope. Does anyone have a suggestion why that >> might happen? what I already checked: >> >> On the master: >> >>- Puppet and puppetmaster is running >>- Something is listening on Port 8140 (although I cannot >>telnet-connect to it, it closes immediately for whatever reason) >>- in /var/lib/puppet/ssl: find . -type f -delete >> >> On the client: >> >>- in /var/lib/puppet/ssl: find . -type f -delete >> >> I would appreciate any help that's available ... >> >> thanks & greetings! Axel. >> >> >> ... and now the little dump: >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* >> info: Creating a new SSL key for l1311022.our.domain.de >> warning: peer certificate won't be verified in this SSL session (2x) >> info: Creating a new SSL certificate request for l1311022.our.domain.de >> info: Certificate Request fingerprint (md5): >> 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E >> warning: peer certificate won't be verified in this SSL session (3x) >> Exiting; no certificate found and waitforcert is disabled >> >> (SERVER) >> *l1215022:/var/lib/puppet/ssl # pca -l* >> notice: Signed certificate request for ca >> notice: Rebuilding inventory file >> l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) >> *l1215022:/var/lib/puppet/ssl # pca -s --all* >> notice: Signed certificate request for l1311022.our.domain.de >> notice: Removing file Puppet::SSL::CertificateRequest >> l1311022.our.domain.de at >> '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' >> l1215022:/var/lib/puppet/ssl # >> >> (CLIENT) >> *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for ca >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for l1311022.our.domain.de >> info: Retrieving plugin >> err: /File[/var/lib/puppet/lib]: Failed to generate additional resources >> using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read >> server certificate B: certificate verify failed >> err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed Could not retrieve file metadata for puppet:// >> l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 >> state=SSLv3 read server certificate B: certificate verify failed >> err: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=SSLv3 read server certificate B: certificate >> verify failed >> warning: Not using cache on failed catalog >> err: Could not retrieve catalog; skipping run >> err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 >> read server certificate B: certificate verify failed >> >> The config files look like this: >> >> (CLIENT) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules >> [agent] >> certname = l1311022.our.domain.de >> server = l1215022.our.domain.de >> report = true >> graph = true >> pluginsync = true >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> (SERVER) >> [main] >> logdir = /var/log/puppet >> rundir = /var/run/puppet >> ssldir = /var/lib/puppet/ssl >> certname = l1215022.our.domain.de >> [agent] >> classfile = $vardir/classes.txt >> localconfig = $vardir/localconfig >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Jx0FJz3FksUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Error 400 on Server: Another local or imported resource exists with the type and title Sshkey
> If there is a new "foohost" client then you may not need to do anything.
> If not, then yes, you should clear its configuration out of your
> storeconfigs DB.
>
>
Its a new hostname as well as a new key. I wasn't clear on that earlier.
Also, I had run `puppet node clean foohost` before fyi. Lets call the old
host *foohost* and the new one *newhost.*
My goal is to have 50 hosts with the same ssh_known_hosts file, which will
contain the keys for the 50 hosts, so from what I understand I need to use
sshkey as an "exported" resource. Perhaps I'm not understanding local vs
exported resources though.
It seems to me that if if the hostnames are different, then there shouldn't
be a problem with the two resource declarations coexisting in my manifest,
as the type-title combo should be unique, right? A solution I've come up
with is to have ONLY this declared:
# remove key
@@sshkey { "foohost":
ensure => absent,
type => "rsa",
}
Sshkey <<| |>>
and then let my puppet agents pull down their configs and thus handle the
removal of foohost from ssh_known_hosts. Later today, I'll remove this
declaration and put back in:
# add keys
@@sshkey { $hostname:
ensure => present,
type => "rsa",
key => $sshrsakey,
}
Sshkey <<| |>>
Not the prettiest solution, but this situation where we rebuild a host with
a new hostname isn't that common.
Now, with all that said, I can see in my storedconfigs DB which is also
shared by Foreman, that there are some records for sshkey and foohost that
still exist. Not sure how to clean this out (is puppet node clean foohost
the correct way?), other than a postgres query.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/hyewxsFQxA4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] exec subscribe debugging?
Hi!
I've got a simple file and exec resource coupling that does not seem
to be working as expected:
file { "/etc/postfix/transport":
source => "puppet:///private/etc/postfix/transport",
}
exec { "rebuild_transport_index_for_mailman":
command => "postmap /etc/postfix/transport",
path=> "/bin:/sbin:/usr/bin:/usr/sbin",
subscribe => File["/etc/postfix/transport"],
refreshonly => true,
}
The above postmap command should create the file "/etc/postfix/transport.db".
I restart puppet on the node and the exec is not run:
Aug 10 09:16:11 lists puppet-agent[1099]: Starting Puppet client version 2.6.2
Aug 10 09:16:13 lists puppet-agent[1099]:
(/Stage[main]/Mailman::Service/Service[mailman]/ensure) ensure changed
'stopped' to 'running'
Aug 10 09:16:18 lists puppet-agent[1099]: Finished catalog run in 5.43 seconds
Of course the "transport.db" does not get created:
% ls -alhrt /etc/postfix
total 84K
drwxr-xr-x 2 root root 4.0K May 4 2011 sasl
-rwxr-xr-x 1 root root 24K May 4 2011 post-install
-rwxr-xr-x 1 root root 8.6K May 4 2011 postfix-script
-rw-r--r-- 1 root root 19K May 4 2011 postfix-files
-rw-r--r-- 1 root root 318 Aug 9 14:57 dynamicmaps.cf
drwxr-xr-x 77 root root 4.0K Aug 9 15:35 ..
-rw-r--r-- 1 root root 1.7K Aug 9 16:26 main.cf
-rw-r--r-- 1 root root 31 Aug 9 16:52 transport
-rw-r--r-- 1 root root 4.0K Aug 9 16:52 master.cf
drwxr-xr-x 3 root root 4.0K Aug 10 09:11 .
Any ideas of how to debug this?
Thanks!
-mz
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] exec executes remote command but the actual script not run
On Thursday, August 9, 2012 7:24:23 AM UTC-5, pmbuko wrote: > > Adding this parameter to your file resource, > > notify => Exec['Deploy Code'], > > and these parameters to your exec resource, > > require=> File['/var/tmp/deploy.tar'], > refreshonly => true, > > will create the appropriate dependency. Basically, it makes sure the file > resource must run before the exec. Puppet manifests do not run in a top > down manner, do it's important to specify the order of resouces when > necessary. > Technically, either the 'notify' on one side or the 'require' on the other is sufficient to create a relationship, and 'refreshonly' is a tangential issue. I prefer to avoid specifying relationships redundantly, as it complicates maintenance. The Exec's relationship to the File is a true dependency, so I would express the relationship on that side. Inasmuch as it makes sense to deploy the code only when the tarball changes, 'refreshonly' is a good choice. In that case, I would use: In the File: # nothing special In the Exec: refreshonly => true, listen => File['/var/tmp/deploy.tar'] Note also that if you're going to use this means to deploy code then you should probably put the tarball in a permanent location and plan on leaving it there. If you delete it after the deployment then Puppet will copy it back down (and trigger a new deployment) on its next run. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/opxR_-wVLWMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: SSL issues - certificate verify failed
hm, nevermind, I solved it somehow, although I don't know how (yet). it involved a lot of deleting and restarting :) ... thanks anyways! /Axel. Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock: > > Hello readers, > > I have this little issue that my puppet client refuses to do anything > because of SSL validation errors. Maybe I'll just post dump of what > happens, that makes it clear I hope. Does anyone have a suggestion why that > might happen? what I already checked: > > On the master: > >- Puppet and puppetmaster is running >- Something is listening on Port 8140 (although I cannot >telnet-connect to it, it closes immediately for whatever reason) >- in /var/lib/puppet/ssl: find . -type f -delete > > On the client: > >- in /var/lib/puppet/ssl: find . -type f -delete > > I would appreciate any help that's available ... > > thanks & greetings! Axel. > > > ... and now the little dump: > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* > info: Creating a new SSL key for l1311022.our.domain.de > warning: peer certificate won't be verified in this SSL session (2x) > info: Creating a new SSL certificate request for l1311022.our.domain.de > info: Certificate Request fingerprint (md5): > 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E > warning: peer certificate won't be verified in this SSL session (3x) > Exiting; no certificate found and waitforcert is disabled > > (SERVER) > *l1215022:/var/lib/puppet/ssl # pca -l* > notice: Signed certificate request for ca > notice: Rebuilding inventory file > l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) > *l1215022:/var/lib/puppet/ssl # pca -s --all* > notice: Signed certificate request for l1311022.our.domain.de > notice: Removing file Puppet::SSL::CertificateRequest > l1311022.our.domain.de at > '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' > l1215022:/var/lib/puppet/ssl # > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for l1311022.our.domain.de > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed Could not retrieve file metadata for puppet:// > l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed > > The config files look like this: > > (CLIENT) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules > [agent] > certname = l1311022.our.domain.de > server = l1215022.our.domain.de > report = true > graph = true > pluginsync = true > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > (SERVER) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > certname = l1215022.our.domain.de > [agent] > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BsBzM4YU0xYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Delete "unmanaged" files in directory
Hi Calvin,
that works great :) ! thanks!
/Axel.
Am Mittwoch, 8. August 2012 14:11:27 UTC+2 schrieb Calvin Walton:
>
> On Tue, 2012-08-07 at 22:53 -0700, Axel Bock wrote:
> > Hello readers,
> >
> > I might have the need for something like "delete all unmanaged files".
> > Explanation: I am creating a bunch of apache config files, which contain
> > information about the hostname and the port they're listening on. Now if
> I
> > change the host name - or the port - the last generated file keeps
> sitting
> > there, and does nothing in the best case (rarely ;), and provokes errors
> in
> > all others.
> >
> > Now because _all_ config files in those directories are generated by me
> &
> > puppet I wondered if there's a method to find out which files are _not_
> > genereated by puppet, and simply delete them.
>
> This is pretty easy to do; the functionality is built into puppet. You
> just have to add a File resource for the directory, and set recurse =>
> true, purge => true, like so:
>
> file { '/etc/apache/sites-enabled':
> ensure => 'directory',
> recurse => true,
> purge => true,
> }
>
> Make sure you read the documentation for details:
> http://docs.puppetlabs.com/references/latest/type.html#file
>
> --
> Calvin Walton >
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Z7tf1Kncc38J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] SSL issues - certificate verify failed
hm, nevermind, I somehow solved it. although I'm not (yet) sure how. It involved a lot of restarting and deleting :) thanks anyways! Axel. 2012/8/10 Axel Bock > Hello readers, > > I have this little issue that my puppet client refuses to do anything > because of SSL validation errors. Maybe I'll just post dump of what > happens, that makes it clear I hope. Does anyone have a suggestion why that > might happen? what I already checked: > > On the master: > >- Puppet and puppetmaster is running >- Something is listening on Port 8140 (although I cannot >telnet-connect to it, it closes immediately for whatever reason) >- in /var/lib/puppet/ssl: find . -type f -delete > > On the client: > >- in /var/lib/puppet/ssl: find . -type f -delete > > I would appreciate any help that's available ... > > thanks & greetings! Axel. > > > ... and now the little dump: > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* > info: Creating a new SSL key for l1311022.our.domain.de > warning: peer certificate won't be verified in this SSL session (2x) > info: Creating a new SSL certificate request for l1311022.our.domain.de > info: Certificate Request fingerprint (md5): > 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E > warning: peer certificate won't be verified in this SSL session (3x) > Exiting; no certificate found and waitforcert is disabled > > (SERVER) > *l1215022:/var/lib/puppet/ssl # pca -l* > notice: Signed certificate request for ca > notice: Rebuilding inventory file > l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) > *l1215022:/var/lib/puppet/ssl # pca -s --all* > notice: Signed certificate request for l1311022.our.domain.de > notice: Removing file Puppet::SSL::CertificateRequest > l1311022.our.domain.de at > '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' > l1215022:/var/lib/puppet/ssl # > > (CLIENT) > *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for ca > warning: peer certificate won't be verified in this SSL session > info: Caching certificate for l1311022.our.domain.de > info: Retrieving plugin > err: /File[/var/lib/puppet/lib]: Failed to generate additional resources > using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read > server certificate B: certificate verify failed > err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed Could not retrieve file metadata for puppet:// > l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 > state=SSLv3 read server certificate B: certificate verify failed > err: Could not retrieve catalog from remote server: SSL_connect returned=1 > errno=0 state=SSLv3 read server certificate B: certificate verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed > > The config files look like this: > > (CLIENT) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules > [agent] > certname = l1311022.our.domain.de > server = l1215022.our.domain.de > report = true > graph = true > pluginsync = true > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > (SERVER) > [main] > logdir = /var/log/puppet > rundir = /var/run/puppet > ssldir = /var/lib/puppet/ssl > certname = l1215022.our.domain.de > [agent] > classfile = $vardir/classes.txt > localconfig = $vardir/localconfig > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] SSL issues - certificate verify failed
Hello readers, I have this little issue that my puppet client refuses to do anything because of SSL validation errors. Maybe I'll just post dump of what happens, that makes it clear I hope. Does anyone have a suggestion why that might happen? what I already checked: On the master: - Puppet and puppetmaster is running - Something is listening on Port 8140 (although I cannot telnet-connect to it, it closes immediately for whatever reason) - in /var/lib/puppet/ssl: find . -type f -delete On the client: - in /var/lib/puppet/ssl: find . -type f -delete I would appreciate any help that's available ... thanks & greetings! Axel. ... and now the little dump: (CLIENT) *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test* info: Creating a new SSL key for l1311022.our.domain.de warning: peer certificate won't be verified in this SSL session (2x) info: Creating a new SSL certificate request for l1311022.our.domain.de info: Certificate Request fingerprint (md5): 19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E warning: peer certificate won't be verified in this SSL session (3x) Exiting; no certificate found and waitforcert is disabled (SERVER) *l1215022:/var/lib/puppet/ssl # pca -l* notice: Signed certificate request for ca notice: Rebuilding inventory file l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E) *l1215022:/var/lib/puppet/ssl # pca -s --all* notice: Signed certificate request for l1311022.our.domain.de notice: Removing file Puppet::SSL::CertificateRequest l1311022.our.domain.de at '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem' l1215022:/var/lib/puppet/ssl # (CLIENT) *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test* warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for l1311022.our.domain.de info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed Could not retrieve file metadata for puppet://l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The config files look like this: (CLIENT) [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = /var/lib/puppet/ssl modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules [agent] certname = l1311022.our.domain.de server = l1215022.our.domain.de report = true graph = true pluginsync = true classfile = $vardir/classes.txt localconfig = $vardir/localconfig (SERVER) [main] logdir = /var/log/puppet rundir = /var/run/puppet ssldir = /var/lib/puppet/ssl certname = l1215022.our.domain.de [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet configuration: user
Hi, user= is for the puppetmaster user which does not need to run as root. Regards, Andrew On Fri, Aug 10, 2012 at 8:05 PM, Axel Bock wrote: > Hi readers, > > I am having trouble understanding the puppet user= configuration setting in > the puppet.conf file. If puppet is configured to run as "puppet" by default, > how can puppet execute system configuration settings? installing packages > etc. is done basically by root and root only, so does that mean that puppet > is normally limited in the things it can perform? > > I did not find anything in the docs regarding this, so please help me out > here. > > > thanks in advance & greetings, > Axel. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/24kJzbO_VZsJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Duplicate definition of resources in the same class
Hi Axel
Thanks a lot, you solution is right.
Le vendredi 10 août 2012 12:40:21 UTC+2, Rost a écrit :
>
> Hi all,
>
> I am struggling on how to do this :
>
> $path = '/tmp/lib'
>
> file { $path:
>ensure => directory,
>recurse => true,
>purge => true,
> }
>
> file { $path:
>ensure => directory,
>resurce => true,
>source => 'puppet:///modules/jboss/lib
> }
>
> When puppet compiles the manifest, I get the following error:
>
> * Duplicate declaration: File[/tmp/lib] is already declared in file
> /etc/puppet/modules/srhjboss/manifests/purge.pp at line 4; cannot redeclare
> at /etc/puppet/modules/srhjboss/manifests/purge.pp:10 on node frparsrnlinnto
> *
> *
> *
> It seems that i can't purge the directory before to copy the new one from
> the source.
>
> Suggestions ??
> Thanks
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/2YJqTnc2n6AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] error in doing puppetd --test
Hello, I am new to puppet. I installed puppet-server and puppet on two separate machines. I did a few install and reinstall on the client machines while testing a few things and that perhaps changed the permission settings of the /var/lib/puppet/ssl and some other directories. Now, when I try to get a certificate for the client, it returns the following : puppetd --test warning: peer certificate won't be verified in this SSL session err: Could not request certificate: Error 400 on SERVER: Permission denied - /var/lib/puppet/ssl/ca Exiting; failed to retrieve certificate and waitforcert is disabled Any suggestion ? Thanks very much. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/6xbCqsEzM_IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Duplicate definition of resources in the same class
easy. every resource may only be defined _once_.
you try ... twice (file { $path : ... } and file { $path: ... }, right?)
why not simply
file { $path:
ensure => directory,
recurse => true,
purge => true,
source => 'puppet:///modules/jboss/lib
}
?
if you _need_ to do this twice for whatever reason, do something like this
(but you SHOULD NOT):
file { "$path/0":
$path => $path,
ensure => directory,
recurse => true,
purge => true,
}
file { "$path/1":
path => $path,
ensure => directory,
resurce => true,
source => 'puppet:///modules/jboss/lib
}
cause puppet identifies the resource by the title, which must differ, which
it does not. note THAT THIS IS NOT THE RIGHT WAY :) .
HTH & greetings,
Axel.
Am Freitag, 10. August 2012 12:40:21 UTC+2 schrieb Rost:
>
> Hi all,
>
> I am struggling on how to do this :
>
> $path = '/tmp/lib'
>
> file { $path:
>ensure => directory,
>recurse => true,
>purge => true,
> }
>
> file { $path:
>ensure => directory,
>resurce => true,
>source => 'puppet:///modules/jboss/lib
> }
>
> When puppet compiles the manifest, I get the following error:
>
> * Duplicate declaration: File[/tmp/lib] is already declared in file
> /etc/puppet/modules/srhjboss/manifests/purge.pp at line 4; cannot redeclare
> at /etc/puppet/modules/srhjboss/manifests/purge.pp:10 on node frparsrnlinnto
> *
> *
> *
> It seems that i can't purge the directory before to copy the new one from
> the source.
>
> Suggestions ??
> Thanks
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/sxb-OBGRKiAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Duplicate definition of resources in the same class
Hi all,
I am struggling on how to do this :
$path = '/tmp/lib'
file { $path:
ensure => directory,
recurse => true,
purge => true,
}
file { $path:
ensure => directory,
resurce => true,
source => 'puppet:///modules/jboss/lib
}
When puppet compiles the manifest, I get the following error:
* Duplicate declaration: File[/tmp/lib] is already declared in file
/etc/puppet/modules/srhjboss/manifests/purge.pp at line 4; cannot redeclare
at /etc/puppet/modules/srhjboss/manifests/purge.pp:10 on node frparsrnlinnto
*
*
*
It seems that i can't purge the directory before to copy the new one from
the source.
Suggestions ??
Thanks
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/fIEAVZn8Ai8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet configuration: user
Hi readers, I am having trouble understanding the puppet user= configuration setting in the puppet.conf file. If puppet is configured to run as "puppet" by default, how can puppet execute system configuration settings? installing packages etc. is done basically by root and root only, so does that mean that puppet is normally limited in the things it can perform? I did not find anything in the docs regarding this, so please help me out here. thanks in advance & greetings, Axel. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/24kJzbO_VZsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
