Re: [Puppet Users] Glassfish custom provider and 'file does not exist'
Stefan Yes, the code is all in github. https://github.com/fatmcgav/puppet-glassfish Cheers Gav On Sep 29, 2012 1:28 AM, "Stefan Schulte" wrote: > On Fri, Sep 28, 2012 at 10:39:11AM +0100, fatmcgav wrote: > > Ok, so I thought I'd take another look, and try and get some debug > logging > > out of the provider to make sure it's constructing things correctly... > > > > I've applied the following patch to asadmin.rb, however I'm not seeing > > anything on the client trace... > > > > diff --git a/lib/puppet/provider/asadmin.rb > b/lib/puppet/provider/asadmin.rb > > > index f95d6ab..c8bd4a7 100644 > > > --- a/lib/puppet/provider/asadmin.rb > > > +++ b/lib/puppet/provider/asadmin.rb > > > @@ -8,6 +8,7 @@ > > > passed_args.each { |arg| args << arg } > > > exec_args = args.join " " > > > command = "#{@resource[:asadminpath]} #{exec_args}" > > > +Puppet.debug("Command = #{command}") > > > command = "su - #{@resource[:user]} -c \"#{command}\"" if > > > @resource[:user] and > > >not command.match /create-service/ > > > self.debug command > > > > > > > Any ideas how I can get the provider logging??? > > > > Cheers > > Gavin > > > > do you have the code somewhere? If you dropped the debug call in the > create method or something it will never be executed if puppet thinks > the provider is not valid at all. > > So having the actual provider code may make is more obvious why it is > failing for you. > > -Stefan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: bootstrap aws instance - set server address in instance puppet.conf?
Hi Lee, I am also new with Puppet, and I am facing the same problem. Did you get how to solve it? I am starting to feel that I am hitting a wall... Thanks, On Tuesday, July 3, 2012 3:12:38 PM UTC+2, Leej wrote: > > So I've cracked the initial problem and I can deploy an instance and auto > configure puppet but I am still missing something, possibly a conceptual > misunderstanding on my part. > > I spin up an aws instance with : > > puppet node_aws bootstrap --image ami-e1e8d395 --keyname puppet --login > ubuntu --keyfile ~puppet.pem --puppetagent-certname new_certname_1 > --region=eu-west-1 --type t1.micro -g webserver --server > mypuppetserver.somewhere.com > > This fails with : > > notice: Waiting for SSH response ... Done > notice: Installing Puppet ... > notice: Puppet is now installed on: > blahblah.eu-west-1.compute.amazonaws.com > notice: No classification method selected > notice: Signing certificate ... > err: Signing certificate ... Failed > err: Signing certificate error: Could not render to pson: The certificate > retrieved from the master does not match the agent's private key. > Certificate fingerprint: 35:39:B7:DD:19:0E:7A:D6:07:AE:6D:64:FF:2E:92:37 > To fix this, remove the certificate from both the master and the agent and > then start a puppet run, which will automatically regenerate a certficate. > On the master: > puppet cert clean mypuppetserver.somewhere.com > On the agent: > rm -f /home/lj/.puppet/ssl/certs/mypuppetserver.somewhere.com.pem > puppet agent -t > > However if I sign the certificate by hand on the puppet server : > > sudo puppetca -s new_certname_1 > > My client then (eventually) will update via puppet, so things are *almost* > working, although the error is misleading. > > So here are my questions. > > 1) I obviously want to maintain a secure install so I want to sign the > certificates. Should node_aws bootstrap be signing the certificates > automatically (as it seems to be attempting to do)? Is it possible to > create a certificate before bootstrapping the instance so that there is a > certificate ready and waiting for the client? > > 2) I dont know the ip address or have a fqdn for the instances I am > spinning up. I want to put some files on my clients. In fileserver.conf I > am using the cert_name to control access e.g. > > [files] > path /etc/puppet/files > allow new_certname_1 > > I was surprised that this worked. > > Now heres where my conceptual understanding is failing me - since it seems > every certname has to be unique (e.g. I cant just create a group controlled > by the certificate name) how can I restrict access to the fileserver when > provisioning new instances without manually modifying the fileserver.conf? > > 3) I should also ask - does a client need to be authenticated via its > certificate before it will be given access to the fileserver? If so I > assume I could then just use * since the certification requirement would > reject uncertified clients. Sorry this is possibly a stupid question but it > is not clear from the documentation but if so my second question is moot. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/eUWoAFFgKG4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet/Passenger :: Could not retrieve catalog from remote server:Error 403 on server
Adding more troubleshooting info at the link below. http://pastebin.com/AvCJSQgk I recreated the certificates and rebooted the system, but still same result. I really hope to get to the bottom of this. I cannot find a meaningful reference anywhere. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/lYCWnVNWC8sJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Solaris Packages for Puppet 3.0.0-rc7, Facter 1.6.0 and Hiera 1.0.0
Great to see some Solaris IPS love for these. I added these to my local repo went to use them and my only issue I'm running ruby 1.9.3 Any chance you can share your method for rolling these gems up into IPS as I'd prefer to keep with a more recent version of ruby. Cheers alan On Saturday, 22 September 2012 10:11:39 UTC+10, Moses Mendoza wrote: > > -- Forwarded message -- > From: Rahul Gopinath > Date: Fri, Sep 21, 2012 at 4:43 PM > Subject: [Puppet-dev] Solaris Packages for Puppet 3.0.0, Facter 1.6.0 > and Hiera 1.0.0 > To: puppet-users@googlegroups.com, puppet-...@googlegroups.com > > > Hello, >For the first time, experimental Solaris 11 IPS packages for Puppet > 3.0.0-rc7, Facter 1.6.12 and Hiera 1.0.0 are available under > > http://downloads.puppetlabs.com/solaris > > They are: > > puppet@3.0.0,5.11-9211.p5p > facter@1.6.12,5.11-819.p5p > hiera@1.0.0,5.11-116.p5p > > The versioning scheme for Solaris is different from the default > scheme. The versioning scheme is > @,- . > Specifically the RC candidates and > the Final version are distinguished only by their build number which > is monotonic. > > To install these packages, download them from the above link and use > IPS pkg command. E.g for puppet > > pkg install -g ./puppet@3.0.0,5.11-9211.p5p puppet > > Note that since this is experimental and each product is in its own > repository archive, Hiera and Factor need to be installed first before > Puppet is installed. > > To Solaris users, we would greatly appreciate your feedback on these > packages. > > We are also in the process of setting up public IPS repositories and > will update you as we make progress. > > Rahul > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Developers" group. > To post to this group, send email to puppet-...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-dev+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/8kcNv6gbFY8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] custom function, setvar and variable scoping
Hello, I'm trying to make a set of functions to simulate an array with which I would be able to append value in the same scope. The first function is called "array_append" which take 2 arguments: the variable name and the value to append. The function then iterates through variables "#{name}_#{i}" (with incrementing i from 0) until the variable does not exists and then set the value of this variable. This way I'm using one variable for each element of my array and I can simulate a real array from the puppet DSL. Here's the function I've made: module Puppet::Parser::Functions newfunction(:array_append) do |args| i = 0 i += 1 while lookupvar("#{args[0]}_#{i}") puts "I've set #{args[0]}_#{i} to #{args[1]}" setvar("#{args[0]}_#{i}", args[1]) end end If I'm calling this function from a manifest it works as expected: test.pp array_append("toto", "prout0") array_append("toto", "prout1") array_append("toto", "prout2") #puppet agent test.pp I've set toto_0 to prout0 I've set toto_1 to prout1 I've set toto_2 to prout2 Finished catalog run in 0.02 seconds But if I want to set a global variable it does not work anymore and I've errors. It seams that test2.pp: array_append("::toto", "prout0") array_append("::toto", "prout1") array_append("::toto", "prout2") #puppet agent test2.pp I've set ::toto_0 to prout0 I've set ::toto_0 to prout1 Error: Cannot reassign variable ::toto_0 at /root/puppet/manifests/test.pp:9 on node www1.egasys.com Error: Cannot reassign variable ::toto_0 at /root/puppet/manifests/test.pp:9 on node www1.egasys.com Then if I'm calling array_append from a module defined resource: test3.pp network::route::add_net {"42.42.42.0/24": gw => "192.168.0.1"} network::route::add_net {"54.54.54.0/24": gw => "192.168.0.1"} modules/network/manifests/route/add_net.pp define network::route::add_net($gw) { array_append("::routes_net", {name => $name, gw => $gw}) } #puppet agent test3.pp I've set ::routes_net_0 to name42.42.42.0/24gw192.168.0.1 I've set ::routes_net_0 to name54.54.54.0/24gw192.168.0.1 this time: no errors but setvar is not working: it's like setvar does nothing I can't understand why case #2 and #3 are not working and if it's a normal behaviour or a bug. if you have any ideas ? thx for your help ++ Jerome -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/A1UbbmkIMyQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Autoscaling Secure Signing Options
Puppet certificate signing is the one item that (I think) has caused issues for everyone at one point or another. I think the security provided is a requirement for tools such as this given the amount of access to both hosts and sensitive data they have. There were a few presentations at PuppetConf where presenters went through semi-detailed explanations on how they handled this issue, but none that I was so excited about I implemented last night. I'm curious how other people deal with securely signing certificates in an auto-scaling environment (getting up at 3AM to sign a cert when a node is automatically provisioned is not an option). I have a working solution right now, but I find myself wondering if there is a better way. Current: I'm using R.I. Pienaar's ec2-boot-init scripts combined with his mcollective-server-provisioner tool which works pretty well. The biggest concern I have with it is the fact my collective information is accessible to anyone who has access to the machine through the Amazon APIs. One possible solution is have a provisioning collective and a production collective and have puppet switch the machine as it is provisioning it. Other options I have seen: Auto-signing - Is someone using this outside of POC/dev? Cron entry on the puppet master that checks for pending certificates to sign, verifies them against a known truth, and signs. How are old certificates cleaned up to allow for reuse of hostname? (We use standard naming to allow regex provisioning of nodes) Could be another cron. Cloud provisioner - I haven't used this, but it looks like it might work for us. I don't see a way to specify the hostname with it, but depending on the guts of how it works I might still be able to do that with the ec2-boot-init scripts or extend cloud provisioner with that feature. I need to dig into the code on this more. Custom app - You can easily integrate into both the puppet REST certificate service and your cloud provider's APIs and roll your own. You know what you launched therefore it is good. How are you doing it I didn't touch on? What issues have you run into? jl -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] sharing a storeconfigs db between masters (across versions)
Hey there, I'm currently in the process of migrating a 0.25.4 puppet master to 2.6. Since we're really not sure about how things will work out if I just upgrade the puppetmaster and pray, I chose to create a new master and to integrate one node at a time with 2.6 to make sure that everything goes well on every node. Now I'm wondering if anyone has tried the following or has any interesting info about whether or not it would be a good idea: >From what I understand of storeconfigs, it is possible to plug both puppetmasters on the same MySQL db. Are there any possibilities of issues with having two puppetmasters with *different versions* hit on the same db ? The goal of the above scenario with the storeconfigs db would be to keep the nagios configuration functional across puppet master versions while migrating nodes to the 2.6 master. -- Gabriel Filion -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.