date:20121026

Hi, 

I've filled up my hard drive so I want to point /var/lib/puppet/reports to 
another volume.

I've change /etc/puppet/puppet.conf to match my needs:

#reportdir = /var/lib/puppet/reports
reportdir = /VOL2/puppet/reports

after restarting puppet I see reports being stored in the same original place.

I am missing some step here? 


thanks in advance,

-- 
Frank

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] PuppetDB API permissions

2012-10-26 Thread ak0ska

Hello,

Is it possible to control from which nodes is it allowed to execute 
commands like replace catalog and replace facts, and which nodes can 
only do queries (but no changes)? It seems like once someone could access 
the service through http or https (depending on jetty.ini settings) can do 
both.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/taXhYNOGLZgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] reportdir ignored

2012-10-26 Thread Christopher Wood

Is there any particular reason you're not mounting a new volume under 
/var/lib/puppet/reports? That way you only have to customize at the 
disk/filesystem level, not in your application config.

(I don't know why puppet might be doing this.)

On Fri, Oct 26, 2012 at 03:23:43PM +0100, Frank wrote:
Hi,
I've filled up my hard drive so I want to point /var/lib/puppet/reports to
another volume.
I've change /etc/puppet/puppet.conf to match my needs:
#reportdir = /var/lib/puppet/reports
reportdir = /VOL2/puppet/reports
after restarting puppet I see reports being stored in the same original
place.
I am missing some step here?
thanks in advance,
-- 
Frank
 
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] reportdir ignored

On Friday, October 26, 2012 at 3:27 PM, Christopher Wood wrote:
 Is there any particular reason you're not mounting a new volume under 
 /var/lib/puppet/reports? That way you only have to customize at the 
 disk/filesystem level, not in your application config.
 
 (I don't know why puppet might be doing this.)
Well, in fact :) little weird but ok. Right now I'm running Puppet 2.7.19 and 
I'm gonna do this 'trick' until I have the time to migrate this to Puppet 3

Thanks :)
 
 
 On Fri, Oct 26, 2012 at 03:23:43PM +0100, Frank wrote:
  Hi,
  I've filled up my hard drive so I want to point /var/lib/puppet/reports to
  another volume.
  I've change /etc/puppet/puppet.conf to match my needs:
  #reportdir = /var/lib/puppet/reports
  reportdir = /VOL2/puppet/reports
  after restarting puppet I see reports being stored in the same original
  place.
  I am missing some step here?
  thanks in advance,
  -- 
  Frank
  
  --
  You received this message because you are subscribed to the Google Groups
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com 
  (mailto:puppet-users@googlegroups.com).
  To unsubscribe from this group, send email to
  puppet-users+unsubscr...@googlegroups.com 
  (mailto:puppet-users+unsubscr...@googlegroups.com).
  For more options, visit this group at
  http://groups.google.com/group/puppet-users?hl=en.
  
 
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com 
 (mailto:puppet-users@googlegroups.com).
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com 
 (mailto:puppet-users+unsubscr...@googlegroups.com).
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
 
 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] copy file from a host other than puppet-server

2012-10-26 Thread Greenhalgh, Mark

Yes you can use storedconfig's.  Example of how I us them below.

on bar

@@file {
$check_mk_location/conf.d/main/${hostname}.mk:
ensure = file,
content = template(check_mk/main.erb),
tag = 'check_mk_remote'
}

on foo

File | tag == 'check_mk_remote_parents' |

http://projects.puppetlabs.com/projects/1/wiki/using_stored_configuration



From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of iamauser
Sent: 26 October 2012 14:43
To: puppet-users@googlegroups.com
Subject: [Puppet Users] copy file from a host other than puppet-server

Is there a way to copy files to one host (foo) from another (bar) in the same 
domain (mydom.org), where neither of them is the puppet-server, but both of 
them have *puppetd* running ? I am looking for something similar to the 
*server* method in *cfengine copy* where one can provide a server name for the 
source file. Here is what I have tried and failed :

 node 'foo.mydom.org' inherits default {
include foo_class::setup
 }

foo_class::setup defined in the modules/foo_class/setup.pp in the puppet-server 
node.

 class foo_class::setup {
file {
 etc_passwd_file :
   path = /etc/passwd,
   source = puppet://bar.mydom.org//${path_to_file},
}
  }

When running

  puppet --noop --server=puppet --no-daemonize --verbose --onetime

I get error :

  . Could not evaluate: Could not retrieve information from 
environment production source(s) puppet://bar.mydom.org//${path_to_file} at 
/etc/puppet/modules/foo_class/manifests/setup.pp 
--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/sKd6dE6Fq3gJ.
To post to this group, send email to 
puppet-users@googlegroups.commailto:puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.commailto:puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


This email has been sent from Gala Coral Group Limited (GCG) or a subsidiary 
or associated company. GCG is registered in England with company number 
07254686. Registered office address: 71 Queensway, London W2 4QH, United 
Kingdom; website: www.galacoral.com.

This e-mail message (and any attachments) is confidential and may contain 
privileged and/or proprietorial information protected by legal rules. It is for 
use by the intended addressee only. If you believe you are not the intended 
recipient or that the sender is not authorised to send you the email, please 
return it to the sender (and please copy it to h...@galacoral.com) and then 
delete it from your computer. You should not otherwise copy or disclose its 
contents to anyone.

Except where this email is sent in the usual course of business, the views 
expressed are those of the sender and not necessarily ours. We reserve the 
right to monitor all emails sent to and from our businesses, to protect the 
businesses and to ensure compliance with internal policies.

Emails are not secure and cannot be guaranteed to be error-free, as they can be 
intercepted, amended, lost or destroyed, and may contain viruses; anyone who 
communicates with us by email is taken to accept these risks. GCG accepts no 
liability for any loss or damage which may be caused by software viruses.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] reportdir ignored

2012-10-26 Thread Jeff McCune

On Oct 26, 2012, at 7:23 AM, Frank urealfr...@gmail.com wrote:

 Hi,

 I've filled up my hard drive so I want to point /var/lib/puppet/reports to 
 another volume.

 I've change /etc/puppet/puppet.conf to match my needs:

   #reportdir = /var/lib/puppet/reports
   reportdir = /VOL2/puppet/reports

 after restarting puppet I see reports being stored in the same original place.

 I am missing some step here?

And this has been added to the [main] or [master] section in the conf file?

-Jeff

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Connection Timed Out updating node on 3g mobile broadband device

2012-10-26 Thread Steve

I was able to telnet port 8140 via the 3g connection.

I also tried to lower the MTU on the interface and I was still 
unsuccessful. So I set it back

One thing I don't understand is that the error message has now changed to 

err: Could not retrieve catalog from remote server: Connection reset by 
peer - SSL_connect
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: Connection reset by peer - SSL_connect


I am going to try the timeout setting in the module, but the only module I 
have running is one that checks to see if a particular service is running.




On Thursday, October 25, 2012 5:09:35 PM UTC-4, denmat wrote:

 Interesting setup. Sometimes providers block uncommon ports. Can you get 
 to 8140 over your 3/4g? If not, try running on 443 (change puppet.conf or 
 apache ports).

 If none of these work check the docs for timeout settings (can't remember 
 of hand).

 Den

 On 26/10/2012, at 3:55, Steve steve...@gmail.com javascript: wrote:

 I have a puppetmaster on an Amazon EC2 instance of Ubuntu 12.04. All of 
 the puppet nodes I am running are also on ubuntu server 12.04. I can 
 connect any of the nodes on a wireless or LAN connection. When I switch my 
 node to a Verizon mobile 3g or 4g device I run puppet agent -t and I get 
 the message

 err: Could not retrieve catalog from remote server: Connection time out - 
 SSL_connect
 warning: Not using cache on failed catalog
 err: Could not retrieve catalog; skipping run
 err: Could not send report: Connection timed out - SSL_connect

 Before I got the message there was a long pause about 20 minutes long 
 trying to do the update.

 I can download and install packages with the 3g connection using apt-get 
 install. I can access webpages including secure pages using Lynx. I can 
 ping the Puppet Master.

 I wanted to make sure I was getting through to the Puppet Master so I 
 removed the certificate from both the Puppet Master and the Client. Then I 
 ran puppet agent -t and the certificate was signed and I can see it again 
 on the Puppet Master and the client. 

 I checked port 8140 to see that it is open in Amazon, and it is. There is 
 no firewall enabled in the instance itself.

 Next I limited the puppet update to only one trivial module and nothing 
 changed.

 Lastly, I connected a node that is on a desktop version of Ubuntu 12.10 
 and connected my Verizon device. I had the similar behavior. The system 
 paused for 10 to 20 minutes like before then gave me the message:

 Error: Failed to apply catalog: execution expired
 Error: Could not send report: execution expired

 Since I have little experience with puppet or these devices, I suspect the 
 device has some sort of interrupt or time out on the device that causes 
 problems with the puppet process.

 Anyways as far as I can tell the only thing I cannot do with this 
 connection is update puppet.

 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/PHNcXaR-TyAJ.
 To post to this group, send email to puppet...@googlegroups.comjavascript:
 .
 To unsubscribe from this group, send email to 
 puppet-users...@googlegroups.com javascript:.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/8qegs60WbJkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Launching a full screen app through puppet

2012-10-26 Thread Lucas Vickers

Hello,

I'm controlling 180 windows machines for an art project.  I am using
puppet to configure the machines, push out an app as a zip, unzip it,
change permissions, then launch it.  Everything works perfectly,
except the app is being launched in a hidden desktop due to windows
security.

From what I'm told since puppet runs as a service it is not allowed to
launch an app on the logged in desktop.  I confirmed that when running
the puppet agent manually the app launches correctly.

My question is, does anyone have any experience launching an .exe from
puppet in windows in the current logged in desktop?

thanks,
Lucas

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] reportdir ignored



On Friday, October 26, 2012 at 3:53 PM, Jeff McCune wrote:

 On Oct 26, 2012, at 7:23 AM, Frank urealfr...@gmail.com 
 (mailto:urealfr...@gmail.com) wrote:
  
  Hi,
   
  I've filled up my hard drive so I want to point /var/lib/puppet/reports to 
  another volume.
   
  I've change /etc/puppet/puppet.conf to match my needs:
   
  #reportdir = /var/lib/puppet/reports
  reportdir = /VOL2/puppet/reports
   
  after restarting puppet I see reports being stored in the same original 
  place.
   
  I am missing some step here?
  
 And this has been added to the [main] or [master] section in the conf file?

[user]

I'm gonna try it on master section…
  
  
 -Jeff
  
 --  
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com 
 (mailto:puppet-users@googlegroups.com).
 To unsubscribe from this group, send email to 
 puppet-users+unsubscr...@googlegroups.com 
 (mailto:puppet-users+unsubscr...@googlegroups.com).
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
  
  


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] 'puppet resource user' questions

2012-10-26 Thread llowder

When I run puppet resource user ldadpuser I get a resource definition 
back for that user. However, when I run puppet resource user I do NOT see 
ldapuser in the list.

Is this intended behavior? Is there a way to get a list of all users, 
whether they are ldap or local?

This node is running puppet 2.7.19 on Ubuntu 12.04 against a 2.7.19 master 
on Ubuntu 10.04.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/xzPXljvjvGoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] reportdir ignored

solved! many thanks :)

--  
Frank


On Friday, October 26, 2012 at 4:13 PM, Frank wrote:

  
  
 On Friday, October 26, 2012 at 3:53 PM, Jeff McCune wrote:
  
  On Oct 26, 2012, at 7:23 AM, Frank urealfr...@gmail.com 
  (mailto:urealfr...@gmail.com) wrote:
   
   Hi,

   I've filled up my hard drive so I want to point /var/lib/puppet/reports 
   to another volume.

   I've change /etc/puppet/puppet.conf to match my needs:

   #reportdir = /var/lib/puppet/reports
   reportdir = /VOL2/puppet/reports

   after restarting puppet I see reports being stored in the same original 
   place.

   I am missing some step here?
   
  And this has been added to the [main] or [master] section in the conf file?
  
 [user]
  
 I'm gonna try it on master section…
   
   
  -Jeff
   
  --  
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To post to this group, send email to puppet-users@googlegroups.com 
  (mailto:puppet-users@googlegroups.com).
  To unsubscribe from this group, send email to 
  puppet-users+unsubscr...@googlegroups.com 
  (mailto:puppet-users+unsubscr...@googlegroups.com).
  For more options, visit this group at 
  http://groups.google.com/group/puppet-users?hl=en.
   
   
   
  
  

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] copy file from a host other than puppet-server

2012-10-26 Thread iamauser

thanks for this. A bit confused with your answer :

what do you mean *on bar* and *on foo*. Is it mean on the machine 'foo'  or
 
node 'foo' {blah...blah } on puppet-server  ?

I tried defining both for the corresponding nodes, but it does nothing.



On Friday, October 26, 2012 4:53:28 PM UTC+2, Fireblade wrote:

  Yes you can use storedconfig's.  Example of how I us them below.

  

 on bar

  

 @@file {

 $check_mk_location/conf.d/main/${hostname}.mk:

 ensure = file,

 content = template(check_mk/main.erb),

 tag = 'check_mk_remote'

 }

  

 on foo

  

 File | tag == 'check_mk_remote_parents' |

  

 http://projects.puppetlabs.com/projects/1/wiki/using_stored_configuration

  

  

  

 *From:* puppet...@googlegroups.com javascript: [mailto:
 puppet...@googlegroups.com javascript:] *On Behalf Of *iamauser
 *Sent:* 26 October 2012 14:43
 *To:* puppet...@googlegroups.com javascript:
 *Subject:* [Puppet Users] copy file from a host other than puppet-server

  
  
 Is there a way to copy files to one host (foo) from another (bar) in the 
 same domain (mydom.org), where neither of them is the puppet-server, but 
 both of them have *puppetd* running ? I am looking for something similar to 
 the *server* method in *cfengine copy* where one can provide a server name 
 for the source file. Here is what I have tried and failed : 
  
   
  
  node 'foo.mydom.org' inherits default {
  
 include foo_class::setup
  
  }
  
  
  
 foo_class::setup defined in the modules/foo_class/setup.pp in the 
 puppet-server node.
  
  
  
  class foo_class::setup {
  
 file {
  
  etc_passwd_file :
  
path = /etc/passwd,
  
source = 
 puppet://bar.mydom.org//${path_to_file}http://bar.mydom.org//$%7Bpath_to_file%7D
 ,
  
 }
  
   }
  
  
  
 When running 
  
  
  
   puppet --noop --server=puppet --no-daemonize --verbose --onetime
  
  
  
 I get error :
  
  
  
   . Could not evaluate: Could not retrieve information from 
 environment production source(s) 
 puppet://bar.mydom.org//${path_to_file}http://bar.mydom.org//$%7Bpath_to_file%7Dat
  /etc/puppet/modules/foo_class/manifests/setup.pp  
  
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To view this discussion on the web visit 
 https://groups.google.com/d/msg/puppet-users/-/sKd6dE6Fq3gJ.
 To post to this group, send email to puppe...@googlegroups.comjavascript:
 .
 To unsubscribe from this group, send email to 
 puppet-user...@googlegroups.com javascript:.
 For more options, visit this group at 
 http://groups.google.com/group/puppet-users?hl=en.
  
 --
 This email has been sent from Gala Coral Group Limited (GCG) or a 
 subsidiary or associated company. GCG is registered in England with company 
 number 07254686. Registered office address: 71 Queensway, London W2 4QH, 
 United Kingdom; website: www.galacoral.com.

 This e-mail message (and any attachments) is confidential and may contain 
 privileged and/or proprietorial information protected by legal rules. It is 
 for use by the intended addressee only. If you believe you are not the 
 intended recipient or that the sender is not authorised to send you the 
 email, please return it to the sender (and please copy it to 
 h...@galacoral.com javascript:) and then delete it from your computer. 
 You should not otherwise copy or disclose its contents to anyone.

 Except where this email is sent in the usual course of business, the views 
 expressed are those of the sender and not necessarily ours. We reserve the 
 right to monitor all emails sent to and from our businesses, to protect the 
 businesses and to ensure compliance with internal policies.

 Emails are not secure and cannot be guaranteed to be error-free, as they 
 can be intercepted, amended, lost or destroyed, and may contain viruses; 
 anyone who communicates with us by email is taken to accept these risks. 
 GCG accepts no liability for any loss or damage which may be caused by 
 software viruses.
  

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/yXAlnq2I7RQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: What is the @ used for?



On Thursday, October 25, 2012 7:40:50 PM UTC-5, Ben McCann wrote:

 See http://docs.puppetlabs.com/guides/virtual_resources.html

 On Thursday, October 25, 2012 5:01:45 PM UTC-7, Dave Alden wrote:

 Hi, 
  Sorry to be dense, but I've recently switched over to use the puppet 
 labs apache module, but I was having trouble with the firewall not getting 
 updated.  It turns out that the @ in front of the firewall line seems to 
 be keeping it from running.  As soon as I removed it, my firewall got 
 updated.  So what does the @ do? 
 …dave



Do read the docs on virtual resources to which Ben directed you.  They 
should answer the question you posed.  With respect to some of the 
questions you did not pose:

Changing a resource from virtual to concrete is probably not the best 
solution, and it may not even be a correct solution, depending on the 
module implementation details and your own configuration needs.  Do read 
whatever module documentation there is; it should cover questions regarding 
which of its classes and resources are intended to be used directly by your 
own classes, and how, and which are intended for internal use only.

In particular, if the firewall resource you are talking about is intended 
to be accessed by outside classes and resources, then the docs ought to 
instruct you to realize it via the 'realize' function or a resource 
collection.  You probably should not make it concrete (by removing the 
'@'), certainly not if you don't understand what you're doing.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/gqYRMO4rp3cJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: hiera broken in puppet-3

I think that might have been renamed...

http://docs.puppetlabs.com/puppet/3/reference/lang_variables.html#facts-and-built-in-variables

Down near the bottom, under parser set variables, there's $module_name and 
$caller_module_name. That what you meant to use?

On Friday, October 26, 2012 5:14:56 AM UTC-7, asq wrote:

 is anybody using hiera with puppet-3 and per-module hierarchy?
 it seems calling_module/calling_class is entirely broken now.

 see: http://pastebin.com/CfbW5Kcu and #16730 and PR1214 (which only fixes 
 backend_puppet i think).

 anyone has some unofficial patches? because i'm just stuck in migration :(
 please don't advise me to use data bindings as there is no way to use them 
 in 2.7 and we need seamless migration path.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ysgWFC8zyl0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: creating a list of files from an external define



On Thursday, October 25, 2012 3:33:16 PM UTC-5, danielt wrote:

Puppet expects to find a definition with this name:


 helper::files{


 
in this file:

[...] modules/helper/manifests/files.pp


 

 [...] I usually had the install define within the class. But puppet-lint 
 didn't like this so I thought outsourcing it to its own module would work 
 out. 



I'm not sure what you mean about putting the define in its own module, but 
doing so (correctly) without changing its name would have put it exactly 
where Puppet was looking for it.  Some people try to use module as a 
synonym for file, but Puppet modules are structured collections of 
files containing class, resource, and data definitions, and arranged 
according to a standard directory structure.

The definition doesn't need to be in its own module, but it should be in 
its own *file* within the module (which is what puppet-lint was telling 
you), and it should identify itself by its fully-qualified name.  Anyone 
outside the module must reference it by that fully-qualified name.  Classes 
and resources in the same module ought to be able to reference it by its 
name relative to the module, but they *should* reference it by its 
fully-qualified name, too.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/nDpeoYEXupkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

If you're using this wget module

https://github.com/liquidstate/puppet-wget/blob/master/manifests/init.pp

It's set to not run so long as the destination is still there, so 
/tmp/Python-${version}.tgz needs to stick around. I'm not sure which 
archive module you're using, but as long as you have that require there, it 
should follow.

On Friday, October 26, 2012 6:55:32 AM UTC-7, Dave Mankoff wrote:

 Howdy. I feel like I am missing something really simply with regards to 
 the way that Puppet works and I am wondering if someone can point me in the 
 write direction.

 I have written a class that downloads, uncompresses, compiles, and 
 installs Python from source. So far so good. The problem is that it only 
 needs to do this once, when Python is not already in place (or some other 
 custom indicator of the Python version). I have my 3 calls to exec doing 
 their checks just fine, but my calls to wget::fetch and archive::untar both 
 fire during every apply. Specifically, archive::untar takes about 30 
 seconds to run and I'd prefer it if it only ran conditionally. 

 What is the best way to make sure that this code:

   wget::fetch { python-${version}:
 source = 
 http://python.org/ftp/python/${version}/Python-${version}.tgz;,
 destination = /tmp/Python-${version}.tgz,
   }

   archive::untar {/tmp/python-${version}:
 source = /tmp/Python-${version}.tgz,
 compression = 'gz',
 rootdir = Python-${version},
 require = Wget::Fetch[python-${version}],
   }

 only runs when some condition is met? I can easily put a custom file in 
 place to look for, but how do I make these commands dependent on its 
 absence? I tried making such a file and subscribing to it, but these 
 commands still ran each time.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/M1fFodRbPxkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] defined types and enc

2012-10-26 Thread erkan yanar


Moin,
playing with puppet. I did some defined type creating 
lxc-application-containers.
With that I could run a lot of virtualised applications on a host.
I choose defined types to call them many times for a node. 
In my understanding classes will not be able to be called many times on a node.
('name-clashing').

Trying to get my configuration into an enc. I looks like you can't use defined 
types via enc.

So I wonder if Im wrong?
If not is there a trick to call a class many times for a node. (Maybe by 
manipulating the name?)

Regards
Erkan


-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Dave Mankoff

Yeah, the wget seems to be working. The archive library I am using is:

http://forge.puppetlabs.com/bobsh/archive

It runs irrespective of whether or not wget actually fetches anything, 
however.

At this point, it seems that the exec type is the only thing that can 
actually conditionally run (unless, onlyif, creates, etc). I created a bash 
script in my templates directory that contains the wget and tar commands. I 
now copy that bash script out and only conditionally run it, which seems to 
defeat the whole purpose.

On Friday, October 26, 2012 12:30:19 PM UTC-4, Ellison Marks wrote:

 If you're using this wget module

 https://github.com/liquidstate/puppet-wget/blob/master/manifests/init.pp

 It's set to not run so long as the destination is still there, so 
 /tmp/Python-${version}.tgz needs to stick around. I'm not sure which 
 archive module you're using, but as long as you have that require there, it 
 should follow.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/G1Vyp1_uO2YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

RE: [Puppet Users] copy file from a host other than puppet-server

2012-10-26 Thread Greenhalgh, Mark

I think the best way I can explain this is to point you to the full recipe.

https://github.com/Firebladee/Puppet/tree/master/modules/check_mk

You will see in the init.pp file that it creates a file on the agent and then 
copies the file to the server.



From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of iamauser
Sent: 26 October 2012 16:54
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] copy file from a host other than puppet-server

thanks for this. A bit confused with your answer :

what do you mean *on bar* and *on foo*. Is it mean on the machine 'foo'  or

node 'foo' {blah...blah } on puppet-server  ?

I tried defining both for the corresponding nodes, but it does nothing.



On Friday, October 26, 2012 4:53:28 PM UTC+2, Fireblade wrote:
Yes you can use storedconfig's.  Example of how I us them below.

on bar

@@file {
$check_mk_location/conf.d/main/${hostname}.mk:
ensure = file,
content = template(check_mk/main.erb),
tag = 'check_mk_remote'
}

on foo

File | tag == 'check_mk_remote_parents' |

http://projects.puppetlabs.com/projects/1/wiki/using_stored_configuration



From: puppet...@googlegroups.comjavascript: 
[mailto:puppet...@googlegroups.comjavascript:] On Behalf Of iamauser
Sent: 26 October 2012 14:43
To: puppet...@googlegroups.comjavascript:
Subject: [Puppet Users] copy file from a host other than puppet-server

Is there a way to copy files to one host (foo) from another (bar) in the same 
domain (mydom.orghttp://mydom.org), where neither of them is the 
puppet-server, but both of them have *puppetd* running ? I am looking for 
something similar to the *server* method in *cfengine copy* where one can 
provide a server name for the source file. Here is what I have tried and failed 
:

 node 'foo.mydom.orghttp://foo.mydom.org' inherits default {
include foo_class::setup
 }

foo_class::setup defined in the modules/foo_class/setup.pp in the puppet-server 
node.

 class foo_class::setup {
file {
 etc_passwd_file :
   path = /etc/passwd,
   source = 
puppet://bar.mydom.org//${path_to_file}http://bar.mydom.org/$%7Bpath_to_file%7D,
}
  }

When running

  puppet --noop --server=puppet --no-daemonize --verbose --onetime

I get error :

  . Could not evaluate: Could not retrieve information from 
environment production source(s) 
puppet://bar.mydom.org//${path_to_file}http://bar.mydom.org/$%7Bpath_to_file%7D
 at /etc/puppet/modules/foo_class/manifests/setup.pp 
--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/sKd6dE6Fq3gJ.
To post to this group, send email to puppe...@googlegroups.comjavascript:.
To unsubscribe from this group, send email to 
puppet-user...@googlegroups.comjavascript:.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.


This email has been sent from Gala Coral Group Limited (GCG) or a subsidiary 
or associated company. GCG is registered in England with company number 
07254686. Registered office address: 71 Queensway, London W2 4QH, United 
Kingdom; website: www.galacoral.comhttp://www.galacoral.com.

This e-mail message (and any attachments) is confidential and may contain 
privileged and/or proprietorial information protected by legal rules. It is for 
use by the intended addressee only. If you believe you are not the intended 
recipient or that the sender is not authorised to send you the email, please 
return it to the sender (and please copy it to h...@galacoral.comjavascript:) 
and then delete it from your computer. You should not otherwise copy or 
disclose its contents to anyone.

Except where this email is sent in the usual course of business, the views 
expressed are those of the sender and not necessarily ours. We reserve the 
right to monitor all emails sent to and from our businesses, to protect the 
businesses and to ensure compliance with internal policies.

Emails are not secure and cannot be guaranteed to be error-free, as they can be 
intercepted, amended, lost or destroyed, and may contain viruses; anyone who 
communicates with us by email is taken to accept these risks. GCG accepts no 
liability for any loss or damage which may be caused by software viruses.
--
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/yXAlnq2I7RQJ.
To post to this group, send email to 
puppet-users@googlegroups.commailto:puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.commailto:puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at

Re: [Puppet Users] Accessing variable from a user defined resource in the same module



On Friday, October 26, 2012 7:33:00 AM UTC-5, Abhijeet Rastogi wrote:



 On Fri 26 Oct 2012 04:42:56 PM IST, Calvin Walton wrote: 
  On Fri, 2012-10-26 at 13:16 +0530, Abhijeet R wrote: 
  ---templates 
  --t1.erb - I want to access value of $a and $b here. Using 
  mname::config::$a is not working. I am using %= 
  scope.lookupvar(mname::config::$a % to get the value. 
  
  In templates, you don't use the $ character on variable names. If the 
  template is being used directly in the mname::config type, you can do 
  %= @a % (preferred) 
  or 
  %= a % 
  

 Sorry about using $a in templates. I actually wrote it by mistake and I 
 didn't use it in my actual templates. But, I have a requirement where 
 I've to use the values of $a, $b in other classes. Thing is like, some 
 resources that are defined in user-defined resource have to defined 
 only once and are common of two or more instances for defined resource. 
 So, I included that in a new class (Otherwise, multiple definition 
 errors come). Now, this class needs to use the values passed to defined 
 resource. (ie $a, $b). So, what should I do? This thing is works in 2.6 
 and 2.7.9 perfectly but it throws errors like 

 For classes - warning: Dynamic lookup of $node_id at 
 /etc/puppet/modules/ucarp/manifests/up_down_scripts.pp:3 is deprecated. 
  Support will be removed in Puppet 2.8.  Use a fully-qualified variable 
 name (e.g., $classname::variable) or parameterized classes. 



That's a warning, not an error.  Code that elicits such warnings works in 
Puppet 2.7 the same way it worked in Puppet 2.6.  Nevertheless, you should 
fix the problem, and the message tells you how to do so.

 


 For template -  warning: Dynamic lookup of $vip_addr_gw at 
 /etc/puppet/modules/ucarp/templates/vip-up.erb:6 is deprecated.   
 Support will be removed in Puppet 2.8.  Use a fully-qualified variable 
 name (e.g., $classname::variable) or parameterized classes. 



Again, that's a warning, not an error.  If $vip_addr_gw is a local variable 
in the context from which the template is evaluated, a parameter of the 
class or definition that invokes template() or inline_template(), then it's 
also bogus.

 


 If I think of making a parametrised class instead of user-defined 
 resource, I'll be not be able to use that because I need to use that 
 class more than once for a node. (That is why I actually used 
 user-defined resource). 



Class vs. defined type does not make a difference for issues of that kind.
 


 TLDR - Few resources of a defined resource are to be defined only once 
 so are included in a class. How would that class be able to access the 
 parameters passed to the user-defined resource?



You can't, but you don't need to do it that way.  At all.

   1. Each class and definition should be in its own file
   2. An object whose nature precludes being applied more than once should 
   be a class, not a definition
   3. Any class's variables (except class parameters in some versions of 
   Puppet) can be accessed from anywhere in the manifest set by their 
   fully-qualified names (i.e. $module::class::variable)

That leaves you at least two options.  If you convert the singleton 
definitions to classes, then you can access their variables via their 
fully-qualified names.  If you want to leave them as definitions then you 
can store the needed values as variables of some class (as I think you said 
you did), and then read those class variables where you need them instead 
of trying to access the parameter values of the defined-type instance.
 

 Also, this defined 
 class is using templates to generate configuration files and needs to 
 access the parameters passed to defined resource. How should that be 
 done? 



It shouldn't.  The big picture, in case it was not apparent in the 
foregoing, is to pull the authoritative source of the needed values out of 
the definition to some place accessible to everyone who wants it.  Common 
choices for such a place include variables of some class and external data 
(perhaps accessed via hiera).


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/J5PbZFhuVCsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: serialized call for defines by naming them with array (ordering for the output )



On Friday, October 26, 2012 5:26:43 AM UTC-5, Dmitry Nilsen wrote:

 Hi.. I have following issue:
 If calling a define with an array as names, then it applyes defines in 
 parallel way (which is logical by puppet structure)

 example:

 # define a function
 define func(){
exec{/bin/echo $name  /tmp/file}
 }

 #  call it
 func{[a,b,c,d]: }

 then my file would have an ordering like:
 # cat /tmp/file
 b
 a
 d
 c

 but how to do this in a serialized way? so, that, at the end, my file has 
 an ordering structure exactly as an array, so:
 a
 b
 c
 d

 any idea?
 Its realy usefull for config files where the ordering of parameter does 
 matter.


Relative ordering of resources is achieved by declaring resource 
relationships.  You can do that via the 'require' and 'before' resource 
metaparameters, or via the resource chaining operators, but there is no 
mechanism for creating relationships based on the order of array elements.

You might be able to write a custom function that did that -- for instance, 
a create_relationships() function in the same spirit as the 
create_resources() built-in.  Alternatively, you could surely do what you 
want by switching (that class) to Ruby DSL instead of Puppet DSL.  I can't 
think of any other general-purpose approaches, but there might be 
additional alternatives for your particular problem.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/JC2hMyRuzU8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Passing parameters to Class from Dashboard

2012-10-26 Thread Javier Alvarez Samayoa

Good day to all:

I'm trying to use the browser's dashboard to pass a parameter variable to a 
simple class.

class hello ( $file_name ) {
  file {/tmp/${file_name}:
owner = 'ubuntu',
group = 'ubuntu'
  }
}

But when I run the agent update I keep getting

ubuntu@db:~$ sudo puppet agent --test
info: Retrieving plugin
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Must pass file_name to Class[Hello] at 
/etc/puppetlabs/puppet/modules/hello/manifests/init.pp:1 on node 
db.company.com

Any ideas on what I'm doing wrong?

Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/qu732-TrJHMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: OperatingSystem fact for Oracle Linux?



On Friday, October 26, 2012 4:19:25 AM UTC-5, Gavin Williams wrote:

 Morning all

 Not sure on the best place to raise this, so thought I'd start here... 

 I'm starting to work with Puppet and Oracle Linux 6.1. 
 Unfortunately I'm finding a lot of existing modules aren't working with OL 
 6.1, because they're coded to expect an operatingsystem fact of oel. 
 However at OL 6, the operatingsystem fact is now OracleLinux. 

 Any ideas on where this issue should go?


When Oracle dropped the Enterprise from the name of its distribution, 
facter stopped recognizing it.  The fix (submitted by Oracle, if I 
understand correctly) changes the value Facter reports for the 
operatingsystem fact for these versions, probably because the e in oel 
no longer applies.  This change went into Facter 1.6.1.  See
  http://projects.puppetlabs.com/issues/9178
and
  http://projects.puppetlabs.com/issues/10241

Atlhough the tickets don't show it, discussion elsewhere indicates that PL 
personnel were aware that the fact change would cause breakage such as you 
report.  I suspect, but cannot confirm, that this was covered in the 
release notes.  Any way around, the bottom line is that the change was 
intentional.

With that being the case, the issue should be directed to the maintainers 
of affected modules.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/F14IqGjX9jAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Passing parameters to Class from Dashboard

2012-10-26 Thread Javier Alvarez Samayoa

I just found the answer in another thread.

In case somebody is looking to pass parameters from the dashboard to your 
classes you should
reference those variables like this:

$::foo instead of $foo which are local variables

Hope it helps

On Friday, October 26, 2012 10:28:11 AM UTC-6, Javier Alvarez Samayoa wrote:

 Good day to all:

 I'm trying to use the browser's dashboard to pass a parameter variable to 
 a simple class.

 class hello ( $file_name ) {
   file {/tmp/${file_name}:
 owner = 'ubuntu',
 group = 'ubuntu'
   }
 }

 But when I run the agent update I keep getting

 ubuntu@db:~$ sudo puppet agent --test
 info: Retrieving plugin
 info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb
 info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb
 info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb
 err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
 Must pass file_name to Class[Hello] at 
 /etc/puppetlabs/puppet/modules/hello/manifests/init.pp:1 on node 
 db.company.com

 Any ideas on what I'm doing wrong?

 Thanks in advance.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/RoTsakEh9FkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

Ah, right, my mistake, the require won't guarantee anything in this case, 
as the other command is successful, even if it does nothing. It's early...

However, looking at that module it seems like it's trying to use 
refreshonly, but it doesn't look like it will be effective the way it's 
using it. You might try adding

creates = $name,

under the

exec {$exec_name:

resource in untar.pp. This would make it dependent on the name given to 
archive::untar, /tmp/python-${version} in this case.

On Friday, October 26, 2012 9:35:45 AM UTC-7, Dave Mankoff wrote:

 Yeah, the wget seems to be working. The archive library I am using is:

 http://forge.puppetlabs.com/bobsh/archive

 It runs irrespective of whether or not wget actually fetches anything, 
 however.

 At this point, it seems that the exec type is the only thing that can 
 actually conditionally run (unless, onlyif, creates, etc). I created a bash 
 script in my templates directory that contains the wget and tar commands. I 
 now copy that bash script out and only conditionally run it, which seems to 
 defeat the whole purpose.

 On Friday, October 26, 2012 12:30:19 PM UTC-4, Ellison Marks wrote:

 If you're using this wget module

 https://github.com/liquidstate/puppet-wget/blob/master/manifests/init.pp

 It's set to not run so long as the destination is still there, so 
 /tmp/Python-${version}.tgz needs to stick around. I'm not sure which 
 archive module you're using, but as long as you have that require there, it 
 should follow.



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/lRzdxzGX85MJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Managing network interfaces?



On Thursday, October 25, 2012 8:05:09 PM UTC-5, Brian Rak wrote:

 I've been using Puppet to manage network interfaces on our machines.  To 
 do this I've got a class very similar to 
 http://forge.puppetlabs.com/razorsedge/network .  I'm encountering some 
 annoyances with this method of handling it:

 1) Every interface I have has to have a unique alias number.  This means 
 that whenever I want to add a new IP alias I have to grep through my entire 
 tree and find an unused number.  This seems... less then optimal.



Why are your interface definitions spread throughout your tree?

 

 2) If I'm changing an interface (say from normal to bonded networking) I 
 have to go and switch the interface definitions for everything on that 
 machine.  This also makes it difficult to have the same module used on 
 multiple machines (as their networking config needs to match exactly).



Why are you hardcoding interface names if it is important to be able to 
easily switch interfaces?

 

 2a) This gets more annoying as some of our newer machines have network 
 interfaces emX instead of ethX.  This means that all the definitions need 
 to be updated once again when we change hardware.



Again, why are you hardcoding interface names?
 


 Has anyone encountered this and come up with a decent solution?  I should 
 note that I'm using CentOS, all the modules I can find on forge appear to 
 be doing very similar things.



I have not tackled the specific problem you describe, but I'm inclined to 
think it arises more from the organization of your modules and manifest set 
than from any behavior of Puppet itself, or from interface-management 
modules such as the one you referred to.  I think you need a dose or two of 
indirection and maybe added structure in your manifests.  Some of the kinds 
of things to consider are

   - declaring interfaces inside classes, then establishing relationships 
   where needed to the containing class instead of to the resource itself
   - storing interface details in class variables and / or external data
   - extracting interface definitions to their own module to narrow your 
   search space
   - keeping separate documentation of the interfaces in use on each system
   - overall, working to make your manifests as DRY as possible, so that 
   you only need to make changes in one place

If you presented example code then we might have more specific suggestions.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/CV2EP8gGryIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] OperatingSystem fact for Oracle Linux?

2012-10-26 Thread Ramin K


On 10/26/2012 2:19 AM, Gavin Williams wrote:

Morning all

Not sure on the best place to raise this, so thought I'd start here...

I'm starting to work with Puppet and Oracle Linux 6.1.
Unfortunately I'm finding a lot of existing modules aren't working with
OL 6.1, because they're coded to expect an operatingsystem fact of oel.
However at OL 6, the operatingsystem fact is now OracleLinux.


	You may want to create pull requests for the modules referencing the 
tickets John mentioned and convert oel to a more inclusive regex. Or 
just make the changes locally to your repo.


  $file = $::operatingsystem ? {
/(?i:oel|oraclelinux)/ = '/some/file',
/(?i:debian|ubuntu)/   = '/some/other/file',
default= '/file',
  }

etc etc.

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: The Future of Puppet Dashboard

2012-10-26 Thread Aaron Stone

I'm interested in owning it. I started porting to Rails 3 last week and 
have quite a few fixes to the create/update/query endpoints to return more 
consistent YAML and JSON responses. At my organization we will continue to 
use Puppet Dashboard until Puppet Labs' recommended replacement solution is 
baked.

http://github.com/sodabrew/puppet-dashboard

Cheers,
Aaron

On Wednesday, October 10, 2012 10:02:35 AM UTC-7, Nigel Kersten wrote:

 (This mail has been sent to puppet-users, but bcc’d to puppet-dev and 
 puppet-announce to try and keep the conversation in one place.)


 Summary:

 * We are stopping investment in Dashboard
 * Most Dashboard functionality will be replaced by two new open source 
 services
 * Some Dashboard functionality will be replaced by a proprietary 
 application
 * The Dashboard will continue to be open source and we're happy to help 
 people take over maintenance
 * If we don't get a new maintainer, we will announce a date to EOL 
 Dashboard


 Details:

 If you’ve been following the development of Puppet Dashboard over the last 
 year or so, you’ve almost certainly noticed that it hasn’t been getting 
 much love from Puppet Labs.

 We’ve been thinking about this for a while, and we’ve decided that we’re 
 not going to invest more in the Dashboard. It will get security patches and 
 some minor improvements over the next few months, but we’re treating it as 
 an evolutionary dead end.

 We were planning to have some code ready for the replacement services 
 before making this announcement, but after questions at PuppetConf and 
 after the recent Dashboard update, we’ve realized that being transparent is 
 the right approach.

 We’re generally moving the Puppet platform in a direction that is more 
 aligned with service-oriented-architecture, with standalone services for 
 specific functionality that own their own data.  Monolithic apps like the 
 Dashboard that store a variety of data types don’t fit well into this world.

 You’ve seen the first moves of this with PuppetDB, where we have a 
 standalone, open source service with great APIs that is dedicated to 
 catalog and fact storage.

 The ENC functionality in the Dashboard will be replaced by an open source, 
 standalone service.  The report storage and basic report viewing 
 functionality from Dashboard will become part of PuppetDB, and will be open 
 source, just as the rest of PuppetDB is. Work has recently started on both 
 of these projects. We will be working on data migration scripts from 
 Dashboard to these new services.

 We will also be working on a new graphical application that provides an 
 interface to these services, but one more focused on workflows and advanced 
 use cases, and this application will be proprietary.

 This is the model Puppet Labs is looking to follow from now on. Open 
 source services, with great APIs and simple GUIs just like PuppetDB, and 
 proprietary graphical applications that are more opinionated in terms of 
 workflows. We believe this is a simple line that brings a lot of clarity to 
 the difference between our open source and proprietary applications.

 We’re still in the business of making Puppet a great open source platform, 
 and that’s not going to change. We will not be creating any secret APIs 
 that are just for use by Puppet Labs. We will be building our proprietary 
 apps on exactly the same APIs as everyone else has available to them.

 We believe this keeps us honest in terms of keeping the open source 
 platform strong and functional, as well as Puppet Labs being fair and 
 equitable to the rest of the ecosystem compared to the applications we’re 
 building a sustainable company around.

 We are not taking the Dashboard code base closed source.  Even though it’s 
 never really attracted a development community around it in the same way 
 that Puppet and MCollective have, if there are people who are committed to 
 its existence, we’re more than happy to help people take on the maintenance 
 role.

 We do think that it ultimately will need to be completely rewritten to 
 take advantage of the new ENC and PuppetDB report storage, and it needs a 
 general update to a newer version of Rails, but just as with *any* other 
 open source application that builds upon our platform, we will help anyone 
 who wants to take this on.

 We don’t have firm dates for when the replacement services will be ready, 
 but we expect their first releases to be out by the end of the year.  Once 
 both of these are ready, and we have migration scripts for your data, we’ll 
 announce a complete end of life date for Dashboard unless we have 
 replacement maintainers.

 Again, if you love Dashboard enough to want to maintain it, this is your 
 chance. 

 I encourage and expect public discussion about this topic, but if you wish 
 to convey your thoughts privately, you can always contact myself or Luke at:


 Nigel, CTO
 email/jabber: ni...@puppetlabs.com javascript:
 IRC : nigelk

 Luke, CEO
 email:

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Tim Mooney


In regard to: [Puppet Users] Have Class Only Perform Actions When There Is...:


Howdy. I feel like I am missing something really simply with regards to the
way that Puppet works and I am wondering if someone can point me in the
write direction.

I have written a class that downloads, uncompresses, compiles, and installs
Python from source. So far so good.


I would highly recommend you just package your custom python and install
it using a package management system, rather than doing what you're doing.
Depending on what host OS you're using, it's not too difficult, and it
works a lot better with puppet *and* you get all the benefits of having
the package installed through a more coherent means.


The problem is that it only needs to do
this once, when Python is not already in place (or some other custom
indicator of the Python version). I have my 3 calls to exec doing their
checks just fine, but my calls to wget::fetch and archive::untar both fire
during every apply. Specifically, archive::untar takes about 30 seconds to
run and I'd prefer it if it only ran conditionally.

What is the best way to make sure that this code:

 wget::fetch { python-${version}:
   source =
http://python.org/ftp/python/${version}/Python-${version}.tgz;,
   destination = /tmp/Python-${version}.tgz,
 }

 archive::untar {/tmp/python-${version}:
   source = /tmp/Python-${version}.tgz,
   compression = 'gz',
   rootdir = Python-${version},
   require = Wget::Fetch[python-${version}],
 }


As you're discovering, these kind of exec chains, where the first part
of the chain involves temporary files, don't really fit into the puppet
paradigm very well.  About the best you can do is something like

exec { '/usr/local/sbin/install-python-if-necessary.sh':
source  = 'http://your_module/install-python-if-necessary.sh',
creates = '/your/python/lib/dir',
}

and then bury all the fetch/extract/configure/compile/install logic
in the shell script, which puppet will make certain is always present
on the system.  It will only execute it if /your/python/lib/dir is not
present.

But if you're going to build fetch/extract/configure/compile/install logic
into a shell script, you're probably 85% of the way to packaging the
software appropriately anyway.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

2012-10-26 Thread Stefan Schulte

On Thu, Oct 25, 2012 at 05:11:34PM -0700, Ben McCann wrote:
 Definitely seems like a bug.  I added the Puppet Ubuntu repo and upgraded 
 to puppet 3.0.1 and it works now.  I'm not going to bother filing it since 
 it seems like it's since been fixed.
 
 

One question though: Do any of the groups you want to assign have the
same gid?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Launching a full screen app through puppet

2012-10-26 Thread Josh Cooper

Hi Lucas,

On Fri, Oct 26, 2012 at 8:10 AM, Lucas Vickers lucasvick...@gmail.com wrote:
 Hello,

 I'm controlling 180 windows machines for an art project.  I am using
 puppet to configure the machines, push out an app as a zip, unzip it,
 change permissions, then launch it.

If you do not need LocalSystem permissions, then you could simply
configure the puppet service to run as an unprivileged (domain or
local) user:

sc config puppet obj= username password= password

and allow the service to interact with the desktop:

sc config puppet type= interact

 Everything works perfectly,
 except the app is being launched in a hidden desktop due to windows
 security.

This page describes some of the issues.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190(v=vs.85).aspx

If the service opens a command window and runs a batch file, the user
could hit CTRL+C to terminate the batch file and gain access to a
command window with LocalSystem permissions. So privilege escalation.

 From what I'm told since puppet runs as a service it is not allowed to
 launch an app on the logged in desktop.  I confirmed that when running
 the puppet agent manually the app launches correctly.

It is possible to allow services running under LocalSystem to interact
with the desktop in older versions of Windows. If you don't care about
the security implications, you could investigate that, though I
wouldn't recommend it.

Alternatively, you could do something like this:
http://chabster.blogspot.com/2008/01/run-as-interactive-user-from-service.html.
Compile it and distribute it with your module.

Josh

-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Dave Mankoff



On Friday, October 26, 2012 2:31:56 PM UTC-4, Tim Mooney wrote:

 In regard to: [Puppet Users] Have Class Only Perform Actions When There 
 Is...: 

 I would highly recommend you just package your custom python and install 
 it using a package management system, rather than doing what you're doing. 
 Depending on what host OS you're using, it's not too difficult, and it 
 works a lot better with puppet *and* you get all the benefits of having 
 the package installed through a more coherent means. 

 As you're discovering, these kind of exec chains, where the first part 
 of the chain involves temporary files, don't really fit into the puppet 
 paradigm very well.  About the best you can do is something like 

  exec { '/usr/local/sbin/install-python-if-necessary.sh': 
  source  = '
 http://your_module/install-python-if-necessary.sh', 
  creates = '/your/python/lib/dir', 
  } 

 and then bury all the fetch/extract/configure/compile/install logic 
 in the shell script, which puppet will make certain is always present 
 on the system.  It will only execute it if /your/python/lib/dir is not 
 present. 

 But if you're going to build fetch/extract/configure/compile/install logic 
 into a shell script, you're probably 85% of the way to packaging the 
 software appropriately anyway. 


Interesting. It sounds like you're actually advocating _for_ the bash 
script approach. I wanted to avoid package management systems only because 
they are way more complicated than a basic install of python requires:

  wget python.tgz
  tar -xzvf python.tgz
  cd python
  ./configure --prefix=/install/path
  make
  make test
  make install

I wanted to make (I have made?) a simple python class that accepts a 
python version number, downloads it, and runs those steps, irrespective of 
the base Linux flavor. I don't know much of anything about deb or rpm files 
other than that they are more complicated than that; and I don't want to 
have to package up and maintain several different python versions for 
several different package managers. 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/mAWFxrBz_kYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] OperatingSystem fact for Oracle Linux?

2012-10-26 Thread Stefan Schulte

On Fri, Oct 26, 2012 at 02:19:25AM -0700, Gavin Williams wrote:
 Morning all
 
 Not sure on the best place to raise this, so thought I'd start here... 
 
 I'm starting to work with Puppet and Oracle Linux 6.1. 
 Unfortunately I'm finding a lot of existing modules aren't working with OL 
 6.1, because they're coded to expect an operatingsystem fact of oel. 
 However at OL 6, the operatingsystem fact is now OracleLinux. 
 
 Any ideas on where this issue should go?
 
 Cheers
 Gavin  

Do you mean core functionalities of puppet or modules from the forge or
elsewhere from the net?

If you think that there should not be a difference between
OracleLinux, OVS and OEL (I don't even know what they stand for)
you might comment on http://projects.puppetlabs.com/issues/9178 that
introduced the OracleLinux fact or raise an issue.

If there is a coretype that does not work for you also create a ticket
on redmine. Most providers for example that will run on all RedHatish
versions should not confine on operartingsystem but on osfamily.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Accessing variable from a user defined resource in the same module

2012-10-26 Thread Abhijeet R




On Fri 26 Oct 2012 10:15:23 PM IST, jcbollinger wrote:



On Friday, October 26, 2012 7:33:00 AM UTC-5, Abhijeet Rastogi wrote:
That leaves you at least two options.  If you convert the singleton
definitions to classes, then you can access their variables via their
fully-qualified names.  If you want to leave them as definitions then
you can store the needed values as variables of some class (as I think
you said you did), and then read those class variables where you need
them instead of trying to access the parameter values of the
defined-type instance.


How can save the values from defined resources to a variable of class?

When I tried doing that, I got error like Cannot assign to variables 
in other namespaces at ... 





It shouldn't.  The big picture, in case it was not apparent in the
foregoing, is to pull the authoritative source of the needed values
out of the definition to some place accessible to everyone who wants
it.  Common choices for such a place include variables of some class
and external data (perhaps accessed via hiera).


--
Cheers,
Abhijeet R
http://blog.abhijeetr.com

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: PuppetDB API permissions

2012-10-26 Thread Nick Lewis

On Friday, October 26, 2012 7:24:18 AM UTC-7, ak0ska wrote:

 Hello,

 Is it possible to control from which nodes is it allowed to execute 
 commands like replace catalog and replace facts, and which nodes can 
 only do queries (but no changes)? It seems like once someone could access 
 the service through http or https (depending on jetty.ini settings) can do 
 both.


Unfortunately, this isn't currently possible, though it's certainly 
something we'd like to provide in the future. Currently the only 
restriction that can be made is a whitelist of certnames which are allowed 
to talk to the API, for both read and write alike.

Until this is supported by PuppetDB itself, you could use a proxy to allow 
only certain routes.

If we were to add this feature, would it be sufficient to just have no 
access, read access, and read/write access as categories, or would you 
need something more granular than that (for instance, can query metrics but 
not facts)?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/6rioj916zpAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Stefan Schulte

On Fri, Oct 26, 2012 at 06:55:32AM -0700, Dave Mankoff wrote:
 Howdy. I feel like I am missing something really simply with regards to the 
 way that Puppet works and I am wondering if someone can point me in the 
 write direction.
 
 I have written a class that downloads, uncompresses, compiles, and installs 
 Python from source. So far so good. The problem is that it only needs to do 
 this once, when Python is not already in place (or some other custom 
 indicator of the Python version). I have my 3 calls to exec doing their 
 checks just fine, but my calls to wget::fetch and archive::untar both fire 
 during every apply. Specifically, archive::untar takes about 30 seconds to 
 run and I'd prefer it if it only ran conditionally. 
 
 What is the best way to make sure that this code:
 
   wget::fetch { python-${version}:
 source = 
 http://python.org/ftp/python/${version}/Python-${version}.tgz;,
 destination = /tmp/Python-${version}.tgz,
   }
 
   archive::untar {/tmp/python-${version}:
 source = /tmp/Python-${version}.tgz,
 compression = 'gz',
 rootdir = Python-${version},
 require = Wget::Fetch[python-${version}],
   }
 
 only runs when some condition is met? I can easily put a custom file in 
 place to look for, but how do I make these commands dependent on its 
 absence? I tried making such a file and subscribing to it, but these 
 commands still ran each time.
 

You don't tell us how wget::fetch is implemented so I can only guess
that there is an exec resource in there? The wget::fetch resource is
*always* evaluated so you have to make sure that the exec resource inside
does not do anything (the exec resource has a `creates` parameter you
can point to a file. If this file is present the command specified by
the `command´ parameter will not run).

Is there a reason why you do not install python as a package or build a
package your own?

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Trouble adding a user to a group

2012-10-26 Thread Ben McCann

Nope, all groups have different gids.

On Fri, Oct 26, 2012 at 11:34 AM, Stefan Schulte 
stefan.schu...@taunusstein.net wrote:

 On Thu, Oct 25, 2012 at 05:11:34PM -0700, Ben McCann wrote:
  Definitely seems like a bug.  I added the Puppet Ubuntu repo and upgraded
  to puppet 3.0.1 and it works now.  I'm not going to bother filing it
 since
  it seems like it's since been fixed.
 
 

 One question though: Do any of the groups you want to assign have the
 same gid?

 -Stefan

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
about.me/benmccann

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread dave

 You don't tell us how wget::fetch is implemented so I can only guess
 that there is an exec resource in there? The wget::fetch resource is
 *always* evaluated so you have to make sure that the exec resource inside
 does not do anything (the exec resource has a `creates` parameter you
 can point to a file. If this file is present the command specified by
 the `command´ parameter will not run).

 The wget package is: http://forge.puppetlabs.com/maestrodev/wget
The archive package is: http://forge.puppetlabs.com/bobsh/archive


 Is there a reason why you do not install python as a package or build a
 package your own?

 I wanted a python class where I could declare the version I wanted and
have it download and make-d. Most the package management systems I've seen
come with 2.6 (or older!) by default.

I didn't want to create my own package for reasons I listed in another
email: extra complication (python is really easy to make from source) and
extra maintenance (would have to maintain different python versions for
every package management system I wanted to support). I really just wanted
to create a simple puppet script to download and install python in a
consistent fashion on whatever system I happened to be setting up.


-dave

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Tim Mooney


In regard to: Re: [Puppet Users] Have Class Only Perform Actions When There...:




On Friday, October 26, 2012 2:31:56 PM UTC-4, Tim Mooney wrote:


In regard to: [Puppet Users] Have Class Only Perform Actions When There
Is...:

I would highly recommend you just package your custom python and install
it using a package management system, rather than doing what you're doing.
Depending on what host OS you're using, it's not too difficult, and it
works a lot better with puppet *and* you get all the benefits of having
the package installed through a more coherent means.

As you're discovering, these kind of exec chains, where the first part
of the chain involves temporary files, don't really fit into the puppet
paradigm very well.  About the best you can do is something like

 exec { '/usr/local/sbin/install-python-if-necessary.sh':
 source  = '
http://your_module/install-python-if-necessary.sh',
 creates = '/your/python/lib/dir',
 }

and then bury all the fetch/extract/configure/compile/install logic
in the shell script, which puppet will make certain is always present
on the system.  It will only execute it if /your/python/lib/dir is not
present.

But if you're going to build fetch/extract/configure/compile/install logic
into a shell script, you're probably 85% of the way to packaging the
software appropriately anyway.



Interesting. It sounds like you're actually advocating _for_ the bash
script approach.


Absolutely not.  I think the package management system is definitely the
way to go.  If you're bound and determined to not do it that way, and
you want to avoid having the pre-cursor exec's fire in your
fetch/extract/compile chain, then the shell script is really your
best option.

Otherwise, the wget fetch will fire any time that
/tmp/Python-${version}.tgz is not present.  That won't be present if
your /tmp cleaner gets rid of it.  Ditto for the extract step.

I'm assuming that none of these systems are multi-user systems, where you
might have less-than-trustworthy people with local access on the system.
If that's not the case, I definitely wouldn't be having the first step
of a multi-exec chain depend on a file in /tmp.


I wanted to avoid package management systems only because
they are way more complicated than a basic install of python requires:

 wget python.tgz
 tar -xzvf python.tgz
 cd python
 ./configure --prefix=/install/path
 make
 make test
 make install

I wanted to make (I have made?) a simple python class that accepts a
python version number, downloads it, and runs those steps, irrespective of
the base Linux flavor. I don't know much of anything about deb or rpm files
other than that they are more complicated than that; and I don't want to
have to package up and maintain several different python versions for
several different package managers.


You don't have to create your package from whole cloth, though.  You
download the source format for the package management system, extract
the recipe file, make a couple of changes for your local install, and
then build the package.

In the case of an RPM, that means starting with the source RPM (.srpm) for
the python that comes from your CentOS/RHEL/RHEL-derived vendor.  You
would extract the spec file (the recipe), tweak the %_prefix, the
Version, and probably not much else.

If you're still against packaging it, there's external repos you might
consider, to get packages that someone else has created.  That might not
meet your needs, though.

Ultimately, use puppet however it works best for your organization.  Just
be advised that some things fit better into the puppet paradigm than
others.

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, IACC Building 701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: defined types and enc



On Friday, October 26, 2012 11:32:36 AM UTC-5, erkules wrote:


 Moin, 
 playing with puppet. I did some defined type creating 
 lxc-application-containers. 
 With that I could run a lot of virtualised applications on a host. 
 I choose defined types to call them many times for a node. 
 In my understanding classes will not be able to be called many times on a 
 node. 
 ('name-clashing'). 



That's sort-of true, but it misses the key point.  Classes represent 
configurations features with singleton nature -- if managed at all then 
they are either present/on or absent/off.  Thus, although there are ways to 
declare the same class more than once, but they do not permit you to use 
different sets of parameters, and they have no additional implications for 
the target node's configuration beyond what declaring that class once would 
have.

In any case, supposing that you want to be able to declare containers for 
multiple different applications on the same node, you cannot model them all 
via a single class (though you can model a particular collection of them 
with a class).
 


 Trying to get my configuration into an enc. I looks like you can't use 
 defined types via enc. 

 So I wonder if Im wrong? 



You are correct that an ENC cannot declare instances of a defined type, nor 
of any other resource type for that matter.  It can declare only classes 
and global variables.

 

 If not is there a trick to call a class many times for a node. (Maybe by 
 manipulating the name?) 


You can create classes with different names but similar content, or you can 
use one class that wraps all the resources you want.  For example,

class mymodule::lxc_application_containers {
  mymodule::lxc_application_container { 'container1:
application = 'Awesomeness1.1'
# other parameters
  }
  mymodule::lxc_application_container { 'container2:
application = 'Moneymaker3.2'
# other parameters
  }
  # other containers ...
}

Supposing that the point is to select a subset of the available 
applications for each target node, using the one-class approach, you can do 
that via global variables (yuck), class parameters (meh), or data from an 
external source (best bet).

On the other hand, don't discard the idea of different classes too 
lightly.  In many cases it makes a lot of sense.  In particular, it may 
relieve pressure on your defined type to be sufficiently flexible to do 
everything needed for any application you might ever want to use.  Having a 
separate class for each module could make it a lot easier to deal with the 
special needs of each application.

Note also that names in Puppet should not contain the hyphen (-).  It may 
happen to work in some versions of Puppet, but it is not supported, and 
some uses definitely will fail in various Puppet versions.  This applies 
most to variable names, including parameter names, but also to class, 
module, and definition names.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/sGIe97g0JsEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Accessing variable from a user defined resource in the same module



On Friday, October 26, 2012 1:54:23 PM UTC-5, Abhijeet Rastogi wrote:



 On Fri 26 Oct 2012 10:15:23 PM IST, jcbollinger wrote: 
  
  
  On Friday, October 26, 2012 7:33:00 AM UTC-5, Abhijeet Rastogi wrote: 
  That leaves you at least two options.  If you convert the singleton 
  definitions to classes, then you can access their variables via their 
  fully-qualified names.  If you want to leave them as definitions then 
  you can store the needed values as variables of some class (as I think 
  you said you did), and then read those class variables where you need 
  them instead of trying to access the parameter values of the 
  defined-type instance. 

 How can save the values from defined resources to a variable of class? 

 When I tried doing that, I got error like Cannot assign to variables 
 in other namespaces at ...  



You misunderstand.  A defined type cannot set class variables, nor can one 
class set a different class's variables.  Class variables must be set by 
the class to which they belong.  Thereafter, their values can be referenced 
by anything, and in particular by your defined type.


John

 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/9bCYHGbDX2AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Managing network interfaces?

2012-10-26 Thread Adrien Thebo

On Thu, Oct 25, 2012 at 6:05 PM, Brian Rak d...@devicenull.org wrote:

 I've been using Puppet to manage network interfaces on our machines.  To
 do this I've got a class very similar to
 http://forge.puppetlabs.com/razorsedge/network .  I'm encountering some
 annoyances with this method of handling it:

 1) Every interface I have has to have a unique alias number.  This means
 that whenever I want to add a new IP alias I have to grep through my entire
 tree and find an unused number.  This seems... less then optimal.


Is this with respect to having to have eth0:0/eth0:1 for each IP address
you want to assign to a single interface? I have my own network_config type
at http://forge.puppetlabs.com/adrien/network that might be able to ease
some of those problems, depending on what your exact problem is.


 2) If I'm changing an interface (say from normal to bonded networking) I
 have to go and switch the interface definitions for everything on that
 machine.  This also makes it difficult to have the same module used on
 multiple machines (as their networking config needs to match exactly).


Is this with respect to bonding eth0 and eth1 and having to reassign the IP
addresses?


 2a) This gets more annoying as some of our newer machines have network
 interfaces emX instead of ethX.  This means that all the definitions need
 to be updated once again when we change hardware.


Yeah, this is an annoyance. The solution for this will probably mean adding
udev rules to sort this out so that eth0 will always be associated with a
certain device regardless of how the distro wants to name things.


 Has anyone encountered this and come up with a decent solution?  I should
 note that I'm using CentOS, all the modules I can find on forge appear to
 be doing very similar things.


 If you are having trouble managing what interfaces get what configs on a
wide base, have you considered storing the data in hiera and then pulling
that out when generating interfaces? I've done that with our linode boxes;
I drop all of the configuration for private addresses into hiera and if a
machine has an address available, it assigns itself that from the hiera
lookup.

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To view this discussion on the web visit
 https://groups.google.com/d/msg/puppet-users/-/IPtvRTAwRWgJ.
 To post to this group, send email to puppet-users@googlegroups.com.
 To unsubscribe from this group, send email to
 puppet-users+unsubscr...@googlegroups.com.
 For more options, visit this group at
 http://groups.google.com/group/puppet-users?hl=en.




-- 
Adrien Thebo | Puppet Labs Operations

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Upgrading from PuppetMaster 2.7 to 3.0 breaks the Console dashboard and foreman

2012-10-26 Thread MasterPO

I am running RHEL 6 64bit using the puppetlabs yum repositories.
I have it configured to run the Puppet Console against port 3000 and The 
Foreman against port 3030 using passenger.
 
When I installed the upgrade to puppetmaster 3.0, both the Puppet Cosole 
stopped working and rails/passenger broke for The Foreman.
Has anyone else seen this and if so, how have you fixed it?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/uPDTPLa78XkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] multiple puppetmasters, 1 as the CA. Using passenger and mod_proxy

2012-10-26 Thread Jason Wright

We don't run that configuration on Corp Puppet servers; we change ca_server.

You may have better luck if you ask on puppet-users.

https://groups.google.com/forum/?fromgroups#!forum/puppet-users

Thanks,
Jason

On Fri, Oct 26, 2012 at 1:06 PM, ryan wallner wallnerr...@gmail.com wrote:

HI all,

I am currently setting up a HA devops configuration using puppet. I want to
be able to run a single puppet master as the CA and the rest act as peering
puppet masters. I have each puppet master running on passenger and I am
proxying the SSL requests to the CA server following:

http://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-redirect-certificate-traffic
http://docs.puppetlabs.com/guides/passenger.html

as a reference.

Watching the access.log on each master, when an agent requests a cert from a
puppetmaster that is not the CA, I can see the request forwarded: (below)

.4 is the agent
.3 us the master proxying the request
puppetca is the acting CA for all masters

Here is the what logs in access.log for the puppetmaster that is NOT the CA.
ubuntu-pupmaster1:8140 192.168.192.4 - - [26/Oct/2012:15:32:36 -0400] GET
/production/certificate/agent-hostname? HTTP/1.1 200 2245 - -

Here is what logs in the master which IS the CA
puppetca:8140 192.168.192.3 - - [26/Oct/2012:15:32:33 -0400] GET / 400 588
- -

Here is what I am receiving on the Agents end.
warning: peer certificate won't be verified in this SSL session
err: Could not request certificate: No content type in http response; cannot
parse

Attached are the config files for the vhost for the masters, labeled CA and
NONCA. Also attached are the config.ru for the rack app and httpd.conf whre
the proxy balancer is specified.

Any help is appreciated. I just started debugging but feedback is appreciated
if anyone has ideas.

-r

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/7ws4VMcUxE8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

--
Life was better when sun4m mattered. -Thom

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: defined types and enc

2012-10-26 Thread erkan yanar


On Fri, Oct 26, 2012 at 12:24:52PM -0700, jcbollinger wrote:
 
[snip] 
  
 
  If not is there a trick to call a class many times for a node. (Maybe by 
  manipulating the name?) 
 
 
 You can create classes with different names but similar content, or you can 
 use one class that wraps all the resources you want.  For example,
 
 class mymodule::lxc_application_containers {
   mymodule::lxc_application_container { 'container1:
 application = 'Awesomeness1.1'
 # other parameters
   }
   mymodule::lxc_application_container { 'container2:
 application = 'Moneymaker3.2'
 # other parameters
   }
   # other containers ...
 }

Ok my defined types in a class.
How would that look like in a yaml-output?

 
 Supposing that the point is to select a subset of the available 
 applications for each target node, using the one-class approach, you can do 
 that via global variables (yuck), class parameters (meh), or data from an 
 external source (best bet).

Hmm, right now it is the same application running multiple times.


 
 On the other hand, don't discard the idea of different classes too 
 lightly.  In many cases it makes a lot of sense.  In particular, it may 
 relieve pressure on your defined type to be sufficiently flexible to do 
 everything needed for any application you might ever want to use.  Having a 
 separate class for each module could make it a lot easier to deal with the 
 special needs of each application.
 

Right, in my case it is (for now) the same application. Having for every 
application
a different name would no be that dynamic I would suggest/hope it to be.
As the differ in IP and some dirs only.
So this would suggest to write a class for every application I want to run then?


[snip/thx]

Regards
Erkan

-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)

2012-10-26 Thread Aaron Grewell


 I would highly recommend you just package your custom python and install
 it using a package management system, rather than doing what you're
 doing.

In this case you really ought to consider packaging, but there's
always *something* that doesn't work that way for whatever reason
(badly-wrapped vendor software is a favorite here).  IMHO a tarball
installer is a necessary evil in certain situations.  It'll probably
take a bit of tweaking to get it working in your environment , but
this works well for me.

# Define: packages::tar::install
#
# This define installs tar-based packages, including making sure they're
# only installed once and performing cleanup after the installation.
#
# Sample Usage:
# packages::tar::install { 'vmware-solaris-tools':
# package   = 'vmware-solaris-tools-381511.tar.gz', # name of tarball
# repo  = 'http://hostname/path',  # ftp or http path minus filename
# dir   = 'vmware-tools-distrib', # top-level directory in the tarball
# installer = 'vmware-install.pl', # name of install script
# options   = '-d',  # options to pass to install script
# tmpdir= '/opt/tmp', # dir to extract tarball into
# }
define 
packages::tar::install($repo,$package,$dir,$installer,$options,$tmpdir='/var/tmp',
  $timeout='600',$dotdir='/opt/puppet/libexec'){

  exec { wget -O $tmpdir/$package $repo/$package:
unless  = /usr/bin/test -f ${dotdir}/.${package},
path= [/opt/csw/bin,/usr/bin],
alias   = wget_${package},
require = File[$tmpdir],
  }

  exec { gunzip -c $tmpdir/$package | tar xf - :
unless  = /usr/bin/test -f ${dotdir}/.${package},
path= [/bin,/usr/bin,/usr/sbin],
alias   = untar_${package},
cwd = $tmpdir,
require = Exec[wget_${package}],
  }

  exec { $tmpdir/$dir/$installer $options:
unless  = /usr/bin/test -f ${dotdir}/.${package},
cwd = $tmpdir/$dir,
alias   = install_${package},
timeout = $timeout,
require = Exec[untar_${package}],
  }

  exec { touch ${dotdir}/.${package}:
path= [/bin,/usr/bin],
unless  = /usr/bin/test -f ${dotdir}/.${package},
alias   = ${package}_dotfile,
require = Exec[install_${package}],
  }

  exec { rm -rf $tmpdir/$dir:
path= [/bin,/usr/bin],
onlyif  = /usr/bin/test -d $tmpdir/$dir,
cwd = $tmpdir,
alias   = rm_${dir},
require = Exec[install_${package}],
  }

  exec { rm -f $tmpdir/$package:
path= [/bin,/usr/bin],
onlyif = /usr/bin/test -f $tmpdir/$package,
cwd= $tmpdir,
alias  = rm_${package},
require = Exec[install_${package}],
  }
}

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Upgrading from PuppetMaster 2.7 to 3.0 breaks the Console dashboard and foreman