Re: [Puppet Users] Re: Puppet version 2.7 or 3?

[Ohad Levy]

On Thu, Nov 15, 2012 at 4:56 PM, llowder  wrote:

>
>
> On Thursday, November 15, 2012 8:47:29 AM UTC-6, vioilly wrote:
>>
>> Hi,
>>
>> I am just rolling out a new puppet deployment. Which version should i go
>> for, 2.7 or 3.1? I am looking to use the open source version.
>>
>>
> If you plan on using an ENC, specifically TheForeman, or a lot of modules
> from the Puppet Forge, you might want to start with 2.7
>
> That being said, Foreman is very close to having Puppet 3 support working,
> and more and more modules on the Forge are being made 3.0 compatible every
> day.
>

For the record, Puppet 3 support was added to foreman a couple of days ago.

Ohad

>
> Puppet 2.7 is currently on 2.7.19 with 2.7.20 in RCs, and Puppet 3 is at
> 3.0.1, so it is still a little rough around the edges, but the fact that
> hiera is integrated and it has the databindings is one very nice feature of
> 3.0.x. It's also considerably faster.
>
> There are advantages and disadvantages to both, and I am sure others will
> weigh in as well, but hope this helps.
>
>
>> Many thanks,
>> Oli
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/UuxZtnjHn30J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: new puppet client not updating

[JGonza1]

I do see the that the client server pdlnx-pntp02.kareoprod.ent does have a 
certificate on the master under the directory /etc/puppet/ssl/ca/signed. 
Also the the puppet master I do not have auto-signing turned on. I have to 
run the puppet cert --sign  command to create the certificate.
ll pdlnx-pntp02.kareoprod.ent.pem
-rw-r-. 1 puppet puppet 1939 Nov 11 23:52 pdlnx-pntp02.kareoprod.ent.pem
#
On Tuesday, November 13, 2012 12:46:09 PM UTC-8, JGonza1 wrote:

> Added new clients that are behind a firewall and none of them are updating 
> with the configurations from the puppet master. I get the message below 
> from the client when I run command puppet agent --server 
> ct-eng-pup.caretools.ent --test. What ports need to be opened for client to 
> talk to puppet master. The puppet client had no problem get aa certificate 
> from the puppet client but it will not update.
>  
> info: Caching catalog for pdlnx-pntp02.kareoprod.ent
> info: Applying configuration version '1351815499'
> notice: Finished catalog run in 0.10 seconds
> #
>  
> On the puppet master on the 
> /var/lib/puppet/reports/pdlnx-pntp02.kareoprod.ent the transaction report I 
> am getting a lot of failed, see log below.
> --- !ruby/object:Puppet::Transaction::Report
>   configuration_version: 1351815499
>   environment: production
>   host: pdlnx-pntp02.kareoprod.ent
>   kind: apply
>   logs:
> - !ruby/object:Puppet::Util::Log
>   level: !ruby/sym info
>   message: Caching catalog for pdlnx-pntp02.kareoprod.ent
>   source: Puppet
>   tags:
> - info
>   time: 2012-11-13 12:23:01.849547 -08:00
> - !ruby/object:Puppet::Util::Log
>   level: !ruby/sym info
>   message: Applying configuration version '1351815499'
>   source: Puppet
>   tags:
> - info
>   time: 2012-11-13 12:23:01.886192 -08:00
> - !ruby/object:Puppet::Util::Log
>   level: !ruby/sym notice
>   message: Finished catalog run in 0.10 seconds
>   source: Puppet
>   tags:
> - notice
>   time: 2012-11-13 12:23:01.987541 -08:00
>   metrics:
> events: !ruby/object:Puppet::Util::Metric
>   label: Events
>   name: events
>   values:
> - - success
>   - Success
>   - 0
> - - total
>   - Total
>   - 0
> - - failure
>   - Failure
>   - 0
> time: !ruby/object:Puppet::Util::Metric
>   label: Time
>   name: time
>   values:
> - - total
>   - Total
>   - 0.221700026885986
> - - config_retrieval
>   - Config retrieval
>   - 0.221333026885986
> - - filebucket
>   - Filebucket
>   - 0.000367
> resources: !ruby/object:Puppet::Util::Metric
>   label: Resources
>   name: resources
>   values:
> - - changed
>   - Changed
>   - 0
> - - failed_to_restart
>   - Failed to restart
>   - 0
> - - restarted
>   - Restarted
>   - 0
> - - total
>   - Total
>   - 7
> - - out_of_sync
>   - Out of sync
>   - 0
> - - failed
>   - Failed
>   - 0
> - - skipped
>   - Skipped
>   - 6
> - - scheduled
>   - Scheduled
>   - 0
> changes: !ruby/object:Puppet::Util::Metric
>   label: Changes
>   name: changes
>   values:
> - - total
>   - Total
>   - 0
>   puppet_version: 2.7.19
>   report_format: 2
>   resource_statuses:
> "Filebucket[puppet]": !ruby/object:Puppet::Resource::Status
>   change_count: 0
>   changed: false
>   evaluation_time: 0.000367
>   events: []
>   failed: false
>   file:
>   line:
>   out_of_sync: false
>   out_of_sync_count: 0
>   resource: "Filebucket[puppet]"
>   resource_type: Filebucket
>   skipped: false
>   tags:
> - filebucket
> - puppet
>   time: 2012-11-13 12:23:01.972617 -08:00
>   title: puppet
> "Schedule[weekly]": !ruby/object:Puppet::Resource::Status
>   change_count: 0
>   changed: false
>   events: []
>   failed: false
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/12zU0YZjG8QJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Dynamic Collection?

[Rajul Vora]

I want to do something like this:

class foo ( $collection ) {

User <|  $collection |>

}

where $collection would be a string like "group == admin or group == 
powerusers"

Doesn't work. Is there an alternative way to do this?

Syntax error at '|>'; expected '}'

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/lx88_I9wS24J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Can I create virtual resources with create_resources function

[Rajul Vora]

Excellent, thanks.

Rajul

On Thursday, November 15, 2012 2:54:08 PM UTC-8, Nan Liu wrote:
>
> On Thu, Nov 15, 2012 at 2:04 PM, Rajul Vora 
> > wrote:
>
>>
>> I am trying to add ability to add virtual users to the git://
>> github.com/erwbgy/puppet-system.git module as I really want the ability 
>> to use virtual users and then combine that with "User <| group == 'x' and 
>> group == 'y' |>" way of realizing the users. This is much more flexible 
>> than what I can do with this module out of the box.
>>
>> Using the pattern in that module, I tried to do this:
>>
>> class system::virt_users (
>>   $config = undef
>> ) {
>>   if $config {
>> $defaults = {
>>   ensure => 'present',
>>   managehome => true,
>>   shell  => '/bin/bash'
>> }
>> create_resources(@user, $config, $defaults)
>>   }
>> }
>>
>>
>> But that gives me syntax error:
>> Error: Could not retrieve catalog from remote server: Error 400 on 
>> SERVER: Syntax error at '@'; expected ')' at 
>> /etc/puppet/modules/system/manifests/virt_users.pp:10 on node ..
>>
>> So I tried putting @user in quotes but that also generated syntax error 
>> (could not create resource of unknown type @user).
>>
>> So is there a create_virtual_resource function or some other trick to do 
>> this?
>>
>>
> See: http://projects.puppetlabs.com/issues/15081
>
> Nan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/JGnnLE_AZfgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Can I create virtual resources with create_resources function

[Nan Liu]

On Thu, Nov 15, 2012 at 2:04 PM, Rajul Vora  wrote:

>
> I am trying to add ability to add virtual users to the git://
> github.com/erwbgy/puppet-system.git module as I really want the ability
> to use virtual users and then combine that with "User <| group == 'x' and
> group == 'y' |>" way of realizing the users. This is much more flexible
> than what I can do with this module out of the box.
>
> Using the pattern in that module, I tried to do this:
>
> class system::virt_users (
>   $config = undef
> ) {
>   if $config {
> $defaults = {
>   ensure => 'present',
>   managehome => true,
>   shell  => '/bin/bash'
> }
> create_resources(@user, $config, $defaults)
>   }
> }
>
>
> But that gives me syntax error:
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Syntax error at '@'; expected ')' at
> /etc/puppet/modules/system/manifests/virt_users.pp:10 on node ..
>
> So I tried putting @user in quotes but that also generated syntax error
> (could not create resource of unknown type @user).
>
> So is there a create_virtual_resource function or some other trick to do
> this?
>
>
See: http://projects.puppetlabs.com/issues/15081

Nan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Can I create virtual resources with create_resources function

[Rajul Vora]

I am trying to add ability to add virtual users to 
the git://github.com/erwbgy/puppet-system.git module as I really want the 
ability to use virtual users and then combine that with "User <| group == 
'x' and group == 'y' |>" way of realizing the users. This is much more 
flexible than what I can do with this module out of the box.

Using the pattern in that module, I tried to do this:

class system::virt_users (
  $config = undef
) {
  if $config {
$defaults = {
  ensure => 'present',
  managehome => true,
  shell  => '/bin/bash'
}
create_resources(@user, $config, $defaults)
  }
}


But that gives me syntax error:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Syntax error at '@'; expected ')' at 
/etc/puppet/modules/system/manifests/virt_users.pp:10 on node ..

So I tried putting @user in quotes but that also generated syntax error 
(could not create resource of unknown type @user).

So is there a create_virtual_resource function or some other trick to do 
this?

Thanks,

Rajul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/-ILmxaJxEBcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet cert --list fails with weird error after upgrading to 3.0.1

[Dan McManus]

Yep, that did it. Sorry, must have missed that.

On Thursday, November 15, 2012 2:37:27 PM UTC-7, Matthaus Litteken wrote:
>
> Ruby 1.8.5 is no longer supported in Puppet 3.x[1]. We have supplied 
> ruby 1.8.7 packages for el5 that will replace the system ruby in our 
> dependencies repo (http://yum.puppetlabs.com/el/5/dependencies/)[2]. 
> That would be where I would start looking. 
>
> [1] - http://docs.puppetlabs.com/guides/platforms.html#ruby-versions 
> [2] - 
> http://docs.puppetlabs.com/puppet/3/reference/release_notes.html#backwards-incompatible-changes-in-30
>  
>
> On Thu, Nov 15, 2012 at 1:24 PM, Dan McManus 
> > 
> wrote: 
> > Hello all, 
> > 
> > I just updated my puppet master from 2.7 to 3.0.1, and everything else 
> seems 
> > to be working fine, but look at this: 
> > 
> > [root@puppmstr2 ~]# puppet cert --list 
> > Error: undefined method `new' for OpenSSL::Digest:Module 
> > 
> > 
> > ...and that's it. 
> > I can clean and sign just fine. I just can't list. Googling showed me 
> > nothing. 
> > 
> > I never had issues like this with 2.7. 
> > 
> > I am running RHEL 5.8, with the included ruby of 1.8.5 (2006-08-25) 
> > [x86_64-linux] 
> > 
> > Any ideas? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msg/puppet-users/-/SnD7edOHo2oJ. 
> > To post to this group, send email to 
> > puppet...@googlegroups.com. 
>
> > To unsubscribe from this group, send email to 
> > puppet-users...@googlegroups.com . 
> > For more options, visit this group at 
> > http://groups.google.com/group/puppet-users?hl=en. 
>
>
>
> -- 
> Matthaus Owens 
> Release Manager, Puppet Labs 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7D5zV-0-jlkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet cert --list fails with weird error after upgrading to 3.0.1

[Matthaus Owens]

Ruby 1.8.5 is no longer supported in Puppet 3.x[1]. We have supplied
ruby 1.8.7 packages for el5 that will replace the system ruby in our
dependencies repo (http://yum.puppetlabs.com/el/5/dependencies/)[2].
That would be where I would start looking.

[1] - http://docs.puppetlabs.com/guides/platforms.html#ruby-versions
[2] - 
http://docs.puppetlabs.com/puppet/3/reference/release_notes.html#backwards-incompatible-changes-in-30

On Thu, Nov 15, 2012 at 1:24 PM, Dan McManus  wrote:
> Hello all,
>
> I just updated my puppet master from 2.7 to 3.0.1, and everything else seems
> to be working fine, but look at this:
>
> [root@puppmstr2 ~]# puppet cert --list
> Error: undefined method `new' for OpenSSL::Digest:Module
>
>
> ...and that's it.
> I can clean and sign just fine. I just can't list. Googling showed me
> nothing.
>
> I never had issues like this with 2.7.
>
> I am running RHEL 5.8, with the included ruby of 1.8.5 (2006-08-25)
> [x86_64-linux]
>
> Any ideas?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/SnD7edOHo2oJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Matthaus Owens
Release Manager, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet cert --list fails with weird error after upgrading to 3.0.1

[Dan McManus]

Hello all,

I just updated my puppet master from 2.7 to 3.0.1, and everything else 
seems to be working fine, but look at this:

[root@puppmstr2 ~]# puppet cert --list
Error: undefined method `new' for OpenSSL::Digest:Module


...and that's it.
I can clean and sign just fine. I just can't list. Googling showed me 
nothing.

I never had issues like this with 2.7.

I am running RHEL 5.8, with the included ruby of 1.8.5 (2006-08-25) 
[x86_64-linux]

Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/SnD7edOHo2oJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Initial run problems

[Bret Wortman]

Nope. Same outcome. Numerous "No child processes" errors.

On Thursday, November 15, 2012 3:22:09 PM UTC-5, Bret Wortman wrote:
>
> I do now (I was using ksmeta to set puppet_auto_setup but this is so much 
> easier & cleaner!); I'll reattempt a build and see what happens.
>
>  
>
**
> *
>
> Bret Wortman***
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
>
>
>
> On Thu, Nov 15, 2012 at 3:14 PM, Gmoney  wrote:
>
>> On the cobbler side do you have the folliwng in your /etc/cobbler/
>> settings file?
>>
>> # if enabled, this setting ensures that puppet is installed during
>> # machine provision, a client certificate is generated and a
>> # certificate signing request is made with the puppet master server
>> puppet_auto_setup: 1
>>
>> # when puppet starts on a system after installation it needs to have
>> # its certificate signed by the puppet master server. Enabling the
>> # following feature will ensure that the puppet server signs the
>> # certificate after installation if the puppet master server is
>> # running on the same machine as cobbler. This requires
>> # puppet_auto_setup above to be enabled
>> sign_puppet_certs_automatically: 1
>>
>> On Nov 15, 1:38 pm, Bret Wortman  wrote:
>> > On Thursday, November 15, 2012 7:56:43 AM UTC-5, Bret Wortman wrote:
>> >
>> > > F17, Puppet 3.0.1 installed from RPM from a copy of the puppetlabs 
>> repos.
>> > >  SELinux disabled, iptables disabled.
>> >
>> > > I just added this line to /etc/security/limits.conf:
>> >
>> > > puppet   hard   nproc   -1
>> >
>> > > And it seems to have solved the above issue.
>> >
>> > > On Thursday, November 15, 2012 7:47:53 AM UTC-5, Edson Manners wrote:
>> >
>> > >> Bret,
>> > >>   I'm doing the same thing without any issues. Give us csome 
>> basic
>> > >> info. What OS, puppet version, RPMs or tarballs,
>> > >> which yum repo, SELNIUX enforcing status and so forth.
>> >
>> > *Sigh*. Something will work for a short while, then I'm back staring at
>> > errors again.
>> >
>> > # puppet agent -t
>> > Info: Retrieving plugin
>> > Timed out seeking value for ipaddress
>> > Timed out seeking value for ipaddress
>> > Error: Could not autoload puppet/provider/package/rpm: No child 
>> processes
>> > Error: Could not autoload puppet/provider/package/zypper: Could not
>> > autolaod puppet/provider/package/rpm: No child processes
>> > Error: Could not autoload puppet/type/package: Error: Could not autoload
>> > puppet/provider/package/zypper: Could not autolaod
>> > puppet/provider/package/rpm: No child processes
>> > Warning: Not using cache on failed catalog
>> > Error: Could not retrieve catalog: skipping run
>> > # cat /etc/security/limits.conf
>> > puppet hardnproc-1
>> > #
>> >
>> > Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos.
>> >  SELinux disabled, iptables disabled.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to 
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/89UY9aMRxAAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet run failing

[Jeff McCune]

What version of Puppet?  The puppetca command is pretty old.

-Jeff

On Thu, Nov 15, 2012 at 3:17 AM, Pradeep Chhetri
 wrote:
> I removed from client only before. Still getting the same error.
>
>
> On Thu, Nov 15, 2012 at 1:19 PM, Nikola Petrov  wrote:
>>
>> On Wed, Nov 14, 2012 at 11:28:54PM -0800, Pradeep Chhetri wrote:
>> > Hello Everyone
>> >
>> > I was getting the error which running
>> >
>> > $ sudo puppet agent -t
>> >
>> > err: Could not request certificate: Retrieved certificate does not match
>> > private key; please remove certificate from server and regenerate it
>> > with
>> > the current key
>> >
>> > To solve this, I first removed the certs from the puppet server for this
>> > host using
>> >
>> > $  sudo puppetca --clean 
>> >
>> > And then removed the content inside directory /var/lib/puppet/ssl on the
>> > client.
>> >
>> > Still it is giving me the same error. Can somebody help me solving this.
>>
>> Can you please try to cleanup the ssl certificate on the client too. You
>> can just move the ssl directory(in case you want to revert it). It is in
>> the same location /var/lib/puppet/ssl
>>
>> --
>> Nikola
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> --
> Pradeep Chhetri
>
> In the world of Linux, who needs Windows and Gates...
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file_line stdlib not processing

[Jeff McCune]

Hi,

There's also the inifile module Chris Price wrote which may be helpful
for a broader range of problems than file_line or sysctl are able to
address:

http://puppetlabs.com/blog/module-of-the-week-cprice404-inifile/

Jerry,

This seems like a bug in the stdlib file_line type.  Could you please
file the issue at:
http://projects.puppetlabs.com/projects/stdlib/issues/new and add me
as a watcher.  I'd like to take a look at this.  If you search for
"file_line" before filing the issue, there might already be an issue
that describes what you're running into.

Hope this helps,
-Jeff

On Thu, Nov 15, 2012 at 6:37 AM, Peter Brown  wrote:
> I find it so useful i keep recomending it :)
> Thanks for writing it!
>
> On Nov 15, 2012 9:21 PM, "Fiddyspence"  wrote:
>>
>> Hey Pete - glad you find it useful!
>>
>> On Wednesday, 14 November 2012 23:02:36 UTC, Pete wrote:
>>>
>>> I discovered an awesome module for managing sysctl on the forge. It not
>>> only manages the sysctl file but setting them as well.
>>>
>>> Have a look here. -> https://forge.puppetlabs.com/fiddyspence/sysctl
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/puppet-users/-/7mU50fCUEMQJ.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Getting Started with Hiera

[Worker Bee]

Hi Everyone;

Can anyone direct me towards documentation on getting started with Hiera?
SPecifically, I ma looking for an easy way to verify post-install
functionality.

I did visit the following page which is is blank...
http://docs.puppetlabs.com/hiera/1/puppet.html

Any help would be greatly appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: ssh key collection in puppetdb slow queries/blocking nodes

[Deepak Giridharagopal]

We (grim_radical, nlew, and cprice) have continued working with Matt
(sjoeboo) on the #puppet IRC channel over the last few days. Apologies for
not updating this thread accordingly!

On Thu, Nov 15, 2012 at 7:53 AM, jcbollinger wrote:

>
>
> On Wednesday, November 14, 2012 11:37:23 AM UTC-6, Matt wrote:
>>
>> I was working on this a bit w/ grim_radical/nlewis on Friday afternoon,
>> and wanted to loop back, figured at least starting the conversion here
>> again was a good idea.
>>
>> We have starting having problems with one query slowing our puppetdb way,
>> way down, and seemingly blocking other queries/node runs.
>>
>> We are an HPC shop, and have about 2K nodes. of that, about 1500 do the
>> following:
>>
>> @@sshkey { "${hostname}":
>>   host_aliases=> ["$fqdn", "$ipaddress" ],
>>   type=> "rsa",
>>   key => $sshrsakey,
>>   ensure   => present,
>> }
>>
>> Sshkey <<| type == "rsa" |>> {ensure => present}
>>
>> Thats it. nothing really crazy/special in there.
>>
>> This ends up as:
>>
>> LOG:  duration: 5690.773 ms  execute : select results.* from
>> (SELECT certname_catalogs.certname, catalog_resources.resource,
>> catalog_resources.type, catalog_resources.title,**catalog_resources.tags,
>> catalog_resources.exported, catalog_resources.sourcefile,
>> catalog_resources.sourceline, rp.name, rp.value FROM catalog_resources
>> JOIN certname_catalogs USING(catalog) LEFT OUTER JOIN resource_params rp
>> USING(resource) INNER JOIN certnames ON certname_catalogs.certname =
>> certnames.name WHERE (catalog_resources.type = $1) AND
>> (catalog_resources.exported = $2) AND (certnames.deactivated IS NULL) AND
>> (NOT ((certname_catalogs.certname = $3))) AND (catalog_resources.resource
>> IN (SELECT rp.resource FROM resource_params rp WHERE rp.name = $4 AND
>> rp.value = $5))) results LIMIT 50001
>> DETAIL:  parameters: $1 = 'Sshkey', $2 = 't', $3 = 'hero4209', $4 =
>> 'type', $5 = '"rsa"'
>>
>> Would adding an index on this be an option (i'm not a huge postgres guru,
>> maybe I'm using the wrong terms).
>>
>> As soon as we commented out the collection, like:
>>
>> #Sshkey <<| type == "rsa" |>> {ensure => present}
>>
>> Things all go back to normal, and nodes run nice and quickly. With that
>> in there, nodes would hang running and start timing out. Our 2K nodes are
>> on a 2 hour run interval.
>>
>> Any help/thoughts? I'm in irc as sjoeboo as well.
>>
>>
>
>
> First, make sure you are using thin_storeconfigs.  After making the switch
> (if it is a switch), it may take some time for the all nodes' changes to
> propagate to the DB, but the difference should be a lot fewer rows in your
> DB.  That could speed you up far more than any indexing.
>

Just an FYI...thin_storeconfigs doesn't have an effect when using PuppetDB,
as we always store the entire catalog every time. I'm confident we can come
up with a perf fix without resorting to storing significantly less
information, but that largely depends on how clever we are. :)


>
> Also, I presume that you are already using the PostgreSQL back-end instead
> of the built-in one, but if not then you should switch now.  The built-in
> back end is simply not up to the task of handing so many nodes efficiently.
>
> The query itself looks like it could use some optimization, but that's out
> of your hands unless you want to hack on Puppet itself.
>
> I don't know which columns may be indexed already, and I didn't find any
> documentation of the schema at PL or in puppetlabs' GitHub (what's up with
> that, PL?).  It might indeed be the case that adding indexes on one or more
> key columns would help you out, but you really ought to tackle this in a
> systematic manner.
>

There are two pieces to this: there is the puppetdb query that's formulated
on the puppet side, inside the puppetdb "resource" terminus. Then there's
the translation of that query to low-level SQL, which happens inside of the
PuppetDB daemon.

The schema is defined here:
https://github.com/puppetlabs/puppetdb/blob/master/src/com/puppetlabs/puppetdb/scf/migrate.clj

It is currently represented as a "base" schema, with migrations on top that
modify it. We should probably have a complementary version of this code
that has the entire schema in totality in one shot, instead of building it
up incrementally. Or at a minimum, a dev document that outlines the schema.
I'd very much welcome some community help on that!


>
> Specifically, use a query analyzer (I presume Postgres has one) to
> identify the expensive parts of that query, and consider adding indices
> that will improve those parts (e.g. indices on columns of long tables that
> serve as join columns or WHERE criteria).  Lather, rinse, repeat until it's
> good enough or you can't do any better.
>
> Be aware also that time saved in the query will be partially offset by
> time consumed in maintaining each additional index you create.  If you
> choose strategically then you could conceivably see a dramatic overall
> 

Re: [Puppet Users] Re: Initial run problems

[Bret Wortman]

I do now (I was using ksmeta to set puppet_auto_setup but this is so much
easier & cleaner!); I'll reattempt a build and see what happens.

*
*
*

Bret Wortman***
http://bretwortman.com/
http://twitter.com/BretWortman




On Thu, Nov 15, 2012 at 3:14 PM, Gmoney  wrote:

> On the cobbler side do you have the folliwng in your /etc/cobbler/
> settings file?
>
> # if enabled, this setting ensures that puppet is installed during
> # machine provision, a client certificate is generated and a
> # certificate signing request is made with the puppet master server
> puppet_auto_setup: 1
>
> # when puppet starts on a system after installation it needs to have
> # its certificate signed by the puppet master server. Enabling the
> # following feature will ensure that the puppet server signs the
> # certificate after installation if the puppet master server is
> # running on the same machine as cobbler. This requires
> # puppet_auto_setup above to be enabled
> sign_puppet_certs_automatically: 1
>
> On Nov 15, 1:38 pm, Bret Wortman  wrote:
> > On Thursday, November 15, 2012 7:56:43 AM UTC-5, Bret Wortman wrote:
> >
> > > F17, Puppet 3.0.1 installed from RPM from a copy of the puppetlabs
> repos.
> > >  SELinux disabled, iptables disabled.
> >
> > > I just added this line to /etc/security/limits.conf:
> >
> > > puppet   hard   nproc   -1
> >
> > > And it seems to have solved the above issue.
> >
> > > On Thursday, November 15, 2012 7:47:53 AM UTC-5, Edson Manners wrote:
> >
> > >> Bret,
> > >>   I'm doing the same thing without any issues. Give us csome basic
> > >> info. What OS, puppet version, RPMs or tarballs,
> > >> which yum repo, SELNIUX enforcing status and so forth.
> >
> > *Sigh*. Something will work for a short while, then I'm back staring at
> > errors again.
> >
> > # puppet agent -t
> > Info: Retrieving plugin
> > Timed out seeking value for ipaddress
> > Timed out seeking value for ipaddress
> > Error: Could not autoload puppet/provider/package/rpm: No child processes
> > Error: Could not autoload puppet/provider/package/zypper: Could not
> > autolaod puppet/provider/package/rpm: No child processes
> > Error: Could not autoload puppet/type/package: Error: Could not autoload
> > puppet/provider/package/zypper: Could not autolaod
> > puppet/provider/package/rpm: No child processes
> > Warning: Not using cache on failed catalog
> > Error: Could not retrieve catalog: skipping run
> > # cat /etc/security/limits.conf
> > puppet hardnproc-1
> > #
> >
> > Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos.
> >  SELinux disabled, iptables disabled.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Initial run problems

[Gmoney]

On the cobbler side do you have the folliwng in your /etc/cobbler/
settings file?

# if enabled, this setting ensures that puppet is installed during
# machine provision, a client certificate is generated and a
# certificate signing request is made with the puppet master server
puppet_auto_setup: 1

# when puppet starts on a system after installation it needs to have
# its certificate signed by the puppet master server. Enabling the
# following feature will ensure that the puppet server signs the
# certificate after installation if the puppet master server is
# running on the same machine as cobbler. This requires
# puppet_auto_setup above to be enabled
sign_puppet_certs_automatically: 1

On Nov 15, 1:38 pm, Bret Wortman  wrote:
> On Thursday, November 15, 2012 7:56:43 AM UTC-5, Bret Wortman wrote:
>
> > F17, Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos.
> >  SELinux disabled, iptables disabled.
>
> > I just added this line to /etc/security/limits.conf:
>
> > puppet   hard   nproc   -1
>
> > And it seems to have solved the above issue.
>
> > On Thursday, November 15, 2012 7:47:53 AM UTC-5, Edson Manners wrote:
>
> >> Bret,
> >>       I'm doing the same thing without any issues. Give us csome basic
> >> info. What OS, puppet version, RPMs or tarballs,
> >> which yum repo, SELNIUX enforcing status and so forth.
>
> *Sigh*. Something will work for a short while, then I'm back staring at
> errors again.
>
> # puppet agent -t
> Info: Retrieving plugin
> Timed out seeking value for ipaddress
> Timed out seeking value for ipaddress
> Error: Could not autoload puppet/provider/package/rpm: No child processes
> Error: Could not autoload puppet/provider/package/zypper: Could not
> autolaod puppet/provider/package/rpm: No child processes
> Error: Could not autoload puppet/type/package: Error: Could not autoload
> puppet/provider/package/zypper: Could not autolaod
> puppet/provider/package/rpm: No child processes
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog: skipping run
> # cat /etc/security/limits.conf
> puppet     hard    nproc    -1
> #
>
> Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos.
>  SELinux disabled, iptables disabled.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: new puppet client not updating

[JGonza1]

On Thursday, November 15, 2012 7:36:46 AM UTC-8, jcbollinger wrote:
>
> There is no other puppet Master in my company and I have defined the 
> puppet master in the clients /etc/hosts files,see below.
> #more /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 
> localhost4.localdomain4
> ::1 localhost localhost.localdomain localhost6 
> localhost6.localdomain6
> # Puppet server
> 10.23.40.78 ct-eng-pup.caretools.ent
> #

 

>
> On Wednesday, November 14, 2012 9:38:05 PM UTC-6, JGonza1 wrote:
>>
>> The new server do belong to a different dns domain than the the orginal 
>> servers. The orginal servers belong to .caretools.ent and the new ones 
>> belong to .kareoprod.ent. I do have manifests for the 
>> pdlnx-pntp02.kareprod.ent, see below. What master log should I look at to 
>> see mismatches.
>>
>
>
> Where the log messages would appear is configurable, but you should look 
> first in the main system log, probably /var/log/messages.  It should show 
> messages similar to
>
>   Nov 11 04:37:02  puppetmasterd[]: Compiled catalog for 
>  in 0.10 seconds
>
> It will display more information if the master runs with the --debug 
> switch enabled, so you might want to turn that on while you troubleshoot.
>
>  
>
>> Sorry new to puppet.
>> node "pdlnx-pntp02.kareoprod.ent"
>>  inherits default {
>>  include hosts
>> [...]
>> }
>>
>>
> And does that node block appear in the same file as node blocks for 
> machines that get non-trivial catalogs from the master?
>
> Or along a different line, are you sure your clients are contacting the 
> right master?  If you have not put the correct master's name in the nodes' 
> config files, and/or if your DNS does not point the default 
> (domain-dependent) master name to the correct master, then you could be 
> communicating with some other master, such as one in test environment 
> somewhere.  That could happen accidentally if the master you are talking to 
> has certificate auto-signing turned on.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/zgtOGewZlRcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Initial run problems

[Bret Wortman]

On Thursday, November 15, 2012 7:56:43 AM UTC-5, Bret Wortman wrote:
>
> F17, Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos. 
>  SELinux disabled, iptables disabled.
>
> I just added this line to /etc/security/limits.conf:
>
> puppet   hard   nproc   -1
>
> And it seems to have solved the above issue.
>
> On Thursday, November 15, 2012 7:47:53 AM UTC-5, Edson Manners wrote:
>>
>> Bret,
>>   I'm doing the same thing without any issues. Give us csome basic 
>> info. What OS, puppet version, RPMs or tarballs,
>> which yum repo, SELNIUX enforcing status and so forth.
>>
>>
*Sigh*. Something will work for a short while, then I'm back staring at 
errors again.

# puppet agent -t
Info: Retrieving plugin
Timed out seeking value for ipaddress
Timed out seeking value for ipaddress
Error: Could not autoload puppet/provider/package/rpm: No child processes
Error: Could not autoload puppet/provider/package/zypper: Could not 
autolaod puppet/provider/package/rpm: No child processes
Error: Could not autoload puppet/type/package: Error: Could not autoload 
puppet/provider/package/zypper: Could not autolaod 
puppet/provider/package/rpm: No child processes
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog: skipping run
# cat /etc/security/limits.conf
puppet hardnproc-1
# 

Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos. 
 SELinux disabled, iptables disabled.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/WjYq7sgJkeYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] puppet verion 2.7 or 3?

[Jeff McCune]

On Thu, Nov 15, 2012 at 9:45 AM, vioilly  wrote:
> Hi,
>
> I am just rolling out a new puppet deployment. Which version should i go
> for, 2.7 or 3.1? I am looking to use the open source version.

Puppet 3.0 has a lot of performance improvements and some new
functionality compared to Puppet 2.7.  For a new deployment I
definitely recommend trying Puppet 3.0.  It's fairly easy to install
using the packages we publish at yum.puppetlabs.com and
apt.puppetlabs.com.  Information is available at:
http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html

The other thing to keep in mind is that Puppet uses semantic version
numbers.  There are some incompatibilities between Puppet 2.7 and 3.0.
 We will make every effort to preserve compatibility across the entire
3.x series, so starting with 3.0 should give you a really long
"compatibility horizon" so to speak.

Hope this helps,
-Jeff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Overwriting a file provisioned by another module

[jcbollinger]

On Thursday, November 15, 2012 9:20:25 AM UTC-6, Patxi Gortázar wrote:
>
> Thanks, John.
>
> I think I would go through the 4th option (subclassing) as you suggested. 
> However, I don't know which are the interface classes of a module.
>
>
The interface classes of a module are whatever its documentation says they 
are.  More often than not, the docs don’t explicitly designate interface 
classes, but they should identify the classes you are expected to use -- 
those are the interface classes.  Ideally for your case, the docs would 
specifically say that a particular one of the interface classes manages the 
file in question.

*Important*: do not attempt to subclass a parameterized class.  If the 
class that would need to be subclassed is parametrized, then option 4 is a 
non-starter.


John


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/1eNoMQi9Bd8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: new puppet client not updating

[jcbollinger]

On Wednesday, November 14, 2012 9:38:05 PM UTC-6, JGonza1 wrote:
>
> The new server do belong to a different dns domain than the the orginal 
> servers. The orginal servers belong to .caretools.ent and the new ones 
> belong to .kareoprod.ent. I do have manifests for the 
> pdlnx-pntp02.kareprod.ent, see below. What master log should I look at to 
> see mismatches.
>


Where the log messages would appear is configurable, but you should look 
first in the main system log, probably /var/log/messages.  It should show 
messages similar to

  Nov 11 04:37:02  puppetmasterd[]: Compiled catalog for 
 in 0.10 seconds

It will display more information if the master runs with the --debug switch 
enabled, so you might want to turn that on while you troubleshoot.

 

> Sorry new to puppet.
> node "pdlnx-pntp02.kareoprod.ent"
>  inherits default {
>  include hosts
> [...]
> }
>
>
And does that node block appear in the same file as node blocks for 
machines that get non-trivial catalogs from the master?

Or along a different line, are you sure your clients are contacting the 
right master?  If you have not put the correct master's name in the nodes' 
config files, and/or if your DNS does not point the default 
(domain-dependent) master name to the correct master, then you could be 
communicating with some other master, such as one in test environment 
somewhere.  That could happen accidentally if the master you are talking to 
has certificate auto-signing turned on.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/WgpgCEdrUrIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Error 400 on SERVER: custom functions must be called with a single array that contains the arguments

[Mohamed Hadrouj]

Hi,
I updated to the last version hosted on Github of "Puppi" module which
puppet-jboss relies on, then restarted the master and it worked fine.
Puppi version (v2.0.0) hosted on PuppetForge is not up to date.

2012/11/15 jcbollinger 

>
>
> On Thursday, November 15, 2012 5:10:51 AM UTC-6, Med75 wrote:
>>
>> Hi,
>>
>> I've installed a jboss module for Puppet cloned from this repo:
>> https://github.com/**example42/puppet-jboss
>> , but **when I run puppet agent -t --trace I'm getting this error "Error
>> 400 on SERVER: custom functions must be called with a single array that
>> contains the arguments"
>>
>> Here is the full trace 
>> http://pastebin.com/**YBJ289Tw
>>
>> Amazon Linux, Ruby 1.8.7, Puppet 3.0.1
>>
>>
>>
>
> The module is broken, at least for the latest Puppet, or possibly
> example42's Puppi module (on which the jboss module depends) is broken.  It
> appears to be tripping over a recent addition of enforcement of a
> longstanding rule for the interface to custom Puppet functions.  Function
> calls in Puppet manifests cannot themselves be erroneous in this way, but a
> function call appearing in a template or perhaps in another function's
> implementation could be.  You should raise the issue with the module author.
>
>
> John
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/dEfsh7iVLs8J.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Overwriting a file provisioned by another module

[Patxi Gortázar]

Thanks, John.

I think I would go through the 4th option (subclassing) as you suggested. 
However, I don't know which are the interface classes of a module.

Patxi.

El martes, 13 de noviembre de 2012 15:16:10 UTC+1, jcbollinger escribió:
>
>
>
> On Tuesday, November 13, 2012 3:18:36 AM UTC-6, Patxi Gortázar wrote:
>>
>> I'm a newbie and I might be missing something... but let me try to 
>> explain what I want to accomplish and how I would like to do it. 
>>
>> I'm installing ssh by using the 
>> saz::sshmodule. This module provision the 
>> sshd_config file with the ssh 
>> configuration. 
>>
>> I need to tune the sshd_config file, so I have a module, say 
>> patxi::scstack that includes ssh and tries to overwrite the sshd_config by 
>> defining this file again:
>>
>> class scstack_ssh {
>>   include ssh
>>
>>   file { "/etc/ssh/sshd_config":
>> content => template("scstack/sshd_config"),
>>   }
>> }
>>
>> This approach fails as expected:
>>
>> Duplicate declaration: File[/etc/ssh/sshd_config] is already declared in 
>> file /tmp/vagrant-puppet/modules-0/ssh/manifests/server/config.pp at line 
>> 11; cannot redeclare at 
>> /tmp/vagrant-puppet/modules-0/scstack/manifests/scstack_ssh.pp:67
>>
>> The alternative could be to fork the module saz::ssh and change the 
>> sshd_config file it provides to fit my needs. However, this seems odd to 
>> me. I want to use the ssh puppet module as is, without any modification, so 
>> as to be able to update this module if the original author makes changes to 
>> it. In my humble opinion having to modify modules to fit my needs limits 
>> reusing of puppet modules. 
>>
>> My question is: how can I achieve what I want? I see different options 
>> but I would like to know how to do it "the puppet way":
>>
>>1. Modify the original ssh module to include my sshd_config file
>>2. Modify the original ssh module to include a location parameter to 
>>use as source ("puppet:///$location") for sshd (I don't know it 
>> parameters 
>>can be used in place for puppet:// urls)
>>3. Provision the file in my module using another name and do an exec 
>>to rename it, overwriting the one generated by the ssh module
>>4. ...Any other option?
>>
>>
> Some modules accommodate local resource customization better than others, 
> but are you certain that the module you are using does not already allow 
> you to configure sshd as you would like?  If I were faced with that 
> situation, *my* first inclination would be to look for a better module.  
> Is the module you're using really so inflexible, or are you trying to do 
> something unusual?  What does the module's documentation have to say about 
> it?
>
> If you stick with the module you are using now, but it truly doesn't 
> support your use case, then you have a few reasonably good options.  Of 
> those you suggested, I rate (1) ok, and (2) borderline.  Option (3) is 100% 
> awful -- don't go there.  You could also consider
>
>   4. Create your own module containing a subclass of the appropriate class 
> of the ssh module; in the subclass override the properties of 
> File['/etc/ssh/sshd_config'] as you like.
>
> That has the advantage of leaving the original module unchanged, but it is 
> at least a bit messy.  It is a lot messy if the class declaring the target 
> File is not part of the module's external interface.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/B3FxSXfTM-wJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Error 400 on SERVER: custom functions must be called with a single array that contains the arguments

[jcbollinger]

On Thursday, November 15, 2012 5:10:51 AM UTC-6, Med75 wrote:
>
> Hi,
>
> I've installed a jboss module for Puppet cloned from this repo: 
> https://github.com/example42/puppet-jboss, but when I run puppet agent -t 
> --trace I'm getting this error "Error 400 on SERVER: custom functions must 
> be called with a single array that contains the arguments" 
>
> Here is the full trace http://pastebin.com/YBJ289Tw
>
> Amazon Linux, Ruby 1.8.7, Puppet 3.0.1
>
>
>

The module is broken, at least for the latest Puppet, or possibly 
example42's Puppi module (on which the jboss module depends) is broken.  It 
appears to be tripping over a recent addition of enforcement of a 
longstanding rule for the interface to custom Puppet functions.  Function 
calls in Puppet manifests cannot themselves be erroneous in this way, but a 
function call appearing in a template or perhaps in another function's 
implementation could be.  You should raise the issue with the module author.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/dEfsh7iVLs8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet version 2.7 or 3?

[llowder]

On Thursday, November 15, 2012 8:47:29 AM UTC-6, vioilly wrote:
>
> Hi,
>
> I am just rolling out a new puppet deployment. Which version should i go 
> for, 2.7 or 3.1? I am looking to use the open source version.
>
>
If you plan on using an ENC, specifically TheForeman, or a lot of modules 
from the Puppet Forge, you might want to start with 2.7

That being said, Foreman is very close to having Puppet 3 support working, 
and more and more modules on the Forge are being made 3.0 compatible every 
day.

Puppet 2.7 is currently on 2.7.19 with 2.7.20 in RCs, and Puppet 3 is at 
3.0.1, so it is still a little rough around the edges, but the fact that 
hiera is integrated and it has the databindings is one very nice feature of 
3.0.x. It's also considerably faster.

There are advantages and disadvantages to both, and I am sure others will 
weigh in as well, but hope this helps.
 

> Many thanks,
> Oli

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/UuxZtnjHn30J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: ssh key collection in puppetdb slow queries/blocking nodes

[jcbollinger]

On Wednesday, November 14, 2012 11:37:23 AM UTC-6, Matt wrote:
>
> I was working on this a bit w/ grim_radical/nlewis on Friday afternoon, 
> and wanted to loop back, figured at least starting the conversion here 
> again was a good idea.
>
> We have starting having problems with one query slowing our puppetdb way, 
> way down, and seemingly blocking other queries/node runs.
>
> We are an HPC shop, and have about 2K nodes. of that, about 1500 do the 
> following:
>
> @@sshkey { "${hostname}":
>   host_aliases=> ["$fqdn", "$ipaddress" ],
>   type=> "rsa",
>   key => $sshrsakey,
>   ensure   => present,
> }
>
> Sshkey <<| type == "rsa" |>> {ensure => present}
>
> Thats it. nothing really crazy/special in there. 
>
> This ends up as:
>
> LOG:  duration: 5690.773 ms  execute : select results.* from 
> (SELECT certname_catalogs.certname, catalog_resources.resource, 
> catalog_resources.type, catalog_resources.title,catalog_resources.tags, 
> catalog_resources.exported, catalog_resources.sourcefile, 
> catalog_resources.sourceline, rp.name, rp.value FROM catalog_resources 
> JOIN certname_catalogs USING(catalog) LEFT OUTER JOIN resource_params rp 
> USING(resource) INNER JOIN certnames ON certname_catalogs.certname = 
> certnames.name WHERE (catalog_resources.type = $1) AND 
> (catalog_resources.exported = $2) AND (certnames.deactivated IS NULL) AND 
> (NOT ((certname_catalogs.certname = $3))) AND (catalog_resources.resource 
> IN (SELECT rp.resource FROM resource_params rp WHERE rp.name = $4 AND 
> rp.value = $5))) results LIMIT 50001
> DETAIL:  parameters: $1 = 'Sshkey', $2 = 't', $3 = 'hero4209', $4 = 
> 'type', $5 = '"rsa"'
>
> Would adding an index on this be an option (i'm not a huge postgres guru, 
> maybe I'm using the wrong terms). 
>
> As soon as we commented out the collection, like:
>
> #Sshkey <<| type == "rsa" |>> {ensure => present}
>
> Things all go back to normal, and nodes run nice and quickly. With that in 
> there, nodes would hang running and start timing out. Our 2K nodes are on a 
> 2 hour run interval.
>
> Any help/thoughts? I'm in irc as sjoeboo as well.
>  
>


First, make sure you are using thin_storeconfigs.  After making the switch 
(if it is a switch), it may take some time for the all nodes' changes to 
propagate to the DB, but the difference should be a lot fewer rows in your 
DB.  That could speed you up far more than any indexing.

Also, I presume that you are already using the PostgreSQL back-end instead 
of the built-in one, but if not then you should switch now.  The built-in 
back end is simply not up to the task of handing so many nodes efficiently.

The query itself looks like it could use some optimization, but that's out 
of your hands unless you want to hack on Puppet itself.

I don't know which columns may be indexed already, and I didn't find any 
documentation of the schema at PL or in puppetlabs' GitHub (what's up with 
that, PL?).  It might indeed be the case that adding indexes on one or more 
key columns would help you out, but you really ought to tackle this in a 
systematic manner.

Specifically, use a query analyzer (I presume Postgres has one) to identify 
the expensive parts of that query, and consider adding indices that will 
improve those parts (e.g. indices on columns of long tables that serve as 
join columns or WHERE criteria).  Lather, rinse, repeat until it's good 
enough or you can't do any better.

Be aware also that time saved in the query will be partially offset by time 
consumed in maintaining each additional index you create.  If you choose 
strategically then you could conceivably see a dramatic overall gain, but 
don't go overboard.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/e_-i0KSXnIUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet version 2.7 or 3?

[vioilly]

Hi,

I am just rolling out a new puppet deployment. Which version should i go 
for, 2.7 or 3.1? I am looking to use the open source version.

Many thanks,
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/5FJ6YIrjhA4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet verion 2.7 or 3?

[vioilly]

Hi,

I am just rolling out a new puppet deployment. Which version should i go 
for, 2.7 or 3.1? I am looking to use the open source version.

Many thanks,
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/hC-IGZX9VV8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Initial run problems

[Bret Wortman]

F17, Puppet 3.0.1 installed from RPM from a copy of the puppetlabs repos. 
 SELinux disabled, iptables disabled.

I just added this line to /etc/security/limits.conf:

puppet   hard   nproc   -1

And it seems to have solved the above issue.

On Thursday, November 15, 2012 7:47:53 AM UTC-5, Edson Manners wrote:
>
> Bret,
>   I'm doing the same thing without any issues. Give us csome basic 
> info. What OS, puppet version, RPMs or tarballs,
> which yum repo, SELNIUX enforcing status and so forth.
>
> On Thu, Nov 15, 2012 at 7:13 AM, Bret Wortman 
> 
> > wrote:
>
>> It's continuing even after the ownership "fix", though it's intermittent. 
>> Some runs will consist of long runs of messages in the client like these:
>>
>> Error: Could not prefetch package provider 'yum': No child processes
>> Error: Could not set 'present' on ensure: No child processes at 
>> 105:/etc/puppet/moduels/workstation/manifests/init.pp
>> Error: /Stage[main]/Workstation/Secure[sendmail-off]:" Could not 
>> evaluate: No child processes
>>
>> over and over (with different classes/packages each time.
>>
>>
>> On Wednesday, November 14, 2012 9:10:21 AM UTC-5, jcbollinger wrote:
>>>
>>>
>>>
>>> On Tuesday, November 13, 2012 1:46:13 PM UTC-6, Bret Wortman wrote:



 On Tuesday, November 13, 2012 2:32:24 PM UTC-5, Bret Wortman wrote:
>
> I'm working on setting things up so that I can use Cobbler to 
> kickstart a basic system and then use Puppet to roll out the majority of 
> packages based on the role a particular system will be playing for us. 
> I've 
> got a kickstarter file running (a thinly modified version of the Cobbler 
> sample.ks) but after it runs and installs around 444 packages including 
> puppet, I get this after booting into the system the first time (and 
> after 
> doing the certificate exchange bit):
>
> # puppet agent -t
> Info: Retrieving plugin
> Timed out seeking value for ipaddress
> Timed out seeking value for ipaddress
> Error: Could not autoload puppet/provider/package/rpm: No child 
> processes
> Error: Could not autoload puppet/type/package: Could not autlooad 
> puppet/provider/package/rpm: No child processes
> Error: Could not retrieve catalog from remote server: Could not intern 
> from pson: Could not autoload puppet/type/package: Could not autload 
> puppet/provider/package/rpm: No child processes
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog: skipping run
> #
>
> I've seen notes about ip addresses before, but I can ping, scp, and 
> ssh out of the box without issue (and can reach the puppet server, since 
> we 
> performed the certificate request-sign-download thing).
>
> Any ideas?
>
> D'Oh. Solved this one myself via 

 #chown<#CAJZa+++hZGRNT=DSikWxNF0m2RcBZ_FmsGG1W8OwJ7mZmOQ9-g@mail.gmail.com_13b03fd1ef5eda4b_c319397b-d8eb-46de-b5e7-7ed754ac7872@googlegroups.com_38664afa-359d-43cc-b948-5c828265aba9@googlegroups.com_>-R
  puppet:puppet /etc/puppet 

 Not sure why the RPM package missed that, but it did. I'm adding a 
 double-check to my kickstart for this.

>>>
>>>
>>> The "puppet" user should not need to own that directory, and it's 
>>> probably not a good idea for it to do.  It should, however, be able to *
>>> read* that directory.  If you have some policy in place that could have 
>>> prevented it from reading it or any of its content, then that might explain 
>>> the problem.
>>>
>>>
>>> John
>>>
>>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/lrwqsbuaECEJ.
>>
>> To post to this group, send email to puppet...@googlegroups.com
>> .
>> To unsubscribe from this group, send email to 
>> puppet-users...@googlegroups.com .
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/A6wwI55t_-kJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: Initial run problems

[Edson Manners]

Bret,
  I'm doing the same thing without any issues. Give us csome basic
info. What OS, puppet version, RPMs or tarballs,
which yum repo, SELNIUX enforcing status and so forth.

On Thu, Nov 15, 2012 at 7:13 AM, Bret Wortman  wrote:

> It's continuing even after the ownership "fix", though it's intermittent.
> Some runs will consist of long runs of messages in the client like these:
>
> Error: Could not prefetch package provider 'yum': No child processes
> Error: Could not set 'present' on ensure: No child processes at
> 105:/etc/puppet/moduels/workstation/manifests/init.pp
> Error: /Stage[main]/Workstation/Secure[sendmail-off]:" Could not evaluate:
> No child processes
>
> over and over (with different classes/packages each time.
>
>
> On Wednesday, November 14, 2012 9:10:21 AM UTC-5, jcbollinger wrote:
>>
>>
>>
>> On Tuesday, November 13, 2012 1:46:13 PM UTC-6, Bret Wortman wrote:
>>>
>>>
>>>
>>> On Tuesday, November 13, 2012 2:32:24 PM UTC-5, Bret Wortman wrote:

 I'm working on setting things up so that I can use Cobbler to kickstart
 a basic system and then use Puppet to roll out the majority of packages
 based on the role a particular system will be playing for us. I've got a
 kickstarter file running (a thinly modified version of the Cobbler
 sample.ks) but after it runs and installs around 444 packages including
 puppet, I get this after booting into the system the first time (and after
 doing the certificate exchange bit):

 # puppet agent -t
 Info: Retrieving plugin
 Timed out seeking value for ipaddress
 Timed out seeking value for ipaddress
 Error: Could not autoload puppet/provider/package/rpm: No child
 processes
 Error: Could not autoload puppet/type/package: Could not autlooad
 puppet/provider/package/rpm: No child processes
 Error: Could not retrieve catalog from remote server: Could not intern
 from pson: Could not autoload puppet/type/package: Could not autload
 puppet/provider/package/rpm: No child processes
 Warning: Not using cache on failed catalog
 Error: Could not retrieve catalog: skipping run
 #

 I've seen notes about ip addresses before, but I can ping, scp, and ssh
 out of the box without issue (and can reach the puppet server, since we
 performed the certificate request-sign-download thing).

 Any ideas?

 D'Oh. Solved this one myself via
>>>
>>> #chown<#13b03fd1ef5eda4b_c319397b-d8eb-46de-b5e7-7ed754ac7872@googlegroups.com_38664afa-359d-43cc-b948-5c828265aba9@googlegroups.com_>-R
>>>  puppet:puppet /etc/puppet
>>>
>>> Not sure why the RPM package missed that, but it did. I'm adding a
>>> double-check to my kickstart for this.
>>>
>>
>>
>> The "puppet" user should not need to own that directory, and it's
>> probably not a good idea for it to do.  It should, however, be able to *
>> read* that directory.  If you have some policy in place that could have
>> prevented it from reading it or any of its content, then that might explain
>> the problem.
>>
>>
>> John
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/lrwqsbuaECEJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Initial run problems

[Bret Wortman]

It's continuing even after the ownership "fix", though it's intermittent. 
Some runs will consist of long runs of messages in the client like these:

Error: Could not prefetch package provider 'yum': No child processes
Error: Could not set 'present' on ensure: No child processes at 
105:/etc/puppet/moduels/workstation/manifests/init.pp
Error: /Stage[main]/Workstation/Secure[sendmail-off]:" Could not evaluate: 
No child processes

over and over (with different classes/packages each time.

On Wednesday, November 14, 2012 9:10:21 AM UTC-5, jcbollinger wrote:
>
>
>
> On Tuesday, November 13, 2012 1:46:13 PM UTC-6, Bret Wortman wrote:
>>
>>
>>
>> On Tuesday, November 13, 2012 2:32:24 PM UTC-5, Bret Wortman wrote:
>>>
>>> I'm working on setting things up so that I can use Cobbler to kickstart 
>>> a basic system and then use Puppet to roll out the majority of packages 
>>> based on the role a particular system will be playing for us. I've got a 
>>> kickstarter file running (a thinly modified version of the Cobbler 
>>> sample.ks) but after it runs and installs around 444 packages including 
>>> puppet, I get this after booting into the system the first time (and after 
>>> doing the certificate exchange bit):
>>>
>>> # puppet agent -t
>>> Info: Retrieving plugin
>>> Timed out seeking value for ipaddress
>>> Timed out seeking value for ipaddress
>>> Error: Could not autoload puppet/provider/package/rpm: No child processes
>>> Error: Could not autoload puppet/type/package: Could not autlooad 
>>> puppet/provider/package/rpm: No child processes
>>> Error: Could not retrieve catalog from remote server: Could not intern 
>>> from pson: Could not autoload puppet/type/package: Could not autload 
>>> puppet/provider/package/rpm: No child processes
>>> Warning: Not using cache on failed catalog
>>> Error: Could not retrieve catalog: skipping run
>>> #
>>>
>>> I've seen notes about ip addresses before, but I can ping, scp, and ssh 
>>> out of the box without issue (and can reach the puppet server, since we 
>>> performed the certificate request-sign-download thing).
>>>
>>> Any ideas?
>>>
>>> D'Oh. Solved this one myself via 
>>
>> #chown<#c319397b-d8eb-46de-b5e7-7ed754ac7872@googlegroups.com_38664afa-359d-43cc-b948-5c828265aba9@googlegroups.com_>-R
>>  puppet:puppet /etc/puppet 
>>
>> Not sure why the RPM package missed that, but it did. I'm adding a 
>> double-check to my kickstart for this.
>>
>
>
> The "puppet" user should not need to own that directory, and it's probably 
> not a good idea for it to do.  It should, however, be able to *read* that 
> directory.  If you have some policy in place that could have prevented it 
> from reading it or any of its content, then that might explain the problem.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/lrwqsbuaECEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[David Schmitt]

 > Thanks David. The module is called "firewall" and the class
"firewall" appears in init.pp. The define "firewall" simply appears
within the class "firewall".
 >
 > # init.pp
 > class firewall {
 >   define firewall($source, $port, $proto) {



 > I'm a little bit confused on how classes, modules defines and
filenames fit together.

Yeah there is your problem.
Like david mentioned if the define is in a module you will need to call
it via firewall::firewall.


... and you do not need to wrap it in a class.

The basic rules are very simple:


  * X goes to init.pp in the X module
  * Everything within module X is called X::Y
  * Something called X::Y goes into Y.pp (X::Y::Z goes to Y/Z.pp)
  * Every file contains exactly one class or define

There are some exceptions and other ways to do it, but usually this 
suffices.


Best Regards, David

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[Peter Brown]

On Nov 15, 2012 9:20 PM, "Jonathan Gazeley" 
wrote:
>
> On 15/11/12 11:11, David Schmitt wrote:
>>
>> On 15.11.2012 10:44, Jonathan Gazeley wrote:
>>>
>>> On 14/11/12 20:44, Peter Brown wrote:


  From what the error is telling me it is trying to fine a define called
 firewallrule but your define is actually called firewall...
>>>
>>>
>>> Sorry, my mistake. The file that contains the define is called
>>> firewall.pp, the define is called firewall and the way I am calling is
>>> called firewall. The error message I pasted was from an experiment
>>> renaming everything to firewallrule because I wondered if firewall was a
>>> reserved word.
>>>
>>> The issue stands - with no mention of firewallrule I still get the same
>>> problem.
>>
>>
>> Please answer the other questions from Peter's mail:
>>
>>
>>> Where are you including the define from?
>>> Is it in it's own file in a module? or it it in site.pp or somesuch
>>> global file?
>>> If it's in it's own module the file will need to be called the same as
>>> the define.
>>>
>>
>>
>> Especially if it is in a module, it will have to be called
>> modulename::firewall.
>>
>>
>> Or, if the module is called firewall, you might be able to put the
>> firewall define into the init.pp and have it loaded from there. This
>> works fine with classes, I've not tried that with defines yet.
>
>
> Thanks David. The module is called "firewall" and the class "firewall"
appears in init.pp. The define "firewall" simply appears within the class
"firewall".
>
> # init.pp
> class firewall {
>   define firewall($source, $port, $proto) {
>
> case $operatingsystem {
>   /Centos|Fedora|Scientific|Debian/: {
> iptables { $title:
>   proto => $proto,
>   dport => $port,
>   source => $source,
>   jump => "ACCEPT",
>   }
> }
>   /Ubuntu/: {
> ufw::allow { $title:
>   port => $port,
>   from => $source,
>   proto => $proto,
> }
>   }
> }
>   }
> }
>
> I'm a little bit confused on how classes, modules defines and filenames
fit together.

Yeah there is your problem.
Like david mentioned if the define is in a module you will need to call it
via firewall::firewall.

>
> Thanks,
> Jonathan
>
>
> --
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file_line stdlib not processing

[Peter Brown]

I find it so useful i keep recomending it :)
Thanks for writing it!
 On Nov 15, 2012 9:21 PM, "Fiddyspence"  wrote:

> Hey Pete - glad you find it useful!
>
> On Wednesday, 14 November 2012 23:02:36 UTC, Pete wrote:
>>
>> I discovered an awesome module for managing sysctl on the forge. It not
>> only manages the sysctl file but setting them as well.
>>
>> Have a look here. -> 
>> https://forge.puppetlabs.**com/fiddyspence/sysctl
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/7mU50fCUEMQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] file_line stdlib not processing

[Fiddyspence]

Hey Pete - glad you find it useful!

On Wednesday, 14 November 2012 23:02:36 UTC, Pete wrote:
>
> I discovered an awesome module for managing sysctl on the forge. It not 
> only manages the sysctl file but setting them as well.
>
> Have a look here. -> https://forge.puppetlabs.com/fiddyspence/sysctl
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7mU50fCUEMQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[Jonathan Gazeley]

On 15/11/12 11:11, David Schmitt wrote:

On 15.11.2012 10:44, Jonathan Gazeley wrote:

On 14/11/12 20:44, Peter Brown wrote:


 From what the error is telling me it is trying to fine a define called
firewallrule but your define is actually called firewall...


Sorry, my mistake. The file that contains the define is called
firewall.pp, the define is called firewall and the way I am calling is
called firewall. The error message I pasted was from an experiment
renaming everything to firewallrule because I wondered if firewall was a
reserved word.

The issue stands - with no mention of firewallrule I still get the same
problem.


Please answer the other questions from Peter's mail:



Where are you including the define from?
Is it in it's own file in a module? or it it in site.pp or somesuch
global file?
If it's in it's own module the file will need to be called the same as
the define.




Especially if it is in a module, it will have to be called
modulename::firewall.


Or, if the module is called firewall, you might be able to put the
firewall define into the init.pp and have it loaded from there. This
works fine with classes, I've not tried that with defines yet.


Thanks David. The module is called "firewall" and the class "firewall" 
appears in init.pp. The define "firewall" simply appears within the 
class "firewall".


# init.pp
class firewall {
  define firewall($source, $port, $proto) {
case $operatingsystem {
  /Centos|Fedora|Scientific|Debian/: {
iptables { $title:
  proto => $proto,
  dport => $port,
  source => $source,
  jump => "ACCEPT",
  }
}
  /Ubuntu/: {
ufw::allow { $title:
  port => $port,
  from => $source,
  proto => $proto,
}
  }
}
  }
}

I'm a little bit confused on how classes, modules defines and filenames 
fit together.


Thanks,
Jonathan

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[David Schmitt]

On 15.11.2012 10:44, Jonathan Gazeley wrote:

On 14/11/12 20:44, Peter Brown wrote:


 From what the error is telling me it is trying to fine a define called
firewallrule but your define is actually called firewall...


Sorry, my mistake. The file that contains the define is called
firewall.pp, the define is called firewall and the way I am calling is
called firewall. The error message I pasted was from an experiment
renaming everything to firewallrule because I wondered if firewall was a
reserved word.

The issue stands - with no mention of firewallrule I still get the same
problem.


Please answer the other questions from Peter's mail:



Where are you including the define from?
Is it in it's own file in a module? or it it in site.pp or somesuch global file?
If it's in it's own module the file will need to be called the same as the 
define.




Especially if it is in a module, it will have to be called 
modulename::firewall.



Or, if the module is called firewall, you might be able to put the 
firewall define into the init.pp and have it loaded from there. This 
works fine with classes, I've not tried that with defines yet.




Best Regards, David

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Error 400 on SERVER: custom functions must be called with a single array that contains the arguments

[Med75]

Hi,

I've installed a jboss module for Puppet cloned from this repo: 
https://github.com/example42/puppet-jboss, but when I run puppet agent -t 
--trace I'm getting this error "Error 400 on SERVER: custom functions must 
be called with a single array that contains the arguments" 

Here is the full trace http://pastebin.com/YBJ289Tw

Amazon Linux, Ruby 1.8.7, Puppet 3.0.1

Any idea ?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/PWnsds853QYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Struggling with "define"

[Jonathan Gazeley]

On 14/11/12 20:44, Peter Brown wrote:


 From what the error is telling me it is trying to fine a define called
firewallrule but your define is actually called firewall...


Sorry, my mistake. The file that contains the define is called 
firewall.pp, the define is called firewall and the way I am calling is 
called firewall. The error message I pasted was from an experiment 
renaming everything to firewallrule because I wondered if firewall was a 
reserved word.


The issue stands - with no mention of firewallrule I still get the same 
problem.


Jonathan

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.