[Puppet Users] Re: how to refresh mount point through puppet?
Thanks for the info. I will have a try. :) 在 2012年11月27日星期二UTC+8上午12时02分49秒,jcbollinger写道: > > > > On Monday, November 26, 2012 2:33:54 AM UTC-6, 胡振翔 wrote: >> >> HI, >> >> I am new here.and I have a request to refresh the mount point through >> puppet for 1000+ servers. >> >> per the native mount type, it seems that it only use 'umount' command , >> but I want to use 'umount -l' on Linux and 'umount -f' on Solaris and AIx. >> >> >> zxhu@vlsh-puppet1:/var/log$ sudo puppet agent --server=vlsh-puppet1 >> --no-daemonize --verbose --onetime >> info: Caching catalog for vlsh-puppet1 >> info: Applying configuration version '1353918009' >> err: /Stage[main]/Sudo/Mount[/home/xinghui]/ensure: change from ghost to >> absent failed: Execution of '/bin/umount /home/xinghui' returned 1: umount: >> /home/xinghui: device is busy >> umount: /home/xinghui: device is busy >> >> any suggest is appreciated. >> Thanks. >> > > > You cannot change the options without modifying Puppet or writing a custom > 'provider' plugin for the Mount type. The PuppetLabs site has > documentation on writing custom types and providers (they are related, but > you need only a provider for an existing type, not a whole new type). > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/710Qj67LhusJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet on OpenSuSE & SLES
Darin has given the right answer, Just branch the package, and submit a request. Don't forget to add a comment in puppet.changes file before you submit it. -- Niels -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/435qIhJT6OcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 Puppet labs repo package problem on rhel5
On Mon, Nov 26, 2012 at 2:16 PM, Alaric wrote: > > On Nov 26, 2012, at 4:46 PM, Michael Stahnke wrote: > >> >> I tried to reproduce this and just couldn't. Does this happen on >> other systems? >> >> Is there any more information you could think of? >> > > > Sadly, it's happening on every RHEL5 system I have! All packages are either > RedHat or EPEL, or now PuppetLabs, I can't really think of anything that > would cause a conflict. It happens on both VM's and Physical hardware.I > did have a number of gems running to support hiera before I upgrade to Puppet > 3.0.1 but I got rid of them on the master when I upgraded. It's really > perplexing, especially since all the other packages from puppetlabs seem to > have been installed and are working... If you disable hiera (like have a really simple catalog or something) does it still happen? > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can I create virtual resources with create_resources function
On Wed, Nov 21, 2012 at 5:24 AM, Jakov Sosic wrote: > On 11/15/2012 11:04 PM, Rajul Vora wrote: >> >> I am trying to add ability to add virtual users to >> the git://github.com/erwbgy/puppet-system.git module as I really want > > I've run into same exact problem yesterday, and found patch that Nan Liu > mentions.. > > > What I am interested in is when can we expect Puppet 3.1.0? If someone > can answer me :) I don't have an exact date, but before the end of 2012 in all likelyhood. -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.x load balancer
On Thu, Nov 22, 2012 at 1:42 AM, shell heriyanto wrote: > Hi Jeff, thanks for reply, > I also read that book, its work for puppet 2.x, but now i try with puppet 3 > with puppetdb, > Ruby (Rack) application could not be started, > Error message: > undefined method `settings' for Puppet:Module > Exception class: > NoMethodError > Application root: > /etc/puppet/rack/puppetmaster > Backtrace: > # File Line Location > 0 /usr/lib/ruby/site_ruby/1.8/puppet/application.rb 273 in `run_mode' > 1 /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb 5 > 2 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb 36 in > `gem_original_require' > 3 /usr/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb 36 in `require' > 4 config.ru 7 > 5 /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in > `instance_eval' > 6 /usr/lib/ruby/gems/1.8/gems/rack-1.4.1/lib/rack/builder.rb 51 in > `initialize' > 7 config.ru 1 in `new' > 8 config.ru 1 When you updated to Puppet 3.0, did you also modify your config.ru file to include the new mandatory arguments of --confdir and --vardir? An example config.ru is located at: https://github.com/puppetlabs/puppet/blob/3.0.1/ext/rack/files/config.ru#L14-L18 Also, how did you upgrade to Puppet 3.0? Did you use OS native packages, rubygem packages, or install.rb from source? (Or some other installation method?) Cheers, -Jeff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
In regard to: Re: [Puppet Users] New to Puppet -- why the puppet user,...: Because standard systems administration practice is to rarely if ever run anything at all as root. When it doesn't require root, that's absolutely true. This relates to the principle of least privilege. However, the puppet agent that runs on each puppet client requires the ability to make modifications to nearly everything about the client system, all in an effort to enforce the state that the puppet server has indicated that the client should be in. I suppose you could do that using something like "sudo" or Solaris RBAC, but you would end up granting so much access to the puppet agent that you would essentially be running it as root anyway. There's very little point going through that exercise for an agent that requires unfettered access to the client system. To answer the original question: there's a puppet user and group for the very few things that do *not* require root: specifically, the puppet master and components like Dashboard. They are, essentially, web applications, and don't require any special privileges, so the PuppetLabs folks wisely made them run as a non-privileged user (& group). Note that if your puppet master is a client of itself (or some other puppet master) then the puppet agent running there still needs to be run as root. The agent enforces the state, which requires administrative access. The master calculates the state, which doesn't. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Aaron Grewell writes: > To answer OP's question, the Puppet Master runs as user/group puppet. The > agent runs as root. Which is, of course, entirely desirable. puppetmaster needs access only to a limited set of files, which it needs only to serve to agents, and hence is best run in a dedicated user/group. The agents, however, need root access to do their jobs. Unfortunately I failed to notice that was a top-posted reply. Sorry. > On Mon, Nov 26, 2012 at 3:41 PM, Steven VanDevender > wrote: > > > Jerald Sheets writes: > > > Because standard systems administration practice is to rarely if ever > > > run anything at all as root. This practice, generally speaking, will > > > not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if > > > something like Puppet (which has complete run of your system) ran as > > > root, you could easily demolish not only one but thousands of > > > machines with a single keystroke... well, Root is just a bad idea, > > > then > > > > One gathers you're not really a practicing sysadmin. What you cite are > > a bunch of good reasons one should avoid running daemons and > > applications as root. But you can't create and manage the mechanisms > > that are used to avoid running things as root without root access. A > > sysadmin avoids doing things as root that aren't necessary, but is > > otherwise obligated to use root access (carefully) on a constant basis. > > > > Puppet runs as root because it should be used to do a lot of the things > > that have to to be done as root. > > > > Proper standards for security should say that root access should be > > carefully regulated and monitored, not that it must never be allowed for > > remote access. If used well Puppet should actually improve your > > security because it can enforce site-wide standards automatically and > > provide better auditing of changes than haphazard manual practices. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Jerald Sheets writes: > Because standard systems administration practice is to rarely if ever > run anything at all as root. This practice, generally speaking, will > not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if > something like Puppet (which has complete run of your system) ran as > root, you could easily demolish not only one but thousands of > machines with a single keystroke... well, Root is just a bad idea, > then One gathers you're not really a practicing sysadmin. What you cite are a bunch of good reasons one should avoid running daemons and applications as root. But you can't create and manage the mechanisms that are used to avoid running things as root without root access. A sysadmin avoids doing things as root that aren't necessary, but is otherwise obligated to use root access (carefully) on a constant basis. Puppet runs as root because it should be used to do a lot of the things that have to to be done as root. Proper standards for security should say that root access should be carefully regulated and monitored, not that it must never be allowed for remote access. If used well Puppet should actually improve your security because it can enforce site-wide standards automatically and provide better auditing of changes than haphazard manual practices. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New to Puppet -- why the puppet user
Because standard systems administration practice is to rarely if ever run anything at all as root. This practice, generally speaking, will not pass ITIL, SOX, HIPAA, or PCI compliance auditing, and if something like Puppet (which has complete run of your system) ran as root, you could easily demolish not only one but thousands of machines with a single keystroke... well, Root is just a bad idea, then http://askubuntu.com/questions/16178/why-is-it-bad-to-run-as-root http://cboard.cprogramming.com/tech-board/123049-why-running-programs-root-so-bad.html http://unix.stackexchange.com/questions/52268/why-is-it-a-bad-idea-to-run-as-root A good best practices document on system security and elevated permissions: http://www.sans.org/reading_room/whitepapers/bestprac/system-administrator-security-practices_657 An access control article: http://www.softpanorama.org/Access_control/Accounts/root_account.shtml Another article on best practices (#1 addresses the root user) http://brajeshwar.com/2008/5-best-practices-for-linux-users/ I could go on. I just know that if the Root user could login remotely (or directly) to anything but the console on any of my corporate hosts, I'd fail audit on just about any government-compliance required site. --jms On Nov 26, 2012, at 5:17 PM, george wrote: > I'm looking at Puppet as a configuration manager solution, and I was > wondering > Why is there a puppet user and group? > I realize the obvious answer is that Puppet won't run w/o it, but I don't > understand > why it just wasn't set up with root access. > > thanks in advance, > george > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/WtXL0ugYO0YJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Status of STONITH support in the puppetlabs corosync module?
Greetings - Hoping to hear from hunner or one of the other maintainers of the puppetlabs corosync module - there is a note on the git project page that there is currently no way to configure STONITH. Is this information current? If so, has anybody come up with a simple method of managing STONITH with corosync via puppet? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/twMwc2Ewv2gJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Technical Reviewers Needed
I am definitely interested in this. I've years of experience with Puppet and have worked on mentoring junior team members so I've seen a lot of the beginner problems close up. I'm happy to review anything you throw my way. I have been toying with the idea of writing a Puppet book for months now, glad someone beat me to it! On Mon, Nov 26, 2012 at 7:32 AM, joan...@packtpub.com wrote: > I am searching for a number of technical reviewers for a Puppet > Beginner's Guide that is currently in production. You need to have > good technical knowledge, and be able to spare a few hours every > couple of weeks to review the chapters. Please get in touch if you're > interested! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing ssh server's keys?
In regard to: Re: [Puppet Users] Managing ssh server's keys?, Matt...: Here is my fileserver.conf: [private] path /etc/puppet/private/%h allow * FWIW, we're handling ssh keys and other sensitive full-file content nearly identically, although we we chose "/secure" rather than "/private" and we're using %H (fqdn) rather than %h (short host name). Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, IACC Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] New to Puppet -- why the puppet user
I'm looking at Puppet as a configuration manager solution, and I was wondering Why is there a puppet user and group? I realize the obvious answer is that Puppet won't run w/o it, but I don't understand why it just wasn't set up with root access. thanks in advance, george -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WtXL0ugYO0YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 Puppet labs repo package problem on rhel5
On Nov 26, 2012, at 4:46 PM, Michael Stahnke wrote: > > I tried to reproduce this and just couldn't. Does this happen on > other systems? > > Is there any more information you could think of? > Sadly, it's happening on every RHEL5 system I have! All packages are either RedHat or EPEL, or now PuppetLabs, I can't really think of anything that would cause a conflict. It happens on both VM's and Physical hardware.I did have a number of gems running to support hiera before I upgrade to Puppet 3.0.1 but I got rid of them on the master when I upgraded. It's really perplexing, especially since all the other packages from puppetlabs seem to have been installed and are working... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing ssh server's keys?
On Mon, Nov 26, 2012 at 4:05 PM, Jakov Sosic wrote: > On 11/26/2012 08:54 PM, Matt Zagrabelny wrote: > >> file { "/etc/ssh/ssh_host_rsa_key.pub": >> source => "puppet:///private/etc/ssh/ssh_host_rsa_key.pub", > > I didn't know about this one, do I need any special configuration of the > puppetmaster for this to work, or is this a builtin? Hi Jakov, Here is my fileserver.conf: root@puppet:/etc/puppet# cat /etc/puppet/fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence # over deny [files] path /etc/puppet/files # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [plugins] # allow *.example.com # deny *.evil.example.com # allow 192.168.0.0/24 [private] path /etc/puppet/private/%h allow * You would then put stuff at: /etc/puppet/private/node-01/etc/ssh/ssh_host_rsa_key . . etc. When node-01 connects your puppetmaster, it can only "see" its private file space. -mz -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing ssh server's keys?
On 11/26/2012 08:54 PM, Matt Zagrabelny wrote: > file { "/etc/ssh/ssh_host_rsa_key.pub": > source => "puppet:///private/etc/ssh/ssh_host_rsa_key.pub", I didn't know about this one, do I need any special configuration of the puppetmaster for this to work, or is this a builtin? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Pass Array as param to custom provider...
John, Again, very helpful... My knowledge of puppet is growing every day thanks to posts like this :-) Cheers Gavin On Nov 26, 2012 7:30 PM, "jcbollinger" wrote: > > > On Monday, November 26, 2012 12:19:09 PM UTC-6, Gavin Williams wrote: >> >> John >> >> Cheers again, that could be a good alternative way of doing it... Use >> insync? just to trigger options=, and then work out what actually needs >> setting there... >> > > That's not just a good alternative, it's the right way to do it. The job > of insync? is simply to determine whether all of the resource's properties > have the expected target values. No more, no less. The job of property > setter methods such as options= is to update the underlying resource(*) so > that the affected property has the assigned value. It is there, at the > interface between Puppet and the system, that you have flexibility. > > (*) The property setters of providers that implement flush() work a bit > differently, but I don't think that's relevant here. I mention it for > completeness. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/OEk9ZWDBvWUJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet 3.0 Puppet labs repo package problem on rhel5
On Fri, Nov 23, 2012 at 2:46 PM, Alaric wrote: > Hi, > > I'm having a weird issue and was wondering if anyone else had run into it. I > recently upgraded from puppet 2.7 -> 3.0.1 After cleaning up some gems on my > puppet master everything seemed to be working ok. I had originally used the > EPEL repo's to deploy puppet, but switched to the Puppet Labs repos so I > could upgrade to 2.7 then 3. On RHEL5 only, I get a RSTRING_PTR error if I > upgrade to the Puppet Labs version (1.4.6) if I roll back to the EPEL veriosn > of rubygem-json (1.4.3) Everything works again. > > > Has anyone seen anything like this before? > > Thanks > > -a > > > Rolling back to rubygem-json-1.4.3-3.el5.1 and everything works > > After Upgrade of rubygem-json > > Info: Retrieving plugin > /usr/bin/ruby: symbol lookup error: > /usr/lib64/ruby/site_ruby/1.8/x86_64-linux/json/ext/parser.so: undefined > symbol: RSTRING_PTR > > [root@rhel5build-10wa gems]# rpm -qi rubygem-json > Name: rubygem-json Relocations: (not relocatable) > Version : 1.4.6 Vendor: Puppet Labs > Release : 1.el5 Build Date: Wed 26 Sep 2012 > 06:10:33 PM EDT > Install Date: Fri 23 Nov 2012 05:11:36 PM EST Build Host: > rpm-builder.puppetlabs.lan > Group : Development/Languages Source RPM: > rubygem-json-1.4.6-1.el5.src.rpm > Size: 592354 License: Ruby or GPLv2 > Signature : RSA/SHA1, Wed 26 Sep 2012 06:15:36 PM EDT, Key ID > 1054b7a24bd6ec30 > URL : http://json.rubyforge.org > Summary : A JSON implementation in Ruby > Description : > This is a implementation of the JSON specification according > to RFC 4627 in Ruby. > You can think of it as a low fat alternative to XML, > if you want to store data to disk or transmit it over > a network rather than use a verbose markup language. > > > > > Before Upgrade: > > [root@rhel5build-10wa ~]# rpm -qi rubygem-json > Name: rubygem-json Relocations: (not relocatable) > Version : 1.4.3 Vendor: Fedora Project > Release : 3.el5.1 Build Date: Thu 16 Sep 2010 > 03:40:59 AM EDT > Install Date: Mon 19 Nov 2012 03:54:16 PM EST Build Host: > x86-03.phx2.fedoraproject.org > Group : Development/Languages Source RPM: > rubygem-json-1.4.3-3.el5.1.src.rpm > Size: 629927 License: Ruby or GPLv2 > Signature : DSA/SHA1, Mon 20 Sep 2010 12:40:46 PM EDT, Key ID > 119cc036217521f6 > Packager: Fedora Project > URL : http://json.rubyforge.org > Summary : A JSON implementation in Ruby > Description : > This is a implementation of the JSON specification according > to RFC 4627 in Ruby. > You can think of it as a low fat alternative to XML, > if you want to store data to disk or transmit it over > a network rather than use a verbose markup language. > > [root@rhel5build-10wa ~]# puppet agent --test > Info: Retrieving plugin > Info: Loading facts in /var/lib/puppet/lib/facter/born_on.rb > Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb > Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb > Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb > Info: Caching catalog for rhel5build-10wa > Info: Applying configuration version '1353708172' > Finished catalog run in 11.65 seconds > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > I tried to reproduce this and just couldn't. Does this happen on other systems? Is there any more information you could think of? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Technical Reviewers Needed
On Monday, November 26, 2012 6:32:36 AM UTC-6, joa...@packtpub.com wrote: > > I am searching for a number of technical reviewers for a Puppet > Beginner's Guide that is currently in production. You need to have > good technical knowledge, and be able to spare a few hours every > couple of weeks to review the chapters. Please get in touch if you're > interested! > I would be interested as well. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/IV_FkX3bK9YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Technical Reviewers Needed
Gah :) I hate it when lists set the reply to to the list. Sorry, Jason On 11/26/2012 04:32 PM, Jason Slagle wrote: That sounds interesting! I'm game if you still need some. Jason On 11/26/2012 07:32 AM, joan...@packtpub.com wrote: I am searching for a number of technical reviewers for a Puppet Beginner's Guide that is currently in production. You need to have good technical knowledge, and be able to spare a few hours every couple of weeks to review the chapters. Please get in touch if you're interested! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Technical Reviewers Needed
That sounds interesting! I'm game if you still need some. Jason On 11/26/2012 07:32 AM, joan...@packtpub.com wrote: I am searching for a number of technical reviewers for a Puppet Beginner's Guide that is currently in production. You need to have good technical knowledge, and be able to spare a few hours every couple of weeks to review the chapters. Please get in touch if you're interested! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing ssh server's keys?
Take a look at https://github.com/gtcoc/sshkeys for an idea. It isn't documented well (yet), so here are some rough notes: * the module assumes you are using hiera to supply default arguments. you can see the default values in the hieradata directory * the sshkeys::hostkeys class best shows how it works: + the master makes a call (via generate) to a perl script (sshkeys.pl) + the perl script either retrieves or generates a new key for the host * assuming you set up hiera properly (or otherwise specify default parameter values), I think all you should need to use this is: on the puppet master: include sshkeys::install and on the nodes: include sshkeys::hostkeys * if you want to distribute the keys into a known_hosts file, then you have to set up a file serving location for the file and pull it down. I created a module that I use for serving various files in our environment, and I set the parameter 'sshkeys::install::knownhosts_servedir' to put the file in the proper place. Then on all of my hosts I add a file resource: file { '/etc/ssh/ssh_known_hosts': source => 'puppet:///modules/ccfiles/ssh_known_hosts', mode => '0444', owner => 'root', group => 'root', } Hope that helps, Chad On Mon, Nov 26, 2012 at 2:47 PM, Jakov Sosic wrote: > Hi. > > I'm wondering is there a way to manage ssh servers, in a way that every > machine has it's own key? > > I'm talking about these files: > > /etc/ssh/ssh_host_dsa_key > /etc/ssh/ssh_host_dsa_key.pub > /etc/ssh/ssh_host_rsa_key > /etc/ssh/ssh_host_rsa_key.pub > /etc/ssh/ssh_host_key > /etc/ssh/ssh_host_key.pub > > > Ideally I would like to have a module that replaces those files with > files from puppet server, for specific host, if they are available, and > if not, then to gather them from the client. > > I think this is not possible, so is there some sensible way to manage > those files in a different fashion? Holding every file under: > > /etc/puppet/files/ssh/<%= hostname => > > is a possibilty, but if someone has done this already I would appretiate > some hints. > > > I'm trying to set up persistent ssh server keys across reinstallations > of hosts... > > > -- > Jakov Sosic > www.srce.unizg.hr > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Chad M. Huneycutt -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Managing ssh server's keys?
On Mon, Nov 26, 2012 at 1:47 PM, Jakov Sosic wrote: > Hi. > > I'm wondering is there a way to manage ssh servers, in a way that every > machine has it's own key? I've used the "private" file server mechanism to serve out node sensitive files. The following snippet shows this: class ssh::config($sshd_config_source = "puppet:///modules/ssh/etc/ssh/sshd_config") { file { "/etc/ssh/sshd_config": source => $sshd_config_source, require => Class["ssh::install"], notify => Service["ssh"], } file { "/etc/pam.d/sshd": source => "puppet:///modules/ssh/etc/pam.d/sshd", require => [ Class["ssh::install"], Class["libpam_radius_auth"] ], } file { "/etc/ssh/ssh_host_dsa_key": mode=> 0600, source => "puppet:///private/etc/ssh/ssh_host_dsa_key", require => Class["ssh::install"], notify => Service["ssh"], } file { "/etc/ssh/ssh_host_dsa_key.pub": source => "puppet:///private/etc/ssh/ssh_host_dsa_key.pub", require => Class["ssh::install"], notify => Service["ssh"], } file { "/etc/ssh/ssh_host_rsa_key": mode=> 0600, source => "puppet:///private/etc/ssh/ssh_host_rsa_key", require => Class["ssh::install"], notify => Service["ssh"], } file { "/etc/ssh/ssh_host_rsa_key.pub": source => "puppet:///private/etc/ssh/ssh_host_rsa_key.pub", require => Class["ssh::install"], notify => Service["ssh"], } } -mz -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Managing ssh server's keys?
Hi. I'm wondering is there a way to manage ssh servers, in a way that every machine has it's own key? I'm talking about these files: /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub Ideally I would like to have a module that replaces those files with files from puppet server, for specific host, if they are available, and if not, then to gather them from the client. I think this is not possible, so is there some sensible way to manage those files in a different fashion? Holding every file under: /etc/puppet/files/ssh/<%= hostname => is a possibilty, but if someone has done this already I would appretiate some hints. I'm trying to set up persistent ssh server keys across reinstallations of hosts... -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Pass Array as param to custom provider...
On Monday, November 26, 2012 12:19:09 PM UTC-6, Gavin Williams wrote: > > John > > Cheers again, that could be a good alternative way of doing it... Use > insync? just to trigger options=, and then work out what actually needs > setting there... > That's not just a good alternative, it's the right way to do it. The job of insync? is simply to determine whether all of the resource's properties have the expected target values. No more, no less. The job of property setter methods such as options= is to update the underlying resource(*) so that the affected property has the assigned value. It is there, at the interface between Puppet and the system, that you have flexibility. (*) The property setters of providers that implement flush() work a bit differently, but I don't think that's relevant here. I mention it for completeness. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/OEk9ZWDBvWUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What is the best way for creating users in puppet/hiera ?
On Monday, November 26, 2012 5:00:17 AM UTC-6, AnOnJoe wrote: > > Hello, > I have recently discover hiera, and I would like to use it for creating > users on my node. > > I first think of someting like that : > > > common.yaml > >> lusers : - jodoe >> - jadoe >> > classes : - users >> > > > serv01.foo.com.yaml > >> lusers : - Alice >> - Bob >> > > > modules/users/manifest/init.pp > >> define users ($user = hiera("$lusers")) { >> user { "$user": >> ensure => present, >> shell => '/bin/bash', >> home=> "/home/$user", >> managehome => true, >> } >> } >> > > But I don't know how I can call my def type like that. > > What about you ? How do you create your users in puppet / hiera ? > > A module's init.pp, if non-empty, should contain only the definition of a class (not a definition) sharing the name of the module. That's what you want in this case anyway: modules/users/manifests/init.pp: class users { $users = flatten(hiera_array('lusers')) user::user { $users: } } modules/users/manifests/user.pp define user::user () { user { "$name": ensure => present, shell => '/bin/bash', home => "/home/$name", managehome => true } } Notes: 1. To collect values for the same key from multiple levels of your data hierarchy, you need to use either hiera_array() or hiera_hash(). The plain hiera() function will give you only the value from the highest-priority level. 2. The flatten() function comes from the "stdlib" add-on module. You would need it in the example because, with the data as given, hiera_array() will return an array of arrays, whereas you want a single array whose elements are the usernames. 3. The only reason you need a defined type is that you want to explicitly declare the home directory name based on the username. If none of the properties were derived from the username then you could just use native User resources directly. 4. All quoting (and non-quoting) in the example is exactly as you should have it. In several cases, adding quotes or changing the quote type will change the meaning. 5. You would use the example by via "include 'users'" John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/E2I5jMIfGMMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Are these the same?
On Sunday, November 25, 2012 10:56:40 AM UTC-6, Smashed wrote: > > Trying to figure out if these would behave the same or not? > > Example 1: > - > > class Foo { > require Bar > someresource { 'baz': > …. # This depends on A,B and C being already completed > } > } > > class Bar { > include A > include B > include C > } > > > Example 2: > > > class Foo { > include Bar > someresource { 'baz': > …. > require => Class['Bar'] > } > } > > class Bar { > include A > include B > include C > } > > > So will these behave the same? Yes. > When I require Bar in the first example are the A,B and C resources > guaranteed to be executed before the resource in Foo? A, B, and C are classes, not resources. The resources they contain are not guaranteed to be applied before Someresource['baz'], but if there were any resources declared directly by class Bar then they would all be applied before Someresource['baz']. Do not use run stages for this. They are way overkill for the problem. If you needed to add new stages every time you had to enforce resource ordering then you would quickly end up with an unmanageable mess. See my response to your other thread on this question (https://groups.google.com/forum/?fromgroups=#!topic/puppet-users/buREmDC8Py4) for more information. In the future, it will suffice to ask your question once. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/W1T-29xHsy0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: delete home directory rescurively
tidy puppet type works recursively too. On Mon, Nov 26, 2012 at 2:19 PM, jcbollinger wrote: > > > On Saturday, November 24, 2012 10:28:44 AM UTC-6, bluethundr wrote: >> >> Is there a way using puppet to delete the home directories recursively of >> employees who have left the company? >> >> So far I've tried: >> >>file { "/export/home/user": >> name => "$home_dir/user", >> ensure => 'absent' >> } >> >> I also tried >> >> >> >> file{'export/home/user': >> name => "$home_dir/user", >> purge => true, >> recurse => true, >> force => true, >> backup => false, >> } >> >> But neither worked. Is there a way to do this with puppet currently? >> >> > > If you don't want to or can't do this via User resources, then it ought to > work to add "ensure => absent" in your second version. > > Alternatively, you can always resort to > > exec { "Remove ${user}'s Home": > command => "/bin/rm -rf ${home_dir}/${user}", > onlyif => "/usr/bin/test -e ${home_dir}/${user}" > } > > > John > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/dDIVaCy8uOQJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Eduardo A. Muñoz GPG Key fingerprint = 175E 6AEB AD23 8EFE 0FC3 F558 9AB1 7885 40A4 ABBB CCNA - CCNP -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: delete home directory rescurively
On Saturday, November 24, 2012 10:28:44 AM UTC-6, bluethundr wrote: > > Is there a way using puppet to delete the home directories recursively of > employees who have left the company? > > So far I've tried: > >file { "/export/home/user": > name => "$home_dir/user", > ensure => 'absent' > } > > I also tried > > > > file{'export/home/user': > name => "$home_dir/user", > purge => true, > recurse => true, > force => true, > backup => false, > } > > But neither worked. Is there a way to do this with puppet currently? > > If you don't want to or can't do this via User resources, then it ought to work to add "ensure => absent" in your second version. Alternatively, you can always resort to exec { "Remove ${user}'s Home": command => "/bin/rm -rf ${home_dir}/${user}", onlyif => "/usr/bin/test -e ${home_dir}/${user}" } John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/dDIVaCy8uOQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Are these the same?
On Sun, Nov 25, 2012 at 8:56 AM, Mark wrote: > Trying to figure out if these would behave the same or not? > > Example 1: > - > > class Foo { > require Bar > someresource { 'baz': > …. # This depends on A,B and C being already completed > } > } > > class Bar { > include A > include B > include C > } > > > Example 2: > > > class Foo { > include Bar > someresource { 'baz': > …. > require => Class['Bar'] > } > } > > class Bar { > include A > include B > include C > } > > > So will these behave the same? When I require Bar in the first example are > the A,B and C resources guaranteed to be executed before the resource in > Foo? Same question goes for example 2 > They don't work as expected. You need containment resources in class Bar. See documentation and ticket 8040 for more info and work around: http://docs.puppetlabs.com/puppet/2.7/reference/lang_containment.html http://projects.puppetlabs.com/issues/8040 HTH, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Pass Array as param to custom provider...
John Cheers again, that could be a good alternative way of doing it... Use insync? just to trigger options=, and then work out what actually needs setting there... Cheers Gav On Nov 26, 2012 5:42 PM, "jcbollinger" wrote: > > > On Friday, November 16, 2012 5:44:09 AM UTC-6, Gavin Williams wrote: >> >> However still looks like if one of the *:options *doesn't match, then >> the whole lot gets set again... I guess that's a reasonable logic in that >> if one doesn't match, it's quite possible other's don't match, so set them >> all to be safe... Unless I missed something? >> >> > What you continue to miss is that you are treating all the options as a > single property. That's ok, but it means that at the level of the resource > / provider interface, Puppet cannot set individual options, only all of > them as a group. You can't have it both ways. > > Inside your provider, however, you can implement the interface to the > underlying tool any way you want. In particular, in your options= > function, you can look at the current value and the value being set, > extract the changes, and apply only those. I guess you were trying to do > something like that in your insync? function, but if you're doing something > like that then options= is probably where it should go. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/uFOu3gp_0kQJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Executing puppet crash the machine
On Thursday, November 22, 2012 6:23:06 AM UTC-6, Mon wrote: > > > > > Hello all, >> >> We have a problem with puppet and certain kind of machines from our farm >> (+300), those with Supermicro X8SIE motherboard. Sometime when running >> puppet the machine crashes, we lose access to it and logging through IPMI >> doesn't show anything in the console, the only thing we can do is a cold >> reboot. Then if we run puppet again, nothing happens. If we run puppet >> several days after it could be another crash or not, it is random. >> I debugged the problem and got the conclusion that the cause was when >> running "facter", running it in a mpssh session caused 7 or 8 crashes in >> different machines. >> >> Soft Version: >> S.O: ubuntu 8.04 >> facter 1.5.4-1ubuntu1 >> puppet 0.25.1-2 >> >> After upgrading to facter -1.6.11-1 crashes continued. (last .deb in >> puppetlabs to hardy) >> >> > Sorry, I sent before ending... > > I managed to get some traces executing with "strace" that I could paste if > you consider so. > > Someone has experienced something like that? > > > For what it's worth, Facter itself is unlikely to be crashing your system, but it runs a variety of commands that probe system details, and it's possible that one or a combination of those sometimes crashes them. It should be possible to crash the systems by running the same commands from the shell. If you have straces of facter sessions that resulted in crashes then they might be illuminating. The key thing I would be looking for is what commands Facter is trying to run when the crashes occurred. Unfortunately, the nature of the problem precludes being certain that the last thing in the captured trace is actually the thing Facter was trying to do when the crash happened. If there is a software bug then it is probably in a separate tool or in the OS kernel. It might also be that you have a firmware (i.e. BIOS) bug on the affected systems, or even that the particular motherboard model that is affected has a design or fabrication flaw. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uRikgvYaJN8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: What is the best way for creating users in puppet/hiera ?
You might look into the create_resources function. The example given is creating users even. http://docs.puppetlabs.com/references/latest/function.html#createresources On Monday, November 26, 2012 3:00:17 AM UTC-8, AnOnJoe wrote: > > Hello, > I have recently discover hiera, and I would like to use it for creating > users on my node. > > I first think of someting like that : > > > common.yaml > >> lusers : - jodoe >> - jadoe >> > classes : - users >> > > > serv01.foo.com.yaml > >> lusers : - Alice >> - Bob >> > > > modules/users/manifest/init.pp > >> define users ($user = hiera("$lusers")) { >> user { "$user": >> ensure => present, >> shell => '/bin/bash', >> home=> "/home/$user", >> managehome => true, >> } >> } >> > > But I don't know how I can call my def type like that. > > What about you ? How do you create your users in puppet / hiera ? > > Thx > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/i4IfAKLco48J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Pass Array as param to custom provider...
On Friday, November 16, 2012 5:44:09 AM UTC-6, Gavin Williams wrote: > > However still looks like if one of the *:options *doesn't match, then the > whole lot gets set again... I guess that's a reasonable logic in that if > one doesn't match, it's quite possible other's don't match, so set them all > to be safe... Unless I missed something? > > What you continue to miss is that you are treating all the options as a single property. That's ok, but it means that at the level of the resource / provider interface, Puppet cannot set individual options, only all of them as a group. You can't have it both ways. Inside your provider, however, you can implement the interface to the underlying tool any way you want. In particular, in your options= function, you can look at the current value and the value being set, extract the changes, and apply only those. I guess you were trying to do something like that in your insync? function, but if you're doing something like that then options= is probably where it should go. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/uFOu3gp_0kQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Agent on Windows and file paths 32 or 64 Bit
Hi Oliver, On Wed, Nov 21, 2012 at 8:08 AM, r0k5t4r wrote: > I just started using puppet agent on windows 32Bit and my manfiests are > working good so far. Now when using the same manifests on a 64Bit Windows > machine I get trouble about the very special Program Files path. :( Facter 1.6.10 will correctly report 32-bit or 64-bit architecture and hardwaremodel. See http://projects.puppetlabs.com/issues/10261. However, there is still a bug where a 32-bit OS running on 64-bit hardware is reported as 64 instead of 32. See https://projects.puppetlabs.com/issues/16948. As a result, you may need to do something like: https://github.com/puppetlabs/puppetlabs-dism/blob/master/lib/puppet/provider/dism/dism.rb#L7 Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Weird scoping problem
On Wednesday, November 21, 2012 12:13:22 PM UTC-6, Hugh Cole-Baker wrote: > > Using puppet 3.0.1 I ran into an odd scoping problem - I've got a class > called 'lettuce' in a module named testtools, like this: > > class testtools::lettuce { > require pip > > Package { > provider => pip, > } > > package { > "lettuce": > ensure => installed; > "lettuce-webdriver": > ensure => installed; > } > } > > Then I've got a class 'pip' in a module named 'pip' (the class is in the > module's init.pp): > > class pip { > package { "python-pip": > ensure => installed, > } > } > > When I included testtools::lettuce on a node, it tried to install the > 'python-pip' package, *using* pip, i.e. trying to run /usr/bin/pip install > -q python-pip > The python-pip package is meant to be using the default 'apt' provider, > but it looks like the Package { provider => pip } from a completely > different module is overriding its default. I thought Puppet 3's removal of > dynamic scoping wouldn't allow this? > As I understood it, the dynamic scoping changes were only about variable references, but you are right that the scope of resource defaults is a similar issue. For your case, I would recommend just expressing alternative providers explicitly instead of by setting a resource default. If you want to do that without writing "package => 'pip'" on every package, then you could wrap it in a defined type. That would also have the advantages of being a bit clearer at the point where you declare pip packages, and of localizing the pip dependency better: define pip_package ($ensure) { require 'pip' package { $name: ensure => $ensure, provider => 'pip' } } class testtools::lettuce { pip_package { 'lettuce': ensure => installed; 'lettuce-webdriver': ensure => installed; } } May I say, however, that I *strongly* recommend avoiding the use of multiple package providers whose scopes overlap. On systems that provide a built-in package manager (most systems these days), that implies using only the built-in manager. Instead of using alternative package providers, repackage software so that you can manage it via the native package manager. It's all about ensuring that the package manager has all the information it needs to do its job properly. Exceptions can be made for systems, such as Windows, whose package management is too rudimentary to be reliable anyway. (I'm talking about the systems themselves, not Puppet's providers.) John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/s_sK2xdhq1IJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Issue with service => disabled and stopped
On Tuesday, November 20, 2012 6:11:17 PM UTC-6, Forrie wrote: > > Thanks, I went ahead and added an "exit 1" at the bottom of each of > these scripts to shut it up. That's probably not quite right, but maybe it will work well enough for you. > At least, in the case of the cups- > config-daemon, it's been deprecated so I can just remove that check. > HIDD is another issue. Most of the init.d scripts use RETVAL=$? > after the status) query -- so that's hooked in somewhere to the > functions perhaps and that it doesn't work properly with HIDD is > "really" a bug, per se. > Yes, it is a bug in the initscript. They both are. You should consider filing a ticket with your distro. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/y7KMIQHnGmcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Technical Reviewers Needed
PS - I just finished reviewing the Nagio Core Cookbook. John John Kennedy Government - Never underestimate the power of stupid people in large groups. The Dunning-Kruger effect occurs when incompetent people not only fail to realize their incompetence, but consider themselves much more competent than everyone else. Basically - they're too stupid to know that they're stupid. - In America, we call them politicians On Mon, Nov 26, 2012 at 11:54 AM, John Kennedy wrote: > I would be interested in this. Looks like a good project. > John > > John Kennedy > > Government - Never underestimate the power of stupid people in large > groups. > > The Dunning-Kruger effect occurs when incompetent people not only fail to > realize their incompetence, but consider themselves much more competent > than everyone else. Basically - they're too stupid to know that they're > stupid. - In America, we call them politicians > > > > On Mon, Nov 26, 2012 at 7:32 AM, joan...@packtpub.com < > joan...@packtpub.com> wrote: > >> I am searching for a number of technical reviewers for a Puppet >> Beginner's Guide that is currently in production. You need to have >> good technical knowledge, and be able to spare a few hours every >> couple of weeks to review the chapters. Please get in touch if you're >> interested! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Technical Reviewers Needed
I would be interested in this. Looks like a good project. John John Kennedy Government - Never underestimate the power of stupid people in large groups. The Dunning-Kruger effect occurs when incompetent people not only fail to realize their incompetence, but consider themselves much more competent than everyone else. Basically - they're too stupid to know that they're stupid. - In America, we call them politicians On Mon, Nov 26, 2012 at 7:32 AM, joan...@packtpub.com wrote: > I am searching for a number of technical reviewers for a Puppet > Beginner's Guide that is currently in production. You need to have > good technical knowledge, and be able to spare a few hours every > couple of weeks to review the chapters. Please get in touch if you're > interested! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: delete a file created with puppet
On Wednesday, November 21, 2012 3:57:46 AM UTC-6, Alex Stanhope wrote: > > Hi Jakov, > > On 21 November 2012 02:03, Jakov Sosic wrote: >> >> exec{'first': >> command => 'cd /tmp && wget mykey', >> creates => '/tmp/mykey', >> } >> >> exec{'second': >> command => 'echo "" > /tmp/mykey | tee -a /tmp/mykey2', >> creates => '/tmp/mykey2', >> } >> > > ...a really beautiful ugly hack. I appreciate the input because it sounds > like I'm not missing anything really obvious. When coding in a new > (declarative) language, I'm always mindful that I could be thinking about > the problem incorrectly. I'm surprised in this case that more puppeteers > haven't had the same problem. Perhaps I should be writing some kind of > secure ssh-agent based key management plugin for Puppet? > If you're going to go with something like that then at least tidy it up: 1) Do not use run stages. It would be messy to set this up so that you could do so. Instead, declare ordinary resource relationships that capture the order you need. 2) For goodness sake, don't leave *two* state files per repo lying around when you need only one. 3) Do put the state files somewhere other than /tmp, as putting them in /tmp implies that it is safe to remove them. The result might look something like this: define mymodule::git_repo() { exec { "get_repo_${name}_key": command => "cd /var/local && wget ${mymodule::repo_key_base}/repo_${name}_key", creates => "/var/local/repo_${name}_key", provider => 'sh' } exec { "clone_repo_${name}": command => "git clone ...", refreshonly => true, subscribe => Exec["get_repo_${name}_key"] } exec { "clean_repo_${name}_key": command => "echo '' > /var/local/repo_${name}_key", refreshonly => true, require => Exec["clone_repo_${name}"], subscribe => Exec["get_repo_${name}_key"], provider => 'sh' } } > > Also John, thanks for the suggestion. Sending a plaintext password to the > git clone call is an option, but I've got several git and several SVN > repos, all connecting over SSH so the agent-play made more sense to me. > > If you're saying that you envision all the repos' keys going to go into the same file, then do be aware Jakov's approach does not serve that objective very well. You really need one file per repo, since the approach relies on an empty version being kept around as a marker that that repo has already been cloned. Indeed, it is the requirement for marker files that turns me off to the idea. It is clever to clear the key files and leave them as markers, but I'm not very keen on storing metadata on the managed node in the first place. I much prefer techniques that are driven by the actual state of the target node, instead of indirectly by what Puppet (or someone else) has recorded about the state of the node. With that said, you should go with what makes sense to you and works for you. I just want you to make an informed decision. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/56cxhQa4DjMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Technical Reviewers Needed
I am searching for a number of technical reviewers for a Puppet Beginner's Guide that is currently in production. You need to have good technical knowledge, and be able to spare a few hours every couple of weeks to review the chapters. Please get in touch if you're interested! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Question about a node that includes a class of the same name...
On Monday, November 26, 2012 10:10:06 AM UTC-6, jcbollinger wrote: > > > > On Tuesday, November 20, 2012 3:32:07 PM UTC-6, llowder wrote: >> >> I was going through the open bugs and came across an interesting one[1], >> where if a node has a certain name, and includes a class of the same name, >> the class doesn't get loaded. >> >> I did discover a workaround - two of them, actually. >> >> However, I was somewhat curious. Is this something people do? >> > > > Some people do create "node classes", but as you can imagine, it doesn't > scale very well. Nevertheless, it shouldn't break. > > I wonder whether you can work around the issue by using the absolute name > of the class, like this: > > node 'centos' { > include '::centos' > } > > I have found 2 ways to get around this. The first is to use a wild card regex as the node name: node /cento./{ include centos } And the other is to use paramater syntax, which works with "node centos" "node /centos/" and "node /cento./" > Likewise, I wonder whether you can work around the issue of referencing > class variables inside node blocks by referring to them via their absolute > names. > > > The class variables are only available in the node if the class itself gets loaded. I put together a set of tests that show the different combinations, you can see them at https://gist.github.com/4090041 > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Tg-1MWNlVSQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Question about a node that includes a class of the same name...
On Tuesday, November 20, 2012 3:32:07 PM UTC-6, llowder wrote: > > I was going through the open bugs and came across an interesting one[1], > where if a node has a certain name, and includes a class of the same name, > the class doesn't get loaded. > > I did discover a workaround - two of them, actually. > > However, I was somewhat curious. Is this something people do? > Some people do create "node classes", but as you can imagine, it doesn't scale very well. Nevertheless, it shouldn't break. I wonder whether you can work around the issue by using the absolute name of the class, like this: node 'centos' { include '::centos' } Likewise, I wonder whether you can work around the issue of referencing class variables inside node blocks by referring to them via their absolute names. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VYzZTpSOy8YJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: how to refresh mount point through puppet?
On Monday, November 26, 2012 2:33:54 AM UTC-6, 胡振翔 wrote: > > HI, > > I am new here.and I have a request to refresh the mount point through > puppet for 1000+ servers. > > per the native mount type, it seems that it only use 'umount' command , > but I want to use 'umount -l' on Linux and 'umount -f' on Solaris and AIx. > > > zxhu@vlsh-puppet1:/var/log$ sudo puppet agent --server=vlsh-puppet1 > --no-daemonize --verbose --onetime > info: Caching catalog for vlsh-puppet1 > info: Applying configuration version '1353918009' > err: /Stage[main]/Sudo/Mount[/home/xinghui]/ensure: change from ghost to > absent failed: Execution of '/bin/umount /home/xinghui' returned 1: umount: > /home/xinghui: device is busy > umount: /home/xinghui: device is busy > > any suggest is appreciated. > Thanks. > You cannot change the options without modifying Puppet or writing a custom 'provider' plugin for the Mount type. The PuppetLabs site has documentation on writing custom types and providers (they are related, but you need only a provider for an existing type, not a whole new type). John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/WmumHZ8wNJQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: problems with exported exec resources
On Sunday, November 25, 2012 11:57:36 PM UTC-6, go8ose wrote: > > I've got an exported exec that looks like: > > 38 @@exec { "commvault_subclient_$hostname": > 39 command => "/usr/local/sbin/commvault_auto_subclient > --touchstamp /srv/mnt/.$hostname_commvault_backed_up $hostname", > 40 creates => "/srv/mnt/.$hostname_commvault_backed_up", > 41 tag => "commvault_nfs_subclient" > 42 } > > Elsewhere I've got some manifest to collect these: > > 90 # Collect the exec's that automatically setup commvault backups > 91 Exec <<| tag == 'commvault_nfs_subclient' |>> > 92 > > > But on the host that has that collection, I'm not seeing the resulting > script run (which creates the file mentioned as the --touchstamp > argument). It's like the collection is silently failing. > > I'm not sure how to debug this. Other exported resources are working, > I'm successfully doing: > @@nagios_host { $hostname: > address => $ipaddress, > use => 'linux-host', > alias => $hostname, > } > @@nagios_service { "$hostname-ping": > use => 'alive-service', > host_name => $hostname, > } > > And collecting them with: > Nagios_service <<| |>> > Nagios_host <<| |>> > > I'm also seeing in my mysql database entries in the 'resources' table > that have restype='Exec' and have a title like > commvault_subclient_webapp01. > > I'm running puppet 2.6.2 on the master and the involved clients. Any > suggestions? > > This looks like http://projects.puppetlabs.com/issues/11049. You can vote for that issue. To work around the it, I think you'll need to arrange for the host that collects those resources to declare its own nagios_service and nagios_host resources as ordinary instead of exported resources. Of course, that's a bust if more than one node needs to collect those resources. There are probably other workarounds, but they depend on details of your site. Many of them involve substituting something else for exported resources; the rest involve collecting onto a node that does not export (and therefore is not affected by the bug), and then sharing the result somehow. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/MG_5-Jtrp4EJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Dependency Ordering
On Saturday, November 24, 2012 1:17:54 PM UTC-6, Smashed wrote: > > class Foo { > > require A > > … some other stuff > > } > > > class A { > > include B > > include C > > include D > > } > > > When structured like this does this mean that A,B,C and D will all be > processed before Foo? > Classes A, B, C, and D will all be *parsed* before anything following the 'require' line in class Foo. Resources declared directly by class A will be *applied* before resources declared directly by class Foo. The given code does not declare any other ordering constraints. It looks like you are running into issues related to the containment problem. Search for documentation and discussion of the "anchor pattern" on this group and on the PL site for more information. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/pgtGvh3OjAgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: passing array param to hiera
On Friday, November 23, 2012 11:19:11 AM UTC-6, mickael avedissian wrote: > > Hi, > > I'm having an issue trying to pass an array parameter for a hiera lookup > > hiera.yaml: > :hierarchy: > - some_place/%{hostnames} > > dummy_host.yaml: > --- > host: 'dummy_host' > instances: > dummy01:1.2.3.4 > dummy02:1.2.3.4 > dummy03:1.2.3.4 > > > in my manifest I have: > $hostnames = [ 'dummy_host', 'dummy_host1' ] > $hiera_lookup = hiera('instances') > > > The above results in me getting the following error: > can't convert Array into String at manifest.pp:18 on node hostname > > > I also tried using hiera_array and hiera_hash without success. > > Hiera does not provide the feature you are looking for. Each element of the hierarchy array in hiera.yaml identifies *one* data source. You cannot expand a single element into multiple elements by interpolating an array. I think you are heading in the wrong direction by attempting to manipulate your data hierarchy. Play all the games you want with your data, but approach your hierarchy with great care. In this particular case, it appears that you want to perform a UNION query of some of your hiera data. I can't think of a good way to do that in core Puppet, but it should be straightforward to write a custom function for it. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KdJp7ZPLDsQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: exec 'refresh' attribute possible values
On Friday, November 23, 2012 9:05:07 AM UTC-6, badbishop wrote: > > A quote from http://docs.puppetlabs.com/references/latest/type.html#exec > > refreshHow to refresh this command. By default, the exec is just called >> again when it receives an event from another resource, but this parameter >> allows you to define a different command for refreshing. > > > A different command... like what? > Anything you like, though some things make more sense than others. Here is a contrived example that I hope will communicate at least the spirit: exec { 'Puppet Timestamps': command => 'echo "first run:" > /var/log/puppet_timestamp; date >> /var/log/puppet_timestamp', refresh => 'touch /var/log/puppet_timestamp', creates => '/var/log/puppet_timestamp', provider => 'sh' } That will manage a file /var/log/puppet_timestamp whose text records a timestamp of the Puppet run in which it was created, and whose file timestamp is updated to the current time every time Puppet refreshes it. > What does it add to 'refreshonly' attribute? > The 'refreshonly' attribute allows the Exec's refresh action to be executed without first executing its synchronization action. Normally both the refresh and the synchronization action are given by the 'command' parameter (though I don't think that's quite how it should be, and there is a chance it will change in the future; see http://projects.puppetlabs.com/issues/5876). If you assign a 'refresh' parameter then that -- instead of the 'command' parameter -- gives the refresh action. > > Actually, what I'm looking for, is a conditional triggering of one exec by > another. That is exec1 notifies exec2 only if exec1 command has been > actually executed. > 'onlyif' can prevent the execution of exec1 itself, but doesn't prevent, > say, notify=>Exec['2'] from happening. > Then you are looking for the 'creates', 'unless', and/or 'onlyif' parameters of exec1. Use those to determine whether exec1 needs to run. If it is synchronized without actually running -- as controlled by those parameters -- then it will not broadcast events to other resources. If exec2 should do nothing when it does not receive an event from exec1, then you want "refreshonly => true" on exec2. The 'refresh' parameter is inappropriate for that use case. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yl5lLT5M7GUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] variable not replace when come from hiera
On Sunday, November 25, 2012 4:45:27 AM UTC-6, Craig Dunn wrote: > > On 23/11/2012 23:03, fpommier wrote: > > Hi, > I use puppet 2.7.16 > i try to use hiera to store file data > yaml file : > apt: > '/etc/apt/preferences.d': > ensure: directory > recurse: true > source: "puppet:///$environment/$module_name/preferences.d" > > > Try this with; > >source: "puppet:///%{environment}/%{module_name}/preferenced.d > > Your source path confuses me a bit anyway, surely your environment > dictates your modulepath and this should just be > puppet:///modules/%{module_name}/preferences.d ? > > And, therefore, it's probably not useful to interpolate even the %{module_name}. The datum is probably used only by one module, almost certainly having the same name in every environment, and that module knows its own name. In fact, the whole thing probably ought to be written into the relevant class instead of being loaded indirectly via hiera. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/JbC629B-_qcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Array from custom function gets flattened
Excellent information there John. Thank you for taking time to explain so clearly. Dave On Monday, November 26, 2012 2:38:39 PM UTC, jcbollinger wrote: > > > > On Wednesday, November 21, 2012 10:41:48 AM UTC-6, KomodoDave wrote: >> >> Actually this is interesting: the 'path' parameter has a default value of >> the title. So if you don't specify the path yet specify an array for the >> title, I wonder what the internal logic is? >> >> Intriguing... >> >> > You are missing an important subtlety: when you use an array as a resource > title, you are declaring not just one resource but several separate > resources -- one for each array element, with the corresponding element as > its title. Each resource gets the same values for the assigned parameters, > and default values for all others. Thus, this declaration > > file { [ '/tmp/one', '/tmp/two']: > ensure => 'file', > mode => 0644 > } > > is exactly equivalent to these two > > file { '/tmp/one': > ensure => 'file', > mode => 0644 > } > > file { '/tmp/two': > ensure => 'file', > mode => 0644 > } > > . The array-style declaration is strictly shorthand. The default 'path' > parameter for File['/tmp/one'] is '/tmp/one', and the default 'path' > parameter for File['/tmp/two'] is '/tmp/two', regardless of which form you > use to declare them. > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Hbn43b2NsxsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Array from custom function gets flattened
On Wednesday, November 21, 2012 10:41:48 AM UTC-6, KomodoDave wrote: > > Actually this is interesting: the 'path' parameter has a default value of > the title. So if you don't specify the path yet specify an array for the > title, I wonder what the internal logic is? > > Intriguing... > > You are missing an important subtlety: when you use an array as a resource title, you are declaring not just one resource but several separate resources -- one for each array element, with the corresponding element as its title. Each resource gets the same values for the assigned parameters, and default values for all others. Thus, this declaration file { [ '/tmp/one', '/tmp/two']: ensure => 'file', mode => 0644 } is exactly equivalent to these two file { '/tmp/one': ensure => 'file', mode => 0644 } file { '/tmp/two': ensure => 'file', mode => 0644 } . The array-style declaration is strictly shorthand. The default 'path' parameter for File['/tmp/one'] is '/tmp/one', and the default 'path' parameter for File['/tmp/two'] is '/tmp/two', regardless of which form you use to declare them. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/dZPPXgbICagJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: bad network causing puppet runs to hang
On Wednesday, November 21, 2012 1:02:02 PM UTC-6, Ellison Marks wrote: > > Thought I'd ask around here before I go file a bug report. > > Basically, I have a few machines administered by puppet which have an > unreliable internet connection. They talk to my puppetmaster on an internal > network and have NAT through a router to the internet. The NAT doesn't > always work. When it doesn't, puppet runs start to hang with a python > script at /usr/lib/ruby/site_ruby/1.8/puppet/provider/package/yumhelper.py > just never exiting. if I kill it, the run finishes with no changes. > Sometimes it will exit on it's own after a few hours. > > So, anyone else having this issue, or have I found something new. > > I am not experiencing the issue, probably because my machines are not routinely afflicted with unreliable networking. If the problem is specific to the Yum provider, however, then I would look first at yum. It has some behaviors that could very well cause delays and/or hangs under some types of unfavorable network conditions. Specifically, you should uninstall or disable Yum's "fastestmirror" plugin on machines that cannot reliably reach the Internet, and you should ensure that all enabled repositories are pointed to repository or mirrorlist URLs that can be reached reliably. The latter will probably require you to maintain local mirrors of all the repositories you use, but that's a pretty good practice anyway. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sj_MEi0gibkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera dump
Hello, 2012/11/25 Olivier Bazoud > Hello, > > I would like to dump into a single file (via an erb template for example) > all keys and values from a hiera hierarchy. My use case is to share this > generated file with applications configuration (java, php, nodejs, ...). > > How can do this? Is this the right way to do it? > Is there a way to get all keys from hiera ? > > I would just use Ruby to parse hiera yaml files to collect all the keys and it's values. Then generating templates would be easy. Best, -- Dominik Żyła -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unable to connect to master...
:-D When I was checking, it seems like port 8140 is not open. I think I need to investigate further. Rajeev On Monday, November 26, 2012 3:50:56 PM UTC+5:30, showy wrote: > > First.. chill pill.. > > > Joking. > > Plz copy ur puppetmasterd logging. > > On Mon, Nov 26, 2012 at 5:41 AM, Rajeev Iyer > > wrote: > >> Hi , >> >> I need help here. I am running my master on RHEL 64 bit and I am trying >> to connect my agent from Solaris running on Solaris 10. >> I have put the entries for both master and agent on /etc/hosts. I have >> also updated the /etc/puppet/puppet.conf for the master. When I ping the >> master the server, the connection is going through. But I am not able to >> telnet 8140 as connection to master is failing. Can someone help >> me here? I am a little desperate to get it right. >> >> Thanks in advance, >> >> Rajeev >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/TFzFHpd2BJcJ. >> To post to this group, send email to puppet...@googlegroups.com >> . >> To unsubscribe from this group, send email to >> puppet-users...@googlegroups.com . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Q1SnytcGcooJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] What is the best way for creating users in puppet/hiera ?
Hello, I have recently discover hiera, and I would like to use it for creating users on my node. I first think of someting like that : common.yaml > lusers : - jodoe > - jadoe > classes : - users > serv01.foo.com.yaml > lusers : - Alice > - Bob > modules/users/manifest/init.pp > define users ($user = hiera("$lusers")) { > user { "$user": > ensure => present, > shell => '/bin/bash', > home=> "/home/$user", > managehome => true, > } > } > But I don't know how I can call my def type like that. What about you ? How do you create your users in puppet / hiera ? Thx -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/yywCgTGmJAwJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Best practices on puppet installation
On 25 November 2012 21:36, Ugo Bellavance wrote: > Ok, but it looks like foreman is not fully puppet-3 compatible up to now. I > think I'll wait for that. We have all the required changes for puppet-3 compatibility in the develop branches of foreman and foreman-proxy - hoping to get a release candidate out soon, so stay tuned :) Greg -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unable to connect to master...
First.. chill pill.. Joking. Plz copy ur puppetmasterd logging. On Mon, Nov 26, 2012 at 5:41 AM, Rajeev Iyer wrote: > Hi , > > I need help here. I am running my master on RHEL 64 bit and I am trying > to connect my agent from Solaris running on Solaris 10. > I have put the entries for both master and agent on /etc/hosts. I have > also updated the /etc/puppet/puppet.conf for the master. When I ping the > master the server, the connection is going through. But I am not able to > telnet 8140 as connection to master is failing. Can someone help > me here? I am a little desperate to get it right. > > Thanks in advance, > > Rajeev > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/TFzFHpd2BJcJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Unable to connect to master...
Hi , I need help here. I am running my master on RHEL 64 bit and I am trying to connect my agent from Solaris running on Solaris 10. I have put the entries for both master and agent on /etc/hosts. I have also updated the /etc/puppet/puppet.conf for the master. When I ping the master the server, the connection is going through. But I am not able to telnet 8140 as connection to master is failing. Can someone help me here? I am a little desperate to get it right. Thanks in advance, Rajeev -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/TFzFHpd2BJcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] MCollective discovery - we did not discover any nodes
Overall it works like a > > charm, but sometimes (eg. 1/30) discovery fails. > > does mco ping exhibit the same behavior if you run it often? Does it > tend to happen more after a period of the collective being idle or just > really randomly? > Am facing the same problem where the discovery fails (1/4). I have a setup with a network of 2 activemq brokers and the client and nodes fails over from one to other. The mco ping also exhibits the same problem, mostly after beeing idle and when one of the broker boxes is heavily loaded. I have nodes with 4000, 5000 ms ping and with 60, 70 ms ping but when i run mco ping with default i get no nodes discovered. Atleast it should discover the low ping boxes right? *I have configured fail over as in the documentaion but yet i find these discovery problems especially when* *one of the brokers is loaded. Can mcollective to tuned to use the less loaded broker ?* > > > > I would like to ask for some feedback on the following ideas, that > > could fix this problem. > > > > a) Increase discovery timeout > > mco offers a option to tweak the discovery timeout. What is your > > experience with increasing this value? When running > > "mco ping", I see ping times of 130ms, so 2 seconds (the default > > should be enough), or? > > Is there a way to configure is global? > > it's not global - its a client setting but with those ping times it > should be sufficient. Discovery does exactly what mco ping does so its > a good way to diagnose > by this documentation it shows its a server config http://docs.puppetlabs.com/mcollective/reference/basic/configuration.html when i add the command line option --dt 5 it works fine. I dono why the low ping nodes are not discovered in the default discovery timeout. I find this option export MCOLLECTIVE_EXTRA_OPTS="--dt 5 --timeout 3 --config /home/you/mcollective.cfg" *Is there a way to configure default discovery timeout for the client in the client.cfg?* Can anyone clarify me on this whole discovery timeout thing? > Might be worth enabling verbose gc logging on your activemq its possible > that during these times it just did a big full garbage collection which > would block it and that might indicate some tuning is needed > > > > > b) Mco should exit != 0 when no nodes are found > > I would like to see a "--batch" or "--non-interactive" mode, where > > mco has a exit code different from 0, when no nodes > > are found. > > ok, you can file tickets for this > I haven't setup any mcollective monitoring, Is checking if mco ping works fine enough ? > > c) Add "expected count" to mco command > > I thing there are some situation, where one knows the number of > > MCollective nodes. So what about adding a options > > "--expect-number" option to mco, where I can either give a count or > > range of expected nodes. > > mcollective 1.3.x which will soon become 2.0 have a new mode of > communications > where you can provide it a host list etc and it will bypass discovery, this > is ment to be used for things like deployers where you know what machines > you > wish to affect and it will probably help > Am using the direct addressing stuff and i works just fine - activemq doing long full garbage collections > - network is interrupted after long periods of idle time > - activemq is idle for a long time and was swapped etc > - you have very busy machines that do not respond at all - unlikely in > your case > > there are probably other reasons too but these are the rough likely causes. > Amazon has a pretty aggressive idle connection timeout though so you might > enable registration just to keep the stomp connections from being idle too > long > Mine is a data centre setup, this is my first experience with message brokers so can i get some ideas in fine tuning activemq or ll using rabbitmq solve any of the problems? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VRlFkZKguGcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to query yaml file with hiera function.
> > <%= scope.function_hiera([cluster['port']]) %> > using the var name or the string direclty wont work... <%= scope.function_hiera([var['port']]) %> evelio -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/5mutU_BrJAEJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Help writing a custom fact
Answering the requirement you could do something like. Facter.add("websites_number") do setcode do websites = %x{/bin/ls $websitesdir}.split("\n") 0.upto(websites - 1).each do |n| Facter.add("website_#{n}") do setcode do websites[n] end end websites.size end end On Mon, Nov 26, 2012 at 2:48 AM, Michael Stahnke wrote: > On Sun, Nov 25, 2012 at 11:00 PM, Walter Heck > wrote: > > I think you might be using the wrong tool for the job, but we need a > > little bit more information to determine that: What do you want to do > > with these facts once you have them in puppet? > > > > If you are managing websites with puppet, you should probably manage > > the folders themselves with puppet, removing your need for the fact. > > > > cheers, > > > > Walter > > > > On Sun, Nov 25, 2012 at 10:16 PM, frap wrote: > >> I'm trying to write a custom fact for Puppet, but I have next to no Ruby > >> experience. I think what I'm trying to do is straightforward, but > because of > >> Facter's key => value pairs model, it's kind of difficult. > > Could you do something like website_count => ? Then you might not > need to list them out. Either way, you can comma separate strings and > use things like split in Puppet (and maybe stdlib) to do some things. > I used dozens of custom facts in my environment in the past, so I > can't tell you if this is *wrong* way per say. It's a way. Go for it > until you find something better. > > Also note, if you're not really into writing ruby facts, you could use > something in facts.d that is provided via stdlib. That just reads > values from files. You could write your fact in whatever language you > want, run it in cron or something and then have it dump results from > /etc/facter/facts.d or /etc/puppetlabs/facter/facts.d. > > stdlib: http://forge.puppetlabs.com/puppetlabs/stdlib > > >> > >> Each hosts I want the fact for has websites in /var/www/html/ - I want > to be > >> able to do the following: > >> > >> Have a fact called "websites" that will tell me how many folders there > are > >> under /var/www/html > >> > >> Have a list of facts called website_1, website_2, website_3 which will > tell > >> me the names of these sites. Either that or have an array (if that's > even > >> possible) called website_names which will then list all the websites > under > >> that key. > >> > >> If possible, I'd like the fact to be able to figure out how many > websites > >> there are with the original "websites" fact and limit the number of > websites > >> underneath. > >> > >> Any help gratefully appreciated. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To view this discussion on the web visit > >> https://groups.google.com/d/msg/puppet-users/-/XBkAAkifbZ4J. > >> To post to this group, send email to puppet-users@googlegroups.com. > >> To unsubscribe from this group, send email to > >> puppet-users+unsubscr...@googlegroups.com. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > -- > > Walter Heck > > > > -- > > Check out my startup: Puppet training and consulting @ > http://www.olindata.com > > Follow @olindata on Twitter and/or 'Like' our Facebook page at > > http://www.facebook.com/olindata > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To post to this group, send email to puppet-users@googlegroups.com. > > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how to query yaml file with hiera function.
> Hi, > > 2012/11/23 Evelio VILA > > >> Hi guys, >> >> i have a hiera.yaml config file like this: >> >> --- >> :hierarchy: >> - %{env}/%{tmp_module_name} >> - %{env}/%{tmp_module_name}.common >> :backends: >> - yaml >> :yaml: >> :datadir: '/etc/puppet/hieradata' >> >> >> I also have a test/some_module.yaml file like this: >> >> --- >> db: >> root: pass >> port: '3306' >> >> >> I am also using the hiera function from a template like this >> >> class.pp >> $::class::var='db' >> >> template.erb >> <%= scope.function_hiera([var]) %> > > > Try this: <%= scope.function_hiera([var['root']]) %> > Thanks Dominik but that wont work neither, already tried that :( on the agent: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template module/template.erb: Filepath: /usr/lib/ruby/vendor_ruby/hiera_puppet.rb Line: 16 Detail: Could not find data item in any Hiera data file and no default supplied at /etc/puppet/modules/module/manifests/create_data.pp:8 on node X warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run on the master: hiera(): Looking up in YAML backend : hiera(): Looking for data source env/module : hiera(): Looking for data source env/module.common : hiera(): Looking for data source module.common : hiera(): Looking for data source common : Failed to parse template module/template.erb: : Filepath: /usr/lib/ruby/vendor_ruby/hiera_puppet.rb : Line: 16 : Detail: Could not find data item in any Hiera data file and no default supplied : at /etc/puppet/modules/module/manifests/create_data.pp:8 on node X : Failed to parse template module/template.erb: : Filepath: /usr/lib/ruby/vendor_ruby/hiera_puppet.rb : Line: 16 : Detail: Could not find data item in any Hiera data file and no default supplied : at /etc/puppet/modules/module/manifests/create_data.pp:8 on node X : Failed to parse template module/template.erb: : Filepath: /usr/lib/ruby/vendor_ruby/hiera_puppet.rb : Line: 16 : Detail: Could not find data item in any Hiera data file and no default supplied : at /etc/puppet/modules/module/manifests/create_data.pp:8 on node X : Handling request: PUT /production/report/X here is my func: <%= scope.function_hiera([cluster['port']]) %> yaml file: --- cluster: root: pass port: '9938' thanks in advance.. evelio -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bzHviZ2FGQIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] how to refresh mount point through puppet?
HI, I am new here.and I have a request to refresh the mount point through puppet for 1000+ servers. per the native mount type, it seems that it only use 'umount' command , but I want to use 'umount -l' on Linux and 'umount -f' on Solaris and AIx. zxhu@vlsh-puppet1:/var/log$ sudo puppet agent --server=vlsh-puppet1 --no-daemonize --verbose --onetime info: Caching catalog for vlsh-puppet1 info: Applying configuration version '1353918009' err: /Stage[main]/Sudo/Mount[/home/xinghui]/ensure: change from ghost to absent failed: Execution of '/bin/umount /home/xinghui' returned 1: umount: /home/xinghui: device is busy umount: /home/xinghui: device is busy any suggest is appreciated. Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/L7nBPPyOD54J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.