Re: [Puppet Users] Seeking some Puppet advice for a newbie (specifically Virtualmin/CSF related)
You can actually install in a custom directory and build a package from
that pretty easily. Look at directory provider from
https://github.com/jordansissel/fpm on how to do that. Of course you
will then want to tweak specific configuration options like IP address
through puppet.
Hope that helps :)
Best, Nikola
On Tue, Nov 20, 2012 at 01:44:01AM -0800, Laurence Cope wrote:
Thanks Ilya, I will give this a try.
BUT if I remember correctly, the install process will ask input during the
install, to set some options... can Puppet handle entering options during
installations?
Thanks
On Monday, November 19, 2012 10:15:57 PM UTC, Ilya Dmitrichenko wrote:
Hi,
Yes, you probably want to do something like this:
class virtualmin::install {
$version = '1.2.3-foo'
exec { 'get installer script':
command = 'wget http://software.virtualmin.com/gpl/scripts/install.sh
',
cwd = '/tmp',
creates = '/tmp/install.sh',
}
file { '/tmp/install.sh':
mode = 0755,
# checksum = 'the_checksum_of_that_script_if_you_feed_paranoid'
}
exec { 'install it now':
command = '/tmp/install.sh',
unless = 'test -x /usr/local/virtualmin/bin/foo
/usr/local/virtualmin/bin/foo --version | grep $version',
require = File['/tmp/install.sh'],
}
}
hope this kind of makes sense and please excuse any errors this pseudocode
might give you :)
Cheers,
--
Ilya
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/AxVrJPPnfDgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] sshkey and server with HashKnowHosts set
Hey list, Not sure if something has been posted about it but I didn't find any post after research, I'd like to define an entry in my /etc/ssh/ssh_know_hosts using sshkey resource. After a run it does insert an entry there, but the issue is that I have the HashKnownHosts flag set on my configuration file and that Puppet generate a plain unencrypted entry for the ssh_known_hosts file. So the first time I am trying to connect I still get the Unknown Host message I am trying to avoid. I've been through the sshkey provider code and I can't see nothing that refers to encryption anywhere. Is it possible to do what I am trying ? Should I remove the HashKnownHosts flag from my ssh_config file ? Thanks, -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jCdYhCcJ-E8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Is it possible to run functions at run time ?
Thank you John for the answer, it clarified some doubts I had. On Wednesday, November 28, 2012 3:50:01 PM UTC+1, jcbollinger wrote: On Tuesday, November 27, 2012 4:23:50 PM UTC-6, Yanis Guenane wrote: Within mycon template I have a variable 'test' that depending if the package was installed from source of from the package will have a different path. Issue is that the function get_test_path() seems to be done at compile time, so the first time I run it will always result in an erroneous answer. After a second run it will be fine. To answer the question posed by the thread subject, no, it is not possible to make puppet functions be evaluated by the puppet agent during catalog application. They are always evaluated by the master during catalog compilation. Any dynamic behavior you want to happen on the agent side must be performed by your resources. Often you don't actually need agent-side dynamism beyond what Puppet already provides, but when you do, you generally need either to use an Exec resource, or to write a custom provider for an existing resource type, or to write a whole custom type / provider pair. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KdHb0O_4OhgJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Status of STONITH support in the puppetlabs corosync module?
You should be able to rig something up using the existing cs_primitive,
cs_clone and cs_property provider/types, although I've avoided doing this
as it worries me. The problem as far as I can tell is that cs_primitive
assumes a provider, primitive class, and primitive type, and stonith
resource primitives lack the provider. You'd need to modify
cs_primitive(particularly the flush section) to allow a 0 length or nil
provided_by value, and then could do the following.
IE (from the cluster labs CRM fencing
example: http://clusterlabs.org/doc/crm_fencing.html )
cs_primitive { 'dummy-stonith'': primitive_class = 'stonith',
primitive_type = 'null', params = { 'hostlist' = 'node1 node2' } }
cs_clone { 'fencing': primitive = 'dummy-stonith' }
Which should translate to:
crm configure primitive dummy-stonith stonith:null params hostlist=node1
node2
crm configure clone fencing dummy-stonith
And then of course set your properties.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/_ElTvDlGW9oJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] /etc/ssh/ssh_known_hosts not world readable when using sshkey resource
When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts file, but it is not world reable. According to the ssh man page, /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. It should be world-readable. See sshd(8) for further details of the format of this file. Is there any specific reason why when Puppet generates it it is only user (root) Readable and Writable ? Security maybe ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/N-gOMHACQlQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Apparent problem with resource ordering using Puppetlabs Corosync module (does not bring up HA resources in correct order when configured to do so)
Which puppetlabs-corosync are you using? There are 19 forks of it last I
checked(including one by me for my own needs surrounding DRBD which is now
horribly out of date).
I would change this:
cs_order { 'jboss_ip_before_jboss':
first = 'applayer_ip',
second = 'applayer_jboss',
require = Cs_colocation['jboss_with_ip'],
}
to
cs_order { 'jboss_ip_before_jboss':
first = 'applayer_ip',
second = 'applayer_jboss',
score = 'INFINITY',
require = Cs_primitive['applayer_ip','applayer_jboss'],
}
and
cs_colocation { 'jboss_with_ip':
primitives = [ 'applayer_ip', 'applayer_jboss' ],
require = Cs_primitive['applayer_ip','applayer_jboss'],
}
as autorequires were very, very dicey when I mucked with the module.
Ignore this if they work now.
Also - make sure you're not setting up the IP or the service anywhere else
as corosync should be managing it.
Outside of puppet, are you sure IPaddr2 is the right primitive_class? Can
we get the output of a crm configure show, and if it's missing the
primitive if it takes:
crm configure primitive applayer_ip ocf:heartbeat:IPaddr2 params
ip=whatever cidr_netmask=whatever
because I suspect that's the problem.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/tzNfECQp_LcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] puppetlabs-firewall source array not working as expected
In puppetlabs-firewall it appears that you can provide an array of source
ips as defined in types/firewall.rb (desc: An array of source
addresses).
However, when I pass in an array of source addresses, it only applies the
first address to the ruleset.
eg:
firewall { '100 allow web':
dport = '8080',
source = ['10.0.0.1', '10.0.0.2'],
action = 'accept'
}
If I were to apply that definition above, only the 10.0.0.1 rule would be
applied.
Is this an error in my assumptions about what it means to accept an array
of source addresses? The example giving was source = '192.168.2.0/24',
which is a CIDR block, not an array. So, perhaps this is just strange
wording in the code?
This feature would be a great one to have for our workflow.
Anyone have any ideas on work arounds? How do others manage complex
firewall rules in puppet without a giant node declaration.
Thanks.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FEhD6P5KsA4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to do release managment integration with puppet?
On 30 November 2012 23:02, Craig White craig.wh...@ttiltd.com wrote: On Nov 30, 2012, at 10:37 AM, Schofield wrote: I am at the beginning of merging the traditional OS/Middleware update process with application development release process. The goal is to be able to test a complete versioned OS/Middleware/Application stack as it moves through dev/test/qa/prod environments. The key here is that entire stack is labeled under a single version. In other terms, the node and everything on it is aligned under a single version. Right now the OS/Middleware is managed by puppet. The application release process is not. I'm hoping some folks would like to comment on the following questions I am pondering. • How to best version puppet classes and control the classification of nodes based on the version of the node? • Are there ENC's that integrate with SVN/GIT that make this easy? • Should application deployment be brought under the control of puppet? • If so how do you easily do this without burdening applications developers with having to learn something about or have access to puppet? • Is there a puppet API that an existing application release processes can leverage to trigger OS/Middleware updates when an application version is updated? Looking forward to your comments. I think the general consensus is that puppet is less than optimal for most software deployments and there are better tools for the job (for example, we use capistrano here). I'm not sure 'general consensus' is really true, I think it depends, in particular on size of stack. Capistrano is incredibly easy to get started with but has negatives too (like being push based, often installing/compiling dependencies per machine, not being able to specify broader version dependencies like on the database server) Puppet is more of a configuration management tool and I suspect that even if you could shoehorn your software deployment needs into something that puppet could manage, it would probably be slow and confusing. Here's a question. Would you define a puppet module for Graphite? Graphite turns out to be a Django base web application. Would you use Capistrano to deploy Graphite? If your own applications were Django based would you use Cap? Not quite as simple I feel. Replying the the original points separately too. G As for ENC's and 'developer' access, I use foreman (http://theforeman.org) to provide 'other' user access and I can contain their rights/access within foreman and yet still, allow them to say install NGINX (with all of it's pre-requisite packages) from a web based GUI. Again, seriously look at capistrano for handling software deployments and I'm sure that there's others that can do the job too. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to do release managment integration with puppet?
On 30 November 2012 17:37, Schofield dbschofi...@gmail.com wrote: I am at the beginning of merging the traditional OS/Middleware update process with application development release process. The goal is to be able to test a complete versioned OS/Middleware/Application stack as it moves through dev/test/qa/prod environments. The key here is that entire stack is labeled under a single version. In other terms, the node and everything on it is aligned under a single version. Right now the OS/Middleware is managed by puppet. The application release process is not. I'm hoping some folks would like to comment on the following questions I am pondering. How to best version puppet classes and control the classification of nodes based on the version of the node? Although I've not done it myself I've seen people use Puppet environments for versioning. You can also use environment variables on the nodes to help with classification. Are there ENC's that integrate with SVN/GIT that make this easy? Should application deployment be brought under the control of puppet? If so how do you easily do this without burdening applications developers with having to learn something about or have access to puppet? The vcsrepo module (https://forge.puppetlabs.com/puppetlabs/vcsrepo) supports defining git/bzr/svn checkouts, but another approach would be to package your applications up as system packages (debs for debian/ubuntu, rpms for redhat/centos). This has a number of nice advantages, including making managing the application version just a matter of defining a package resource in puppet. Is there a puppet API that an existing application release processes can leverage to trigger OS/Middleware updates when an application version is updated? So, assuming you do package your applications up as system packages as described then triggering updates to supporting components could be done in the package dependencies, or it could be done with Puppet requires, assuming the dependencies are on the same node. Cross node dependencies are harder however. Some ideas for that thorny problem: https://github.com/jamtur01/puppet-noah/ http://www.slideshare.net/lusis/beyond-the-node-arkestration-with-noah G Looking forward to your comments. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vAGrAj_5qpUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Puppet fails but succeeds on the 2nd attempt
I have installed two modules under $confdir/modules: erwbgy's system module (which depends on augeasproviders) and augeasproviders I have a hiera entry: system::sshd: Banner: value: /etc/issue.net When I do the first puppet agent --test run, it always fails with following error: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not autoload puppet/type/sshd_config: Could not autoload puppet/provider/sshd_config/augeas: no such file to load -- augeasproviders/provider on node ip-10-28-37-186.ec2.internal Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run However, I run puppet agent --test again and it always works. This pattern repeats anytime there was a puppet run failure for any reason (like syntax error in one of the unrelated manifests files). I do have pluginsync=true in agent's /etc/puppet/puppet.conf file. Not sure what I need to do fix this. Any pointers appreciated. Rajul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/tMSl2OJh_rsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Apply created class on node
Hello Guys,
I'm beginning use puppet (v.3.0.1) in OS Linux (Centos) , I have simple
question with my configuration . I actually i have puppet-master and
puppet-node in the master have declared the class but these no are applied
in my node (I'm not sure for this point is the correct form for do this)
For example:
*Folder in Master server*
[root@master users]# ls /etc/puppet/modules/users/
manifests/init.pp run/init.pp
*Content master init.pp*
[root@master manifests]# cat init.pp
class users {
user { 'pam':
ensure = present,
}
}
*Content run init.pp*
*
*
[root@master users]# cat run/init.pp
include users
*Check class from master is ok*
[root@master users]# puppet apply --noop run/init.pp
/Stage[main]/Users/User[pam]/ensure: current_value absent, should be
present (noop)
Class[Users]: Would have triggered 'refresh' from 1 events
Stage[main]: Would have triggered 'refresh' from 1 events
Finished catalog run in 0.03 seconds
*I check class from agent but is not created**
*
*
[root@nodo1 ~]# puppet agent --server=master.example.com --no-daemonize
--verbose --onetime
Info: Retrieving plugin
Info: Caching catalog for nodo1.example.com
Info: Applying configuration version '1353235323'
Finished catalog run in 0.02 seconds
*Really i'm not sure that this is a correct command for this action.
Best regards.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/dK1o00GKG3sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Could not find dependency File[/etc/snmp/snmpd.conf]
Hello I am new to puppet and have installed PE 2.7 and the snmp class from here: https://github.com/paulgear/puppet/blob/master/modules/snmp/manifests/init.pp So far, I have got through a few errors but cannot figure out what is still wrong. I get an error from the puppet agent: Failed to apply catalog: Could not find dependency File[/etc/snmp/snmpd.conf] for Service[snmpd] at /etc/puppetlabs/puppet/modules/snmp/manifests/init.pp:25 Why is the puppet agent unable to find this file? Is this possibly an older class not designed for PE 2.7? Thank you Adrian -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/D2BHW1qYOzkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Thu Nov 29 10:17:51 +0000 2012 Puppet (err): Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for XXX to PuppetDB at
If Iam right, puppet usually sends certs with its name $ssldir/certs/node.pem and uses private key $ssldir/private_keys/node.pem But now how it uses $ssldir/certs/ca.pem and correctly uses private key $ssldir/private_keys/ca_server.pem ? And Am I right that puppetdb requires ca.pem signed by private key of ca during fetch/replace request? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: How to do release managment integration with puppet?
Right now we're deploying via cap and something custom and part of the deployment is a config yaml file which puppet parses via facter in order to determine how to do the OS/middleware config. It works fairly well, but it feels kludgy to do it this way. I've been wanting to cook something up like what it sounds like you want for a while, since I hate push-based models, and I hate using ssh as a transport. This means there is almost nothing that makes me happy around right now. The basic idea is to have a web application that handles deployment, maintains a version to revision database(one of our old systems uses SVN and does this via tags, which gets, well, bad after a few years), plus metadata surrounding the release, like configuration information. Deployment is done by issuing an mcollective command to do a pull/clone/checkout/update/whatever from a VCS onto the target server. Config information is transferred into puppet via the master over REST from the deployment server using the ruby DSL, with everything stored in one big hash. You would require that module and then use those variables in your own modules, with a sanity check to verify the code actually updated. On Friday, November 30, 2012 12:37:11 PM UTC-5, Schofield wrote: I am at the beginning of merging the traditional OS/Middleware update process with application development release process. The goal is to be able to test a complete versioned OS/Middleware/Application stack as it moves through dev/test/qa/prod environments. The key here is that entire stack is labeled under a single version. In other terms, the node and everything on it is aligned under a single version. Right now the OS/Middleware is managed by puppet. The application release process is not. I'm hoping some folks would like to comment on the following questions I am pondering. - How to best version puppet classes and control the classification of nodes based on the version of the node? - Are there ENC's that integrate with SVN/GIT that make this easy? - Should application deployment be brought under the control of puppet? - If so how do you easily do this without burdening applications developers with having to learn something about or have access to puppet? - Is there a puppet API that an existing application release processes can leverage to trigger OS/Middleware updates when an application version is updated? Looking forward to your comments. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/481nwg4Grc0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Managing puppet as Application software management
Hi, using puppet can i manage application packages, for example if some application user want to install his application package, is it possible to maintain that package using puppet ? like opsware do ? Regards, Dha -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Qsd-H_T70vYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
