Re: [Puppet Users] /etc/ssh/ssh_known_hosts not world readable when using sshkey resource
Thank you for your answer and the link to the current issue,
The solution you offered is what I am currently doing,
Thanks again,
On Monday, December 3, 2012 12:31:45 AM UTC+1, Stefan Schulte wrote:
>
> On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote:
> > When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts
> > file, but it is not world reable.
> >
> > According to the ssh man page,
> >
> > /etc/ssh/ssh_known_hosts
> > > Systemwide list of known host keys. This file should be
> > > prepared by the system administrator to contain the public host keys
> of all
> > > machines in the organization. It should be world-readable. See
> sshd(8)
> > > for further details of the format of this file.
> > >
> >
> > Is there any specific reason why when Puppet generates it it is only
> user
> > (root) Readable and Writable ? Security maybe ?
> >
>
> No it is a bug http://projects.puppetlabs.com/issues/2014 that happens
> when the file was not present before and the sshkey provider needs to
> create it first.
>
> You can use a file resource to actually set the correct permissions,
> like
>
> file { '/etc/ssh/ssh_known_hosts':
> ensure => file,
> owner => 'root',
> group => 'root',
> mode => '0644',
> }
>
> Now the owner/group/mode are controlled with your file resource while
> the actual content is controlled by your sshkey resources.
>
> -Stefan
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/O87Np-m-1lkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Roles, Profiles and Application Specific Needs
I'ven been learning puppet over the last 2 weeks and the one thing I've come to realize is there is a completely different way of thinking that I've normally been accustomed to. I've been trying to absorb as much knowledge as possible on how I should think about organizing our infrastructure. One of the resources I've come across was this article http://www.craigdunn.org/2012/05/239/ talking about roles and profiles. I definitely like this way of thinking so I've been trying to massage it into our specific needs. I have a few questions regarding this "pattern". Now I understand the smaller, simpler aspects of setting up roles and profiles for our system.. ie, nagios, ntp, networking etc, but it starts to break down when I try to model our application needs. Our application is a Ruby on Rails application that runs within a Unicorn server with ngninx sitting in front of it. Our application also requires the correct mounting of a NFS filer before its able to start. We also have custom nagios checks for this application as well as checking that our mounts are correctly configured. Using the above pattern of roles and profiles how could I model this? This is what I have so far: https://gist.github.com/4192914. Now I'm kind of lost and I have a bunch of questions: - Should I move the RVM logic out of webapp profile, push it down further into the company_application module, or leave it where it is? - What profile and/or module should be responsible for checking out the code from git? The webapp profile, company_application::install.pp or somewhere else? - Who should be responsible for the mounting? Module, push it down into company_application or leave it at the profile level? - Who should be responsible for the custom nagios checks? Module, push it down into company_application or leave it at the profile level? Anything else you can recommend? Any input is greatly appreciated. Thanks! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] hiera default values for a variable
Hi everyone, I currently have a giant file with default variables I use in a lot of my modules and I override those at the node level if I need to. I thought I would give porting that data into a hiera setup. I worked out how to specify my data sources and started to make a go at moving some of my variables in the default data file. I thought heira would be smart and set a variable to undef if it couldn't find it but that doesn't seem to be the case. (unless I missed something in the rather sparse documentation) Is there a way of telling it to do this? I was also trying to work out how I automagically get my parametized classed to pull in vars from hiera. (The docs on that don't tell me much either.) Can anyone tall me how that works? Or do I have to use the hiera functions which isn't automagical in my book. My current variables are set with a default value in my main file and then I override those at the node level if I need to (so kind of the same way hiera does it anyway) So given all of that I can't see any reason to switch to using heira because my current setup works as-is (my variable file is getting pretty huge anyway but that isn't going to change with heira if it won't set a var to undef). What are the benefits or using an external source for variables instead of sticking them in my node definitions (which seems like it would be faster because it doesn't have to use an external source)? Thanks in advance. Pete. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Solaris processor count facts - bug or feature?
On Tuesday, November 20, 2012 12:02:21 PM UTC+11, Alex Harvey wrote: > > Hi all, > > This relates to a discussion we are having in the Redmine ticket > https://projects.puppetlabs.com/issues/11612. > > I am extending the processorcount, physicalprocessorcount and processorX > facts that exist for Linux and Solaris. > > I personally find the behaviour of the processor facts on Solaris > surprising - > > myhost# facter |grep proc > physicalprocessorcount => 1 > processor0 => SPARC64-VII > processor1 => SPARC64-VII > processor2 => SPARC64-VII > processor3 => SPARC64-VII > processor4 => SPARC64-VII > processor5 => SPARC64-VII > processor6 => SPARC64-VII > processor7 => SPARC64-VII > processorcount => 4 > > > We can see that physicalprocessorcount is returning the number of physical > CPUs which is good, the processorX array is getting populated with virtual > CPUs, and processorcount is returning the number of cores. The command > used to set processorcount is essentially kstat cpu_info |grep core_id > |sort -u. > > However, I suspect Solaris sysadmins are more familiar with using commands > like psrinfo, prtdiag, and mpstat to get CPU count, and these all report > the number of CPUs as 8 rather than 4. > > If I was writing this from scratch I would have a fact called something > like ProcessorCoreCount and have that report 4 and then a separate fact > ProcessorCount that would report 8 - as psrinfo is doing. > > Therefore I am interested to know if others out there regard this > behaviour as a 'bug or feature', and also get some feedback on how people > are using these facts out there. > There were no responses here - I'd like to bump this up for a second go at getting some responses. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/tD9YuRt9PWcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is new puppet node compatible with old puppetmaster ?
No newer masters support older methods for a catalog. Newer agents will use newer methods. master >= agent == fine master < agent == borked On Mon, Dec 3, 2012 at 12:00 PM, Walter Heck wrote: > Actually, isn't it the other way around? Newer agents will be able to apply > catalogs from older masters. Older agents won't (necessarily) be able to > interpret catalogs from newer masters, right? > > Walter > > > On Thu, Nov 29, 2012 at 5:37 PM, Bernd Adamowicz > wrote: >> >> No. Never have a higher version of Puppet on your agents than on your >> master. >> >> >> >> Bernd >> >> >> >> From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] >> On Behalf Of Balasubramaniam Natarajan >> Sent: Donnerstag, 29. November 2012 16:28 >> To: puppet-users@googlegroups.com >> Subject: [Puppet Users] Is new puppet node compatible with old >> puppetmaster ? >> >> >> >> Hi >> >> Could someone please let me know if newer puppet node version 2.7.xx would >> work with old puppet master running version 2.6 ? >> >> -- >> Regards, >> Balasubramaniam Natarajan >> www.blog.etutorshop.com >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. > > > > > -- > Walter Heck > > -- > Check out my startup: Puppet training and consulting @ > http://www.olindata.com > Follow @olindata on Twitter and/or 'Like' our Facebook page at > http://www.facebook.com/olindata > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Is new puppet node compatible with old puppetmaster ?
Actually, isn't it the other way around? Newer agents will be able to apply catalogs from older masters. Older agents won't (necessarily) be able to interpret catalogs from newer masters, right? Walter On Thu, Nov 29, 2012 at 5:37 PM, Bernd Adamowicz < bernd.adamow...@esailors.de> wrote: > No. Never have a higher version of Puppet on your agents than on your > master. > > ** ** > > Bernd > > ** ** > > *From:* puppet-users@googlegroups.com [mailto: > puppet-users@googlegroups.com] *On Behalf Of *Balasubramaniam Natarajan > *Sent:* Donnerstag, 29. November 2012 16:28 > *To:* puppet-users@googlegroups.com > *Subject:* [Puppet Users] Is new puppet node compatible with old > puppetmaster ? > > ** ** > > Hi > > Could someone please let me know if newer puppet node version 2.7.xx would > work with old puppet master running version 2.6 ? > > -- > Regards, > Balasubramaniam Natarajan > www.blog.etutorshop.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Walter Heck -- Check out my startup: Puppet training and consulting @ http://www.olindata.com Follow @olindata on Twitter and/or 'Like' our Facebook page at http://www.facebook.com/olindata -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Environmets doesnt work on Puppet 2.7
I have seen this happen when a module exists in an environment and not in the main modulepath. Try copying it there, that might solve your problem. Walter On Thu, Nov 29, 2012 at 5:02 PM, Fran Rodríguez wrote: > Hi group, > > I got a problem with environments, im getting this erros from the client: > > Could not retrieve catalog from remote server: Error 400 on SERVER: > Failed to parse template ssh/retrieve_priv_key.erb: cannot find key > directory: /etc/puppet/environments/production/modules/ssh/private_keys at > /etc/puppet/environments/development/modules/ssh/manifests/init.pp:91 > > I dont know what is happening because it works before. My puppet.conf on > master is this: > > [main] > logdir = /var/log/puppet > vardir = /var/lib/puppet > ssldir = /var/lib/puppet/ssl > rundir = /var/run/puppet > factpath = $vardir/lib/facter > templatedir = $confdir/templates > server = puppetserver.in.rentalia.com > environment = production > > prerun_command = /etc/puppet/etckeeper-commit-pre > postrun_command = /etc/puppet/etckeeper-commit-post > > [master] > manifest = $confdir/environments/$environment/manifests/site.pp > modulepath = $confdir/environments/$environment/modules > > # These are needed when the puppetmaster is run by passenger > # and can safely be removed if webrick is used. > ssl_client_header = SSL_CLIENT_S_DN > ssl_client_verify_header = SSL_CLIENT_VERIFY > > storeconfigs = true > dbadapter = mysql > dbname = puppetdb > dbuser = puppet > dbpassword = hola > dbserver = localhost > dbsocket = /var/run/mysqld/mysqld.sock > > reports = log, foreman > > [agent] > environment = production > report = true > pluginsync = true > show_diff = true > > Anybody knows what happen?¿ > > Cheers from Madrid > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/LWeA0-guQDYJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- Walter Heck -- Check out my startup: Puppet training and consulting @ http://www.olindata.com Follow @olindata on Twitter and/or 'Like' our Facebook page at http://www.facebook.com/olindata -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] /etc/ssh/ssh_known_hosts not world readable when using sshkey resource
On Sat, Dec 01, 2012 at 09:58:43AM -0800, Yanis Guenane wrote:
> When I apply a sshkey resource I do obtain the /etc/ssh/ssh_known_hosts
> file, but it is not world reable.
>
> According to the ssh man page,
>
> /etc/ssh/ssh_known_hosts
> > Systemwide list of known host keys. This file should be
> > prepared by the system administrator to contain the public host keys of all
> > machines in the organization. It should be world-readable. See sshd(8)
> > for further details of the format of this file.
> >
>
> Is there any specific reason why when Puppet generates it it is only user
> (root) Readable and Writable ? Security maybe ?
>
No it is a bug http://projects.puppetlabs.com/issues/2014 that happens
when the file was not present before and the sshkey provider needs to
create it first.
You can use a file resource to actually set the correct permissions,
like
file { '/etc/ssh/ssh_known_hosts':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
}
Now the owner/group/mode are controlled with your file resource while
the actual content is controlled by your sshkey resources.
-Stefan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Apply created class on node
On 12/01/2012 06:41 PM, Kazor wrote: [root@master users]# puppet apply --noop run/init.pp /Stage[main]/Users/User[pam]/ensure: current_value absent, should be present (noop) Class[Users]: Would have triggered 'refresh' from 1 events Stage[main]: Would have triggered 'refresh' from 1 events Finished catalog run in 0.03 seconds _I check class from agent but is not created*_ _ _ [root@nodo1 ~]# puppet agent --server=master.example.com --no-daemonize --verbose --onetime Info: Retrieving plugin Info: Caching catalog for nodo1.example.com Info: Applying configuration version '1353235323' Finished catalog run in 0.02 seconds It seems as if your class "users" is not included in your node definition, or the resource is already applied. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to do release managment integration with puppet?
On 12/02/2012 02:51 PM, j4m3s wrote: I run a small startup offering a SAAS application (cloud based, no local servers at all). We have always tried to "do things right" so that we can scale - and my view is (happy to be challenged) that our application stack should absolutely be managed just as any other part of the configuration. We package our software components using "system packages" (deb files on ubuntu in our case). There was a time when we created the debs manually, but our software build process does them automatically now using git-buildpackage. the Continuous Integration server gets the latest changes from source control, tests them and creates the debs. deb packages handle versions, so if we want we can specify that one part of the app depends on a particular version of another part. As far as possible though we try to release the application stack as a whole so we avoid untested combinations. (this is a key recommendation of "the" Continuous Delivery book by the thoughtworks guys). The version numbers of the packages in the different environments is managed by puppet, using hiera. The contents of the config files are also managed by puppet (again using hiera). As far as I can tell this is the perfect scenario - I'm really interested to know what problem Noah is referring to/ trying to solve (we haven't found it yet). If we need more capacity, we build another prod app server or db server etc. The app layers support dynamic load balancing - e.g. app servers automatically register themselves with the web server pool when they start-up. The web-servers automatically register with the load balancer etc. Being open with you, we could probably manage without all of this (for now) - we haven't achieved the scale to need most of it yet. But having it like this means we spend much much less time worrying about environments and software releases and more time getting the software right for the users. I'd love to hear what problems we're heading for that this setup can't cope with, so we can change course if necessary. Excellent post James! That's the way to do it. -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Hiera tool and hiera-puppet returns different data
wrong.
Thanks to reidmv and Volcane from #puppet @freenode for explaining this to
me.
There is no easy way to use hiera_hash() or hiera_array() using the
built-on hiera() lookup.
The easiest workaround in my case is to do something like this:
# class
class foo(
$configuration = hiera_array('foo::conf', undef)
) {...}
# template
<% configuration.each do |item| -%>
<%= item %>
<% end -%>
# cat nodes/node1.example.local.yaml:
foo::conf:
- 'node_specific = foo'
- 'node_specific2 = foo2'
# cat common.yaml:
foo::conf:
- 'common = foo'
- 'common2 = foo2'
On Sunday, 2 December 2012 21:03:49 UTC, Vaidas Jablonskis wrote:
>
> See my issue report, I updated it with my finding. It seems to be a bug.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/49e8Z2cZLsgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Hiera tool and hiera-puppet returns different data
See my issue report, I updated it with my finding. It seems to be a bug. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/QHF75o_kCMIJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: manage ssh keys sets
Hi all, simple custom function solved my problem with granting access. I shared code at http://forge.puppetlabs.com/bazilek/ssh_key_groups On Wed, Oct 24, 2012 at 7:01 PM, Vasil Mikhalenya wrote: > Hi all, > > please, advice me best solution to manage ssh keys in my situation: > > there are about 5 sets of public keys that can be crossed > userN is a public key in file userN.pub on puppet master > > set1: user1 user2 .. user10 > > set2: user2 user3 .. user6 > .. > set5: user6 user10 > > > What is the right way to maintain groups ( sets ) easily? I use user > creation wrapper and I want to specify key_set => set1 in wrapper > parametres in manifest. > > -- > Best regards, > Vasil Mikhalenya > -- Best regards, Vasil Mikhalenya -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Hiera tool and hiera-puppet returns different data
Opened up an issue report: http://projects.puppetlabs.com/issues/17896 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/a96yvzSdAWYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Are these the same?
On 2012-01-12 24:25, Jakov Sosic wrote:
On 11/30/2012 11:48 PM, Johan De Wit wrote:
Thy both includes the class, but require adds a dependency to the
included class.
from the docs :
This function is a superset of the ‘include’ function, adding a class
relationship so that the requiring class depends on the required class.
Grts
What I was interested in is: Does the 'require' enforce order of
execution, so that the required class will be applied before the class
that requires it?
Yes.
require is basically shorthand for
class a {
include x
Class['x'] -> Class['a'] # x before a
}
If the require function makes things difficult, you can manage the
relationship using the ->, <-, <~, ~> operators, or as meta-parameters
in resources (i.e. require => Class['x']).
You can also look at Stages if you like to separate the concerns (some
classes should be after some other classes, but you do not want to
record the exact classes as you may want to change them).
You can create additional stages (there is a main stage by default), and
assign classes to stages.
See more here: http://docs.puppetlabs.com/guides/language_guide.html -
"Run Stages".
Hope that helps.
- henrik
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: Hiera tool and hiera-puppet returns different data
Adding my hiera.yaml content:
# cat /etc/puppet/hiera.yaml
---
:hierarchy:
- %{environment}/nodes/%{fqdn}
- %{environment}/roles/%{role}
- %{environment}/common
:backends:
- yaml
#- puppet
:yaml:
:datadir: '/etc/puppet/hieradata'
:puppet:
:datasource: 'data'
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/qn5U7yIuubgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Hiera tool and hiera-puppet returns different data
Hi People,
I came across an issue where hiera command line tool returns a different
data to what puppet3.0 builtin hiera does.
When I say different data, I mean hiera tool returns an array of items
collected throughout the hierarchy, while hiera_array() called from within
a manifest returns an array of items from the very top level of hierarchy.
Here is my setup example:
-
node1.example.local.yaml:
foo::conf:
- 'node_specific = foo'
- 'node_specific2 = foo2'
common.yaml:
foo::conf:
- 'common = foo'
- 'common2 = foo2'
-
That's what I get by running hiera tool on the puppet master:
# hiera -c /etc/puppet/hiera.yaml -a foo::conf environment='development'
fqdn='node1.example.local'
["node_specific = foo", "node_specific2 = foo2", "common = foo", "common2 =
foo2"]
>From within the manifest, I use as a parameter:
$conf = hiera_array('foo::conf')
and then I have a template which creates a file on a node:
<% conf.each do |item| -%>
<%= item %>
<% end -%>
.. so what this template create is the following content of a file on node1:
node_specific = foo
node_specific2 = foo2
The node is in development environment.
What am I doing wrong? Is this some kind of bug or intentional behavior of
puppet and hiera?
Thanks,
Vaidas
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/PgUdDVAFw9kJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] puppet.conf questiosn
On Fri, 2012-11-30 at 06:06 -0800, Ugo Bellavance wrote: > On Sunday, November 25, 2012 9:07:54 PM UTC-5, Ryan Coleman wrote: > > On Sun, Nov 25, 2012 at 10:22 AM, Ugo Bellavance > > > > > wrote: > > > >> Hi, > >> > >> I have 2 questions regarding puppet.conf file: > >> > >> > >>1. What should I do to use puppet to deploy puppet.conf files? I have > >>only one puppetmaster, but I was wondering if I should push the same > >> file > >>on all my hosts (including the puppetmaster) or should I have a file > >>specifically for puppetmaster. I want to push puppet.conf file because > >> I > >>want to set reporting on on clients, mostly. > > My original question was more: can I have the same puppet.conf for nodes > that simple agents and for my puppetmaster? Yes, you can. The agents will simply ignore any master-specific configuration options present in the puppet.conf file. On my system, I've actually configured the puppet master to use a separate configuration file from the puppet agents. You can do this fairly easily by editing the init script (on debian/ubuntu you can do this in /etc/defaults/puppetmaster) to pass "--config_file_name=puppetmaster" when starting the master process. -- Calvin Walton smime.p7s Description: S/MIME cryptographic signature
[Puppet Users] Re: How to do release managment integration with puppet?
I run a small startup offering a SAAS application (cloud based, no local servers at all). We have always tried to "do things right" so that we can scale - and my view is (happy to be challenged) that our application stack should absolutely be managed just as any other part of the configuration. We package our software components using "system packages" (deb files on ubuntu in our case). There was a time when we created the debs manually, but our software build process does them automatically now using git-buildpackage. the Continuous Integration server gets the latest changes from source control, tests them and creates the debs. deb packages handle versions, so if we want we can specify that one part of the app depends on a particular version of another part. As far as possible though we try to release the application stack as a whole so we avoid untested combinations. (this is a key recommendation of "the" Continuous Delivery book by the thoughtworks guys). The version numbers of the packages in the different environments is managed by puppet, using hiera. The contents of the config files are also managed by puppet (again using hiera). As far as I can tell this is the perfect scenario - I'm really interested to know what problem Noah is referring to/ trying to solve (we haven't found it yet). If we need more capacity, we build another prod app server or db server etc. The app layers support dynamic load balancing - e.g. app servers automatically register themselves with the web server pool when they start-up. The web-servers automatically register with the load balancer etc. Being open with you, we could probably manage without all of this (for now) - we haven't achieved the scale to need most of it yet. But having it like this means we spend much much less time worrying about environments and software releases and more time getting the software right for the users. I'd love to hear what problems we're heading for that this setup can't cope with, so we can change course if necessary. Regards, James. On Saturday, December 1, 2012 10:46:06 PM UTC, Nick Cammorato wrote: > > Right now we're deploying via cap and something custom and part of the > deployment is a config yaml file which puppet parses via facter in order to > determine how to do the OS/middleware config. It works fairly well, but it > feels kludgy to do it this way. > > I've been wanting to cook something up like what it sounds like you want > for a while, since I hate push-based models, and I hate using ssh as a > transport. This means there is almost nothing that makes me happy around > right now. > > The basic idea is to have a web application that handles deployment, > maintains a version to revision database(one of our old systems uses SVN > and does this via tags, which gets, well, bad after a few years), plus > metadata surrounding the release, like configuration information. > Deployment is done by issuing an mcollective command to do a > pull/clone/checkout/update/whatever from a VCS onto the target server. > Config information is transferred into puppet via the master over REST > from the deployment server using the ruby DSL, with everything stored in > one big hash. You would require that module and then use those variables > in your own modules, with a sanity check to verify the code actually > updated. > > > On Friday, November 30, 2012 12:37:11 PM UTC-5, Schofield wrote: >> >> I am at the beginning of merging the traditional OS/Middleware update >> process with application development release process. The goal is to be >> able to test a complete versioned OS/Middleware/Application stack as it >> moves through dev/test/qa/prod environments. The key here is that entire >> stack is labeled under a single version. In other terms, the node and >> everything on it is aligned under a single version. Right now the >> OS/Middleware is managed by puppet. The application release process is >> not. I'm hoping some folks would like to comment on the following >> questions I am pondering. >> >>- How to best version puppet classes and control the classification >>of nodes based on the version of the node? >>- Are there ENC's that integrate with SVN/GIT that make this easy? >>- Should application deployment be brought under the control of >>puppet? >>- If so how do you easily do this without burdening applications >>developers with having to learn something about or have access to puppet? >>- Is there a puppet API that an existing application release >>processes can leverage to trigger OS/Middleware updates when an >> application >>version is updated? >> >> Looking forward to your comments. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/szJxmTB0iyIJ. To post to this group, send
