Re: [Puppet Users] ensuring consistency in package versions

2012-12-10 Thread David Schmitt 

Hi James,


On 11.12.2012 05:41, James Gray wrote:

Now, let's imagine I need to spin up another server to meet some load
but when I do so I find that package y has had a security fix



What sort of solutions are people using to get round this?


You'll have to start managing versions. One way or the other. Client 
side there's apt's pinning, yum probably has some plugin to do so. 
Server side you can use a custom repo or puppet packages's ensure => 
version.



Another solution might be to have my own package repository
containing just the packages I have tested against and only install
from there but that means another bit of infrastructure to look after
and manage, which I'd like to avoid if at all possible.


For any significant amount of machines and packages, you'll really want 
to look into hosting that repo yourself. That way you can


  * stage security and other updates
  * keep most control over package versions with the least
per-node overhead
  * keep installs repeatable



Best Regards, David




--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] ensuring consistency in package versions

2012-12-10 Thread James Gray 
Hi all,

I would appreciate your help clarifying my thinking around the following 
problem.

Let's say I have a third-party (one that I didn't write) package x which 
depends on a package y.

Package x is installed somewhere and is working fine against package y (as 
in package x has been QA'ed and verified to work against package y).

Now, let's imagine I need to spin up another server to meet some load but 
when I do so I find that package y has had a security fix that has caused a 
problem in package x.
This is probably a bit of contrived case but could at least happen in 
theory. Normally, I'd want to test the fix out before I put it live but in 
this case because I had to spin a
server to meet some load this wasn't possible and as such my package 
versions has skewed between my old and new servers.

The obvious solution to this would be to manage package versions explicitly 
but is likely to become cumbersome quite quickly especially since I may not 
even be managing
package y in my manifests explicitly.

Another solution might be to have my own package repository containing just 
the packages I have tested against and only install from there but that 
means another bit of
infrastructure to look after and manage, which I'd like to avoid if at all 
possible.

One idea I had was to maybe have a script that dumps out package versions 
and use that to either seed hiera or create package resources automatically 
but I'm not sure if this
is a good idea or not.

What sort of solutions are people using to get round this?

Thanks for your help,
James

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/zLYnmQ-X5D4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet master REST API returns 403 when running under passenger works when running from command line

2012-12-10 Thread Anadi Misra 
Thanks! 

I compared it with a similar setup we had done in the past and noticed that 
this one had both 

ssl_client_header = SSL_CLIENT_S_D
ssl_client_verify_header = SSL_CLIENT_VERIFY

in pupet.conf and 

passenger_set_cgi_paramHTTP_X_CLIENT_DN $ssl_client_s_dn; 
passenger_set_cgi_paramHTTP_X_CLIENT_VERIFY $ssl_client_verify; 

in the nginx.conf; disabled it from puppet master and it works now.

BR/
Anadi.



On Monday, 10 December 2012 22:59:14 UTC+5:30, Felipe Salum wrote:
>
> On Apache/Passenger I have set a few headers:
>
>   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e 
>   RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e 
>   RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
>
> And then updated puppet.conf as below:
>
> [master]
>
> ssl_client_header = HTTP_X_SSL_SUBJECT
>
> Does it fail if you use --server devops.X.com ? 
> You should use the --server hostname as the same certname name used on the 
> puppetmaster.
>
> Regards,
> Felipe
>
>
> On Monday, December 10, 2012 5:32:33 AM UTC-8, Anadi Misra wrote:
>>
>> Hi! Everyone,
>>
>> puppet agent is not able to fetch any files, plugins or post catalog, 
>> reports to the master. both puppet agent and master are on version 3.0.l, 
>> passenger version 3.0.18 ,
>>
>> nginx version: nginx/1.3.9
>> built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) 
>> TLS SNI support enabled
>> configure arguments: --prefix=/apps/nginx 
>> --conf-path=/apps/nginx/nginx.conf --pid-path=/apps/nginx/run/nginx.pid 
>> --error-log-path=/apps/nginx/logs/error.log 
>> --http-log-path=/apps/nginx/logs/access.log --with-http_ssl_module 
>> --with-http_gzip_static_module 
>> --add-module=/usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/nginx 
>> --add-module=/apps/Downloads/nginx/nginx-auth-ldap-master/
>>
>> the agent command shows this output
>>
>> [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
>> --server bangvmpllda02.XX.com
>> Starting Puppet client version 3.0.1
>> Warning: Unable to fetch my node definition, but the agent run will 
>> continue:
>> Warning: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /certificate_revocation_list/ca [find] 
>> at :106
>> Info: Retrieving plugin
>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional 
>> resources using 'eval_generate: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on 
>> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to 
>> /file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
>> puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: 
>> Forbidden request: 10.209.47.31(10.209.47.31) access to 
>> /file_metadata/plugins [find] at :106
>> Error: Could not retrieve catalog from remote server: Error 403 on 
>> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to /catalog/
>> blramisr195602.XX.com [find] at :106
>> Using cached catalog
>> Error: Could not retrieve catalog; skipping run
>> Error: Could not send report: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com[save] 
>> at :106
>>
>> and on master logs I see
>>
>> [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
>> --server bangvmpllda02.XX.com
>> Starting Puppet client version 3.0.1
>> Warning: Unable to fetch my node definition, but the agent run will 
>> continue:
>> Warning: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /certificate_revocation_list/ca [find] 
>> at :106
>> Info: Retrieving plugin
>> Error: /File[/var/lib/puppet/lib]: Failed to generate additional 
>> resources using 'eval_generate: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
>> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on 
>> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to 
>> /file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
>> puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: 
>> Forbidden request: 10.209.47.31(10.209.47.31) access to 
>> /file_metadata/plugins [find] at :106
>> Error: Could not retrieve catalog from remote server: Error 403 on 
>> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to /catalog/
>> blramisr195602.XX.com [find] at :106
>> Using cached catalog
>> Error: Could not retrieve catalog; skipping run
>> Error: Could not send report: Error 403 on SERVER: Forbidden request: 
>> 10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com[save] 
>> at :106
>>
>>
>> I am not sure why is it evaluating things on IP?
>>
>> I also changed agent setup to following
>>
>> [main]
>> # The Puppet log directory.
>> # The default value is '$vardir/log'.
>> logd

Re: [Puppet Users] Puppet 3.0 rspec and custom resources

2012-12-10 Thread Josh Cooper 
I have a proposed fix in puppet, see my last comment 
in http://projects.puppetlabs.com/issues/17543#note-3

Josh

On Wednesday, November 14, 2012 5:40:45 AM UTC-8, Brett Porter wrote:
>
> I've seen the same problem - and a similar one when working with multiple 
> hosts. There's some data and sample projects here: 
> https://github.com/rodjek/rspec-puppet/issues/60
>
> On Tuesday, 6 November 2012 02:52:24 UTC+11, Nathan Huff wrote:
>>
>> So I dug into this a little more.  It has something to do with how puppet 
>> is loading the type definitions. 
>> There appears to be some kind of cache that gets loaded with type 
>> definitions when the first manifest gets processed.
>> If the first test that gets run is for a class that contains all the 
>> types necessary for classes that get tested later everything runs fine.
>> If on the other hand if the first test run is for a class that doesn't 
>> contain all the types used in later classes the later test fails. 
>>
>> Given the example I posted
>> This works correctly.
>> rspec spec/classes/test_spec.rb spec/classes/test__c_spec.rb
>> This doesn't
>> rspec spec/classes/test__c_spec.rb spec/classes/test_spec.rb
>>
>> Running them both separately works too.
>>
>> On Monday, October 29, 2012 2:48:25 PM UTC-5, Nathan Huff wrote:
>>>
>>> Looks like the subnamespace thing isn't important either.  Just having 
>>> two classes triggers this as well.
>>>
>>> On Monday, October 29, 2012 1:13:05 PM UTC-5, Nathan Huff wrote:

 OK so I have what I think is a minimal test case here:

 https://github.com/nhuff/spec-failure

 The readme has a list of gems I have installed in it.

 You seem to need spec tests for two classes, one of which is in a sub 
 namespace of the other.
 In this case 'test' and 'test::c'.  With both spec files in place the 
 system complains about anchor not being defined.
 If you remove the test file for test::c the test for class test will 
 pass.

>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/UYykoPyEIYUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] How to handle multi-variable cross cutting concerns in hiera?

2012-12-10 Thread Schofield 
I am working with puppet 3.0 and have the opportunity to build the hiera 
hierarchy from scratch.  I am pondering which data should be included in 
hiera and how it should be organized.  After some research it appears that 
most folks struggle when their data is dependent on multiple facts rather 
than a strict hierarchical data structure.  For example: a value depends on 
the node location *and *what environment it is in dev|test|qa|prod.

In my mind a hiera hierarchy like the following which is based on network 
location of a node would work great because each level is more specific and 
a subset of the previous making overrides very clear and clean.

   - fqdn - for node specific overrides
   - cluster - cluster specific overrides
   - network - all clusters are isolated on a network segment.
   - common - the default
   
Now the difficult part is that I also want to externalize data in to hiera 
based on the network location *and *the environment.   This becomes more 
complex if a third variable is added.

So the question is: Is there a best practice for handling hiera data values 
based on multiple attributes?  In this case location *and *environment.  
One doesn't take precedence over the other but both are needed to find a 
unique and correct value.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/XIQXwB5aBiwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet Dashboard for Rails 3

2012-12-10 Thread Aaron Stone 
Update: thanks to help from GitHub users @igreg and @astratto, Puppet
Dashboard Rails 3 is now fully compatible with Ruby 1.9! The rails3 and
rails3-aaa branches are up to date as of Dashboard version 1.2.15 plus the
work on those branches.

I'm down to just 3 test failures, and actively working on getting to fully
clean test runs. Help appreciated! Please take a look at the test results
from these Travis builds:
https://travis-ci.org/sodabrew/puppet-dashboard/builds/3588533

Still working on the audit trail, but no new updates on that yet.

Cheers,
Aaron



On Fri, Nov 9, 2012 at 4:30 PM, Aaron Stone  wrote:

> Hi all,
>
> Over the past few weeks, I ported the Puppet Dashboard to run on Rails 3
> with Ruby 1.8.7. I'm down to only three unit test failures, so I think it's
> a good time to share the work and see if anybody else is interested in
> continuing Dashboard with me.
>
> http://github.com/sodabrew/puppet-dashboard
>
> https://travis-ci.org/sodabrew/puppet-dashboard/jobs/3095051
>
> What's new here?
>  - Rails 3.2.8!
>  - Model protection against mass-assignment attacks.
>  - Prototype JS is removed.
>  - URLs for Groups and Classes by name, not only ID number.
>  - Bundler 1.x, Gemfile, runs under Thin.
>
> My next plans:
>  - Use PaperTrail to provide change histories for everything (way more
> than fact reports, I need "who changed this parameter?").
>  - Use Devise for AAA, integration with company Auth and view/edit
> permissions (e.g. Devs can view, Ops can edit).
>  - Make it prettier? Bootstrap perhaps?
>  - Unit tests passing ;)
>
> Cheers,
> Aaron
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet 2.7 Windows File Permissions cause Permission Denied Errors

2012-12-10 Thread Josh Cooper 
Hi Alex,

If you don't care about permissions, you can just omit the mode property.

The owner should receive Full Control, but the group and other will
always receive less than that, e.g. they shouldn't get WRITE_DAC. For
example,

C:\work\puppet>envpuppet puppet resource file c:/blarg5
ensure=directory owner=Administrator group=Administrators  mode=0777
notice: /File[c:/blarg5]/ensure: created
file { 'c:/blarg5':
  ensure => 'directory',
  group  => 'S-1-5-32-544',
  mode   => '777',
  owner  => 'S-1-5-21-2397885826-1833024046-1055597067-500',
}

C:\work\puppet>icacls c:\blarg5
c:\blarg5 BIZARRO\Administrator:(F)
  BUILTIN\Administrators:(RX,W,DC)
  Everyone:(RX,W,DC)
  CREATOR OWNER:(CI)(IO)(F)
  CREATOR GROUP:(CI)(IO)(RX,W,DC)
  CREATOR OWNER:(OI)(IO)(R,W,D,WDAC,WO,DC)
  CREATOR GROUP:(OI)(IO)(R,W,DC)

So the owner is getting full control.

But I have seen that when puppet creates a file with mode 07xx, the
owner doesn't get FILE_DELETE_CHILD (really it should so that the
owner's permission is listed as Full Control instead of Special), but
it doesn't "hurt" anything, since that permission has no meaning for
files.

If you're still seeing the issue with directories, can you icacls on
the directory. Also do you get different results depending on whether
you're running puppet interactively as an Administrator vs running
puppet as LocalSystem?

Josh


On Mon, Dec 10, 2012 at 1:09 PM, phundisk  wrote:
> I am trying to expand puppet to work for our windows servers and am noticing
> some weird permissions issues that are occurring.
>
> I have a file resource being created that is a folder.  I set that folder to
> have full permission to user Administrator and a local windows group.  I set
> the mode to 0777 since I don't really care about security in this situation.
> Puppet seems to create a 'Special' type windows permission for this
> directory and not the RWX regular windows permissions that I would expect it
> to use.  There are multiple applications that run within this created
> directory and thus the application needs permissions to stuff within the
> sub-directories of the created folder.  Each application runs as a separate
> user.  It seems that puppet is causing some permissions errors when we
> instantiate what I have below, even though we set the base permission of the
> directory to be fully open.  Is there any known bugs with puppet 2.7 and
> windows?  I know it is very limited in this version.  The client version is
> 2.7.20.
>
> group { "EaFarmGroup":
> ensure => "present",
> }
> file { "C:\\MT4+EA-Farm":
> ensure => 'directory',
> owner => "Administrator",
> group => "EaFarmGroup",
> mode => '0777',
> }
>
> _
> This email and any files transmitted with it are confidential and intended
> solely for the addressee.  If you received this email in error, please do
> not disclose the contents to anyone; kindly notify the sender by return
> email and delete this email and any attachments from your system.
>
> © 2011 Currensee Inc. is a member of the National Futures Association (NFA)
> Member ID 0403251 | Over the counter retail foreign currency (Forex) trading
> may involve significant risk of loss. It is not suitable for all investors
> and you should make sure you understand the risks involved before trading
> and seek independent advice if necessary. Performance, strategies and charts
> shown are not necessarily predictive of any particular result and past
> performance is no indication of future results. Investor returns may vary
> from Trade Leader returns based on slippage, fees, broker spreads,
> volatility or other market conditions.
>
> Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/3h1aSJvCNKgJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



-- 
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Error: can't instantiate uninitialized class

2012-12-10 Thread jcbollinger 


On Monday, December 10, 2012 8:22:25 AM UTC-6, Luca Gioppo wrote:
>
> No the behaviour has been always the same:
>

Ok.
 

>
> It colud be a template??? I'll check it, but have no clue.
>


Yes.  Templates can execute arbitrary Ruby code, so they can trigger any 
error that Ruby can throw.  Whether the bug is *likely* to be in a 
template, on the other hand, depends heavily on your templates.

Again, try to find the minimal set of resources that must be assigned to 
the node to cause the problem.  Start by verifying that there is no error 
when the node's catalog is empty.  Then try each module that is normally 
assigned to the node, individually (to the extent that's possible).  Focus 
first on any modules for which the troublesome node has unusual 
configuration relative to most nodes.  If the problem is localized in one 
module (which is likely), then you should be able to identify the module 
that way.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/QhwFeBzpTGYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Console "Home" page display issue

2012-12-10 Thread MasterPO 
I'm using Firefox 15.0.1 
I've also tried IE 8 and it has the node table all the way to the left, 
under the menu boxes.
Google Chrome looks OK

On Monday, December 10, 2012 2:46:41 PM UTC-6, Gary Larizza wrote:
>
> What web browser (and version) are you using to access the dashboard?
>
>
> On Mon, Dec 10, 2012 at 12:08 PM, MasterPO 
> > wrote:
>
>> I don't know what is causing this, but the HOME page for the Puppet 
>> Dashboard has a table of nodes offset to the extreme right of the display.
>> Am I missing some configuration parameter somewhere?  I just upgraded to 
>> version 1.2.15 and it has the same issue.
>> I've attached a Snippet capture of the issue.
>>
>> Thanks in advance!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msg/puppet-users/-/rOkQha3vGZkJ.
>> To post to this group, send email to puppet...@googlegroups.com
>> .
>> To unsubscribe from this group, send email to 
>> puppet-users...@googlegroups.com .
>> For more options, visit this group at 
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>
>
>
> -- 
> Gary Larizza
> Professional Services Engineer
> Puppet Labs
>
> -- 
>
> *PUPPET LABS HAS MOVED!  *
> Please update your records with our new address. 
>
> *Puppet Labs, Inc.*
> 926 NW 13th Ave. #210
> Portland, OR 97209
>
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/geheZYTO2M4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Pre-commit hooks for your modules?

2012-12-10 Thread llowder 


On Monday, December 10, 2012 4:27:26 PM UTC-6, Jakov Sosic wrote:
>
> Hi. 
>
> I was wondering what kind of precommit hooks are you guys using? 
>
>
> Here is what I use:

#!/bin/bash
# pre-commit git hook to check the validity of a puppet manifest
#
# Prerequisites:
# gem install puppet-lint puppet
#
# Install:
# /path/to/repo/.git/hooks/pre-comit

# Source RVM if needed
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load 
RVM into a shell session *as a function*

echo "### Checking puppet syntax, for science! ###"
# for file in `git diff --name-only --cached | grep -E '\.(pp|erb)'`
for file in `git diff --name-only --cached | grep -E '\.(pp)'`
do
# Only check new/modified files
if [[ -f $file ]]
then
puppet-lint \
--error-level all \
--fail-on-warnings \
--no-80chars-check \
--no-class_parameter_defaults-check \
--with-filename $file

# Set us up to bail if we receive any syntax errors
if [[ $? -ne 0 ]]
then
syntax_is_bad=1
else
echo "$file looks good"
fi
fi
done
echo ""

echo "### Checking if puppet manifests are valid ###"
# validating the whole manifest takes too long. uncomment this
# if you want to test the whole shebang.
# for file in `find . -name "*.pp"`
# for file in `git diff --name-only --cached | grep -E '\.(pp|erb)'`
for file in `git diff --name-only --cached | grep -E '\.(pp)'`
do
if [[ -f $file ]]
then
puppet parser validate --mode user --environment test $file
if [[ $? -ne 0 ]]
then
echo "ERROR: puppet parser failed at: $file"
syntax_is_bad=1
else
echo "OK: $file looks valid"
fi
fi
done
echo ""

if [[ $syntax_is_bad -eq 1 ]]
then
echo "FATAL: Syntax is bad. See above errors"
echo "Bailing"
exit 1
else
echo "Everything looks good."
fi

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/isWjIWaZjFEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Pre-commit hooks for your modules?

2012-12-10 Thread Jakov Sosic 
Hi.

I was wondering what kind of precommit hooks are you guys using?

Here's what I've come up to in last hour:

$ cat .hg/hgrc | grep -A 1 hooks
[hooks]
pretxncommit.puppet = .hg/check_puppet.rb

$ cat .hg/check_puppet.rb

#!/usr/bin/ruby
def puppet_parser_validate(file)
if !system('puppet parser validate ' + file + ' > /dev/null 2>&1')
print('Syntax error in file: ' + file + "\n")
system('puppet parser validate ' + file)
exit(1)
end
end

def puppet_lint(file)
if !system('puppet-lint --no-80chars-check ' + file + ' > /dev/null
2>&1')
print('Coding style error in file: ' + file + "\n")
system('puppet-lint --no-80chars-check ' + file)
exit(1)
end
end

def puppet_erb_check(file)
if !system('erb -x -T \'-\' ' + file + ' | ruby -c > /dev/null 2>&1')
print('Syntax error in erb template: ' + file + "\n")
system('erb -x -T \'-\' ' + file + ' | ruby -c')
exit(1)
end
end

# go through list of files, and call adequate checks
IO.popen('hg status').readlines.each { |file|
file.sub!(/^\w (.*)\n/,'\1')
if file.match('.pp$')
puppet_parser_validate file
puppet_lint file
elsif file.match('.erb$')
puppet_erb_check file
end
}




These are very basic checks, but I would like to implement also
something like checking if file from 'source =>' is present in module's
files/ or if template from manifest is present in templates/ and things
like that.

Do you have any other ideas?




-- 
Jakov Sosic
www.srce.unizg.hr

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] custom define type for array with 'case' argument pass to it

2012-12-10 Thread Jakov Sosic 
On 12/07/2012 12:23 AM, Jakov Sosic wrote:
> On 12/07/2012 12:20 AM, iamauser wrote:
>> Thanks, but we are still running EL5. Do you have rpm available for
>> this ?
> 
> Yeah it's easy just replace el6 with el5 ;)
> 
> http://ftp.srce.hr/srce-redhat/base/el5/x86_64/rubygem-puppet-lint-0.1.13-1.el5.srce.noarch.rpm
> 
> 
> 
> Although I don't have all packages build for both versions (el5 & el6)
> and all architectures (x86_64 & i386), I sure try my best. When I get
> Koji up and working it should be easier to provide all the packages...
> 


OK, here are the new versions:

el6:

http://ftp.srce.hr/srce-redhat/base/el6/x86_64/rubygem-puppet-lint-0.3.2-1.el6.srce.noarch.rpm

el5:

http://ftp.srce.hr/srce-redhat/base/el5/x86_64/rubygem-puppet-lint-0.3.2-1.el5.srce.noarch.rpm


Note: You also need rubygem-rcov & rubygem-rspec from EPEL

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Defined Type and Scoping ...

2012-12-10 Thread llowder 


On Monday, December 10, 2012 3:47:21 PM UTC-6, Reginald Choudari wrote:
>
> In the defined type, no I did not. Is that required for a defined typed 
> declared as a child of the class's scope?
>

If you want to notify some resource, it has to be included in that catalog 
somewhere. So either in that define, or your node def from the ENC, you 
will have to also include that class.

 

>
> On Monday, December 10, 2012 4:39:57 PM UTC-5, llowder wrote:
>>
>>
>>
>> On Monday, December 10, 2012 3:36:55 PM UTC-6, Reginald Choudari wrote:
>>>
>>> Hello,
>>>
>>> I've got a module with an 'init.pp' like so:
>>>
>>> class test_backend {
>>>
>>> ...
>>>
>>> exec {'reset':
>>>
>>> refreshonly => true,
>>>
>>> command => 'C:\blah.exe',
>>>
>>> }
>>>
>>> ...  
>>>
>>> }
>>>
>>>  
>>> And I declare a defined resource type 'cmd.pp' below:
>>>
>>>
>>> define test_backend::cmd($var1, $var2) {
>>>
>>> ...
>>>
>>> file {'$var1':
>>>
>>> ensure => file,
>>>
>>> content => $var2, 
>>>
>>> notify => Test_backend::Exec['reset'], 
>>>
>>> }
>>>
>>> ...  
>>>
>>> }
>>>
>>>
>>> And this is what I get:
>>>
>>> Failed to apply catalog: Could not find dependent 
>>> Test_backend::Exec[reset] for File[bobloblaw]
>>>
>>>
>>>
>> Did you "include test_backend" or "class { 'test_backend': }" anywhere?
>>
>>  
>>
>>> How should I go about doing this?
>>>
>>> Thanks,
>>> Reginald 
>>>  
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/z2NH9d7rsDkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Defined Type and Scoping ...

2012-12-10 Thread Reginald Choudari 
In the defined type, no I did not. Is that required for a defined typed 
declared as a child of the class's scope?

On Monday, December 10, 2012 4:39:57 PM UTC-5, llowder wrote:
>
>
>
> On Monday, December 10, 2012 3:36:55 PM UTC-6, Reginald Choudari wrote:
>>
>> Hello,
>>
>> I've got a module with an 'init.pp' like so:
>>
>> class test_backend {
>>
>> ...
>>
>> exec {'reset':
>>
>> refreshonly => true,
>>
>> command => 'C:\blah.exe',
>>
>> }
>>
>> ...  
>>
>> }
>>
>>  
>> And I declare a defined resource type 'cmd.pp' below:
>>
>>
>> define test_backend::cmd($var1, $var2) {
>>
>> ...
>>
>> file {'$var1':
>>
>> ensure => file,
>>
>> content => $var2, 
>>
>> notify => Test_backend::Exec['reset'], 
>>
>> }
>>
>> ...  
>>
>> }
>>
>>
>> And this is what I get:
>>
>> Failed to apply catalog: Could not find dependent 
>> Test_backend::Exec[reset] for File[bobloblaw]
>>
>>
>>
> Did you "include test_backend" or "class { 'test_backend': }" anywhere?
>
>  
>
>> How should I go about doing this?
>>
>> Thanks,
>> Reginald 
>>  
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ps7--_wD5xMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Defined Type and Scoping ...

2012-12-10 Thread llowder 


On Monday, December 10, 2012 3:36:55 PM UTC-6, Reginald Choudari wrote:
>
> Hello,
>
> I've got a module with an 'init.pp' like so:
>
> class test_backend {
>
> ...
>
> exec {'reset':
>
> refreshonly => true,
>
> command => 'C:\blah.exe',
>
> }
>
> ...  
>
> }
>
>  
> And I declare a defined resource type 'cmd.pp' below:
>
>
> define test_backend::cmd($var1, $var2) {
>
> ...
>
> file {'$var1':
>
> ensure => file,
>
> content => $var2, 
>
> notify => Test_backend::Exec['reset'], 
>
> }
>
> ...  
>
> }
>
>
> And this is what I get:
>
> Failed to apply catalog: Could not find dependent 
> Test_backend::Exec[reset] for File[bobloblaw]
>
>
>
Did you "include test_backend" or "class { 'test_backend': }" anywhere?

 

> How should I go about doing this?
>
> Thanks,
> Reginald 
>  
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/GJMB5Ex6msoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Defined Type and Scoping ...

2012-12-10 Thread Reginald Choudari 
Hello,

I've got a module with an 'init.pp' like so:

class test_backend {

...

exec {'reset':

refreshonly => true,

command => 'C:\blah.exe',

}

...  

}

 
And I declare a defined resource type 'cmd.pp' below:


define test_backend::cmd($var1, $var2) {

...

file {'$var1':

ensure => file,

content => $var2, 

notify => Test_backend::Exec['reset'], 

}

...  

}


And this is what I get:

Failed to apply catalog: Could not find dependent Test_backend::Exec[reset] 
for File[bobloblaw]


How should I go about doing this?

Thanks,
Reginald 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/yT8Di-tnAysJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet 2.7 Windows File Permissions cause Permission Denied Errors

2012-12-10 Thread phundisk 
I am trying to expand puppet to work for our windows servers and am 
noticing some weird permissions issues that are occurring.

I have a file resource being created that is a folder.  I set that folder 
to have full permission to user Administrator and a local windows group.  I 
set the mode to 0777 since I don't really care about security in this 
situation.  Puppet seems to create a 'Special' type windows permission for 
this directory and not the RWX regular windows permissions that I would 
expect it to use.  There are multiple applications that run within this 
created directory and thus the application needs permissions to stuff 
within the sub-directories of the created folder.  Each application runs as 
a separate user.  It seems that puppet is causing some permissions errors 
when we instantiate what I have below, even though we set the base 
permission of the directory to be fully open.  Is there any known bugs with 
puppet 2.7 and windows?  I know it is very limited in this version.  The 
client version is 2.7.20.  

group { "EaFarmGroup":
ensure => "present",
}
file { "C:\\MT4+EA-Farm":
ensure => 'directory',
owner => "Administrator",
group => "EaFarmGroup",
mode => '0777',
}

-- 
_
This email and any files transmitted with it are confidential and intended 
solely for the addressee.  If you received this email in error, please do 
not disclose the contents to anyone; kindly notify the sender by return 
email and delete this email and any attachments from your system.

© 2011 Currensee Inc. is a member of the National Futures Association (NFA) 
Member ID 0403251 | Over the counter retail foreign currency (Forex) 
trading may involve significant risk of loss. It is not suitable for all 
investors and you should make sure you understand the risks involved before 
trading and seek independent advice if necessary. Performance, strategies 
and charts shown are not necessarily predictive of any particular result 
and past performance is no indication of future results. Investor returns 
may vary from Trade Leader returns based on slippage, fees, broker spreads, 
volatility or other market conditions.

Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/3h1aSJvCNKgJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Console "Home" page display issue

2012-12-10 Thread Gary Larizza 
What web browser (and version) are you using to access the dashboard?


On Mon, Dec 10, 2012 at 12:08 PM, MasterPO  wrote:

> I don't know what is causing this, but the HOME page for the Puppet
> Dashboard has a table of nodes offset to the extreme right of the display.
> Am I missing some configuration parameter somewhere?  I just upgraded to
> version 1.2.15 and it has the same issue.
> I've attached a Snippet capture of the issue.
>
> Thanks in advance!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/rOkQha3vGZkJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Gary Larizza
Professional Services Engineer
Puppet Labs

-- 

*PUPPET LABS HAS MOVED!  *
Please update your records with our new address.

*Puppet Labs, Inc.*
926 NW 13th Ave. #210
Portland, OR 97209

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] YAML as File resource template Error , "can't convert Hash to String"

2012-12-10 Thread treydock 
Using exported resources I'm trying to have a host export a File resource 
generated from a yaml template, to another host.  The host that gets the 
exported resource is throwing errors like this

err: Failed to apply catalog: Parameter content failed: Munging failed for 
value {"parameters"=>{"macaddress_p2p1"=>"00:15:17:80:5A:3E", 
"macaddress_p2p2"=>"00:15:17:80:5A:3F", 
"macaddress_eth0"=>"00:1E:C9:55:12:C7", 
"macaddress_eth1"=>"00:1E:C9:55:12:C9", "operatingsystem"=>"CentOS", 
"serialnumber"=>"", "interfaces"=>"eth0,eth1,lo,p2p1,p2p2", 
"fqdn"=>"", "ipaddress_p2p1"=>"", "ipaddress_p2p2"=>"", "uuid"=>"", 
"ipaddress_eth0"=>"", "ipaddress_eth1"=>"", "productname"=>"", 
"operatingsystemrelease"=>"6.3"}, "name"=>""} in class content: can't 
convert Hash into String

Here is the parts of the module...

class racktables::export (
  $site,
  $yamls_dir  = 'UNSET'
) inherits racktables::params {

  $yamls_dir_REAL = $yamls_dir ? {
'UNSET'   => "${conf_dir}/${site}/yamls",
default   => $yamls_dir,
  }

  @@file { "racktables_host_${::hostname}.yaml":
content   => template('racktables/host.yaml.erb'),
path  => "${yamls_dir_REAL}/${::hostname}.yaml",
tag   => "host_yaml_for_${site}",
  }

}

define racktables::instance (
...
) {


  File <<| tag == "host_yaml_for_${name}" |>> {
require   => File[$yaml_exports_REAL],
  }


}

Template...

# cat templates/host.yaml.erb
--- 
name: "<%= scope.lookupvar('::hostname') %>"
parameters: 
  interfaces: "<%= scope.lookupvar('::interfaces') %>"
  fqdn: "<%= scope.lookupvar('::fqdn') %>"
  operatingsystemrelease: "<%= scope.lookupvar('::operatingsystemrelease') 
%>"
  operatingsystem: "<%= scope.lookupvar('::operatingsystem') %>"
  productname: ""
  uuid: ""
  serialnumber: ""
<% scope.lookupvar('::interfaces').split(',').each do |interface| -%>
<% unless interface.eql? "lo" -%>
  ipaddress_<%= interface %>: "<%= 
scope.lookupvar("::ipaddress_#{interface}") %>"
  macaddress_<%= interface %>: "<%= 
scope.lookupvar("::macaddress_#{interface}") %>"
<% end -%>
<% end -%>


Is there some catch to using a YAML file for the template content?  Would 
it be better to use Ruby DSL for the racktables::export class and generate 
a hash -> sort -> to_yaml and have that be set as the content?

Thanks
- Trey

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/qsY2Ixye7BsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] augtool/augeas doesn't work in f17?

2012-12-10 Thread Dominic Cleal 
On 10/12/12 18:59, Bret Wortman wrote:
> On Monday, December 10, 2012 1:51:46 PM UTC-5, Bret Wortman wrote:
> 
> On Monday, December 10, 2012 8:34:17 AM UTC-5, Dominic Cleal wrote:
> 
> On 07/12/12 11:56, Bret Wortman wrote:
> > Even in interactive mode, I get nothing out of augtool! What
> should I
> > look at to see why this is failing? Syslog doesn't show anything
> > illustrative, nor did puppet agent -t --debug.
> 
> The lack of errors from the augeas resource type should be much
> improved
> now if you're able to use Puppet 3.
> 
> 
> I am using Puppet 3 -- 3.0.1-1, to be precise. In response to
> Raphael's suggestion, I'm able to find some errors and can work
> through those.
> 
> 
> I spoke too soon. The specific file I'm trying to work with is
> /etc/cron.allow. When I try to parse it:

Ah ok, cron.allow doesn't have a lens in Augeas 0.10.0, it's something
that's only been added recently.  This is why it won't even show up as a
parse error.

What you could try is taking the lens from git:
http://git.fedorahosted.org/cgit/augeas.git/tree/lenses/simplelines.aug

Either store it in /usr/share/augeas/lenses/, or add it to a module at
/lib/augeas/lenses/ and it will pluginsync to the client[1].
 If you put it in the former directory, you should be able to do an "ls"
from augtool.

> augtool> ls /files/etc/cron.allow
> augtool> print /augeas//error
> /augesa/files/etc/hosts/error = "parse_failed"
> /augeas/files/etc/hosts/error/pos = "18473"
> /augeas/files/etc/hosts/error/line = "273"
> /augeas/files/etc/hosts/error/char = "0"
> /augeas/files/etc/hsots/error/lens =
> "/usr/share/augeas/lenses/dist/hosts.aug:23.12-.42:"
> /augeas/files/etc/hsots/error/message = "Iterated lens matched less than
> it should"
> 
> It doesn't look like the error is getting updated, or am I
> misunderstanding something?

When you run augtool, it parses all the files (in their default
locations) that it knows about.  So that's just reporting it has a parse
error with your /etc/hosts file on line 273 (!!), which is going to be
unrelated to cron.allow.  As above, because 0.10.0 doesn't have support
for cron.allow, nothing appears when you do an "ls" for that file.

> Where should these be printing to from Puppet?

It would be printing in the debug logs, but it would probably only print
the /etc/hosts error since that's the only one that occurred.


[1]http://docs.puppetlabs.com/guides/plugins_in_modules.html#details

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] augtool/augeas doesn't work in f17?

2012-12-10 Thread Bret Wortman 
On Monday, December 10, 2012 1:51:46 PM UTC-5, Bret Wortman wrote:

> On Monday, December 10, 2012 8:34:17 AM UTC-5, Dominic Cleal wrote:
>
>> On 07/12/12 11:56, Bret Wortman wrote: 
>> > Even in interactive mode, I get nothing out of augtool! What should I 
>> > look at to see why this is failing? Syslog doesn't show anything 
>> > illustrative, nor did puppet agent -t --debug. 
>>
>> The lack of errors from the augeas resource type should be much improved 
>> now if you're able to use Puppet 3. 
>>
>
> I am using Puppet 3 -- 3.0.1-1, to be precise. In response to Raphael's 
> suggestion, I'm able to find some errors and can work through those.
>

I spoke too soon. The specific file I'm trying to work with is 
/etc/cron.allow. When I try to parse it:

augtool> ls /files/etc/cron.allow
augtool> print /augeas//error
/augesa/files/etc/hosts/error = "parse_failed"
/augeas/files/etc/hosts/error/pos = "18473"
/augeas/files/etc/hosts/error/line = "273"
/augeas/files/etc/hosts/error/char = "0"
/augeas/files/etc/hsots/error/lens = 
"/usr/share/augeas/lenses/dist/hosts.aug:23.12-.42:"
/augeas/files/etc/hsots/error/message = "Iterated lens matched less than it 
should"

It doesn't look like the error is getting updated, or am I misunderstanding 
something?


> Where should these be printing to from Puppet?
>
>
>> I've added debug if there are parsing errors (which will print output 
>> equivalent to Rapha�l's augtool suggestion) and warnings if you're 
>> using 
>> context/incl parameters and it finds an error on a file you're trying to 
>> modify. 
>>
>> -- 
>> Dominic Cleal 
>> Red Hat Engineering 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/lFktVrVF4_8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Need Speakers: Puppet Camp Ghent and FOSDEM Config/Sys Mgmt DevRoom

2012-12-10 Thread Dawn Foster 
We are holding Puppet Camp Ghent on January 31 and February 1 - right
before FOSDEM (Ghent is a 30 minute train ride from Brussels). The CFP
closes on December 18, so you only have another 8 days to come up with
a talk!
Info: http://puppetlabs.com/blog/puppet-camp-ghent-register-or-submit-a-talk/
CFP: 
https://docs.google.com/spreadsheet/viewform?formkey=dDVtQUJYbDVEOTQ3UnVHZWVsdC1oeEE6MQ

There is also a Configuration/Systems Management DevRoom at FOSDEM on
February 2. The CFP for the DevRoom closes on December 15, so you only
have 5 days to submit a talk!
CFP: 
https://lists.fosdem.org/pipermail/config-mgmt-devroom/2012-November/00.html

Let me know if you have questions about either of these events.

Thanks,
Dawn

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] augtool/augeas doesn't work in f17?

2012-12-10 Thread Bret Wortman 
On Monday, December 10, 2012 8:34:17 AM UTC-5, Dominic Cleal wrote:

> On 07/12/12 11:56, Bret Wortman wrote: 
> > Even in interactive mode, I get nothing out of augtool! What should I 
> > look at to see why this is failing? Syslog doesn't show anything 
> > illustrative, nor did puppet agent -t --debug. 
>
> The lack of errors from the augeas resource type should be much improved 
> now if you're able to use Puppet 3. 
>

I am using Puppet 3 -- 3.0.1-1, to be precise. In response to Raphael's 
suggestion, I'm able to find some errors and can work through those.

Where should these be printing to from Puppet?


> I've added debug if there are parsing errors (which will print output 
> equivalent to Rapha�l's augtool suggestion) and warnings if you're using 
> context/incl parameters and it finds an error on a file you're trying to 
> modify. 
>
> -- 
> Dominic Cleal 
> Red Hat Engineering 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/R-ql06Yo8iwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: puppet master REST API returns 403 when running under passenger works when running from command line

2012-12-10 Thread Felipe Salum 
On Apache/Passenger I have set a few headers:

  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e 
  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e 
  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

And then updated puppet.conf as below:

[master]

ssl_client_header = HTTP_X_SSL_SUBJECT

Does it fail if you use --server devops.X.com ? 
You should use the --server hostname as the same certname name used on the 
puppetmaster.

Regards,
Felipe


On Monday, December 10, 2012 5:32:33 AM UTC-8, Anadi Misra wrote:
>
> Hi! Everyone,
>
> puppet agent is not able to fetch any files, plugins or post catalog, 
> reports to the master. both puppet agent and master are on version 3.0.l, 
> passenger version 3.0.18 ,
>
> nginx version: nginx/1.3.9
> built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) 
> TLS SNI support enabled
> configure arguments: --prefix=/apps/nginx 
> --conf-path=/apps/nginx/nginx.conf --pid-path=/apps/nginx/run/nginx.pid 
> --error-log-path=/apps/nginx/logs/error.log 
> --http-log-path=/apps/nginx/logs/access.log --with-http_ssl_module 
> --with-http_gzip_static_module 
> --add-module=/usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/nginx 
> --add-module=/apps/Downloads/nginx/nginx-auth-ldap-master/
>
> the agent command shows this output
>
> [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
> --server bangvmpllda02.XX.com
> Starting Puppet client version 3.0.1
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
> Warning: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /certificate_revocation_list/ca [find] 
> at :106
> Info: Retrieving plugin
> Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
> using 'eval_generate: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on 
> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to 
> /file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
> puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: Forbidden 
> request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] 
> at :106
> Error: Could not retrieve catalog from remote server: Error 403 on SERVER: 
> Forbidden request: 10.209.47.31(10.209.47.31) access to /catalog/
> blramisr195602.XX.com [find] at :106
> Using cached catalog
> Error: Could not retrieve catalog; skipping run
> Error: Could not send report: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com[save] 
> at :106
>
> and on master logs I see
>
> [amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
> --server bangvmpllda02.XX.com
> Starting Puppet client version 3.0.1
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
> Warning: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /certificate_revocation_list/ca [find] 
> at :106
> Info: Retrieving plugin
> Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
> using 'eval_generate: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on 
> SERVER: Forbidden request: 10.209.47.31(10.209.47.31) access to 
> /file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
> puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: Forbidden 
> request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] 
> at :106
> Error: Could not retrieve catalog from remote server: Error 403 on SERVER: 
> Forbidden request: 10.209.47.31(10.209.47.31) access to /catalog/
> blramisr195602.XX.com [find] at :106
> Using cached catalog
> Error: Could not retrieve catalog; skipping run
> Error: Could not send report: Error 403 on SERVER: Forbidden request: 
> 10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com[save] 
> at :106
>
>
> I am not sure why is it evaluating things on IP?
>
> I also changed agent setup to following
>
> [main]
> # The Puppet log directory.
> # The default value is '$vardir/log'.
> logdir = /var/log/puppet
>
> # Where Puppet PID files are kept.
> # The default value is '$vardir/run'.
> rundir = /var/run/puppet
>
> # Where SSL certificates are kept.
> # The default value is '$confdir/ssl'.
> ssldir = $vardir/ssl
> report = true
> pluginsync = true
> server = devops.XX.com
> certname = blramisr195602.XX.com
> dns_alt_names = 10.209.47.31
> modulepath = /etc/puppet/modules
>
> and resigned certifcates on master after clean up, but the puppet master 
> still blocks it. However If I run through puppet master daemon (without 
> nginx + passenger) all re

[Puppet Users] Re: Working with puppet and RVM

2012-12-10 Thread jcbollinger 


On Sunday, December 9, 2012 11:46:58 AM UTC-6, Smashed wrote:
>
> Has anyone found an elegant solution for working with puppet and rvm? Im 
> using the following module: https://github.com/blt04/puppet-rvm and I 
> keep finding myself having to prefix all of my Exec resources with "'su 
> root -c "source /etc/profile.d/rvm.sh && something". Any ideas?
>


You shouldn't need the "su root -c" part.  All that does in this context is 
spawn a shell to parse and run the command.  Instead, add "provider => 
'shell'" as a parameter of your Execs.

Alternatively, you only need a shell because your command is a pipeline, 
and you only need a pipeline because you want to load the RVM environment 
configuration.  You can avoid doing that explicitly by opening a login 
shell instead of a plain one: "su -l -c 'some command'".  Be warned, 
however, that that will do a full environment setup, not just RVM.

More generally, Puppet Execs are intentionally run in a very sparse 
environment, and those using the 'shell' provider avoid automatically 
processing shell initialization scripts.  If that's not sufficient then it 
is the manifest author's responsibility to ensure that an appropriate 
environment is provided, one way or another.  In addition to using the 
'command' property to do that as discussed above, the 'path' and 
'environment' attributes can help.

To achieve more elegance than that allows, don't exec commands that rely on 
RVM (or anything else that requires complex environment configuration).  Of 
course, if I were feeling catty then I would say that any real hope of 
elegance requires avoiding RVM altogether.  But I'm not feeling catty this 
morning.  :-)


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/97GWiaqKNXwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Does facter 2.x need cfengine key support?

2012-12-10 Thread jcbollinger 


On Sunday, December 9, 2012 3:49:06 PM UTC-6, John Warburton wrote:
>
> On 8 December 2012 04:34, Peter Meier  >wrote:
>
>>  And why shouldn't it?
>>
>
> Nagios is being 
> removed
>  from 
> core . Cfengine isn't core, 
> and falls under the same logic
>


Sort of.  The planned change to the nagios types is a refactoring, not a 
feature removal.  The nagios types will (maybe) be moved out of the core 
codebase, but they will still be packaged with Puppet.  Or maybe even that 
won't happen -- it was scheduled for Puppet 3.0, but it was deferred.

Furthermore, the Facter case is not parallel.  Few, if any, of the facts 
distributed with Facter are "core".  The Facter engine doesn't depend on 
them; instead they serve *Puppet's* purposes.

Let me not be completely negative.  It is fair to question which facts 
should be packaged with Facter, and I am inclined to think that Cfengine 
keys are included mostly for strategic reasons.  Every fact installed makes 
Facter take a little longer to run, so it's unreasonable to just throw in 
every fact that someone thinks would be useful.  On the other hand, a known 
set of facts need to be reliably present for Facter to serve its purpose.

In the end, however, Facter 2.x is going to keep the fact forever because 
of PL's commitment to semantic versioning.  Removing a feature would 
certainly constitute a breaking change, so even if PL were persuaded to do 
it, it would not happen until Facter 3 at the earliest.

What I would be thinking, therefore, is not whether Facter should include 
that fact, but whether its behavior is buggy.  If your system 
(mis)configuration caused Facter to fail while trying to evaluate the 
Cfengine key fact, then I would call that a bug in the fact (and file a 
ticket).  Of all software, Puppet and its supporting tools need to be among 
the most tolerant of broken and odd system configurations.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/GVxhXUPVeyIJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Help with PuppetDB

2012-12-10 Thread Chris Price 
Also, there are a few notes on common SSL issues here:

http://docs.puppetlabs.com/puppetdb/puppetdb-faq.html#puppetdb-is-complaining-about-a-truststore-or-keystore-file-what-do-i-do


On Friday, December 7, 2012 8:27:14 AM UTC-8, Nishant Jain wrote:
>
> Hello Everybody,
>I am trying to install the puppetdb on the same 
> machine as am running my puppetmaster.
> I am getting the following error when am trying to connect the agent:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for 
> ftldwshost180.wsdev.citrix.com to PuppetDB at 10.12.14.85:8081: 
> Connection refused - connect(2)
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
>
> Can anybody tell me how to resolve this error???
>
> System Information:
> Red Hat Enterprise Linux Server release 5.8 (Tikanga)
> puppet 3.0.1
> puppetdb 1.0.4
>
>
>
> I have installed and made the changes for the pupeptdb according to the 
> following link:
> https://github.com/puppetlabs/puppetdb
>
>
> I think the error is related to the ssl certificates??
>
> The output with running trace is as follows:
> gnoring --listen on onetime run
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
> Warning: Error 400 on SERVER: Could not retrieve facts for 
> ftldwshost180.wsdev.citrix.com: Failed to find facts from PuppetDB at 
> 10.12.14.85:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read 
> finished A
> Info: Retrieving plugin
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for 
> ftldwshost180.wsdev.citrix.com to PuppetDB at 10.12.14.85:8081: 
> SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `deserialize'
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:121:in `find'
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:191:in `find'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:243:in 
> `retrieve_new_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:348:in `thinmark'
> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:347:in `thinmark'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:242:in 
> `retrieve_new_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:67:in `retrieve_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:107:in 
> `prepare_and_retrieve_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:159:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:20:in `lock'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:119:in `with_client'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:42:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:84:in `run_in_fork'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:41:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:175:in `call'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:175:in `controlled_run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:338:in `onetime'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:311:in 
> `run_command'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:438:in `plugin_hook'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:500:in `exit_on_fail'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:76:in `execute'
> /usr/bin/puppet:10
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
>
>
> Thanks,
> Nishant
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/igakMIA6i3AJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Poll for thoughts on hierifying modules and OS default differences

2012-12-10 Thread Stefan Goethals 
I can only strongly suggest you look at the new Hiera-in-modules ticket and
pull request by R.I.Pienaar as it really solves a lot of problems many
people encounter in this situation.
It needs more testing and debugging so all help on this is very welcome.

Regards,

Stefan Goethals.

On Fri, Dec 7, 2012 at 7:08 PM, Wolf Noble  wrote:

> Hello lovelies,
>
> Our team is deliberating a few different options for the hierification of
> our modules; and wanted to poll the collective genius before making our
> decision.
>
> As we all know, there are certain attributes of a package which are, by
> default, consistent on an OS... say, the name of a package.
>
> class foobar {
> include foobar::params
>   $package = $foobar::params::package
>   Package {$package:
> ensure => installed
>   }
> }
>
> class foobar::params {
> case $osfamily:
>   redhat: {
> $package = 'foobar'
>   }
>   debian: {
> $package = 'foobard'
>   }
>   default: {
> fail
>   }
> }
>
>
> well, we want to be able to overide those defaults with hiera:
>
> class foobar {
> include foobar::params
>   $package = $foobar::params::package
>   Package {$package:
> ensure => installed
>   }
> }
>
> class foobar::params {
> case $osfamily:
>   redhat: {
> $package = hiera('foobar_package','foobar')
>   }
>   debian: {
> $package = hiera('foobar_package','foobard')
>   }
>   default: {
> fail
>   }
> }
>
>
> which is great, except now the package name is wrong by default on debian
> boxes...
>
> now sure, I can argue that my hierarchy should have places to logically
> separate out and override those 'inconvenient' defaults, ie for an
> environment that uses debian...
>
> one of our engineers suggested the following paradigm:
>
>
> class foobar {
> include foobar::params
>   $package = $foobar::params::package
>   Package {$package:
> ensure => installed
>   }
> }
>
> class foobar::params {
> case $osfamily:
>   redhat: {
> $package = hiera('foobar_os_rhel_package','foobar')
>   }
>   debian: {
> $package = hiera('foobar_os_deb_package','foobard')
>   }
>   default: {
> fail
>   }
> }
>
> which makes our topmost hierarchy (which is not segregated by OS, because
> the relevant hierarchies doen't split very cleanly at the OS level.) a
> little more bloated:
>
> foobar_os_deb_package: 'foobard'
> foobar_os_rhel_package: 'foobar'
>
>
> but makes for less overriding and additions for "default" setups...
>
>
> to be honest, I'm not sure which idea (or what other as yet unthought of
> idea) has the most merit, and I'd love to hear your thoughts on the matter
> before we get too much further
>
>
> Thanks so much in advance
>
>
> Wolf Noble
>
> 
>
> This message may contain confidential or privileged information. If you
> are not the intended recipient, please advise us immediately and delete
> this message. See http://www.datapipe.com/legal/email_disclaimer/ for
> further information on confidentiality and the risks of non-secure
> electronic communication. If you cannot access these links, please notify
> us by reply message and we will send the contents to you.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Cannot generate tempfile

2012-12-10 Thread GordonJB 
>From looking into it, the problem is that the /var/lib/puppet/reports is 
filling up the disk with reports. I was under the impression that 
these weren't stored on the master?

Thanks

On Monday, 10 December 2012 13:45:36 UTC, GordonJB wrote:
>
> Hi,
>
> My Puppet clients are all curently failing to run, they give the following 
> message on running the agent:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> cannot generate tempfile `/tmp/RackRewindableInput20121210-32328-1vnhs6g-9'
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> Debug: Value of 'preferred_serialization_format' (pson) is invalid for 
> report, using default (b64_zlib_yaml)
> Debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml
> Error: Could not send report: Error 400 on SERVER: cannot generate 
> tempfile `/tmp/RackRewindableInput20121210-32328-1wmrcaa-9'
>
> There is space on the server and clients, however looking at df 
> -a, /dev/mapper/puppet-root is at 100% used. Is this the problem? If so, 
> how can I clean this out? Is there some sort of cleanup that should be run 
> regularly on Puppet servers?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/s5jKLtjPcncJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] user resource, get password from command on master

2012-12-10 Thread jcbollinger 

On Monday, December 10, 2012 2:49:10 AM UTC-6, SAF wrote:
>
>
> Do you happen to know with what user do the scripts get executed on the 
> master? I it's not root, i might have to stick some sudos in there.
>
>
Functions are evaluated as a normal part of the puppet master's execution, 
thus they run as whatever user the master runs as.  In most setups that is 
a non-privileged user, without access to the contents of /etc/shadow.

You should think long and hard before granting the master elevated 
privileges.  I would not do it myself.  In fact, I would recommend against 
your whole concept for password management.  It requires you to weaken your 
security not only by granting extra privileges to the master, but also -- 
much worse -- by granting your users login privileges on the puppet master 
server.

Furthermore, password updates under your scheme would not be synchronous or 
even coordinated across hosts.  For each other system he wants to log in 
to, the user would have to wait some unknown time for that system to 
perform a successful Puppet run before his password changes there, and 
there will be a period during which his password is different on some nodes 
than on others.

There are good, industry-standard approaches to centralized password 
management.  You should really choose among those instead of rolling your 
own.  One of the best-regarded is LDAP, and you could also consider NIS 
(just to name two).  The former is more secure, but the latter is very easy 
to set up.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/cFPmN4xQxeMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Poll for thoughts on hierifying modules and OS default differences

2012-12-10 Thread jcbollinger 


On Friday, December 7, 2012 1:45:23 PM UTC-6, Wolf Noble wrote:
>
> Hi Gary, 
>
>
> I know what you mean, and agree for modules destined to be released to the 
> wild. 
> unfortunately, we have a diverse enough environment that even the defaults 
> occasionally need to be overridden; hence the hierification. 
> (I've got all that logic wrapped into a case statement based on if the 
> global parameter hiera_enabled is true or false, with sane-ish defaults 
> when hiera isn't enabled) 
>


You're not talking about the same thing, then.  The non-site specific 
defaults Gary is talking about would be (in this case) the package names 
used by the OS distribution.  I'm inclined to agree with him that it makes 
the most sense to associate those tightly with the module, whether by 
encoding them somehow in your manifests or by putting them in an Hiera data 
file that is bound to the module and distributed with it (as R.I. has been 
demonstrating).

For site-specific details stored in hiera, you really have only two basic 
alternatives:

   1. distinguish data by the files in which they are recorded, or
   2. distinguish data by the keys with which they are associated
   
In fact, you always use some combination of both, so your question boils 
down to choosing the best mix.  Unfortunately, we can't really answer that 
for you.  It's too dependent on the priorities, practices, and preferences 
of your organization and its people.

Myself, I prefer to minimize conditionals in my manifests where I can by 
relying on data instead.  Thus, for example, I might consider a variation 
on your engineer's suggestion such as this:

class foobar::params { 
  $default_package = {
'RedHat' => 'foobar',
'Debian' => 'foobard'
  }

  $package = hiera("foobar_os_${::osfamily}_package",
$default_package[$::osfamily])
}

The approach R.I. is testing amounts to doing more or less the same thing, 
but using an hiera data file belonging to the module instead of 
$foobar::params::default_package, which has the great advantage that your 
manifests don't need to change when you add support for a new OS family.  
The approach R.I. first suggested differs from that mainly in the location 
of the additional data file and its position in the hierarchy (first 
instead of last).

Alternatively, you could go meta with it, along the lines of this model:

class foobar::params { 
  $package_key = hiera('foo_package_key')
  $package = hiera($package_key)
}

That abandons the idea of non-site-specific data being tightly bound to the 
module, but the extra layer of indirection through Hiera gives you a great 
deal of additional flexibility.  If that appeals to you then I'm sure you 
can see several directions to run with it.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/yb_CNvnn7G0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to group hosts?

2012-12-10 Thread Glenn Poston 
We use facter-dot-d as well, but we also take advantage of 'calling_module' 
for grouping.  This param is automatically available to heira.

Here is our heira.yaml (role is in facter.d)

:hierarchy: - %{environment}/%{fqdn}
- %{environment}/%{role}
- %{environment}/%{calling_module}
- %{environment}
- common/%{role}
- common/%{calling_module}
- common

On Thursday, December 6, 2012 12:27:51 PM UTC-5, Jakov Sosic wrote:
>
> Hi. 
>
> I'm currently using hiera in a very rudimentary way, using only perhost 
> and common. 
>
> Now, I'm trying to group my hosts a little bit, so for example web 
> servers could have their own yaml with data. Problem is I don't have an 
> idea how to group hosts? How can I say to puppet that for example hosts: 
>
> storage01 
> storage02 
> storage03 
> storage04 
>
> belong to group storage_nodes, and 
>
> web01 
> web02 
>
> belong to group web_nodes? 
>
>
> How do you do that? 
>
>
> Thank you 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/L0487ZayqvAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Help with PuppetDB

2012-12-10 Thread Nikola Petrov 
On Fri, Dec 07, 2012 at 08:27:14AM -0800, Nishant Jain wrote:
> Hello Everybody,
>I am trying to install the puppetdb on the same 
> machine as am running my puppetmaster.
> I am getting the following error when am trying to connect the agent:
> 
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for ftldwshost180.wsdev.citrix.com 
> to PuppetDB at 10.12.14.85:8081: Connection refused - connect(2)
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> 
> 
> Can anybody tell me how to resolve this error???
> 
> System Information:
> Red Hat Enterprise Linux Server release 5.8 (Tikanga)
> puppet 3.0.1
> puppetdb 1.0.4

Can you please post your routes.yaml file. Also what is the content of
the puppetdb log and the log from the master.

Also did you run

puppet agent -t

for initial ssl authentication before configuring puppet?


-- 
Nikola

> 
> 
> 
> I have installed and made the changes for the pupeptdb according to the 
> following link:
> https://github.com/puppetlabs/puppetdb
> 
> 
> I think the error is related to the ssl certificates??
> 
> The output with running trace is as follows:
> gnoring --listen on onetime run
> Warning: Unable to fetch my node definition, but the agent run will 
> continue:
> Warning: Error 400 on SERVER: Could not retrieve facts for 
> ftldwshost180.wsdev.citrix.com: Failed to find facts from PuppetDB at 
> 10.12.14.85:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read 
> finished A
> Info: Retrieving plugin
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for ftldwshost180.wsdev.citrix.com 
> to PuppetDB at 10.12.14.85:8081: SSL_connect SYSCALL returned=5 errno=0 
> state=SSLv3 read finished A
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:65:in `deserialize'
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/rest.rb:121:in `find'
> /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:191:in `find'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:243:in 
> `retrieve_new_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:348:in `thinmark'
> /usr/lib/ruby/1.8/benchmark.rb:308:in `realtime'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:347:in `thinmark'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:242:in 
> `retrieve_new_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:67:in `retrieve_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:107:in 
> `prepare_and_retrieve_catalog'
> /usr/lib/ruby/site_ruby/1.8/puppet/configurer.rb:159:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent/locker.rb:20:in `lock'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:45:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:119:in `with_client'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:42:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:84:in `run_in_fork'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:41:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:175:in `call'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:175:in `controlled_run'
> /usr/lib/ruby/site_ruby/1.8/puppet/agent.rb:39:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:338:in `onetime'
> /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:311:in `run_command'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:438:in `plugin_hook'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:500:in `exit_on_fail'
> /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:346:in `run'
> /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:76:in `execute'
> /usr/bin/puppet:10
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> 
> 
> 
> Thanks,
> Nishant
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/puppet-users/-/TnpW5FYiUnMJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Managing windows agent

2012-12-10 Thread Subhash Korimilli 
Hi all,

I am new to puppet, and I am trying to manage a windows agent using puppet. 
I wrote a manifest file which will copy  a text file from puppet master 
(linux) to the puppet agent(windows). When I tried to run the puppet agent, 
I was getting the following error.


err: /Stage[main]/Module1/File[change-ip.bat]: Failed to generate 
additional resources using 'eval_generate: Error 400 on SERVER: Not 
authorized to call search on 
/file_metadata/packages/path/set-ip/set_ip.bat with {:recurse=>true, 
:links=> "manage", :checksum_type=>"md5"}

err: /Stage[main]/Module1/File[change-ip.bat]: Could not evaluate: Error 
400 on SERVER: Not authorized to call find on 
/file_metadata/packages/path/set-ip/set_ip.bat Could not retrieve file 
metadata for puppet:///packages/path/set-ip/set_ip.bat: Error 400 on 
SERVER: Not authorized to call find on 
/file_metadata/packages/path/set-ip/set_ip.bat at 
/mnt/puppetconf/modules/module1/manifests/init.pp:12


I would be thankful to you, if you help me resolve this issue.

Thanks in advance
Subhash

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ir7ZycsEfH4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: upgrade puppet certificates

2012-12-10 Thread jcbollinger 


On Friday, December 7, 2012 7:28:27 PM UTC-6, Ellison Marks wrote:
>
> I just recently spun up a new host using an old hostname, and when 
> managing the certificates, I noticed that the newly generated cert was 
> listed as sha256, while all of my earlier certs were listed as sha1. I 
> guess this is a new default or something, and I like better security, so 
> I'd like all of my hosts to use sha256. Is there any shortcut to 
> regenerating all the certs, or do I have to clean them off of each host and 
> the master, then regenerate them one by one?
>

You would need to clean them all off and generate new ones.  Really, 
though, I think there is very little advantage to doing so.  It is true 
that SHA-256 is a stronger hash than SHA-1, but that doesn't mean 
cryptographic certificates using SHA-1 are unacceptably weak.

If that's an issue that you need to settle reliably, however, then you 
should consult a security professional who is familiar with your 
infrastructure and requirements.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/fzbXx7_FxR4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Error: can't instantiate uninitialized class

2012-12-10 Thread Luca Gioppo 
No the behaviour has been always the same:
On the server I get:

Compiled catalog for jbossm.cortile.cloudlabcsi.
local in environment production in 1.53 seconds
Info: Caching catalog for jbossm.cortile.cloudlabcsi.local
Debug: Searched for resources in 0.01 seconds
Error: can't instantiate uninitialized class
Debug: Finishing transaction 69873076055740


On the  agent:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
can't instantiate uninitialized class
Debug: Using cached catalog for jbossm.cortile.cloudlabcsi.
local
Using cached catalog

What happens is the puppet_master says that it finishes the catalog 
compilation and than throws the error and the agent receives the error (the 
remote 400 error) and uses the cached catalog.
Debug all up in both master and agent.
If logs are on /var/log/puppet/masterhttp.log or rails.log nothing usefull 
no error (the rails.log is empty and I do not know how to enable logging on 
ruby)

It colud be a template??? I'll check it, but have no clue.
Thanks
Luca


Il giorno giovedì 6 dicembre 2012 12:14:51 UTC+1, Luca Gioppo ha scritto:
>
> OK I'm getting mad.
>
> All of a sudden after a few mods I received this error from the 
> puppet_master.
>
> I reverted all the changes done up to a last working set but no prize 
> still this error and I cannot understand what is happening it seems that it 
> manages to finish the catalog but than it stops.
>
> Here is a chunk of the output any idea on ohw to raise the level of debug 
> and getting something more useful?
> Puppet version 3.0.0
> Thanks
> Luca
>
> Compiled catalog for jbossm.cortile.cloudlabcsi.local in environment 
> production in 1.53 seconds
> Info: Caching catalog for jbossm.cortile.cloudlabcsi.local
> Debug: Searched for resources in 0.01 seconds
> Error: can't instantiate uninitialized class
> Debug: Finishing transaction 69873076055740
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/OL14msEWZFoJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Cannot generate tempfile

2012-12-10 Thread GordonJB 
Hi,

My Puppet clients are all curently failing to run, they give the following 
message on running the agent:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
cannot generate tempfile `/tmp/RackRewindableInput20121210-32328-1vnhs6g-9'
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Debug: Value of 'preferred_serialization_format' (pson) is invalid for 
report, using default (b64_zlib_yaml)
Debug: report supports formats: b64_zlib_yaml raw yaml; using b64_zlib_yaml
Error: Could not send report: Error 400 on SERVER: cannot generate tempfile 
`/tmp/RackRewindableInput20121210-32328-1wmrcaa-9'

There is space on the server and clients, however looking at df 
-a, /dev/mapper/puppet-root is at 100% used. Is this the problem? If so, 
how can I clean this out? Is there some sort of cleanup that should be run 
regularly on Puppet servers?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Mhj7e-Q0RnAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] augtool/augeas doesn't work in f17?

2012-12-10 Thread Dominic Cleal 
On 07/12/12 11:56, Bret Wortman wrote:
> Even in interactive mode, I get nothing out of augtool! What should I
> look at to see why this is failing? Syslog doesn't show anything
> illustrative, nor did puppet agent -t --debug.

The lack of errors from the augeas resource type should be much improved
now if you're able to use Puppet 3.

I've added debug if there are parsing errors (which will print output
equivalent to Raphaël's augtool suggestion) and warnings if you're using
context/incl parameters and it finds an error on a file you're trying to
modify.

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet master REST API returns 403 when running under passenger works when running from command line

2012-12-10 Thread Anadi Misra 
Hi! Everyone,

puppet agent is not able to fetch any files, plugins or post catalog, 
reports to the master. both puppet agent and master are on version 3.0.l, 
passenger version 3.0.18 ,

nginx version: nginx/1.3.9
built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx 
--conf-path=/apps/nginx/nginx.conf --pid-path=/apps/nginx/run/nginx.pid 
--error-log-path=/apps/nginx/logs/error.log 
--http-log-path=/apps/nginx/logs/access.log --with-http_ssl_module 
--with-http_gzip_static_module 
--add-module=/usr/lib/ruby/gems/1.8/gems/passenger-3.0.18/ext/nginx 
--add-module=/apps/Downloads/nginx/nginx-auth-ldap-master/

the agent command shows this output

[amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
--server bangvmpllda02.XX.com
Starting Puppet client version 3.0.1
Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: Error 403 on SERVER: Forbidden request: 10.209.47.31(10.209.47.31) 
access to /certificate_revocation_list/ca [find] at :106
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using 'eval_generate: Error 403 on SERVER: Forbidden request: 
10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on SERVER: 
Forbidden request: 10.209.47.31(10.209.47.31) access to 
/file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: Forbidden 
request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] 
at :106
Error: Could not retrieve catalog from remote server: Error 403 on SERVER: 
Forbidden request: 10.209.47.31(10.209.47.31) access to 
/catalog/blramisr195602.XX.com [find] at :106
Using cached catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Error 403 on SERVER: Forbidden request: 
10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com 
[save] at :106

and on master logs I see

[amisr1@blramisr195602 ~]$ sudo puppet agent --no-daemonize --verbose 
--server bangvmpllda02.XX.com
Starting Puppet client version 3.0.1
Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: Error 403 on SERVER: Forbidden request: 10.209.47.31(10.209.47.31) 
access to /certificate_revocation_list/ca [find] at :106
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using 'eval_generate: Error 403 on SERVER: Forbidden request: 
10.209.47.31(10.209.47.31) access to /file_metadata/plugins [search] at :106
Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on SERVER: 
Forbidden request: 10.209.47.31(10.209.47.31) access to 
/file_metadata/plugins [find] at :106 Could not retrieve file metadata for 
puppet://bangvmpllda02.XX.com/plugins: Error 403 on SERVER: Forbidden 
request: 10.209.47.31(10.209.47.31) access to /file_metadata/plugins [find] 
at :106
Error: Could not retrieve catalog from remote server: Error 403 on SERVER: 
Forbidden request: 10.209.47.31(10.209.47.31) access to 
/catalog/blramisr195602.XX.com [find] at :106
Using cached catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Error 403 on SERVER: Forbidden request: 
10.209.47.31(10.209.47.31) access to /report/blramisr195602.XX.com 
[save] at :106


I am not sure why is it evaluating things on IP?

I also changed agent setup to following

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
report = true
pluginsync = true
server = devops.XX.com
certname = blramisr195602.XX.com
dns_alt_names = 10.209.47.31
modulepath = /etc/puppet/modules

and resigned certifcates on master after clean up, but the puppet master 
still blocks it. However If I run through puppet master daemon (without 
nginx + passenger) all requests go through. 

Is there any specific configuration for Nginx host header etc or in 
passenger that I am missing?

BR/
Anadi Misra.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/nOSFMp3o9OsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: pasenger does not start puppet master under nginx

2012-12-10 Thread Anadi Misra 
The problem was I had misplaced config.ru inside public directory while it 
should have been in rack directory.

BR/
Anadi Misra

On Thursday, 6 December 2012 15:47:42 UTC+5:30, Anadi Misra wrote:
>
> On the server
>
> [root@bangvmpllDA02 logs]# ruby -v
> ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]
>
> [root@bangvmpllDA02 logs]# puppet --version
> 3.0.1
>
> and
>
> [root@bangvmpllDA02 logs]# service nginx configtest
> nginx: the configuration file /apps/nginx/nginx.conf syntax is ok
> nginx: configuration file /apps/nginx/nginx.conf test is successful
>
> [root@bangvmpllDA02 logs]# service nginx status
> nginx (pid 25923 25921 25920 25917 25908) is running...
> [root@bangvmpllDA02 logs]# 
>
> however none of my agents are able to connect to the master, they all fail 
> with errors like so
>
> [amisr1@blramisr195602 ~]$ puppet agent --test --verbose --server 
> bangvmpllda02.X.com
> Info: Creating a new SSL certificate request for blramisr195602.X.com
> Info: Certificate Request fingerprint (SHA256): 
> 26:EB:08:1F:82:32:E4:03:7A:64:8E:30:A3:99:93:26:E6:66:B9:B0:49:B6:08:F9:67:CA:1B:0C:00:B9:1D:41
> Error: Could not request certificate: Error 405 on SERVER: 
> 405 Not Allowed
> 
> 405 Not Allowed
> nginx
> 
> 
>
> Exiting; failed to retrieve certificate and waitforcert is disabled
>
> when I check logs on puppet master
>
> [root@bangvmpllDA02 logs]# tail puppet_access.log
> [05/Dec/2012:17:45:18 +0530] "GET /production/certificate/ca? HTTP/1.1" 
> 404 162 "-" "Ruby"
> [05/Dec/2012:18:32:23 +0530] "PUT /production/certificate_request/
> sl63anadi.X.com HTTP/1.1" 405 166 "-" "-"
> [05/Dec/2012:18:33:33 +0530] "GET /production/certificate/
> sl63anadi.X.com? HTTP/1.1" 404 162 "-" "-"
> [05/Dec/2012:18:33:33 +0530] "GET /production/certificate_request/
> sl63anadi.X.com? HTTP/1.1" 404 162 "-" "-"
> [05/Dec/2012:18:33:33 +0530] "PUT /production/certificate_request/
> sl63anadi.X.com HTTP/1.1" 405 166 "-" "-"
>
> and the error logs show that nginx is not really able to process the 
> request well
>
> 2012/12/05 18:33:33 [error] 25920#0: *23 open() 
> "/etc/puppet/rack/public/production/certificate/sl63anadi.X.com" 
> failed (2: No such file or directory), client: 10.209.47.26, server: , 
> request: "GET /production/certificate/sl63anadi.X.com? HTTP/1.1", 
> host: "bangvmpllda02.X.com:8140"
> 2012/12/05 18:33:33 [error] 25920#0: *24 open() 
> "/etc/puppet/rack/public/production/certificate_request/
> sl63anadi.X.com" failed (2: No such file or directory), client: 
> 10.209.47.26, server: , request: "GET /production/certificate_request/
> sl63anadi.X.com? HTTP/1.1", host: "bangvmpllda02.X.com:8140"
> 2012/12/05 18:47:56 [error] 25923#0: *27 open() 
> "/etc/puppet/rack/public/production/certificate/ca" failed (2: No such file 
> or directory), client: 10.209.47.31, server: , request: "GET 
> /production/certificate/ca? HTTP/1.1", host: "bangvmpllda02.X.com:8140
> "
> 2012/12/05 18:47:56 [error] 25923#0: *28 open() 
> "/etc/puppet/rack/public/production/certificate_request/
> blramisr195602.X.com" failed (2: No such file or directory), client: 
> 10.209.47.31, server: , request: "GET /production/certificate_request/
> blramisr195602.X.com? HTTP/1.1", host: "bangvmpllda02.X.com:8140"
>
> Passenger does not show any application groups either
>
> [root@bangvmpllDA02 nginx]# passenger-status 
> --- General information ---
> max  = 15
> count= 0
> active   = 0
> inactive = 0
> Waiting on global queue: 0
>
> --- Application groups ---
> [root@bangvmpllDA02 nginx]#
>
> here's my nginx configuration
>
> user  puppet;
> worker_processes  4;
>
> #error_log  logs/error.log;
> #error_log  logs/error.log  notice;
> error_log  logs/error.log  info;
>
> #pidlogs/nginx.pid;
>
>
> events {
> use epoll;
> worker_connections  1024;
> }
>
>
> http {
> include   mime.types;
> default_type  application/octet-stream;
>
> log_format  main  '$remote_addr - $remote_user [$time_local] 
> "$request" '
>   '$status $body_bytes_sent "$http_referer" '
>   '"$http_user_agent" "$http_x_forwarded_for"';
>
> access_log  logs/access.log  main;
>
> sendfileon;
> #tcp_nopush on;
> server_tokens off;
> #keepalive_timeout  0;
> keepalive_timeout  120;
>
> gzip  on;
> gzip_http_version 1.1;
> gzip_disable "msie6";
> gzip_vary on;
> gzip_min_length 1100;
> gzip_buffers 64 8k;
> gzip_comp_level 3;
> gzip_proxied any;
> gzip_types text/plain text/css application/x-javascript text/xml 
> application/xml;
>
> server {
> listen   80;
> server_name  bangvmpllda02.XX.com;
>
> charset utf-8;
>
> #access_log  logs/http.access.log  main;
>
> location / {
>

[Puppet Users] Re: augtool/augeas doesn't work in f17?

2012-12-10 Thread Raphink 


On Friday, December 7, 2012 12:56:27 PM UTC+1, Bret Wortman wrote:
>
> I've installed the augeas rpm (0.10.0-3.fc17.x86_64) to troubleshoot a 
> problem I was having with augeas and ensuring a line existed in 
> /etc/cron.allow. I think something's up because neither the augeas within 
> my manifest nor the augtool are accomplishing much of anything:
>
> # augtool print /files/etc/hosts/
> # augtool ls /files/etc/hosts/
> #
>
> Even in interactive mode, I get nothing out of augtool! What should I look 
> at to see why this is failing? Syslog doesn't show anything illustrative, 
> nor did puppet agent -t --debug.
>

Hi Bret,

Check if there is a parse error in /augeas//error with

print /augeas//error
 

Cheers,

Raphaël

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/x0s-qEvu8J8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet report aggregation

2012-12-10 Thread Luke Bigum 
On Thursday, December 6, 2012 10:07:43 PM UTC, John Warburton wrote:

> On 6 December 2012 20:29, Luke Bigum >wrote:
>
>> I haven't looked at The Foreman in a while but in my mind it's more like 
>> Puppet Dashboard - correct me if I'm wrong. What I'm aiming for is a tool 
>> that can aid change / release management where we run Puppet --noop across 
>> the estate, gather all the reports, then summarise what changes will be 
>> applied (resolv.conf changes on all hosts, fstab changes on 20 hosts, 
>> service X refreshes on Y hosts).
>>
>> I don't really want to be searching for explicit resources changing 
>> across hosts, it's the resources I don't know about that worry me ;-) Is 
>> the foreman worth a look in this case?
>>
>> Luke, we use the puppet dashboard which aggregates all the reports and 
> then lets us suck down a CSV ("Export nodes as CSV" on front page) which 
> contains a status of all resources on all machine reporting. We run puppet 
> in noop all the time, so need similar reports you are requesting. It is 
> just a matter of slicing & dicing the csv to get what you want
>
> % wget http://localhost:3000/nodes.csv
>
>
Thanks John and Ohad,

I use Puppet Dashboard but I've never tried that control before ;-) That 
should do as a very good start.

Cheers,

-Luke

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VIHTWkFeoQQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] user resource, get password from command on master

2012-12-10 Thread Martin Alfke 

On 10.12.2012, at 09:49, Andrei-Florian Staicu wrote:

> On Mon, Dec 10, 2012 at 10:28 AM, Martin Alfke  wrote:
> Hi Andrei,
> 
> On 10.12.2012, at 09:22, Andrei-Florian Staicu wrote:
> 
> > Hi all,
> >
> > I started managing users with puppet (3). Right now it works ok, but I have 
> > to change the hash manually in the manifest files. I would like users to 
> > login to the puppet master and change the password for themselves. Could I 
> > do something like this?
> > password => `grep $user /etc/shadow | awk -F ':' '{print $2}',
> >
> > Thanks.
> 
> You want to make use of a function:
> http://docs.puppetlabs.com/references/latest/function.html
> 
> Functions get executed on the master.
> 
> hth,
> 
> Martin
> 
> Hi Martin, and thanks for the quick answer.
> 
> Do you happen to know with what user do the scripts get executed on the 
> master? I it's not root, i might have to stick some sudos in there.

As far as I know, functions are run as user "puppet".
(Please verify your puppet.conf and look which user is used. Normally this is 
"puppet" or "pe-puppet" (on enterprise version)

> 
> Thanks.
> -- 
> Beware of programmers who carry screwdrivers!
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppetlabs nginx module

2012-12-10 Thread Paul Tötterman 

>
> Isn't this pretty bad because other module that may include stdlib would 
> cause an error?


Have you considered adding an issue at github?

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/dDMN0PwDpd0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] user resource, get password from command on master

2012-12-10 Thread Andrei-Florian Staicu 
On Mon, Dec 10, 2012 at 10:28 AM, Martin Alfke  wrote:

> Hi Andrei,
>
> On 10.12.2012, at 09:22, Andrei-Florian Staicu wrote:
>
> > Hi all,
> >
> > I started managing users with puppet (3). Right now it works ok, but I
> have to change the hash manually in the manifest files. I would like users
> to login to the puppet master and change the password for themselves. Could
> I do something like this?
> > password => `grep $user /etc/shadow | awk -F ':' '{print $2}',
> >
> > Thanks.
>
> You want to make use of a function:
> http://docs.puppetlabs.com/references/latest/function.html
>
> Functions get executed on the master.
>
> hth,
>
> Martin


Hi Martin, and thanks for the quick answer.

Do you happen to know with what user do the scripts get executed on the
master? I it's not root, i might have to stick some sudos in there.

Thanks.
-- 
Beware of programmers who carry screwdrivers!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] user resource, get password from command on master

2012-12-10 Thread Martin Alfke 
Hi Andrei,

On 10.12.2012, at 09:22, Andrei-Florian Staicu wrote:

> Hi all,
> 
> I started managing users with puppet (3). Right now it works ok, but I have 
> to change the hash manually in the manifest files. I would like users to 
> login to the puppet master and change the password for themselves. Could I do 
> something like this?
> password => `grep $user /etc/shadow | awk -F ':' '{print $2}',
> 
> Thanks.

You want to make use of a function:
http://docs.puppetlabs.com/references/latest/function.html

Functions get executed on the master.

hth,

Martin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] user resource, get password from command on master

2012-12-10 Thread Andrei-Florian Staicu 
Hi all,

I started managing users with puppet (3). Right now it works ok, but I have
to change the hash manually in the manifest files. I would like users to
login to the puppet master and change the password for themselves. Could I
do something like this?
password => `grep $user /etc/shadow | awk -F ':' '{print $2}',

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.