Re: [Puppet Users] user resource, get password from command on master

[Peter Brown]

On 12 December 2012 11:58, Jakov Sosic  wrote:

> On 12/10/2012 04:47 PM, jcbollinger wrote:
>
>  There are good, industry-standard approaches to centralized password
>> management.  You should really choose among those instead of rolling
>> your own.  One of the best-regarded is LDAP, and you could also consider
>> NIS (just to name two).  The former is more secure, but the latter is
>> very easy to set up.
>>
>
> Judging that the current solution stores passwords in /etc/shadow, I
> assume that these passwords are for ssh only, and if that's the case the
> easiest and most secure way would be to enforce ssh key logins, and
> distribute keys instead of passwords. Public keys could be updated without
> granting access to puppet master.
>
> If that's not the case, then LDAP is a way to go.


I was managing my users with puppet but I decided it wasn't the best way to
do it. I recently setup a FreeIPA server to use for authentication and
authorization.
It can also be used to auth ssh logins with keys.
I need to write some modules to manage setting it up on a node with puppet
but it's looking like the best option for what I need.
It's seems to have similar functionality too Active Directory and can even
sync with it.



-- 
> Jakov Sosic
> www.srce.unizg.hr
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to puppet-users+unsubscribe@**
> googlegroups.com .
> For more options, visit this group at http://groups.google.com/**
> group/puppet-users?hl=en
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] check if if file exists on client an master

[Romain Gales]

The facter should be executed on the server instead on the client.




On Thursday, December 13, 2012 1:29:23 AM UTC+1, Jakov Sosic wrote:
>
> On 11/28/2012 09:46 PM, Romain Gales wrote: 
> > there is what i tried: 
> > 
> > # getpfoleproxyver.rb 
> > # 
> > Facter.add(:getpfoleproxyver) do 
> >   setcode do 
> >   Facter::Util::Resolution.exec('basename `ls 
> > /softw4pc/Misc/pfoleproxy/pfoleproxy*.txt`') 
> >   end 
> > end 
> > 
> > the fact is working fine, but how to use this in my manifest? 
> > i tried a lot but it was always empty? 
> > 
> > $getpfoleproxyver should be correct, no? 
>
> Are you sure it's working on the client? You can see the value when you 
> type facter -p | grep getpfoleproxyver 
>
> ? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/7cJYuX2oy2YJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Strange signing problem in AWS - stumped

[jblaine]

Any light someone can shed sure would be appreciated.

I start with 1 cert -- the master's, where I am running this:

jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all
+ "ip-10-191-115-140.ec2.internal" 
(74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: 
"DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal")

jblaine@ip-10-191-115-140:~$


I have quadruple-confirmed that is the only certificate in existence in 
/var/lib/puppet/ssl.


I create a brand new EC2 instance and bootstrap it with the Cloud Provisioner:


jblaine@ip-10-191-115-140:~$ puppet node_aws bootstrap --group=hadoop-nodes \

--keyname=jblaine --image=ami-82fa58eb --type=t1.micro \

--puppet-version=2.7.20 --login=ubuntu \

--keyfile=~/.ssh/jblaine-bld.pem \

--server=ip-10-191-115-140.ec2.internal --verbose

...
notice: Waiting for SSH response ... Done
info: Executing remote command ...
info: Executing remote command ... Done
notice: Installing Puppet ...
info: Executing remote command ...
info: Executing remote command ... Done
info: Executing remote command ...
info: Executing remote command ... Done
notice: Puppet is now installed on: ec2-23-21-34-131.compute-1.amazonaws.com
notice: No classification method selected
notice: Signing certificate ...
err: Signing certificate ... Failed
err: Signing certificate error: Could not render to pson: The certificate 
retrieved from the master does not match the agent's private key.
Certificate fingerprint: E2:B3:43:ED:74:80:F7:6E:C0:3F:68:C2:95:74:40:AA


Say what?


jblaine@ip-10-191-115-140:~$ sudo puppet cert list

jblaine@ip-10-191-115-140:~$ sudo puppet cert list --all
+ 
"ec2-23-21-34-131.compute-1.amazonaws.com-fc73179f-951d-88dc-9477-d4dcddc6f585" 
(01:FD:22:FA:90:76:78:AF:91:90:77:69:1A:7A:41:95)
+ "ip-10-191-115-140.ec2.internal"  
  (74:8B:7B:EF:41:E6:F9:98:93:15:42:6A:4C:2F:28:CC) (alt names: 
"DNS:ip-10-191-115-140.ec2.internal", "DNS:puppet", "DNS:puppet.ec2.internal")
jblaine@ip-10-191-115-140:~$

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/O8UpAGKg8fcJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet with dedicated ruby install

[Jamie]

I've done this using gems.  I build Ruby from source (I use --prefix but 
not sure if it's required) and then use the new gem executable to install 
Puppet as gem.  Works great for me if you can use gems

BTW, I did this because we use CentOS 5 and I wanted to use Ruby 1.9.x + 
Puppet 3.x and had too much trouble trying every other method.  I also go 
one more step and build an RPM out of the new Ruby including it's gems. and 
distribute that to clients as a ruby+puppet package.

I asked a similar question before:
https://groups.google.com/d/topic/puppet-users/jRE97JXZqgQ/discussion

I couldn't figure out how to make Puppet use my custom Ruby and so tried 
out this gem method.  I'd love to hear if anyone else figures out another 
method.


On Wednesday, December 12, 2012 12:54:56 PM UTC-8, Alexander Philipp wrote:
>
> Are there any good guides out there to using Puppet agents with a 
> dedicated, separate ruby install?  Our apps are all Ruby based and require 
> different versions than Puppet.  Installing the agent from a package will 
> override our ruby installs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/SADZmI_ZingJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet module restart puppet client or not?

[Ugo Bellavance]

On Wednesday, December 12, 2012 6:13:41 PM UTC-5, Ryan Coleman wrote:
>
>
>
>
> On Wed, Dec 12, 2012 at 10:57 AM, Ugo Bellavance 
> > wrote:
>
>> Hi,
>>
>> I've built a puppet module myself to manage puppet.conf and I use a 
>> subscribe for the service, so it restarts the client whenever puppet.conf 
>> changes.  I think I shouldn't but I'd like to have a confirmation.   
>
> The fact that foreman sees a failure upon a change in puppet.conf makes me 
>> think even more that I am wrong...
>
>
> If the service was successfully restarted, it should register as a 
> successful change. That's normal behavior. Is that not what you see?
>
> Makes sense, but I think Foreman may have a way to determine whether the 
report is Applied, Restarted, Failed, Restart Failure, Skipped or Pending. 
 Maybe it shows Failed because it doesn't see the "Finished catalog run in 
0.64 seconds" at the end?  I guess maybe I should ask to the Foreman group, 
but I was mostly wondering whether it was a good idea or not to restart 
puppet when changing puppet.conf.

Thanks,

Ugo

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/0HW2jDtOobsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] check if if file exists on client an master

[Jakov Sosic]

On 11/28/2012 09:46 PM, Romain Gales wrote:
> there is what i tried:
> 
> # getpfoleproxyver.rb
> #
> Facter.add(:getpfoleproxyver) do
>   setcode do
>   Facter::Util::Resolution.exec('basename `ls
> /softw4pc/Misc/pfoleproxy/pfoleproxy*.txt`')
>   end
> end
> 
> the fact is working fine, but how to use this in my manifest?
> i tried a lot but it was always empty?
> 
> $getpfoleproxyver should be correct, no?

Are you sure it's working on the client? You can see the value when you
type facter -p | grep getpfoleproxyver

?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet module restart puppet client or not?

[Ryan Coleman]

On Wed, Dec 12, 2012 at 10:57 AM, Ugo Bellavance  wrote:

> Hi,
>
> I've built a puppet module myself to manage puppet.conf and I use a
> subscribe for the service, so it restarts the client whenever puppet.conf
> changes.  I think I shouldn't but I'd like to have a confirmation.

The fact that foreman sees a failure upon a change in puppet.conf makes me
> think even more that I am wrong...


If the service was successfully restarted, it should register as a
successful change. That's normal behavior. Is that not what you see?


>
> Thanks,
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/13IctiK6RhQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>



-- 
Ryan Coleman | Modules & Forge | @ryanycoleman | ryancoleman in #puppet

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] "could not find user" when running as daemon

[Jeff Goldschrafe]

Sorry to be a thread-necromancer, but we're seeing the same problem on a 
tiny subset of our hosts. We saw the problem on a CentOS 5 x86_64 host, 
then it mysteriously went away, and now we're consistently seeing it on a 
CentOS 5 i386 host. As with pattryn, the resource applies successfully when 
run from the command line with *puppet apply*, but does not when Puppet is 
running with *puppet agent -t*. SELinux is in permissive mode. Things work 
fine when nscd is running, but like many CentOS 5 users, we'll never touch 
that thing in production.

We saw this behavior originally on the 2.7 client, upgraded to the 3.0 
client, and are still seeing the issue.

Anyone have any ideas?

-Jeff

On Wednesday, July 18, 2012 3:09:07 PM UTC-4, jcbollinger wrote:
>
>
>
> On Wednesday, July 18, 2012 9:09:12 AM UTC-5, krish wrote:
>>
>> On Wed, Jul 18, 2012 at 7:28 PM, pattryn > 
>> wrote: 
>> > Nope. 
>> > 
>> > Curiously it works if I enable the nscd daemon but it's not very 
>> reliable 
>> > and I would prefer not to use it. 
>> > 
>>
>>
>> nscd is kinda required to read your passwd database and such.
>
>
> Not so.  Nscd is an entirely optional service.  Many people don't use it.  
> Some Linux distros don't even install it by default.
>  
>
>> AFAIK, 
>> puppet relies on it to read if a user/group exist <-- Can someone 
>> re-confirm? :) 
>>
>
> No, because that's not true either.  How Puppet determines which users and 
> groups exist depends on which User and Group "providers" are chosen, which 
> depends on the OS and the available tools, but nscd is not relevant -- it 
> doesn't operate at the level of the system tools Puppet uses.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/fDItE2r_wA0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: Puppet setup issues

[vioilly]

Looks like a connectivity issue to me..

here are my steps to get puppet installed

install puppet master with passenger


1 - install centos 6.3 minimal

2 - configure IP address and hostname - do not set a fqdn hostname. 

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Assign private static IP address

vi /etc/resolv.conf

update accordingly (domain search and nameserver)

2 - run yum update -y

3 - install vmware tools

rpm --import 
http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
rpm --import 
http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub


cat < /etc/yum.repos.d/vmware-tools.repo
[vmware-tools]
name=VMware Tools
#baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel5/\$basearch
baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel6/\$basearch
enabled=1
gpgcheck=1
EOT

yum -y install vmware-tools-esx-nox

4 - set iptables (modify where applicable)

iptables -I INPUT 5 -s 10.1.1.0/24 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 6 -s 10.1.1.0/24 -m tcp -p tcp --dport 8140 -j ACCEPT

service iptables save

iptables -L

5 - Install EPEL and puppet repos

rpm -Uvh 
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
rpm -ivh 
http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

6 - install puppet master and puppet agent

yum install puppet-server puppet -y


7 - create a puppet ca cert

puppet master --no-daemonize --verbose

(note - ctrl+c to break out of puppet master deamon

8 -  install system tools to install passenger

yum -y install httpd httpd-devel ruby-devel rubygems mod_ssl make gcc 
gcc-c++ curl-devel openssl-devel zlib-devel make wget

9 - install rack using gem

gem install rack

10 - install passenger using gem

gem install passenger

11 - Set up passenger

passenger-install-apache2-module

11 - Config rack.conf

cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf

update the rack.conf with the puppet 3.0.1 SSL directory path 
(var/llis/puppet/ssl) and change hostname for certs. (inclue passenger 
output from above step 11)

12 - create rack directories

mkdir -p /etc/puppet/rack/public/

13 - copy config.ru rack file to rack web directory

cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/

14 - change ownership of config.ru rack file to puppet

chown puppet:puppet /etc/puppet/rack/config.ru

15 - set httpd to start on boot and puppetmaster to not start

chkconfig httpd on
chkconfig puppetmaster off

16 start apache

service httpd start

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/GTH8Q8zF96gJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet with dedicated ruby install

[Matthias Viehweger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Alexander!

On Wed, Dec 12, 2012 at 12:54:56PM -0800, Alexander Philipp wrote:
> Are there any good guides out there to using Puppet agents with a 
> dedicated, separate ruby install?  Our apps are all Ruby based and require 
> different versions than Puppet.  Installing the agent from a package will 
> override our ruby installs.

We do this the other way around. Puppet runs on system ruby (Ubuntu's
Ruby 1.8) while the apps have their dedicated rvm-setup.

Cheers,
Matthias Viehweger
- -- 
Serververwaltung und Softwareentwicklung
 
https://www.heute-kaufen.de
Prinzessinnenstraße 20 - 10969 Berlin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJQyQxhAAoJENF9b50VgROLtFAIAJP6X0F+VN3iSBYWoQrnE+zb
hwq1wK+Jrj3+ZY75dWGOM7IoAG5e6HGSiNdAH2J3Xu2SmOvWl183WTb4gsfNFL+Y
w0p+o/imkWzJJ1G+rjvUAAVI85YeEVgXDOmd5GQGND37Wt/97v0ou7mFf/rb1yC7
gQX1msuz3Py/p1QOU1QgL+X8UGVsc4FhOFtd6+zZGGodsbYq+AWukY4QKkYP+3t2
uJOELYS9ObR1T4WeliW2bDd/1jb/80lFOWZdtErZL6gEd3x63W/DPBjV/DpP949c
CY1Rjoy84Uqq4PVb3R3xT73qYxLW2dtgZCmZlA+C2rbJkD624XV8CErMwRum4ic=
=2aA9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Agent 3.0.1 intermitently doesn't wake up

[MasterPO]

I have 39 RHEL nodes running the puppet agent and intermitently from 1 to 3 
nodes will go unresponsive and require intervention to become active again.

I collected the following for one such instance from this morning:

Hung Puppet agent information:

[root@anmvwms3 ~]# rpm -qa | grep puppet
puppet-3.0.1-1.el5


[root@anmvwms3 ~]# ps -ef | grep puppet
root 12421 1  0 Dec10 ?00:03:02 /usr/bin/ruby 
/usr/bin/puppet agent --server=puppet --logdest=/var/log/puppet/puppet.log

[root@anmvwms3 ~]# ps -eo pid,ppid,state,comm,time,pri,size,wchan | grep 
puppet
12421 1 S puppet  00:03:02  21 43028 -

[root@anmvwms3 ~]# ps -elf | grep 12421
5 S root 12421 1  0  78   0 - 12877 -  Dec10 ?00:03:02 
/usr/bin/ruby /usr/bin/puppet agent --server=puppet 
--logdest=/var/log/puppet/puppet.log


[root@anmvwms3 ~]# cat /proc/12421/status
Name:   puppet
State:  S (sleeping)
SleepAVG:   78%
Tgid:   12421
Pid:12421
PPid:   1
TracerPid:  0
Uid:0   0   0   0
Gid:0   0   0   0
FDSize: 32
Groups: 0 1 2 3 4 6 10
VmPeak:52620 kB
VmSize:51508 kB
VmLck: 0 kB
VmHWM: 36772 kB
VmRSS: 36012 kB
VmData:42748 kB
VmStk:   280 kB
VmExe: 4 kB
VmLib:  8104 kB
VmPTE:   116 kB
StaBrk: 08cb6000 kB
Brk:0a404000 kB
StaStk: bfc8b270 kB
Threads:1
SigQ:   0/81920
SigPnd: 
ShdPnd: 
SigBlk: 
SigIgn: 
SigCgt: 000182007e47
CapInh: 
CapPrm: feff
CapEff: feff
Cpus_allowed:   0001
Mems_allowed:   1


Right now, I just restart puppet on the node to get it to resume 
functioning.

Is this a known issue?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/W2GYBMTmUSwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Converting puppet client to servr

[Bret Wortman]

Yeah, I was starting to think that was the solution.  


-- 
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman


On Wednesday, December 12, 2012 at 5:26 PM, Jakov Sosic wrote:

> On 12/12/2012 10:04 PM, Bret Wortman wrote:
> > Is there an easy way to convert a puppet client into being a puppet master?
> > 
> > Here's the scenario. I'm using puppet to configure all my systems, and
> > would like it to be able to deploy a new puppet master as well. We have
> > systems worldwide so having local puppet masters is very desirable for
> > fault tolerance. So Kickstart (via cobbler) installs a puppet client
> > during the initial system installation, then puppet installs everything
> > else. And I've written a puppet-server module to attempt to deploy the
> > puppet-server package, but I end up getting into certificate problems
> > every time.
> > 
> > The initial cert draws complaints, so I delete it and clean the
> > certificate from the master, but then the systems will not connect under
> > any circumstances:
> > 
> > # puppet agent -t
> > Exiting: no certificate found and waitforcert is disabled
> > 
> > There's no request on the master (either this or the other).
> > 
> > Thoughts?
> 
> You should deploy master through cobbler, or run masterless puppet to
> set up the master.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.
> 
> 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Converting puppet client to servr

[Jakov Sosic]

On 12/12/2012 10:04 PM, Bret Wortman wrote:
> Is there an easy way to convert a puppet client into being a puppet master?
> 
> Here's the scenario. I'm using puppet to configure all my systems, and
> would like it to be able to deploy a new puppet master as well. We have
> systems worldwide so having local puppet masters is very desirable for
> fault tolerance. So Kickstart (via cobbler) installs a puppet client
> during the initial system installation, then puppet installs everything
> else. And I've written a puppet-server module to attempt to deploy the
> puppet-server package, but I end up getting into certificate problems
> every time.
> 
> The initial cert draws complaints, so I delete it and clean the
> certificate from the master, but then the systems will not connect under
> any circumstances:
> 
> # puppet agent -t
> Exiting: no certificate found and waitforcert is disabled
> 
> There's no request on the master (either this or the other).
> 
> Thoughts?

You should deploy master through cobbler, or run masterless puppet to
set up the master.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet dashboard inventory

[vioilly]

I have a puppet master install which uses puppetdb. I also have puppet 
dashboard installed with the inventory service running. I want multiple 
puppet masters using a single puppetDB server. Puppetdb is installed on 
separate vm.

How can I get the dashboard inventory to use the puppetdb server to get the 
inventory records? Where do I configure the dashboard inventory so it uses 
puppetdb? 

I have configured vi /usr/share/puppet-dashboard/
config/settings.yml

with 

# The "inventory service" allows you to connect to a puppet master to 
retrieve and node facts
enable_inventory_service: true

# Hostname of the inventory server.
inventory_server: 'puppet-server1.domain.net'

# Port for the inventory server.
inventory_port: 8081

However, inventory is not picking up any information

Inventory 
Could not retrieve facts from inventory service: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv3 read finished A

Can anyone help ?

Cheers,
Oli

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/M5qGsGUPcMsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] puppet dashbaord inventory

[vioilly]

I have a puppet master install which uses puppetdb. I also have puppet 
dashboard installed with the inventory service running. I want multiple 
puppet masters using a single puppetDB server. Puppetdb is installed on 
separate vm.

How can I get the dashboard inventory to use the puppetdb server to get the 
inventory records? Where do I configure the dashboard inventory so it uses 
puppetdb? 

I have configured vi /usr/share/puppet-dashboard/config/settings.yml

with 

# The "inventory service" allows you to connect to a puppet master to 
retrieve and node facts
enable_inventory_service: true

# Hostname of the inventory server.
inventory_server: 'puppet-server1.domain.net'

# Port for the inventory server.
inventory_port: 8081

However, inventory is not picking up any information

Inventory 
Could not retrieve facts from inventory service: SSL_connect SYSCALL 
returned=5 errno=0 state=SSLv3 read finished A

Can anyone help ?

Cheers,
Oli


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ppyrW5IgGFsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[Josh Cooper]

Hi Oli,

On Wed, Dec 12, 2012 at 4:02 AM, vioilly  wrote:
> I have installed puppet 3.0.1,

Installed as a gem or native package?

> passenger 3.0.18 and ruby 1.9.3 and have hit
> errors. The error I am hitting is this:
>
> Error message: cannot load such file -- puppet/util/command_line
> Exception class: LoadError
>
>
> I get this when hitting the puppet server using https://puppetserver:8140
>
> If I use ruby 1.8, everything works. This is a new deployment so I would
> like to use ruby 1.9.3 rather than the older version of ruby.
>
> It appears to me that this is a PATH issue. Does anyone know how to fix
> this?

In your puppet config.ru, can you verify that puppet's lib directory
is in the $LOAD_PATH? Also note the line at the top of that file.

As far as why it works on 1.8.7, but not 1.9.3, makes me think that
puppet is installed as a gem, and that there are rubygem differences
between the two rubies.

>
>
> Cheers,
>
> Oli
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/n9UUHUqHYlQJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.



--
Josh Cooper
Developer, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] synchronizing git repository

[Kevin]

Have you considered the vcsrepo module for this?
https://github.com/puppetlabs/puppetlabs-vcsrepo

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] synchronizing git repository

[VB]

Guys,

there must be a 'standard' way of doing this, but I don't seem to be able 
to find one:

say there is a utility on the agent which is compiled/installed from a git 
repository. When the utility is not there, the standard sequence of 
commands is executed

git clone 
cd 
./configure
make
make install

The question is how to ensure that the utility stays up to date. Say I can 
execute 'git pu'll' on every agent run, what would be the right way to have 
the puppet agent to rebuild/reinstall/redeploy the utility only if there is 
a change.

TIA,
/vb


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/by5nkzI2AwEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet with dedicated ruby install

[Michael Stahnke]

On Wed, Dec 12, 2012 at 12:54 PM, Alexander Philipp
 wrote:
> Are there any good guides out there to using Puppet agents with a dedicated,
> separate ruby install?  Our apps are all Ruby based and require different
> versions than Puppet.  Installing the agent from a package will override our
> ruby installs.
Just a note that this is one of the features of Puppet Enterprise. It
is setup with it's own Ruby.

You can certainly do this too.  I am not aware of guides though.

>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/YAb364xKLU8J.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Converting puppet client to servr

[Bret Wortman]

Is there an easy way to convert a puppet client into being a puppet master?

Here's the scenario. I'm using puppet to configure all my systems, and 
would like it to be able to deploy a new puppet master as well. We have 
systems worldwide so having local puppet masters is very desirable for 
fault tolerance. So Kickstart (via cobbler) installs a puppet client during 
the initial system installation, then puppet installs everything else. And 
I've written a puppet-server module to attempt to deploy the puppet-server 
package, but I end up getting into certificate problems every time.

The initial cert draws complaints, so I delete it and clean the certificate 
from the master, but then the systems will not connect under any 
circumstances:

# puppet agent -t
Exiting: no certificate found and waitforcert is disabled

There's no request on the master (either this or the other).

Thoughts?

Puppet 3.0.1 from puppetlabs rpms on Fedora 17.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VR0FzMXrsPkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet with dedicated ruby install

[Alexander Philipp]

Are there any good guides out there to using Puppet agents with a 
dedicated, separate ruby install?  Our apps are all Ruby based and require 
different versions than Puppet.  Installing the agent from a package will 
override our ruby installs.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/YAb364xKLU8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

[Stefan Schulte]

On Wed, Dec 12, 2012 at 04:19:17AM -0800, digrouz wrote:
> Hello,
> 
> Any updates when the fix will be implemented?
> 
> 

Hi digrouz,

I am currently assigned to the ticket
http://projects.puppetlabs.com/issues/11675 and have done some work
already. The problem is that I first have to improve the test coverage
to do any real changes so it is more work than I had expected.

I hope I'll have a pull request ready around christmas.

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet Setup - Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Connection refused - connect(2)

[Jakov Sosic]

On 12/12/2012 04:24 PM, Robert Pemberton wrote:
> I have followed many tutorials including the ones provided by puppetlabs
> and I keep seeing the same issues. I began by installing puppet on
> machine: puppet001, and puppet master on machine: puppetMaster. The
> hosts files were then configured so that both machines were reachable by
> the machine name. The puppet.conf files were then updated, and a cert
> was generated and sent from puppet001 to puppetMaster. PuppetMaster
> signed the cert. After this I tried to run "puppet agent —test" and the
> below info is returned.

Hard to tell what's the problem, please post puppet.conf from your
client machine, and also check if firewalls are active and turn them off
until you get it to work without firewall.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: can I install modules based on manifest file?

[Jakov Sosic]

On 12/12/2012 04:53 PM, Maxym Pendyshchuk wrote:
> Thank you John, it helps; since I played with standalone I have not
> thought about it this way... So that's a good part :)
> 
> And seems like I need to store a list of plugins I install on master
> anyway, just in case server with master fail or I need to reinstall it..
> Because as I see there are e.g. few different modules for postgresql and
> I need to know what exactly is/was used for my manifest.

Just create versioning control repo (mercurial,git,or whatever) out of
your /etc/puppet/modules directory and that's it. Every now and then
push the changes to some other machine or back it up with your
organiozation's backup solution and that's it.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[Eric Sorenson]

MRI Ruby 1.9.3 is in the testing matrix and is fully 
supported: http://docs.puppetlabs.com/guides/platforms.html#ruby-versions

There is one issue I'm aware of, with collecting resources: 
https://projects.puppetlabs.com/issues/10963

If there are others please file bugs in redmine about them as there was a 
ton of work that went into making Puppet 3.0 fully run under Ruby 1.9.3 but 
obviously it's a big world and not all code paths might have been fixed.

-=Eric

On Wednesday, December 12, 2012 8:41:26 AM UTC-8, Stephen Price wrote:
>
> I believe Hiera (or puppet-hiera, not sure) has outstanding issues with 
> anything other than Ruby 1.8.7. Last time I tried using 1.9.3 with Puppet 3 
> I had to revert. Please correct me if I'm mistaken.
>
> On Wednesday, December 12, 2012 4:31:51 AM UTC-8, vioilly wrote:
>>
>> I am going to revert to 1.8 for the time being although I was under the 
>> impression ruby 1.9 give performance benefits. If anyone else has 
>> information on whether 1.9.3 is supported, stable and has it working, 
>> please let me know.
>>
>> On Wednesday, December 12, 2012 12:23:30 PM UTC, Jelle B. wrote:
>>>
>>> As far as I know there is still a compatibility issue between puppet 3.0 
>>> and ruby 1.9.3, I also need this to work due to  needing 1.9.3 for 
>>> a application targeted to run on the same machine as my puppet environment 
>>> but thus far it has been a no go.
>>>
>>> Some googling has given me some options to link the right version 
>>> depending on what is needed , in essence installing different ruby 
>>> versions depending on requirements next to each other but for me this is 
>>> not a great solution for a production environment.
>>>
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/IcbPt02seFAJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet module restart puppet client or not?

[Ugo Bellavance]

Hi,

I've built a puppet module myself to manage puppet.conf and I use a 
subscribe for the service, so it restarts the client whenever puppet.conf 
changes.  I think I shouldn't but I'd like to have a confirmation.  The 
fact that foreman sees a failure upon a change in puppet.conf makes me 
think even more that I am wrong...

Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/13IctiK6RhQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Platform Support at {apt,yum}.puppetlabs.com

[Matthaus Owens]

I mentioned at the end of October that we would soon be removing
Fedora 15, Debian Lenny, and Ubuntu Maverick repos from our apt and
yum repos[1]. That time has arrived. The repos will be removed this
Friday (12/14).

[1] - 
https://groups.google.com/group/puppet-users/browse_thread/thread/c2b13082a55ace9e

-- 
Matthaus Owens
Release Manager, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera broken in puppet-3

[asq]

W dniu środa, 12 grudnia 2012 17:39:59 UTC+1 użytkownik Peter De Cleyn 
napisał:
>
> I just did the same process of debugging you did (should learn to search 
> this list first) and the proposed solution works for me.
>
> Did you file this as a bug yet on the puppet ticketing system (can't find 
> it there)  so I can vote ;-)
>

here you go: http://projects.puppetlabs.com/issues/14985 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/Frzq-G9JDeYJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[Stephen Price]

I believe Hiera (or puppet-hiera, not sure) has outstanding issues with 
anything other than Ruby 1.8.7. Last time I tried using 1.9.3 with Puppet 3 
I had to revert. Please correct me if I'm mistaken.

On Wednesday, December 12, 2012 4:31:51 AM UTC-8, vioilly wrote:
>
> I am going to revert to 1.8 for the time being although I was under the 
> impression ruby 1.9 give performance benefits. If anyone else has 
> information on whether 1.9.3 is supported, stable and has it working, 
> please let me know.
>
> On Wednesday, December 12, 2012 12:23:30 PM UTC, Jelle B. wrote:
>>
>> As far as I know there is still a compatibility issue between puppet 3.0 
>> and ruby 1.9.3, I also need this to work due to  needing 1.9.3 for 
>> a application targeted to run on the same machine as my puppet environment 
>> but thus far it has been a no go.
>>
>> Some googling has given me some options to link the right version 
>> depending on what is needed , in essence installing different ruby 
>> versions depending on requirements next to each other but for me this is 
>> not a great solution for a production environment.
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/X6ZMYXzgcz4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: hiera broken in puppet-3

[Peter De Cleyn]

I just did the same process of debugging you did (should learn to search
this list first) and the proposed solution works for me.

Did you file this as a bug yet on the puppet ticketing system (can't find
it there)  so I can vote ;-)

Peter


On Mon, Oct 29, 2012 at 7:04 PM, asq  wrote:

> ok, i got it working with this patch:
> https://github.com/Fewbytes/puppet/commit/71d9449464d5f10042b9cc31aea1586f98363293
> however, if i apply the rest of this PR it breaks again. so beware :)
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/iOiOln1U40kJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Re: in-module data with hiera

[R.I.Pienaar]

- Original Message -
> From: "Jakov Sosic" 
> To: puppet-users@googlegroups.com
> Sent: Wednesday, December 5, 2012 11:15:57 PM
> Subject: Re: [Puppet Users] Re: in-module data with hiera
> 
> On 12/05/2012 09:45 PM, Stefan Goethals wrote:
> > Not having any problem with osfamily i agree with John.
> > A default to 'common' would suffice i believe.
> 
> Agree, common is more than enough as default.

I've updated my pull request[1] with this feedback and the bugs
Zipkid reported, any testers and more feedback welcome

[1] https://github.com/puppetlabs/puppet/pull/1217

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: can I install modules based on manifest file?

[Maxym Pendyshchuk]

Thank you John, it helps; since I played with standalone I have not thought 
about it this way... So that's a good part :) 

And seems like I need to store a list of plugins I install on master 
anyway, just in case server with master fail or I need to reinstall it.. 
Because as I see there are e.g. few different modules for postgresql and I 
need to know what exactly is/was used for my manifest.

On Wednesday, December 12, 2012 4:57:21 PM UTC+2, jcbollinger wrote:
>
>
>
> On Tuesday, December 11, 2012 9:23:39 AM UTC-6, Maxym Pendyshchuk wrote:
>>
>> Dear puppet community!
>>
>> I am new to puppet, just started to play with.. And I got a question 
>> (hopefully not too silly): I use a standalone version to play with. I wrote 
>> a script to install PostgreSQL DB, it uses a module 
>> puppetlabs /postgresql
>>
>> so to run this manifest, puppet should have it installed. As I got from 
>> the documentation I need to do it manually (using puppet module install 
>> ...). The question is if I can specify it in manifest (to check if puppet 
>> has this module installed and install if does not). The reason is that if I 
>> move to master/agents configuration, I want to install agents only where 
>> and when I need, and do not want to install all modules needed (although I 
>> can write a script, like bash, I do not want to do it, I want to take 
>> everything needed in one place :)
>>
>> is it possible to solve it this way? Or is 'puppet module install ..' the 
>> only way?
>>
>
> You seem to have a misunderstanding.  Puppet modules get installed only on 
> the master.  They define collections of configuration properties that you 
> may choose to apply to nodes (with the cooperation of agents running on 
> those nodes), as you configure on the master.  Anything from a module that 
> needs to be installed on agents for them to work with that module is 
> handled automatically by Puppet via its "plugin sync" feature.  Bottom 
> line: the behavior you want (as I understand it) is standard; you don't 
> need to do anything special to get it.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/CW7KAqpTcWEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet setup issues

[Robert Pemberton]

 

I have followed a few different tutorials, including the puppetlabs guide 
and I keep getting the same issue on VMs and on the servers. I began by 
installing puppet on machine: puppet001, and puppet master on machine: 
puppetMaster. The hosts files were then configured so that both machines 
were reachable by the machine name. The puppet.conf files were then 
updated, and a cert was generated and sent from puppet001 to puppetMaster. 
PuppetMaster signed the cert. After this I tried to run "puppet agent 
—test" and the below info is returned. 


info: Retrieving plugin

err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional 
resources using 'eval_generate: Connection refused - connect(2)

err: Could not retrieve plugin: execution expired

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb

err: Could not retrieve catalog from remote server: Connection refused - 
connect(2)

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

err: Could not send report: Connection refused - connect(2)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/-4iE-s_Hw_sJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Puppet Setup - Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Connection refused - connect(2)

[Robert Pemberton]

 

I have followed many tutorials including the ones provided by puppetlabs 
and I keep seeing the same issues. I began by installing puppet on machine: 
puppet001, and puppet master on machine: puppetMaster. The hosts files were 
then configured so that both machines were reachable by the machine name. 
The puppet.conf files were then updated, and a cert was generated and sent 
from puppet001 to puppetMaster. PuppetMaster signed the cert. After this I 
tried to run "puppet agent —test" and the below info is returned. 


info: Retrieving plugin

err: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional 
resources using 'eval_generate: Connection refused - connect(2)

err: Could not retrieve plugin: execution expired

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/custom_auth_conf.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/pe_version.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/puppet_vardir.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/root_home.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/concat_basedir.rb

info: Loading facts in /var/opt/lib/pe-puppet/lib/facter/facter_dot_d.rb

err: Could not retrieve catalog from remote server: Connection refused - 
connect(2)

warning: Not using cache on failed catalog

err: Could not retrieve catalog; skipping run

err: Could not send report: Connection refused - connect(2)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/SDvXaqagHT0J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: can I install modules based on manifest file?

[jcbollinger]

On Tuesday, December 11, 2012 9:23:39 AM UTC-6, Maxym Pendyshchuk wrote:
>
> Dear puppet community!
>
> I am new to puppet, just started to play with.. And I got a question 
> (hopefully not too silly): I use a standalone version to play with. I wrote 
> a script to install PostgreSQL DB, it uses a module 
> puppetlabs /postgresql
>
> so to run this manifest, puppet should have it installed. As I got from 
> the documentation I need to do it manually (using puppet module install 
> ...). The question is if I can specify it in manifest (to check if puppet 
> has this module installed and install if does not). The reason is that if I 
> move to master/agents configuration, I want to install agents only where 
> and when I need, and do not want to install all modules needed (although I 
> can write a script, like bash, I do not want to do it, I want to take 
> everything needed in one place :)
>
> is it possible to solve it this way? Or is 'puppet module install ..' the 
> only way?
>

You seem to have a misunderstanding.  Puppet modules get installed only on 
the master.  They define collections of configuration properties that you 
may choose to apply to nodes (with the cooperation of agents running on 
those nodes), as you configure on the master.  Anything from a module that 
needs to be installed on agents for them to work with that module is 
handled automatically by Puppet via its "plugin sync" feature.  Bottom 
line: the behavior you want (as I understand it) is standard; you don't 
need to do anything special to get it.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/VJl0OD3ythsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: How to handle multi-variable cross cutting concerns in hiera?

[jcbollinger]

On Tuesday, December 11, 2012 11:10:48 AM UTC-6, Schofield wrote:
>
>
> Hiera allows you to lay out your data in two dimensions: data file and 
>> key.  Whatever selection rules you want to use to choose particular data 
>> need to operate in that context.  There are at least three ways in which 
>> you can embed additional dimensions:
>>
>>1. You can create separate hierarchies or hierarchy pieces based on 
>>node data, by interpolating the data into the hierarchy definition file
>>2. You can use compound keys
>>3. You can expand your values into hashes (with the hash keyspace 
>>constituting an additional dimension)
>>
>> Would you mind going into detail on options 2 and 3? 
>

Option 2:

Instead of having keys of (say) this form:

foo

At least some of them have form similar to this:

__foo

Then you account for that specifically when you perform lookups:

foo = hiera("${environment}__mymodule::myclass::foo")

That only works for explicit lookups, however: where you want to provide 
for class parameter autolookup then you need to use specific keys.  Of 
course, I generally recommend using explicit lookups instead of class 
parameters anyway, but that's a different discussion.


Option 3:

Luke was right that I was talking about using complex data structures in 
your hiera data, but I was trying to describe a somewhat narrower and more 
specific use than he recognized.  I was suggesting that (some of) your 
hiera data can look like this:

mymodule::myclass::foo:
  development: dev_foo
  production: prod_foo

So that in your manifests you can write:

$foo_hash = hiera('mymodule::myclass::foo')
$foo = foo_hash[$environment]
 

>
> Getting messy, quickly is my concern if the hierarchy is not the best fit 
> for the enterprise or the enterprise architecture changes. Are there any 
> rules of thumb to consider that would suggest hiera is not the best data 
> externalization tool and someone might be better off with a RDMS or 
> denormalized search index as the external data source?
>
>
I don't have any rules of thumb for you, as it really depends a lot on your 
priorities, and also somewhat on your available resources.  However, I 
think some of the hiera metrics you should be evaluating are

   - The number of separate files you will need
   - The complexity of the data files and their layout
   - The amount of data duplication required
   - Your manifests' usage of hiera-dependent features (mainly class 
   parameter autolookup)
   
Also remember that hiera has some nice advantages stemming from the 
relatively simple form its data take.  You can put them under version 
control alongside your manifests, for example, and you can modify them with 
a plain text editor.  You don't need any separate software to be running to 
get at the data.

Remember too that hiera supports multiple, pluggable back-ends.  Instead of 
replacing hiera, you could consider just adding a custom back-end for some 
of your more unruly data.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/I2lZrL4k8dUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: exec GIT Variable PS1

[MaTi Villagra]

Jakov, yours suggestion works perfectly. 

The only thing missing is that exec will write the only every time puppet 
parser goes by. 

So I will code a onlyif condition under that exec. 

I will poste the final result here. 

Thanks! 

El martes, 11 de diciembre de 2012 10:18:45 UTC-6, MaTi Villagra escribió:
>
> Hello I'm trying to push PS1 variable at .bashrc file 
>
> exec { 'GIT PS1 Variable':
> cwd => '/home/developer/.bashrc',
> command => '/bin/echo "PS1='[\u@\h \W\$(__git_ps1  " \"" (%s)"\"")]\$ 
> ' " >> /home/developer/.bashrc',
> user => developer,
> group => developer,
>}
>
> But client side  I get 
>
> Dec 11 10:15:43 glb7240 puppet-agent[19762]: Could not retrieve catalog 
> from remote server: Error 400 on SERVER: Syntax error at '['; expected ']' 
> at /etc/puppet/modules/defaults/manifests/bash-extras.pp:53
>
> If I copy command it work perfectly. Any toughs  ? 
>
>
> Thanks. Appreciate. 
>
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/ZTs9_Jtk6JMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[vioilly]

I am going to revert to 1.8 for the time being although I was under the 
impression ruby 1.9 give performance benefits. If anyone else has 
information on whether 1.9.3 is supported, stable and has it working, 
please let me know.

On Wednesday, December 12, 2012 12:23:30 PM UTC, Jelle B. wrote:
>
> As far as I know there is still a compatibility issue between puppet 3.0 
> and ruby 1.9.3, I also need this to work due to  needing 1.9.3 for 
> a application targeted to run on the same machine as my puppet environment 
> but thus far it has been a no go.
>
> Some googling has given me some options to link the right version 
> depending on what is needed , in essence installing different ruby 
> versions depending on requirements next to each other but for me this is 
> not a great solution for a production environment.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/RxmFGiMoJPkJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[Jelle B.]

As far as I know there is still a compatibility issue between puppet 3.0 
and ruby 1.9.3, I also need this to work due to  needing 1.9.3 for 
a application targeted to run on the same machine as my puppet environment 
but thus far it has been a no go.

Some googling has given me some options to link the right version depending 
on what is needed , in essence installing different ruby 
versions depending on requirements next to each other but for me this is 
not a great solution for a production environment.


On Wednesday, December 12, 2012 1:02:07 PM UTC+1, vioilly wrote:
>
> I have installed puppet 3.0.1, passenger 3.0.18 and ruby 1.9.3 and have 
> hit errors. The error I am hitting is this:
>
> Error message:cannot load such file -- puppet/util/command_lineException 
> class:LoadError
>
>
> I get this when hitting the puppet server using https://puppetserver:8140
>
> If I use ruby 1.8, everything works. This is a new deployment so I would 
> like to use ruby 1.9.3 rather than the older version of ruby. 
>
> It appears to me that this is a PATH issue. Does anyone know how to fix 
> this?
>
>
> Cheers,
>
> Oli
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/xE2NKyWTyjUJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] expiry attribut of users applied every time

[digrouz]

Hello,

Any updates when the fix will be implemented?



On Thursday, October 11, 2012 9:23:42 PM UTC+2, Jeff McCune wrote:
>
> On Oct 11, 2012, at 12:13 PM, Stefan Schulte 
> > wrote: 
>
> > On Thu, Oct 11, 2012 at 10:47:41AM -0700, Jeff McCune wrote: 
> >> Nicholas, 
> >> 
> >> [...] 
> >> We can't make this idempotent as a result.  This is definitely a bug, 
> >> would you mind filing it?  If so, I'd be happy to do so on your behalf, 
> but 
> >> bugs from users are always better than bugs I report. 
> >> 
> >> Please feel free to add me as a watcher, I'll update it with the 
> >> information I found. 
> >> 
> >> Hope this helps, 
> >> -Jeff 
> > 
> > As Nicolas stated there already is a bug report: 
> > http://projects.puppetlabs.com/issues/11675#change-73099 
>
> Ah thanks. I missed that while on my phone. 
>
> > Puppet simply does not check the current state at (it is not even 
> > implemented anywhere in the code, at least I have not found it) 
>
> I'll try and get this fixed as soon as possible. That's really 
> disappointing. 
>
> > -Stefan 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group. 
> > To post to this group, send email to 
> > puppet...@googlegroups.com. 
>
> > To unsubscribe from this group, send email to 
> puppet-users...@googlegroups.com . 
> > For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en. 
> > 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/i7gAFeYIO3EJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] issues with puppet 3.0.1 using ruby 1.9.3 and passenger (3.0.18)

[vioilly]

I have installed puppet 3.0.1, passenger 3.0.18 and ruby 1.9.3 and have hit 
errors. The error I am hitting is this:

Error message:cannot load such file -- puppet/util/command_lineException 
class:LoadError


I get this when hitting the puppet server using https://puppetserver:8140

If I use ruby 1.8, everything works. This is a new deployment so I would 
like to use ruby 1.9.3 rather than the older version of ruby. 

It appears to me that this is a PATH issue. Does anyone know how to fix 
this?


Cheers,

Oli



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/n9UUHUqHYlQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Puppet client runs outside of office hours

[Stefan Goethals]

We use this

  cron { "puppet":
ensure  => present,
command => $ppt_cmd,
user=> 'root',
hour=> fqdn_rand(6),
minute  => fqdn_rand(60)
  }
so puppet runs happen 'randomly between midnight and 05:59

Regards,

Stefan - Zipkid - Goethals.


On Wed, Dec 12, 2012 at 6:23 AM, DenMat Gone  wrote:

> Cron would be your best bet. You can manage cron jobs via puppet.
>
>
> kdo  wrote:
>
> anyone have any smart ideas around scheduling puppet client runs during
> specific times ? such as outside of office hours ?
>
> any options that can be set in the puppet.conf for example ?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/puppet-users/-/BbplaHlxFcQJ.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Re: "GET /production/certificate/puppet-client2.tcl-oob.net? HTTP/1.1" 500 11298 "-" "-"

[vioilly]

I reinstalled everything again and manage to get this working. Not sure 
what the problem was but this is how I install puppet master with passenger:

install puppet master with passenger


1 - install centos 6.3 minimal

2 - configure IP address and hostname - do not set a fqdn hostname. 

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="static"
HWADDR=""
ONBOOT="yes"
TYPE="Ethernet"
UUID=""
IPADDR="10.1.1.10"
NETMASK="255.255.255.0"
GATEWAY="10.1.1.1"

vi /etc/resolv.conf

nameserver 10.1.1.100
domain domain.net
search domain.net

3 - run yum update -y

4 - install vmware tools

rpm --import 
http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-DSA-KEY.pub
rpm --import 
http://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub


cat < /etc/yum.repos.d/vmware-tools.repo
[vmware-tools]
name=VMware Tools
#baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel5/\$basearch
baseurl=http://packages.vmware.com/tools/esx/5.0u1/rhel6/\$basearch
enabled=1
gpgcheck=1
EOT

yum -y install vmware-tools-esx-nox

5 - set iptables (modify where applicable)

iptables -I INPUT 5 -s 10.1.1.0/24 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 6 -s 10.1.1.0/24 -m tcp -p tcp --dport 8140 -j ACCEPT

service iptables save

iptables -L

6 - Install EPEL and puppet repos

rpm -Uvh 
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
rpm -ivh 
http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

7 -  install required packages 

yum -y install httpd httpd-devel ruby-devel rubygems mod_ssl make gcc 
gcc-c++ curl-devel openssl-devel zlib-devel make wget

8 - install ruby 1.9.3

cd /opt
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p0.tar.gz
tar xzvf ruby-1.9.3-p0.tar.gz
cd ruby-1.9.3-p0
./configure --enable-shared --disable-pthread
make
make install

9 - install puppet master and puppet agent

yum install puppet-server puppet -y

10 - create a puppet ca cert

puppet master --no-daemonize --verbose

(note - ctrl+c to break out of puppet master deamon


11 - install rack using gem

gem install rack

12 - install passenger using gem

gem install passenger

13 - Set up passenger

passenger-install-apache2-module

14 - Config rack.conf

cp /usr/share/puppet/ext/rack/files/apache2.conf /etc/httpd/conf.d/rack.conf

update the rack.conf with the puppet 3.0.1 SSL directory path 
(var/llis/puppet/ssl) and change hostname for certs.

15 - create rack directories

mkdir -p /etc/puppet/rack/public/

16 - copy config.ru rack file to rack web directory

cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/

17 - change ownership of config.ru rack file to puppet

chown puppet:puppet /etc/puppet/rack/config.ru

18 - set httpd to start on boot and puppetmaster to not start

chkconfig httpd on
chkconfig puppetmaster off

19 - set certname in puppet master puppet.conf

vi /etc/puppet/puppet.conf

[master]

certname = puppet-server1.tcl-oob.net

20 Turn of selinux

setenforce 0

21 start apache

service httpd start

--

sign certificate on from puppet client

install puppet client

1 - rpm -ivh 
http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm

2 - yum install puppet

3 - puppet agent --test

4 - puppet agent --waitforcert 30 --server puppet-server1.tcl-oob.net

sign cert on puppet server

1 - puppet cert --list

2 - puppet cert sign 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/puppet-users/-/FRwz6M4xZQEJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.