RE: [Puppet Users] Re: How to call one manifset from another

[GRANIER Bernard (MORPHO)]

Yes but is it ok to have in directory  …/puppet/manifest let’s say three files :
file1.pp defining some nodes
file2.pp defining some nodes

and site.pp with :
include file1
include file2

?

Sincerly,

Bernard Granier
CE Plateforme Système
bernard.gran...@morpho.com
01 58 11 32 51

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of ??? ?
Sent: Thursday, February 14, 2013 6:57 AM
To: puppet-users@googlegroups.com
Subject: [Puppet Users] Re: How to call one manifset from another

import 'some.pp'

среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya написал:
Hi all,

I have 3 different manifests. How can i call one manifest from another manifest?

Please do help me with this.
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to 
puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: How to call one manifset from another

[Евгений Верещагин]

You can put it into subdirs.

четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
bernard...@morpho.com написал:
>
> Yes but is it ok to have in directory  …/puppet/manifest let’s say three 
> files :
>
> file1.pp defining some nodes
>
> file2.pp defining some nodes
>
>  
>
> and site.pp with :
>
> include file1
>
> include file2 
>
>  
>
> ?
>
>  
>
> Sincerly,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com 
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com  [mailto:
> puppet...@googlegroups.com ] *On Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 6:57 AM
> *To:* puppet...@googlegroups.com 
> *Subject:* [Puppet Users] Re: How to call one manifset from another
>
>  
>
> import 'some.pp'
>
> среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya 
> написал:
>
> Hi all,
>
> I have 3 different manifests. How can i call one manifest from another 
> manifest?
>
> Please do help me with this.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To post to this group, send email to puppet...@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet Enterprise Live Management

[d . o . kip]

Hello all,

To experiment with Puppet Enterprise (we already use open source) and to 
create a case for our management to buy it, I'm trying to set up a Puppet 
Enterprise environment on some virtuals. While the puppet part works fine, 
and the client I've set up is doing fine as well, it seems the Live 
Management part is not. When I click on the Live Management tab it only 
shows a 'loading' bar, and nothing happens after, even when I wait for over 
an hour...
The tarball for Puppet ENterprise has configurations for mcollective 
etcetera built in, so the puppet runs on teh puppetmaster have already 
configured the stuff. Assumingly correct...

Is there a configuration part that I'm missing? Is it a browser problem? 
Has anyone encountered the same problem using the latest PE downloads?

I've been digging through puppetlabs docs and google for 2 days now, and 
can't find anything relevant. Or for that matter anything decent on 
configuring Live Management and/or mcollective... 

Any help appreciated.



//Danny.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet Enterprise Live Management

[d . o . kip]

So in posting the question I suddenly thought it could be a browser 
problem, and thus I tried it with a tunneled Internet Explorer instead of 
the Firefox on my Linux box...
And it Just Works.

no clue yet as to what's the missing bit in the Firefox browser, as there 
were no errors whatsoever. But at least I can take a look at Live 
Management now.

//Danny.

Op donderdag 14 februari 2013 10:45:30 UTC+1 schreef d.o...@cri-service.nl 
het volgende:
>
> Hello all,
>
> To experiment with Puppet Enterprise (we already use open source) and to 
> create a case for our management to buy it, I'm trying to set up a Puppet 
> Enterprise environment on some virtuals. While the puppet part works fine, 
> and the client I've set up is doing fine as well, it seems the Live 
> Management part is not. When I click on the Live Management tab it only 
> shows a 'loading' bar, and nothing happens after, even when I wait for over 
> an hour...
> The tarball for Puppet ENterprise has configurations for mcollective 
> etcetera built in, so the puppet runs on teh puppetmaster have already 
> configured the stuff. Assumingly correct...
>
> Is there a configuration part that I'm missing? Is it a browser problem? 
> Has anyone encountered the same problem using the latest PE downloads?
>
> I've been digging through puppetlabs docs and google for 2 days now, and 
> can't find anything relevant. Or for that matter anything decent on 
> configuring Live Management and/or mcollective... 
>
> Any help appreciated.
>
>
>
> //Danny.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Run Puppet Against Master with Local node.pp Manifest?

[Ralph Bolton]

Pulling our whole puppet master from SVN is indeed an option. It seems like 
a bit of work, but it's possible.

The issue of trying to unit test a puppet install seems to be somewhat 
addressed by the Puppet solution, although I could see that we could either 
poke a node.pp manifest onto the real Puppet Master and then run "puppet 
apply" on our test VM, or else build a 'fake' Puppet Master in the manner 
you suggest. I guess I could do that on a build box, and then have the it 
spin up a VM, and have the VM just puppet off the build box.

I see a great deal of funky scripting in my future ;-)

Thanks everyone for your suggestions - it's all been very helpful.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

RE: [Puppet Users] Re: How to call one manifset from another

[GRANIER Bernard (MORPHO)]

Subdirs ? which one ?

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.gran...@morpho.com
01 58 11 32 51

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of ??? ?
Sent: Thursday, February 14, 2013 9:44 AM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

You can put it into subdirs.

четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
bernard...@morpho.com написал:
Yes but is it ok to have in directory  …/puppet/manifest let’s say three files :
file1.pp defining some nodes
file2.pp defining some nodes

and site.pp with :
include file1
include file2

?

Sincerly,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 6:57 AM
To: puppet...@googlegroups.com
Subject: [Puppet Users] Re: How to call one manifset from another

import 'some.pp'

среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya написал:
Hi all,

I have 3 different manifests. How can i call one manifest from another manifest?

Please do help me with this.
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to 
puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Referencing resource from another class

[Andriy Yurchuk]

class module::class_1 {
  service {
ensure => running,
hasrestart => true,
subscribe => File[/tmp/myfile],
  }
}

class module::class_2 {
  file { '/tmp/myfile':
 source => 'puppet:///file_server/my_file',
  }
}

Having those two classes, how do I correctly write the subscribe parameter 
in class_1 so that it used the file resource from class_2?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Daemonize puppet agent but disable periodic runs

[Andriy Yurchuk]

This works, but this disables the ability to push configs via MCollective, 
i.e. mco puppet runall/runonce do not work.

On Wednesday, February 13, 2013 5:51:56 PM UTC+2, Vaidas Jablonskis wrote:
>
> You would have to run your agent daemon wiht '--no-client' parameter. See 
> 'man puppet.conf'.
>
> On Wednesday, 13 February 2013 13:49:06 UTC, Andriy Yurchuk wrote:
>>
>> I need puppet agent daemon running because I need to access agent's REST 
>> API (http://docs.puppetlabs.com/guides/rest_api.html#the-agent-rest-api). 
>> But I don't need the agent to run periodic checks. Is there any way to 
>> either access REST API without daemonizing agent (I suspect this id not 
>> possible) or disable periodic runs while running agent as a daemon?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: How to call one manifset from another

[Евгений Верещагин]

/etc/puppet/manifests/site.pp
/etc/puppet/manifests/os/win.pp
/etc/puppet/manifests/os/lin.pp

site.pp:

import 'os/win.pp'
import 'os/lin.pp'

четверг, 14 февраля 2013 г., 14:17:47 UTC+4 пользователь 
bernard...@morpho.com написал:
>
> Subdirs ? which one ?
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com 
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com  [mailto:
> puppet...@googlegroups.com ] *On Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 9:44 AM
> *To:* puppet...@googlegroups.com 
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> You can put it into subdirs.
>
> четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Yes but is it ok to have in directory  …/puppet/manifest let’s say three 
> files :
>
> file1.pp defining some nodes
>
> file2.pp defining some nodes
>
>  
>
> and site.pp with :
>
> include file1
>
> include file2 
>
>  
>
> ?
>
>  
>
> Sincerly,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 6:57 AM
> *To:* puppet...@googlegroups.com
> *Subject:* [Puppet Users] Re: How to call one manifset from another
>
>  
>
> import 'some.pp'
>
> среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya 
> написал:
>
> Hi all,
>
> I have 3 different manifests. How can i call one manifest from another 
> manifest?
>
> Please do help me with this.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To post to this group, send email to puppet...@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

RE: [Puppet Users] Re: How to call one manifset from another

[GRANIER Bernard (MORPHO)]

Ah ok, you use an import and not an include.

As I understood, this is not exactly the same things.

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.gran...@morpho.com
01 58 11 32 51

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of ??? ?
Sent: Thursday, February 14, 2013 11:23 AM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

/etc/puppet/manifests/site.pp
/etc/puppet/manifests/os/win.pp
/etc/puppet/manifests/os/lin.pp

site.pp:

import 'os/win.pp'
import 'os/lin.pp'

четверг, 14 февраля 2013 г., 14:17:47 UTC+4 пользователь 
bernard...@morpho.com написал:
Subdirs ? which one ?

Cordialement,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 9:44 AM
To: puppet...@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

You can put it into subdirs.

четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
bernard...@morpho.com написал:
Yes but is it ok to have in directory  …/puppet/manifest let’s say three files :
file1.pp defining some nodes
file2.pp defining some nodes

and site.pp with :
include file1
include file2

?

Sincerly,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 6:57 AM
To: puppet...@googlegroups.com
Subject: [Puppet Users] Re: How to call one manifset from another

import 'some.pp'

среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya написал:
Hi all,

I have 3 different manifests. How can i call one manifest from another manifest?

Please do help me with this.
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to 
puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to 
puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#

-- 
You received this message because you are subscribed 

Re: [Puppet Users] Certificate verify fails without indications

[Luigi Martin Petrella]

The trick worked :-)

Thanks to everyone for your contribution!


On 13 February 2013 18:26, Luigi Martin Petrella <
luigimartin.petre...@gmail.com> wrote:

> Yes, it is exactly the cause of the problem!
> "
>
> certificate_signer.rb
>
> # Take care of signing a certificate in a FIPS 140-2 compliant manner.
>
> #
>
> # @see http://projects.puppetlabs.com/issues/17295
>
> #
>
> # @api private
>
> class Puppet::SSL::CertificateSigner
>
>   def initialize
>
> if OpenSSL::Digest.const_defined?('SHA256')
>
>   @digest = OpenSSL::Digest::SHA256
>
> elsif OpenSSL::Digest.const_defined?('SHA1')
>
>   @digest = OpenSSL::Digest::SHA1
>
> else
>
>   raise Puppet::Error,
>
> "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
>
> end
>
> @digest
>
>   end
>
>
>
>   def sign(content, key)
>
> content.sign(key, @digest.new)
>
>   end
>
> end
> "
>
> If I switch the order of these checks
>
> if OpenSSL::Digest.const_defined?('SHA256')
>
>   @digest = OpenSSL::Digest::SHA256
>
> elsif OpenSSL::Digest.const_defined?('SHA1')
>
>   @digest = OpenSSL::Digest::SHA1
>
>
> probably it will work
>
>
> I'll let you know..
>
>
>
> On 13 February 2013 17:08, Matthew Black  wrote:
>
>> Yes because as part of the fix it checks on the CA, when its signing
>> the cert, whether it can support 256 or not. If it does not it drops
>> down to a lower SHA.
>>
>> If you look at the pull request that is part of the ticket,
>> specifically the changes. If you scroll down to the
>> certificate_signer.rb change it will make more sense.
>>
>> https://github.com/puppetlabs/puppet/pull/1413/files
>>
>>
>> On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella
>>  wrote:
>> > Matthew, you are right, this explain ALMOST everything
>> >
>> > "Puppet is using the Solaris-provided OpenSSL as part of the Ruby
>> install in
>> > this case, which runs version 0.9.7 with patches and doesn’t support
>> sha256.
>> > I don’t mind the idea of compiling 1.0.x but the issue still seems to
>> stand
>> > that you can’t choose the digest method anymore – there is an apparent
>> use
>> > of SHA256 regardless of what option you choose."
>> >
>> > But
>> >
>> > If I use as master RH4 with openssl-lib 0.9.7 I have no problem
>> connecting
>> > the others RH4 nodes. This means tha Puppet don't use always  SHA256,
>> but
>> > only If it is available from openssl library. Right?
>> >
>> > So, there are two ways (one harder then the other for me) to solve the
>> issue
>> > at openssl level:
>> > 1. install opensslib rpm for RH5 on RH4 (but there are a lot of missing
>> > dependencies)
>> > 2. downgrade openssl lib on Centos 6.3 master from 1.0.0 to 0.9.7
>> > ???
>> >
>> > Since --digest option won't work, is there any other way to force
>> puppet not
>> > to use SHA256??
>> >
>> >
>> >
>> >
>> >
>> > On 13 February 2013 16:16, Matthew Black  wrote:
>> >>
>> >> I think this issue is related to your issue since the version
>> >> discussed is 0.9.7.
>> >>
>> >> http://projects.puppetlabs.com/issues/17295
>> >>
>> >> What you will need to do is more than likely is update the openssl on
>> >> the agent. I dont think it will work too well but you can try to take
>> >> the srpm from rhel 5 or 6 and build it for rhel 4
>> >>
>> >>
>> >> On Wed, Feb 13, 2013 at 8:31 AM, Luigi Martin Petrella
>> >>  wrote:
>> >> > Master:
>> >> > Centos 6.3 , Puppet 3.1.0
>> >> > Ubuntu, Puppet 3.1.0
>> >> >
>> >> > Agent:
>> >> > Redhat 4, Puppet 3.1.0
>> >> >
>> >> > Yesterday something strange happened:
>> >> > we tryied to connect RedHat agent with a Puppet Enterprise Master on
>> >> > Centos
>> >> > 6.3, and there wasn't any certificate problems and everything worked.
>> >> > Today we are trying with the same configuratione, but It appeared the
>> >> > same
>> >> > validation errore described before
>> >> >
>> >> >
>> >> >
>> >> > On 13 February 2013 14:12, Matthew Black  wrote:
>> >> >>
>> >> >> What is the versions of the puppet are being used on the client and
>> >> >> the server? Assuming master is running on Linux, what distro and
>> >> >> release is the master running on?
>> >> >>
>> >> >> I suspect the openssl might be the issue on the client.
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Wed, Feb 13, 2013 at 7:59 AM, Luigi Martin Petrella
>> >> >>  wrote:
>> >> >> > Felix, why do you think the problem is related to the
>> "--waitforcert"
>> >> >> > option?
>> >> >> > I tryied to run "puppet agent -t --waitforcert 100" , and after
>> >> >> > signing
>> >> >> > the
>> >> >> > request on master, on agent I receive this message:
>> >> >> >
>> >> >> > Error: Could not request certificate: Unsupported digest algorithm
>> >> >> > (SHA256).
>> >> >> > Error: Failed to apply catalog: Unsupported digest algorithm
>> >> >> > (SHA256).
>> >> >> > Error: Could not send report: SSL_CTX_use_PrivateKey:: key values
>> >> >> > mismatch
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >> > On 13 February 2013 13:15, Felix Frank
>> >> >> > 
>>

Re: [Puppet Users] Re: How to call one manifset from another

[Евгений Верещагин]

I think that "include" for classes, and "import" for pp-files. I learn 
puppet second day :-)

четверг, 14 февраля 2013 г., 14:27:46 UTC+4 пользователь 
bernard...@morpho.com написал:
>
> Ah ok, you use an import and not an include.
>
>  
>
> As I understood, this is not exactly the same things.
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com 
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com  [mailto:
> puppet...@googlegroups.com ] *On Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 11:23 AM
> *To:* puppet...@googlegroups.com 
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> /etc/puppet/manifests/site.pp
>
> /etc/puppet/manifests/os/win.pp
>
> /etc/puppet/manifests/os/lin.pp
>
>  
>
> site.pp:
>
>  
>
> import 'os/win.pp'
>
> import 'os/lin.pp'
>
> четверг, 14 февраля 2013 г., 14:17:47 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Subdirs ? which one ?
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 9:44 AM
> *To:* puppet...@googlegroups.com
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> You can put it into subdirs.
>
> четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Yes but is it ok to have in directory  …/puppet/manifest let’s say three 
> files :
>
> file1.pp defining some nodes
>
> file2.pp defining some nodes
>
>  
>
> and site.pp with :
>
> include file1
>
> include file2 
>
>  
>
> ?
>
>  
>
> Sincerly,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 6:57 AM
> *To:* puppet...@googlegroups.com
> *Subject:* [Puppet Users] Re: How to call one manifset from another
>
>  
>
> import 'some.pp'
>
> среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya 
> написал:
>
> Hi all,
>
> I have 3 different manifests. How can i call one manifest from another 
> manifest?
>
> Please do help me with this.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To post to this group, send email to puppet...@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever 

RE: [Puppet Users] Re: How to call one manifset from another

[GRANIER Bernard (MORPHO)]

Ok great, I will test, thanks for the “tip”

Cordialement,

Bernard Granier
CE Plateforme Système
bernard.gran...@morpho.com
01 58 11 32 51

From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On 
Behalf Of ??? ?
Sent: Thursday, February 14, 2013 11:33 AM
To: puppet-users@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

I think that "include" for classes, and "import" for pp-files. I learn puppet 
second day :-)

четверг, 14 февраля 2013 г., 14:27:46 UTC+4 пользователь 
bernard...@morpho.com написал:
Ah ok, you use an import and not an include.

As I understood, this is not exactly the same things.

Cordialement,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 11:23 AM
To: puppet...@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

/etc/puppet/manifests/site.pp
/etc/puppet/manifests/os/win.pp
/etc/puppet/manifests/os/lin.pp

site.pp:

import 'os/win.pp'
import 'os/lin.pp'

четверг, 14 февраля 2013 г., 14:17:47 UTC+4 пользователь 
bernard...@morpho.com написал:
Subdirs ? which one ?

Cordialement,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 9:44 AM
To: puppet...@googlegroups.com
Subject: Re: [Puppet Users] Re: How to call one manifset from another

You can put it into subdirs.

четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
bernard...@morpho.com написал:
Yes but is it ok to have in directory  …/puppet/manifest let’s say three files :
file1.pp defining some nodes
file2.pp defining some nodes

and site.pp with :
include file1
include file2

?

Sincerly,

Bernard Granier
CE Plateforme Système
bernard...@morpho.com
01 58 11 32 51

From: puppet...@googlegroups.com 
[mailto:puppet...@googlegroups.com] On Behalf Of ??? ?
Sent: Thursday, February 14, 2013 6:57 AM
To: puppet...@googlegroups.com
Subject: [Puppet Users] Re: How to call one manifset from another

import 'some.pp'

среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya написал:
Hi all,

I have 3 different manifests. How can i call one manifest from another manifest?

Please do help me with this.
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to 
puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to 
puppet...@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.



#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, you are 
notified that any dissemination, copying of this e-mail and any attachments 
thereto or use of their contents by any means whatsoever is strictly 
prohibited. If you have received this e-mail in error, please advise the sender 
immediately and delete this e-mail and all attached documents from your 
computer system."
#
--
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users...@googlegroups.com.
To post to this group, send email to puppet...@googlegrou

[Puppet Users] Re: Referencing resource from another class

[Andriy Yurchuk]

Found out that it's very simple: subscribe => Class['module::class_2']

On Thursday, February 14, 2013 12:20:30 PM UTC+2, Andriy Yurchuk wrote:
>
> class module::class_1 {
>   service {
> ensure => running,
> hasrestart => true,
> subscribe => File[/tmp/myfile],
>   }
> }
>
> class module::class_2 {
>   file { '/tmp/myfile':
>  source => 'puppet:///file_server/my_file',
>   }
> }
>
> Having those two classes, how do I correctly write the subscribeparameter in 
> class_1 so that it used the file resource from class_2?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows MSI Error "change from absent to present failed: Failed to install: Fail on INT 24."

[jim]

Hello Michael and Josh

Thanks for your quick responses, Michael "The package { source => } 
directive for MSIs *must* use backslashes." worked a charm thanks again

would be nice in next versions, if this was all uniform

thanks again

James

On Tuesday, 12 February 2013 18:45:07 UTC, Michael O'Dea wrote:
>
> Answering my own question, and hopefully jim's as well! 
>
> I had just had my module open in Geppetto, which yelled at me for having 
> used backslashes in the MSI's package definition.  I switched them to 
> forward slashes to make it happy, and it appears as though jim's code above 
> also uses forward slashes in the source => directive.
>
> Noticing that was one of my changes on my last check-in, I reversed it, 
> and it worked.  Hope this helps, jim -- not sure if this would constitute a 
> bug, I've been seeing much more encouragement to use forward-slashes all 
> across Windows, some of it in contradiction to the documents.  Working with 
> mcollective-win, almost all paths even on the Windows filesystem are 
> forward slash, so I guess I assumed it would be OK here as well.  It is 
> not.  The package { source => } directive for MSIs *must* use backslashes.
>
> Cheers,
>
> --
> M
>
> On Tuesday, February 12, 2013 1:22:33 PM UTC-5, Michael O'Dea wrote:
>>
>> Hopefully not thread hijacking, hope my issue is the same.  Strangely, I 
>> had this problem last week and then resolved it when I made a few more 
>> changes to the MSI.  The issue has just now returned for me, and I'm not 
>> clear how my latest changes (from a debug mode package to a release 
>> package) would've triggered it.  I read somewhere online that INT 24 was an 
>> ancient return code for access denied, and I seem to recall I fixed it then 
>> by assigning 0777 permissions when I dropped the file.  It's worth noting 
>> that my MSI installs fine when run with "msiexec.exe /qn /i" from an 
>> Administrator command prompt.  The relevant section of --debug --trace is 
>> below:
>>
>> notice: 
>>> /Stage[main]/Mcollective::Server::Package::Windows/File[C:/cfn/mcollective_win.msi]/mode:
>>>  
>>> mode changed '0770' to '0777'
>>> debug: 
>>> /Stage[main]/Mcollective::Server::Package::Windows/File[C:/cfn/mcollective_win.msi]:
>>>  
>>> The container Class[Mcollective::Server::Package::Windows] will propagate 
>>> my refresh event
>>> debug: Prefetching msi resources for package
>>> debug: Package[mcollective-win](provider=msi): Executing 'msiexec.exe 
>>> /qn /norestart /i C:/Cfn/mcollective_win.msi'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/provider/package/msi.rb:115:in `check_result'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/provider/package/msi.rb:78:in `install'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/type/package.rb:63:in `set_present'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/property.rb:81:in `send'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/property.rb:81:in `call_valuemethod'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/property.rb:288:in `set'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/property.rb:342:in `sync'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction/resource_harness.rb:114:in 
>>> `apply_parameter'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction/resource_harness.rb:56:in 
>>> `perform_changes'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction/resource_harness.rb:133:in 
>>> `evaluate'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:49:in `apply'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:84:in `eval_resource'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:104:in `evaluate'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/util.rb:493:in `thinmark'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/sys/ruby/lib/ruby/1.8/benchmark.rb:308:in `realtime'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/util.rb:492:in `thinmark'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:104:in `evaluate'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:386:in `traverse'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/transaction.rb:99:in `evaluate'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/resource/catalog.rb:141:in `apply'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/configurer.rb:122:in 
>>> `retrieve_and_apply_catalog'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/puppet/lib/puppet/util.rb:161:in `benchmark'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/Puppet/sys/ruby/lib/ruby/1.8/benchmark.rb:308:in `realtime'
>>> C:/Program Files (x86)/Puppet 
>>> Labs/

Re: [Puppet Users] Trying to install a specific version of Java on Redhat

[Felix Frank]

Hi,

please take note that

On 02/14/2013 02:32 AM, Sean LeBlanc wrote:
>   ensure => '1.6.0.39-1jpp.4.el5_9',notice:

...this version is unlike...

> /Stage[main]/Java/Package[java-1.6.0-sun.x86_64]/ensure: ensure changed
> '1.6.0.33-1jpp.1.el5_8' to '1:1.6.0.39-1jpp.4.el5_9'

...this version. Notice the leading 1:

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: roles, profiles, and hiera

[Vaidas Jablonskis]

Hi there,

I was going to ask exact same questions too.

I am also interested in how people solve these problems.

On Wednesday, 13 February 2013 23:17:40 UTC, Chad Huneycutt wrote:
>
> I have been following the various blog posts about the roles and 
> profiles pattern for classifying hosts, and I like it.  It doesn't 
> provide a perfect fit for our infrastructure, but it is much better 
> than the ad-hoc classification we do now.  I have a couple of 
> questions for those that use it, though: 
>
> 1. Where are you putting your role classes and profile classes?  A 
> role module and a profile module makes sense to me, but it seems like 
> something more tightly integrated with the Puppet DSL might be nice? 
>
> 2. Assuming you have roles and profiles in modules, at what point do 
> you specify the parameters to your modules?  I am particularly 
> interested in the answer to this question with regards to hiera.  I 
> find that I want to add roles and profiles to the hiera hierarchy, and 
> I cannot come up with a way to do it. 
>
> I think if hiera supported lookup by the class containing the hiera 
> call, I could achieve what I want.  For instance: 
>
> class profiles::oneofmyprofiles { 
>   include myparameterizedclass 
> } 
>
> I would like to have a hiera.yaml like so: 
>
> --- 
> :backends: 
>   - yaml 
> :hierarchy: 
>   - nodes/%{::hostname} 
>   - profiles/%{class_name} 
>   - common 
> :yaml: 
>   :datadir: /etc/puppet/environments/%{environment}/data 
>
>
> Am I just completely off-base? 
>
> -- 
> Chad M. Huneycutt 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why IF-ELSE not work?

[Brian Lalor]

Import is like a #include in C: it's essentially a preprocessor directive and 
is evaluated before the if/ else. 

http://docs.puppetlabs.com/puppet/2.7/reference/lang_import.html

--
Brian Lalor
bla...@bravo5.org

On Feb 14, 2013, at 1:17 AM, Евгений Верещагин  wrote:

> I try include different .pp for my systems. site.pp like:
> 
> if $operatingsystem == 'debian' {
>   import '../my/os/linux/debian.pp'
> }
> elsif $operatingsystem == 'windows' {
>   import '../my/os/windows/windows.pp'
> }
> else {
>   import '../my/os/default/default.pp'
> }
> 
> and I try CASE:
> 
> case $operatingsystem {
>redhat: { import '../my/os/linux/redhat.pp' }
>centos: { import '../my/os/linux/centos.pp' }
>windows: { import '../my/os/windows/windows.pp' } 
>default: { import '../my/os/default/default.pp' }
> }
> 
> Why it didn't work? If I run puppet-agent, it read all pp-files and crash on 
> windows-parameters on Linux or on linux-parameters on Windows. What I do 
> incorrect?
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why IF-ELSE not work?

[Felix Frank]

Hi,

import is largely deprecated for most uses. I haven't really used it
after Puppet 0.25.

What I learned back then was that the parser would honor all import
statements it would find. I believe that the if statements cannot be
validated until after the parsing stage, so they won't hinder importing.

Instead of relying on import based construct, make sure all your
resources are organized in trees of classes, and that each platform only
*includes* its appropriate tree root.

HTH,
Felix

On 02/14/2013 07:17 AM, Евгений Верещагин wrote:
> I try include different .pp for my systems. site.pp like:
> 
> if $operatingsystem == 'debian' {
>   import '../my/os/linux/debian.pp'
> }
> elsif $operatingsystem == 'windows' {
>   import '../my/os/windows/windows.pp'
> }
> else {
>   import '../my/os/default/default.pp'
> }
> 
> and I try CASE:
> 
> case $operatingsystem {
>redhat: { import '../my/os/linux/redhat.pp' }
>centos: { import '../my/os/linux/centos.pp' }
>windows: { import '../my/os/windows/windows.pp' } 
>default: { import '../my/os/default/default.pp' }
> }
> 
> Why it didn't work? If I run puppet-agent, it read all pp-files and
> crash on windows-parameters on Linux or on linux-parameters on Windows.
> What I do incorrect?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Unable to sync the time

[Felix Frank]

Hi,

it's not really certain that you are looking at a timing issue.

I suggest using openssl s_client -connect puppet-master.merchii.com:8140
and make sure that the certificate presented matches what the agent has
cached.

That's a first debugging step. In whole, you should examine all involved
certificates to see what is out of order here.

HTH,
Felix

On 02/12/2013 06:35 PM, seshendr...@gmail.com wrote:
> Hi,
> When I was trying to run the puppet client I was getting this error 
> *adminuser@ubuntu:~$ sudo puppet agent --server
> puppet-master.merchii.com  --waitforcert 180 --test*
> *err: Could not retrieve catalog from remote server: SSL_connect
> returned=1 errno=0 state=SSLv3 read server certificate B: certificate
> verify failed.  This is often because the time is out of sync on the
> server or client*
> *warning: Not using cache on failed catalog*
> *err: Could not retrieve catalog; skipping run*
> *err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
> read server certificate B: certificate verify failed.  This is often
> because the time is out of sync on the server or client*
> *
> *
> *In order to solve this I have removed the certificates on both the
> server and client. I have NTP also and config it. But i could not solve it *
> *
> *
> *please provide me a way to solve it  *

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: How to call one manifset from another

[Евгений Верещагин]

Read "Why IF-ELSE not work?", it's very it's important.

четверг, 14 февраля 2013 г., 14:42:34 UTC+4 пользователь 
bernard...@morpho.com написал:
>
> Ok great, I will test, thanks for the “tip”
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com 
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com  [mailto:
> puppet...@googlegroups.com ] *On Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 11:33 AM
> *To:* puppet...@googlegroups.com 
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> I think that "include" for classes, and "import" for pp-files. I learn 
> puppet second day :-)
>
> четверг, 14 февраля 2013 г., 14:27:46 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Ah ok, you use an import and not an include.
>
>  
>
> As I understood, this is not exactly the same things.
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 11:23 AM
> *To:* puppet...@googlegroups.com
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> /etc/puppet/manifests/site.pp
>
> /etc/puppet/manifests/os/win.pp
>
> /etc/puppet/manifests/os/lin.pp
>
>  
>
> site.pp:
>
>  
>
> import 'os/win.pp'
>
> import 'os/lin.pp'
>
> четверг, 14 февраля 2013 г., 14:17:47 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Subdirs ? which one ?
>
>  
>
> Cordialement,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 9:44 AM
> *To:* puppet...@googlegroups.com
> *Subject:* Re: [Puppet Users] Re: How to call one manifset from another
>
>  
>
> You can put it into subdirs.
>
> четверг, 14 февраля 2013 г., 12:22:39 UTC+4 пользователь 
> bernard...@morpho.com написал:
>
> Yes but is it ok to have in directory  …/puppet/manifest let’s say three 
> files :
>
> file1.pp defining some nodes
>
> file2.pp defining some nodes
>
>  
>
> and site.pp with :
>
> include file1
>
> include file2 
>
>  
>
> ?
>
>  
>
> Sincerly,
>
>  
>
> Bernard Granier
>
> CE Plateforme Système
>
> bernard...@morpho.com
>
> 01 58 11 32 51
>
>  
>
> *From:* puppet...@googlegroups.com [mailto:puppet...@googlegroups.com] *On 
> Behalf Of *??? ?
> *Sent:* Thursday, February 14, 2013 6:57 AM
> *To:* puppet...@googlegroups.com
> *Subject:* [Puppet Users] Re: How to call one manifset from another
>
>  
>
> import 'some.pp'
>
> среда, 13 февраля 2013 г., 13:03:15 UTC+4 пользователь yarlagadda ramya 
> написал:
>
> Hi all,
>
> I have 3 different manifests. How can i call one manifest from another 
> manifest?
>
> Please do help me with this.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com.
> To post to this group, send email to puppet...@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, you are 
> notified that any dissemination, copying of this e-mail and any attachments 
> thereto or use of their contents by any means whatsoever is strictly 
> prohibited. If you have received this e-mail in error, please advise the 
> sender immediately and delete this e-mail and all attached documents from 
> your computer system."
> #
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this g

[Puppet Users] Why a "execute" command show as "changed" on Dashboard?

[Tiago Cruz]

Hello,

I'm using the puppet-dashboard-1.2.10 and I've noticed that I have too much 
"Changed" hosts, but this is not true. This is only hosts running "exec" 
commands, like:

notice 
> executed successfully 
> /Stage[main]/Executecron/Exec[crontab_backup]/returns 
> /etc/puppet/manifests/crontab.pp


Which is some like this:

command => "/usr/bin/crontab -l > /movile/crontab/root_$hostname.txt",


So, why this happen? Can I avoid this?

Thanks!!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: PuppetDB & KahaDB db.data leak

[Stefan Goethals]

and on my test VM

root@puppetdb01 KahaDB]# du -sk *
704 db-63.log
32 db.data
32 db.redo
0 lock

[root@puppetdb01 KahaDB]# ps auxw | grep java
puppetdb 0  0.8 29.5 1237920 301552 ?  Sl   03:54   3:58
/usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d

[root@puppetdb01 KahaDB]# rpm -qi puppetdb
Name: puppetdb Relocations: (not relocatable)
Version : 1.0.5 Vendor: (none)
Release : 1.el6 Build Date: Thu 20 Dec 2012
12:17:23 AM UTC
Install Date: Thu 03 Jan 2013 02:42:03 PM UTC  Build Host:
rpm-builder.puppetlabs.lan
Group   : System Environment/DaemonsSource RPM:
puppetdb-1.0.5-1.el6.src.rpm
Size: 18326834 License: ASL 2.0
Signature   : RSA/SHA1, Thu 20 Dec 2012 09:08:52 PM UTC, Key ID
1054b7a24bd6ec30
URL : http://github.com/puppetlabs/puppetdb
Summary : Puppet Centralized Storage Daemon
Description :
Puppet Centralized Storage.


On Thu, Feb 14, 2013 at 12:26 PM, Stefan Goethals  wrote:

> [root@kangaroo ~]$cd /var/lib/puppetdb/mq/localhost/KahaDB
> [root@kangaroo KahaDB]$ls -al
> total 9508
> drwxr-xr-x 2 puppetdb puppetdb 4096 Feb 14 11:08 .
> drwxr-xr-x 4 puppetdb puppetdb 4096 Jan 14 09:38 ..
> -rw-r--r-- 1 puppetdb puppetdb 33030144 Feb 14 12:23 db-168.log
> -rw-r--r-- 1 puppetdb puppetdb32768 Feb 14 12:23 db.data
> -rw-r--r-- 1 puppetdb puppetdb28720 Feb 14 12:23 db.redo
> -rw-r--r-- 1 puppetdb puppetdb0 Jan 22 10:56 lock
>
> [root@kangaroo KahaDB]$du -sk *
> 9464 db-168.log
> 32 db.data
> 32 db.redo
> 0 lock
>
> [root@kangaroo KahaDB]$ps auxw | grep java
> puppetdb 30154  0.3  7.7 1643468 304732 ?  Sl   Jan22 108:09
> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m
> -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
>
> [root@kangaroo KahaDB]$rpm -qi puppetdb
> Name: puppetdb Relocations: (not relocatable)
> Version : 1.0.5 Vendor: (none)
> Release : 1.el6 Build Date: Thu 20 Dec 2012
> 01:17:23 AM CET
> Install Date: Mon 14 Jan 2013 09:37:27 AM CET  Build Host:
> rpm-builder.puppetlabs.lan
> Group   : System Environment/DaemonsSource RPM:
> puppetdb-1.0.5-1.el6.src.rpm
> Size: 18326834 License: ASL 2.0
> Signature   : RSA/SHA1, Thu 20 Dec 2012 10:08:52 PM CET, Key ID
> 1054b7a24bd6ec30
> URL : http://github.com/puppetlabs/puppetdb
> Summary : Puppet Centralized Storage Daemon
> Description :
> Puppet Centralized Storage.
>
>
> On Wed, Feb 13, 2013 at 7:34 PM, llowder  wrote:
>
>>
>>
>> On Wednesday, February 13, 2013 12:00:40 PM UTC-6, Ken Barber wrote:
>>>
>>> Hi all,
>>>
>>> I've been looking at a potential problem, as documented here:
>>>
>>> http://projects.puppetlabs.**com/issues/19241
>>>
>>> To do with a leak within the KahaDB persistence layer of ActiveMQ.
>>> Specifically, there are reports of the db.data file growing unbounded:
>>>
>>> https://issues.apache.org/**jira/browse/AMQ-3956
>>>
>>> I'm hoping to find out information from other PuppetDB users to see if
>>> this is happening in the wild. What I'm hoping is that users can
>>> provide me with information around the size of the files in
>>> /var/lib/puppetdb/localhost/**KahaDB. For example, here is the size on
>>> my test machine:
>>>
>>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# pwd
>>> /var/lib/puppetdb/mq/**localhost/KahaDB
>>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# du -sk *
>>> 5552 db-1.log
>>> 32 db.data
>>> 32 db.redo
>>> 0 lock
>>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB#
>>>
>>> And an indication of how long its been running:
>>>
>>> $ ps auxw | grep java
>>> puppetdb 52606  0.3  3.6 1536236 216136 ?  Sl   13:34   0:55
>>> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1g
>>> -XX:+**HeapDumpOnOutOfMemoryError
>>> -XX:HeapDumpPath=/var/log/**puppetdb/puppetdb-oom.hprof -jar
>>> /usr/share/puppetdb/puppetdb.**jar services -c /etc/puppetdb/conf.d
>>>
>>> And the version of PuppetDB:
>>>
>>> # dpkg -l puppetdb
>>> ...
>>> ii  puppetdb1.1.1-1puppetlab all  PuppetDB
>>> Centralized Storage.
>>>
>>> (rpm -qi puppetdb on Redhat based machines).
>>>
>>> I've so far had 1 suspected case of this (the directory was reported
>>> at 17 GB), but no data to back it up - if you use PuppetDB and have
>>> the time and inclination, I'd appreciate some outputs from your
>>> PuppetDB hosts like the ones shown above (scrubbing private
>>> information of course) - even if it looks fi

Re: [Puppet Users] Re: PuppetDB & KahaDB db.data leak

[Stefan Goethals]

[root@kangaroo ~]$cd /var/lib/puppetdb/mq/localhost/KahaDB
[root@kangaroo KahaDB]$ls -al
total 9508
drwxr-xr-x 2 puppetdb puppetdb 4096 Feb 14 11:08 .
drwxr-xr-x 4 puppetdb puppetdb 4096 Jan 14 09:38 ..
-rw-r--r-- 1 puppetdb puppetdb 33030144 Feb 14 12:23 db-168.log
-rw-r--r-- 1 puppetdb puppetdb32768 Feb 14 12:23 db.data
-rw-r--r-- 1 puppetdb puppetdb28720 Feb 14 12:23 db.redo
-rw-r--r-- 1 puppetdb puppetdb0 Jan 22 10:56 lock

[root@kangaroo KahaDB]$du -sk *
9464 db-168.log
32 db.data
32 db.redo
0 lock

[root@kangaroo KahaDB]$ps auxw | grep java
puppetdb 30154  0.3  7.7 1643468 304732 ?  Sl   Jan22 108:09
/usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d

[root@kangaroo KahaDB]$rpm -qi puppetdb
Name: puppetdb Relocations: (not relocatable)
Version : 1.0.5 Vendor: (none)
Release : 1.el6 Build Date: Thu 20 Dec 2012
01:17:23 AM CET
Install Date: Mon 14 Jan 2013 09:37:27 AM CET  Build Host:
rpm-builder.puppetlabs.lan
Group   : System Environment/DaemonsSource RPM:
puppetdb-1.0.5-1.el6.src.rpm
Size: 18326834 License: ASL 2.0
Signature   : RSA/SHA1, Thu 20 Dec 2012 10:08:52 PM CET, Key ID
1054b7a24bd6ec30
URL : http://github.com/puppetlabs/puppetdb
Summary : Puppet Centralized Storage Daemon
Description :
Puppet Centralized Storage.


On Wed, Feb 13, 2013 at 7:34 PM, llowder  wrote:

>
>
> On Wednesday, February 13, 2013 12:00:40 PM UTC-6, Ken Barber wrote:
>>
>> Hi all,
>>
>> I've been looking at a potential problem, as documented here:
>>
>> http://projects.puppetlabs.**com/issues/19241
>>
>> To do with a leak within the KahaDB persistence layer of ActiveMQ.
>> Specifically, there are reports of the db.data file growing unbounded:
>>
>> https://issues.apache.org/**jira/browse/AMQ-3956
>>
>> I'm hoping to find out information from other PuppetDB users to see if
>> this is happening in the wild. What I'm hoping is that users can
>> provide me with information around the size of the files in
>> /var/lib/puppetdb/localhost/**KahaDB. For example, here is the size on
>> my test machine:
>>
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# pwd
>> /var/lib/puppetdb/mq/**localhost/KahaDB
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# du -sk *
>> 5552 db-1.log
>> 32 db.data
>> 32 db.redo
>> 0 lock
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB#
>>
>> And an indication of how long its been running:
>>
>> $ ps auxw | grep java
>> puppetdb 52606  0.3  3.6 1536236 216136 ?  Sl   13:34   0:55
>> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1g
>> -XX:+**HeapDumpOnOutOfMemoryError
>> -XX:HeapDumpPath=/var/log/**puppetdb/puppetdb-oom.hprof -jar
>> /usr/share/puppetdb/puppetdb.**jar services -c /etc/puppetdb/conf.d
>>
>> And the version of PuppetDB:
>>
>> # dpkg -l puppetdb
>> ...
>> ii  puppetdb1.1.1-1puppetlab all  PuppetDB
>> Centralized Storage.
>>
>> (rpm -qi puppetdb on Redhat based machines).
>>
>> I've so far had 1 suspected case of this (the directory was reported
>> at 17 GB), but no data to back it up - if you use PuppetDB and have
>> the time and inclination, I'd appreciate some outputs from your
>> PuppetDB hosts like the ones shown above (scrubbing private
>> information of course) - even if it looks fine - as it will help us
>> decide on the priority of this bug.
>>
>> Thanks in advance!
>>
>>
> /var/lib/puppetdb/mq/localhost/KahaDB$ du -sk *
> 7800db-1366.log
> 32  db.data
> 32  db.redo
> 0   lock
>
> $ ps auxw | grep java
> puppetdb 10913  1.5  9.1 1639876 370180 ?  Sl   Jan16 622:58
> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m
> -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
>
>
> $ dpkg -l puppetdb
> ii  puppetdb  1.0.1-1puppetlabs1PuppetDB
> Centralized Storage.
>
>
>
>> ken.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
T

Re: [Puppet Users] shared header across multiple defined types via concat

[Felix Frank]

Wait, what?

You're starship-overriding the one header resource to use whatever
target "gets lucky"? I think this is bound to break, no?

So basically you want all generated files to use the same header
template? Hmm.

I believe what you want is another defined type that represents "the
header snippet for a specific pam config file" and declares a
concat::fragment "$name-header" or somesuch. Each of the other defined
types then contains an instance of this new type, probably not passing
more than the name.

This is not a use case for virtual resources as far as I can tell.

Cheers,
Felix

On 02/12/2013 03:21 PM, Darin Perusich wrote:
> Concat::Fragment <| title == 'header' |> { target => $limits_conf,
> name => "limits" }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet with Passenger - 403 Forbidden errors???

[Felix Frank]

Hi,

what does apache commit to the error log when an agent tries to connect?

Thanks,
Felix

On 02/12/2013 10:22 PM, Gavin Williams wrote:
> Hi all
> 
> I'm trying to migrate our existing Puppet env from WeBrick to Passenger
> with Apache.
> 
> I followed the following tutorials
> http://wiki.unixcraft.com/display/MainPage/Puppet+3.0+Installation+on+Centos+6.3
> &
> http://aricgardner.com/deployment/puppet-2/puppet-master-on-centos-5-7-with-passenger-and-foreman/
> However whenever I try and communicate with the puppet master, I'm
> getting a 403 forbidden error.
> 
> ENC Classifier:
> $ ./node.rb puppet-test.card.co.uk
> Error retrieving node puppet-test.card.co.uk: Net::HTTPForbidden
> 
> Puppet Agent:
> $ sudo puppet agent -t
> Warning: Unable to fetch my node definition, but the agent run will
> continue:
> Warning: Error 403 on SERVER: Forbidden request:
> puppet-os.card.co.uk(192.168.150.118) access to
> /node/puppet-os.card.co.uk [find] at :99
> Info: Retrieving plugin
> Error: /File[/var/lib/puppet/lib]: Failed to generate additional
> resources using 'eval_generate: Error 403 on SERVER: Forbidden request:
> puppet-os.card.co.uk(192.168.150.118) access to /file_metadata/plugins
> [search] at :99
> Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on
> SERVER: Forbidden request: puppet-os.card.co.uk(192.168.150.118) access
> to /file_metadata/plugins [find] at :99 Could not retrieve file metadata
> for puppet://puppet.card.co.uk/plugins: Error 403 on SERVER: Forbidden
> request: puppet-os.card.co.uk(192.168.150.118) access to
> /file_metadata/plugins [find] at :99
> Info: Loading facts in
> /etc/puppet/modules/puppet/lib/facter/etckepper_puppet.rb
> Info: Loading facts in
> /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
> Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb
> Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
> Info: Loading facts in
> /etc/puppet/modules/concat/lib/facter/concat_basedir.rb
> Info: Loading facts in /etc/puppet/modules/act/lib/facter/oracle_sids.rb
> Info: Loading facts in /etc/puppet/modules/act/lib/facter/smo_version.rb
> Info: Loading facts in /etc/puppet/modules/firewall/lib/facter/iptables.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/oracle_sids.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/smo_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/etckepper_puppet.rb
> Error: Could not retrieve catalog from remote server: Error 403 on
> SERVER: Forbidden request: puppet-os.card.co.uk(192.168.150.118) access
> to /catalog/puppet-os.card.co.uk [find] at :99
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> Error: Could not send report: Error 403 on SERVER: Forbidden request:
> puppet-os.card.co.uk(192.168.150.118) access to
> /report/puppet-os.card.co.uk [save] at :99
> 
> Any ideas on what could be the cause?
> 
> I've checked file permissions etc, and from what I can gather they are
> correct.
> 
> Cheers in advance for any responses.
> 
> Regards
> Gavin

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Why a "execute" command show as "changed" on Dashboard?

[d . o . kip]

You are creating a 'new' file every time(well new content), so in essence, 
it is true that the configuration has changed.

To avoid this, you should make your command smarter and make sure it only 
runs when changes are in the crontab. There is no need to make a backup of 
something that has not changed.

It would probably be even better to just manage the file itself in puppet, 
giving you complete control over it, and not needing a backup anymore.

Also, creating backups by using puppet is not really good practise. Puppet 
is good at setting up a configuration, and should be about resources coming 
to a defined state, not about being a job scheduler. 

In short, there is no 'normal' way around abnormal use of Puppet ;) But of 
course workarounds are possible.

//Danny.
 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet with Passenger - 403 Forbidden errors???

[fatmcgav]

There was/is nothing in the error_log...

Cheers
Gav


On 14 February 2013 12:20, Felix Frank wrote:

> Hi,
>
> what does apache commit to the error log when an agent tries to connect?
>
> Thanks,
> Felix
>
> On 02/12/2013 10:22 PM, Gavin Williams wrote:
> > Hi all
> >
> > I'm trying to migrate our existing Puppet env from WeBrick to Passenger
> > with Apache.
> >
> > I followed the following tutorials
> >
> http://wiki.unixcraft.com/display/MainPage/Puppet+3.0+Installation+on+Centos+6.3
> > &
> >
> http://aricgardner.com/deployment/puppet-2/puppet-master-on-centos-5-7-with-passenger-and-foreman/
> > However whenever I try and communicate with the puppet master, I'm
> > getting a 403 forbidden error.
> >
> > ENC Classifier:
> > $ ./node.rb puppet-test.card.co.uk
> > Error retrieving node puppet-test.card.co.uk: Net::HTTPForbidden
> >
> > Puppet Agent:
> > $ sudo puppet agent -t
> > Warning: Unable to fetch my node definition, but the agent run will
> > continue:
> > Warning: Error 403 on SERVER: Forbidden request:
> > puppet-os.card.co.uk(192.168.150.118) access to
> > /node/puppet-os.card.co.uk [find] at :99
> > Info: Retrieving plugin
> > Error: /File[/var/lib/puppet/lib]: Failed to generate additional
> > resources using 'eval_generate: Error 403 on SERVER: Forbidden request:
> > puppet-os.card.co.uk(192.168.150.118) access to /file_metadata/plugins
> > [search] at :99
> > Error: /File[/var/lib/puppet/lib]: Could not evaluate: Error 403 on
> > SERVER: Forbidden request: puppet-os.card.co.uk(192.168.150.118) access
> > to /file_metadata/plugins [find] at :99 Could not retrieve file metadata
> > for puppet://puppet.card.co.uk/plugins: Error 403 on SERVER: Forbidden
> > request: puppet-os.card.co.uk(192.168.150.118) access to
> > /file_metadata/plugins [find] at :99
> > Info: Loading facts in
> > /etc/puppet/modules/puppet/lib/facter/etckepper_puppet.rb
> > Info: Loading facts in
> > /etc/puppet/modules/stdlib/lib/facter/puppet_vardir.rb
> > Info: Loading facts in /etc/puppet/modules/stdlib/lib/facter/root_home.rb
> > Info: Loading facts in
> /etc/puppet/modules/stdlib/lib/facter/facter_dot_d.rb
> > Info: Loading facts in
> > /etc/puppet/modules/concat/lib/facter/concat_basedir.rb
> > Info: Loading facts in /etc/puppet/modules/act/lib/facter/oracle_sids.rb
> > Info: Loading facts in /etc/puppet/modules/act/lib/facter/smo_version.rb
> > Info: Loading facts in
> /etc/puppet/modules/firewall/lib/facter/iptables.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/oracle_sids.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/iptables.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/smo_version.rb
> > Info: Loading facts in /var/lib/puppet/lib/facter/etckepper_puppet.rb
> > Error: Could not retrieve catalog from remote server: Error 403 on
> > SERVER: Forbidden request: puppet-os.card.co.uk(192.168.150.118) access
> > to /catalog/puppet-os.card.co.uk [find] at :99
> > Warning: Not using cache on failed catalog
> > Error: Could not retrieve catalog; skipping run
> > Error: Could not send report: Error 403 on SERVER: Forbidden request:
> > puppet-os.card.co.uk(192.168.150.118) access to
> > /report/puppet-os.card.co.uk [save] at :99
> >
> > Any ideas on what could be the cause?
> >
> > I've checked file permissions etc, and from what I can gather they are
> > correct.
> >
> > Cheers in advance for any responses.
> >
> > Regards
> > Gavin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet with Passenger - 403 Forbidden errors???

[Felix Frank]

Okay then, how about puppet's master log and masterhttpd log?

On 02/14/2013 01:41 PM, fatmcgav wrote:
> There was/is nothing in the error_log...
> 
> Cheers
> Gav

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Why a "execute" command show as "changed" on Dashboard?

[Tiago Cruz]

Hello Danny, nice explanation, thank you!!!

I agree with you, this is really a "new" file everytime. So let's try 
another example:

exec { "authconfig":
> command => "authconfig-tui --ldapserver=ldap://ldap.com 
> --ldapbasedn=dc=bla,dc=com --enableshadow --enablemd5 --enableldap 
> --enableldapauth --disableldaptls --enablelocauthorize --kickstart",
> path=> "/usr/bin/:/bin/:/usr/sbin",
> onlyif  => "fgrep ldap.com /etc/ldap.conf",
> }


The idea is the same: Just do the configuration if was needed, but when I 
look the report, I got:

Log
LevelMessageSourceFileLineTimenoticeexecuted successfully
/Stage[main]/Base::Ldap/Exec[authconfig]/returns
/etc/puppet/modules/base/manifests/ldap.pp362013-02-14 10:38 BRSTnoticeFinished 
catalog run in 7.56 secondsPuppet2013-02-14 10:38 BRST

What can I do to workaround this? :D

Thanks!!


Em quinta-feira, 14 de fevereiro de 2013 10h30min45s UTC-2, 
d.o...@cri-service.nl escreveu:
>
> You are creating a 'new' file every time(well new content), so in essence, 
> it is true that the configuration has changed.
>
> To avoid this, you should make your command smarter and make sure it only 
> runs when changes are in the crontab. There is no need to make a backup of 
> something that has not changed.
>
> It would probably be even better to just manage the file itself in puppet, 
> giving you complete control over it, and not needing a backup anymore.
>
> Also, creating backups by using puppet is not really good practise. Puppet 
> is good at setting up a configuration, and should be about resources coming 
> to a defined state, not about being a job scheduler. 
>
> In short, there is no 'normal' way around abnormal use of Puppet ;) But of 
> course workarounds are possible.
>
> //Danny.
>  
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Why a "execute" command show as "changed" on Dashboard?

[David Schmitt]

On 14.02.2013 13:59, Tiago Cruz wrote:

Hello Danny, nice explanation, thank you!!!

I agree with you, this is really a "new" file everytime. So let's try
another example:

exec { "authconfig":
 command => "authconfig-tui --ldapserver=ldap://ldap.com
--ldapbasedn=dc=bla,dc=com --enableshadow --enablemd5 --enableldap
--enableldapauth --disableldaptls --enablelocauthorize --kickstart",
 path=> "/usr/bin/:/bin/:/usr/sbin",
onlyif => "fgrep ldap.com /etc/ldap.conf",
 }


The idea is the same: Just do the configuration if was needed, but when
I look the report, I got:


  Log

Level   Message Source  FileLineTime
|notice||executed successfully|
|/Stage[main]/Base::Ldap/Exec[authconfig]/returns|
|/etc/puppet/modules/base/manifests/ldap.pp||36||2013-02-14 10:38 BRST|
|notice||Finished catalog run in 7.56 seconds|  |Puppet|||  
||
|2013-02-14 10:38 BRST|


What can I do to workaround this? :D


The message means that the authconfig-tui command is run *every time* 
puppet runs. This does not seem to be your intention. I guess, you 
should write "unless => [ldap is configured]" instead of "onlyif => 
[ldap is configured]"



Best Regards, David




Thanks!!


Em quinta-feira, 14 de fevereiro de 2013 10h30min45s UTC-2,
d.o...@cri-service.nl escreveu:

You are creating a 'new' file every time(well new content), so in
essence, it is true that the configuration has changed.

To avoid this, you should make your command smarter and make sure it
only runs when changes are in the crontab. There is no need to make
a backup of something that has not changed.

It would probably be even better to just manage the file itself in
puppet, giving you complete control over it, and not needing a
backup anymore.

Also, creating backups by using puppet is not really good practise.
Puppet is good at setting up a configuration, and should be about
resources coming to a defined state, not about being a job scheduler.

In short, there is no 'normal' way around abnormal use of Puppet ;)
But of course workarounds are possible.

//Danny.



--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.




--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Run Puppet Against Master with Local node.pp Manifest?

[Matthew Black]

You would not need to pull the entire SVN, puppet modules, to test out
one specific module. The only time you would need to have multiple
modules is if there is inter-dependency.

You do not need to setup a new puppet master or upload files to the
puppet master if your purpose is to test out a new or update module
(puppet apply wont talk to the puppet master).

Even if you have custom facts, functions, providers, and types they
would be executed just the same in puppet apply with the module just
like they would on the master.



On Thu, Feb 14, 2013 at 5:14 AM, Ralph Bolton  wrote:
> Pulling our whole puppet master from SVN is indeed an option. It seems like
> a bit of work, but it's possible.
>
> The issue of trying to unit test a puppet install seems to be somewhat
> addressed by the Puppet solution, although I could see that we could either
> poke a node.pp manifest onto the real Puppet Master and then run "puppet
> apply" on our test VM, or else build a 'fake' Puppet Master in the manner
> you suggest. I guess I could do that on a build box, and then have the it
> spin up a VM, and have the VM just puppet off the build box.
>
> I see a great deal of funky scripting in my future ;-)
>
> Thanks everyone for your suggestions - it's all been very helpful.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Why a "execute" command show as "changed" on Dashboard?

[Tiago Cruz]

Hei David, thank you!

Dashboard running like a boss, thanks to you guys!

Nice!!

Em quinta-feira, 14 de fevereiro de 2013 11h09min27s UTC-2, David Schmitt 
escreveu:
>
>
> The message means that the authconfig-tui command is run *every time* 
> puppet runs. This does not seem to be your intention. I guess, you 
> should write "unless => [ldap is configured]" instead of "onlyif => 
> [ldap is configured]" 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera

[Abhay]

This issue is still unresolved as of 3.1.0

# hiera -h resources -c /etc/puppet/hiera.yaml
{"webapplication2"=>{"Consumer"=>"undef"}, 
"webapplication"=>{"Consumer"=>{"2a"=>nil, "1a"=>{"offset"=>"3"}, 
"3a"=>"undef"}, "indexer"=>nil}}

hieranil.pp

$fullhash = hiera_hash(resources)
create_resources(noundefparams,$fullhash)

define noundefparams($Consumer="abc", $indexer="def"){
if $Consumer {  notify {"$Consumer":}   }
}

_
]# puppet apply hieranil.pp
Error: Received incomplete information - no value provided for parameter 
indexer at /tmp/experiment/hieranil.pp:15 on node puppet-master
Wrapped exception:
Received incomplete information - no value provided for parameter indexer
Error: Received incomplete information - no value provided for parameter 
indexer at /tmp/experiment/hieranil.pp:15 on node puppet-master


On Thursday, May 24, 2012 3:15:58 AM UTC+5:30, Jeff McCune wrote:
>
> On Tue, May 22, 2012 at 8:50 AM, Jeff McCune 
> 
> > wrote:
>
>> On Tuesday, May 22, 2012, Dan White wrote:
>>
>>> I found an answer to this particular issue.  Thanks for the reminder so 
>>> I can share the answer:
>>>
>>> I found the hiera/yaml way to indicate an empty array !
>>> So, to use my earlier example:
>>>
>>> users:
>>>  beast:
>>>  username : beast
>>>  uid  : 
>>>  ingroups :
>>>  - ''
>>>  info : Let's see if this works
>>>
>>> Then, with a hiera call, I get :
>>>
>>> {"beast"=>{"ingroups"=>[""], "uid"=>, "username"=>"beast", 
>>> "info"=>"Let's see if this works"}
>>>
>>> This is actually a non-empty array hat had one element, the empt string.
>>
>
> OK, I had a look today.  Much of the behavior of hashes and arrays whose 
> elements are not defined has been resolved in Puppet 3.0.0rc.  If you could 
> try that out it would help us make sure your problem has actually been 
> solved in Puppet.
>
> As to how to specify an empty array as the value of a hash key using Hiera 
> and Puppet, this is the way:
>
> --- 
>   username: beast
>   uid: 
>   ingroups: []
>   info: Let's see if this works
>
> Notice it's just an empty set of square braces, no empty string.
>  
>
>> This clearly seems like a bug in puppet and how it is handling Hash 
>> values. I'll take a look more as soon as I get into the office.
>>
>
> It is a bug, luckily we've fixed it in Puppet 3.0.x.  Please give the 
> release candidates a try.
>
> -Jeff 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[binaryred]

Luigi,

I find I'm in a similar situation as you, except I am not running puppet 3 
on my client, I am running puppet 2.7.  This change that you made, was it 
on the client or your puppet master?

Thanks,
Jason

On Thursday, February 14, 2013 5:31:13 AM UTC-5, Luigi Martin Petrella 
wrote:
>
> The trick worked :-)
>
> Thanks to everyone for your contribution!
>
>
> On 13 February 2013 18:26, Luigi Martin Petrella 
> 
> > wrote:
>
>> Yes, it is exactly the cause of the problem!
>> " 
>>
>> certificate_signer.rb 
>>
>> # Take care of signing a certificate in a FIPS 140-2 compliant manner.
>>  
>> #
>>
>> # @see http://projects.puppetlabs.com/issues/17295
>>  
>> #
>>
>> # @api private
>>
>> class Puppet::SSL::CertificateSigner
>>  
>>   def initialize
>>  
>> if OpenSSL::Digest.const_defined?('SHA256')
>>  
>>   @digest = OpenSSL::Digest::SHA256
>>  
>> elsif OpenSSL::Digest.const_defined?('SHA1')
>>
>>   @digest = OpenSSL::Digest::SHA1
>>
>> else
>>  
>>   raise Puppet::Error,
>>  
>> "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
>>
>> end
>>  
>> @digest
>>  
>>   end
>>  
>>  
>>
>>   def sign(content, key)
>>  
>> content.sign(key, @digest.new)
>>  
>>   end
>>  
>> end
>> "
>>
>> If I switch the order of these checks
>>
>> if OpenSSL::Digest.const_defined?('SHA256')
>>  
>>   @digest = OpenSSL::Digest::SHA256
>>  
>> elsif OpenSSL::Digest.const_defined?('SHA1')
>>
>>   @digest = OpenSSL::Digest::SHA1
>>
>>
>> probably it will work
>>
>>
>> I'll let you know..
>>
>>
>>  
>> On 13 February 2013 17:08, Matthew Black > >wrote:
>>
>>> Yes because as part of the fix it checks on the CA, when its signing
>>> the cert, whether it can support 256 or not. If it does not it drops
>>> down to a lower SHA.
>>>
>>> If you look at the pull request that is part of the ticket,
>>> specifically the changes. If you scroll down to the
>>> certificate_signer.rb change it will make more sense.
>>>
>>> https://github.com/puppetlabs/puppet/pull/1413/files
>>>
>>>
>>> On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella
>>> > wrote:
>>> > Matthew, you are right, this explain ALMOST everything
>>> >
>>> > "Puppet is using the Solaris-provided OpenSSL as part of the Ruby 
>>> install in
>>> > this case, which runs version 0.9.7 with patches and doesn’t support 
>>> sha256.
>>> > I don’t mind the idea of compiling 1.0.x but the issue still seems to 
>>> stand
>>> > that you can’t choose the digest method anymore – there is an apparent 
>>> use
>>> > of SHA256 regardless of what option you choose."
>>> >
>>> > But
>>> >
>>> > If I use as master RH4 with openssl-lib 0.9.7 I have no problem 
>>> connecting
>>> > the others RH4 nodes. This means tha Puppet don't use always  SHA256, 
>>> but
>>> > only If it is available from openssl library. Right?
>>> >
>>> > So, there are two ways (one harder then the other for me) to solve the 
>>> issue
>>> > at openssl level:
>>> > 1. install opensslib rpm for RH5 on RH4 (but there are a lot of missing
>>> > dependencies)
>>> > 2. downgrade openssl lib on Centos 6.3 master from 1.0.0 to 0.9.7
>>> > ???
>>> >
>>> > Since --digest option won't work, is there any other way to force 
>>> puppet not
>>> > to use SHA256??
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On 13 February 2013 16:16, Matthew Black > 
>>> wrote:
>>> >>
>>> >> I think this issue is related to your issue since the version
>>> >> discussed is 0.9.7.
>>> >>
>>> >> http://projects.puppetlabs.com/issues/17295
>>> >>
>>> >> What you will need to do is more than likely is update the openssl on
>>> >> the agent. I dont think it will work too well but you can try to take
>>> >> the srpm from rhel 5 or 6 and build it for rhel 4
>>> >>
>>> >>
>>> >> On Wed, Feb 13, 2013 at 8:31 AM, Luigi Martin Petrella
>>> >> > wrote:
>>> >> > Master:
>>> >> > Centos 6.3 , Puppet 3.1.0
>>> >> > Ubuntu, Puppet 3.1.0
>>> >> >
>>> >> > Agent:
>>> >> > Redhat 4, Puppet 3.1.0
>>> >> >
>>> >> > Yesterday something strange happened:
>>> >> > we tryied to connect RedHat agent with a Puppet Enterprise Master on
>>> >> > Centos
>>> >> > 6.3, and there wasn't any certificate problems and everything 
>>> worked.
>>> >> > Today we are trying with the same configuratione, but It appeared 
>>> the
>>> >> > same
>>> >> > validation errore described before
>>> >> >
>>> >> >
>>> >> >
>>> >> > On 13 February 2013 14:12, Matthew Black 
>>> >> > > 
>>> wrote:
>>> >> >>
>>> >> >> What is the versions of the puppet are being used on the client and
>>> >> >> the server? Assuming master is running on Linux, what distro and
>>> >> >> release is the master running on?
>>> >> >>
>>> >> >> I suspect the openssl might be the issue on the client.
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> On Wed, Feb 13, 2013 at 7:59 AM, Luigi Martin Petrella
>>> >> >> > wrote:
>>> >> >> > Felix, why do you think the problem is related to the 
>>> "--waitforcert"
>>> >> >> > option?
>>> >> >> > I tryied to run "puppet agent -t --waitfor

Re: [Puppet Users] Re: How to call one manifset from another

[jcbollinger]

On Thursday, February 14, 2013 4:33:01 AM UTC-6, Евгений Верещагин wrote:
>
> I think that "include" for classes, and "import" for pp-files. I learn 
> puppet second day :-)
>
>
That's about right, but it misses some important points.  For one, Puppet 
manifests are declarative, so the OP's request for a way to "call" one is 
nonsensical.  Probably one of 'include' or 'import' does what the OP wants, 
but the mindset is wrong, and that's likely to lead to difficulty.

For another, well-tested best practices dictate that pretty much all 
declarations other than node definitions should be in classes, in modules.  
As such, the 'import' function should be used only for a few very specific 
purposes -- mostly just to support node declarations being in their own 
files, outside site.pp.

For a third, 'import' doesn't necessarily do exactly what people expect.  
In particular, people sometimes expect it to function like the C 
preprocessor's '#include' directive, parsing the imported file in the 
context in which the 'import' function appears, but that's not how it 
works.  Instead, 'import' causes the specified file to be parsed as a 
stand-alone manifest.  It has its uses, but mostly it's a holdover from 
ancient days.

For a fourth, the main purpose of 'include' is different from that of 
'import': 'include' declares that the named class(es) should be applied to 
the target node.  It will cause the manifests containing named classes to 
be parsed if the class has not yet been defined (and its definition is 
where the autoloader expects to find it), but that's a side effect.  In 
contrast, causing manifests to be parsed is the whole purpose of 'import'.


John



John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[Luigi Martin Petrella]

Jason,
I did the change on master, Centos 6.3 with Puppet 3.1.0.
This modification can't be applied on Puppet 2.7.x since the class
certificate_signer.rb
doesn't exist in Puppet 2.7 source code.

What's your configuration on master and agent nodes?
What's the output of "rpm -qa | grep openssl" ?



On 14 February 2013 15:19, binaryred  wrote:

> Luigi,
>
> I find I'm in a similar situation as you, except I am not running puppet 3
> on my client, I am running puppet 2.7.  This change that you made, was it
> on the client or your puppet master?
>
> Thanks,
> Jason
>
>
> On Thursday, February 14, 2013 5:31:13 AM UTC-5, Luigi Martin Petrella
> wrote:
>
>> The trick worked :-)
>>
>> Thanks to everyone for your contribution!
>>
>>
>> On 13 February 2013 18:26, Luigi Martin Petrella > com> wrote:
>>
>>> Yes, it is exactly the cause of the problem!
>>> "
>>>
>>> certificate_signer.rb
>>>
>>> # Take care of signing a certificate in a FIPS 140-2 compliant manner.
>>>
>>> #
>>>
>>> # @see 
>>> http://projects.puppetlabs.**com/issues/17295
>>>
>>> #
>>>
>>> # @api private
>>>
>>> class Puppet::SSL::CertificateSigner
>>>
>>>   def initialize
>>>
>>> if OpenSSL::Digest.const_defined?**('SHA256')
>>>
>>>   @digest = OpenSSL::Digest::SHA256
>>>
>>> elsif OpenSSL::Digest.const_defined?**('SHA1')
>>>
>>>   @digest = OpenSSL::Digest::SHA1
>>>
>>> else
>>>
>>>   raise Puppet::Error,
>>>
>>> "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
>>>
>>> end
>>>
>>> @digest
>>>
>>>   end
>>>
>>>
>>>
>>>   def sign(content, key)
>>>
>>> content.sign(key, @digest.new)
>>>
>>>   end
>>>
>>> end
>>> "
>>>
>>> If I switch the order of these checks
>>>
>>> if OpenSSL::Digest.const_defined?**('SHA256')
>>>
>>>   @digest = OpenSSL::Digest::SHA256
>>>
>>> elsif OpenSSL::Digest.const_defined?**('SHA1')
>>>
>>>   @digest = OpenSSL::Digest::SHA1
>>>
>>>
>>> probably it will work
>>>
>>>
>>> I'll let you know..
>>>
>>>
>>>
>>> On 13 February 2013 17:08, Matthew Black  wrote:
>>>
 Yes because as part of the fix it checks on the CA, when its signing
 the cert, whether it can support 256 or not. If it does not it drops
 down to a lower SHA.

 If you look at the pull request that is part of the ticket,
 specifically the changes. If you scroll down to the
 certificate_signer.rb change it will make more sense.

 https://github.com/puppetlabs/**puppet/pull/1413/files


 On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella
  wrote:
 > Matthew, you are right, this explain ALMOST everything
 >
 > "Puppet is using the Solaris-provided OpenSSL as part of the Ruby
 install in
 > this case, which runs version 0.9.7 with patches and doesn’t support
 sha256.
 > I don’t mind the idea of compiling 1.0.x but the issue still seems to
 stand
 > that you can’t choose the digest method anymore – there is an
 apparent use
 > of SHA256 regardless of what option you choose."
 >
 > But
 >
 > If I use as master RH4 with openssl-lib 0.9.7 I have no problem
 connecting
 > the others RH4 nodes. This means tha Puppet don't use always  SHA256,
 but
 > only If it is available from openssl library. Right?
 >
 > So, there are two ways (one harder then the other for me) to solve
 the issue
 > at openssl level:
 > 1. install opensslib rpm for RH5 on RH4 (but there are a lot of
 missing
 > dependencies)
 > 2. downgrade openssl lib on Centos 6.3 master from 1.0.0 to 0.9.7
 > ???
 >
 > Since --digest option won't work, is there any other way to force
 puppet not
 > to use SHA256??
 >
 >
 >
 >
 >
 > On 13 February 2013 16:16, Matthew Black  wrote:
 >>
 >> I think this issue is related to your issue since the version
 >> discussed is 0.9.7.
 >>
 >> http://projects.puppetlabs.**com/issues/17295
 >>
 >> What you will need to do is more than likely is update the openssl on
 >> the agent. I dont think it will work too well but you can try to take
 >> the srpm from rhel 5 or 6 and build it for rhel 4
 >>
 >>
 >> On Wed, Feb 13, 2013 at 8:31 AM, Luigi Martin Petrella
 >>  wrote:
 >> > Master:
 >> > Centos 6.3 , Puppet 3.1.0
 >> > Ubuntu, Puppet 3.1.0
 >> >
 >> > Agent:
 >> > Redhat 4, Puppet 3.1.0
 >> >
 >> > Yesterday something strange happened:
 >> > we tryied to connect RedHat agent with a Puppet Enterprise Master
 on
 >> > Centos
 >> > 6.3, and there wasn't any certificate problems and everything
 worked.
 >> > Today we are trying with the same configuratione, but It appeared
 the
 >> > same
 >> > validation errore described before
 >> >
 >> >
 

[Puppet Users] Re: Referencing resource from another class

[jcbollinger]

On Thursday, February 14, 2013 5:10:43 AM UTC-6, Andriy Yurchuk wrote:
>
> Found out that it's very simple: subscribe => Class['module::class_2']
>
> On Thursday, February 14, 2013 12:20:30 PM UTC+2, Andriy Yurchuk wrote:
>>
>> class module::class_1 {
>>   service {
>> ensure => running,
>> hasrestart => true,
>> subscribe => File[/tmp/myfile],
>>   }
>> }
>>
>> class module::class_2 {
>>   file { '/tmp/myfile':
>>  source => 'puppet:///file_server/my_file',
>>   }
>> }
>>
>> Having those two classes, how do I correctly write the subscribeparameter in 
>> class_1 so that it used the file resource from class_2?
>>
>

Although you can subscribe to the whole class, that's often not what you 
want, as it really means subscribing to every resource declared by that 
class.  If only one resource is declared then that's no problem, but many 
classes are more complicated.

A very important point here is that resources are global once they are 
declared. Any resource, declared anywhere, can declare a relationship to 
any other resource, declared anywhere else, and the sites of the 
declarations do not factor into the syntax.  The syntax in your example is 
correct.

On the other hand, it is important to ensure that resources are declared 
before references to them are used.  If a resource declared in one class is 
going to declare a relationship to a resource declared in a different one, 
then you must make sure that the latter class is parsed before the former 
one's resource declaration.  As long as the latter class is not 
parametrized, the easiest and best way to accomplish that is for the former 
class to 'include' the latter at the top of its body:

class module::class_1 {
  include 'module::class_2'
  service {
ensure => running,
hasrestart => true,
subscribe => File[/tmp/myfile],
  }
}

That also has the advantage of documenting the dependency between the two 
classes.  For it to work properly, however, you should arrange your classes 
each in its own file, laid out in the way the autoloader expects.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why IF-ELSE not work?

[jcbollinger]

On Thursday, February 14, 2013 5:55:35 AM UTC-6, blalor wrote:
>
> Import is like a #include in C: it's essentially a preprocessor directive 
> and is evaluated before the if/ else. 
>
> http://docs.puppetlabs.com/puppet/2.7/reference/lang_import.html
>
>

But also, as I just remarked in another thread, 'import' causes the 
specified manifest to be parsed as a standalone manifest file.  That's 
decidedly *un*like cpp's '#include'.  As a result, it is misleading to put 
an 'import' anywhere other than at top scope.  If you are going to insist 
on using 'import', then at least do yourself the favor of putting all your 
'import' lines at the very beginning of the manifest.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: roles, profiles, and hiera

[jcbollinger]

On Wednesday, February 13, 2013 5:17:40 PM UTC-6, Chad Huneycutt wrote:
>
> I would like to have a hiera.yaml like so: 
>
> --- 
> :backends: 
>   - yaml 
> :hierarchy: 
>   - nodes/%{::hostname} 
>   - profiles/%{class_name} 
>   - common 
> :yaml: 
>   :datadir: /etc/puppet/environments/%{environment}/data 
>
>
> Am I just completely off-base? 
>
>
No, but it's spelled %{calling_class}.  There is also %{calling_module}.  
Do be aware of http://projects.puppetlabs.com/issues/14985, however.


John
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Arrays in node definition

[Dan]

Hi,

I'm struggling to get this to work and don't understand where I'm going 
wrong, can someone please guide me on how to correct?

Basically I want to get an array in my nodes.pp, which is then used by my 
templates file by cycling through it and writing a line of each element:

nodes.pp:
node test{
net::addr { 'routing':
  routes = [
{
address => '0.0.0.0',
netmask => '0.0.0.0',
gateway => '169.32.68.33',
dev => 'eth0',
},
{
address => '192.168.1.3',
netmask => '255.255.255.0',
gateway => '192.168.1.1',
dev => 'eth3',
},
  ]
}
}
When I run the puppet client i keep getting the following:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not parse for environment production: Syntax error at '='; expected 
'}' at /etc/puppet/manifests/nodes/test.pp:3 on node test.myincorp.net

Can someone please help?

Thanks
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Arrays in node definition

[Dan]

Hi,

I'm struggling to get this to work and don't understand where I'm going 
wrong, can someone please guide me on how to correct?

Basically I want to get an array in my nodes.pp, which is then used by my 
templates file by cycling through it and writing a line of each element:

nodes.pp:
node test{
net::addr { 'routing':
  routes = [
{
address => '172.29.54.70',
netmask => '255.255.255.0',
gateway => '172.29.54.65',
dev => 'eth0',
},
{
address => '192.168.1.3',
netmask => '255.255.255.0',
gateway => '192.168.1.1',
dev => 'eth3',
},
  ]
}
}
When I run the puppet client i keep getting the following:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not parse for environment production: Syntax error at '='; expected 
'}' at /etc/puppet/manifests/nodes/
test.pp:3 on node test.myincorp.net

Can someone please help?

Thanks
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera

[Dan White]

Great ! 
Now all I need is some deep hash merging... 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "Abhay"  
To: puppet-users@googlegroups.com 
Sent: Thursday, February 14, 2013 9:15:38 AM 
Subject: Re: [Puppet Users] Hiera Questions: Virtual User Resources and Hiera 

This issue is still unresolved as of 3.1.0 



# hiera -h resources -c /etc/puppet/hiera.yaml 
{"webapplication2"=>{"Consumer"=>"undef"}, 
"webapplication"=>{"Consumer"=>{"2a"=>nil, "1a"=>{"offset"=>"3"}, 
"3a"=>"undef"}, "indexer"=>nil}} 


hieranil.pp 



$fullhash = hiera_hash(resources) 
create_resources(noundefparams,$fullhash) 


define noundefparams($Consumer="abc", $indexer="def"){ 

if $Consumer { notify {"$Consumer":} } 
} 


_ 

]# puppet apply hieranil.pp 
Error: Received incomplete information - no value provided for parameter 
indexer at /tmp/experiment/hieranil.pp:15 on node puppet-master 
Wrapped exception: 
Received incomplete information - no value provided for parameter indexer 
Error: Received incomplete information - no value provided for parameter 
indexer at /tmp/experiment/hieranil.pp:15 on node puppet-master 




On Thursday, May 24, 2012 3:15:58 AM UTC+5:30, Jeff McCune wrote: 

On Tue, May 22, 2012 at 8:50 AM, Jeff McCune < je...@puppetlabs.com > wrote: 




On Tuesday, May 22, 2012, Dan White wrote: 


I found an answer to this particular issue. Thanks for the reminder so I can 
share the answer: 

I found the hiera/yaml way to indicate an empty array ! 
So, to use my earlier example: 

users: 
beast: 
username : beast 
uid :  
ingroups : 
- '' 
info : Let's see if this works 

Then, with a hiera call, I get : 

{"beast"=>{"ingroups"=>[""], "uid"=>, "username"=>"beast", "info"=>"Let's 
see if this works"} 




This is actually a non-empty array hat had one element, the empt string. 




OK, I had a look today. Much of the behavior of hashes and arrays whose 
elements are not defined has been resolved in Puppet 3.0.0rc. If you could try 
that out it would help us make sure your problem has actually been solved in 
Puppet. 


As to how to specify an empty array as the value of a hash key using Hiera and 
Puppet, this is the way: 


--- 
username: beast 
uid:  
ingroups: [] 
info: Let's see if this works 


Notice it's just an empty set of square braces, no empty string. 



This clearly seems like a bug in puppet and how it is handling Hash values. 
I'll take a look more as soon as I get into the office. 




It is a bug, luckily we've fixed it in Puppet 3.0.x. Please give the release 
candidates a try. 


-Jeff 



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com. 
To post to this group, send email to puppet-users@googlegroups.com. 
Visit this group at http://groups.google.com/group/puppet-users?hl=en . 
For more options, visit https://groups.google.com/groups/opt_out . 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Arrays in node definition

[llowder]

On Thursday, February 14, 2013 9:02:01 AM UTC-6, Dan wrote:
>
> Hi,
>
> I'm struggling to get this to work and don't understand where I'm going 
> wrong, can someone please guide me on how to correct?
>
> Basically I want to get an array in my nodes.pp, which is then used by my 
> templates file by cycling through it and writing a line of each element:
>
> nodes.pp:
> node test{
> net::addr { 'routing':
>   routes = [
> {
> address => '172.29.54.70',
> netmask => '255.255.255.0',
> gateway => '172.29.54.65',
> dev => 'eth0',
> },
> {
> address => '192.168.1.3',
> netmask => '255.255.255.0',
> gateway => '192.168.1.1',
> dev => 'eth3',
> },
>   ]
> }
> }
> When I run the puppet client i keep getting the following:
>
> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Could not parse for environment production: Syntax error at '='; expected 
> '}' at /etc/puppet/manifests/nodes/
> test.pp:3 on node test.myincorp.net
>
>
Your data structure is wrong, you have something that is somewhere between 
a hash and and array.  

If "routes" is the name of the param for the net::addr define, then you 
need to use:

routes => 

and not 

routes =

Without seeing the full code (net::addr AND the template in question), it's 
hard to say what the best total fix is, but I suspect moving things into a 
hash of hashes and calling create_resources() may be one of the best 
options.

 

> Can someone please help?
>
> Thanks
> Dan
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[binaryred]

Puppet master is running RHEL 6.3 with the following packages:

puppet-3.1.0-1.el6.noarch
puppet-server-3.1.0-1.el6.noarch
openssl-1.0.0-20.el6_2.5.x86_64

Client is running RHEL 4.8 with the following packages:

puppet-2.7.20-1
openssl-0.9.7a-43.17.el4_7.2

After changing the certificate_signer.rb file as you suggested, I rebooted 
my puppet master and cleared the cert for the client, and then removed 
/var/lib/puppet/ssl on the client as well.  I then run 'puppet agent -t' on 
the client and this is what I get:

err: Could not retrieve catalog from remote server: certificate verify 
failed: [certificate signature failure for /CN=puppetmaster.example.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: certificate verify failed: [certificate 
signature failure for /CN=puppetmaster.example.com]

Maybe this isn't an ssl issue, but I'm not sure what else would be wrong.

Jason


On Thursday, February 14, 2013 9:29:28 AM UTC-5, Luigi Martin Petrella 
wrote:
>
> Jason, 
> I did the change on master, Centos 6.3 with Puppet 3.1.0.
> This modification can't be applied on Puppet 2.7.x since the class 
> certificate_signer.rb 
> doesn't exist in Puppet 2.7 source code.
>
> What's your configuration on master and agent nodes? 
> What's the output of "rpm -qa | grep openssl" ?
>
>
>
> On 14 February 2013 15:19, binaryred >wrote:
>
>> Luigi,
>>
>> I find I'm in a similar situation as you, except I am not running puppet 
>> 3 on my client, I am running puppet 2.7.  This change that you made, was it 
>> on the client or your puppet master?
>>
>> Thanks,
>> Jason
>>
>>
>> On Thursday, February 14, 2013 5:31:13 AM UTC-5, Luigi Martin Petrella 
>> wrote:
>>
>>> The trick worked :-)
>>>
>>> Thanks to everyone for your contribution!
>>>
>>>
>>> On 13 February 2013 18:26, Luigi Martin Petrella >> com> wrote:
>>>
 Yes, it is exactly the cause of the problem!
 " 

 certificate_signer.rb 

 # Take care of signing a certificate in a FIPS 140-2 compliant manner.
  
 #

 # @see 
 http://projects.puppetlabs.**com/issues/17295
  
 #

 # @api private

 class Puppet::SSL::CertificateSigner
  
   def initialize
  
 if OpenSSL::Digest.const_defined?**('SHA256')
  
   @digest = OpenSSL::Digest::SHA256
  
 elsif OpenSSL::Digest.const_defined?**('SHA1')

   @digest = OpenSSL::Digest::SHA1

 else
  
   raise Puppet::Error,
  
 "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"

 end
  
 @digest
  
   end
  
  

   def sign(content, key)
  
 content.sign(key, @digest.new)
  
   end
  
 end
 "

 If I switch the order of these checks

 if OpenSSL::Digest.const_defined?**('SHA256')
  
   @digest = OpenSSL::Digest::SHA256
  
 elsif OpenSSL::Digest.const_defined?**('SHA1')

   @digest = OpenSSL::Digest::SHA1


 probably it will work


 I'll let you know..


  
 On 13 February 2013 17:08, Matthew Black  wrote:

> Yes because as part of the fix it checks on the CA, when its signing
> the cert, whether it can support 256 or not. If it does not it drops
> down to a lower SHA.
>
> If you look at the pull request that is part of the ticket,
> specifically the changes. If you scroll down to the
> certificate_signer.rb change it will make more sense.
>
> https://github.com/puppetlabs/**puppet/pull/1413/files
>
>
> On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella
>  wrote:
> > Matthew, you are right, this explain ALMOST everything
> >
> > "Puppet is using the Solaris-provided OpenSSL as part of the Ruby 
> install in
> > this case, which runs version 0.9.7 with patches and doesn’t support 
> sha256.
> > I don’t mind the idea of compiling 1.0.x but the issue still seems 
> to stand
> > that you can’t choose the digest method anymore – there is an 
> apparent use
> > of SHA256 regardless of what option you choose."
> >
> > But
> >
> > If I use as master RH4 with openssl-lib 0.9.7 I have no problem 
> connecting
> > the others RH4 nodes. This means tha Puppet don't use always 
>  SHA256, but
> > only If it is available from openssl library. Right?
> >
> > So, there are two ways (one harder then the other for me) to solve 
> the issue
> > at openssl level:
> > 1. install opensslib rpm for RH5 on RH4 (but there are a lot of 
> missing
> > dependencies)
> > 2. downgrade openssl lib on Centos 6.3 master from 1.0.0 to 0.9.7
> > ???
> >
> > Since --digest option won't work, is 

[Puppet Users] Windows Firewall Question

[jim]

Hello all,

I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)

I want to use puppet to add / amend or delete windows firewall rules, is 
there a tidy way of doing this 

exec { "Check_MK_Firewall_Rule_create":
command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule 
name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule 
name="Check_MK"',
}

## If I remove the unless statement, it will keep add the same rule over 
and over again, which will make the firewall rule list un-manageable


exec { "Check_MK_Firewall_Rule_enable":
command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule 
name="Check_MK" new enable=Yes',
}

## When I do a puppet run it keeps running this, is there a way to only run 
if disabled ???

Hope this make sense

regards

James

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[Luigi Martin Petrella]

Your configuration is almost the same as mine.
I'm not 100% sure but I think that after modifying certificate_signer.rb
you should re-install puppet, running "ruby install.rb" again.

(in my case, I first downloaded source code, then modified the class and
finally ran the install.rb)


On 14 February 2013 16:17, binaryred  wrote:

> Puppet master is running RHEL 6.3 with the following packages:
>
> puppet-3.1.0-1.el6.noarch
> puppet-server-3.1.0-1.el6.noarch
> openssl-1.0.0-20.el6_2.5.x86_64
>
> Client is running RHEL 4.8 with the following packages:
>
> puppet-2.7.20-1
> openssl-0.9.7a-43.17.el4_7.2
>
> After changing the certificate_signer.rb file as you suggested, I rebooted
> my puppet master and cleared the cert for the client, and then removed
> /var/lib/puppet/ssl on the client as well.  I then run 'puppet agent -t' on
> the client and this is what I get:
>
> err: Could not retrieve catalog from remote server: certificate verify
> failed: [certificate signature failure for /CN=puppetmaster.example.com
>
> warning: Not using cache on failed catalog
> err: Could not retrieve catalog; skipping run
> err: Could not send report: certificate verify failed: [certificate
> signature failure for /CN=puppetmaster.example.com]
>
> Maybe this isn't an ssl issue, but I'm not sure what else would be wrong.
>
> Jason
>
>
>
> On Thursday, February 14, 2013 9:29:28 AM UTC-5, Luigi Martin Petrella
> wrote:
>
>> Jason,
>> I did the change on master, Centos 6.3 with Puppet 3.1.0.
>> This modification can't be applied on Puppet 2.7.x since the class 
>> certificate_signer.rb
>> doesn't exist in Puppet 2.7 source code.
>>
>> What's your configuration on master and agent nodes?
>> What's the output of "rpm -qa | grep openssl" ?
>>
>>
>>
>> On 14 February 2013 15:19, binaryred  wrote:
>>
>>> Luigi,
>>>
>>> I find I'm in a similar situation as you, except I am not running puppet
>>> 3 on my client, I am running puppet 2.7.  This change that you made, was it
>>> on the client or your puppet master?
>>>
>>> Thanks,
>>> Jason
>>>
>>>
>>> On Thursday, February 14, 2013 5:31:13 AM UTC-5, Luigi Martin Petrella
>>> wrote:
>>>
 The trick worked :-)

 Thanks to everyone for your contribution!


 On 13 February 2013 18:26, Luigi Martin Petrella >>> *com> wrote:

> Yes, it is exactly the cause of the problem!
> "
>
> certificate_signer.rb
>
> # Take care of signing a certificate in a FIPS 140-2 compliant manner.
>
> #
>
> # @see 
> http://projects.puppetlabs.**com**/issues/17295
>
> #
>
> # @api private
>
> class Puppet::SSL::CertificateSigner
>
>   def initialize
>
> if OpenSSL::Digest.const_defined?('SHA256')
>
>   @digest = OpenSSL::Digest::SHA256
>
> elsif OpenSSL::Digest.const_defined?('SHA1')
>
>   @digest = OpenSSL::Digest::SHA1
>
> else
>
>   raise Puppet::Error,
>
> "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
>
> end
>
> @digest
>
>   end
>
>
>
>   def sign(content, key)
>
> content.sign(key, @digest.new)
>
>   end
>
> end
> "
>
> If I switch the order of these checks
>
> if OpenSSL::Digest.const_defined?('SHA256')
>
>   @digest = OpenSSL::Digest::SHA256
>
> elsif OpenSSL::Digest.const_defined?('SHA1')
>
>   @digest = OpenSSL::Digest::SHA1
>
>
> probably it will work
>
>
> I'll let you know..
>
>
>
> On 13 February 2013 17:08, Matthew Black  wrote:
>
>> Yes because as part of the fix it checks on the CA, when its signing
>> the cert, whether it can support 256 or not. If it does not it drops
>> down to a lower SHA.
>>
>> If you look at the pull request that is part of the ticket,
>> specifically the changes. If you scroll down to the
>> certificate_signer.rb change it will make more sense.
>>
>> https://github.com/puppetlabs/puppet/pull/1413/files
>>
>>
>> On Wed, Feb 13, 2013 at 10:37 AM, Luigi Martin Petrella
>>  wrote:
>> > Matthew, you are right, this explain ALMOST everything
>> >
>> > "Puppet is using the Solaris-provided OpenSSL as part of the Ruby
>> install in
>> > this case, which runs version 0.9.7 with patches and doesn’t
>> support sha256.
>> > I don’t mind the idea of compiling 1.0.x but the issue still seems
>> to stand
>> > that you can’t choose the digest method anymore – there is an
>> apparent use
>> > of SHA256 regardless of what option you choose."
>> >
>> > But
>> >
>> > If I use as master RH4 with openssl-lib 0.9.7 I have no problem
>> connecting
>> > the others RH4 nodes. This means th

[Puppet Users] Re: Arrays in node definition

[Dan]

On Thursday, February 14, 2013 3:12:59 PM UTC, llowder wrote:
>
>
>
> On Thursday, February 14, 2013 9:02:01 AM UTC-6, Dan wrote:
>>
>> Hi,
>>
>> I'm struggling to get this to work and don't understand where I'm going 
>> wrong, can someone please guide me on how to correct?
>>
>> Basically I want to get an array in my nodes.pp, which is then used by my 
>> templates file by cycling through it and writing a line of each element:
>>
>> nodes.pp:
>> node test{
>> net::addr { 'routing':
>>   routes = [
>> {
>> address => '172.29.54.70',
>> netmask => '255.255.255.0',
>> gateway => '172.29.54.65',
>> dev => 'eth0',
>> },
>> {
>> address => '192.168.1.3',
>> netmask => '255.255.255.0',
>> gateway => '192.168.1.1',
>> dev => 'eth3',
>> },
>>   ]
>> }
>> }
>> When I run the puppet client i keep getting the following:
>>
>> err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
>> Could not parse for environment production: Syntax error at '='; expected 
>> '}' at /etc/puppet/manifests/nodes/
>> test.pp:3 on node test.myincorp.net
>>
>>
> Your data structure is wrong, you have something that is somewhere between 
> a hash and and array.  
>
> If "routes" is the name of the param for the net::addr define, then you 
> need to use:
>
> routes => 
>
> and not 
>
> routes =
>
> Without seeing the full code (net::addr AND the template in question), 
> it's hard to say what the best total fix is, but I suspect moving things 
> into a hash of hashes and calling create_resources() may be one of the best 
> options.
>
>  
>
>> Can someone please help?
>>
>> Thanks
>> Dan
>>
>
net::addr
define net::addr (
  $address='',
  $netmask='',
  $gateway='',
  $dev='',
) {
  
  file { "route-${name}":
ensure  => 'present',
mode=> '0644',
owner   => 'root',
group   => 'root',
path=> "/etc/sysconfig/network-scripts/route-${name}",
content => template('network/addr.erb'),
}
}

Template: addr.erb:
<% routes.each do |route| -%>
  <%= route['address'] %>  <%= route['netmask'] %> <%= route['gateway'] %> 
<%= route['dev'] %>
<% end -%>
<% end -%>
<% end -%>

Any thoughts on what I can do, I'm still relatively new to puppet 
programming.

thanks
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: PuppetDB API permissions

[Erik Dalén]

You can specify a whitelist for which nodes are allowed to contact puppetdb
at all (and restrict it to only your puppetmaster), and then just send the
rest of the read queries through the proxy. If you only allow the /v2/nodes
& /v2/facts endpoints through the proxy clients can't read for example file
contents of file resources.

You could also use the filtering proxy I described in the following post to
filter the resources endpoint to hide all parameters:
https://groups.google.com/forum/?hl=en&fromgroups=#!searchin/puppet-users/puppetdb$20proxy/puppet-users/5IgsoZi6rVY/TJfaqoR7zc0J


On 13 February 2013 18:26, Vaidas Jablonskis  wrote:

> Hi Nick,
>
> My biggest concern is that nodes can access other nodes resources stored
> in PuppetDB, which effectively means that parameters like passwords and
> other sensitive information is exposed.
>
> I also wonder if PuppetDB has any sense of environments? What I mean, does
> it separate data in environments, so for example, NODE1 being in
> development environment can access NODE2's resources which is in production
> environment?
>
> Thanks,
> Vaidas
>
>
> On Friday, 26 October 2012 19:56:26 UTC+1, Nick Lewis wrote:
>>
>> On Friday, October 26, 2012 7:24:18 AM UTC-7, ak0ska wrote:
>>
>>> Hello,
>>>
>>> Is it possible to control from which nodes is it allowed to execute
>>> commands like "replace catalog" and "replace facts", and which nodes can
>>> only do queries (but no changes)? It seems like once someone could access
>>> the service through http or https (depending on jetty.ini settings) can do
>>> both.
>>>
>>>
>> Unfortunately, this isn't currently possible, though it's certainly
>> something we'd like to provide in the future. Currently the only
>> restriction that can be made is a whitelist of certnames which are allowed
>> to talk to the API, for both read and write alike.
>>
>> Until this is supported by PuppetDB itself, you could use a proxy to
>> allow only certain routes.
>>
>> If we were to add this feature, would it be sufficient to just have "no
>> access", "read access", and "read/write access" as categories, or would you
>> need something more granular than that (for instance, can query metrics but
>> not facts)?
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
>
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>



-- 
Erik Dalén

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[binaryred]

Unfortunately, I am installing my puppet agent and master with RPMs.  When 
I uninstall and reinstall the puppet agent, it blows away the 
certificate_signer.rb file and recreates it with the original file.

I have a number of systems  (not all of which I have control over) that 
I'll need to do this to or have done to them, so the method suggested is 
not appropriate.

Any other suggestions?

Thanks,
Jason

On Thursday, February 14, 2013 10:32:00 AM UTC-5, Luigi Martin Petrella 
wrote:
>
> Your configuration is almost the same as mine.
> I'm not 100% sure but I think that after modifying certificate_signer.rb 
> you should re-install puppet, running "ruby install.rb" again.
>
> (in my case, I first downloaded source code, then modified the class and 
> finally ran the install.rb)
>
>
> On 14 February 2013 16:17, binaryred >wrote:
>
>> Puppet master is running RHEL 6.3 with the following packages:
>>
>> puppet-3.1.0-1.el6.noarch
>> puppet-server-3.1.0-1.el6.noarch
>> openssl-1.0.0-20.el6_2.5.x86_64
>>
>> Client is running RHEL 4.8 with the following packages:
>>
>> puppet-2.7.20-1
>> openssl-0.9.7a-43.17.el4_7.2
>>
>> After changing the certificate_signer.rb file as you suggested, I 
>> rebooted my puppet master and cleared the cert for the client, and then 
>> removed /var/lib/puppet/ssl on the client as well.  I then run 'puppet 
>> agent -t' on the client and this is what I get:
>>
>> err: Could not retrieve catalog from remote server: certificate verify 
>> failed: [certificate signature failure for /CN=puppetmaster.example.com
>>
>> warning: Not using cache on failed catalog
>> err: Could not retrieve catalog; skipping run
>> err: Could not send report: certificate verify failed: [certificate 
>> signature failure for /CN=puppetmaster.example.com]
>>
>> Maybe this isn't an ssl issue, but I'm not sure what else would be wrong.
>>
>> Jason
>>
>>
>>
>> On Thursday, February 14, 2013 9:29:28 AM UTC-5, Luigi Martin Petrella 
>> wrote:
>>
>>> Jason, 
>>> I did the change on master, Centos 6.3 with Puppet 3.1.0.
>>> This modification can't be applied on Puppet 2.7.x since the class 
>>> certificate_signer.rb 
>>> doesn't exist in Puppet 2.7 source code.
>>>
>>> What's your configuration on master and agent nodes? 
>>> What's the output of "rpm -qa | grep openssl" ?
>>>
>>>
>>>
>>> On 14 February 2013 15:19, binaryred  wrote:
>>>
 Luigi,

 I find I'm in a similar situation as you, except I am not running 
 puppet 3 on my client, I am running puppet 2.7.  This change that you 
 made, 
 was it on the client or your puppet master?

 Thanks,
 Jason


 On Thursday, February 14, 2013 5:31:13 AM UTC-5, Luigi Martin Petrella 
 wrote:

> The trick worked :-)
>
> Thanks to everyone for your contribution!
>
>
> On 13 February 2013 18:26, Luigi Martin Petrella  **com> wrote:
>
>> Yes, it is exactly the cause of the problem!
>> " 
>>
>> certificate_signer.rb 
>>
>> # Take care of signing a certificate in a FIPS 140-2 compliant manner.
>>  
>> #
>>
>> # @see 
>> http://projects.puppetlabs.**com**/issues/17295
>>  
>> #
>>
>> # @api private
>>
>> class Puppet::SSL::CertificateSigner
>>  
>>   def initialize
>>  
>> if OpenSSL::Digest.const_defined?('SHA256')
>>  
>>   @digest = OpenSSL::Digest::SHA256
>>  
>> elsif OpenSSL::Digest.const_defined?('SHA1')
>>
>>   @digest = OpenSSL::Digest::SHA1
>>
>> else
>>  
>>   raise Puppet::Error,
>>  
>> "No FIPS 140-2 compliant digest algorithm in OpenSSL::Digest"
>>
>> end
>>  
>> @digest
>>  
>>   end
>>  
>>  
>>
>>   def sign(content, key)
>>  
>> content.sign(key, @digest.new)
>>  
>>   end
>>  
>> end
>> "
>>
>> If I switch the order of these checks
>>
>> if OpenSSL::Digest.const_defined?('SHA256')
>>  
>>   @digest = OpenSSL::Digest::SHA256
>>  
>> elsif OpenSSL::Digest.const_defined?('SHA1')
>>
>>   @digest = OpenSSL::Digest::SHA1
>>
>>
>> probably it will work
>>
>>
>> I'll let you know..
>>
>>
>>  
>> On 13 February 2013 17:08, Matthew Black  wrote:
>>
>>> Yes because as part of the fix it checks on the CA, when its signing
>>> the cert, whether it can support 256 or not. If it does not it drops
>>> down to a lower SHA.
>>>
>>> If you look at the pull request that is part of the ticket,
>>> specifically the changes. If you scroll down to the
>>> certificate_signer.rb change it will make more sense.
>>>
>>> https://github.com/puppetlabs/puppet/pull/1413/files
>>>
>>>
>>> On Wed, Feb 13, 20

Re: [Puppet Users] Re: PuppetDB API permissions

[Ken Barber]

> My biggest concern is that nodes can access other nodes resources stored in
> PuppetDB, which effectively means that parameters like passwords and other
> sensitive information is exposed.

If the data is not exported this shouldn't be the case ordinarily.
Obviously though if your content is uncontrolled it is possible for
someone to use a function from the puppet master to query data (FYI -
functions run on the puppetmaster, not the agents), which is why
content changes should be revision controlled and verified for sanity
before merging in most cases.

>From an REST API stand-point, switching on SSL provides certificate
verification, and won't allow clients who use certificates that are
not signed by the CA to connect. However, all clients have such CA's -
so if you want to restrict this you need to set a whitelist in the
jetty.ini of your PuppetDB:

http://docs.puppetlabs.com/puppetdb/1.1/configure.html#certificate-whitelist

In normal circumstances only the puppetmasters should be in such a
list, plus any API consumer you may be running internally. Basic local
box firewalling or network firewalling of the PuppetDB host is also a
good idea. As mentioned though, neither the whitelist or any
firewalling constrains the API access to read only access only - a
proxy would be better at doing this today however as the API
end-points for read and write are quite different (due to our CQRS
separation) and should be easy enough to segment.

> I also wonder if PuppetDB has any sense of environments? What I mean, does
> it separate data in environments, so for example, NODE1 being in development
> environment can access NODE2's resources which is in production environment?

No it does not. At the moment you need to provide multiple PuppetDB's
- one for each environment. There is a ticket to provide more
environment awareness within queries here:

http://projects.puppetlabs.com/issues/17785

But no mention of security constraints around environments.

This is an interesting topic though, how would you like to see it work
from your perspective?

ken.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Arrays in node definition

[David Schmitt]

On 14.02.2013 15:58, Dan wrote:

Hi,

I'm struggling to get this to work and don't understand where I'm going
wrong, can someone please guide me on how to correct?

Basically I want to get an array in my nodes.pp, which is then used by
my templates file by cycling through it and writing a line of each element:

nodes.pp:
node test{
 net::addr { 'routing':
   routes = [


its "routes => ["

Regards, D.

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] .erb templates are not properly parsed.

[Marc Bolós]

Dear,

I've been using puppet for some time now. Usually when I have a problem I 
read all documentation refered to the problem I have.

Recently I was trying to write a puppet erb template, that checks if host 
has one class defined, and if it has then writes some text to cron.

After a lot of googleing, I found that the best way to do this was:

<% if classes.include?( 'class1' ) -%>
Some text
<% end -%>

And this worked.

But when I try on the same erb file to look for other classes, then it only 
processes 1:
<% if classes.include?( 'class1' ) -%>
Some text
<% end -%>
<% if classes.include?( 'class2' ) -%>
Blah Blah Blah
<% end -%>

I can find only "Some text" inside file. But this host has class2 also 
declared. If I remove if classes.include of class1, and leave alone class2 
text, then I can see the text of class2.

Did anyone had this issue before?

Thanks for your time.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: PuppetDB & KahaDB db.data leak

[Julien Pivotto]

[root@mo-puppetmaster ~]# cd /var/lib/puppetdb/mq/localhost/KahaDB
[root@mo-puppetmaster KahaDB]# pwd 
/var/lib/puppetdb/mq/localhost/KahaDB
[root@mo-puppetmaster KahaDB]# du -sk * 
22036db-95.log
32db.data
32db.redo
0lock
[root@mo-puppetmaster KahaDB]# ps auxw | grep java 
root  9969  0.0  0.0 103300   812 pts/0S+   14:25   0:00 grep java
puppetdb 29242  0.8 16.0 1708184 330716 ?  Sl   Feb05 112:26 
/usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m 
-XX:+HeapDumpOnOutOfMemoryError 
-XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
[root@mo-puppetmaster KahaDB]# rpm -qi puppetdb
Name: puppetdb Relocations: (not relocatable)
Version : 1.0.1 Vendor: (none)
Release : 1.el6 Build Date: Tue 09 Oct 2012 
02:26:45 AM CEST
Install Date: Wed 17 Oct 2012 03:30:11 PM CEST  Build Host: 
rpm-builder.puppetlabs.lan
Group   : System Environment/DaemonsSource RPM: 
puppetdb-1.0.1-1.el6.src.rpm
Size: 18533978 License: ASL 2.0
Signature   : RSA/SHA1, Wed 10 Oct 2012 10:42:55 PM CEST, Key ID 
1054b7a24bd6ec30
URL : http://github.com/puppetlabs/puppetdb
Summary : Puppet Centralized Storage Daemon
Description :
Puppet Centralized Storage.


On Wednesday, February 13, 2013 7:00:40 PM UTC+1, Ken Barber wrote:
>
> Hi all, 
>
> I've been looking at a potential problem, as documented here: 
>
> http://projects.puppetlabs.com/issues/19241 
>
> To do with a leak within the KahaDB persistence layer of ActiveMQ. 
> Specifically, there are reports of the db.data file growing unbounded: 
>
> https://issues.apache.org/jira/browse/AMQ-3956 
>
> I'm hoping to find out information from other PuppetDB users to see if 
> this is happening in the wild. What I'm hoping is that users can 
> provide me with information around the size of the files in 
> /var/lib/puppetdb/localhost/KahaDB. For example, here is the size on 
> my test machine: 
>
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# pwd 
> /var/lib/puppetdb/mq/localhost/KahaDB 
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# du -sk * 
> 5552 db-1.log 
> 32 db.data 
> 32 db.redo 
> 0 lock 
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# 
>
> And an indication of how long its been running: 
>
> $ ps auxw | grep java 
> puppetdb 52606  0.3  3.6 1536236 216136 ?  Sl   13:34   0:55 
> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1g 
> -XX:+HeapDumpOnOutOfMemoryError 
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d 
>
> And the version of PuppetDB: 
>
> # dpkg -l puppetdb 
> ... 
> ii  puppetdb1.1.1-1puppetlab all  PuppetDB 
> Centralized Storage. 
>
> (rpm -qi puppetdb on Redhat based machines). 
>
> I've so far had 1 suspected case of this (the directory was reported 
> at 17 GB), but no data to back it up - if you use PuppetDB and have 
> the time and inclination, I'd appreciate some outputs from your 
> PuppetDB hosts like the ones shown above (scrubbing private 
> information of course) - even if it looks fine - as it will help us 
> decide on the priority of this bug. 
>
> Thanks in advance! 
>
> ken. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[Felix Frank]

On 02/14/2013 05:20 PM, binaryred wrote:
> Any other suggestions?

Yeah, actually...

> err: Could not send report: certificate verify failed: [certificate
> signature failure for /CN=puppetmaster.example.com
> ]

Is the name of your master puppetmaster.example.com?

Are you sure your puppetca is set up properly?

Regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Windows Firewall Question

[Justin Stoller]

On Thu, Feb 14, 2013 at 7:29 AM, jim  wrote:

> Hello all,
>
> I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)
>
> I want to use puppet to add / amend or delete windows firewall rules, is
> there a tidy way of doing this 
>
> exec { "Check_MK_Firewall_Rule_create":
> command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule
> name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
> unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule
> name="Check_MK"',
> }
>
> ## If I remove the unless statement, it will keep add the same rule over
> and over again, which will make the firewall rule list un-manageable
>
>
> exec { "Check_MK_Firewall_Rule_enable":
> command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule
> name="Check_MK" new enable=Yes',
> }
>
> ## When I do a puppet run it keeps running this, is there a way to only
> run if disabled ???
>
> Hope this make sense
>
> regards
>
> James
>

I belive you want to your second exec to subscribe to the first (so the
first exec only runs if the rule doesn't exist and the second only runs if
the first does).

To tidy that up you could put them in a defined type so you can write
something like:
win_firewall { "Check_MK":
  direction => in,
  action => allow,
  protocol  => TCP,
  port => 6556,
}

Of course there's a whole host of things you can do to continue tiding up.
Like creating a native type & provider for windows firewall, extending a
current type with a windows provider, or wrapping linux firewall types &
windows firewall types in a more generic 'firewall' type, that just depends
on how far you want to take it.

 - Justin


>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why IF-ELSE not work?

[Евгений Верещагин]

I want call diffrent manifest files for diffrent rules and systems. I think 
that write all rules in one file is not good idea :-)

четверг, 14 февраля 2013 г., 18:41:33 UTC+4 пользователь jcbollinger 
написал:
>
>
>
> On Thursday, February 14, 2013 5:55:35 AM UTC-6, blalor wrote:
>>
>> Import is like a #include in C: it's essentially a preprocessor directive 
>> and is evaluated before the if/ else. 
>>
>> http://docs.puppetlabs.com/puppet/2.7/reference/lang_import.html
>>
>>
>
> But also, as I just remarked in another thread, 'import' causes the 
> specified manifest to be parsed as a standalone manifest file.  That's 
> decidedly *un*like cpp's '#include'.  As a result, it is misleading to 
> put an 'import' anywhere other than at top scope.  If you are going to 
> insist on using 'import', then at least do yourself the favor of putting 
> all your 'import' lines at the very beginning of the manifest.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[binaryred]

Yeah, I just replaced my server name with that.  I've got RHEL5 and RHEL6 
machines talking to my puppet master just fine.

On Thursday, February 14, 2013 12:18:19 PM UTC-5, Felix.Frank wrote:
>
> On 02/14/2013 05:20 PM, binaryred wrote: 
> > Any other suggestions? 
>
> Yeah, actually... 
>
> > err: Could not send report: certificate verify failed: [certificate 
> > signature failure for /CN=puppetmaster.example.com 
> > ] 
>
> Is the name of your master puppetmaster.example.com? 
>
> Are you sure your puppetca is set up properly? 
>
> Regards, 
> Felix 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: roles, profiles, and hiera

[Chad Huneycutt]

It is my understanding that the calling_* variables are only available
to the puppet backend.  At least they do not work for me.
%{module_name}, on the other hand, works as I expect it to with the
yaml backend.

On Thu, Feb 14, 2013 at 9:47 AM, jcbollinger  wrote:
>
>
> On Wednesday, February 13, 2013 5:17:40 PM UTC-6, Chad Huneycutt wrote:
>>
>> I would like to have a hiera.yaml like so:
>>
>> ---
>> :backends:
>>   - yaml
>> :hierarchy:
>>   - nodes/%{::hostname}
>>   - profiles/%{class_name}
>>   - common
>> :yaml:
>>   :datadir: /etc/puppet/environments/%{environment}/data
>>
>>
>> Am I just completely off-base?
>>
>
> No, but it's spelled %{calling_class}.  There is also %{calling_module}.  Do
> be aware of http://projects.puppetlabs.com/issues/14985, however.
>
>
> John
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



--
Chad M. Huneycutt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: PuppetDB & KahaDB db.data leak

[Martin Willemsma]

[root@ ~]# cd  /var/lib/puppetdb/mq/localhost/KahaDB

[root@ KahaDB]# du -sk *
32828db-9947.log
432db-9948.log
32db.data
32db.redo
0lock

[root@ KahaDB]# ps auxw | grep java
root  5695  0.0  0.0 103232   824 pts/0R+   19:09   0:00 grep java
puppetdb 12088  6.8  7.7 4574712 309892 ?  Sl   Feb05 916:30
/usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx2048m -jar
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
activemq 31704  0.5 40.5 5655332 1611528 ? Sl2012 1279:27 java
-Dactivemq.home=/opt/activemq -Dactivemq.base=/opt/activemq
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStorePassword=password
-Djavax.net.ssl.keyStore=/opt/activemq/conf/broker.ks
-Djavax.net.ssl.trustStore=/opt/activemq/conf/broker.ts
-Dcom.sun.management.jmxremote
-Dorg.apache.activemq.UseDedicatedTaskRunner=false
-Djava.util.logging.config.file=logging.properties
-Dactivemq.conf=/opt/activemq/conf -Dactivemq.data=/opt/activemq/data
-XX:+UseCompressedOops -Xms3072m -Xmx3072m
-Djava.library.path=/opt/activemq/bin/linux/ -classpath
/opt/activemq/bin/wrapper.jar:/opt/activemq/bin/run.jar
-Dwrapper.key=IxFTP8aU4zzVoBh_ -Dwrapper.port=32000
-Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999
-Dwrapper.pid=31701 -Dwrapper.version=3.2.3
-Dwrapper.native_library=wrapper -Dwrapper.service=TRUE
-Dwrapper.cpu.timeout=10 -Dwrapper.jvmid=1
org.tanukisoftware.wrapper.WrapperSimpleApp
org.apache.activemq.console.Main start

[root@ KahaDB]# rpm -qi puppetdb
Name: puppetdb Relocations: (not relocatable)
Version : 1.1.1 Vendor: (none)
Release : 1.el6 Build Date: Fri 01 Feb 2013
11:21:27 AM CET
Install Date: Tue 05 Feb 2013 12:20:17 PM CET  Build Host:
rpm-builder.delivery.puppetlabs.net
Group   : System Environment/DaemonsSource RPM:
puppetdb-1.1.1-1.el6.src.rpm
Size: 19736313 License: ASL 2.0
Signature   : RSA/SHA1, Mon 04 Feb 2013 07:51:33 PM CET, Key ID
1054b7a24bd6ec30
URL : http://github.com/puppetlabs/puppetdb
Summary : Puppet Centralized Storage Daemon
Description :
Puppet Centralized Storage.



2013/2/14 Julien Pivotto 

>
> [root@mo-puppetmaster ~]# cd /var/lib/puppetdb/mq/localhost/KahaDB
> [root@mo-puppetmaster KahaDB]# pwd
> /var/lib/puppetdb/mq/localhost/KahaDB
> [root@mo-puppetmaster KahaDB]# du -sk *
> 22036db-95.log
>
> 32db.data
> 32db.redo
> 0lock
> [root@mo-puppetmaster KahaDB]# ps auxw | grep java
> root  9969  0.0  0.0 103300   812 pts/0S+   14:25   0:00 grep java
> puppetdb 29242  0.8 16.0 1708184 330716 ?  Sl   Feb05 112:26
> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx192m
> -XX:+HeapDumpOnOutOfMemoryError
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d
> [root@mo-puppetmaster KahaDB]# rpm -qi puppetdb
>
> Name: puppetdb Relocations: (not relocatable)
> Version : 1.0.1 Vendor: (none)
> Release : 1.el6 Build Date: Tue 09 Oct 2012
> 02:26:45 AM CEST
> Install Date: Wed 17 Oct 2012 03:30:11 PM CEST  Build Host:
> rpm-builder.puppetlabs.lan
> Group   : System Environment/DaemonsSource RPM:
> puppetdb-1.0.1-1.el6.src.rpm
> Size: 18533978 License: ASL 2.0
> Signature   : RSA/SHA1, Wed 10 Oct 2012 10:42:55 PM CEST, Key ID
> 1054b7a24bd6ec30
>
> URL : http://github.com/puppetlabs/puppetdb
> Summary : Puppet Centralized Storage Daemon
> Description :
> Puppet Centralized Storage.
>
>
> On Wednesday, February 13, 2013 7:00:40 PM UTC+1, Ken Barber wrote:
>>
>> Hi all,
>>
>> I've been looking at a potential problem, as documented here:
>>
>> http://projects.puppetlabs.**com/issues/19241
>>
>> To do with a leak within the KahaDB persistence layer of ActiveMQ.
>> Specifically, there are reports of the db.data file growing unbounded:
>>
>> https://issues.apache.org/**jira/browse/AMQ-3956
>>
>> I'm hoping to find out information from other PuppetDB users to see if
>> this is happening in the wild. What I'm hoping is that users can
>> provide me with information around the size of the files in
>> /var/lib/puppetdb/localhost/**KahaDB. For example, here is the size on
>> my test machine:
>>
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# pwd
>> /var/lib/puppetdb/mq/**localhost/KahaDB
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB# du -sk *
>> 5552 db-1.log
>> 32 db.data
>> 32 db.redo
>> 0 lock
>> root@puppetdb1:/var/lib/**puppetdb/mq/localhost/KahaDB#
>>
>> And an indication of how long its been running:
>>
>> $ ps auxw | grep java
>> puppetdb 52606  0.3  3.6 1536236 216136 ?  Sl   13:34   0:55
>> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1g
>

Re: [Puppet Users] roles, profiles, and hiera

[Chad Huneycutt]

Unfortunately not.  I am already using %{module_name}, and it works
fine.  But for what I am suggesting to work, I need to know the exact
class where the hiera call is.

- Chad

On Wed, Feb 13, 2013 at 7:49 PM, Brian Lalor  wrote:
> Will this help?
> http://docs.puppetlabs.com/puppet/3/reference/lang_variables.html#parser-set-variables
>
> --
> Brian Lalor
> bla...@bravo5.org
>
> On Feb 13, 2013, at 6:17 PM, Chad Huneycutt 
> wrote:
>
> I have been following the various blog posts about the roles and
> profiles pattern for classifying hosts, and I like it.  It doesn't
> provide a perfect fit for our infrastructure, but it is much better
> than the ad-hoc classification we do now.  I have a couple of
> questions for those that use it, though:
>
> 1. Where are you putting your role classes and profile classes?  A
> role module and a profile module makes sense to me, but it seems like
> something more tightly integrated with the Puppet DSL might be nice?
>
> 2. Assuming you have roles and profiles in modules, at what point do
> you specify the parameters to your modules?  I am particularly
> interested in the answer to this question with regards to hiera.  I
> find that I want to add roles and profiles to the hiera hierarchy, and
> I cannot come up with a way to do it.
>
> I think if hiera supported lookup by the class containing the hiera
> call, I could achieve what I want.  For instance:
>
> class profiles::oneofmyprofiles {
>  include myparameterizedclass
> }
>
> I would like to have a hiera.yaml like so:
>
> ---
> :backends:
>  - yaml
> :hierarchy:
>  - nodes/%{::hostname}
>  - profiles/%{class_name}
>  - common
> :yaml:
>  :datadir: /etc/puppet/environments/%{environment}/data
>
>
> Am I just completely off-base?
>
> --
> Chad M. Huneycutt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



-- 
Chad M. Huneycutt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Certificate verify fails without indications

[binaryred]

On my puppet master, I uninstalled my puppet RPM, downloaded the tarball 
for puppet 3.1.0, modified the source for the certificate_signer.rb, and 
ran 'ruby install.db'.  It installed the modified certificate_signer.rb 
file and runs just fine on the master (as it did before), but my client 
RHEL4 boxes still don't want to talk to the puppet master server correctly. 
 I'm still getting the same error.

Jason

On Thursday, February 14, 2013 12:54:36 PM UTC-5, binaryred wrote:
>
> Yeah, I just replaced my server name with that.  I've got RHEL5 and RHEL6 
> machines talking to my puppet master just fine.
>
> On Thursday, February 14, 2013 12:18:19 PM UTC-5, Felix.Frank wrote:
>>
>> On 02/14/2013 05:20 PM, binaryred wrote: 
>> > Any other suggestions? 
>>
>> Yeah, actually... 
>>
>> > err: Could not send report: certificate verify failed: [certificate 
>> > signature failure for /CN=puppetmaster.example.com 
>> > ] 
>>
>> Is the name of your master puppetmaster.example.com? 
>>
>> Are you sure your puppetca is set up properly? 
>>
>> Regards, 
>> Felix 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: roles, profiles, and hiera

[jcbollinger]

On Thursday, February 14, 2013 12:08:17 PM UTC-6, Chad Huneycutt wrote:
>
> It is my understanding that the calling_* variables are only available 
> to the puppet backend.  At least they do not work for me. 
> %{module_name}, on the other hand, works as I expect it to with the 
> yaml backend. 
>
>
I can't speak to whether or why these currently work for you, but they are 
certainly not targeted specifically at the Puppet back end.  They are 
mostly intended for use in your hiera configuration file (hiera.yaml), 
which is independent of any particular back end (since it's where you 
define which one(s) to use).  It's precisely the use case you described.

With that said, it looks like at least one other bug has been filed against 
this functionality in Puppet 3, so perhaps you're running up against that.  
In any case, I still say no, you're not off-base: what you're asking for is 
supposed to already work.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Really need some help:: Weird Issue with external data look up in puppet 2.6.11

[GregC]

Running puppet 2.6.11 opensource on Red Hat 5.6 client.

I cannot explain this logically but I have a directory structure like so:

/etc/puppet/manifests/hiera/hostgroups/

with directories for each of my application areas like so:

*clickz  core  devel  dns  icross  iswap  itch  puppet  test  ubuntu*


 *What is weird is that if I put anything under the directory named "core", 
the ext lookup works fine*, but if I move it to another directory or move 
the "core" directory to "core1" nothing works. *In addition having the 
extdata .csv file point hostgroup variable to any other directory does not 
work, and that's my real problem.*

Also as long as I have the yaml file in my "core"  directory it works. *Is 
there some clash or weird default for "core" involved in ext lookups??*

 I'm including my hiera.yaml and ext lookups files. If anyone has here or 
expierenced this please let me know becuase I have to dump every yaml file 
in this directory but it creates additional issues when trying to call site 
specific classes.

client .csv file
===
hostgroup,core
site,hbr5
region,us
env,uslab

hirea.yaml file:

---
:backends: - yaml

:logger: console

:hierarchy: - hostgroups/%{hostgroup}/%{hostgroup}
- hostgroups/%{hostgroup}/%{site}/%{site}
- hostgroups/%{hostgroup}/%{site}/%{hostname}
- defaults
:yaml:
   :datadir: /etc/puppet/manifests/hiera

site.pp
=
node "puppetmaster.if.icap.com" {}

# The node lookup logic works as follows:
# Puppet looks in extlookup for the hostname.  This checks the 
$datadir/*.csv files
# CSV files return region, hostgroup and site
# Puppet then uses this info to query hiera about the host

node default {
   $region= extlookup( "region" )
   $hostgroup = extlookup( "hostgroup" )
   $site  = extlookup( "site" )
   $env   = extlookup( "env" )
   hiera_include( "global_classes" ) # This is maintained in 
defaults.yaml
   hiera_include( "hostgroup_classes" )  # Maintained in 
hostgroups//.yaml
   hiera_include( "site_classes" )   # Maintained in 
hostgroups///.yaml
   hiera_include( "node_classes" )   # Maintained in 
hostgroups///.yaml
}

$extlookup_datadir = "/etc/puppet/manifests/extdata"
$extlookup_precedence = [ "%{hostname}" ]


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: PuppetDB & KahaDB db.data leak

[Chuck]

My log file is cycling at 32 MB

$ date;du -sk *
Thu Feb 14 19:35:38 UTC 2013
24288 db-12257.log
360 db.data
124 db.redo
0 lock

$ date;du -sk *
Thu Feb 14 19:37:29 UTC 2013
32816 db-12257.log
1820 db-12258.log
360 db.data
124 db.redo
0 lock

$ date;du -sk *
Thu Feb 14 19:37:47 UTC 2013
3660 db-12258.log
360 db.data
124 db.redo
0 lock

$ date;du -sk *
Thu Feb 14 19:40:00 UTC 2013
15520 db-12258.log
360 db.data
124 db.redo
0 lock

$ date;du -sk *
Thu Feb 14 19:42:41 UTC 2013
33024 db-12258.log
364 db-12259.log
360 db.data
124 db.redo
0 lock

$ ps auxw | grep puppetdb |grep -v grep
puppetdb  1486 24.6 11.7 2406524 459636 ?  Sl   Feb09 2050:43 
/usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1024m -jar 
/usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d

$ rpm -qi puppetdb
Name: puppetdb Relocations: (not relocatable)
Version : 1.1.1 Vendor: (none)
Release : 1.el6 Build Date: Fri 01 Feb 2013 
10:21:27 AM UTC
Install Date: Sat 09 Feb 2013 12:08:35 AM UTC  Build Host: 
rpm-builder.delivery.puppetlabs.net
Group   : System Environment/DaemonsSource RPM: 
puppetdb-1.1.1-1.el6.src.rpm
Size: 19736313 License: ASL 2.0
Signature   : RSA/SHA1, Mon 04 Feb 2013 06:51:33 PM UTC, Key ID 
1054b7a24bd6ec30
URL : http://github.com/puppetlabs/puppetdb
Summary : Puppet Centralized Storage Daemon
Description :
Puppet Centralized Storage.

On Wednesday, February 13, 2013 12:00:40 PM UTC-6, Ken Barber wrote:
>
> Hi all, 
>
> I've been looking at a potential problem, as documented here: 
>
> http://projects.puppetlabs.com/issues/19241 
>
> To do with a leak within the KahaDB persistence layer of ActiveMQ. 
> Specifically, there are reports of the db.data file growing unbounded: 
>
> https://issues.apache.org/jira/browse/AMQ-3956 
>
> I'm hoping to find out information from other PuppetDB users to see if 
> this is happening in the wild. What I'm hoping is that users can 
> provide me with information around the size of the files in 
> /var/lib/puppetdb/localhost/KahaDB. For example, here is the size on 
> my test machine: 
>
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# pwd 
> /var/lib/puppetdb/mq/localhost/KahaDB 
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# du -sk * 
> 5552 db-1.log 
> 32 db.data 
> 32 db.redo 
> 0 lock 
> root@puppetdb1:/var/lib/puppetdb/mq/localhost/KahaDB# 
>
> And an indication of how long its been running: 
>
> $ ps auxw | grep java 
> puppetdb 52606  0.3  3.6 1536236 216136 ?  Sl   13:34   0:55 
> /usr/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1g 
> -XX:+HeapDumpOnOutOfMemoryError 
> -XX:HeapDumpPath=/var/log/puppetdb/puppetdb-oom.hprof -jar 
> /usr/share/puppetdb/puppetdb.jar services -c /etc/puppetdb/conf.d 
>
> And the version of PuppetDB: 
>
> # dpkg -l puppetdb 
> ... 
> ii  puppetdb1.1.1-1puppetlab all  PuppetDB 
> Centralized Storage. 
>
> (rpm -qi puppetdb on Redhat based machines). 
>
> I've so far had 1 suspected case of this (the directory was reported 
> at 17 GB), but no data to back it up - if you use PuppetDB and have 
> the time and inclination, I'd appreciate some outputs from your 
> PuppetDB hosts like the ones shown above (scrubbing private 
> information of course) - even if it looks fine - as it will help us 
> decide on the priority of this bug. 
>
> Thanks in advance! 
>
> ken. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why IF-ELSE not work?

[jcbollinger]

On Thursday, February 14, 2013 11:31:54 AM UTC-6, Евгений Верещагин wrote:
>
> I want call diffrent manifest files for diffrent rules and systems. I 
> think that write all rules in one file is not good idea :-)
>


No one suggested that you should put everything on one file.  Nevertheless, 
you cannot "call" a manifest in the sense of a function.  Puppet DSL is not 
a scripting language, and manifests are not executable in any meaningful 
sense.  You need to get your head around that (among other things) to 
become proficient with Puppet.

Instead of thinking in terms of files, you should be working on modeling 
your target systems via classes.  If you lay out your classes in the 
recommended (and autoloader-supported) way, then the distinction will be 
thin, as you will have only one class or definition per file.  The point, 
however, is to harmonize your mental model with the way Puppet actually 
works.

In your case, you might write site.pp like this:

manifests/site.pp
---

# Prefer to avoid top-scope declarations other than node blocks,
# class definitions, and defined-type definitions
node default {
  # prefer to put logic in classes, keeping node blocks simple
  include 'site'
}

with a module site defined by:


modules/site/manifests/init.pp:
---

class site {
  case $operatingsystem {
redhat: { include 'site::redhat' }
centos: { include 'site::centos' }
windows: { include 'site::windows' }
default: { include 'site::default' }
  }
}


modules/site/manifests/redhat.pp
---

class site::redhat {
  # declarations for redhat systems
}


And similar classes site::centos, site::windows, and site::default as well, 
each in its own file.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: roles, profiles, and hiera

[Chad Huneycutt]

Thanks, John.  I think you are right that puppet should support it,
but I am pretty sure it does not.   I chatted with RI, and it seems
that the classname is not "exposed", so when the puppet backend does
the lookup, it figures out the classname and sets the 'calling_class'
variable before it interprets the hierarchy.  I am going to try to
hack the same thing into the yaml backend, as well as file a bug (or
+1 one) about it.

- Chad

On Thu, Feb 14, 2013 at 2:19 PM, jcbollinger  wrote:
>
>
> On Thursday, February 14, 2013 12:08:17 PM UTC-6, Chad Huneycutt wrote:
>>
>> It is my understanding that the calling_* variables are only available
>> to the puppet backend.  At least they do not work for me.
>> %{module_name}, on the other hand, works as I expect it to with the
>> yaml backend.
>>
>
> I can't speak to whether or why these currently work for you, but they are
> certainly not targeted specifically at the Puppet back end.  They are mostly
> intended for use in your hiera configuration file (hiera.yaml), which is
> independent of any particular back end (since it's where you define which
> one(s) to use).  It's precisely the use case you described.
>
> With that said, it looks like at least one other bug has been filed against
> this functionality in Puppet 3, so perhaps you're running up against that.
> In any case, I still say no, you're not off-base: what you're asking for is
> supposed to already work.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



--
Chad M. Huneycutt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: .erb templates are not properly parsed.

[jcbollinger]

On Thursday, February 14, 2013 10:35:50 AM UTC-6, Marc Bolós wrote:
>
> Dear,
>
> I've been using puppet for some time now. Usually when I have a problem I 
> read all documentation refered to the problem I have.
>
> Recently I was trying to write a puppet erb template, that checks if host 
> has one class defined, and if it has then writes some text to cron.
>
> After a lot of googleing, I found that the best way to do this was:
>


Maybe, but better by far is to avoid doing that at all.  Specifically, 
avoid writing DSL code or templates that attempt to inquire whether 
particular resources have been declared.  Such code is inherently 
parse-order sensitive, and it is, moreover, unnecessary.  Although it may 
at some times seem convenient, it is never *necessary* to inquire whether a 
given class or resource is (supposed to have been) declared.  You can 
always know, whether in an absolute or a conditional sense.

 

>
> <% if classes.include?( 'class1' ) -%>
> Some text
> <% end -%>
>
> And this worked.
>
> But when I try on the same erb file to look for other classes, then it 
> only processes 1:
> <% if classes.include?( 'class1' ) -%>
> Some text
> <% end -%>
> <% if classes.include?( 'class2' ) -%>
> Blah Blah Blah
> <% end -%>
>
> I can find only "Some text" inside file. But this host has class2 also 
> declared. If I remove if classes.include of class1, and leave alone class2 
> text, then I can see the text of class2.
>
> Did anyone had this issue before?
>
>

In all likelihood, this is a parse-order problem.  If the template() or 
inline_template() call by which you are evaluating the template is parsed 
before class2 has been assigned to the target node, then the template will 
not see it in the 'classes' array.  Such problems can sometimes be managed, 
but even then there is usually a better approach.

Inasmuch as your example is pretty synthetic, I can't say what a better 
approach would be.  If you describe your real problem more then we might 
have better suggestions.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Mcollective on FreeBSD Error

[Worker Bee]

Hello Guys;

Any clue what might be causing this?  I am using MCollective on FreeBSD.


MCollective::Agent::Puppet: MCollective::DDLValidationError
I, [2013-02-14T20:06:07.516501 #9435]  INFO -- : mcollectived:31 The
Marionette Collective 2.1.1 started logging at info level
E, [2013-02-14T20:06:07.546737 #9438] ERROR -- : agent.rb:58:in `load_ddl'
Failed to load DDL for the 'puppet' agent, DDLs are required:
NoMethodError: undefined method `requires' for
#
E, [2013-02-14T20:06:07.546946 #9438] ERROR -- : agents.rb:71:in
`loadagent' Loading agent puppet failed: Could not create instance of
plugin MCollective::Agent::Puppet: MCollective::DDLValidationError


Thanks!
Bee

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Mcollective on FreeBSD Error

[R.I.Pienaar]

- Original Message -
> From: "Worker Bee" 
> To: puppet-users@googlegroups.com
> Sent: Thursday, February 14, 2013 8:08:37 PM
> Subject: [Puppet Users] Mcollective on FreeBSD Error
> 
> Hello Guys;
> 
> Any clue what might be causing this?  I am using MCollective on FreeBSD.
> 
> 
> MCollective::Agent::Puppet: MCollective::DDLValidationError
> I, [2013-02-14T20:06:07.516501 #9435]  INFO -- : mcollectived:31 The
> Marionette Collective 2.1.1 started logging at info level
> E, [2013-02-14T20:06:07.546737 #9438] ERROR -- : agent.rb:58:in `load_ddl'
> Failed to load DDL for the 'puppet' agent, DDLs are required:
> NoMethodError: undefined method `requires' for
> #
> E, [2013-02-14T20:06:07.546946 #9438] ERROR -- : agents.rb:71:in
> `loadagent' Loading agent puppet failed: Could not create instance of
> plugin MCollective::Agent::Puppet: MCollective::DDLValidationError
> 
> 

the new puppet agent requires version 2.2.2 of mcollective at least

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Checking GIT updates

[John Coggeshall]

Hello all,

I'm using puppet to deploy my codebase from GIT. I have everything working, 
but i currently don't have any way to check to make sure there is actually 
something TO deploy before it goes through the entire process of deploying 
the code. I want to create a conditional that only re-deploys the code if 
the revision actually changed.

So far, I can have it as part of the deploy process write the contents of 
'git rev-parse HEAD' to a file, this way I can do something like this from 
BASH:

[ `cat git-current-hash` != `git rev-parse HEAD` ]

which will return true only if there is a new revision to pull. The 
question is, how do I conditional include many different file {} and other 
things only if that condition is true? If this was just an exec{} I could 
use onlyif.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Checking GIT updates

[llowder]

On Thursday, February 14, 2013 2:49:42 PM UTC-6, John Coggeshall wrote:
>
> Hello all,
>
> I'm using puppet to deploy my codebase from GIT. I have everything 
> working, but i currently don't have any way to check to make sure there is 
> actually something TO deploy before it goes through the entire process of 
> deploying the code. I want to create a conditional that only re-deploys the 
> code if the revision actually changed.
>
> So far, I can have it as part of the deploy process write the contents of 
> 'git rev-parse HEAD' to a file, this way I can do something like this from 
> BASH:
>
> [ `cat git-current-hash` != `git rev-parse HEAD` ]
>
> which will return true only if there is a new revision to pull. The 
> question is, how do I conditional include many different file {} and other 
> things only if that condition is true? If this was just an exec{} I could 
> use onlyif.
>
>
One option would be to have a post-commit hook or something that pushes the 
code, instead of polling to pull the code.
 

> John
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: PuppetDB API permissions

[Vaidas Jablonskis]

On Thursday, 14 February 2013 16:37:01 UTC, Ken Barber wrote:
>
> > My biggest concern is that nodes can access other nodes resources stored 
> in 
> > PuppetDB, which effectively means that parameters like passwords and 
> other 
> > sensitive information is exposed. 
>
> If the data is not exported this shouldn't be the case ordinarily. 
>

It actually is the case. For example a file resource does not have to be 
exported for its content to be stored in puppetdb.
 

> Obviously though if your content is uncontrolled it is possible for 
> someone to use a function from the puppet master to query data (FYI - 
> functions run on the puppetmaster, not the agents), which is why 
> content changes should be revision controlled and verified for sanity 
> before merging in most cases. 
>
> From an REST API stand-point, switching on SSL provides certificate 
> verification, and won't allow clients who use certificates that are 
> not signed by the CA to connect. However, all clients have such CA's - 
> so if you want to restrict this you need to set a whitelist in the 
> jetty.ini of your PuppetDB: 
>
>
> http://docs.puppetlabs.com/puppetdb/1.1/configure.html#certificate-whitelist 
>
> In normal circumstances only the puppetmasters should be in such a 
> list, plus any API consumer you may be running internally. Basic local 
> box firewalling or network firewalling of the PuppetDB host is also a 
> good idea. As mentioned though, neither the whitelist or any 
> firewalling constrains the API access to read only access only - a 
> proxy would be better at doing this today however as the API 
> end-points for read and write are quite different (due to our CQRS 
> separation) and should be easy enough to segment. 
>
> > I also wonder if PuppetDB has any sense of environments? What I mean, 
> does 
> > it separate data in environments, so for example, NODE1 being in 
> development 
> > environment can access NODE2's resources which is in production 
> environment? 
>
> No it does not. At the moment you need to provide multiple PuppetDB's 
> - one for each environment. There is a ticket to provide more 
> environment awareness within queries here: 
>
> http://projects.puppetlabs.com/issues/17785 
>
> But no mention of security constraints around environments. 
>
> This is an interesting topic though, how would you like to see it work 
> from your perspective? 
>
> I think just a simple separation would be sufficient. So that nodes by 
default wouldn't be able to access data from other environments.

I would also be nice to be able easily query PuppetDB API by environment, 
something like: /v2//nodes or 
/v2/nodes?environment=.
 

> ken. 
>

Thanks,
Vaidas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet Support for Windows

[Jaisol]

Hi Rich,
 
I'm new in Puppet and will start working on a windows module so I would 
like to look at your code in github. I think it's a good point to start for 
me.
Hopefully you can let me know your code name or others related to windows.
Any advice would be greatly appreciated...
 
Thanks,
Jaisol

El martes, 29 de enero de 2013 08:53:18 UTC-6, Rich Siegel escribió:

> Do you have any code on github?  Perhaps we can collaborate.  I am doing a 
> bit of windows type and provider development currently (mostly learning how 
> ;)  I have a pendinga windows clustering provider, and a windows ad dns 
> provider in the works.   I have also wrote a chocolatey provider that we 
> are now officially using on 100s of servers.
>  
>
> On Monday, January 28, 2013 5:01:10 PM UTC-5, damian@gmail.com wrote:
>
>> Hi Josh,
>>
>> First of all thanks for the quick reply.  
>>
>> The main priorities to make Puppet usable on Windows for us would be:
>>
>> 1> Control complete state of the DACL for grant (we don't use deny).
>> 2> Control inheritance on DACL (at the same time as being able to control 
>> other DACL grant entries for that object).
>> 3> Control inheritance on SACL (we only set this at a higher level).
>> 4> Set user account on Service.
>>
>> It would also be good to have the following (although don't think it 
>> would be a showstopper for adoption):
>> 5> Control ACL on local SMB shares.
>> 6> Control ACL on registry.
>>
>> And finally the nice to haves:
>> 7> (Nice to have) Set DACL on parent directory but inherit permissions on 
>> all children when using source param with multiple levels of hierarchy.
>> 8> (Nice to have) Set DACL on parent directory but inherit permissions on 
>> all children when using recurse param.
>>
>> Off the top of my head (not fully worked out all our requirements with 
>> the devs yet) I don't think we control access to any other types of windows 
>> object (e.g. service)
>>
>> I did start having a dig in the Puppet code for the file type and all of 
>> the building blocks are already there. I'm not sure how much effort it 
>> would be to write an ntfsfile class but I have started having a play with 
>> writing my own (in my spare time) but I've never written Ruby before so a 
>> reasonable learning curve (not least just to understand the mass of file 
>> and windows provider Puppet code let alone Ruby!). The permission setting 
>> methods are all there (e.g. set_acl and get_acl from security.rb including 
>> the protected parameter that i couldn't see a way of setting anywhere).  My 
>> plan was to replace the mode param on file.rb with a dacl param that could 
>> take some form of friendly dacl description.  The get_mode and set_mode 
>> methods could then be changed to translate between friendly dacl and real 
>> dacl rather than POSIX mode and dacl. 
>>
>> The friendly DACL would use something like the following to describe each 
>> ACE:
>>  ntfsfile { 'myfile.txt' :
>> require => file,
>> dacl => [ 
>>   ['user1', grant, [FULL_CONTROL]],
>>   ['user2', grant, [FILE_READ]],
>>   ['group1', grant, [FILE_READ, FILE_WRITE, 
>> CHANGE_PERMISSIONS]],
>>   ['user3', deny, [FILE_READ, FILE_WRITE, FILE_EXECUTE]]
>>  ],
>> inheritparent => false,
>> source => 'puppet://modules/something/file.txt',
>> }
>>
>>
>>
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] multiple nodes

[Michael Hüttermann]

Hello,

in case you want to manage a node with multiple masters (that may manage 
different aspects of that system): is it possible to run multiple puppet 
agent daemons on one node (listening to different masters) or to configure 
one agent daemon to listen to multiple masters? 


Thank you.



Michael


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Checking GIT updates

[Nathan Valentine]

Hey, John.

llowder's recommendation is solid. There's a write-up on how to accomplish
the push/post-commit strategy here:

https://puppetlabs.com/blog/git-workflow-and-puppet-environments/


-- 
---
Nathan Valentine - nat...@puppetlabs.com
Puppet Labs Professional Services
GV: 415.504.2173
Skype: nrvale0

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Recent Security Vulnerabilities

[Moses Mendoza]

All,

In the last few weeks, several serious security vulnerabilities have
been disclosed in components of  Ruby on Rails, Rack, the JSON
rubygem, Ruby 1.9, and certain cryptographic protocols used in
OpenSSL. These include CVE-2013-0276, CVE-2013-0277, CVE-2013-0263,
CVE-2013-0269, CVE-2013-0169, CVE-2012-6496, CVE-2012-6497,
CVE-2013-0155, and CVE-2013-0156, and the list goes on.

CVE details on all of these vulnerabilities can be found at the Mitre
website, using the CVE number as the search query, e.g.:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=

Puppet Labs has provided or is in the process of generating hotfixes
and patch releases for our products that are affected by these
vulnerabilities, which we strongly urge all users to update to as soon
as possible.

All security announcements for Puppet software are sent to the
Puppet-Announce mailing list. To follow security releases and our
other software announcements, join at
groups.google.com/group/puppet-announce.

This is just a friendly, if not urgent, reminder to all the Puppet
users that if you are using Ruby on Rails, Rack, JSON, and/or OpenSSL
outside of our products or in tandem with them in some way (e.g.
Puppet ActiveRecord-based storeconfigs), it is critical to update your
installations to the latest patch versions of this software. These
recent CVEs are no trifle. They are serious vulnerabilities with
massive potential attack payloads, including arbitrary code execution,
SQL injection, and the like (e.g. "all your hosts are belong to me").


Regards,
Moses Mendoza
Release Engineering, Puppet Labs

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] multiple nodes

[Peter Brown]

On 15 February 2013 09:02, Michael Hüttermann wrote:

> Hello,
>
> in case you want to manage a node with multiple masters (that may manage
> different aspects of that system): is it possible to run multiple puppet
> agent daemons on one node (listening to different masters) or to configure
> one agent daemon to listen to multiple masters?
>

This seems like a really bad idea to me.
Why would you need to do this?

Dependency hell comes to mind. You couldn't make any kind of linkage
between the resources managed by each master without the possibility of
some kind of clash with those resources.

The only reason I can see is separation of data between different teams
managing different services on the node but that would be easy to achieve
on one master with some kind of enc or hiera.


>
> Thank you.
>
>
>
> Michael
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] semi-standalone puppet mode

[Jakov Sosic]

On 02/13/2013 05:12 PM, Matthew Black wrote:

Without fully understanding your modules and how they interact you can
always take a copy of the site manifest and modules with the node and
then do something like this

puppet apply /etc/puppet/manifests/site.pp --modulepath=/etc/puppet/modules

I typically do something similar when testing a module without a puppet master.


Can hiera be integrated somehow in this case?


--
Jakov Sosic
www.srce.unizg.hr

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Checking GIT updates

[joe]

Puppet isn't particularly good at code deployment. Ideally, you'd package 
your code, set a package resource to ensure => latest, then update your 
package repo with the new code. Then, all the resources that subscribe to 
that package (services, etc.) would be refreshed when the package gets 
updated in your repo.

On Thursday, February 14, 2013 1:49:42 PM UTC-7, John Coggeshall wrote:
>
> Hello all,
>
> I'm using puppet to deploy my codebase from GIT. I have everything 
> working, but i currently don't have any way to check to make sure there is 
> actually something TO deploy before it goes through the entire process of 
> deploying the code. I want to create a conditional that only re-deploys the 
> code if the revision actually changed.
>
> So far, I can have it as part of the deploy process write the contents of 
> 'git rev-parse HEAD' to a file, this way I can do something like this from 
> BASH:
>
> [ `cat git-current-hash` != `git rev-parse HEAD` ]
>
> which will return true only if there is a new revision to pull. The 
> question is, how do I conditional include many different file {} and other 
> things only if that condition is true? If this was just an exec{} I could 
> use onlyif.
>
> John
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Checking GIT updates

[Brian Lalor]

On Feb 14, 2013, at 7:04 PM, joe  wrote:

> Puppet isn't particularly good at code deployment. Ideally, you'd package 
> your code, set a package resource to ensure => latest, then update your 
> package repo with the new code. Then, all the resources that subscribe to 
> that package (services, etc.) would be refreshed when the package gets 
> updated in your repo.

Why do you say "Puppet isn't particularly good at code deployment"?  What you 
described seems perfectly reasonable.  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] semi-standalone puppet mode

[Brian Lalor]

On Feb 14, 2013, at 7:01 PM, Jakov Sosic  wrote:

> On 02/13/2013 05:12 PM, Matthew Black wrote:
>> Without fully understanding your modules and how they interact you can
>> always take a copy of the site manifest and modules with the node and
>> then do something like this
>> 
>> puppet apply /etc/puppet/manifests/site.pp --modulepath=/etc/puppet/modules
>> 
>> I typically do something similar when testing a module without a puppet 
>> master.
> 
> Can hiera be integrated somehow in this case?

Sure.  Here's an example of invoking "puppet apply" with explicit Hiera 
configuration: https://github.com/blalor/vagrant-puppet-example

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Automating nagios_service resource type

[Sans]

Hi there,

I'm writing a manifests for some Nagios check, like this:


nagios_service { 'check_http_test.salesforce.com':
> use => 'generic-service',
> check_command   => 'remote-nrpe-tcp-check!test.salesforce.com!443',
> service_description => 'CON: test.salesforce',
> display_name=> 'Connection check: test.salesforce.com:443',
> servicegroups   => 'cloud',
> hostgroup_name  => 'cloud-app',
> }
>

 
There are almost 30 of them and the the only difference between the checks 
are that hostname and port number. Is there anyway to automate this 
process, instead of specifying these 30 times statically? I was thinking 
putting those values in an array and loop through it to generate the 
resultant "nagios_service.cfg". How can I do that? Cheers!!
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

I found this a while ago to so I wrote a module to do it easily.
It's on the forge here. https://forge.puppetlabs.com/rendhalver/monitoring
I also have an nrpe module which may help here
https://forge.puppetlabs.com/rendhalver/nrpe


On 15 February 2013 10:15, Sans  wrote:

> Hi there,
>
> I'm writing a manifests for some Nagios check, like this:
>
>
> nagios_service { 'check_http_test.salesforce.com':
>> use => 'generic-service',
>> check_command   => 'remote-nrpe-tcp-check!test.salesforce.com
>> !443',
>> service_description => 'CON: test.salesforce',
>> display_name=> 'Connection check: test.salesforce.com:443',
>> servicegroups   => 'cloud',
>> hostgroup_name  => 'cloud-app',
>> }
>>
>
>
> There are almost 30 of them and the the only difference between the checks
> are that hostname and port number. Is there anyway to automate this
> process, instead of specifying these 30 times statically? I was thinking
> putting those values in an array and loop through it to generate the
> resultant "nagios_service.cfg". How can I do that? Cheers!!
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Checking GIT updates

[Peter Brown]

On 15 February 2013 10:04, joe  wrote:

> Puppet isn't particularly good at code deployment. Ideally, you'd package
> your code, set a package resource to ensure => latest, then update your
> package repo with the new code. Then, all the resources that subscribe to
> that package (services, etc.) would be refreshed when the package gets
> updated in your repo.


I disagree.
I use puppet for managing code deployments.
I tend to use svn or git to roll it out because our internal software is a
moving target and not well suited to packages and because it can be
deployed multiple times on a node.
Yes I realise I could use a package for that but I find it easier to use a
source code management system.
Updating is a simple process of updating one variable that specifies the
tag to update to.


>
> On Thursday, February 14, 2013 1:49:42 PM UTC-7, John Coggeshall wrote:
>>
>> Hello all,
>>
>> I'm using puppet to deploy my codebase from GIT. I have everything
>> working, but i currently don't have any way to check to make sure there is
>> actually something TO deploy before it goes through the entire process of
>> deploying the code. I want to create a conditional that only re-deploys the
>> code if the revision actually changed.
>>
>> So far, I can have it as part of the deploy process write the contents of
>> 'git rev-parse HEAD' to a file, this way I can do something like this from
>> BASH:
>>
>> [ `cat git-current-hash` != `git rev-parse HEAD` ]
>>
>> which will return true only if there is a new revision to pull. The
>> question is, how do I conditional include many different file {} and other
>> things only if that condition is true? If this was just an exec{} I could
>> use onlyif.
>>
>> John
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Sans]

Thanks Pete, for the heads-up!
I'm gonna give it a try now. Cheers!!



On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:
>
> I found this a while ago to so I wrote a module to do it easily.
> It's on the forge here. https://forge.puppetlabs.com/rendhalver/monitoring
> I also have an nrpe module which may help here 
> https://forge.puppetlabs.com/rendhalver/nrpe
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

On 15 February 2013 10:49, Sans  wrote:

> Thanks Pete, for the heads-up!
> I'm gonna give it a try now. Cheers!!


Awesome!
I do admit the docs are a bit sparse but I have tried to name everything
with sensible descriptive names.
If you get stuck, find a bug or would like a new feature give me a shout.
I use github for my code so you can also submit a bug there if you like so
I can keep track of it.

I do use it in my infrastructure and it gets updated when I fix things.
I do also test the crap out of it before I push it to forge so that is the
best version to use.

Good luck!.

Pete.


>
>
>
>
> On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:
>>
>> I found this a while ago to so I wrote a module to do it easily.
>> It's on the forge here. https://forge.**puppetlabs.com/rendhalver/**
>> monitoring 
>> I also have an nrpe module which may help here https://forge.puppetlabs.*
>> *com/rendhalver/nrpe 
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[William Van Hevelingen]

Is there a reason your not using exported nagios resources instead?

http://docs.puppetlabs.com/guides/exported_resources.html

We're using it in production and it works quite well with puppetdb as the
backend.

William



On Thu, Feb 14, 2013 at 4:56 PM, Peter Brown  wrote:

> On 15 February 2013 10:49, Sans  wrote:
>
>> Thanks Pete, for the heads-up!
>> I'm gonna give it a try now. Cheers!!
>
>
> Awesome!
> I do admit the docs are a bit sparse but I have tried to name everything
> with sensible descriptive names.
> If you get stuck, find a bug or would like a new feature give me a shout.
> I use github for my code so you can also submit a bug there if you like so
> I can keep track of it.
>
> I do use it in my infrastructure and it gets updated when I fix things.
> I do also test the crap out of it before I push it to forge so that is the
> best version to use.
>
> Good luck!.
>
> Pete.
>
>
>>
>>
>>
>>
>> On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:
>>>
>>> I found this a while ago to so I wrote a module to do it easily.
>>> It's on the forge here. https://forge.**puppetlabs.com/rendhalver/**
>>> monitoring 
>>> I also have an nrpe module which may help here https://forge.puppetlabs.
>>> **com/rendhalver/nrpe 
>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>



-- 
Thanks,
William

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Installing on SLES 11.2?

[JB Bell]

I've been unable to get puppet installed on SLES 11.2 by the recommended method.

I've set up the repo at 
http://download.opensuse.org/repositories/systemsmanagement:/puppet/SLE_11_SP2/,
 but when I do "zypper install puppet" I get multiple dependency errors, e.g.:

Problem: nothing provides rubygems needed by rubygem-hiera-1.1.2-8.1.x86_64

I had a prior install of puppet kind of working without that repo, but I need 
to have the ruby-shadow package. A good number of articles and bug reports 
online talk about this, and supposedly that repo is the solution. I don't find 
any docs at all on the official puppetlabs site, and the old wiki references a 
repo that doesn't seem to exist anymore; at any rate, it's for SLES 10.2.

Any clues? I don't want to have to install from source--we have dozens of SLES 
servers.

Thanks for any help you can provide. Ideally I'd like a step-by-step for SLES, 
but anything would be good.


J B Bell
Test Environment Professional
Ericsson ITTE

4333 Still Creek Drive
Burnaby, BC  V5C 6S6, Canada
Phone +1 778.373.7150
jb.b...@ericsson.com
www.ericsson.com




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Peter Brown]

On 15 February 2013 11:15, William Van Hevelingen  wrote:

> Is there a reason your not using exported nagios resources instead?
>

Are you asking me or the OP?
I use exported resources extensively in my monitoring modules.



>
> http://docs.puppetlabs.com/guides/exported_resources.html
>
> We're using it in production and it works quite well with puppetdb as the
> backend.
>
> William
>
>
>
> On Thu, Feb 14, 2013 at 4:56 PM, Peter Brown  wrote:
>
>> On 15 February 2013 10:49, Sans  wrote:
>>
>>> Thanks Pete, for the heads-up!
>>> I'm gonna give it a try now. Cheers!!
>>
>>
>> Awesome!
>> I do admit the docs are a bit sparse but I have tried to name everything
>> with sensible descriptive names.
>> If you get stuck, find a bug or would like a new feature give me a shout.
>> I use github for my code so you can also submit a bug there if you like
>> so I can keep track of it.
>>
>> I do use it in my infrastructure and it gets updated when I fix things.
>> I do also test the crap out of it before I push it to forge so that is
>> the best version to use.
>>
>> Good luck!.
>>
>> Pete.
>>
>>
>>>
>>>
>>>
>>>
>>> On Friday, February 15, 2013 12:17:49 AM UTC, Pete wrote:

 I found this a while ago to so I wrote a module to do it easily.
 It's on the forge here. https://forge.**puppetlabs.com/rendhalver/**
 monitoring 
 I also have an nrpe module which may help here
 https://forge.puppetlabs.**com/rendhalver/nrpe

  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To post to this group, send email to puppet-users@googlegroups.com.
>>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>>
>>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
>
>
> --
> Thanks,
> William
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Relize uses buy groups membership

[Kubes]

Hello,

I have created my users via virtual definitions and hiera.  Now I want to 
realize the virutal users by "groups".

I have an trying the following syntax:
User::Virtual <| groups == wheel |>


BTW:  This works fine:
User::Virtual <| title == bsmith |>

Is the there a comparison for "in" for the spaceship operator?  As group is 
an array.

Any other ideas how to realize a entire group of admins?

Thanks


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Windows Firewall Question

[ad]

Hey Jim,

As someone who generally hates using execs unless I absolutely have to, I 
would recommend using the Puppet Labs registry module. I can dig out some 
examples tomorrow if you like.

Adam

On Thursday, February 14, 2013 9:29:52 AM UTC-6, jim wrote:
>
> Hello all,
>
> I'm currently running 2.7.19 (Puppet Enterprise 2.7.0)
>
> I want to use puppet to add / amend or delete windows firewall rules, is 
> there a tidy way of doing this 
>
> exec { "Check_MK_Firewall_Rule_create":
> command => 'C:\Windows\System32\netsh.exe advfirewall firewall add rule 
> name="Check_MK" dir=in action=allow protocol=TCP localport=6556',
> unless => 'C:\Windows\System32\netsh.exe advfirewall firewall show rule 
> name="Check_MK"',
> }
>
> ## If I remove the unless statement, it will keep add the same rule over 
> and over again, which will make the firewall rule list un-manageable
>
>
> exec { "Check_MK_Firewall_Rule_enable":
> command => 'C:\Windows\System32\netsh.exe advfirewall firewall set rule 
> name="Check_MK" new enable=Yes',
> }
>
> ## When I do a puppet run it keeps running this, is there a way to only 
> run if disabled ???
>
> Hope this make sense
>
> regards
>
> James
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet and Mcollective yaml file changing when it shouldn't

[Zane Williamson]

Excellent, the erb template method is working great.  Thank you for the 
information.

On Thursday, December 13, 2012 5:06:54 PM UTC-8, Zane Williamson wrote:
>
> Has anyone else ran into this?
>
> debug: /Stage[main]/Mcollective/File[/var/tmp/facts.yaml]/content: 
> Executing 'diff -u /var/tmp/facts.yaml 
> /tmp/puppet-file20121214-13448-933j3r-0'
> notice: /Stage[main]/Mcollective/File[/var/tmp/facts.yaml]/content: 
> --- /var/tmp/facts.yaml 2012-12-14 00:53:20.0 +
> +++ /tmp/puppet-file20121214-13448-933j3r-0 2012-12-14 00:55:35.0 
> +
> @@ -93,13 +93,13 @@
>architecture: *id002
>processor14: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz
> -  type: Rack Mount Chassis
>processor20: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz
> +  type: Rack Mount Chassis
>domain: mochimedia.net
>timezone: UTC
>title: mcollective
> -  diskdrives: sda
> +  diskdrives: sda
>ipaddress_eth1: 10.0.8.71
>processor8: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz
>processor11: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz
>
> When Puppet comparse the /var/tmp/facts.yaml file to the file in the 
> Filebucket it adds some replaces some entries with an extra space.  It 
> appears to add a couple different entries each run.  
>
> Here is the file resource --
>
>  "/var/tmp/facts.yaml":
>   owner=> root,
>   group=> root,
>   mode => 400,
>   loglevel => debug,
>   content  => inline_template("<%= scope.to_hash.reject { |k,v| k.to_s 
> =~ /(uptime_seconds|uptime_hours|timestamp|free)/ }.to_yaml %>")
>
> Any thoughts or suggestions?  Seems like an odd one to me.
>
> -Z
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Installing on SLES 11.2?

[Niels Abspoel]

For the ruby depencies you need the following repositories on SLE_11_SP2:

devel:languages:ruby:backports/SLE_11_SP2

and of course:
SUSE:SLE-11:SP2/standard

See for more information:
https://build.opensuse.org/project/repositories?project=systemsmanagement%3Apuppet

Hope this helps.

Op vrijdag 15 februari 2013 02:18:33 UTC+1 schreef JB Bell het volgende:
>
>  I've been unable to get puppet installed on SLES 11.2 by the recommended 
> method.
>  
> I've set up the repo at *
> http://download.opensuse.org/repositories/systemsmanagement:/puppet/SLE_11_SP2/
> *,
>  
> but when I do "zypper install puppet" I get multiple dependency errors, 
> e.g.:
>  
> Problem: nothing provides rubygems needed by rubygem-hiera-1.1.2-8.1.x86_64
>  
> I had a prior install of puppet kind of working without that repo, but I 
> need to have the ruby-shadow package. A good number of articles and bug 
> reports online talk about this, and supposedly that repo is the solution. I 
> don't find any docs at all on the official puppetlabs site, and the old 
> wiki references a repo that doesn't seem to exist anymore; at any rate, 
> it's for SLES 10.2.
>  
> Any clues? I don't want to have to install from source--we have dozens of 
> SLES servers.
>  
> Thanks for any help you can provide. Ideally I'd like a step-by-step for 
> SLES, but anything would be good.
>  
>  
> *J B Bell
> Test Environment Professional*
> *Ericsson ITTE
>
> *4333 Still Creek Drive
> Burnaby, BC  V5C 6S6, Canada
> Phone +1 778.373.7150
> jb@ericsson.com 
> *www.ericsson.com*  
>   
>  
>  
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] virtual resources: cannot change gid before delete group

[Vlados Vlados]

Please help.
I using virtual resource @user and @group.

If i using next construction i get error with cycles
class  users {
  Group <| ENABLED_GROUPS |>   ->User <| ENABLED_USERS' |> ->  User 
<| DISABLED_USERS' |>  ->Group <| DISABLED_GROUPS |> 
}

This construction good, but puppet don't want change gid before delete 
vacant group.
class  users {
  Group <| ENABLED_GROUPS |>   ->User <| ENABLED_USERS' |>
  User <| DISABLED_USERS' |>  ->Group <| DISABLED_GROUPS |> 
}


I think, firstly,  gid must apply to user. Then delete vacant group.

I got error
Notice: /Stage[main]/Users::Groups_list/Group[shvakov]/ensure: created
Notice: /Stage[main]/Users::Groups_list/Group[developers]/ensure: removed

Error: Could not delete group admins: Execution of '/usr/sbin/groupdel 
admins' returned 8: groupdel: cannot remove the primary group of user 
'shvakov'
Error: /Stage[main]/Users::Groups_list/Group[admins]/ensure: change from 
present to absent failed: Could not delete group admins: Execution of 
'/usr/sbin/groupdel admins' returned 8: groupdel: cannot remove the primary 
group of user 'shvakov'

Notice: /Stage[main]/Users::Users_list/User[shvakov]/gid: gid changed 
'10' to '10110'
Notice: Finished catalog run in 3.32 seconds

How change gid before delete group?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Automating nagios_service resource type

[Sans]

I'm also using Exported-resource in my module and, if I understood 
correctly, I still need to loop through the same sort values, e.g.

addr1   port1
addr2   port2
.

on the same host to construct the checks. My understanding of storeconfig, 
it works pretty well for collecting similar type of values from different 
hosts. Is it possible to put together a few lines code for reference? 
Cheers!!



On Friday, February 15, 2013 1:15:22 AM UTC, blkperl wrote:
>
> Is there a reason your not using exported nagios resources instead?
>
> http://docs.puppetlabs.com/guides/exported_resources.html
>
> We're using it in production and it works quite well with puppetdb as the 
> backend.
>
> William
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.