[Puppet Users] Puppet with Passenger - 403 Forbidden
Morning all Am in the process of testing a migration of Puppet 3 from webrick to Puppet. Have found the foreman modules (https://github.com/theforeman) which seems to take care of a lot of the leg-work... However having got Puppet running with Passenger in Apache, whenever trying to access the Puppet master from a client, I was getting a '403 Forbidden error'. Have dug around a bit, I found the auth.conf file. Made a slight tweak as follows: -bash-4.1$ git diff templates/auth.conf.erb diff --git a/templates/auth.conf.erb b/templates/auth.conf.erb index 04ef5c6..f064584 100644 --- a/templates/auth.conf.erb +++ b/templates/auth.conf.erb @@ -104,3 +104,4 @@ allow <%= puppetmaster rescue fqdn %> # of showing the default policy, which is deny everything else path / auth any +allow * Restarted Apache, and Puppet agent sprang into Life... So looking at the file, it's the default Puppet auth.conf file, so the question becomes - Should the above additional line be required? Or is it masking something else? Cheers Gavin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Restructure puppet modules
Mm ok then I'll drop the idea and try to go with modules..
The other problem now is that I should somehow switch from an architecture
which was provisioned but never correctly maintained with puppet
to using puppet master and all these nice things, which is not going to be
trivial..
On Monday, March 11, 2013 7:42:07 PM UTC, joe wrote:
>
> Modules are not overkill and are, in fact, the only way you can do what
> you intend.
>
> There is currently no module structure that would allow you organize your
> manifests the way you'd like and still be able to apply classes flexibly.
>
> The reason for this is that the module structure in puppet is mostly a
> file naming convention that allows the master to locate particular
> classes. If you wish to flexibly include/declare classes as you wish, the
> only way puppet would be able to find them and flexibly apply them would be
> to follow the module convention.
>
> For instance, for a class nginx, the *only* place puppet can find that and
> apply it flexibly is if it is located in $moduledir/nginx/manifests/init.pp.
>
> Otherwise, you'd have to still rely on import and then have a *ton* of
> conditionals everywhere to figure out whether to actually apply each class.
> This is not maintainable at all.
>
> Go with modules. You'll have many fewer issues later.
>
> On Monday, March 11, 2013 12:23:47 PM UTC-6, Andrea Crotti wrote:
>>
>> So far we have a similar situation, for each different server one fabric
>> and one puppet file, where the fabric file simply applies it in a brutal
>> way.
>>
>>
>> with settings(user='root'):
>> put('qa.pp', 'qa.pp')
>> put('puppet apply qa.pp')
>>
>> And puppet files don't use anything like classes or modules, but simply:
>>
>> package {["nginx", "python-virtualenv", "rsync", "autossh",
>> "redis-server", "git-core", "python-dev", "ntp"]:
>> ensure => installed}
>>
>> service { 'nginx' :
>> ensure => "running",
>> enable => true,
>> hasrestart => true,
>> require => Package["nginx"]
>> }
>>
>>
>> Now there are many issues with the current setup, where the first is we
>> are not really managing our servers, but we can only provision them..
>>
>> The second big problem is that there is a lot of repetition everywhere
>> and the third is that I can't easily provision multiple services on a
>> single machine (if they were supposed initially to run on different
>> machines).
>>
>> Now I read some doc and in theory it looks like I should create one
>> module per each service.
>>
>> - nginx
>> + templates
>> + manifests
>>
>> - couch
>> + templates
>> + manifests
>>
>> this is however overkill for me, what I think would make more sense
>> would be
>>
>> - templates
>> + nginx
>> + couch
>>
>> - manifests
>> + base.pp
>> + couch.pp
>> ..
>>
>> Is it possible to use such a structure though?
>>
>> I just want to be able to use classes smartly, avoid duplication and
>> start working with puppetmaster instead of this silly way..
>>
>> Any advice?
>> Thanks
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet with Passenger - 403 Forbidden
On 12/03/13 09:09, Gavin Williams wrote: > Morning all > > Am in the process of testing a migration of Puppet 3 from webrick to > Puppet. > > Have found the foreman modules (https://github.com/theforeman) which > seems to take care of a lot of the leg-work... > However having got Puppet running with Passenger in Apache, whenever > trying to access the Puppet master from a client, I was getting a '403 > Forbidden error'. > > Have dug around a bit, I found the auth.conf file. Made a slight tweak > as follows: > -bash-4.1$ git diff templates/auth.conf.erb > diff --git a/templates/auth.conf.erb b/templates/auth.conf.erb > index 04ef5c6..f064584 100644 > --- a/templates/auth.conf.erb > +++ b/templates/auth.conf.erb > @@ -104,3 +104,4 @@ allow <%= puppetmaster rescue fqdn %> > # of showing the default policy, which is deny everything else > path / > auth any > +allow * > > Restarted Apache, and Puppet agent sprang into Life... > > So looking at the file, it's the default Puppet auth.conf file, so the > question becomes - Should the above additional line be required? Or is > it masking something else? It shouldn't be required - I think your suspicion that it's masking something is correct. The last line in the default auth.conf is a deny all, so you're changing this to an allow all, giving access to any catalog or file to any client. Do you have any indication on the client as to what request failed? i.e. was it the catalog request, or pluginsync etc. You can try correlating the error to Apache's access log to verify the URL it's trying to access on the puppetmaster. If you're using the Foreman modules, you shouldn't have this issue, but you should have some RequestHeader lines in the puppetmaster vhost that set client certificate details and SSLCACertificateFile + SSLVerifyClient to enable verification. It could be that the client cert isn't getting verified by mod_ssl and so the puppetmaster can't use the client's identity to permit access to URLs. -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Issue with Mcollective on puppet master and agent
Hello guys, I have installed Mcollective server on puppet agent and Mcollective client and ActiveMQ on puppet master and they are working fine. I m able to ping mcollective servers from mcollective client using* mco ping *. But i have one query: => Since we use same username and password for stomp on each mcollcetive client(client.cfg) and same username n password is used on mcollective server(server.cfg), So there is no security. If we install mcollective server on any client(on puppet agent) and use same username password(Stomp), So we can run all mco commands from that node also. So i want secure mechanism so that username and password should not be shared. What can i do for it? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Issue with Mcollective on puppet master and agent
- Original Message - > From: "Sonal Singhal" > To: puppet-users@googlegroups.com > Sent: Tuesday, March 12, 2013 9:47:41 AM > Subject: [Puppet Users] Issue with Mcollective on puppet master and agent > > Hello guys, >I have installed Mcollective server on puppet agent and > Mcollective client and ActiveMQ on puppet master and they are working fine. > I m able to ping mcollective servers from mcollective client using* mco ping > *. But i have one query: > > => Since we use same username and password for stomp on each mcollcetive > client(client.cfg) and same username n password is used on mcollective > server(server.cfg), So there is no security. If we install mcollective > server on any client(on puppet agent) and use same username > password(Stomp), So we can run all mco commands from that node also. So i > want secure mechanism so that username and password should not be shared. > What can i do for it? to achieve security you need to configure one of the mcollective security plugins - by default its using a pre shared key system which is not very secure. I'd recommend looking at the security overview doc which will give you a overview http://docs.puppetlabs.com/mcollective/security.html And then looking at deploying the following combination: * Stomp with verified TLS to activemq * The MCollective SSL security plugin[1] * Authorization plugin[2] to limit what actions users can perform * Set up auditing[3] to get logs of actions that were taken by who perhaps using logstash and our plugin[4] [1] http://docs.puppetlabs.com/mcollective/reference/plugins/security_ssl.html [2] http://docs.puppetlabs.com/mcollective/simplerpc/authorization.html [3] http://docs.puppetlabs.com/mcollective/simplerpc/auditing.html [4] https://github.com/puppetlabs/mcollective-logstash-audit#readme -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error: stack level too deep
On Mon, Mar 11, 2013 at 9:25 PM, Luca Gioppo wrote: > I'm running a previously working set of modules with the Puppet master > version 3.1.0-rc2. > > I'm getting the Error: stack level too deep On a complete hunch, what version of activerecord or the other active* Ruby modules are you running? I think I remember hitting this when I upgraded to a 'too recent' version when using storeconfigs. Alas, I can't remember the versions involved now, and no longer have access to the environment this occurred in. Hopefully this might be enough to trigger other folks' memories if they've hit it so you can get a bit more concrete advice. Regards, Matt. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error: stack level too deep
I'm using puppet-dashboard with MySQL (I know is deprecated, but we started with this model before puppetDB and I hope we'll manage to use it for a bit longer) I had a few problems in installing the active records: I install the puppet master machine with scripts and this run didn't manage to install activerecords and I found errors in puppet master so had to install it by hand (this should have raised a warning on this machine) So is possible that there are problems around, but I tryed to install the latest stuff to test things out and here comes the problems. These are the gems abstract (1.0.0) actionmailer (3.0.0) actionpack (3.0.0) activemodel (3.2.12, 3.0.0) activerecord (3.2.12, 3.0.0) activerecord-mysql-adapter (0.0.1) activeresource (3.0.0) activesupport (3.2.12, 3.0.0) arel (3.0.2, 1.0.1) builder (3.0.4, 2.1.2) bundler (1.0.22) erubis (2.6.6) i18n (0.6.4, 0.4.2) json (1.5.1) mail (2.2.19) mime-types (1.21) multi_json (1.6.1) mysql (2.9.1, 2.8.1) polyglot (0.3.3) rack (1.2.8) rack-mount (0.6.14) rack-test (0.5.7) rails (3.0.0) railties (3.0.0) rake (0.8.7) stomp (1.2.2) thor (0.14.6) treetop (1.4.12) tzinfo (0.3.36) This is the sequence I use to install puppet: rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-6.noarch.rpm yum install --nogpgcheck -y puppet-server #operazioni da fare per collegare puppet server a mysql yum install --nogpgcheck -y ruby-mysql yum install --nogpgcheck -y rubygems ruby-devel mysql-devel gem install rails -v 3.0 --no-ri --no-rdoc #installare mcollective client yum install --nogpgcheck -y rubygem-stomp yum install --nogpgcheck -y mcollective mcollective-client mcollective-common #install java (openjdk will do) yum install --nogpgcheck -y java-1.6.0-openjdk.x86_64 rpm -ivh http://yum.puppetlabs.com/el/6/dependencies/x86_64/tanukiwrapper-3.5.9-1.el6.x86_64.rpm rpm -ivh http://yum.puppetlabs.com/el/6/dependencies/x86_64/activemq-5.5.0-1.el6.noarch.rpm # puppet dashboard yum install --nogpgcheck -y puppet-dashboard Thanks Luca 2013/3/12 Matthew Burgess > On Mon, Mar 11, 2013 at 9:25 PM, Luca Gioppo wrote: > > I'm running a previously working set of modules with the Puppet master > > version 3.1.0-rc2. > > > > I'm getting the Error: stack level too deep > > On a complete hunch, what version of activerecord or the other active* > Ruby modules are you running? I think I remember hitting this when I > upgraded to a 'too recent' version when using storeconfigs. Alas, I > can't remember the versions involved now, and no longer have access to > the environment this occurred in. Hopefully this might be enough to > trigger other folks' memories if they've hit it so you can get a bit > more concrete advice. > > Regards, > > Matt. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] RE: puppet agent and android or IPhone ?
There is no anwser to the question about puppet and Android, does that mean that there is no Puppet agent for android ? Cordialement, Bernard Granier CE Plateforme Système bernard.gran...@morpho.com 01 58 11 32 51 -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of GRANIER Bernard (MORPHO) Sent: Monday, March 11, 2013 3:55 PM To: puppet-users@googlegroups.com Subject: [SUSPECTED SPOOFING] [Puppet Users] puppet agent and android or IPhone ? " Bien que provenant d’une adresse interne au groupe SAFRAN, ce mail a été émis depuis l’INTERNET. Il est possible que ce soit une tentative d’usurpation d’identité. D’avance merci donc de ne pas cliquer sur les liens et ouvrir les pièces attachées sans vous être assuré préalablement de la légitimité de ce message (vérification de l’origine du message auprès de son émetteur) et/ou de contacter votre RSSI en cas de doute. A noter que les notifications émises par certains systèmes hébergées hors du groupe SAFRAN sont susceptibles d’avoir ce comportement, sans que ce soit à considérer comme une action malveillante. " " Although this email is originated from an internal SAFRAN address, it was sent from the INTERNET. It might be a spoofing attempt. Please do not click on links and attachments without first making sure of the legitimacy of this message (to be checked directly with sender) and / or report to your Security officer in case of any doubt. Please note that the notifications issued by some systems hosted outside the SAFRAN group are likely to have this behavior, even if these emails should not be considered as malicious actions. " Hi, Is there a puppet agent available for Android or IPhone ? Sincerly, Bernard Granier CE Plateforme Système bernard.gran...@morpho.com 01 58 11 32 51 # " This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." # -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. # " This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." # -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Shorten require list
Hi,
I have an Exec which requires a lot of packages (15-20):
Exec { 'name':
...
require => [ Package['first'], Package['second'], Package['third'], ... ]
}
Is there a way to shorten this list and make it easier to read?
Gergo Erdosi
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Only running database_grant the first time.
I'm using puppet through Vagrant to manage my dev VM, and as part of that I have a few database grants that I run after creating users, but when I subsequently run vagrant up or provision these grants fail (because of some changes I make to the mysql config after they have been created.) I'm using database_grant to execute the grants, but there doesn't seem to be a refreshonly parameter for it? Is there any way to avoid running these grants again? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
On Tue, Mar 12, 2013 at 10:45 AM, wrote:
> Hi,
>
> I have an Exec which requires a lot of packages (15-20):
>
> Exec { 'name':
> ...
> require => [ Package['first'], Package['second'], Package['third'], ... ]
> }
>
> Is there a way to shorten this list and make it easier to read?
15-20 packages for one exec statement? That seems excessive. What
does that exec statement look like, at the moment, the only way I can
imagine an exec statement requiring that number of packages is by it
being a pipeline of 15 commands, each of which comes from a separate
package.
Ta,
Matt.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Moving to Chef..
Too many issues when it comes to Solaris installation. So moving to Chef.. Thanks all.. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
- Original Message -
> From: "Matthew Burgess"
> To: puppet-users@googlegroups.com
> Sent: Tuesday, March 12, 2013 10:52:05 AM
> Subject: Re: [Puppet Users] Shorten require list
>
> On Tue, Mar 12, 2013 at 10:45 AM, wrote:
> > Hi,
> >
> > I have an Exec which requires a lot of packages (15-20):
> >
> > Exec { 'name':
> > ...
> > require => [ Package['first'], Package['second'], Package['third'], ... ]
> > }
> >
> > Is there a way to shorten this list and make it easier to read?
>
> 15-20 packages for one exec statement? That seems excessive. What
> does that exec statement look like, at the moment, the only way I can
> imagine an exec statement requiring that number of packages is by it
> being a pipeline of 15 commands, each of which comes from a separate
> package.
if the packages are in a class, just require Class["foo"].
If the packages are tagged by some shared name 'foo':
Package<| tag == "foo" |> -> Exec["name"]
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
Hi Matt,
It installs PHP from source. The required packages are mostly libraries
(libxml2-dev, libpcre3-dev, etc). Here is the file if it helps to better
understand my problem:
https://www.assembla.com/code/nooku-server/git/nodes/master/puppet/modules/php/manifests/install.pp
The exec is on line 175.
Gergo Erdosi
On Tuesday, March 12, 2013 11:52:05 AM UTC+1, Matthew Burgess wrote:
>
> On Tue, Mar 12, 2013 at 10:45 AM, >
> wrote:
> > Hi,
> >
> > I have an Exec which requires a lot of packages (15-20):
> >
> > Exec { 'name':
> > ...
> > require => [ Package['first'], Package['second'], Package['third'],
> ... ]
> > }
> >
> > Is there a way to shorten this list and make it easier to read?
>
> 15-20 packages for one exec statement? That seems excessive. What
> does that exec statement look like, at the moment, the only way I can
> imagine an exec statement requiring that number of packages is by it
> being a pipeline of 15 commands, each of which comes from a separate
> package.
>
> Ta,
>
> Matt.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
Hi,
Thanks, I will look into tags, it could be solution indeed. I also thought
about moving those packages into a separate class (eg. packages.pp), was
just wondering what my options are if I leave them in install.pp.
Gergo Erdosi
On Tuesday, March 12, 2013 11:57:41 AM UTC+1, R.I. Pienaar wrote:
>
>
>
> - Original Message -
> > From: "Matthew Burgess" >
> > To: puppet...@googlegroups.com
> > Sent: Tuesday, March 12, 2013 10:52:05 AM
> > Subject: Re: [Puppet Users] Shorten require list
> >
> > On Tue, Mar 12, 2013 at 10:45 AM, >
> wrote:
> > > Hi,
> > >
> > > I have an Exec which requires a lot of packages (15-20):
> > >
> > > Exec { 'name':
> > > ...
> > > require => [ Package['first'], Package['second'], Package['third'],
> ... ]
> > > }
> > >
> > > Is there a way to shorten this list and make it easier to read?
> >
> > 15-20 packages for one exec statement? That seems excessive. What
> > does that exec statement look like, at the moment, the only way I can
> > imagine an exec statement requiring that number of packages is by it
> > being a pipeline of 15 commands, each of which comes from a separate
> > package.
>
> if the packages are in a class, just require Class["foo"].
>
> If the packages are tagged by some shared name 'foo':
>
> Package<| tag == "foo" |> -> Exec["name"]
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
- Original Message - > From: ge...@timble.net > To: puppet-users@googlegroups.com > Sent: Tuesday, March 12, 2013 11:04:53 AM > Subject: Re: [Puppet Users] Shorten require list > > Hi, > > Thanks, I will look into tags, it could be solution indeed. I also thought > about moving those packages into a separate class (eg. packages.pp), was > just wondering what my options are if I leave them in install.pp. Really though it sounds like you're to reinvent packaging by running a few execs and discovering that - unsurprisingly - it's not that simple. You should make a package and use that instead of compiling php on demand. Use fpm, it makes it as easy as using tar. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
I know, this is not the first time I hear packages are the preferred way, and I completely agree. We will look into packaging later, but for now we needed to get the script to work. This is the first version, I already have ideas how to improve it. Gergo Erdosi On Tuesday, March 12, 2013 12:10:43 PM UTC+1, R.I. Pienaar wrote: > > > > - Original Message - > > From: ge...@timble.net > > To: puppet...@googlegroups.com > > Sent: Tuesday, March 12, 2013 11:04:53 AM > > Subject: Re: [Puppet Users] Shorten require list > > > > Hi, > > > > Thanks, I will look into tags, it could be solution indeed. I also > thought > > about moving those packages into a separate class (eg. packages.pp), was > > just wondering what my options are if I leave them in install.pp. > > Really though it sounds like you're to reinvent packaging by running a few > execs and discovering that - unsurprisingly - it's not that simple. > > You should make a package and use that instead of compiling php on demand. > > Use fpm, it makes it as easy as using tar. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
On 12.03.2013 11:45, ge...@timble.net wrote:
Hi,
I have an Exec which requires a lot of packages (15-20):
Exec { 'name':
...
require => [ Package['first'], Package['second'], Package['third'], ... ]
}
Is there a way to shorten this list and make it easier to read?
You can use
require => Package['first', 'second', 'third', ...]
instead.
Also, putting this into a variable and using that instead, may improve
your situation:
$packages = ['first', 'second', 'third', ...]
package { $packages: ensure installed }
exec { "foo": require => Package[$packages] }
Best Regards, David
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
Hi David,
Nice, didn't know I can use multiple packages inside Package. Thanks!
Gergo Erdosi
On Tue, Mar 12, 2013 at 12:19 PM, David Schmitt wrote:
> On 12.03.2013 11:45, ge...@timble.net wrote:
>>
>> Hi,
>>
>> I have an Exec which requires a lot of packages (15-20):
>>
>> Exec { 'name':
>>...
>>require => [ Package['first'], Package['second'], Package['third'], ...
>> ]
>> }
>>
>> Is there a way to shorten this list and make it easier to read?
>
>
> You can use
>
> require => Package['first', 'second', 'third', ...]
>
> instead.
>
> Also, putting this into a variable and using that instead, may improve your
> situation:
>
> $packages = ['first', 'second', 'third', ...]
>
> package { $packages: ensure installed }
>
> exec { "foo": require => Package[$packages] }
>
> Best Regards, David
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/LYxmrugXGps/unsubscribe?hl=en.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Moving to Chef..
Really? I use it all the time with Solaris - it works just fine. Op dinsdag 12 maart 2013 11:52:37 UTC+1 schreef Rajeev Iyer het volgende: > > Too many issues when it comes to Solaris installation. So moving to Chef.. > > Thanks all.. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet with Passenger - 403 Forbidden
Hmmm, v.strange... I've just reverted the auth.conf change, and it appears to be working as expected... :s So sounds like there was another issue at play... Will see if I can replicate it... Cheers Gavin On Tuesday, 12 March 2013 09:26:15 UTC, Dominic Cleal wrote: > > On 12/03/13 09:09, Gavin Williams wrote: > > Morning all > > > > Am in the process of testing a migration of Puppet 3 from webrick to > > Puppet. > > > > Have found the foreman modules (https://github.com/theforeman) which > > seems to take care of a lot of the leg-work... > > However having got Puppet running with Passenger in Apache, whenever > > trying to access the Puppet master from a client, I was getting a '403 > > Forbidden error'. > > > > Have dug around a bit, I found the auth.conf file. Made a slight tweak > > as follows: > > -bash-4.1$ git diff templates/auth.conf.erb > > diff --git a/templates/auth.conf.erb b/templates/auth.conf.erb > > index 04ef5c6..f064584 100644 > > --- a/templates/auth.conf.erb > > +++ b/templates/auth.conf.erb > > @@ -104,3 +104,4 @@ allow <%= puppetmaster rescue fqdn %> > > # of showing the default policy, which is deny everything else > > path / > > auth any > > +allow * > > > > Restarted Apache, and Puppet agent sprang into Life... > > > > So looking at the file, it's the default Puppet auth.conf file, so the > > question becomes - Should the above additional line be required? Or is > > it masking something else? > > It shouldn't be required - I think your suspicion that it's masking > something is correct. The last line in the default auth.conf is a deny > all, so you're changing this to an allow all, giving access to any > catalog or file to any client. > > Do you have any indication on the client as to what request failed? > i.e. was it the catalog request, or pluginsync etc. You can try > correlating the error to Apache's access log to verify the URL it's > trying to access on the puppetmaster. > > If you're using the Foreman modules, you shouldn't have this issue, but > you should have some RequestHeader lines in the puppetmaster vhost that > set client certificate details and SSLCACertificateFile + > SSLVerifyClient to enable verification. It could be that the client > cert isn't getting verified by mod_ssl and so the puppetmaster can't use > the client's identity to permit access to URLs. > > -- > Dominic Cleal > Red Hat Engineering > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
Le 12 mars 2013 à 12:24, Gergo Erdosi a écrit :
> Hi David,
>
> Nice, didn't know I can use multiple packages inside Package. Thanks!
>
> Gergo Erdosi
>
> On Tue, Mar 12, 2013 at 12:19 PM, David Schmitt wrote:
>> On 12.03.2013 11:45, ge...@timble.net wrote:
>>>
>>> Hi,
>>>
>>> I have an Exec which requires a lot of packages (15-20):
>>>
>>> Exec { 'name':
>>> ...
>>> require => [ Package['first'], Package['second'], Package['third'], ...
>>> ]
>>> }
>>>
>>> Is there a way to shorten this list and make it easier to read?
>>
>>
>> You can use
>>
>> require => Package['first', 'second', 'third', ...]
>>
>> instead.
>>
>> Also, putting this into a variable and using that instead, may improve your
>> situation:
>>
>> $packages = ['first', 'second', 'third', ...]
>>
>> package { $packages: ensure installed }
>>
>> exec { "foo": require => Package[$packages] }
>>
>> Best Regards, David
This works too :
package{'needed for exec':
name => $packages,
ensure => present,
}
exec { "foo": require => Package['needed for exec'] }
Less object, so a smaller catalog, and faster because your package tool is run
once, not one time for each package.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] syntax checking nodes, don't allow global scope
Hi,
We have been bitten twice by the following. We group the configuration
or our nodes in several files.
nodes.d/group1.pp
nodes.d/group2.pp
...
Now twice people have accidently added some statements that are put in
the global scope... which are then applied to all nodes:
The example is simplified:
---nodes.d/group1.pp-
node mynode {
...
}
include thisorthat
Ofcourse this doesn't trigger a syntax error (that we run before a push
to the git repo can be done).
Are there any other ways to catch this? Except code revision
Thanks,
Rudy
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] multi-line content= construct for puppet resource file command
Hi,
at first glance, it doesn't seem to be possible.
I had never thought of using puppet resource in this way. Is there a
reason why you prefer it over puppet apply?
On 03/06/2013 07:49 AM, Robert Citek wrote:
> Hello all,
>
> How does one enter multi-line content using 'puppet resource file ...'
> at the command line?
>
> For example, I am trying to create a file called /tmp/hw.txt with two
> lines of content:
>
> $ cat /tmp/hw.txt
> hello
> world
>
> This does not work:
>
> $ puppet resource file hello_world \
> path=/tmp/hw.txt \
> ensure=file \
> content="hello\nworld\n"
>
> This does, but use "puppet apply" :
>
> cat <<"eof" | puppet apply
> file { "hello_world":
> path => "/tmp/hw.txt",
> ensure => "file",
> content => "hello\nworld\n",
> }
> eof
>
> Does anyone have any pointers on how to construct the content= line so
> that I can get two lines of text?
>
> Regards,
> - Robert
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: PuppetDB queue problem
I think my previous comment just got lost.
So, I cut three occurrences of this error from the database log and the
corresponding part from the puppetdb log. I removed the hostnames, I hope
it's still sensible: http://pastebin.com/yvyBDWQE
The unversioned api warnings are not from the masters. They're from an
older version of the puppetdbquery library, and the puppetdb module's
puppetdb_conn_validator function.
Apart from that, there are 2 kinds of slow queries that appear in the logs:
2013-03-12 11:54:37,149 WARN [qtp1992135396-3384] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 452.2331 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 11:54:42,035 WARN [qtp1992135396-3391] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 452.0072 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 11:55:43,146 WARN [qtp1992135396-3392] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 441.2548 seconds; Query:
> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources
> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND
> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params:
> 2013-03-12 12:00:56,492 WARN [qtp1992135396-3402] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 433.4503 seconds; Query:
> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources
> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND
> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params:
> 2013-03-12 12:03:30,933 WARN [qtp1992135396-3392] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 467.7872 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 12:04:18,225 WARN [qtp1992135396-3396] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 472.9386 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 12:54:49,042 WARN [qtp1992135396-3463] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 464.9721 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 12:57:58,791 WARN [qtp1992135396-3482] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 460.9083 seconds; Query:
> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr,
> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND
> c.deactivated IS NULL; Query Params:
> 2013-03-12 12:57:58,803 WARN [qtp1992135396-3490] [jdbc.internal] Query
> slower than 10s threshold: actual execution time: 460.7699 seconds; Query:
> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources
> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND
> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params:
>
I didn't see any javascript errors on the dashboard, the queries are just
slow. I ran the resource duplication query manually on the puppetdb machine:
time curl -X GET -H 'Accept: application/json'
> http://[puppetdbip]:8080/v2/metrics/mbean/com.puppetlabs.puppetdb.query.population:type=default,name=pct-resource-dupes
>
> -v
> * About to connect() to [puppetdbip] port 8080 (#0)
> * Trying [puppetdbip]... connected
> * Connected to [puppetdbip] ([puppetdbip]) port 8080 (#0)
> > GET
> /v2/metrics/mbean/com.puppetlabs.puppetdb.query.population:type=default,name=pct-resource-dupes
>
> HTTP/1.1
> > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7
> NSS/3.13.6.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> > Host: [puppetdbip]:8080
> > Accept: application/json
> >
> < HTTP/1.1 200 OK
> < Date: Tue, 12 Mar 2013 11:55:34 GMT
> < Content-Type: application/json;charset=ISO-8859-1
> < Content-Length: 34
> < Server: Jetty(7.x.y-SNAPSHOT)
> <
> {
> "Value" : 0.9691941482891232
> * Connection #0 to host [puppetdbip] left intact
> * Closing connection #0
> }
> real16m57.604s
> user0m0.012s
> sys0m0.025s
>
On Monday, March 11, 2013 7:04:05 PM UTC+1, Ken Barber wrote:
>
> > After dropping the obsolete index, and rebuilding the others, the
> database
> > is now ~ 30 GB. We still get the constraint violation e
[Puppet Users] Re: Moving to Chef..
Looks like a trolling to me Bill, I'm with you. Can't see what the problem is, it works just fine. On Tuesday, 12 March 2013 12:01:08 UTC, Bill Proud wrote: > > Really? I use it all the time with Solaris - it works just fine. > > Op dinsdag 12 maart 2013 11:52:37 UTC+1 schreef Rajeev Iyer het volgende: >> >> Too many issues when it comes to Solaris installation. So moving to >> Chef.. >> >> Thanks all.. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Windows + Python Installation + pip + PATH environment variable
Have you tried changing your path via setx unattend? Programmatically changing it (a la the registry provider) won't take effect according to http://msdn.microsoft.com/en-us/library/ms682653%28v=VS.85%29.aspx You might also try forcing a child shell through running a sub cmd /k or similar means and use PowerShell provider with exec. I will test with my chocolatey provider to see if it works with separate packages with dependencies on puppet. Chocolatey itself has the same path refresh problems. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] HELP:Custom function didn't work
Hi,
On 03/07/2013 03:10 AM, Nicolas wrote:
> #hosttype.rb
>
> require "mysql"
>
> module Puppet::Parser::Functions
>
> newfunction(:hosttype, :type => :rvalue, :doc => "Gets host type
> from db.") do |args|
>
> dbh = Mysql.real_connect("mysql_server_ip", "username",
> "password", "puppet")
>
> res = dbh.query("SELECT host_type FROM host_extra_info where
> name='" + args[0] + "'")
>
> #return res.fetch_row
>
> puts res.fetch_row
>
> res.free
>
> dbh.close if dbh
>
> end
>
> end
>
>
> It becomes nil,and I just don't know why.
The way I read it, you return the value of the last statement, i.e.
dbh.close. nil sounds realistic.
Why is there a puts in the function?
Try
result = res.fetch_row
res.free
dbh.close
result
end
HTH
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: puppet agent and android or IPhone ?
On Tuesday, March 12, 2013 5:26:05 AM UTC-5, bernard...@morpho.com wrote: > > There is no anwser to the question about puppet and Android, does that > mean that there is no Puppet agent for android ? > You gave it less than one day, plus you hijacked a thread to pose your question in. Again. Your questions are more likely to be noticed by people inclined to answer them if you start new threads for them, or at least attach them to current threads where they are on-topic. In addition, and speaking for myself only, I have decided that since I already raised the thread hijacking issue with you privately, I will not respond to your hijack posts. This meta-response is an exception, of course. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Windows Firewall Question
Does anyone know of this provider? If not I can start to make one with
netsh but it will probably take me a while
On Thursday, March 7, 2013 9:52:17 PM UTC-5, Nan Liu wrote:
>
> On Thu, Mar 7, 2013 at 5:50 PM, ad >wrote:
>
>> Hey David
>>
>> Below are some examples. Note these are used on embedded Windows 7
>> (6.1.7601) and I've never tested them on servers (we run mostly Linux
>> servers). I also have examples for XP (5.1.2600) if you want, it's a lot
>> different.
>>
>> The first 6 are just for enabling the firewall and allowing exceptions.
>> Obviously you may not want to enable the non-domain profiles.
>>
>> # Enable firewall
>> # Note: In Windows7, it seems the gui doesn't reflect
>> enabling/disabling the firewall in the registry until a reboot.
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall':
>> ensure => present,
>> type => 'dword',
>> data => '1',
>> }
>>
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall':
>> ensure => present,
>> type => 'dword',
>> data => '1',
>> }
>>
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall':
>> ensure => present,
>> type => 'dword',
>> data => '1',
>> }
>>
>> # Allow exceptions
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions':
>> ensure => present,
>> type => 'dword',
>> data => '0',
>> }
>>
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\DoNotAllowExceptions':
>> ensure => present,
>> type => 'dword',
>> data => '0',
>> }
>>
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions':
>> ensure => present,
>> type => 'dword',
>> data => '0',
>> }
>>
>> Here's an example for opening a port:
>>
>> # enable Edge
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarEdge':
>> ensure => present,
>> type => 'string',
>> data =>
>> 'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8080|LPort=443|Name=PopstarEdge|',
>> }
>>
>> Some other examples
>>
>> # enable public ping
>> registry_value {
>> 'HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\PopstarPing':
>> ensure => present,
>> type => 'string',
>> data =>
>> 'v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=8:*|Name=PopstarPing|',
>> }
>>
>> # disable Remote Assistant
>> # Note: when you set this in Advanced System Settings it also changes a
>> bunch of firewall rules that we aren't doing yet
>> registry_value { 'HKLM\SYSTEM\CurrentControlSet\Control\Remote
>> Assistance\fAllowToGetHelp':
>> ensure => present,
>> type=> 'dword',
>> data=> '0',
>> }
>>
>
> The registry keys for enabling is helpful, but Windows 2008r2 is not happy
> with registry added firewall rules (see attach). I'm guessing they
> function, but doesn't work correctly in the UI. I suppose netsh advfirewall
> is the way to go.
>
> Thanks,
>
> Nan
>
--
_
This email and any files transmitted with it are confidential and intended
solely for the addressee. If you received this email in error, please do
not disclose the contents to anyone; kindly notify the sender by return
email and delete this email and any attachments from your system.
© 2011 Currensee Inc. is a member of the National Futures Association (NFA)
Member ID 0403251 | Over the counter retail foreign currency (Forex)
trading may involve significant risk of loss. It is not suitable for all
investors and you should make sure you understand the risks involved before
trading and seek independent advice if necessary. Performance, strategies
and charts shown are not necessarily predictive of any particular result
and past performance is no indication of future results. Investor returns
may vary from Trade Leader returns based on slippage, fees, broker spreads,
volatility or other market conditions.
Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/grou
[Puppet Users] Re: Hiera top down data?
On Monday, March 11, 2013 7:44:08 PM UTC-5, Ellison Marks wrote:
>
> I think what you're describing fits exported resources. That is, each node
> would get it's data from hiera and export it, and then the main node would
> spaceship it all up.
>
> http://docs.puppetlabs.com/puppet/3/reference/lang_exported.html
> http://docs.puppetlabs.com/guides/exported_resources.html
>
Possibly, though that's not an exact fit to the concept the OP described.
One needs to remember that its *resources* that can be exported, not raw
data.
I think the OP has his plan backwards. Given that he has a need for a hash
of all the per-node data, I don't understand why he wants to spread it out
over separate per-node files and then make Puppet reassemble it. I would
express the whole master hash in a common hiera data file, and have each
node select its own data out of that.
With that said, it looks like the OP is also confused by the similarity
between Puppet's hash literal syntax and its selector syntax.
Specifically, the expression
$::hostname ? { 'server1' => '192.168.0.2', 'server2' => '192.168.0.1', },
does not involve a Puppet hash. If one did had a hash of the server name
to IP mappings, then the syntax for selecting a desired element from it
would be different:
$my_hash[$::hostname]
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Could not find declared class - running puppet standalone
Hi,
On 03/07/2013 07:55 PM, Drew Sheneman wrote:
> |class { 'mysql': }|
>
> |lstat("/etc/puppet/mysql.rb", 0x7fffa1b7bb10) = -1 ENOENT (No such file or
> directory)|
Is this the only file it tries and opens? Because it looks awfully wrong.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Moving to Chef..
No solution is ever 100% perfect. However, it seems a bit extreme to discard all the investment in time and switch to a different system, which will probably come with its own entertaining selection of bugs and limitations. (Disclaimer: I have no experience with Chef, but I stand by my opening sentence). I've been using puppet in production for almost two years now. At times I've run into issues but I've been pleased with the responsive community support on the mailing list and via the bugtracker. So thank you, Puppet Labs, for creating this useful tool and making it freely available. Cheers, Jonathan On 12/03/13 12:59, Phips wrote: Looks like a trolling to me Bill, I'm with you. Can't see what the problem is, it works just fine. On Tuesday, 12 March 2013 12:01:08 UTC, Bill Proud wrote: Really? I use it all the time with Solaris - it works just fine. Op dinsdag 12 maart 2013 11:52:37 UTC+1 schreef Rajeev Iyer het volgende: Too many issues when it comes to Solaris installation. So moving to Chef.. Thanks all.. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Windows Firewall Question
> > Does anyone know of this provider? If not I can start to make one with > netsh but it will probably take me a while > I really suggest you do it via the proper firewall COM API, e.g. with powershell: http://stackoverflow.com/questions/11956291/how-can-i-add-a-widows-firewall-rule-with-a-custom-group-name . netsh doesn't expose the whole firewall API. Cheers, Paul -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Windows Firewall Question
Excellent, thank you for the link. On Tue, Mar 12, 2013 at 10:40 AM, Paul Tötterman wrote: > Does anyone know of this provider? If not I can start to make one with >> netsh but it will probably take me a while >> > > I really suggest you do it via the proper firewall COM API, e.g. with > powershell: > http://stackoverflow.com/questions/11956291/how-can-i-add-a-widows-firewall-rule-with-a-custom-group-name > . > netsh doesn't expose the whole firewall API. > > Cheers, > Paul > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/XNcU3qDH6fc/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- _ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. © 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Moving to Chef..
Translation: My Solaris skills are such that I can't integrate a simple scripting overlay plus configuration management framework on it, so I'm going to go find whatever spells it out for me so I don't have to be bothered to grow and actually learn something. Geez. (sorry, guys... grumpy morning this morning) On Mar 12, 2013, at 8:59 AM, Phips wrote: > Looks like a trolling to me Bill, I'm with you. Can't see what the problem > is, it works just fine. > > On Tuesday, 12 March 2013 12:01:08 UTC, Bill Proud wrote: > Really? I use it all the time with Solaris - it works just fine. > > Op dinsdag 12 maart 2013 11:52:37 UTC+1 schreef Rajeev Iyer het volgende: > Too many issues when it comes to Solaris installation. So moving to Chef.. > > Thanks all.. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: PuppetDB queue problem
On Tue, Mar 12, 2013 at 6:38 AM, ak0ska wrote: > I think my previous comment just got lost. > > So, I cut three occurrences of this error from the database log and the > corresponding part from the puppetdb log. I removed the hostnames, I hope > it's still sensible: http://pastebin.com/yvyBDWQE > The unversioned api warnings are not from the masters. They're from an > older version of the puppetdbquery library, and the puppetdb module's > puppetdb_conn_validator function. > Apart from that, there are 2 kinds of slow queries that appear in the logs: > > 2013-03-12 11:54:37,149 WARN [qtp1992135396-3384] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 452.2331 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 11:54:42,035 WARN [qtp1992135396-3391] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 452.0072 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 11:55:43,146 WARN [qtp1992135396-3392] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 441.2548 seconds; Query: >> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources >> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND >> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params: >> 2013-03-12 12:00:56,492 WARN [qtp1992135396-3402] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 433.4503 seconds; Query: >> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources >> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND >> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params: >> 2013-03-12 12:03:30,933 WARN [qtp1992135396-3392] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 467.7872 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 12:04:18,225 WARN [qtp1992135396-3396] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 472.9386 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 12:54:49,042 WARN [qtp1992135396-3463] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 464.9721 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 12:57:58,791 WARN [qtp1992135396-3482] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 460.9083 seconds; Query: >> SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, >> certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND >> c.deactivated IS NULL; Query Params: >> 2013-03-12 12:57:58,803 WARN [qtp1992135396-3490] [jdbc.internal] Query >> slower than 10s threshold: actual execution time: 460.7699 seconds; Query: >> SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources >> cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND >> cc.certname=c.name AND c.deactivated IS NULL) r; Query Params: >> > > > Can you fire up psql, point it at your puppetdb database, and run "EXPLAIN ANALYZE SELECT COUNT(*) AS c FROM certname_catalogs cc, catalog_resources cr, certnames c WHERE cc.catalog=cr.catalog AND c.name=cc.certname AND c.deactivated IS NULL;"? That will profile the query, and we can see where the problem is. Also worth examining is the GC query (modified to be non-destructive): EXPLAIN ANALYZE SELECT * FROM resource_params WHERE NOT EXISTS (SELECT * FROM catalog_resources cr WHERE cr.resource=resource_params.resource); And the resource duplication query: EXPLAIN ANALYZE SELECT COUNT(*) AS c FROM (SELECT DISTINCT resource FROM catalog_resources cr, certname_catalogs cc, certnames c WHERE cr.catalog=cc.catalog AND cc.certname=c.name AND c.deactivated IS NULL) r; And finally, can you give us a dump of your database settings? You can do this from within psql by doing "SHOW ALL;" > I didn't see any javascript errors on the dashboard, the queries are just > slow. I ran the resource duplication query manually on the puppetdb machine: > > time curl -X GET -H 'Accept: application/json' > http://[puppetdbip]:8080/v2/metrics/mbean/com.puppetlabs.puppetdb.query.population:type=default,name=pct-resource-dupes >> -v >> * About to connect() to [puppetdbip] port 8080
[Puppet Users] Puppet 3.1 - Error: Could not run: undefined method `prune_parameters' for nil:NilClass - fresh install on RHEL 6.4
Trying to get my puppet up and running but running into a slight problem - trying to view a resource I get an error for undefined method [root@puppet puppet-dashboard]# puppet resource user root Error: Could not run: undefined method `prune_parameters' for nil:NilClass [root@puppet puppet-dashboard]# uname -a Linux puppet.luminexcorp.com 2.6.32-358.0.1.el6.x86_64 #1 SMP Tue Feb 26 12:10:38 PST 2013 x86_64 x86_64 x86_64 GNU/Linux [root@puppet puppet-dashboard]# ruby --version ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux] [root@puppet puppet-dashboard]# [root@puppet puppet-dashboard]# rpm -qa | grep puppet puppet-3.1.0-1.el6.noarch puppetdb-1.1.1-1.el6.noarch puppetlabs-release-6-6.noarch puppet-dashboard-1.2.22-1.el6.noarch puppet-server-3.1.0-1.el6.noarch puppetdb-terminus-1.1.1-1.el6.noarch The --debug output isn't showing any error that I can see - is there a way to capture more debug info to see if I can gather where that 'prune_parameters' error is coming from? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet modules add to Agent
On 03/08/2013 07:59 AM, Jithin Xavier wrote: > Hi All, > > If we have couple modules in Master server ,we can specifically add some > modules to our agent using this command. > > puppet agent --test --tags= No, you do not. Instead, you have the agent apply only resources from within the given module. This does not "somehow import the module". Instead it limits the agent's scope to this part of its catalog. > This command will run if the modules are already there in master, to > master I am adding these modules using puppet enterprise console.Is > there any command available to do it from agent machine? I sure hope not. The master must be immutable from agent side. This is the security concept underneath the puppet architecture. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] PuppetDB http web interface user access
Hi All, Has anyone figured out a nice way to restrict user access to puppetdb's http web interface? Such as a .htaccess method or something similar? I would prefer something along those lines instead of setting up firewall rules. -Zane -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Variables in define are not being constructed as thought
I have a define which
define testing1::instance (
$hostSuffix = "-$environment",
$testingDb = "db1$hostSuffix$dnsDomainInt",
)
In my nodes.pp I explicitly set the $environment variable. However when I
use the property 'testingDb' in a template, it comes out as only 'db1' Is
there something I am doing wrong in this define?
I call my define like this... (no overides)
testing1::instance {'test1':
}
--
_
This email and any files transmitted with it are confidential and intended
solely for the addressee. If you received this email in error, please do
not disclose the contents to anyone; kindly notify the sender by return
email and delete this email and any attachments from your system.
© 2011 Currensee Inc. is a member of the National Futures Association (NFA)
Member ID 0403251 | Over the counter retail foreign currency (Forex)
trading may involve significant risk of loss. It is not suitable for all
investors and you should make sure you understand the risks involved before
trading and seek independent advice if necessary. Performance, strategies
and charts shown are not necessarily predictive of any particular result
and past performance is no indication of future results. Investor returns
may vary from Trade Leader returns based on slippage, fees, broker spreads,
volatility or other market conditions.
Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Variables in define are not being constructed as thought
On Tuesday, March 12, 2013 10:53:46 AM UTC-5, phundisk wrote:
>
> I have a define which
>
> define testing1::instance (
>$hostSuffix = "-$environment",
>$testingDb = "db1$hostSuffix$dnsDomainInt",
> )
>
> In my nodes.pp I explicitly set the $environment variable. However when I
> use the property 'testingDb' in a template, it comes out as only 'db1' Is
> there something I am doing wrong in this define?
>
Yes. The default values for a definition's (or class's) parameters cannot
safely draw on the values of other parameters of the same object. It is
therefore incorrect for the default value of the $testingDb parameter to
use the $hostSuffix parameter. I would write that definition something
like this, instead:
define testing1::instance (
$hostSuffix = 'NOTSET',
$testingDb = 'NOTSET'
) {
$realHostSuffix = $hostSuffix ? {
'NOTSET' => "-${environment}",
default => $hostSuffix
}
$realTestingDb = $testingDb ? {
'NOTSET' => "db1${realHostSuffix}${dnsDomainInt}",
default => $testingDb
}
# ... use $realHostSuffix and $realTestingDb ...
}
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Only running database_grant the first time.
refreshonly should be built in to all types. Did you actually try it, or did you just not see any docs saying it was there? On Tuesday, March 12, 2013 4:45:58 AM UTC-6, Stuart Grimshaw wrote: > > I'm using puppet through Vagrant to manage my dev VM, and as part of that > I have a few database grants that I run after creating users, but when I > subsequently run vagrant up or provision these grants fail (because of some > changes I make to the mysql config after they have been created.) > > I'm using database_grant to execute the grants, but there doesn't seem to > be a refreshonly parameter for it? > > Is there any way to avoid running these grants again? > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
> This works too :
>
> package{'needed for exec':
> name => $packages,
> ensure => present,
> }
>
> exec { "foo": require => Package['needed for exec'] }
>
> Less object, so a smaller catalog, and faster because your package tool is
> run once, not one time for each package.
I have trouble believing that that works completely, and if it does, I
would be amazed to find that it avoids running the package tool separately
for each package.
Ways I imagine it might fail include:
- Puppet attempts to manage a single package whose name is a
concatenation of the names in $packages ("firstsecondthird...")
- Puppet manages only the first package listed in $packages, ignoring
the others
- Puppet does not correctly detect when the packages are already
installed, and therefore attempts to install them on every run
If it does none of those things then I have great difficulty believing that
it does not create a separate Package resource for each element of
$packages, and therefore indeed run the package manager once for each.
And if it in fact behaves exactly as promised, then that constitutes
undocumented behavior, and it is therefore unsafe to rely upon.
So don't do that.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Basic stuff, I can't seem to get right, Could not retrieve information from environment production source(s)
I really hate to bother everyone with with something I'm sure is super
basic, but I'm stumped.
I've read the module serving guide, I checked my syntax with puppet-lint, I
think I have everything in place, yet I keep getting the same error:
Tue Mar 12 11:49:28 -0500 2013 Puppet (notice): Starting Puppet client
> version 2.6.17
> Tue Mar 12 11:49:28 -0500 2013 /File[/var/lib/puppet/lib] (err): Could not
> evaluate: Could not retrieve information from environment production
> source(s) puppet://puppet/plugins
> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//File[/etc/ssh/sshd_config]
> (err): Could not evaluate: Could not retrieve information from environment
> production source(s) puppet:///modules/sshd/sshd_config at
> /etc/puppet/manifests/site.pp:20
> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (notice):
> Dependency File[/etc/ssh/sshd_config] has failures: true
> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (warning):
> Skipping because of failed dependencies
>
I was thinking there was some sort of permissions error somewhere? But
since I'm running as root, I don't think that's likely, plus I have even
777 the sshd_config to test. Here is my site.pp, if anyone can look it over
and at least point me in the right direction it would be greatly
appreciated. I've already scoured this forum, but I think I'm missing
something.
package { 'openssh':
> ensure => installed,
> }
>
> file { '/etc/ssh/sshd_config':
> source => 'puppet:///modules/sshd/sshd_config',
> owner => root,
> group => root,
> mode => '0640',
> notify => Service['sshd'], #restart sshd.
> require => Package['openssh'],
> }
>
> service { 'sshd':
> ensure => running,
> enable => true,
> hasstatus => true,
> hasrestart => true,
> }
>
Any help would be greatly appreciated.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Puppet 2.7.21 Available [ Security Release ]
Puppet 2.7.21 is now available. 2.7.21 addresses several security vulnerabilities discovered in the 2.7.x line of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655 and CVE-2013-2275. All users of Puppet 2.7.20 and earlier who cannot upgrade to the current version of Puppet, 3.1.1, are strongly encouraged to upgrade to 2.7.21. For more information on these vulnerabilities, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2013-1640, http://puppetlabs.com/security/cve/cve-2013-1652, http://puppetlabs.com/security/cve/cve-2013-1653, http://puppetlabs.com/security/cve/cve-2013-1654, http://puppetlabs.com/security/cve/cve-2013-1655, and http://puppetlabs.com/security/cve/cve-2013-2275. Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-2.7.21.tar.gz Windows package is available at https://downloads.puppetlabs.com/windows/puppet-2.7.21.msi RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/puppet-2.7.21.dmg Gems are available via rubygems at https://rubygems.org/downloads/puppet-2.7.21.gem or by using `gem install puppet --version=2.7.21` See the Verifying Puppet Download section at: https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 2.7.21: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Andrew Parker (2): cf6cf81 (#14093) Remove unsafe attributes from TemplateWrapper bd942ec (#14093) Restore access to the filename in the template Jeff McCune (2): be920ac (#19151) Reject SSLv2 SSL handshakes and ciphers 632e12d (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname Josh Cooper (8): 7df884b Fix module tool acceptance test 0f4ac20 Run openssl from windows when trying to downgrade master 9cbfb9d Remove unnecessary rubygems require 70cdc63 Don't assume puppetbindir is defined 12728c0 Display SSL messages so we can match our regex 60eebed Don't require openssl client to return 0 on failure a1c4abd Don't assume master supports SSLv2 3ecd376 (#19391) Find the catalog for the specified node name Justin Stoller (2): 79b875e Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654, 2274, 2275) 7d62aa0 Separate tests for same CVEs into separate files Moses Mendoza (2): 4b0a7e2 Add missing 2.7.20 CHANGELOG entries 24d45dc Update CHANGELOG, PUPPETVERSION for 2.7.21 Nick Lewis (3): f2a3d5c (#19393) Safely load YAML from the network a3d3c95 Always read request body when using Rack 61109fa Fix order-dependent test failure in rest_authconfig_spec Patrick Carlisle (3): 516142e (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests 0a7d61f (#19392) (CVE-2013-1653) Validate instances passed to indirector c240299 (#19392) Don't validate key for certificate_status Pieter van de Bruggen (1): 4a272ea Updating module tool acceptance tests with new expectations. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Puppet 2.6.18 Available [ Security Release ]
Puppet 2.6.18 is now available. 2.6.18 addresses several security vulnerabilities discovered in the 2.6.x line of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2274, and CVE-2013-2275. All users of Puppet 2.6.17 and earlier who cannot upgrade to the current version of Puppet, 3.1.1, are strongly encouraged to upgrade to 2.6.18. For more information on these vulnerabilities, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2013-1640, http://puppetlabs.com/security/cve/cve-2013-1652, http://puppetlabs.com/security/cve/cve-2013-1654, http://puppetlabs.com/security/cve/cve-2013-2274, and http://puppetlabs.com/security/cve/cve-2013-2275. Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-2.6.18.tar.gz RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com See the Verifying Puppet Download section at: https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 2.6.18: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Andrew Parker (2): f45cd4b (#14093) Remove unsafe attributes from TemplateWrapper d9ad70a (#14093) Restore access to the filename in the template Daniel Pittman (2): 31dad7d (#8858) Refactor tests to use real HTTP objects 906ab92 (#8858) Explicitly set SSL peer verification mode. Jeff McCune (2): add9998 (#19151) Reject SSLv2 SSL handshakes and ciphers 16fce8e (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname Josh Cooper (8): 7648de2 (#19391) Backport Request#remote? method 75a5f7e Run openssl from windows when trying to downgrade master e617728 Remove unnecessary rubygems require f07b761 Don't assume puppetbindir is defined a11a690 Display SSL messages so we can match our regex bb288aa Don't require openssl client to return 0 on failure f256c6d Don't assume master supports SSLv2 b166c4f (#19391) Find the catalog for the specified node name Justin Stoller (2): b01c728 Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654, 2274, 2275) e6b6124 Separate tests for same CVEs into separate files Matthaus Owens (1): 3ec5d5c Update CHANGELOG, lib/puppet.rb, conf/redhat/puppet.spec for 2.6.18 Nick Lewis (2): 66249d4 Always read request body when using Rack bdcf029 Fix order-dependent test failure in rest_authconfig_spec Patrick Carlisle (4): ccf2e4c (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests 6a7bd25 (#19392) (CVE-2013-1653) Validate instances passed to indirector ac44d87 (#19392) (CVE-2013-1653) Validate indirection model in save handler d5c9a2c (#19392) (CVE-2013-1653) Fix acceptance test to catch unvalidated model on 2.6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Puppet 3.1.1 Available [ Security Release ]
Puppet 3.1.1 is now available. 3.1.1 addresses several security vulnerabilities discovered in the 3.x line of Puppet. These vulnerabilities have been assigned Mitre CVE numbers CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655 and CVE-2013-2275. All users of Puppet 3.1.0 and earlier are strongly encouraged to upgrade to 3.1.1. For more information on these vulnerabilities, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2013-1640, http://puppetlabs.com/security/cve/cve-2013-1652, http://puppetlabs.com/security/cve/cve-2013-1653, http://puppetlabs.com/security/cve/cve-2013-1654, http://puppetlabs.com/security/cve/cve-2013-1655, and http://puppetlabs.com/security/cve/cve-2013-2275. Downloads are available at: * Source https://downloads.puppetlabs.com/puppet/puppet-3.1.1.tar.gz Windows package is available at https://downloads.puppetlabs.com/windows/puppet-3.1.1.msi RPMs are available at https://yum.puppetlabs.com/el or /fedora Debs are available at https://apt.puppetlabs.com Mac package is available at https://downloads.puppetlabs.com/mac/puppet-3.1.1.dmg Gems are available via rubygems at https://rubygems.org/downloads/puppet-3.1.1.gem or by using `gem install puppet --version=3.1.1` See the Verifying Puppet Download section at: https://projects.puppetlabs.com/projects/puppet/wiki/Downloading_Puppet Please report feedback via the Puppet Labs Redmine site, using an affected puppet version of 3.1.1: http://projects.puppetlabs.com/projects/puppet/ ## Changelog ## Andrew Parker (3): 3b0178f (#14093) Cleanup tests for template functionality 4ca17d9 (#14093) Remove unsafe attributes from TemplateWrapper f1d0731 (#14093) Restore access to the filename in the template Jeff McCune (2): 52be043 (#19151) Reject SSLv2 SSL handshakes and ciphers b9023b0 (#19531) (CVE-2013-2275) Only allow report save from the node matching the certname Josh Cooper (7): f63ed48 Fix module tool acceptance test c42e608 Run openssl from windows when trying to downgrade master 8d199b2 Remove unnecessary rubygems require 3e493e1 Don't assume puppetbindir is defined 166bf79 Display SSL messages so we can match our regex 0328aaf Don't require openssl client to return 0 on failure 406725d Don't assume master supports SSLv2 Justin Stoller (6): cb607d9 Acceptance tests for CVEs 2013 (1640, 1652, 1653, 1654, 2274, 2275) 611b12d Separate tests for same CVEs into separate files f6e1987 We can ( and should ) use grep instead of grep -E 672af80 add quotes around paths for windows interop 28d80f0 remove tests that do not run on 3.1+ b87b719 run curl against the master on the master Moses Mendoza (1): 6c3dd98 Update PUPPETVERSION for 3.1.1 Nick Lewis (3): 940594b (#19393) Safely load YAML from the network 7da9559 Always read request body when using Rack 8f82131 Fix order-dependent test failure in network/authorization_spec Patrick Carlisle (3): eef6d38 (#19391) (CVE-2013-1652) Disallow use_node compiler parameter for remote requests f877cf5 (#19392) (CVE-2013-1653) Validate instances passed to indirector eb71909 (#19392) Don't validate key for certificate_status Pieter van de Bruggen (1): f6dbe99 Updating module tool acceptance tests with new expectations. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Puppet Enterprise 1.2.7 Available [ Security Release ]
Dear users of Puppet Enterprise 1.2.6 and earlier, Puppet Enterprise 1.2.7 is now available. This is a security release of Puppet Enterprise. Users of Puppet Enterprise 1.2.6 and earlier who are unable to upgrade to the current version of Puppet Enterprise, 2.7.2, are strongly encouraged to upgrade to this release. Puppet Enterprise 1.2.7 includes fixes to address CVE-2013-1640, CVE-2013-1652, CVE-2013-1654, CVE-2013-2274, and CVE-2013-2275. For more information, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2013-1640, http://puppetlabs.com/security/cve/cve-2013-1652, http://puppetlabs.com/security/cve/cve-2013-1654, http://puppetlabs.com/security/cve/cve-2013-2274, and http://puppetlabs.com/security/cve/cve-2013-2275. As a current Puppet Enterprise user, you can upgrade to this release as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. To download Puppet Enterprise 1.2.7 for your support platform, visit http://links.puppetlabs.com/puppet_enterprise_127. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Thanks, Moses Mendoza Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Puppet Enterprise 2.7.2 Available [ Security Release ]
Dear Puppet Enterprise Users, Puppet Enterprise 2.7.2 is now available. This is a security release of Puppet Enterprise. All users of Puppet Enterprise are strongly encouraged to upgrade when possible to Puppet Enterprise 2.7.2. Puppet Enterprise 2.7.2 includes fixes to address CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, and CVE-2013-2275. For more information, please visit http://puppetlabs.com/security, or visit http://puppetlabs.com/security/cve/cve-2013-1640, http://puppetlabs.com/security/cve/cve-2013-1652, http://puppetlabs.com/security/cve/cve-2013-1653, http://puppetlabs.com/security/cve/cve-2013-1654, and http://puppetlabs.com/security/cve/cve-2013-2275. As a current Puppet Enterprise user, you can upgrade to this new version as part of your annual subscription. If upgrading, it is recommended to upgrade your master and console servers first. As always, we want to hear about your experiences with Puppet Enterprise. If you have any questions about upgrading, be sure to get in touch with Puppet Labs Support. Thanks, Moses Mendoza Puppet Labs -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: File resources: using source much slower than content
On Monday, March 11, 2013 4:40:09 PM UTC-5, Tim Moorhouse wrote: > > I'm moving from version 2.7.19 to 3.1.0 and am running into an issue with > file resources. > > All of them using a "source => '...'" attribute to pull their contents > from the master are taking about 5 seconds longer than they used to. These > are generally very small files which used to transfer very quickly. This > happens with both webrick and passenger. If I turn them into templates > which don't actually do any substitutions and use a "content => > template(...)", then they go back to taking a fraction of a second each. > > Given that the evaluation times for each are around 5.05 seconds when they > used to be around 0.05 seconds, it looks like they're waiting 5 seconds for > something to time out, but I can't figure out what. > > Has anyone seen anything like this? > It is natural that 'source' would be slower than 'content', even much slower. With 'content', the target file contents are embedded in the catalog, whereas with 'source', the agent makes a separate request to the server for each file. Network requests are relatively slow in most environments. I would recommend using 'content' for small files wherever possible. To that end, it may be easier to use the file() function instead the template() function when the content you want to serve is completely static. With that said, I don't know why the timing would be so strikingly different in 3.1 than it was in 2.7, if everything else is the same. If no one has an answer to that, and you want to troubleshoot it, then I would suggest starting by identifying whether the delay is at the master or at the agent. You should be able to tell by checking the file service request-to-response turnaround times in the master's logs. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetDB http web interface user access
I think most people are implementing either an Apache or NGinx proxy in front of PuppetDB for this purpose. For Apache, should be pretty easy to do with proxy based RewriteRule's in Apache, and within the same virtualhost definition you should be able to enforce authentication. For example: RewriteEngine on RewriteRule /(.*) http://localhost:8080/$1 [P,L] AuthType Basic AuthName "Restricted Files" AuthBasicProvider file AuthUserFile /etc/httpd/basic.pwd Require user ken This is at least a start anyway. More custom redirections and handling can be rolled obviously. ken. On Tue, Mar 12, 2013 at 8:50 AM, Zane Williamson wrote: > Hi All, > > Has anyone figured out a nice way to restrict user access to puppetdb's http > web interface? Such as a .htaccess method or something similar? I would > prefer something along > those lines instead of setting up firewall rules. > > -Zane > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Basic stuff, I can't seem to get right, Could not retrieve information from environment production source(s)
Might be an auth.conf problem. Have you changed anything in there?
On Tuesday, March 12, 2013 10:16:02 AM UTC-7, Race Boyer wrote:
>
> I really hate to bother everyone with with something I'm sure is super
> basic, but I'm stumped.
>
> I've read the module serving guide, I checked my syntax with puppet-lint,
> I think I have everything in place, yet I keep getting the same error:
>
>
> Tue Mar 12 11:49:28 -0500 2013 Puppet (notice): Starting Puppet client
>> version 2.6.17
>> Tue Mar 12 11:49:28 -0500 2013 /File[/var/lib/puppet/lib] (err): Could
>> not evaluate: Could not retrieve information from environment production
>> source(s) puppet://puppet/plugins
>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//File[/etc/ssh/sshd_config]
>> (err): Could not evaluate: Could not retrieve information from environment
>> production source(s) puppet:///modules/sshd/sshd_config at
>> /etc/puppet/manifests/site.pp:20
>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (notice):
>> Dependency File[/etc/ssh/sshd_config] has failures: true
>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (warning):
>> Skipping because of failed dependencies
>>
>
> I was thinking there was some sort of permissions error somewhere? But
> since I'm running as root, I don't think that's likely, plus I have even
> 777 the sshd_config to test. Here is my site.pp, if anyone can look it over
> and at least point me in the right direction it would be greatly
> appreciated. I've already scoured this forum, but I think I'm missing
> something.
>
> package { 'openssh':
>> ensure => installed,
>> }
>>
>> file { '/etc/ssh/sshd_config':
>> source => 'puppet:///modules/sshd/sshd_config',
>> owner => root,
>> group => root,
>> mode => '0640',
>> notify => Service['sshd'], #restart sshd.
>> require => Package['openssh'],
>> }
>>
>> service { 'sshd':
>> ensure => running,
>> enable => true,
>> hasstatus => true,
>> hasrestart => true,
>> }
>>
>
> Any help would be greatly appreciated.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Basic stuff, I can't seem to get right, Could not retrieve information from environment production source(s)
No, I've never looked at it before. Should it be changed or remain
unchanged? Or configured to allow one to access modules?
On Tuesday, March 12, 2013 12:45:51 PM UTC-5, Ellison Marks wrote:
>
> Might be an auth.conf problem. Have you changed anything in there?
>
> On Tuesday, March 12, 2013 10:16:02 AM UTC-7, Race Boyer wrote:
>>
>> I really hate to bother everyone with with something I'm sure is super
>> basic, but I'm stumped.
>>
>> I've read the module serving guide, I checked my syntax with puppet-lint,
>> I think I have everything in place, yet I keep getting the same error:
>>
>>
>> Tue Mar 12 11:49:28 -0500 2013 Puppet (notice): Starting Puppet client
>>> version 2.6.17
>>> Tue Mar 12 11:49:28 -0500 2013 /File[/var/lib/puppet/lib] (err): Could
>>> not evaluate: Could not retrieve information from environment production
>>> source(s) puppet://puppet/plugins
>>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//File[/etc/ssh/sshd_config]
>>> (err): Could not evaluate: Could not retrieve information from environment
>>> production source(s) puppet:///modules/sshd/sshd_config at
>>> /etc/puppet/manifests/site.pp:20
>>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (notice):
>>> Dependency File[/etc/ssh/sshd_config] has failures: true
>>> Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (warning):
>>> Skipping because of failed dependencies
>>>
>>
>> I was thinking there was some sort of permissions error somewhere? But
>> since I'm running as root, I don't think that's likely, plus I have even
>> 777 the sshd_config to test. Here is my site.pp, if anyone can look it over
>> and at least point me in the right direction it would be greatly
>> appreciated. I've already scoured this forum, but I think I'm missing
>> something.
>>
>> package { 'openssh':
>>> ensure => installed,
>>> }
>>>
>>> file { '/etc/ssh/sshd_config':
>>> source => 'puppet:///modules/sshd/sshd_config',
>>> owner => root,
>>> group => root,
>>> mode => '0640',
>>> notify => Service['sshd'], #restart sshd.
>>> require => Package['openssh'],
>>> }
>>>
>>> service { 'sshd':
>>> ensure => running,
>>> enable => true,
>>> hasstatus => true,
>>> hasrestart => true,
>>> }
>>>
>>
>> Any help would be greatly appreciated.
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Windows Remote Desktop Services (Could not find a suitable provider for dism)
Hello all
I think this is an actual bug with either puppet or puppet dism and not
sure how to resolve this
I've installed the puppet dism module and written my manifest
class remote_desktop_services {
dism { 'AppServer':
ensure => present,
}
dism { 'AppServer-UI':
ensure => present,
}
dism { 'Printing-XPSServices-Features':
ensure => present,
}
}
upon reboot, when I re-run the puppet agent I keep getting the following
error:
err: Could not find a suitable provider for dism
and keep getting this error until I remove the manifest then the puppet
agent runs successfully again.
Then thought it could be the module not aware of Remote Desktop Services as
a provider.
So thought i'll write a powershell script and get puppet to exec it, here
is my script (its a bit dirty)
$strFileName = "c:\ProgramData\PuppetLabs\Puppet
Enterprise\var\state\puppetlockd"
Import-Module Servermanager
Add-WindowsFeature -Name RDS-RD-Server -IncludeAllSubFeature
Add-Content
"c:\Installs\Puppet_Confirmation\Remote_Desktop_Services_Installed.txt"
"Windows has finished installing Remote Desktop Services"
start-sleep -s 60
IF (Test-Path $strFileName){
Remove-Item $strFileName }
shutdown /r /t 60
After the reboot, I get the same error as above,
err: Could not find a suitable provider for dism
Was wondering if this is an error or not, but unable to install Remote
Desktop Services using Puppet Enterprise / Puppet module DISM
Can you please help
Regards
Jim
On Monday, 11 March 2013 10:57:46 UTC, jim wrote:
>
> Hi Ryan
>
> I've checked my puppet.config and yes plugingsync is set to "True"
>
> pluginsync = true
>
> What's weird is it works for dot.net3 / IIS installs etc, etc
>
> Regards
>
> Jim
>
> On Thursday, 7 March 2013 23:04:34 UTC, Ryan Coleman wrote:
>>
>>
>> On Thu, Mar 7, 2013 at 7:50 AM, jim wrote:
>>
>>> Can anyone advise on this ??
>>>
>>
>> Hmm. Do you have pluginsync set to true in puppet.conf? It's possible
>> that the provider in the dism module is not being distributed from the
>> master to the agent. Here's a doc on the subject if you need it.
>> http://docs.puppetlabs.com/guides/plugins_in_modules.html
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Only running database_grant the first time.
refreshonly is not a meta parameter and only applies to the exec type. http://docs.puppetlabs.com/references/latest/metaparameter.html Also it is not a parameter of the puppetlabs-mysql database_grant type. Stuart, Best to link to the module you are using, how you're calling it, and the errors/logs from when it runs. The code should check to see if the grant exists, and then execute or not as needed. I'm also curious about the Mysql config changes that you mention might be causing the problem. Ramin On 3/12/2013 9:25 AM, joe wrote: refreshonly should be built in to all types. Did you actually try it, or did you just not see any docs saying it was there? On Tuesday, March 12, 2013 4:45:58 AM UTC-6, Stuart Grimshaw wrote: I'm using puppet through Vagrant to manage my dev VM, and as part of that I have a few database grants that I run after creating users, but when I subsequently run vagrant up or provision these grants fail (because of some changes I make to the mysql config after they have been created.) I'm using database_grant to execute the grants, but there doesn't seem to be a refreshonly parameter for it? Is there any way to avoid running these grants again? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] multi-line content= construct for puppet resource file command
Just preference and consistency. We've been using puppet as a
substitute for shell commands that use the 'command [options]
arguments ... ' pattern and 'puppet resource ...' matches that
pattern nicely. But if by using here-documents we can match the
pattern pretty closely and we gain the additional functionality, we'll
go that way.
Using 'puppet apply' with a here-document
puppet apply <<"eof"
file { "hello_world":
path => "/tmp/hw.txt",
ensure => "file",
content => "hello\nworld\n",
}
eof
... looks pretty close to using arguments to 'puppet resource' ...
$ puppet resource \
file hello_world \
path=/tmp/hw.txt \
ensure=file \
content="hello\nworld\n"
... but actually works. :)
Regards,
- Robert
On Tue, Mar 12, 2013 at 8:36 AM, Felix Frank
wrote:
> Hi,
>
> at first glance, it doesn't seem to be possible.
>
> I had never thought of using puppet resource in this way. Is there a
> reason why you prefer it over puppet apply?
>
> On 03/06/2013 07:49 AM, Robert Citek wrote:
>> Hello all,
>>
>> How does one enter multi-line content using 'puppet resource file ...'
>> at the command line?
>>
>> For example, I am trying to create a file called /tmp/hw.txt with two
>> lines of content:
>>
>> $ cat /tmp/hw.txt
>> hello
>> world
>>
>> This does not work:
>>
>> $ puppet resource file hello_world \
>> path=/tmp/hw.txt \
>> ensure=file \
>> content="hello\nworld\n"
>>
>> This does, but use "puppet apply" :
>>
>> cat <<"eof" | puppet apply
>> file { "hello_world":
>> path => "/tmp/hw.txt",
>> ensure => "file",
>> content => "hello\nworld\n",
>> }
>> eof
>>
>> Does anyone have any pointers on how to construct the content= line so
>> that I can get two lines of text?
>>
>> Regards,
>> - Robert
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Shorten require list
Le 12 mars 2013 à 17:46, jcbollinger a écrit :
>
> This works too :
>
> package{'needed for exec':
> name => $packages,
> ensure => present,
> }
>
> exec { "foo": require => Package['needed for exec'] }
>
> Less object, so a smaller catalog, and faster because your package tool is
> run once, not one time for each package.
>
>
> I have trouble believing that that works completely, and if it does, I would
> be amazed to find that it avoids running the package tool separately for each
> package.
>
> Ways I imagine it might fail include:
> Puppet attempts to manage a single package whose name is a concatenation of
> the names in $packages ("firstsecondthird...")
> Puppet manages only the first package listed in $packages, ignoring the others
> Puppet does not correctly detect when the packages are already installed, and
> therefore attempts to install them on every run
> If it does none of those things then I have great difficulty believing that
> it does not create a separate Package resource for each element of $packages,
> and therefore indeed run the package manager once for each.
It does nothing of that, I use it a lot in my modules and it solves many
problems. I didn't test it on many platform, but it works quite well on
rpm-based providers.
>
> And if it in fact behaves exactly as promised, then that constitutes
> undocumented behavior, and it is therefore unsafe to rely upon.
It not so undocumented. You don't just convert a array to a string, you get an
empty separator ['a', 'b'] is converted to 'ab', for what I saw in many of my
mistakes. So someone was thinking about my use case and add the code to have a
' ' separator for the rpm command.
>
> So don't do that.
>
>
> John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Basic stuff, I can't seem to get right, Could not retrieve information from environment production source(s)
If you haven't touched it, it should be fine. Other things to keep in mind:
The puppetmaster is probably running as the user puppet, not root, and even
if the file itself is readable by all, the intervening directories might be
more restrictive.
On Tuesday, March 12, 2013 11:02:01 AM UTC-7, Race Boyer wrote:
>
> No, I've never looked at it before. Should it be changed or remain
> unchanged? Or configured to allow one to access modules?
>
> On Tuesday, March 12, 2013 12:45:51 PM UTC-5, Ellison Marks wrote:
>>
>> Might be an auth.conf problem. Have you changed anything in there?
>>
>> On Tuesday, March 12, 2013 10:16:02 AM UTC-7, Race Boyer wrote:
>>>
>>> I really hate to bother everyone with with something I'm sure is super
>>> basic, but I'm stumped.
>>>
>>> I've read the module serving guide, I checked my syntax with
>>> puppet-lint, I think I have everything in place, yet I keep getting the
>>> same error:
>>>
>>>
>>> Tue Mar 12 11:49:28 -0500 2013 Puppet (notice): Starting Puppet client
version 2.6.17
Tue Mar 12 11:49:28 -0500 2013 /File[/var/lib/puppet/lib] (err): Could
not evaluate: Could not retrieve information from environment production
source(s) puppet://puppet/plugins
Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//File[/etc/ssh/sshd_config]
(err): Could not evaluate: Could not retrieve information from environment
production source(s) puppet:///modules/sshd/sshd_config at
/etc/puppet/manifests/site.pp:20
Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (notice):
Dependency File[/etc/ssh/sshd_config] has failures: true
Tue Mar 12 11:49:29 -0500 2013 /Stage[main]//Service[sshd] (warning):
Skipping because of failed dependencies
>>>
>>> I was thinking there was some sort of permissions error somewhere? But
>>> since I'm running as root, I don't think that's likely, plus I have even
>>> 777 the sshd_config to test. Here is my site.pp, if anyone can look it over
>>> and at least point me in the right direction it would be greatly
>>> appreciated. I've already scoured this forum, but I think I'm missing
>>> something.
>>>
>>> package { 'openssh':
ensure => installed,
}
file { '/etc/ssh/sshd_config':
source => 'puppet:///modules/sshd/sshd_config',
owner => root,
group => root,
mode => '0640',
notify => Service['sshd'], #restart sshd.
require => Package['openssh'],
}
service { 'sshd':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
}
>>>
>>> Any help would be greatly appreciated.
>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] syntax checking nodes, don't allow global scope
Hi,
None that I know of - its the same as putting includes in site.pp. Education
and review are your best bet.
Den
(That said, very verbose rspec tests may pick it up for very specific cases -
but it would be a bit of work.)
On 12/03/2013, at 23:31, Rudy Gevaert wrote:
> Hi,
>
> We have been bitten twice by the following. We group the configuration
> or our nodes in several files.
>
> nodes.d/group1.pp
> nodes.d/group2.pp
> ...
>
> Now twice people have accidently added some statements that are put in
> the global scope... which are then applied to all nodes:
>
> The example is simplified:
>
> ---nodes.d/group1.pp-
> node mynode {
>...
> }
> include thisorthat
>
>
>
> Ofcourse this doesn't trigger a syntax error (that we run before a push
> to the git repo can be done).
>
> Are there any other ways to catch this? Except code revision
>
> Thanks,
>
> Rudy
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Organization of puppet classes
Thanks very much Joe. I'll take a look and go from there.
Much appreciated.
Cheers,
Mike
On Monday, March 11, 2013 5:21:01 PM UTC-7, joe wrote:
>
> You want roles and profiles:
> http://www.craigdunn.org/2012/05/239/
>
> On Monday, March 11, 2013 6:02:15 PM UTC-6, Mike Reed wrote:
>>
>> Hello All,
>>
>> I've been looking for a simple way to clean up my nodes.pp file and I was
>> hoping to get some suggestions from you folks. At the moment, I keep all
>> my class definitions within nodes.pp. It currently looks something like
>> this:
>>
>> ### regex based workstation nodes
>> node /^sbx-[^\s]*$/ {
>> include gen-lucid-stages
>> class { sbx-lucid-base-security : stage => security }
>> class { sbx-lucid-workstation-base : stage => packages }
>> class { sbx-lucid-base-upgrade : stage => upgrade }
>> class { sbx-lucid-base-dist-upgrade : stage => dist-upgrade
>> }
>> class { sbx-lucid-base-filesystem : stage => filesystem }
>> class { sbx-lucid-base-graphics : stage => graphics }
>> class { sbx-lucid-weta-config : stage => configs }
>> }
>>
>> ### Lucid Groupings
>> class sbx-lucid-base-security {
>> include sbx-lucid-common-puppet
>> include sbx-lucid-common-auth
>> include sbx-lucid-common-powerbroker
>> }
>> class sbx-lucid-workstation-base {
>> include sbx-lucid-workstation-default
>> }
>> class sbx-lucid-base-upgrade {
>> include sbx-lucid-common-upgrade
>> }
>> class sbx-lucid-base-dist-upgrade {
>> include sbx-lucid-common-dist-upgrade
>> }
>> class sbx-lucid-base-filesystem {
>> include sbx-lucid-common-autofs
>> include sbx-lucid-common-softlinks
>> }
>> class sbx-lucid-base-graphics {
>> include sbx-lucid-common-kubuntu-desktop
>> include sbx-lucid-common-weta-kde
>> include sbx-lucid-common-nvidia-driver-29553
>> }
>>
>> This however seems a bit cluttered and I was hoping to move these classes
>> out of nodes.pp and into somewhere a bit more tidy. It's probably my
>> rudimentary understanding of puppet but are there any suggestions into how
>> I might achieve this?
>>
>> Thanks in advance for the help on this one.
>>
>> Cheers,
>>
>> Mike
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Windows Remote Desktop Services (Could not find a suitable provider for dism)
I believe you need to use the copy on github as there was an issue with using 32/64 dism iirc -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Restructure puppet modules
I would recommend having a look at the modules on puppet forge to give you
a kickstart into the process.
http://forge.puppetlabs.com/
There are a bunch of useful modules in there.
On 12 March 2013 19:16, Andrea Crotti wrote:
> Mm ok then I'll drop the idea and try to go with modules..
> The other problem now is that I should somehow switch from an architecture
> which was provisioned but never correctly maintained with puppet
> to using puppet master and all these nice things, which is not going to be
> trivial..
>
> On Monday, March 11, 2013 7:42:07 PM UTC, joe wrote:
>>
>> Modules are not overkill and are, in fact, the only way you can do what
>> you intend.
>>
>> There is currently no module structure that would allow you organize your
>> manifests the way you'd like and still be able to apply classes flexibly.
>>
>> The reason for this is that the module structure in puppet is mostly a
>> file naming convention that allows the master to locate particular
>> classes. If you wish to flexibly include/declare classes as you wish, the
>> only way puppet would be able to find them and flexibly apply them would be
>> to follow the module convention.
>>
>> For instance, for a class nginx, the *only* place puppet can find that
>> and apply it flexibly is if it is located in $moduledir/nginx/manifests/*
>> *init.pp.
>>
>> Otherwise, you'd have to still rely on import and then have a *ton* of
>> conditionals everywhere to figure out whether to actually apply each class.
>> This is not maintainable at all.
>>
>> Go with modules. You'll have many fewer issues later.
>>
>> On Monday, March 11, 2013 12:23:47 PM UTC-6, Andrea Crotti wrote:
>>>
>>> So far we have a similar situation, for each different server one fabric
>>> and one puppet file, where the fabric file simply applies it in a brutal
>>> way.
>>>
>>>
>>> with settings(user='root'):
>>> put('qa.pp', 'qa.pp')
>>> put('puppet apply qa.pp')
>>>
>>> And puppet files don't use anything like classes or modules, but simply:
>>>
>>> package {["nginx", "python-virtualenv", "rsync", "autossh",
>>> "redis-server", "git-core", "python-dev", "ntp"]:
>>> ensure => installed}
>>>
>>> service { 'nginx' :
>>> ensure => "running",
>>> enable => true,
>>> hasrestart => true,
>>> require => Package["nginx"]
>>> }
>>>
>>>
>>> Now there are many issues with the current setup, where the first is we
>>> are not really managing our servers, but we can only provision them..
>>>
>>> The second big problem is that there is a lot of repetition everywhere
>>> and the third is that I can't easily provision multiple services on a
>>> single machine (if they were supposed initially to run on different
>>> machines).
>>>
>>> Now I read some doc and in theory it looks like I should create one
>>> module per each service.
>>>
>>> - nginx
>>> + templates
>>> + manifests
>>>
>>> - couch
>>> + templates
>>> + manifests
>>>
>>> this is however overkill for me, what I think would make more sense
>>> would be
>>>
>>> - templates
>>> + nginx
>>> + couch
>>>
>>> - manifests
>>> + base.pp
>>> + couch.pp
>>> ..
>>>
>>> Is it possible to use such a structure though?
>>>
>>> I just want to be able to use classes smartly, avoid duplication and
>>> start working with puppetmaster instead of this silly way..
>>>
>>> Any advice?
>>> Thanks
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] node based regex entries
Hello all, I've been trying to configure node-based regex entries and puppet seems to be giving me a hard time with this one. Our system naming convention is this: sbx--. For instance, we have: sbx-circle-01 and sbx-square-01 both on the same network. I'm using this entry: node /^sbx-[^\.*]\-\d\d$/ and I suspect I'm missing something as I don't get an error when running sbx-circle-01 against it, but the manifests never get pulled down. Does anybody have any suggestions on how I might fix this up? If I wasn't already bald, I would have pulled my hair out trying to figure this one. As always, thanks in advance for the help and support. Cheers, Mike -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] node based regex entries
rubular.com suggests that the regex should be ^sbx-.*-\d\d$ On 13 March 2013 12:16, Mike Reed wrote: > Hello all, > > I've been trying to configure node-based regex entries and puppet seems to > be giving me a hard time with this one. > > Our system naming convention is this: > > sbx--. > > For instance, we have: sbx-circle-01 and sbx-square-01 both on the same > network. > > I'm using this entry: node /^sbx-[^\.*]\-\d\d$/ and I suspect I'm missing > something as I don't get an error when running sbx-circle-01 against it, > but the manifests never get pulled down. > > Does anybody have any suggestions on how I might fix this up? > > If I wasn't already bald, I would have pulled my hair out trying to figure > this one. > > As always, thanks in advance for the help and support. > > Cheers, > > Mike > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetDB http web interface user access
Good call. The advice was wise! I had some issues using RewriteEngine (probably how I have Apache setup), but instead with with ProxyPass and it is working well. ProxyPass / http://localhost:8080/ AuthType basic AuthName "Restrited Files" AuthBasicProvider file AuthUserFile /etc/apache2/passw Require valid-user On Tuesday, March 12, 2013 10:40:01 AM UTC-7, Ken Barber wrote: > > I think most people are implementing either an Apache or NGinx proxy > in front of PuppetDB for this purpose. > > For Apache, should be pretty easy to do with proxy based RewriteRule's > in Apache, and within the same virtualhost definition you should be > able to enforce authentication. For example: > > > RewriteEngine on > RewriteRule /(.*) http://localhost:8080/$1 [P,L] > > > AuthType Basic > AuthName "Restricted Files" > AuthBasicProvider file > AuthUserFile /etc/httpd/basic.pwd > Require user ken > > > > This is at least a start anyway. More custom redirections and handling > can be rolled obviously. > > ken. > > On Tue, Mar 12, 2013 at 8:50 AM, Zane Williamson > > wrote: > > Hi All, > > > > Has anyone figured out a nice way to restrict user access to puppetdb's > http > > web interface? Such as a .htaccess method or something similar? I > would > > prefer something along > > those lines instead of setting up firewall rules. > > > > -Zane > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to puppet-users...@googlegroups.com . > > To post to this group, send email to > > puppet...@googlegroups.com. > > > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetDB http web interface user access
Great! I'm more of a fan of RewriteRule because when you're mixing it with rewrites the ordering is more obvious, but in this case ProxyPass works well enough. Looks like you're using Debian, do you have to use a2enmod perhaps to get RewriteRule to work? Either way thanks for sharing the config that works for you. ken. On Tue, Mar 12, 2013 at 9:11 PM, Zane Williamson wrote: > Good call. The advice was wise! I had some issues using RewriteEngine > (probably how I have Apache setup), but instead with with ProxyPass and it > is working well. > > > ProxyPass / http://localhost:8080/ > > AuthType basic > AuthName "Restrited Files" > AuthBasicProvider file > AuthUserFile /etc/apache2/passw > Require valid-user > > > > On Tuesday, March 12, 2013 10:40:01 AM UTC-7, Ken Barber wrote: >> >> I think most people are implementing either an Apache or NGinx proxy >> in front of PuppetDB for this purpose. >> >> For Apache, should be pretty easy to do with proxy based RewriteRule's >> in Apache, and within the same virtualhost definition you should be >> able to enforce authentication. For example: >> >> >> RewriteEngine on >> RewriteRule /(.*) http://localhost:8080/$1 [P,L] >> >> >> AuthType Basic >> AuthName "Restricted Files" >> AuthBasicProvider file >> AuthUserFile /etc/httpd/basic.pwd >> Require user ken >> >> >> >> This is at least a start anyway. More custom redirections and handling >> can be rolled obviously. >> >> ken. >> >> On Tue, Mar 12, 2013 at 8:50 AM, Zane Williamson >> wrote: >> > Hi All, >> > >> > Has anyone figured out a nice way to restrict user access to puppetdb's >> > http >> > web interface? Such as a .htaccess method or something similar? I >> > would >> > prefer something along >> > those lines instead of setting up firewall rules. >> > >> > -Zane >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to puppet-users...@googlegroups.com. >> > To post to this group, send email to puppet...@googlegroups.com. >> > Visit this group at http://groups.google.com/group/puppet-users?hl=en. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetDB http web interface user access
Ah yes, that was probably the issue, forgot to sue a2enmod for rewriterule! Appreciate your input on this. -Zane On Tue, Mar 12, 2013 at 9:40 PM, Ken Barber wrote: > Great! I'm more of a fan of RewriteRule because when you're mixing it > with rewrites the ordering is more obvious, but in this case ProxyPass > works well enough. Looks like you're using Debian, do you have to use > a2enmod perhaps to get RewriteRule to work? > > Either way thanks for sharing the config that works for you. > > ken. > > On Tue, Mar 12, 2013 at 9:11 PM, Zane Williamson > wrote: > > Good call. The advice was wise! I had some issues using RewriteEngine > > (probably how I have Apache setup), but instead with with ProxyPass and > it > > is working well. > > > > > > ProxyPass / http://localhost:8080/ > > > > AuthType basic > > AuthName "Restrited Files" > > AuthBasicProvider file > > AuthUserFile /etc/apache2/passw > > Require valid-user > > > > > > > > On Tuesday, March 12, 2013 10:40:01 AM UTC-7, Ken Barber wrote: > >> > >> I think most people are implementing either an Apache or NGinx proxy > >> in front of PuppetDB for this purpose. > >> > >> For Apache, should be pretty easy to do with proxy based RewriteRule's > >> in Apache, and within the same virtualhost definition you should be > >> able to enforce authentication. For example: > >> > >> > >> RewriteEngine on > >> RewriteRule /(.*) http://localhost:8080/$1 [P,L] > >> > >> > >> AuthType Basic > >> AuthName "Restricted Files" > >> AuthBasicProvider file > >> AuthUserFile /etc/httpd/basic.pwd > >> Require user ken > >> > >> > >> > >> This is at least a start anyway. More custom redirections and handling > >> can be rolled obviously. > >> > >> ken. > >> > >> On Tue, Mar 12, 2013 at 8:50 AM, Zane Williamson > >> wrote: > >> > Hi All, > >> > > >> > Has anyone figured out a nice way to restrict user access to > puppetdb's > >> > http > >> > web interface? Such as a .htaccess method or something similar? I > >> > would > >> > prefer something along > >> > those lines instead of setting up firewall rules. > >> > > >> > -Zane > >> > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "Puppet Users" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to puppet-users...@googlegroups.com. > >> > To post to this group, send email to puppet...@googlegroups.com. > >> > Visit this group at http://groups.google.com/group/puppet-users?hl=en > . > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to puppet-users+unsubscr...@googlegroups.com. > > To post to this group, send email to puppet-users@googlegroups.com. > > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/ibkfqZHEAdY/unsubscribe?hl=en > . > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Zane -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] What is ActiveMQ Broker?
Can anybody tell me what exactly ActiveMQ does? Is it a storage of messages produced by producer and ready to consume by consumer? M i understanding it correctly or not? Please tell me? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
