[Puppet Users] Puppet Dashboard Issues
Hi, I am using Puppet enterprise free 10 node version, getting one error while loading this page in /baseline/compliance Puppet Dashboard encountered an error. Something went wrong, and Puppet Dashboard was unable to render the requested page. Please contact your site’s help desk or systems administrator; if that happens to be you, please check Dashboard’s logs for more information. getting this error only here..is it because of license? Regards, Jithin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem retreiving catalog
On Thu, Apr 25, 2013 at 5:24 PM, gen...@allantgroup.com andyr...@gmail.com wrote: On Thursday, April 25, 2013 3:19:55 AM UTC-5, ohad wrote: On Thu, Apr 25, 2013 at 2:00 AM, gen...@allantgroup.com andyr7...@gmail.com wrote: I updated some of my gems, and I think it may be the reason I am getting the following error when the agents try to retrieve a catalog. err: Could not retrieve catalog from remote server: Error 400 on SERVER: The single-table inheritance mechanism failed to locate the subclass: 'Host::Managed'. This error is raised because the column 'type' is reserved for storing the class in case of inheritance. Please rename this column if you didn't intend it to be used for storing the inheritance class or overwrite Puppet::Rails::Host.**inheritance_column to use another column for that information. this looks like the development version of foreman, are you using it together with storeconfigs? Ohad Yes, it is the development version of foreman and yes I am using storeconfigs. Is there a solution to this, or should I downgrade foreman to stable? One of the upcoming changes in 1.2 is to no longer share the db with storeconfigs (as its being replaced in favor of puppetdb anyway)... therefore, if you want to use the latest version and 1.2 at the same time, you would need to dump the db into a new foreman db (or puppet). Ohad Thanks, Andy Ruby 1.8.7, I believe apache is using passenger 2.2.11. I tried 3.0.19, but then I get errors in the apache log about not finding files in the /usr/share/puppet/rack/**puppetmasterd/public, which AFAICT are application generated. Everything was working fine before updating the gems. I was updating the gems because I was trying to get foreman working again after updating it. I do not know much about ruby or passenger, so I could use some help figuring out how to fix this issue. At least puppet-dashboard is working, it just isn't getting any new reports due to the problems with puppet. Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@**googlegroups.com. To post to this group, send email to puppet...@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet and internal modules...
Joe, Cheers for the response... N yeh, part of me almost doesn't want to relinquish control, as I know how it should work etc... However I am only 1 man, and cant keep up with current demands... ;) With regards to code deployment, the typical model is J2EE apps deployed into Glassfish 3 domains, so the applications would be sourced from Maven, and dropped into Glassfish... So i'm actually fairly confident with that... Plus it means we can actually start to get a degree of control over what's where in our env... Any other comments welcome... Cheers Gavin On Friday, 26 April 2013 06:04:11 UTC+1, joe wrote: One thing you certainly need to do is define a clear line of what puppet will and will not do in your environment. Puppet is not well suited to code deployment. It is extremely good at maintaining the environment in which code runs. I would allow contributions from your dev team liberally, as long as they are only using puppet to maintain the environment and do so in a way that the rest of the organization can make use of their work. On Thursday, April 25, 2013 2:45:51 PM UTC-6, Gavin Williams wrote: Afternoon/Evening all It looks like Puppet is starting to get some traction within my organisation, with several other teams asking what Puppet can do for them :-) The main use I'm getting asked about is one touch deployment of our products by Dev teams... On the surface it shouldn't be too hard, and I've already got a model in mind. However one of the considerations is making the Puppet code maintainable by Dev aswell as me in Ops/Implementation... Currently, I've got one model that does all our Puppet stuff, such as based configuring servers, installing oracle, installing monitoring, configuring databases, etc. I do hook in some common modules as and when needed. So i can either continue this model and build it out to handle product deployments aswell. Or I can turn it on its head, and write modules specific to the product deployment, pulling in stuff from our core model where useful... This means that Dev can maintain their own product modules, and with a liberal spread of continuous integration testing, should be able to handle new product module requirements separately to core model changes :-) So, thoughts welcome. Any pros/cons to above? Or any better way of handling it? Thanks in advance for any responses. Regards Gavin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How do I check whether an imported resource has already been defined?
Hi John and all, Am 25.04.2013 um 17:22 schrieb jcbollinger john.bollin...@stjude.org: On Wednesday, April 24, 2013 7:28:55 AM UTC-5, Patricia Jung wrote: please consider the following scenario: Puppet is supposed to set up similar (but not necessarily identical) groups of hosts for a range of customers. For each customer a dedicated filesystem tree needs to be established on host A. I'm not sure I follow, but I think you mean host A a designated special node somewhere. It's not clear whether that's one of the hosts in a per-customer group, but maybe that doesn't matter. A is a designated host outside the per-customer group. To be more specific: It's a Nagios host with customer-specific directories for the customer-specific Nagios objects created both, manually and by the Nagios exported resources. It sounds to me like exported resources are the wrong solution to this problem. What prevents you from declaring the needed filesystem trees as ordinary resources declared for node A? The customer-specific filesystem tree within the Nagios configuration must not exist unless there is at least one customer host defined. If I had to declare it ordinarily for node A I had to touch A's definitions every time I'm adding or removing a new customer. Thanks for caring! Patricia -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Using puppet to install puppet modules
Hi people, I use puppet forge to install various modules on my puppetmaster. I'm thinking about the build process if I build a new puppetmaster. Manually reinstalling the modules is prone to error if I forget which modules I used to have. I looked at this module[1] as a way of making puppet automatically install its own modules. But then I realised - if I am building a puppetmaster from scratch then it won't have the ability to use this module to install itself... chicken and egg. How have other people handled this? Cheers, Jonathan [1] https://forge.puppetlabs.com/rcoleman/puppet_module -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: How do I automagically remove old versions of jar files?
On Thursday, April 25, 2013 1:26:05 PM UTC-5, Nick Fagerlund wrote: tidy {'/tmp/jars': recurse = true, matches = my_jar.*.jar, } This example would kill all files matching that shell glob pattern UNLESS there's already a puppet resource for them, so it would leave the latest version intact. (I just tested it to make sure that's the case.) Very nice! I seem always to forget about 'tidy', but it's a good fit here. I wish its docs were clear that it does not affect files that are otherwise managed, though I guess that's a reasonable expectation. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Using puppet to install puppet modules
I usually package the modules that I want in the native package manager of the system. Much easier to track and the 'package' statement works just fine. Trevor On Fri, Apr 26, 2013 at 6:19 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: Hi people, I use puppet forge to install various modules on my puppetmaster. I'm thinking about the build process if I build a new puppetmaster. Manually reinstalling the modules is prone to error if I forget which modules I used to have. I looked at this module[1] as a way of making puppet automatically install its own modules. But then I realised - if I am building a puppetmaster from scratch then it won't have the ability to use this module to install itself... chicken and egg. How have other people handled this? Cheers, Jonathan [1] https://forge.puppetlabs.com/rcoleman/puppet_module -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet and internal modules...
On Friday, April 26, 2013 3:27:11 AM UTC-5, Gavin Williams wrote: Joe, Cheers for the response... N yeh, part of me almost doesn't want to relinquish control, as I know how it should work etc... However I am only 1 man, and cant keep up with current demands... ;) With regards to code deployment, the typical model is J2EE apps deployed into Glassfish 3 domains, so the applications would be sourced from Maven, and dropped into Glassfish... So i'm actually fairly confident with that... Plus it means we can actually start to get a degree of control over what's where in our env... Any other comments welcome... Puppet is a state management tool, not a remote control tool. For development deployments, the latter is usually what's wanted. For that, you could consider PuppetLabs's MCollective, though there are other alternatives. Puppet would probably still have a role, however, in ensuring that the deployment environment is set up as it needs to be. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Access facts values in Puppet provider
On Friday, April 26, 2013 12:06:54 AM UTC-5, Andriy Yurchuk wrote: I'm writing a custom Puppet service provider and I need to access one of my facts value inside provider to then be able to use the value inside startcmd/stopcmd. There is a confine which can test whether a fact exists, but how do I actually get the value of the fact? As far as I know, providers do not have direct access to node facts. They run on the target node, not on the master, so they cannot draw data from the master's environment unless it is provided to them via resource parameters. On the other hand, providers can (and often do) directly interact with the target node to obtain any information they need. Although it would be roundabout, your provider could probably even use Facter to (re-)compute the data you want. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How do I check whether an imported resource has already been defined?
On Friday, April 26, 2013 5:05:35 AM UTC-5, Patricia Jung wrote: Hi John and all, Am 25.04.2013 um 17:22 schrieb jcbollinger: On Wednesday, April 24, 2013 7:28:55 AM UTC-5, Patricia Jung wrote: please consider the following scenario: Puppet is supposed to set up similar (but not necessarily identical) groups of hosts for a range of customers. For each customer a dedicated filesystem tree needs to be established on host A. I'm not sure I follow, but I think you mean host A a designated special node somewhere. It's not clear whether that's one of the hosts in a per-customer group, but maybe that doesn't matter. A is a designated host outside the per-customer group. To be more specific: It's a Nagios host with customer-specific directories for the customer-specific Nagios objects created both, manually and by the Nagios exported resources. It sounds to me like exported resources are the wrong solution to this problem. What prevents you from declaring the needed filesystem trees as ordinary resources declared for node A? The customer-specific filesystem tree within the Nagios configuration must not exist unless there is at least one customer host defined. If I had to declare it ordinarily for node A I had to touch A's definitions every time I'm adding or removing a new customer. You have to touch your manifests and/or data to set up a new customer in any case, so I'm not seeing why it should be more of a problem to reconfigure node A directly as part of that process, particularly if making things work differently would be convoluted or brittle. Moreover, I think that this could probably be handled in a data-driven manner, especially if all the per-customer trees on node A are uniform, or at least characterized by a small number of fixed parameters. That is, you likely could arrange things such that you just need to add a bit of information to an external file (e.g. an hiera data file) to induce the needed declarations for a given group to be made for node A. Generally speaking, only resources bearing node-specific data are appropriate for export. The canonical example is probably /etc/hosts entries (Host resources). What you have is different: it is group-specific, rather than node-specific. To make it fit into the exported resource mold, you would need to somehow designate a special node in each customer group that alone exports the resources pertaining to its group. First to sync is not a viable designation; instead, you would need something tied to node identity. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Get class members
Hi, For clusters, we use a script called allnodes, that let's us easily execute stuff on (surprise) all cluster nodes. The script is easily deployed by puppet, but uses a config file, which is just the list of hostnames. We cannot get this list dynamically from the cluster (for example via hasys -list), because we might want to run commands when the cluster is down or incomplete. However, all cluster nodes belong to the same class, like so: class veritastest { some stuff here } node 'host1' inherits default { include veritastest other stuff } node 'host2' inherits default { include veritastest other stuff } Is there a way to generate (in the class definition), with an erb template a file that shows just host1 host2 ? And, of course the file should modify itself as new nodes are added to the cluster. Thanks. -- Beware of programmers who carry screwdrivers! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Access facts values in Puppet provider
Found out this can be done via Facter['my_fact'].value On Friday, April 26, 2013 8:06:54 AM UTC+3, Andriy Yurchuk wrote: I'm writing a custom Puppet service provider and I need to access one of my facts value inside provider to then be able to use the value inside startcmd/stopcmd. There is a confine which can test whether a fact exists, but how do I actually get the value of the fact? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] using a test within an if in a manifest
Does puppet have a similar syntax in a manifest? if [ -f /somefile ] { ... } Looking to test for -d -p -b, etc I know that exec has this feature, but am looking to conditionally mount. I have thought of other use cases too. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Using puppet to install puppet modules
On Fri, Apr 26, 2013 at 3:19 AM, Jonathan Gazeley jonathan.gaze...@bristol.ac.uk wrote: How have other people handled this? In addition to Puppet's built-in `puppet module` tool, there's a project called librarian-puppet that lets you express your Forge modules in a bundler like way. http://librarian-puppet.com/ -- Ryan Coleman | Modules Forge | @ryanycoleman | ryancoleman in #puppet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] [ANN] puppet-cleaner 0.1.1
puppet-cleaner is a set of tools that helps you keep your manifests compliant with the style guide. Website: https://github.com/santana/puppet-cleaner/ How to install: sudo gem install puppet-cleaner This is a maintenance release that fixes a run-time error. Thanks to github user blindsey to bring it to my attention. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Module puppetlabs/postgresql 2.2.0 Available
A new release of the puppetlabs/postgresql module is now available on the Forge: https://forge.puppetlabs.com/puppetlabs/postgresql/2.2.0 Changelog This feature release introduces a number of new features and bug fixes. First of all it includes a new class named `postgresql::python` which provides you with a convenient way of install the python Postgresql client libraries. class { 'postgresql::python': } You are now able to use `postgresql::database_user` without having to specify a password_hash, useful for different authentication mechanisms that do not need passwords (ie. cert, local etc.). We've also provided a lot more advanced custom parameters now for greater control of your Postgresql installation. Consult the class documentation for PuppetDB in the README. We've also fixed our stdlib dependencies so 4.x is supported, this was blocking some users so I'm glad to say this is now solved. This release in particular has largely been contributed by the community members below, a big thanks to one and all. Detailed Changes * Add support for psycopg installation (Flaper Fesp and Dan Prince) * Added default PostgreSQL version for Ubuntu 13.04 (Kamil Szymanski) * Add ability to create users without a password (Bruno Harbulot) * Three Puppet 2.6 fixes (Dominic Cleal) * Add explicit call to concat::setup when creating concat file (Dominic Cleal) * Fix readme typo (Jordi Boggiano) * Update postgres_default_version for Ubuntu (Kamil Szymanski) * Allow to set connection for noew role (Kamil Szymanski) * Fix pg_hba_rule for postgres local access (Kamil Szymanski) * Fix versions for travis-ci (Ken Barber) * Add replication support (Jordi Boggiano) * Cleaned up and added unit tests (Ken Barber) * Generalization to provide more flexability in postgresql configuration (Karel Brezina) * Create dependent directory for sudoers so tests work on Centos 5 (Ken Barber) * Allow SQL commands to be run against a specific DB (Carlos Villela) * Drop trailing comma to support Puppet 2.6 (Michael Arnold) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] how do you test and release puppet changes?
We are in the process of evaluating our puppet related test and release process and interested in knowing what other folks are doing. We are in a position that is not ideal but is not unique from what I can tell. Our current testing process is basically the responsibility of each person making a change. Small changes are committed and pushed to dev/qa/prod in one swoop with the committer spot checking the results manually.Larger changes are tested by running a node against a puppet environment which is pointed to the change branch and the desired behavior is manually verified. What we would like to do is start with implementing some basic control points which require passing tests before the changes move along. With the goal of being able to increase the test coverage over time to protect ourselves from ourselves. One thought we had as an initial step is to just verify catalog compilation for some number of nodes against the proposed changes and block the changes if catalog compilation fails. This raises the next question around tooling. We could script up a catalog compiler test calling the the puppet binaries but should we use this as an opportunity to get familiar with rspec-puppet? Are people using catalog diffs at all in their release process? It would seem nice to provide an automated catalog diff for people making 'small' changes so they can make sure their change didn't accidentally drop or change a large number of resources. So please share what you find works or doesn't work at your shop. TIA -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] passwordless ssh
What is the best and easy't way to let all nodes ssh passwordless to each other ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Create a file which lists all server names with a given environment variable
I am presuming that this is something I need to do with stored configs, but there might also be another way to do it. I am looking to create a file called /root/production.servers which will list all my production servers. All production servers have the puppet variable of $environment='production' in the nodes.pp. Is there a way I can utilize this variable to create this file? Is stored configs the best option here? -- _ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. © 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] passwordless ssh
Two different questions. Best: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ Easiest ? Fastest ? Cheapest ? Pick one, maybe two. You ain't gonna get all three “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Bert Cauwelier bertbert...@gmail.com To: puppet-users@googlegroups.com Sent: Friday, April 26, 2013 1:34:15 PM Subject: [Puppet Users] passwordless ssh What is the best and easy't way to let all nodes ssh passwordless to each other ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] passwordless ssh
Stay careful that if you're in a PCI/SOX/ITIL environment, it may be against policy to provide this between hosts under certain circumstances. YMMV. On Apr 26, 2013, at 1:46 PM, Dan White y...@comcast.net wrote: Two different questions. Best: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ Easiest ? Fastest ? Cheapest ? Pick one, maybe two. You ain't gonna get all three “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) From: Bert Cauwelier bertbert...@gmail.com To: puppet-users@googlegroups.com Sent: Friday, April 26, 2013 1:34:15 PM Subject: [Puppet Users] passwordless ssh What is the best and easy't way to let all nodes ssh passwordless to each other ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] passwordless ssh
thx, any possible instant working puppet module for distributing the key's and allow passwordless ssh 2013/4/26 Jerald Sheets que...@gmail.com Stay careful that if you're in a PCI/SOX/ITIL environment, it may be against policy to provide this between hosts under certain circumstances. YMMV. On Apr 26, 2013, at 1:46 PM, Dan White y...@comcast.net wrote: Two different questions. Best: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ Easiest ? Fastest ? Cheapest ? Pick one, maybe two. You ain't gonna get all three “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- *From: *Bert Cauwelier bertbert...@gmail.com *To: *puppet-users@googlegroups.com *Sent: *Friday, April 26, 2013 1:34:15 PM *Subject: *[Puppet Users] passwordless ssh What is the best and easy't way to let all nodes ssh passwordless to each other ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/IwUQLI54IHQ/unsubscribe?hl=en . To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] passwordless ssh
Not here. I'm in one of those environments. :) On Apr 26, 2013, at 2:04 PM, Bert Cauwelier bertber...@hotmail.com wrote: thx, any possible instant working puppet module for distributing the key's and allow passwordless ssh 2013/4/26 Jerald Sheets que...@gmail.com Stay careful that if you're in a PCI/SOX/ITIL environment, it may be against policy to provide this between hosts under certain circumstances. YMMV. On Apr 26, 2013, at 1:46 PM, Dan White y...@comcast.net wrote: Two different questions. Best: http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/ Easiest ? Fastest ? Cheapest ? Pick one, maybe two. You ain't gonna get all three “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) From: Bert Cauwelier bertbert...@gmail.com To: puppet-users@googlegroups.com Sent: Friday, April 26, 2013 1:34:15 PM Subject: [Puppet Users] passwordless ssh What is the best and easy't way to let all nodes ssh passwordless to each other ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/IwUQLI54IHQ/unsubscribe?hl=en. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Help me with a local Linux account management module
I'm pretty much brand new to Puppet. I've read the tutorials on puppet labs, and most of Pro Puppet. But there's still a lot I don't get. So I figured I'd learn by doing. My current goal is to write a user account wrapper. It would only be for local Linux accounts only, only on Ubuntu for now. I'm not just using the user type because I want to manage ssh authorized keys as well. I did find https://github.com/dcsobral/puppet-users, and a few others. But I'm not fond of the use of csv files, and it seems like a simple enough module to learn with. Wrapping user and ssh_authorized_key is simple, just pass in the information. But I do have a couple questions I couldn't find answers to in the docs, here, or Google. *Questions*: - What happens when a group listed in the user type does not exist on the server? - How do I figure out what hash to use for the password when creating a new user? - Do I just copy the hash directly into the password property? No need to tell puppet what kind of hash it is? - ssh_authorized_key: name has to be unique. So how do I add a key to more than one user? - I'd like to simply pass in an array of links(?) to pub key files to my wrapper instead of the actual ssh key. How would I tell Puppet to split the contents at the spaces so I can get the key, type, and name properties out of it? Future plans would be to manage shell configuration as well. But for now, all I need is what I've described above. Oh, when implementing this, does making a /etc/puppet/manifests/accounts/username.pp file per user, then including that file on the nodes that need that user, raise any bad idea flags for you? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Help me with a local Linux account management module
On Fri, Apr 26, 2013 at 4:08 PM, David Reagan jer...@gmail.com wrote: I'm pretty much brand new to Puppet. I've read the tutorials on puppet labs, and most of Pro Puppet. But there's still a lot I don't get. So I figured I'd learn by doing. My current goal is to write a user account wrapper. It would only be for local Linux accounts only, only on Ubuntu for now. I'm not just using the user type because I want to manage ssh authorized keys as well. I did find https://github.com/dcsobral/puppet-users, and a few others. But I'm not fond of the use of csv files, and it seems like a simple enough module to learn with. Wrapping user and ssh_authorized_key is simple, just pass in the information. But I do have a couple questions I couldn't find answers to in the docs, here, or Google. *Questions*: - What happens when a group listed in the user type does not exist on the server? Generally speaking you shouldn't let that happen! The user resource will fail because it wants the group to exist first. Create a group{} resource and in the user{} resource add something like require = Group['users'], or whatever, so that this doesn't happen. - - How do I figure out what hash to use for the password when creating a new user? There's several ways to handle this. Generally the way it's done is via a custom function that executes on the puppetmaster and injects the results of that run into the catalog for the client. This way you can use a hash generator. Something like https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb - Do I just copy the hash directly into the password property? No need to tell puppet what kind of hash it is? It basically takes the contents of password and shovels it into the appropriate /etc/shadow column. - ssh_authorized_key: name has to be unique. So how do I add a key to more than one user? You'd want to structure this as a kind of custom_user{} define that was able to take keys as a parameter and those can be an array or hash of info. This way you're basically listing all the keys per user rather than trying to assign keys to multiple users. Because you'll have custom_user{ 'blah': } you'll be able to refer to the blah as $name in the define and then you can make your ssh_authorized_key names like: ssh_authorized_key { ${name}-key: } so that they have unique names, I'll leave the rest of this up to your imagination as you'd need a unique -key bit per key you pass in. That's one reason I suggested the keys param be a hash, so that you can have a name and then value and use that to build up the name cleanly. - I'd like to simply pass in an array of links(?) to pub key files to my wrapper instead of the actual ssh key. How would I tell Puppet to split the contents at the spaces so I can get the key, type, and name properties out of it? This stuff is tricky with the language as it stands. The way I've solved this (and seen others solve this) in the past is that rather than trying to pass in arrays you build a hash in hiera for your users and then pass the entire hash to create_resources('mycustomusersdefine', hashname) to have it create a call to the define for each element of the hash. If you google create_resources you should find some examples. Future plans would be to manage shell configuration as well. But for now, all I need is what I've described above. Oh, when implementing this, does making a /etc/puppet/manifests/accounts/username.pp file per user, then including that file on the nodes that need that user, raise any bad idea flags for you? It does, but only because even at this early stage you should start thinking is this how to do a task, or the data the task needs? if it's data you should be thinking of 'hiera' and how you can use that to seperate your data from your manifests. Good luck! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: how do you test and release puppet changes?
Hi Derek, when testing puppet-cleaner I wrote puppet-diff[1], which compiles the catalogs for two given manifests (before and after changes) and compares their YAML representation, previously removing some irrelevant stuff. That helped me test that some transformations, like whitespace changes or single/double [un]quoting some tokens did nothing, or just what they were supposed to change. It will help you notice if something was removed or added to the catalog, but it will be difficult to test more complex changes. I've read rspec-puppet code and my first impression is that it also compiles the catalog but instead of comparing it with another one, it tests for anything you tell it; then you have to practically rewrite your manifests in rspec DSL. In any case, we're just testing the manifest on an imaginary clean box. The real result, as you know for sure, heavily depends on the current state of the box. [1] https://github.com/santana/puppet-cleaner/blob/master/bin/puppet-diff El viernes, 26 de abril de 2013 12:03:47 UTC-5, Derek Olsen escribió: We are in the process of evaluating our puppet related test and release process and interested in knowing what other folks are doing. We are in a position that is not ideal but is not unique from what I can tell. Our current testing process is basically the responsibility of each person making a change. Small changes are committed and pushed to dev/qa/prod in one swoop with the committer spot checking the results manually.Larger changes are tested by running a node against a puppet environment which is pointed to the change branch and the desired behavior is manually verified. What we would like to do is start with implementing some basic control points which require passing tests before the changes move along. With the goal of being able to increase the test coverage over time to protect ourselves from ourselves. One thought we had as an initial step is to just verify catalog compilation for some number of nodes against the proposed changes and block the changes if catalog compilation fails. This raises the next question around tooling. We could script up a catalog compiler test calling the the puppet binaries but should we use this as an opportunity to get familiar with rspec-puppet? Are people using catalog diffs at all in their release process? It would seem nice to provide an automated catalog diff for people making 'small' changes so they can make sure their change didn't accidentally drop or change a large number of resources. So please share what you find works or doesn't work at your shop. TIA -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.