[Puppet Users] Re: puppet master on the internet
Well - as everything else - there can be security issues, where the SSL cert check won't help you: https://puppetlabs.com/security/cve/cve-2013-1640/ So you should definetely be careful - Puppet is very young, compared to apache, openssh and others that have been internetfacing for many, many years (and had their share of security bugs). I'd probably filter access to puppet, based on ip-ranges - just to heavily lessen the potential attacking base :) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Design pattern for exported resources from EC2 autoscaled instances
Thanks for your replies. mco is the solution I like. However AWS doesnt allow multicast, and hence I figured I cannot succesfully cluster glassfish or tomcat in AWS! On Monday, April 22, 2013 9:31:57 AM UTC+10, Shiva Narayanaswamy wrote: > > My setup has an EC2 autoscaling group of clustered glassfish application > servers. Each glassfish instance will register itself with a DAS (Domain > Administration Server) to become a member of the cluster, and deregister > itself when it is killed. I was intending to orchestrate this via puppet > exported resources. However I am stuck with trying to figure out how to get > the DAS server to apply puppet configuration everytime an instance is born > in the autoscaling group. > I can schedule puppet to run on the DAS server every 30 minutes, but I > cant afford to wait 30 minutes. I would like to do this as soon as an > instance is provisioned. The only way I can think of doing this is using > mcollective. Am I overlooking something? > > If I havent made myself very clear, please let me know, and I can try to > explain better. > > Looking forward to some design patterns from some experienced gurus! > > Thanks, > Shiva > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Please Help with HAProxy + Puppet
Hi,
I am trying to get HAProxy running. I have the puppet master setup serving
configurations to two agents. One is the HAproxy server and the other is a
simple web server (certname=webserver2). HAproxy is being deployed by
puppet on the proxy server as expected. But the generated HAProxy
configuration is what i don't understand. I do not see any single reference
to the IP address of webserver2 to which the traffic should be forwarded.
All IPs included in the haproxy config are those of the HAProxy server
itsself.
I am likely misunderstanding something or missing something that should be
done. Please help me through this. My goal is to balance (round robin)
traffic to two servers webserver1 and webserver2
Thanks alot.
Here is my puppet master site.pp:
node /^haproxy.*/ {
Haproxy::Balancermember <<| listening_service == 'puppet00' |>>
class { 'haproxy': }
haproxy::listen {
'puppet00': ipaddress => $::ipaddress,
ports => ['55672','5672'], }
}
node 'webserver2' {
@@haproxy::balancermember {
$fqdn: listening_service => 'puppet00',
server_names => $::hostname,
ipaddresses => $::ipaddress,
ports => ['55672','5672'],
options => 'check'
}
}
Here is the haproxy.cfg that is generated:
# This file managed by Puppet
global
chroot /var/lib/haproxy
daemon
group haproxy
log 10.28.92.145 local0
maxconn 4000
pidfile /var/run/haproxy.pid
stats socket /var/lib/haproxy/stats
user haproxy
defaults
log global
maxconn 8000
option redispatch
retries 3
stats enable
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
listen puppet00 10.28.92.145:55672,10.28.92.145:5672
balance roundrobin
option tcplog
option ssl-hello-chk
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Learning puppet: how to use a module?
>From the puppet apply man page: When provided with a modulepath, via command line or config file, puppet apply can effectively mimic the catalog that would be served by puppet master with access to the same modules, although there are some subtle differences. When combined with scheduling and an automated system for pushing manifests, this can be used to implement a serverless Puppet site. http://docs.puppetlabs.com/man/apply.html So looks like you need to give it the path to where your modules are installed. This can be done with --modulepath=/path/to/module/dirctory on the command line or with the modulepath configuration setting in the agent section of your config file. On Sunday, April 28, 2013 2:40:01 AM UTC-7, Leonard Ehrenfried wrote: > > Hi, > > I'm currently learning puppet but I have come across something which I > can't figure out from the docs. > > I have a rails app, which needs a few Ubuntu packages installed to work. > Some of those come from a PPA, which is a non-standard repository, which > needs to be added to the list of repos. I would like to automate this step, > too. > > I have just one node where puppet needs to run, so I just have one file > which I execute with `puppet apply`. I'm not using a puppetmaster. > > The pp file can be viewed here: > https://github.com/lenniboy/jcheld/blob/master/puppet/jcheld.pp > > I have installed the puppetlabs-apt module and I can see that that was > successful like this: > > $ puppet module list > /home/lenni/.puppet/modules > ├── puppetlabs-apt (v1.1.0) > └── puppetlabs-stdlib (v4.0.2) > > Now, when I run puppet I get the following error: > > $ sudo puppet apply puppet/jcheld.pp > Error: Could not find class apt for > ip-10-59-51-209.eu-west-1.compute.internal on node > ip-10-59-51-209.eu-west-1.compute.internal > Error: Could not find class apt for > ip-10-59-51-209.eu-west-1.compute.internal on node > ip-10-59-51-209.eu-west-1.compute.internal > > I think it is likely that I'm not understanding something fundamentally > about how modules are supposed to be used. > > Could someone help me out? > > Thanks > Leonard > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet master on the internet
On 28 April 2013 19:48, Alberto Besana wrote: > We're about to run a bunch (< 50) machines scattered around a (physical) > town and using a machine with a public IP to recover logs and report. We > can not change this setting: it's a kind of experiment and it will last few > weeks. > > Have anyone experience about safety issues trying to run a puppet master > on a machine using a public IP? > For the log-report part we use ssh to connect to the server and the idea > is to use puppet agent to perform maintenance and tuning. > Hi, I run my puppet master on a public ip. I manage servers in remote datacentres as well as a bunch of virtual machines in the office. What do you mean by safety issues? Do you mean security? All communication between the node and the master is secured with ssl certificates. A node can't communicate with the puppet master without a signed certificate. Hope that helps. > > Thank you! > > Alberto > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] can puppet agent use 2 independent puppet master ?
On 27 April 2013 18:32, Alex Leonhardt wrote: > Hi all, > > I havent seen a similar post, so thought I'd ask - > There have actually been quite a few people asking this very thing. Is it possible to make a puppet agent use 2 different puppet masters ? E.g. > I want to use 1 master to do basic configuration changes, etc. and a 2nd > master to do other more application specific changes - the idea is to keep > the system changes fully separated from the application changes that would > be applied. > Why do you need to do this? The general consensus on using two different puppet masters for a node is that it's a very bad idea. Doing what you describe about is very easy with one puppet master. I manage a very wide range of services and applications all on one master. I use a bunch of different modules each managing one service. > > Any clues / hints / links ? > > Thanks! > Alex > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] using a "test" within an if in a manifest
Hi,
No, not directly. Compilation takes place on the master and so that is where
these tests would run.
What you need is a fact or use an exec. The fact will tell the master what the
client has; an exec will run on the client where the test will execute.
Cheers,
Den
On 26/04/2013, at 3:50, Kubes wrote:
> Does puppet have a similar syntax in a manifest?
>
> if [ -f /somefile ] {
> ...
> }
>
> Looking to test for -d -p -b, etc
>
> I know that exec has this feature, but am looking to conditionally mount. I
> have thought of other use cases too.
>
> Thanks!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] removing hosts from puppet-monitor (example42)
Hi, I'm using the Example42 modules with the built-in monitoring capabilities. How do I remove a host? I deleted a host which was managed with the Example42 monitoring enabled. Since I removed the host (i.e. switchced it off), I get warnings that it is not available from my Icinga installation. I already tried manually deleting the host's config files on the icinga host, but they get restored on each puppet run. How can I tell the puppet-monitor module that the host doesn't exist any more? Cheers, -- -- Andreas. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet master on the internet
We're about to run a bunch (< 50) machines scattered around a (physical) town and using a machine with a public IP to recover logs and report. We can not change this setting: it's a kind of experiment and it will last few weeks. Have anyone experience about safety issues trying to run a puppet master on a machine using a public IP? For the log-report part we use ssh to connect to the server and the idea is to use puppet agent to perform maintenance and tuning. Thank you! Alberto -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Learning puppet: how to use a module?
Hi, I'm currently learning puppet but I have come across something which I can't figure out from the docs. I have a rails app, which needs a few Ubuntu packages installed to work. Some of those come from a PPA, which is a non-standard repository, which needs to be added to the list of repos. I would like to automate this step, too. I have just one node where puppet needs to run, so I just have one file which I execute with `puppet apply`. I'm not using a puppetmaster. The pp file can be viewed here: https://github.com/lenniboy/jcheld/blob/master/puppet/jcheld.pp I have installed the puppetlabs-apt module and I can see that that was successful like this: $ puppet module list /home/lenni/.puppet/modules ├── puppetlabs-apt (v1.1.0) └── puppetlabs-stdlib (v4.0.2) Now, when I run puppet I get the following error: $ sudo puppet apply puppet/jcheld.pp Error: Could not find class apt for ip-10-59-51-209.eu-west-1.compute.internal on node ip-10-59-51-209.eu-west-1.compute.internal Error: Could not find class apt for ip-10-59-51-209.eu-west-1.compute.internal on node ip-10-59-51-209.eu-west-1.compute.internal I think it is likely that I'm not understanding something fundamentally about how modules are supposed to be used. Could someone help me out? Thanks Leonard -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
