[Puppet Users] Unable to start heartbeat service

[Rahul Khengare]

Hi,
   I have two machine named puppetserver and db01 with CentOS-6.2(64-bit). 

   On db01: I am configuring pacemaker and heartbeat using puppet manifests 
present on puppetserver. I am also automating the network settings using 
puppet,
here i am adding the GATEWAY in "*/etc/sysconfig/network*" file using 
puppet manifests.

After deploying the respective manifests pacemaker and heartbeat working 
fine. 
*But, after rebooting the machine, heartbeat service is unable to start (on 
db01).*

*Discription of error log:*
 
May 08 11:52:27 db01 heartbeat: [3423]: info: respawn directive: root 
/usr/lib64/heartbeat/ifcheckd
May 08 11:52:27 db01 heartbeat: [3423]: info: AUTH: i=1: key = 0x15b89b0, 
auth=0x7f5c36e15db0, authname=sha1
May 08 11:52:27 db01 heartbeat: [3423]: ERROR: Current node [db01] not in 
configuration!
May 08 11:52:27 db01 heartbeat: [3423]: info: By default, cluster nodes are 
named by `uname -n` and must be declared with a 'node' directive in the 
ha.cf file.
May 08 11:52:27 db01 heartbeat: [3423]: info: See also: 
http://linux-ha.org/wiki/Ha.cf#node_directive
May 08 11:52:27 db01 heartbeat: [3423]: WARN: Logging daemon is disabled 
--enabling logging daemon is recommended
May 08 11:52:27 db01 heartbeat: [3423]: ERROR: Configuration error, 
heartbeat not started.

If i add the GATEWAY parameter in the "/etc/sysconfig/network" file *
manually*  then it works fine even after rebooting.

*Queries:*
*--*
1. If i change the '/etc/sysconfig/network' file using puppet manifests the 
heartbeat service not start.
   Is there any problem if i change "*/etc/sysconfig/network*" file using 
puppet manifests.

2. Somebody faced similar or any other problem on editing or transferring '*
/etc/sysconfig/network*' file using puppet manifests.

Any pointers or help!!!

Thanks and Regards,
Rahul Khengare

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] facter's zpool_version errors using zfsonlinux

[Trey Dockendorf]

On May 7, 2013 4:48 AM, "Marc Fournier" 
wrote:
>
> Excerpts from treydock's message of 2013-05-06 20:04:16 +0200:
> > Has anyone run into an issue with zfsonlinux >= 0.6.1 failing to work
with
> > the Facter zpool_version fact?  I get the following error "Could not
> > retrieve zfs_version: undefined method `captures' for nil:NilClass"
which a
> > bug report [1] indicates was fixed.  I'm curious if it's a real issue.
 I
> > have a code change to contribute that has a seperate means of checking
> > zpool_version using "confine :kernel => "Linux"".  Should this be a new
bug
> > or attached to the other recent bug [1] ?
> >
> > Ran into with puppet-3.1.1 and facter-1.7.0
>
> Could you please open a new bug, and join the output of "zpool upgrade -v"
> and "zfs upgrade -v" on your system with zfsonlinux ?
>

Done, http://projects.puppetlabs.com/issues/20617


> > I believe the underlying problem is that the "zpool upgrade -v" in
> > zfsonlinux does not output the version number anymore.  Using a basic
> > "dmesg | grep 'ZFS:'" with the same "captures" line seems to work.  I
> > uploaded my module [2] with the proposed facter fact addition if someone
> > would like to confirm this.  I have only confirmed in vagrant tests,
> > haven't pushed to my Puppet master yet, but I saw the symptoms on my
live
> > systems.
>
> Basing facts on "dmesg | grep" seems quite fragile to me, as the messages
> will eventually get rotated away of the output of dmesg.
>
> Do you know if there are any other ways to get the zpool version, when
> using zfsonlinux ?

I couldn't find anything in /proc that had the zpool version, but did find
that the same parsing used to get the zfs_version fact works for
zpool_version.  However it may be a misleading fact because zfsonlinux
hardcodes zpool version to be 5000.

I can do a pull request for the changes to zpool_version.rb, but am unsure
if it's best to do a 'confine :kernel => "Linux"' to do the zpool upgrade
-v scan, or to modify the existing fact to use the same parsing method as
zfs_version.rb.


Thanks

- Trey

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[Angel Angelov]

Hi all,

I am seeing the same error recently and here's the output after the last 
modification:

facter --debug --trace virtual
about to execute /bin/uname -s
Could not retrieve virtual: Invalid argument - 
/sys/firmware/dmi/entries/1-0/raw
about to execute /sbin/virt-what 2>/dev/null
value for lsbdistid is still nil
about to execute /bin/uname -m
about to execute /sbin/lspci 2>/dev/null
physical

facter --debug --timing virtual
about to execute /bin/uname -s
kernel: 2.50ms
Could not retrieve virtual: Invalid argument - 
/sys/firmware/dmi/entries/1-0/raw
about to execute /sbin/virt-what 2>/dev/null
virtual: 32.02ms
lsbdistid: 0.23ms
value for lsbdistid is still nil
operatingsystem: 0.85ms
about to execute /bin/uname -m
hardwaremodel: 2.33ms
architecture: 5.50ms
about to execute /sbin/lspci 2>/dev/null
virtual: 25.62ms
physical

Hopefully this helps 'cause I can't figure it out.

Thank you for your help.


On Wednesday, May 8, 2013 12:14:25 AM UTC+3, Stefan Schulte wrote:
>
> On Tue, 7 May 2013 13:00:53 -0700 (PDT) 
> Charlie Brune > wrote: 
>
> > [root@hogwarts ~]# facter --debug --timing virtual 
> > kernel: 2.97ms 
> > Could not retrieve virtual: Invalid argument - 
> > /sys/firmware/dmi/entries/1-0/raw 
> > virtual: 50.26ms 
> > lsbdistid: 0.53ms 
> > value for lsbdistid is still nil 
> > operatingsystem: 2.00ms 
> > hardwaremodel: 3.36ms 
> > architecture: 10.61ms 
> > virtual: 34.97ms 
> > physical 
> > 
> > 
> > Charlie 
> > 
>
> Still not sure what is going on here. I guess the "Invalid argument" 
> is the output of an external command that is failing. So if you 
> could make the following modification in `util/resolution.rb` (the 
> exact path may be different on your machine, on mine it 
> is 
> `/usr/lib/ruby/gems/1.9.1/gems/facter-1.7.0/lib/facter/util/resolution.rb`) 
>
>
> goto line 171 and change 
>
>   
> begin 
>   out = %x{#{code}}.chomp 
>   [...] 
>
> to 
>
> begin 
>   Facter.debug "about to execute #{code}" 
>   out = %x{#{code}}.chomp 
>   [...] 
>
> if you now run `facter --debug virtual` you should see the exact 
> external commands facter is executing. This migh be helpful when 
> finding the root cause of your problem here. 
>
> -Stefan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet Dashboard's ENC returning wrong hostname/parameters

[Greg Batye]

Hey everyone, 


 I have an issue with puppet dashboard that I can find a solution to. 


 My server naming convention contains leading numbers at the beginning of 
the hostname. For example, 009example.com. Whenever I run 
“/usr/share/puppet-dashboard/external_node 009example.com” another host's 
parameters/classes are returned. I tracked the issue down to the enc 
returning the hostname with id 9 in the database. This happens no matter 
which number I use. 


 Has anyone had this issue and is there a way to have puppet dashboard 
search the database for name rather then id? 


 --Greg

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[Angel Angelov]

I just want to provide some more information on this one. Recently it 
started to show the following output when doing puppet runs:
puppet agent --test
/usr/share/rubygems/rubygems/custom_require.rb:36:in `require': iconv will 
be deprecated in the future, use String#encode instead.
notice: Ignoring --listen on onetime run
info: Retrieving plugin
info: Loading facts in /var/lib/puppet/lib/facter/libvirt_uuid.rb
*Could not retrieve virtual: Invalid argument - 
/sys/firmware/dmi/entries/1-0/raw*
*connect: No such file or directory*
*Please make sure that the zfs-fuse daemon is running.*
*internal error: failed to initialize ZFS library*
*connect: No such file or directory*
*Please make sure that the zfs-fuse daemon is running.*
*internal error: failed to initialize ZFS library*
/usr/share/ruby/vendor_ruby/puppet/provider/service/bsd.rb:12: warning: 
class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:8: warning: 
class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:9: warning: 
class variable access from toplevel
/usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:10: warning: 
class variable access from toplevel
info: Caching catalog for host26.lvs.cloudsigma.com
info: Applying configuration version '1368002053'
notice: Finished catalog run in 3.09 seconds

The strange thing is that I am installing fedora with kickstart using 
foreman and puppet and no ZFS. The repo has been "frozen" awhile ago and 
there aren't new packages there.

Here's the version output if needed.
On the agent:
puppet --version
/usr/share/rubygems/rubygems/custom_require.rb:36:in `require': iconv will 
be deprecated in the future, use String#encode instead.
2.7.20
facter --version
1.7.0

On the master:
puppet --version
2.7.20
puppetmasterd --version
2.7.20
facter -v
1.7.0

Thanks for any help.

- Angel


On Wednesday, May 8, 2013 11:35:00 AM UTC+3, Angel Angelov wrote:
>
> Hi all,
>
> I am seeing the same error recently and here's the output after the last 
> modification:
>
> facter --debug --trace virtual
> about to execute /bin/uname -s
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> about to execute /sbin/virt-what 2>/dev/null
> value for lsbdistid is still nil
> about to execute /bin/uname -m
> about to execute /sbin/lspci 2>/dev/null
> physical
>
> facter --debug --timing virtual
> about to execute /bin/uname -s
> kernel: 2.50ms
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> about to execute /sbin/virt-what 2>/dev/null
> virtual: 32.02ms
> lsbdistid: 0.23ms
> value for lsbdistid is still nil
> operatingsystem: 0.85ms
> about to execute /bin/uname -m
> hardwaremodel: 2.33ms
> architecture: 5.50ms
> about to execute /sbin/lspci 2>/dev/null
> virtual: 25.62ms
> physical
>
> Hopefully this helps 'cause I can't figure it out.
>
> Thank you for your help.
>
>
> On Wednesday, May 8, 2013 12:14:25 AM UTC+3, Stefan Schulte wrote:
>>
>> On Tue, 7 May 2013 13:00:53 -0700 (PDT) 
>> Charlie Brune  wrote: 
>>
>> > [root@hogwarts ~]# facter --debug --timing virtual 
>> > kernel: 2.97ms 
>> > Could not retrieve virtual: Invalid argument - 
>> > /sys/firmware/dmi/entries/1-0/raw 
>> > virtual: 50.26ms 
>> > lsbdistid: 0.53ms 
>> > value for lsbdistid is still nil 
>> > operatingsystem: 2.00ms 
>> > hardwaremodel: 3.36ms 
>> > architecture: 10.61ms 
>> > virtual: 34.97ms 
>> > physical 
>> > 
>> > 
>> > Charlie 
>> > 
>>
>> Still not sure what is going on here. I guess the "Invalid argument" 
>> is the output of an external command that is failing. So if you 
>> could make the following modification in `util/resolution.rb` (the 
>> exact path may be different on your machine, on mine it 
>> is 
>> `/usr/lib/ruby/gems/1.9.1/gems/facter-1.7.0/lib/facter/util/resolution.rb`) 
>>
>>
>> goto line 171 and change 
>>
>>   
>> begin 
>>   out = %x{#{code}}.chomp 
>>   [...] 
>>
>> to 
>>
>> begin 
>>   Facter.debug "about to execute #{code}" 
>>   out = %x{#{code}}.chomp 
>>   [...] 
>>
>> if you now run `facter --debug virtual` you should see the exact 
>> external commands facter is executing. This migh be helpful when 
>> finding the root cause of your problem here. 
>>
>> -Stefan 
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Modules doesn't work from puppet agent.

[Fco CM]

OK, thanks for your response, it is already fixed.

El martes, 7 de mayo de 2013 11:04:24 UTC+2, Fco CM escribió:
>
> Hi all,
>
> I think i'm forgetting something.
>
> If i do: "puppet apply manifiests/site.pp" it works perfectly, loading 
> modules i have include in site.pp file.
>
> site.pp:
>
> cat manifiests/site.pp
> node default {
>   include ntp, motd
> }
>
> But it does not work if i run puppet agent.
>
> puppet agent --test --server=debianita.user.arinso --environment production
> Info: Retrieving plugin
> Info: Caching catalog for debianita.user.arinso
> Info: Applying configuration version '1367916628'
> Notice: Finished catalog run in 0.02 seconds
>
> It is in the same host. 
>
> pwd
> /etc/puppet/environment/production
>
> cat /etc/puppet/puppet.conf
> [main]
> logdir=/var/log/puppet
> vardir=/var/lib/puppet
> ssldir=/var/lib/puppet/ssl
> rundir=/var/run/puppet
> factpath=$vardir/lib/facter
> templatedir=$confdir/templates
> server=Debianita.user.arinso
> modulepath = $confdir/environment/$environment/modules
> manifest = $confdir/environments/$environment/manifests/site.pp
>
> cat /etc/hosts
> xx.xx.xx.xx Debianita.user.arinso Debianita localhost
>
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Problem with hiera config

[Fco CM]

Hi all,

I'm trying to work with hiera database in puppet and i'm having problems 
using %{variables} because they don't get the values and i don't know why.

file hiera.yaml:

 cat hiera.yaml
---
:backends: - yaml
   - puppet
:hierarchy:- nodes/%{domain}/%{hostname}
- os/%{operatingsystem}/%{operatingsystemrelease}
- %{environment}
- role/role_%{role}
- zone/zone_%{zone}
- location/location_%{location}
- country/country_%{country}
- common
:yaml:
:datadir: /etc/puppet/environments/%{environment}/hieradb
:puppet:
:datasource: data



Take a look:

hiera -c hiera.yaml role -d
DEBUG: Wed May 08 11:12:37 +0200 2013: Hiera YAML backend starting
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking up role in YAML backend
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source role/role_
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/role/role_.yaml, skipping
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source zone/zone_
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/zone/zone_.yaml, skipping
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source 
location/location_
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/location/location_.yaml, skipping
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source 
country/country_
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/country/country_.yaml, skipping
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source common
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/common.yaml, skipping
DEBUG: Wed May 08 11:12:37 +0200 2013: Hiera Puppet backend starting
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking up role in Puppet backend
/usr/lib/ruby/vendor_ruby/hiera/backend/puppet_backend.rb:51:in `lookup': 
uninitialized constant Hiera::Backend::Puppet_backend::Puppet (NameError)
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:182:in `lookup'
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:179:in `each'
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:179:in `lookup'
from /usr/lib/ruby/vendor_ruby/hiera.rb:64:in `lookup'
from /usr/bin/hiera:220

For some reason variables doesn't get the value.

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Files from agent to agent => SSL_CA

[udo waechter]

Hello all,

I am scratching my head currently on a problem. I believe this is not even 
supposed to work in puppet. But anyway, asking is never wrong.

Here is what I would like to implement: A 'SSL Certificate authority' 
Much like puppet's ca, but for some reason (please don't ask), I can not 
use puppetca.

I am using the puppetlabs/openssl module, to create certificates and such.

Now, here's the workflow:

nodeA - the CA.
nodeB,C,... - clients

So, at setup time, nodeA does not have anything. Thus I create the 
ca-certs. private and public. The public Cert needs to be exported to all 
client(s). These will then create their csr, send it to the CA. This will 
sign it and send the signed cert back to the client.

The trouble here is now:
* Certificates, CSRs and all that are all created via Exec or X509_cert 
resources.
* These can not be exeported to other nodes via storeconfigs.
* Using @@file{"path-to-CSR-OR-CERT": ... } does not work either. If I do 
not use the "content=> ..." parameter, the collected file will be empty.

I am now thinking about these possible solutions:
* NFS shared directories, git repositories for CERTs. For some reasons, 
these obvious solutions are not possible :(
* filebucket: I can store CSRs and all CERTs in a remote file-bucket and 
retrieve them on another client. Problem: I  need the file's checksum :(
I was thinking of writing a type which is based on filebucket, but can 
retrieve a file by its path w/o checksum. This would then retrieve the most 
recent version of that file from the bucket.
* puppetdb? I need to explore this one further. I am not really sure about 
what puppetdb can do. It does more than the old 'storeconfig' 
functionality. I have the feeling that this could potentially help my 
endeavour
* mcollective? - I never really used this tool, but am somewhat confident 
that this could solve the problem. given enough time ;)

Anyway, it would be great to hear of some solution to this problem. Are 
there any which I might have missed?
I like the filebucket idea. Its simple and would solve the problem at hand 
easily. If I can somehow make the checksum of my files available to all 
nodes, this would be the solution.

Thanks for your thoughts,
udo.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: proxy required

[Francesco]

Excuse for my question
I ve installed module and incuded it in file site pp.
But nothin happen
Where can i check llog files in puppet?
Tahnk you very much again
Here you are site .pp
node 'rlltas05a
#include screen
#include run
include epel



On Wednesday, May 8, 2013 12:39:53 AM UTC+2, Francesco wrote:
>
> Hy I m new to puppet.
> I 'd like to install epel.repo on a my node and this is the module that I 
> ve created
>
> class epel   {
>
>   package { 'epel':
>  provider => 'rpm',
>  ensure => installed,
>  source => '
> http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'
>  }
> }
>
> Now my connection on node when I try to apply configuration is the 
> following
> info: Applying configuration version '1367962540'
> err: /Stage[main]/Epel/Package[epel]/ensure: change from absent to present 
> failed: Execution of '/bin/rpm -i --oldpackage 
> http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm' 
> returned 1: curl: (7) couldn't connect to host
> error: skipping 
> http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm- 
> transfer failed
>
> If I set a proxy on my linux server it give me error 407 (require 
> authentication)
> How can i setup a proxy in my /etc/puppet/modules/epel/init,pp
> I read of a params.pp , but I cannot understand how to configure it
>
>
> this is my site.pp
> node rllbck02{
> include epel
>
>
> thank you very much and good night
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Node definition from file (heterogeneous hostnames)

[Robin Jonsson]

Hi, 

We would like to specify nodes in site.pp from a file. Is this possible? We 
have a script that should only be run by x nodes which can be different 
from time to time. 

Any suggestions?

Thanks in advance

Regard,
Robin Jonsson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] How to indicate multiple dependency?

[Bret Wortman]

What's the right/best way to indicate that a particular entry in a manifest 
(a file in this case) depends on successful installation of over 30 
packages, all indicated in the same manifest? I could do this, but it seems 
cumbersome:

package { 'pkg1': }
Package['pkg1'] -> File['file1']

package { 'pkg2': }
Package['pkg2'] -> File['file2']
:
:
file { 'file2':
path => '/path/to/file2',
:
}

There must be a better way that I'm just not seeing. Thanks!


Bret Wortman

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Trouble writing authorized_keys2

[Bret Wortman]

I ended up deleting the whole .ssh directory for these users and that 
resolved the problem. It's also worked well on new systems now, so I think 
I'm out of the woods. Thanks for the pointers!

On Tuesday, May 7, 2013 2:09:40 PM UTC-4, Stefan Schulte wrote:
>
> On Tue, 7 May 2013 10:11:44 -0400 
> Bret Wortman > wrote: 
>
> > I've got a situation where a manifest fails when writing one 
> > particular key for a user. What I have is a manifest that looks like 
> > this: 
> > 
> > class my::accounts () { 
> > 
> > Ssh_authorized_key { 
> > ensure => present, 
> > type => ssh-dss, 
> > } 
> > 
> > Then, after making sure the user, group, and authorized_keys2 file 
> > exist: 
> > 
> > ssh_authorized_key { "key-name-1": 
> > key => "omitted", 
> > user => "user", 
> > target => "/home/user/.ssh/authorized_keys2", 
> > require => File["/home/user/.ssh/authorized_keys2"], 
> > } 
> > 
> > There's a lengthy series of these -- most of them work, but one will 
> > fail with this error: 
> > 
> > Error: Puppet::Util::FileType::FileTypeFlat could not write 
> > /home/user/.ssh/authorized_keys2: Permission denied - 
> > /home/user/.ssh/authorized_keys2 
> > Error: /Stage[main]/My::Accounts/Ssh_authorized_key[key-name-8]: 
> > Could not evaluate: Puppet::Util::FileType::FileTypeFlat could nto 
> > write /home/xmmgr/.ssh/authorized_keys2: Permission denied - 
> > /home/user/.ssh/authorized_keys2 
> > 
> > This is not the first nor the last key, and I get around 19 entries 
> > in the file, so I'm not seeing why this one in particular is failing. 
> > Structurally, it looks exactly like all the others. Any ideas? 
> > 
> > Thanks! 
> > 
>
> Do you also see notice messages about changing targets? If a ssh key is 
> already present in targetA and you specifiy targetB in your manifest, 
> puppet will try to migrate the key from targetA to targetB. As a result 
> puppet has to rewrite both targetA (remove the key) and targetB (add 
> the key) and there is a know bug where puppet tries to write the files 
> with the wrong user context (hence the Permission denied messages). 
>
> So if you see "target change" events, you'll probably hit 
> http://projects.puppetlabs.com/issues/10850#note-12 
>
> -Stefan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Problem with hiera config

[Dan White]

That's because you have to include variables on the command line when you use 
hiera this way

http://docs.puppetlabs.com/hiera/1/command_line.html


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message - 
From: "Fco CM"  
To: puppet-users@googlegroups.com 
Sent: Wednesday, May 8, 2013 5:19:50 AM 
Subject: [Puppet Users] Problem with hiera config 

Hi all, 

I'm trying to work with hiera database in puppet and i'm having problems using 
%{variables} because they don't get the values and i don't know why. 

file hiera.yaml: 

cat hiera.yaml 
--- 
:backends: - yaml 
- puppet 
:hierarchy:- nodes/%{domain}/%{hostname} 
- os/%{operatingsystem}/%{operatingsystemrelease} 
- %{environment} 
- role/role_%{role} 
- zone/zone_%{zone} 
- location/location_%{location} 
- country/country_%{country} 
- common 
:yaml: 
:datadir: /etc/puppet/environments/%{environment}/hieradb 
:puppet: 
:datasource: data 



Take a look: 

hiera -c hiera.yaml role -d 
DEBUG: Wed May 08 11:12:37 +0200 2013: Hiera YAML backend starting 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking up role in YAML backend 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source role/role_ 
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/role/role_.yaml, skipping 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source zone/zone_ 
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/zone/zone_.yaml, skipping 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source 
location/location_ 
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/location/location_.yaml, skipping 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source country/country_ 
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/country/country_.yaml, skipping 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking for data source common 
DEBUG: Wed May 08 11:12:37 +0200 2013: Cannot find datafile 
/etc/puppet/environments//hieradb/common.yaml, skipping 
DEBUG: Wed May 08 11:12:37 +0200 2013: Hiera Puppet backend starting 
DEBUG: Wed May 08 11:12:37 +0200 2013: Looking up role in Puppet backend 
/usr/lib/ruby/vendor_ruby/hiera/backend/puppet_backend.rb:51:in `lookup': 
uninitialized constant Hiera::Backend::Puppet_backend::Puppet (NameError) 
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:182:in `lookup' 
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:179:in `each' 
from /usr/lib/ruby/vendor_ruby/hiera/backend.rb:179:in `lookup' 
from /usr/lib/ruby/vendor_ruby/hiera.rb:64:in `lookup' 
from /usr/bin/hiera:220 

For some reason variables doesn't get the value. 

Regards 



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com. 
To post to this group, send email to puppet-users@googlegroups.com. 
Visit this group at http://groups.google.com/group/puppet-users?hl=en . 
For more options, visit https://groups.google.com/groups/opt_out . 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Announce: PuppetDB 1.3.0 Available

[Erik Dalén]

On Tuesday 7 May 2013 at 01:44, Chris Price wrote:
> * Report queries
>  
> The query endpoint `experimental/event` has been augmented to support a  
> much more interesting set of queries against report data. You can now query
> for events by status (e.g. `success`, `failed`, `noop`), timestamp ranges,
> resource types/titles/property name, etc. This should make the report
> storage feature of PuppetDB *much* more valuable!

Very nice news.  

But is this planned to get some further extensions? Some queries I would like 
to make still seem quite hard (at least to do in a single query).

For example finding all nodes that failed their last puppet run seems like it 
would need one node query and then a event query for each one.

Will there be better support for subqueries across reports, events and the 
other endpoints? That would make some types of queries easier. For example you 
could make a single query to get the puppet version of all nodes that failed 
any resource within the last 30 mins.

Any suggestions for nifty syntax for puppetdbquery to query stuff like that? :)

--  
Erik Dalén


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] freebsd clients failing to connect to new master with ssl errors

[Jonathan Proulx]

But I'm game, short of regenerating the new master's certificate & trying
the clients again anything to look at to test that theory?

Time is frequently a good place to look in crypto errors, but we rely on
Kerberos for just about everything which is also very time sensitive so
we're pretty scrupulous about time to the point of running our own stratum
1 CDMA time server.  Now that's not to say things never go wrong there, but
when they do it's usually pretty obvious.  I hadn't had my monitoring setup
on the new master when I generated the cert so I can't be 100% sure I can
see that the CA's worst offset in the past week was 1.68ms, while testing
yesterday afternoon the new master never got more than 1ms out.

The real kicker is that the FreeBSD clients could connect when calling the
server by it's primary DNS name but not by the shared service name, seems
if time were at issue that would not work either.

One thing that does jump out is the FreeBSD clients are using Ruby1.9 while
the Linux Clients and servers are on 1.8

Also the new master is using openssl 1.0.1 the older masters are using
0.9.8o and the FreeBSD Clients 0.9.8.y, though Linux clients use 0.9.8o and
1.0.1 so don't *think* that's it.

Thanks,
-Jon




On Tue, May 7, 2013 at 5:45 PM, Nathan Valentine wrote:

> This smells like a problem related to incorrect system clock when the cert
> was generated for the new master.?.
>
> --
> ---
> Nathan Valentine - nat...@puppetlabs.com
> Puppet Labs Professional Services
> GV: 415.504.2173
> Skype: nrvale0
>
> Join us at PuppetConf 2013, August 22-23 in San Francisco -
> http://bit.ly/pupconf13
> Register now and take advantage of the Early Bird discount - save 25%!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: How to indicate multiple dependency?

[jcbollinger]

On Wednesday, May 8, 2013 5:52:44 AM UTC-5, Bret Wortman wrote:
>
> What's the right/best way to indicate that a particular entry in a 
> manifest (a file in this case) depends on successful installation of over 
> 30 packages, all indicated in the same manifest? 



What is the significance to you of the packages being in the same 
manifest?  To Puppet, it matters very little.  Do you mean they are in the 
same class?  Or could they be made to be?

 

> I could do this, but it seems cumbersome:
>
> package { 'pkg1': }
> Package['pkg1'] -> File['file1']
>
> package { 'pkg2': }
> Package['pkg2'] -> File['file2']
> :
> :
> file { 'file2':
> path => '/path/to/file2',
> :
> }
>
>

You've confused me a bit there.  Your question suggests that you want a 
single file depending on all the packages, but the example looks like you 
may mean multiple files, each depending on one package.  Or maybe not.  I 
am proceeding based on the question rather than on the ambiguous example.

 

> There must be a better way that I'm just not seeing. Thanks!
>
>
There is a variety of ways.  If the packages are all in the same class, and 
File['file2'] is in a different one, then you can declare the file this way:

file { '/path/to/file2':
  require => Class['mymodule::manypackages']
}

Alternatively, you can use tags to recognize the packages in question, and 
write the relationship like this:

Package<| tag == '' |> -> File['/path/to/file2']

Tag 'some-tag' could be explicitly declared on the Packages, or under some 
circumstances it would work to just use the class name (which is 
automatically included in resources' tags).  With explicitly declared tags, 
this can work even when the packages are in different classes or even not 
in classes at all.

Or you can perhaps use resource defaults for this.  That's more brittle and 
more susceptible to unintended relationships, but it's easy to set up.  To 
do that, put this at the top of the body of the class(es) that declare the 
packages:

include 

Package {
  before => File['/path/to/file2']
}

There are other alternatives, too.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Node definition from file (heterogeneous hostnames)

[jcbollinger]

On Wednesday, May 8, 2013 5:36:16 AM UTC-5, Robin Jonsson wrote:
>
> Hi, 
>
> We would like to specify nodes in site.pp from a file. Is this possible? 
> We have a script that should only be run by x nodes which can be different 
> from time to time. 
>
> Any suggestions?
>
>

I don't think I understand the question.  I mean, you can use 'import' 
statements in site.pp to bring in node declarations that are physically 
located in other files (and that's a common practice), but I don't see how 
that helps you solve your problem more than just putting the node 
declarations directly in site.pp would do.

You can also use an external node classifier instead of (or in addition to) 
node blocks to tell Puppet what classes to apply to your nodes.  As a 
special case, you can make hiera function as an ENC, so that the data about 
what classes to apply are obtained from a YAML file on the master.  Again, 
I'm not sure whether that actually addresses your problem.

The whole idea of driving this with Puppet seems a bit dubious, however.  
Puppet can do it, but it's not the sort of thing Puppet is designed for, at 
least as you're casting the problem.  Specifically, Puppet is fundamentally 
a state management service, not a script runner.  That it can run scripts 
for you is a component of its state management capabilities, but that 
should not be your focus.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Node definition from file (heterogeneous hostnames)

[Robin Jonsson]

Thank you for your reply.

First of, we are kinda aware of that we are not using Puppet as it should 
be used with the "state management service". But Puppet seemed to be the a 
great piece of software with great capabilities.

To our problem. Lets say our site.pp looks like this:

#Site.pp

import "nodes_script"
import "monitor_script"
import "run_script"

node /^linuxnod\d+$/ {
   include nodes_script
}

node 'monitor.rosi.local' {
   include monitor_script
}

All works well with our modules. But we would now like to add the module 
"run_script" to some nodes that can't be "regex:ed". The nodes are present 
in a file named "hosts". Can I in some way include these nodes to the "node 
'' { include run_script }" in site.pp? So that the run_script is for 
those nodes presented in "hosts". If not, any suggestion on how we 
can achieve it?

Thanks in advance
 
Den onsdagen den 8:e maj 2013 kl. 15:24:47 UTC+2 skrev jcbollinger:
>
>
> I don't think I understand the question.  I mean, you can use 'import' 
> statements in site.pp to bring in node declarations that are physically 
> located in other files (and that's a common practice), but I don't see how 
> that helps you solve your problem more than just putting the node 
> declarations directly in site.pp would do.
>
> You can also use an external node classifier instead of (or in addition 
> to) node blocks to tell Puppet what classes to apply to your nodes.  As a 
> special case, you can make hiera function as an ENC, so that the data about 
> what classes to apply are obtained from a YAML file on the master.  Again, 
> I'm not sure whether that actually addresses your problem.
>
> The whole idea of driving this with Puppet seems a bit dubious, however.  
> Puppet can do it, but it's not the sort of thing Puppet is designed for, at 
> least as you're casting the problem.  Specifically, Puppet is fundamentally 
> a state management service, not a script runner.  That it can run scripts 
> for you is a component of its state management capabilities, but that 
> should not be your focus.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: How to indicate multiple dependency?

[Bret Wortman]

On Wednesday, May 8, 2013 9:09:34 AM UTC-4, jcbollinger wrote:
>
>
>
> On Wednesday, May 8, 2013 5:52:44 AM UTC-5, Bret Wortman wrote:
>>
>> What's the right/best way to indicate that a particular entry in a 
>> manifest (a file in this case) depends on successful installation of over 
>> 30 packages, all indicated in the same manifest? 
>
>
>
> What is the significance to you of the packages being in the same 
> manifest?  To Puppet, it matters very little.  Do you mean they are in the 
> same class?  Or could they be made to be?
>

They are in the same class, actually. I wasn't clear enough -- wrote this 
before my coffee kicked in.
 

>
>  
>
>> I could do this, but it seems cumbersome:
>>
>> package { 'pkg1': }
>> Package['pkg1'] -> File['file1']
>>
>> package { 'pkg2': }
>> Package['pkg2'] -> File['file2']
>> :
>> :
>> file { 'file2':
>> path => '/path/to/file2',
>> :
>> }
>>
>>
>
> You've confused me a bit there.  Your question suggests that you want a 
> single file depending on all the packages, but the example looks like you 
> may mean multiple files, each depending on one package.  Or maybe not.  I 
> am proceeding based on the question rather than on the ambiguous example.
>

Blaming coffee again. The "file2" is a typo. All the right-hand sides 
should read ' -> File["file1"]'.
 

>
>  
>
>> There must be a better way that I'm just not seeing. Thanks!
>>
>>
> There is a variety of ways.  If the packages are all in the same class, 
> and File['file2'] is in a different one, then you can declare the file this 
> way:
>
> file { '/path/to/file2':
>   require => Class['mymodule::manypackages']
> }
>
> Alternatively, you can use tags to recognize the packages in question, and 
> write the relationship like this:
>
> Package<| tag == '' |> -> File['/path/to/file2']
>
> Tag 'some-tag' could be explicitly declared on the Packages, or under some 
> circumstances it would work to just use the class name (which is 
> automatically included in resources' tags).  With explicitly declared tags, 
> this can work even when the packages are in different classes or even not 
> in classes at all.
>
> Or you can perhaps use resource defaults for this.  That's more brittle 
> and more susceptible to unintended relationships, but it's easy to set up.  
> To do that, put this at the top of the body of the class(es) that declare 
> the packages:
>
> include 
>
> Package {
>   before => File['/path/to/file2']
> }
>
> There are other alternatives, too.
>

Okay, so if the class actually looks like this, say:

class blacklisted () {

Package {
ensure => absent,
tag => "blacklisted",
}

package { 'pkg1': }
package { 'pkg2': }
package { 'pkg3': }
:
package { 'pkg30': }

file { '/path/to/file1':
ensure => present,
}

Package<| tag == 'blacklisted' |> -> File['/path/to/file1']

}

Should do it, right? I've never done anything with tags before, but this 
may cause me to rework a few modules I've written
 

>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[jcbollinger]

On Wednesday, May 8, 2013 3:50:46 AM UTC-5, Angel Angelov wrote:
>
> I just want to provide some more information on this one. Recently it 
> started to show the following output when doing puppet runs:
> puppet agent --test
> /usr/share/rubygems/rubygems/custom_require.rb:36:in `require': iconv will 
> be deprecated in the future, use String#encode instead.
> notice: Ignoring --listen on onetime run
> info: Retrieving plugin
> info: Loading facts in /var/lib/puppet/lib/facter/libvirt_uuid.rb
> *Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw*
> *connect: No such file or directory*
> *Please make sure that the zfs-fuse daemon is running.*
> *internal error: failed to initialize ZFS library*
> *connect: No such file or directory*
> *Please make sure that the zfs-fuse daemon is running.*
> *internal error: failed to initialize ZFS library*
> /usr/share/ruby/vendor_ruby/puppet/provider/service/bsd.rb:12: warning: 
> class variable access from toplevel
> /usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:8: warning: 
> class variable access from toplevel
> /usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:9: warning: 
> class variable access from toplevel
> /usr/share/ruby/vendor_ruby/puppet/provider/service/freebsd.rb:10: 
> warning: class variable access from toplevel
> info: Caching catalog for host26.lvs.cloudsigma.com
> info: Applying configuration version '1368002053'
> notice: Finished catalog run in 3.09 seconds
>
> The strange thing is that I am installing fedora with kickstart using 
> foreman and puppet and no ZFS. The repo has been "frozen" awhile ago and 
> there aren't new packages there.
>
> Here's the version output if needed.
> On the agent:
> puppet --version
> /usr/share/rubygems/rubygems/custom_require.rb:36:in `require': iconv will 
> be deprecated in the future, use String#encode instead.
> 2.7.20
> facter --version
> 1.7.0
>
> On the master:
> puppet --version
> 2.7.20
> puppetmasterd --version
> 2.7.20
> facter -v
> 1.7.0
>
> Thanks for any help.
>
> - Angel
>
>
> On Wednesday, May 8, 2013 11:35:00 AM UTC+3, Angel Angelov wrote:
>>
>> Hi all,
>>
>> I am seeing the same error recently and here's the output after the last 
>> modification:
>>
>> facter --debug --trace virtual
>> about to execute /bin/uname -s
>> Could not retrieve virtual: Invalid argument - 
>> /sys/firmware/dmi/entries/1-0/raw
>> about to execute /sbin/virt-what 2>/dev/null
>> value for lsbdistid is still nil
>> about to execute /bin/uname -m
>> about to execute /sbin/lspci 2>/dev/null
>> physical
>>
>> facter --debug --timing virtual
>> about to execute /bin/uname -s
>> kernel: 2.50ms
>> Could not retrieve virtual: Invalid argument - 
>> /sys/firmware/dmi/entries/1-0/raw
>> about to execute /sbin/virt-what 2>/dev/null
>> virtual: 32.02ms
>> lsbdistid: 0.23ms
>> value for lsbdistid is still nil
>> operatingsystem: 0.85ms
>> about to execute /bin/uname -m
>> hardwaremodel: 2.33ms
>> architecture: 5.50ms
>> about to execute /sbin/lspci 2>/dev/null
>> virtual: 25.62ms
>> physical
>>
>> Hopefully this helps 'cause I can't figure it out.
>>
>> Thank you for your help.
>>
>>
>> On Wednesday, May 8, 2013 12:14:25 AM UTC+3, Stefan Schulte wrote:
>>>
>>> On Tue, 7 May 2013 13:00:53 -0700 (PDT) 
>>> Charlie Brune  wrote: 
>>>
>>> > [root@hogwarts ~]# facter --debug --timing virtual 
>>> > kernel: 2.97ms 
>>> > Could not retrieve virtual: Invalid argument - 
>>> > /sys/firmware/dmi/entries/1-0/raw 
>>> > virtual: 50.26ms 
>>> > lsbdistid: 0.53ms 
>>> > value for lsbdistid is still nil 
>>> > operatingsystem: 2.00ms 
>>> > hardwaremodel: 3.36ms 
>>> > architecture: 10.61ms 
>>> > virtual: 34.97ms 
>>> > physical 
>>> > 
>>> > 
>>> > Charlie 
>>> > 
>>>
>>> Still not sure what is going on here. I guess the "Invalid argument" 
>>> is the output of an external command that is failing. So if you 
>>> could make the following modification in `util/resolution.rb` (the 
>>> exact path may be different on your machine, on mine it 
>>> is 
>>> `/usr/lib/ruby/gems/1.9.1/gems/facter-1.7.0/lib/facter/util/resolution.rb`) 
>>>
>>>
>>> goto line 171 and change 
>>>
>>>   
>>> begin 
>>>   out = %x{#{code}}.chomp 
>>>   [...] 
>>>
>>> to 
>>>
>>> begin 
>>>   Facter.debug "about to execute #{code}" 
>>>   out = %x{#{code}}.chomp 
>>>   [...] 
>>>
>>> if you now run `facter --debug virtual` you should see the exact 
>>> external commands facter is executing. This migh be helpful when 
>>> finding the root cause of your problem here. 
>>>
>>> -Stefan 
>>>
>>

This appears related to new code in Facter 1.7.0 that is intended to detect 
whether the node is running the Google compute engine, Facter issue #17612 
(http://projects.puppetlabs.com/issues/17612).  You should be able to work 
around it by reverting to the Facter 1.6.x series.  Meanwhile, I encourage 
you to file a ticket.

Examining the code doesn't reveal any obvious error.  Facter uses this:

  

[Puppet Users] puppetlabs-products yum checksum failing

[Matt Bucknam]

This started happening yesterday:

# yum repolist 2>&1 | grep puppet
http://yum.puppetlabs.com/fedora/f18/products/x86_64/repodata/primary.sqlite.bz2:
 
[Errno -1] Metadata file does not match checksum
http://yum.puppetlabs.com/fedora/f18/products/x86_64/repodata/primary.sqlite.bz2:
 
[Errno -1] Metadata file does not match checksum
http://yum.puppetlabs.com/fedora/f18/products/x86_64/repodata/primary.sqlite.bz2:
 
[Errno -1] Metadata file does not match checksum
http://yum.puppetlabs.com/fedora/f18/products/x86_64/repodata/primary.sqlite.bz2:
 
[Errno -1] Metadata file does not match checksum
puppetlabs-products  puppetlabs-products   
0

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet node clean using SQLite instead of PuppetDB

[Ti Leggett]

What's the interface in to the PuppetDB? Can I manually go drop those rows?

On May 7, 2013, at 2:07 PM, Ti Leggett  wrote:

> I just tried this and ran the agent in noop and it still showed that the old, 
> incorrect keys were going to be installed.
> 
> On May 7, 2013, at 2:02 PM, Deepak Giridharagopal  
> wrote:
> 
>> On Tue, May 7, 2013 at 12:59 PM, Ti Leggett  wrote:
>> Man, how did this ticket not show up in any of the various google attempts I 
>> made at trying to find this very thing? However this doesn't seem to help my 
>> original problem which is to remove the stored configs. 'puppet node 
>> deactivate' just deactivates the node but the resources remain in the 
>> database such that when I re-run puppet on the node it tries to get those 
>> stored configs back because the node is then reactivated
>> 
>> Just remove the export "@@" declarations from the manifests that node is 
>> using...then the next catalog that is sent (the next time you re-run puppet 
>> on that node) won't have those resource in it, and thus won't be collected 
>> by any other nodes. We always overwrite a node's previous catalog with the 
>> new one.
>> 
>> deepak
>> 
>> .
>> 
>> 
>> On May 7, 2013, at 1:43 PM, Deepak Giridharagopal  
>> wrote:
>> 
>>> On Tue, May 7, 2013 at 12:39 PM, Ti Leggett  wrote:
>>> I have a node that has some bad stored configs (namely the wrong ssh host 
>>> keys) that I'm trying to clear out. Looking around it seems I'm supposed to 
>>> do:
>>> 
>>> puppet node clean foo.example.com
>>> 
>>> However, that keeps bailing out because it's trying to open a SQLite3 db 
>>> where stored configs are normally kept, but my stored configs are kept in 
>>> puppetdb (http://pastie.org/7814483 for my master puppet.conf):
>>> 
>>> Debug: Using settings: adding file resource 'masterhttplog': 
>>> 'File[/var/log/puppet/masterhttp.log]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"660", :ensure=>:file, 
>>> :backup=>false, :path=>"/var/log/puppet/masterhttp.log"}'
>>> Debug: Using settings: adding file resource 'bucketdir': 
>>> 'File[/var/lib/puppet/bucket]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"750", :ensure=>:directory, 
>>> :backup=>false, :path=>"/var/lib/puppet/bucket"}'
>>> Debug: Using settings: adding file resource 'fileserverconfig': 
>>> 'File[/etc/puppet/fileserver.conf]{:loglevel=>:debug, :links=>:follow, 
>>> :ensure=>:file, :backup=>false, :path=>"/etc/puppet/fileserver.conf"}'
>>> Debug: Using settings: adding file resource 'manifest': 
>>> 'File[/etc/puppet/environments/production/manifests/site.pp]{:loglevel=>:debug,
>>>  :links=>:follow, :ensure=>:file, :backup=>false, 
>>> :path=>"/etc/puppet/environments/production/manifests/site.pp"}'
>>> Debug: Using settings: adding file resource 'rest_authconfig': 
>>> 'File[/etc/puppet/auth.conf]{:loglevel=>:debug, :links=>:follow, 
>>> :ensure=>:file, :backup=>false, :path=>"/etc/puppet/auth.conf"}'
>>> Debug: Using settings: adding file resource 'railslog': 
>>> 'File[/var/log/puppet/rails.log]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"600", :ensure=>:file, 
>>> :backup=>false, :path=>"/var/log/puppet/rails.log"}'
>>> Debug: Using settings: adding file resource 'yamldir': 
>>> 'File[/var/lib/puppet/yaml]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"750", :ensure=>:directory, 
>>> :backup=>false, :path=>"/var/lib/puppet/yaml"}'
>>> Debug: Using settings: adding file resource 'reportdir': 
>>> 'File[/var/lib/puppet/reports]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"750", :ensure=>:directory, 
>>> :backup=>false, :path=>"/var/lib/puppet/reports"}'
>>> Debug: Using settings: adding file resource 'server_datadir': 
>>> 'File[/var/lib/puppet/server_data]{:group=>"puppet", :loglevel=>:debug, 
>>> :links=>:follow, :owner=>"puppet", :mode=>"750", :ensure=>:directory, 
>>> :backup=>false, :path=>"/var/lib/puppet/server_data"}'
>>> Debug: Using settings: adding file resource 'dblocation': 
>>> 'File[/var/lib/puppet/state/clientconfigs.sqlite3]{:group=>"puppet", 
>>> :loglevel=>:debug, :links=>:follow, :owner=>"puppet", :mode=>"660", 
>>> :ensure=>:file, :backup=>false, 
>>> :path=>"/var/lib/puppet/state/clientconfigs.sqlite3"}'
>>> Debug: Using settings: adding file resource 'manifestdir': 
>>> 'File[/etc/puppet/manifests]{:loglevel=>:debug, :links=>:follow, 
>>> :ensure=>:directory, :backup=>false, :path=>"/etc/puppet/manifests"}'
>>> Debug: Finishing transaction 69920208130760
>>> Info: Connecting to sqlite3 database: 
>>> /var/lib/puppet/state/clientconfigs.sqlite3
>>> Error: Could not find table 'hosts'
>>> Error: Try 'puppet help node clean' for usage
>>> 
>>> 
>>> 'puppet config print all' lists the dbadapter as sqlite3 as well, even 
>>> though it's not. I can't seem to figure out the new way to print the config 
>>> in master mode though. Any ide

Re: [Puppet Users] How to indicate multiple dependency?

[Peter Bukowinski]

On May 8, 2013, at 6:52 AM, Bret Wortman  wrote:

> What's the right/best way to indicate that a particular entry in a manifest 
> (a file in this case) depends on successful installation of over 30 packages, 
> all indicated in the same manifest? I could do this, but it seems cumbersome:
> 
> package { 'pkg1': }
> Package['pkg1'] -> File['file1']
> 
> package { 'pkg2': }
> Package['pkg2'] -> File['file2']
> :
> :
> file { 'file2':
> path => '/path/to/file2',
> :
> }
> 
> There must be a better way that I'm just not seeing. Thanks!
> 
> 
> Bret Wortman

Bret,

Puppet lets you use arrays to make your manifests more concise. In this case, 
if these 30 package resources differ only in name, i.e. all their parameters 
are the same except for the package name, then you can use this following to 
make the dependency declaration less cumbersome:

package { [ "pkg1",
"pkg2",
.
.
"pkg30" ]:
  ensure => installed,
  before => File['file2'],
}
file { 'file2':
  ensure  => file,
  path=> "/path/to/file2",
  content => "I exist only after all 30 packages are installed.",
}

--
Peter

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] freebsd clients failing to connect to new master with ssl errors

[Jonathan Proulx]

On Wed, May 8, 2013 at 8:55 AM, Jonathan Proulx  wrote:

> I'm game, short of regenerating the new master's certificate & trying the
> clients again anything to look at to test that theory?
>
>
Well new certs are easy enough so went a head and generated new ones after
checking CA, new server and test client time against ntp server (everyone
was good), but no dice same errors and non errors.

for my next straw to grasp going to setup a linux client with Ruby1.9 and
see if that fails (verified openssl 1.0.1 and 0.9.8o linux clients work)

-jon

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to indicate multiple dependency?

[Bret Wortman]

I wasn't sure how the "before" would work in that instance -- and my 
experimental facilities are limited. But if the before really won't trigger 
until all the members of the array complete, then that sounds like the 
perfect solution for me. Thanks!

On Wednesday, May 8, 2013 9:57:19 AM UTC-4, pmbuko wrote:
>
> On May 8, 2013, at 6:52 AM, Bret Wortman 
> > 
> wrote:
>
> What's the right/best way to indicate that a particular entry in a 
> manifest (a file in this case) depends on successful installation of over 
> 30 packages, all indicated in the same manifest? I could do this, but it 
> seems cumbersome:
>
> package { 'pkg1': }
> Package['pkg1'] -> File['file1']
>
> package { 'pkg2': }
> Package['pkg2'] -> File['file2']
> :
> :
> file { 'file2':
> path => '/path/to/file2',
> :
> }
>
> There must be a better way that I'm just not seeing. Thanks!
>
>
> Bret Wortman
>
>
> Bret,
>
> Puppet lets you use arrays to make your manifests more concise. In this 
> case, if these 30 package resources differ only in name, i.e. all their 
> parameters are the same except for the package name, then you can use this 
> following to make the dependency declaration less cumbersome:
>
> package { [ "pkg1",
> "pkg2",
> .
> .
> "pkg30" ]:
>   ensure => installed,
>   before => File['file2'],
> }
> file { 'file2':
>   ensure  => file,
>   path=> "/path/to/file2",
>   content => "I exist only after all 30 packages are installed.",
> }
>
> --
> Peter
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] PuppetDB issues

[kl . puppetuser]

Hi all,

I'm setting up puppetdb to for storing facts et cetera. I installed 
puppetdb-1.3.0-1.el6.noarch.rpm on my puppetdb.local host (which is 
puppetized). This seems to work, service starts :).

When I edit the settings on my puppetmaster (puppet.local), something goes 
wrong. I am following the guide [1]. I put the settings (storeconfigs = 
true, storeconfigs_backend=puppetdb) on my puppetmaster and restart the 
puppetmaster. When I do a --onetime on a node, I get the following error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to submit 'replace facts' command for gaia.local
to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5 errno=0 
state=SSLv3 read finished A
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run


I'm thinking the problem is that I'm using gaia.local as the host name. 
Puppet.local is an alias for gaia.local.


*Extra info:*
For completeness, the error on the puppetdb is:
WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null 
cert chain

keystore.jks on the puppetdb has puppetdb.local with print 
8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47
truststore.jks on puppetdb has 'puppetdb ca' with print 
62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E

$ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master 
--configprint hostcert`
/etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK

(yes, I have the SSL certs in /etc/puppet)

If someone could help, that would be great. I'm running in circles here.
Thanks!
kl

[1] http://docs.puppetlabs.com/puppetdb/1.3/connect_puppet_master.html

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] PuppetDB: SSL problems

[kl . puppetuser]

Hi all,

I'm setting up puppetdb to for storing facts et cetera. I installed 
puppetdb-1.3.0-1.el6.noarch.rpm on my puppetdb.local host (which is 
puppetized). This seems to work, service starts :).

When I edit the settings on my puppetmaster (puppet.local), something goes 
wrong. I am following the guide [1]. I put the settings (storeconfigs = 
true, storeconfigs_backend=puppetdb) on my puppetmaster and restart the 
puppetmaster. When I do a --onetime on a node, I get the following error:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to submit 'replace facts' command for gaia.local
to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5 errno=0 
state=SSLv3 read finished A
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

I'm thinking the problem is that I'm using gaia.local as the host name. 
Puppet.local is an alias for gaia.local.


*Extra info:*
For completeness, the error on the puppetdb is:
WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null 
cert chain

keystore.jks on the puppetdb has puppetdb.local with print 
8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47
truststore.jks on puppetdb has 'puppetdb ca' with print 
62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E

$ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master 
--configprint hostcert`
/etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK

(yes, I have the SSL certs in /etc/puppet)

If someone could help, that would be great. I'm running in circles here.

*Thanks!*
kl

[1] http://docs.puppetlabs.com/puppetdb/1.3/connect_puppet_master.html

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] define and exported resources - giving wrong template content

[Klavs Klavsen]

Hi,

I have an odd problem - I have a define, as an exported resource. when 
puppet creates them on the central gdash host - it creates them with the 
correct (client) hostname (f.ex. cat 
/var/www/gdash/graph_templates/dashboards/hosts/p-web01/dash.yaml) - but 
the content has the central gdash hostname in them instead (of f.ex. 
p-web01 etc.).

I do the same with nagios config - and there it works fine (only diff I can 
see, is that I do export the file resource directly (with a tag), instead 
of doing it in a define).

##definition - run on hosts
  @@gdash::hostgraphs { "${::hostname}": }

##profile on gdash server
  Gdash::Hostgraphs <<| |>> { }

##gdash::hostgraphs

define gdash::hostgraphs () {
  $tplpath = "/var/www/gdash/graph_templates/dashboards"
  $hostpath = "$tplpath/hosts/$name"
  #file { "$tplpath/hosts": ensure => directory }
  file { "$tplpath/hosts/$name": ensure => directory, require => 
File["$tplpath/hosts"] }
  #$graphs = [  'dash.yaml', 'cpu.graph', 'io.graph', 'iops.graph', 
'load.graph', 'memory.graph', 'nettraf.graph', 'sockets.graph']
  file { "$hostpath/dash.yaml": content => template('gdash/dash.yaml') }
  file { "$hostpath/cpu.graph": content => template('gdash/cpu.graph') }
  file { "$hostpath/io.graph": content => template('gdash/io.graph') }
  file { "$hostpath/iops.graph": content => template('gdash/iops.graph') }
  file { "$hostpath/load.graph": content => template('gdash/load.graph') }
  file { "$hostpath/memory.graph": content => 
template('gdash/memory.graph') }
  file { "$hostpath/nettraf.graph": content => 
template('gdash/nettraf.graph') }
  file { "$hostpath/sockets.graph": content => 
template('gdash/sockets.graph') }
}

The templates all look kinda like this (modules/gdash/templates/dash.yaml):
:name: <%= hostname %>
:description: Graphs for <%= fqdn %>

Anyone have any ideas?

It's puppet v3.1.1

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: PuppetDB issues

[kl . puppetuser]

I accidentally double-posted this. Didn't notice poppet-users was 
moderated. Maybe someone can delete this one? I am not too familiar with 
google groups.

Original:
https://groups.google.com/forum/#!topic/puppet-users/877mzTGZl1A

Thanks!


On Wednesday, May 8, 2013 4:13:20 PM UTC+2, kl.pup...@gmail.com wrote:
>
> Hi all,
>
> I'm setting up puppetdb to for storing facts et cetera. I installed 
> puppetdb-1.3.0-1.el6.noarch.rpm on my puppetdb.local host (which is 
> puppetized). This seems to work, service starts :).
>
> When I edit the settings on my puppetmaster (puppet.local), something goes 
> wrong. I am following the guide [1]. I put the settings (storeconfigs = 
> true, storeconfigs_backend=puppetdb) on my puppetmaster and restart the 
> puppetmaster. When I do a --onetime on a node, I get the following error:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Failed to submit 'replace facts' command for gaia.local
> to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5 errno=0 
> state=SSLv3 read finished A
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
>
> I'm thinking the problem is that I'm using gaia.local as the host name. 
> Puppet.local is an alias for gaia.local.
>
>
> *Extra info:*
> For completeness, the error on the puppetdb is:
> WARN [qtp788652058-42] [io.nio] javax.net.ssl.SSLHandshakeException: null 
> cert chain
>
> keystore.jks on the puppetdb has puppetdb.local with print 
> 8C:E6:D1:02:89:9E:25:D3:E8:8F:63:75:8F:85:59:B5:17:BE:F8:47
> truststore.jks on puppetdb has 'puppetdb ca' with print 
> 62:8F:76:CE:5C:9D:23:B0:1D:9D:7A:2F:39:5A:74:43:1D:BB:D9:1E
>
> $ openssl verify -CAfile /etc/puppet/ssl/ca/ca_crt.pem `puppet master 
> --configprint hostcert`
> /etc/puppet/ssl/certs/puppetdb.kahuna.local.pem: OK
>
> (yes, I have the SSL certs in /etc/puppet)
>
> If someone could help, that would be great. I'm running in circles here.
> Thanks!
> kl
>
> [1] http://docs.puppetlabs.com/puppetdb/1.3/connect_puppet_master.html
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to indicate multiple dependency?

[Peter Bukowinski]

The 'before' metaparameter is an inverse version of the 'require' 
metaparameter. Where the 'require' parameter forces the parent resource to sync 
*after* the indicated resource, the 'before' parameter acts as a pause button 
on the indicated resource (in this case, file2), preventing it from syncing 
until the parent resource(s) have synced.

--
Peter

On May 8, 2013, at 10:14 AM, Bret Wortman  wrote:

> I wasn't sure how the "before" would work in that instance -- and my 
> experimental facilities are limited. But if the before really won't trigger 
> until all the members of the array complete, then that sounds like the 
> perfect solution for me. Thanks!
> 
> On Wednesday, May 8, 2013 9:57:19 AM UTC-4, pmbuko wrote:
> On May 8, 2013, at 6:52 AM, Bret Wortman  wrote:
> 
>> What's the right/best way to indicate that a particular entry in a manifest 
>> (a file in this case) depends on successful installation of over 30 
>> packages, all indicated in the same manifest? I could do this, but it seems 
>> cumbersome:
>> 
>> package { 'pkg1': }
>> Package['pkg1'] -> File['file1']
>> 
>> package { 'pkg2': }
>> Package['pkg2'] -> File['file2']
>> :
>> :
>> file { 'file2':
>> path => '/path/to/file2',
>> :
>> }
>> 
>> There must be a better way that I'm just not seeing. Thanks!
>> 
>> 
>> Bret Wortman
> 
> Bret,
> 
> Puppet lets you use arrays to make your manifests more concise. In this case, 
> if these 30 package resources differ only in name, i.e. all their parameters 
> are the same except for the package name, then you can use this following to 
> make the dependency declaration less cumbersome:
> 
> package { [ "pkg1",
> "pkg2",
> .
> .
> "pkg30" ]:
>   ensure => installed,
>   before => File['file2'],
> }
> file { 'file2':
>   ensure  => file,
>   path=> "/path/to/file2",
>   content => "I exist only after all 30 packages are installed.",
> }
> 
> --
> Peter
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] deleting nodes in puppet-dashboard makes it hang

[Klavs Klavsen]

Hi,

I have 51 clients in puppet-dashboard – and when I tell it to delete a node 
– it simply hangs forever. If I try to just open / on the puppet-dashboard 
website – I get a proxy timeout (I have apache in front).

I end up having to kill webrick and start it again – with the node NOT 
being deleted :(

I have commented on an issue here - which seems to be about the same: 
http://projects.puppetlabs.com/issues/20147#change-90580

Anyone have had this problem, and perhaps found a solution? or did you go 
in and fired off some sql to delete the node (and which sql) ?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[Charlie Brune]

I also did the modification that Stefan requested and my output is the same 
as yours:

[root@hogwarts ~]# facter --debug virtual
> about to execute /bin/uname -s
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> about to execute /sbin/virt-what 2>/dev/null
> value for lsbdistid is still nil
> about to execute /bin/uname -m
> about to execute /sbin/lspci 2>/dev/null
> physical
>
>
Regards,
Charlie

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[Charlie Brune]

Sorry... I forgot to answer John's questions (above).

Facter produces the same error messages running under sudo.  Also, I have 
SELinux turned off.

[root@hogwarts ~]# *facter virtual*
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> physical
> [root@hogwarts ~]# *sudo facter virtual*
> Could not retrieve virtual: Invalid argument - 
> /sys/firmware/dmi/entries/1-0/raw
> physical
> [root@hogwarts ~]# *grep ^SELINUX /etc/selinux/config*
> SELINUX=disabled
> SELINUXTYPE=targeted 
>
>
Charlie

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Having trouble with facter - "invalid argument"

[Angel Angelov]

SELinux is disabled and the commands were ran as root.

Downgrading the facter to 1.6.18 version seems fixing the problem.

Thank you very much for the support guys.

Best Regards,
Angel Angelov


On Wed, May 8, 2013 at 6:20 PM, Charlie Brune  wrote:

> Sorry... I forgot to answer John's questions (above).
>
> Facter produces the same error messages running under sudo.  Also, I have
> SELinux turned off.
>
> [root@hogwarts ~]# *facter virtual*
>>
>> Could not retrieve virtual: Invalid argument -
>> /sys/firmware/dmi/entries/1-0/raw
>> physical
>> [root@hogwarts ~]# *sudo facter virtual*
>>
>> Could not retrieve virtual: Invalid argument -
>> /sys/firmware/dmi/entries/1-0/raw
>> physical
>> [root@hogwarts ~]# *grep ^SELINUX /etc/selinux/config*
>> SELINUX=disabled
>> SELINUXTYPE=targeted
>>
>>
> Charlie
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/Gs0d0Z4LjgI/unsubscribe?hl=en
> .
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>



-- 

Kind Regards,
Angel Angelov

CLOUDSIGMA AG
W: www.cloudsigma.com
T: www.twitter.com/CloudSigma

"Do you support Greener Cloud Computing?
Greenbyte.ch & CloudSigma appreciate your vote at http://cld.sg/ZoTIGx";


This email is from CLOUDSIGMA AG. The contents of this email and any
attachments are confidential to the intended recipient. They may not be
disclosed to or used by or copied in any way by anyone other than the
intended recipient. If this email is received in error, please contact
CLOUDSIGMA AG on +41 (0)44 585 39 07 quoting the name of the sender and the
email address to which it has been sent and then delete it. Please note
that neither CLOUDSIGMA AG nor the sender accepts any responsibility for
viruses and it is your responsibility to scan or otherwise check this email
and any attachments. CLOUDSIGMA AG is a public limited company registered
in Canton Zürich, Switzerland (registered number CH-020.3.034.422-0) with
registered offices at Sägereistrasse 29, 8152 Glattbrugg, Switzerland. For
further information, please refer to www.cloudsigma.com .
Create a cloud server in 2 minutes: http://cld.sg/CldSg


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] 2.7 -> 3.1 upgrade path?

[Bruce]

Hi,

We have hosts running 2.7 client, a single puppet master, and we're using 
Puppet Dashboard for ENC.

What would be a recommended order of operations to get to 3.1 on 
client/server, and using PuppetDB instead?  

Thanks!


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] 2.7 -> 3.1 upgrade path?

[Dan White]

Server first. Always 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "Bruce"  
To: puppet-users@googlegroups.com 
Sent: Wednesday, May 8, 2013 11:58:14 AM 
Subject: [Puppet Users] 2.7 -> 3.1 upgrade path? 

Hi, 


We have hosts running 2.7 client, a single puppet master, and we're using 
Puppet Dashboard for ENC. 


What would be a recommended order of operations to get to 3.1 on client/server, 
and using PuppetDB instead? 


Thanks! 





-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com. 
To post to this group, send email to puppet-users@googlegroups.com. 
Visit this group at http://groups.google.com/group/puppet-users?hl=en . 
For more options, visit https://groups.google.com/groups/opt_out . 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: hiera-gpg causing big increase in catalog compile time

[Aaron Mills]

Thought I'd drag this topic back to life rather than open a new one for the 
same issue. I'm seeing pretty much the exact same behavior on my catalog 
compile times. With puppet 3.1.0 and hiera-gpg 1.1.0 I'm seeing compile 
times usually in the 60-90-second range. This is causing a lot of agent 
runs to timeout or get an "end of file" error. Consolidating GPG-encrypted 
data into a single file doesn't seem to have any bearing on compile times. 

Running the master in debug mode doesn't seem to surface any obvious 
issues. Has anyone made any headway on this issue? 

-Aaron


On Wednesday, February 20, 2013 9:03:19 AM UTC-7, Jon Ward wrote:
>
> Hi,
>
> I've been using hiera for a little while and have started using the 
> hiera-gpg back-end for passwords etc.
>
> The problem is, I am seeing a massive increase in catalog compile time 
> when using hiera-gpg. On one particular node where there is quite a lot 
> going on, catalog compile time jumped from <5s to >90s. My typical compile 
> times have gone from around 2s to around 30s.
>
> I have the gpg backend listed underneath yaml in my hiera.yaml file, so 
> from what I understand my .gpg config files should only be interrogated if 
> no answer is found in the .yaml files. I only have half a dozen or so vars 
> stored in the .gpg files.
>
> By simply removing the gpg backend from hiera.yaml the compile times go 
> back down to normal.
>
> I'm using Puppet 3.1.0 installed from apt.puppetlabs.com on Debian 
> Squeeze & hiera-gpg 1.1.0 installed from Rubygems.
>
> Would appreciate any tips for debugging this problem, thanks in advance.
>
> Jon
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Announce: PuppetDB 1.3.0 Available

[Nick Lewis]

On Wednesday, May 8, 2013 5:31:16 AM UTC-7, Erik Dalén wrote:

> On Tuesday 7 May 2013 at 01:44, Chris Price wrote: 
> > * Report queries 
> >   
> > The query endpoint `experimental/event` has been augmented to support a 
>   
> > much more interesting set of queries against report data. You can now 
> query 
> > for events by status (e.g. `success`, `failed`, `noop`), timestamp 
> ranges, 
> > resource types/titles/property name, etc. This should make the report 
> > storage feature of PuppetDB *much* more valuable! 
>
> Very nice news.   
>
> But is this planned to get some further extensions? Some queries I would 
> like to make still seem quite hard (at least to do in a single query). 
>
> For example finding all nodes that failed their last puppet run seems like 
> it would need one node query and then a event query for each one. 
>
> Will there be better support for subqueries across reports, events and the 
> other endpoints? That would make some types of queries easier. For example 
> you could make a single query to get the puppet version of all nodes that 
> failed any resource within the last 30 mins. 
>
>
This is definitely unfinished (it's under /experimental). We plan to at 
least add subqueries like you get with resources/facts, and possibly 
counting, grouping, and selecting a subset of columns. If you have any 
further use cases that those features still wouldn't address, let us know. 
We want to make this API as robust as we can; until we do, we thought it 
was best to get what we already had out for users to try.
 

> Any suggestions for nifty syntax for puppetdbquery to query stuff like 
> that? :) 
>
>
I'll get back to you on that. :)
 

> --   
> Erik Dalén 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet agent and env variables

[Worker Bee]

Hi Everyone;

It appears that in Puppet 3, environment variables are not passed to the
agent.  Specifically, $HOME is not defined so, if a script attempts to use
~ , this fails becasue $HOME is no longer defined to the agent.  This seems
to have changed since 2.7.

Does anyone have any feedback/advice?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Announce: PuppetDB 1.3.0 Available

[Chris Price]

On Wednesday, May 8, 2013 5:31:16 AM UTC-7, Erik Dalén wrote:

>
> For example finding all nodes that failed their last puppet run seems like 
> it would need one node query and then a event query for each one. 


I'm guessing "last run" is something we'll bake into the query API at some 
point too. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet Dashboard's ENC returning wrong hostname/parameters

[Aaron Stone]

Interesting! Let me see if this still happens in the rails3 branch. Please
file a ticket so the issue doesn't get lost.
http://projects.puppetlabs.com/projects/dashboard


On Tue, May 7, 2013 at 11:17 PM, Greg Batye  wrote:

>  Hey everyone,
>
>
>  I have an issue with puppet dashboard that I can find a solution to.
>
>
>  My server naming convention contains leading numbers at the beginning of
> the hostname. For example, 009example.com. Whenever I run
> “/usr/share/puppet-dashboard/external_node 009example.com” another host's
> parameters/classes are returned. I tracked the issue down to the enc
> returning the hostname with id 9 in the database. This happens no matter
> which number I use.
>
>
>  Has anyone had this issue and is there a way to have puppet dashboard
> search the database for name rather then id?
>
>
>  --Greg
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Bug in puppetdb-ssl-setup?

[Jeffrey Watts]

I'm setting up PuppetDB for the first time (and on OpenSuSE, yay).  After
some tinkering I've gotten the package rebuilt and working.  However, on
first setup puppetdb-ssl-setup fails with the following message:

# /usr/sbin/puppetdb-ssl-setup
cp: cannot stat
`/var/lib/puppet/ssl/private_keys/puppetmaster.mycompany.com.pem': No such
file or directory

I'm planning on running PuppetDB on a separate box from my Puppetmaster.
 Digging into the script a bit, the problem seems to be with the use of the
'puppet master' command to find the certificate information.  I use a
monolithic puppet.conf for my master and agents, so it's picking up the
master's configuration instead of the agent's.

Anyhow, this small diff seems to get me past the problem.  Is this a bug?

Thanks,
Jeffrey.


# diff -u /usr/sbin/puppetdb-ssl-setup puppetdb-ssl-setup
--- /usr/sbin/puppetdb-ssl-setup 2013-05-06 11:04:25.0 -0500
+++ puppetdb-ssl-setup 2013-05-08 12:57:47.423096218 -0500
@@ -94,10 +94,10 @@
   fqdn=`facter hostname`
 fi

-mycertname=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir
--configprint  certname`
-mycert=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir
--configprint  hostcert`
-myca=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir
--configprint localcacert`
-privkey=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir
--configprint hostprivkey`
+mycertname=`puppet agent --confdir=$agent_confdir --vardir=$agent_vardir
--configprint  certname`
+mycert=`puppet agent --confdir=$agent_confdir --vardir=$agent_vardir
--configprint  hostcert`
+myca=`puppet agent --confdir=$agent_confdir --vardir=$agent_vardir
--configprint localcacert`
+privkey=`puppet agent --confdir=$agent_confdir --vardir=$agent_vardir
--configprint hostprivkey`

 pw_file=${puppetdb_confdir}/ssl/puppetdb_keystore_pw.txt

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet agent and env variables

[jcbollinger]

On Wednesday, May 8, 2013 12:44:14 PM UTC-5, Worker Bee wrote:
>
> Hi Everyone;
>
> It appears that in Puppet 3, environment variables are not passed to the 
> agent.  Specifically, $HOME is not defined so, if a script attempts to use 
> ~ , this fails becasue $HOME is no longer defined to the agent.  This seems 
> to have changed since 2.7.
>
> Does anyone have any feedback/advice?
>


There are two main issues here: the environment the OS provides to the 
agent, and the environment the agent provides to processes it spawns.  The 
environment provided to the agent depends on the way in which the agent is 
launched, and is not under the agent's control.  In particular, it will be 
very sparse when the agent is launched in any of the usual automated ways 
(init script, cron job, etc.).  More generally, I would not expect $HOME to 
be passed to the agent unless it were launched from a login shell or a 
descendant of one.

On the other side, Puppet has always been very parsimonious about the 
environment it passes to child processes.  This is simply good practice.

I doubt either of these changed significantly from Puppet 2.7 to Puppet 3.

I anyway find it very questionable to use the Puppet agent to run a script 
that depends on the home directory of the user.  Maybe a solution would 
become apparent if you explain more specifically what you're trying to 
achieve.


John



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: hiera-gpg causing big increase in catalog compile time

[jcbollinger]

On Wednesday, May 8, 2013 11:38:06 AM UTC-5, Aaron Mills wrote:
>
> Thought I'd drag this topic back to life rather than open a new one for 
> the same issue. I'm seeing pretty much the exact same behavior on my 
> catalog compile times. With puppet 3.1.0 and hiera-gpg 1.1.0 I'm seeing 
> compile times usually in the 60-90-second range. This is causing a lot of 
> agent runs to timeout or get an "end of file" error. Consolidating 
> GPG-encrypted data into a single file doesn't seem to have any bearing on 
> compile times. 
>
> Running the master in debug mode doesn't seem to surface any obvious 
> issues. Has anyone made any headway on this issue? 
>
>

I assumed the first time around that the increased compile times were a 
function of the relatively large computational cost of cryptography.  
Nevertheless, there might be some inefficiencies in the way hiera-gpg works 
internally, in the way it works together with the hiera framework, and in 
the behavior your manifests provoke from it.

Hiera-gpg decrypts each target file it consults, in its entirety, whenever 
it is queried for a key.  How expensive that is depends on the number and 
size of the files, on the position in the hierarchy where target keys are 
typically found, and on which hiera access function you actually use.

If you use many parameterized classes, then Puppet 3's automatic class 
parameter binding will tend to aggravate that problem, especially if you 
typically allow class parameters to take default values or DSL-specified 
values (so that hiera has lots of complete misses on the parameter names).

There are several things you could do to try to mitigate, among them:

   - Use the :gpg: back-end only for data that really need to be 
   encrypted.  Use the plain :yaml: backend for everything else, and give it 
   higher priority.
   - Minimize use of parameterized classes, or else ensure that all class 
   parameters are recorded in your hiera data files, even if they take default 
   values.
   - If you use hiera for data other than class parameters, then avoid 
   looking up the same key multiple times.  Instead, read the data into some 
   class's variables, and have everyone else get the data from those variables.
   - Avoid need for hiera_hash() and hiera_array(), each of which will 
   decrypt every one of the :gpg: backend's files on every call.  (And do be 
   sure you know the difference between using those functions and using the 
   plain hiera() function to retrieve hashes and arrays.)
   - If you're willing to get a bit intrusive, then restructure your data 
   and parameters so that fewer overall lookups are required.  For instance, 
   combine multiple individual values into hashes, so that you can perform a 
   single lookup for the hash instead of a separate lookup for each component.

Good luck,

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: How to indicate multiple dependency?

[jcbollinger]

On Wednesday, May 8, 2013 8:47:59 AM UTC-5, Bret Wortman wrote:
>
>
> Okay, so if the class actually looks like this, say:
>
> class blacklisted () {
>
> Package {
> ensure => absent,
> tag => "blacklisted",
> }
>
> package { 'pkg1': }
> package { 'pkg2': }
> package { 'pkg3': }
> :
> package { 'pkg30': }
>
> file { '/path/to/file1':
> ensure => present,
> }
>
> Package<| tag == 'blacklisted' |> -> File['/path/to/file1']
>
> }
>
> Should do it, right? I've never done anything with tags before, but this 
> may cause me to rework a few modules I've written
>
>>
>>

Yes, that should work, but if you're going to use resource defaults then I 
don't see why you would want to go the long way around through tags.  
Instead, just use 'before' as in my last suggestion, and skip the collector 
and chain expression.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: define and exported resources - giving wrong template content

[jcbollinger]

On Wednesday, May 8, 2013 9:22:16 AM UTC-5, Klavs Klavsen wrote:
>
> Hi,
>
> I have an odd problem - I have a define, as an exported resource. when 
> puppet creates them on the central gdash host - it creates them with the 
> correct (client) hostname (f.ex. cat 
> /var/www/gdash/graph_templates/dashboards/hosts/p-web01/dash.yaml) - but 
> the content has the central gdash hostname in them instead (of f.ex. 
> p-web01 etc.).
>
> I do the same with nagios config - and there it works fine (only diff I 
> can see, is that I do export the file resource directly (with a tag), 
> instead of doing it in a define).
>
> ##definition - run on hosts
>   @@gdash::hostgraphs { "${::hostname}": }
>
> ##profile on gdash server
>   Gdash::Hostgraphs <<| |>> { }
>
> ##gdash::hostgraphs
>
> define gdash::hostgraphs () {
>   $tplpath = "/var/www/gdash/graph_templates/dashboards"
>   $hostpath = "$tplpath/hosts/$name"
>   #file { "$tplpath/hosts": ensure => directory }
>   file { "$tplpath/hosts/$name": ensure => directory, require => 
> File["$tplpath/hosts"] }
>   #$graphs = [  'dash.yaml', 'cpu.graph', 'io.graph', 'iops.graph', 
> 'load.graph', 'memory.graph', 'nettraf.graph', 'sockets.graph']
>   file { "$hostpath/dash.yaml": content => template('gdash/dash.yaml') }
>   file { "$hostpath/cpu.graph": content => template('gdash/cpu.graph') }
>   file { "$hostpath/io.graph": content => template('gdash/io.graph') }
>   file { "$hostpath/iops.graph": content => template('gdash/iops.graph') }
>   file { "$hostpath/load.graph": content => template('gdash/load.graph') }
>   file { "$hostpath/memory.graph": content => 
> template('gdash/memory.graph') }
>   file { "$hostpath/nettraf.graph": content => 
> template('gdash/nettraf.graph') }
>   file { "$hostpath/sockets.graph": content => 
> template('gdash/sockets.graph') }
> }
>
> The templates all look kinda like this (modules/gdash/templates/dash.yaml):
> :name: <%= hostname %>
> :description: Graphs for <%= fqdn %>
>
> Anyone have any ideas?
>
> It's puppet v3.1.1
>
>

I'm not sure I would have predicted the behavior you see, but it makes 
sense.  When you export a resource you are exporting the resource type and 
parameters.  When you later import that resource, it is evaluated in the 
context of the importing host, just as you see.  Evidently, if you want to 
convey data from the exporter to the importer then it must be carried by 
parameters of the exported resource.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[Felipe Salum]

Is Puppetlabs planning some easy solution for this ?

The real problem I see is that you can't separate the Puppet CA from the 
Puppet Master. So even that you can have multiple puppet masters, the CA 
must run in one of them. So if that server goes down your multiple puppet 
master setup is screwed as well.

I would love to see a Puppet CA high availability solution out of the box.

On Tuesday, April 30, 2013 6:43:08 AM UTC-7, R.I. Pienaar wrote:
>
>
>
> - Original Message - 
> > From: "jcbollinger"  
> > To: puppet...@googlegroups.com  
> > Sent: Tuesday, April 30, 2013 2:39:52 PM 
> > Subject: [Puppet Users] Re: High Availability of Puppet server for 
> separate geographical location 
> > 
> > 
> > 
> > On Monday, April 29, 2013 8:55:39 AM UTC-5, shyam sundar Keshari wrote: 
> > > 
> > > Hi Team, 
> > > 
> > > I have to configure puppet server in Primary-Secondary mode for 2 
> > > distributed location . 
> > > 
> > > Site A is already running 1 Puppet server .Now I need to configure 
> > > another puppet secondary server at site B ,so that 
> > > 
> > > all client at location B ,only connect to that server .And site A 
> > > puppet client only connect to site A . 
> > > 
> > > But mine requirement is of that suppose site A server goes down then 
> > > Site B server handle all client request and 
> > > 
> > > same if Site B server down then server A handles all . 
> > > 
> > > Kindly guide me to implement this scenario . 
> > > 
> > > 
> > For the most part, this is outside Puppet's scope.  You need to stand up 
> > some kind appliance or service in front of your Puppet servers to 
> monitor 
> > when one goes down, so as to redirect traffic to the other when needed. 
> > That cannot be part of Puppet, else it would go down with Puppet if ever 
> > Puppet went down. 
> > 
> > With an external failover system in place, there would still be a few 
> > things to arrange on the Puppet side.  In order for site B to properly 
> > serve site A's nodes, it must have 
> > 
> >- site A's SSL certificate, or at least a certificate that site A's 
> >nodes will trust; 
> >- ENC and/or node declarations for site A's nodes, matching those on 
> >site A; 
> >- modules (and standalone classes, if any) matching those on site A; 
> >- external data (if applicable) appropriate for site A's nodes; and 
> >- stored configs for site A, if applicable. 
>
> SRV goes a long way towards solving some of this, it is possible to share 
> a CA between masters too which solves some of that.  Gets a lot harder 
> when 
> you involve PuppetDB. 
>
> http://docs.puppetlabs.com/guides/scaling_multiple_masters.html 
>
>
> > 
> > I see two reasonably good approaches here: 
> > 
> >1. the site A and B masters are maintained as a mirrored pair.  This 
> has 
> >the effect that from Puppet's perspective, physical sites A and B are 
> >meaningless partitions of a single large, federated site.  A shared, 
> >central certificate authority would be required (and that would need 
> to be 
> >the site A master if you want to avoid issuing new certificates to 
> all the 
> >site A nodes). 
> >2. A mirror of site A's master is maintained as a hot spare at site 
> B, 
> >and vice versa.  Each spare could run on the same (possibly virtual) 
> >hardware as the local master (but on a different port), or it could 
> run on 
> >different hardware and merely be geographically colocated.  This 
> would 
> >maintain a logical distinction between sites A and B, and would be 
> overall 
> >easier to set up and maintain. 
> > 
> > If you consider option 2, however, you should soon realize that in that 
> > case you don't get any particular advantage from putting the spare 
> masters 
> > on the same machine as the local site's main master.  Indeed, it might 
> be 
> > easier to set them up as ordinary nodes (for the site in which they are 
> > actually located), and even to let the local site's masters have 
> > responsibility for maintaining the spares' puppet master config, each as 
> a 
> > mirror of the other site's master. 
> > 
> > 
> > John 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to puppet-users...@googlegroups.com . 
> > To post to this group, send email to 
> > puppet...@googlegroups.com. 
>
> > Visit this group at http://groups.google.com/group/puppet-users?hl=en. 
> > For more options, visit https://groups.google.com/groups/opt_out. 
> > 
> > 
> > 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/pup

Re: [Puppet Users] PuppetDB: SSL problems

[Stefan Schulte]

On Wed, 8 May 2013 07:01:56 -0700 (PDT)
kl.puppetu...@gmail.com wrote:

> 
> Error: Could not retrieve catalog from remote server: Error 400 on
> SERVER: Failed to submit 'replace facts' command for gaia.local
> to PuppetDB at puppetdb.local:8081: SSL_connect SYSCALL returned=5
> errno=0 state=SSLv3 read finished A
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
> 

seems to be an issue with OpenJDK7. Reverting to Java6 solved the
problem for a lot of users.

issue is described here: http://projects.puppetlabs.com/issues/19884

-Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Module for tuned-adm

[banjer]

Thanks, I was about to roll out a puppet module for tuned-adm and found 
this.  Easy to use and working great in my environment.

Cheers!

On Friday, January 4, 2013 8:25:16 AM UTC-5, Romain PELISSE wrote:
>
> Hi all,
>
> tuned-adm module: https://github.com/rpelisse/puppet-tuned
>
> I'm using 
> tuned-admto
>  tune the kernel of the target system according to a profile. I first 
> used exec{} to trigger the profile setting but lead to the exec{} being ran 
> at every Puppet run which I found, at beast, inelegant. I end up doing this 
> module to more and less properly implement the exists? method. The module 
> implementation is rather rudimentory but still nice to have - if you need 
> it.
>
> (Note: i've googled a bit before doing that and ran into a couple of 
> existing Puppet module or code for tuned-adm but they were either using 
> exec() internally or just installing the packages and nothing more). 
>  
> (Final note: Before XMas, I've already submitted a completely useless 
> module extension to handle DNS Name, as it turned out Puppet supports this 
> out of the box, so I hope this module proposal will be a tidbit more useful 
> ! :) ) 
>
> -- 
> Romain PELISSE,
> *"The trouble with having an open mind, of course, is that people will 
> insist on coming along and trying to put things in it" -- Terry Pratchett*
> Belaran ins Prussia (blog)  (... 
> finally up and running !) 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Help me with a local Linux account management module

[David Reagan]

>There's several ways to handle this.  Generally the way it's done is via a 
>"custom function" that executes on the puppetmaster and injects the results of 
>that run into the catalog for the client.  This way you can use a hash 
>generator.  Something like 
>https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb

I meant, how do I tell what hash the server will know how to use? I
suppose it shouldn't matter much. I'll just copy the hash out of the
/etc/shadow file. If I get more than 10 users I'll want to figure out
how to use LDAP anyway.

I hadn't realized the ssh_authorized_key name wasn't limited to what's
in the users .pub file. So making those unique shouldn't be too hard.

>This stuff is tricky with the language as it stands.  The way I've solved this 
>(and seen others solve this) in the past is that rather than trying to pass in 
>arrays you build a hash in hiera for your users and then pass the entire hash 
>to create_resources('mycustomusersdefine', hashname) to have it create a call 
>to the define for each element of the hash.  If you google create_resources 
>you should find some examples.

Haven't googled it yet. But it seems a bit more complicated than what
I want. I just want to read the .pub file, grab the type and key, then
use that to create an ssh_authorized_key. That way, when someone adds
or changes their .pub file, it's as simple as uploading the pub file
to the puppetmaster and we're done. Thus avoiding potential mistakes
that could occur if I (or they) formatted the key into json or yaml.

I would think I could do something like that with Ruby. But I'm not
sure how to integrate that into my module...

--David Reagan


On Fri, Apr 26, 2013 at 2:31 PM, Ashley Penney  wrote:
> On Fri, Apr 26, 2013 at 4:08 PM, David Reagan  wrote:
>>
>> I'm pretty much brand new to Puppet. I've read the tutorials on puppet
>> labs, and most of Pro Puppet. But there's still a lot I don't get. So I
>> figured I'd learn by doing.
>>
>> My current goal is to write a user account wrapper. It would only be for
>> local Linux accounts only, only on Ubuntu for now.
>>
>> I'm not just using the user type because I want to manage ssh authorized
>> keys as well.
>>
>> I did find https://github.com/dcsobral/puppet-users, and a few others. But
>> I'm not fond of the use of csv files, and it seems like a simple enough
>> module to learn with.
>>
>> Wrapping user and ssh_authorized_key is simple, just pass in the
>> information. But I do have a couple questions I couldn't find answers to in
>> the docs, here, or Google.
>>
>> Questions:
>>
>> What happens when a group listed in the user type does not exist on the
>> server?
>
> Generally speaking you shouldn't let that happen!  The user resource will
> fail because it wants the group to exist first.  Create a group{} resource
> and in the user{} resource add something like require => Group['users'], or
> whatever, so that this doesn't happen.
>
>>
>> How do I figure out what hash to use for the password when creating a new
>> user?
>
> There's several ways to handle this.  Generally the way it's done is via a
> "custom function" that executes on the puppetmaster and injects the results
> of that run into the catalog for the client.  This way you can use a hash
> generator.  Something like
> https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb
>
>>
>> Do I just copy the hash directly into the password property? No need to
>> tell puppet what kind of hash it is?
>
> It basically takes the contents of password and shovels it into the
> appropriate /etc/shadow column.
>>
>> ssh_authorized_key: name has to be unique. So how do I add a key to more
>> than one user?
>
> You'd want to structure this as a kind of custom_user{} define that was able
> to take keys as a parameter and those can be an array or hash of info.  This
> way you're basically listing all the keys per user rather than trying to
> assign keys to multiple users.
>
> Because you'll have custom_user{ 'blah': } you'll be able to refer to the
> blah as $name in the define and then you can make your ssh_authorized_key
> names like:
>
> ssh_authorized_key { "${name}-key": } so that they have unique names, I'll
> leave the rest of this up to your imagination as you'd need a unique -key
> bit per key you pass in.  That's one reason I suggested the keys param be a
> hash, so that you can have a name and then value and use that to build up
> the name cleanly.
>
>>
>> I'd like to simply pass in an array of links(?) to pub key files to my
>> wrapper instead of the actual ssh key. How would I tell Puppet to split the
>> contents at the spaces so I can get the key, type, and name properties out
>> of it?
>
> This stuff is tricky with the language as it stands.  The way I've solved
> this (and seen others solve this) in the past is that rather than trying to
> pass in arrays you build a hash in hiera for your users

Re: [Puppet Users] Help me with a local Linux account management module

[David Reagan]

So, I just mocked up what I'm thinking of doing.

How do I deal with loops? From what I can Puppet doesn't let you loop
through arrays.

See https://gist.github.com/jerrac/5543893 for a very very very rough draft
of what I'm imagining this could look like.

How would you deal with multiple authorized keys, and only adding groups
that exist on the server already?

--David Reagan


On Wed, May 8, 2013 at 1:57 PM, David Reagan  wrote:
>>There's several ways to handle this.  Generally the way it's done is via
a "custom function" that executes on the puppetmaster and injects the
results of that run into the catalog for the client.  This way you can use
a hash generator.  Something like
https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb
>
> I meant, how do I tell what hash the server will know how to use? I
> suppose it shouldn't matter much. I'll just copy the hash out of the
> /etc/shadow file. If I get more than 10 users I'll want to figure out
> how to use LDAP anyway.
>
> I hadn't realized the ssh_authorized_key name wasn't limited to what's
> in the users .pub file. So making those unique shouldn't be too hard.
>
>>This stuff is tricky with the language as it stands.  The way I've solved
this (and seen others solve this) in the past is that rather than trying to
pass in arrays you build a hash in hiera for your users and then pass the
entire hash to create_resources('mycustomusersdefine', hashname) to have it
create a call to the define for each element of the hash.  If you google
create_resources you should find some examples.
>
> Haven't googled it yet. But it seems a bit more complicated than what
> I want. I just want to read the .pub file, grab the type and key, then
> use that to create an ssh_authorized_key. That way, when someone adds
> or changes their .pub file, it's as simple as uploading the pub file
> to the puppetmaster and we're done. Thus avoiding potential mistakes
> that could occur if I (or they) formatted the key into json or yaml.
>
> I would think I could do something like that with Ruby. But I'm not
> sure how to integrate that into my module...
>
> --David Reagan
>
>
> On Fri, Apr 26, 2013 at 2:31 PM, Ashley Penney  wrote:
>> On Fri, Apr 26, 2013 at 4:08 PM, David Reagan  wrote:
>>>
>>> I'm pretty much brand new to Puppet. I've read the tutorials on puppet
>>> labs, and most of Pro Puppet. But there's still a lot I don't get. So I
>>> figured I'd learn by doing.
>>>
>>> My current goal is to write a user account wrapper. It would only be for
>>> local Linux accounts only, only on Ubuntu for now.
>>>
>>> I'm not just using the user type because I want to manage ssh authorized
>>> keys as well.
>>>
>>> I did find https://github.com/dcsobral/puppet-users, and a few others.
But
>>> I'm not fond of the use of csv files, and it seems like a simple enough
>>> module to learn with.
>>>
>>> Wrapping user and ssh_authorized_key is simple, just pass in the
>>> information. But I do have a couple questions I couldn't find answers
to in
>>> the docs, here, or Google.
>>>
>>> Questions:
>>>
>>> What happens when a group listed in the user type does not exist on the
>>> server?
>>
>> Generally speaking you shouldn't let that happen!  The user resource will
>> fail because it wants the group to exist first.  Create a group{}
resource
>> and in the user{} resource add something like require => Group['users'],
or
>> whatever, so that this doesn't happen.
>>
>>>
>>> How do I figure out what hash to use for the password when creating a
new
>>> user?
>>
>> There's several ways to handle this.  Generally the way it's done is via
a
>> "custom function" that executes on the puppetmaster and injects the
results
>> of that run into the catalog for the client.  This way you can use a hash
>> generator.  Something like
>>
https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/random_password.rb
>>
>>>
>>> Do I just copy the hash directly into the password property? No need to
>>> tell puppet what kind of hash it is?
>>
>> It basically takes the contents of password and shovels it into the
>> appropriate /etc/shadow column.
>>>
>>> ssh_authorized_key: name has to be unique. So how do I add a key to more
>>> than one user?
>>
>> You'd want to structure this as a kind of custom_user{} define that was
able
>> to take keys as a parameter and those can be an array or hash of info.
 This
>> way you're basically listing all the keys per user rather than trying to
>> assign keys to multiple users.
>>
>> Because you'll have custom_user{ 'blah': } you'll be able to refer to the
>> blah as $name in the define and then you can make your ssh_authorized_key
>> names like:
>>
>> ssh_authorized_key { "${name}-key": } so that they have unique names,
I'll
>> leave the rest of this up to your imagination as you'd need a unique -key
>> bit per key you pass in.  That's one reason I suggested the keys param
be a
>> hash, so that you can have a n

[Puppet Users] Re: define and exported resources - giving wrong template content

[joe]

jcbollinger is correct.

Templates are evaluated on the master in response to a catalog request. Any 
facter values used in the template will be the values from the host 
requesting the catalog. 

In your nagios module, you export the file resource (with it's contents) 
from the server with the correct values. This is because the resource is 
*evaluated* on the client run and then exported.

In your defined type, you are not actually evaluating the template contents 
because you wrap it in a defined type. This means the resources in the 
defined type are exported from the client, but not evaluated until the 
server requests its catalog. So you end up with values from the server 
instead of the client.

On Wednesday, May 8, 2013 1:57:05 PM UTC-6, jcbollinger wrote:
>
>
>
> On Wednesday, May 8, 2013 9:22:16 AM UTC-5, Klavs Klavsen wrote:
>>
>> Hi,
>>
>> I have an odd problem - I have a define, as an exported resource. when 
>> puppet creates them on the central gdash host - it creates them with the 
>> correct (client) hostname (f.ex. cat 
>> /var/www/gdash/graph_templates/dashboards/hosts/p-web01/dash.yaml) - but 
>> the content has the central gdash hostname in them instead (of f.ex. 
>> p-web01 etc.).
>>
>> I do the same with nagios config - and there it works fine (only diff I 
>> can see, is that I do export the file resource directly (with a tag), 
>> instead of doing it in a define).
>>
>> ##definition - run on hosts
>>   @@gdash::hostgraphs { "${::hostname}": }
>>
>> ##profile on gdash server
>>   Gdash::Hostgraphs <<| |>> { }
>>
>> ##gdash::hostgraphs
>>
>> define gdash::hostgraphs () {
>>   $tplpath = "/var/www/gdash/graph_templates/dashboards"
>>   $hostpath = "$tplpath/hosts/$name"
>>   #file { "$tplpath/hosts": ensure => directory }
>>   file { "$tplpath/hosts/$name": ensure => directory, require => 
>> File["$tplpath/hosts"] }
>>   #$graphs = [  'dash.yaml', 'cpu.graph', 'io.graph', 'iops.graph', 
>> 'load.graph', 'memory.graph', 'nettraf.graph', 'sockets.graph']
>>   file { "$hostpath/dash.yaml": content => template('gdash/dash.yaml') }
>>   file { "$hostpath/cpu.graph": content => template('gdash/cpu.graph') }
>>   file { "$hostpath/io.graph": content => template('gdash/io.graph') }
>>   file { "$hostpath/iops.graph": content => template('gdash/iops.graph') }
>>   file { "$hostpath/load.graph": content => template('gdash/load.graph') }
>>   file { "$hostpath/memory.graph": content => 
>> template('gdash/memory.graph') }
>>   file { "$hostpath/nettraf.graph": content => 
>> template('gdash/nettraf.graph') }
>>   file { "$hostpath/sockets.graph": content => 
>> template('gdash/sockets.graph') }
>> }
>>
>> The templates all look kinda like this 
>> (modules/gdash/templates/dash.yaml):
>> :name: <%= hostname %>
>> :description: Graphs for <%= fqdn %>
>>
>> Anyone have any ideas?
>>
>> It's puppet v3.1.1
>>
>>
>
> I'm not sure I would have predicted the behavior you see, but it makes 
> sense.  When you export a resource you are exporting the resource type and 
> parameters.  When you later import that resource, it is evaluated in the 
> context of the importing host, just as you see.  Evidently, if you want to 
> convey data from the exporter to the importer then it must be carried by 
> parameters of the exported resource.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[John Warburton]

On 9 May 2013 05:57, Felipe Salum  wrote:

> Is Puppetlabs planning some easy solution for this ?
>

I run 12 puppet servers around the world. They work in a multiple puppet
master solution where any client from any location can work with any puppet
server in any location with dns_alt_names. We have an easy/simple solution:

One puppet server is designated puppet-ca.example.com. All client's
configuration files look like this:

ca_server = puppet-ca.example.com

A second puppet server is randomly chosen to be puppet-ca2.example.com. A
rsync job runs every minute on puppet-ca2 to only suck down the
.../etc/ssl/ca directory from puppet-ca

If puppet-ca becomes unavailable, we move the puppet-ca CNAME to
puppet-ca2. That lag is acceptable to us. You may chose to use other load
balancing options like an F5

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[Robert van Veelen]

-- Sent from my HP VeerOn May 8, 2013 19:58, John Warburton  wrote: On 9 May 2013 05:57, Felipe Salum  wrote:

Is Puppetlabs planning some easy solution for this ?I run 12 puppet servers around the world. They work in a multiple puppet master solution where any client from any location can work with any puppet server in any location with dns_alt_names. We have an easy/simple solution:

One puppet server is designated puppet-ca.example.com. All client's configuration files look like this:    ca_server = puppet-ca.example.com

A second puppet server is randomly chosen to be puppet-ca2.example.com. A rsync job runs every minute on puppet-ca2 to only suck down the .../etc/ssl/ca directory from puppet-ca

If puppet-ca becomes unavailable, we move the puppet-ca CNAME to puppet-ca2. That lag is acceptable to us. You may chose to use other load balancing options like an F5John





-- 
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



-- 
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[Felipe Salum]

Yes it works perfectly, I run 2 puppet servers and one of them is the CA 
using a CNAME as well for the puppet master/ca.

After it is set and working it is wonderful, however until you figure out 
that you need to remove the ssldir, then run puppet with dns_alt_names, 
then sign with dns_alt_names in the other side, then start the 
apache2/passenger, then do a lot of more other tricks until you get out of 
the certificate error messages it is a headache :)

Easy solution would be something that would be easier to setup, or maybe it 
is just me trying to complicate things. :)

On Wednesday, May 8, 2013 4:58:21 PM UTC-7, John Warburton wrote:
>
> On 9 May 2013 05:57, Felipe Salum > wrote:
>
>> Is Puppetlabs planning some easy solution for this ?
>>
>
> I run 12 puppet servers around the world. They work in a multiple puppet 
> master solution where any client from any location can work with any puppet 
> server in any location with dns_alt_names. We have an easy/simple solution:
>
> One puppet server is designated puppet-ca.example.com. All client's 
> configuration files look like this:
>
> ca_server = puppet-ca.example.com
>
> A second puppet server is randomly chosen to be puppet-ca2.example.com. A 
> rsync job runs every minute on puppet-ca2 to only suck down the 
> .../etc/ssl/ca directory from puppet-ca
>
> If puppet-ca becomes unavailable, we move the puppet-ca CNAME to 
> puppet-ca2. That lag is acceptable to us. You may chose to use other load 
> balancing options like an F5
>
> John
>  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] hiera can't see a value on a puppet client, but the hiera app on the server can

[Eric]

When I run puppet on a client it says it can't find a parameter in hiera,
but If I run the hiera application on my puppet master and give it the same
facts that my client has, it finds them just fine. Why is that?

Here's how my client sees itself:

[root@tag5-4-qa-sjc ~]# facter --puppet | grep region
region => northamerica
[root@tag5-4-qa-sjc ~]# facter --puppet | grep datacenter
datacenter => sjc
[root@tag5-4-qa-sjc ~]# facter --puppet | grep environment
environment => qa
[root@tag5-4-qa-sjc ~]# facter --puppet | grep machinetype
machinetype => tag
[root@tag5-4-qa-sjc ~]# facter --puppet | grep hostname
hostname => tag5-4-qa-sjc

I run puppet and get this error:

err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find data item ak_auth_primary in any Hiera data file and no
default supplied at /etc/puppet/manifests/site.pp:11 on node
tag5-4-qa-sjc.domain.net

on my puppet master server:

$ hiera ak_auth_primary region=northamerica datacenter=sjc environment=qa

Answer: ops1-1-qa-sjc

$ hiera ak_auth_primary region=northamerica datacenter=sjc environment=qa
machinetype=tag hostname=tag5-4-qa-sjc

Answer: ops1-1-qa-sjc

Is it because I'm using an older version of Puppet with Hiera? I'm not
quite ready to upgrade to version 3 yet, but I plan to.

[root@tag5-4-qa-sjc ~]# rpm -qa | grep puppet
puppet-2.7.14-1.el6.noarch

user@puppet-server$ sudo rpm -qa | egrep '(puppet|hiera)'
puppet-2.7.12-1.el6.noarch
puppet-dashboard-1.2.6-1.el6.noarch
hiera-1.2.1-1.el5.noarch
puppet-server-2.7.12-1.el6.noarch
hiera-puppet-1.0.0-1.el5.noarch

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location

[John Warburton]

On 9 May 2013 10:59, Felipe Salum  wrote:

>
> Easy solution would be something that would be easier to setup, or maybe
> it is just me trying to complicate things. :)
>
> I suppose all HA solutions are difficult - they have to suit your site's
definition of HA and meet cost/complexity needs. Sometime a one pager set
of instructions is good enough, but Puppet Labs aren't going to be able to
meet everyone's HA needs

I was lucky that this was my second puppet deployment and I had a design
that was HA from the start - so built it all in from the start. Keep
plugging away

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Are multiple environments broken in puppet?

[James Kyle]

I started getting the following errors from my puppet master:

> Error: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Invalid parameter provider at /some/module/manifests/foo.pp

The module would vary, but the error was always the same. I started 
googling, searching lists, etc. And turned up a whole bucket load of issues 
that all seem related and are all unresolved:

#17814, #13858, #12173, #8750, etc.

Some go back over 2 years and some are current from within the last month, 
but they're all linked.

Am I mistaken/misinterpreting or do they all seem to boil down to 
"environments are broken". 

If I am mistaken, what's the workaround? I was really looking forward to 
mapping environments to git branches with git hooks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Announce: cis-puppet 0.2.0 is now available

[Peter Brown]

Awesome!
Thanks Arild!

I was working on implementing those with puppet in my organisation but have
yet to finish them.
I will definitely have a look at your implementation and may offer help
with your module if I get some spare time.

Pete.



On 8 May 2013 02:34, Arild Jensen  wrote:

> Overview
> 
>
> This module implements the Center for Internet Security (CIS) Security 
> Configuration Benchmark for Red Hat Enterprise Linux 6 v.1.1.0 (avilable at 
> http://benchmarks.cisecurity.org). Each scored control has been implemented 
> as a class or a custom fact.
>
> Installation
> 
>
> Please either:
>
> - Clone git repo from https://github.com/arildjensen/cis-puppet
> - Run "puppet module install arildjensen/cis" and install from PuppetForge 
> (http://forge.puppetlabs.com/arildjensen/cis)
>
> Use
> ===
>
> The class cis::el6all will enforce all the controls. If you wish to deviate 
> please look for the el6all.pp file and use that as a template. Note that some 
> of the scored controls not able to be written in Puppet code have been 
> implemented as custom facts using Facter. Controls labeled "not scored" by 
> the benchmark are not included.
>
> Also note that there are two subclasses in the cis module, cis::linuxcontrols 
> and cis::el6. The former implements the specific controls with a general name 
> (such as cis::linuxcontrols::c0001), allowing for future re-use. The latter 
> maps directly to a specific CIS control for RHEL6 (such as cis::el6::1_1_17 
> for control 1.1.17 in the benchmark).
>
> User-Controlled Settings
> 
> Some of the settings, such as which log server to use, can be specified by the
> user. Below is a sample hiera file containing all the current configurable
> settings:
>
> cis::logserver: 'syslog.localdomain'
> cis::ntpserver:
>   - ntp1
>   - ntp2
>   - ntp3
> cis::aide_cron_check:
>   hour: 6
>   minute: 30
>
> Author
> ==
>
> Written by Arild Jensen  with source code 
> repository at https://github.com/arildjensen/cis-puppet.
>
>
> Release History
> ===
> - 0.2.0 - Added comments and implemented hiera support for some of the 
> settings.
> - 0.1.0 - Initial release
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet Dashboard's ENC returning wrong hostname/parameters

[Greg Batye]

Ok, opened a ticket with more info. Same bug happened on my learning VM. 

http://projects.puppetlabs.com/issues/20643

On Wednesday, May 8, 2013 10:57:09 AM UTC-7, Aaron Stone wrote:
>
> Interesting! Let me see if this still happens in the rails3 branch. Please 
> file a ticket so the issue doesn't get lost. 
> http://projects.puppetlabs.com/projects/dashboard 
>
>
> On Tue, May 7, 2013 at 11:17 PM, Greg Batye 
> > wrote:
>
>>  Hey everyone, 
>>
>>
>>  I have an issue with puppet dashboard that I can find a solution to. 
>>
>>
>>  My server naming convention contains leading numbers at the beginning 
>> of the hostname. For example, 009example.com. Whenever I run 
>> “/usr/share/puppet-dashboard/external_node 009example.com” another 
>> host's parameters/classes are returned. I tracked the issue down to the enc 
>> returning the hostname with id 9 in the database. This happens no matter 
>> which number I use. 
>>
>>
>>  Has anyone had this issue and is there a way to have puppet dashboard 
>> search the database for name rather then id? 
>>
>>
>>  --Greg
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To post to this group, send email to puppet...@googlegroups.com
>> .
>> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>  
>>  
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] hiera can't see a value on a puppet client, but the hiera app on the server can

[Johan De Wit]

Hi Eric,

By default, hiera-cli uses /etc/hiera.yaml, hiera-puppet uses 
/etc/puppet/hiera.yaml as config file.  That was my mistake starting 
using hiera cli for testing.


Btw, "facter --puppet region"  wil also work, so no need for grep anymore.


On 05/09/2013 04:34 AM, Eric wrote:
When I run puppet on a client it says it can't find a parameter in 
hiera, but If I run the hiera application on my puppet master and give 
it the same facts that my client has, it finds them just fine. Why is 
that?


Here's how my client sees itself:

[root@tag5-4-qa-sjc ~]# facter --puppet | grep region
region => northamerica
[root@tag5-4-qa-sjc ~]# facter --puppet | grep datacenter
datacenter => sjc
[root@tag5-4-qa-sjc ~]# facter --puppet | grep environment
environment => qa
[root@tag5-4-qa-sjc ~]# facter --puppet | grep machinetype
machinetype => tag
[root@tag5-4-qa-sjc ~]# facter --puppet | grep hostname
hostname => tag5-4-qa-sjc

I run puppet and get this error:

err: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Could not find data item ak_auth_primary in any Hiera data 
file and no default supplied at /etc/puppet/manifests/site.pp:11 on 
node tag5-4-qa-sjc.domain.net 


on my puppet master server:

$ hiera ak_auth_primary region=northamerica datacenter=sjc environment=qa

Answer: ops1-1-qa-sjc

$ hiera ak_auth_primary region=northamerica datacenter=sjc 
environment=qa machinetype=tag hostname=tag5-4-qa-sjc


Answer: ops1-1-qa-sjc

Is it because I'm using an older version of Puppet with Hiera? I'm not 
quite ready to upgrade to version 3 yet, but I plan to.


[root@tag5-4-qa-sjc ~]# rpm -qa | grep puppet
puppet-2.7.14-1.el6.noarch

user@puppet-server$ sudo rpm -qa | egrep '(puppet|hiera)'
puppet-2.7.12-1.el6.noarch
puppet-dashboard-1.2.6-1.el6.noarch
hiera-1.2.1-1.el5.noarch
puppet-server-2.7.12-1.el6.noarch
hiera-puppet-1.0.0-1.el5.noarch
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.

To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.





--
Johan De Wit

Open Source Consultant
Red Hat Certified Engineer(805008667232363)
Puppet Certified Professional 2013 (PCP006)
_

Open-Future   Phone   +32 (0)2/255 70 70
Zavelstraat 72Fax +32 (0)2/255 70 71
3071 KORTENBERG   Mobile  +32 (0)474/42 40 73
BELGIUM   http://www.open-future.be
_

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.