Re: [Puppet Users] Re: PuppetDB: SSL problems
Any idea on how I can do debugging? Tried re-installing several times now. I'd like to be able to find out where the problem lies. Thanks, kl On Friday, May 10, 2013 2:11:09 PM UTC+2, Ken Barber wrote: How did you setup your SSL certificates? You didn't mention a manual certificate setup. Perhaps you can get away with just re-initializing your certificates using 'puppetdb-ssl-setup'? Just backup your /etc/puppetdb/ssl directory first, and then remove it and re-run the tool and see if that helps: # mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak # puppetdb-ssl-setup Try that first, and if it doesn't help let us know what any resulting errors are ... even if its exactly the same error. ken. On Fri, May 10, 2013 at 9:27 AM, kl.pup...@gmail.com javascript: wrote: I ran puppetdb-foreground --debug. Please find the output here: http://pastebin.com/raw.php?i=Ra3BM3yf Thanks again for your time! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript:. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location
On 10 May 2013 19:52, Ramin K ramin-l...@badapple.net wrote: In any case I'd like to see more discussion on highly available Puppet regardless of way it's implemented. We are using SRV records for running multiple puppetmasters and selecting a site local but allowing fallback to others in case it is down. We have 6 puppetmasters for the production environment running in this way currently. Each normally handling 500-1000 nodes. The git repository is push replicated to each one of them. But only one is CA, it is backed up. If it would crash we are fine with having a outage on installing new nodes until we have restored that part to another node. But we have looked into some solutions for maybe making it more resilient though. For PuppetDB we have two service nodes and a master and hot standby for the postgres database. -- Erik Dalén -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to compile puppet script to pure Ruby or other languages.
Hi, Compile to other languages? No. Compile to pure ruby? No. Use masterless? Yes. However, it is not the same as using the master - exported resources won't work, but things like hiera will still work. Google returns many write ups on the matter. Cheers, Den On 14/05/2013, at 13:28, hmf888...@gmail.com wrote: Now, I'm using puppet managing system configurations, there are many environment: production, staging, QA, DEV. The puppet server is only accessible to production servers, but I also want to environments other than production to use puppet, So my question is: is it possible to compile puppet script to pure Ruby or other languages so as it can execute without connecting to puppet master? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet/hiera - how to debug errors ?
Hello all, we have been using puppet/hiera based configuration (puppet 3.1) . I have the following config: /etc/puppet/environments/env1/manifests/site.pp node default { hiera_include ( classes, [] ) } in the common.yaml file: classes: - class1 - class2 - class3 vmwaretools::version: 8.6.10-913593 ... (some other data) ... When I try to deploy it I get: # puppet agent --test --server pmaster --environment env1 Info: Retrieving plugin Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: malformed format string - %S at /etc/puppet/environments/env1/manifests/site.pp:2 on node node01 Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Could you suggest how to debug such kind of errors ? Using hiera based puppet it is more difficult to find where is the real problem. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet and custom nagios object variables
Nagios support custom object variables (http://nagios.sourceforge.net/docs/nagioscore/3/en/customobjectvars.html) buy prefixing them with an underscore: define host{ host_name linuxserver _mac_address00:06:5B:A6:AD:AA _rack_numberR32 } However, I can't determine how to use these with puppet nagios resources. I'm assuming they aren't supported, but I'm also hoping that I just missed it in the documentation. Is anyone creating custom nagios object variables with puppet? Thanks for the help. — Mason Turner -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet/hiera - how to debug errors ?
What's on that line? On 14/05/2013, at 22:02, przemol p@cmcmarkets.com wrote: etc/puppet/environments/env1/manifests/site.pp:2 on -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet/hiera - how to debug errors ?
I have included it in my first post: /etc/puppet/environments/env1/ manifests/site.pp node default { hiera_include ( classes, [] ) } On Tuesday, May 14, 2013 2:45:02 PM UTC+1, denmat wrote: What's on that line? On 14/05/2013, at 22:02, przemol p@cmcmarkets.com javascript: wrote: etc/puppet/environments/env1/manifests/site.pp:2 on -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Is it possible to compile puppet script to pure Ruby or other languages.
Regarding Masterless Puppet, Sam Bashton spoke about his approach to Masterless Puppet at Puppetconf London a few months ago. You can see his slides here: http://www.slideshare.net/PuppetLabs/bashton-masterless-puppet K On Tuesday, May 14, 2013 4:28:04 AM UTC+1, hmf8...@gmail.com wrote: Now, I'm using puppet managing system configurations, there are many environment: production, staging, QA, DEV. The puppet server is only accessible to production servers, but I also want to environments other than production to use puppet, So my question is: is it possible to compile puppet script to pure Ruby or other languages so as it can execute without connecting to puppet master? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Installing packages on windows - fail :(
I switched to the winxp edition - and sflow now installs perfectly. I edited path to NSCP - to be EXACTLY the same as I use for sflow agent msi - and now it works too - atleast on win2003/x86 machines. Haven't had time to test on win2008. One odd thing - I'musing a path like this - which works: my-software01\\autorepo\$\\NSCP-0.4.0.183-Win32.msi However, this path works fine NSCP - the exact same - for the sflow agent ONLY works for windows servers on same Domain as the my-software01 machine. The machine on this other domain - can easily open \\my-software01\autorepo$ in a file explorer on the machine - but msieexec says it can't find the network path.. It seems a pretty fragile package distribution mechanism :( Thank you for your help - if you have any ideas as to this multi-domain thing - which works for one msi - and NOT for the other msi.. pls. fire away :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] MCollective deployment pattern
I'll have a play around in the next few days when I get a chance and report back I'm thinking a little foreground agent is probably the way to go for now as a quick fix, and then I'll work on something cleaner once we start phase 2 in a couple of months Thanks for the pointers, much appreciated -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location
We have a similar setup, minus the SRV records (although that looks quire interesting, gotta get off of 2.7). And we push SVN checkouts instead of git, but that's not a big difference. I have been thinking about the CA, and how to make it more available. My first thought is, do we have to save the generated client certs at all? I brought this up a few weeks ago and the general answer was there is no technical reason to keep the certs, so I am considering deleting them immediately. Now I don't have to worry about backing up the puppetca! Next, and this is where my SSL weakness will shine, could you have all of your HA-puppetmasters run as CAs, too, and then have multiple CA certs on trusted list on the puppet masters? Something like this: 1. foo-east01 comes up, and gets an auto-signed vert from pm-east01. 2. pm-east01 hit by asteroid, so foo-east01 automatically fails over to foo-west01 3. pm-west01 knows to trust the pm-east-01 signed cert. 4. We stand up a pm-east0.new1, generate a new vert for it and append said cert to the trusted list for all clients/PMs. 5. foo-east01 starts using pm-east01.new again 6. foo-east02 comes up, gets a cert from pm-east01.new (This is starting to feel like a certificate rotation strategy in some weird way). One thing I wonder is if I'll actually be a little more secure. Instead of having to have a single CA with a huge FW configuration (we have a lot of independent networks across the 'net), each PM/CA has only a very specific FW ruleset. On May 14, 2013, at 7:35 AM, Erik Dalén erik.gustav.da...@gmail.com wrote: On 10 May 2013 19:52, Ramin K ramin-l...@badapple.net wrote: In any case I'd like to see more discussion on highly available Puppet regardless of way it's implemented. We are using SRV records for running multiple puppetmasters and selecting a site local but allowing fallback to others in case it is down. We have 6 puppetmasters for the production environment running in this way currently. Each normally handling 500-1000 nodes. The git repository is push replicated to each one of them. But only one is CA, it is backed up. If it would crash we are fine with having a outage on installing new nodes until we have restored that part to another node. But we have looked into some solutions for maybe making it more resilient though. For PuppetDB we have two service nodes and a master and hot standby for the postgres database. -- Erik Dalén -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: PuppetDB: SSL problems
Can we walk through your certificates again? Can you give the full verbose output of the following? * keytool -list -keystore /etc/puppetdb/ssl/keystore.jks # you'll need the password from puppetdb_keystore_pw.txt * keytool -list -keystore /etc/puppetdb/ssl/truststore.jks # same again * puppet cert fingerprint --all --digest=md5 * facter fqdn * puppet master --configprint hostcert * cat /etc/puppet/puppetdb.conf * echo GET / | openssl s_client -connect 127.0.1.1:8081 -cert `puppet master --configprint hostcert` -key `puppet master --configprint hostprivkey` -CAfile `puppet master --configprint cacert` # obviously change 127.0.1.1 to whatever port puppetdb is listening on I get the feeling your problem is due to the client certificate being used to connect is the issue, but I need to see all this data again to be clear. On Tue, May 14, 2013 at 7:54 AM, kl.puppetu...@gmail.com wrote: Any idea on how I can do debugging? Tried re-installing several times now. I'd like to be able to find out where the problem lies. Thanks, kl On Friday, May 10, 2013 2:11:09 PM UTC+2, Ken Barber wrote: How did you setup your SSL certificates? You didn't mention a manual certificate setup. Perhaps you can get away with just re-initializing your certificates using 'puppetdb-ssl-setup'? Just backup your /etc/puppetdb/ssl directory first, and then remove it and re-run the tool and see if that helps: # mv /etc/puppetdb/ssl /etc/puppetdb/ssl.bak # puppetdb-ssl-setup Try that first, and if it doesn't help let us know what any resulting errors are ... even if its exactly the same error. ken. On Fri, May 10, 2013 at 9:27 AM, kl.pup...@gmail.com wrote: I ran puppetdb-foreground --debug. Please find the output here: http://pastebin.com/raw.php?i=Ra3BM3yf Thanks again for your time! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To post to this group, send email to puppet...@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location
On Tue, May 14, 2013 at 7:35 AM, Erik Dalén erik.gustav.da...@gmail.com wrote: We are using SRV records for running multiple puppetmasters and selecting a site local but allowing fallback to others in case it is down. We have 6 puppetmasters for the production environment running in this way currently. Each normally handling 500-1000 nodes. The git repository is push replicated to each one of them. Interesting - do you use dashboard or anything similar to track the state of the nodes? cheers, m -- martin.langh...@gmail.com - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin_Langhoff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: High Availability of Puppet server for separate geographical location
If you don't need to backup your puppetca, how do you carry over to a standby puppetca server your client signed certificates and revocation list in case of failure in the production puppetca ? On Tue, May 14, 2013 at 8:04 AM, Mason Turner opsma...@gmail.com wrote: We have a similar setup, minus the SRV records (although that looks quire interesting, gotta get off of 2.7). And we push SVN checkouts instead of git, but that's not a big difference. I have been thinking about the CA, and how to make it more available. My first thought is, do we have to save the generated client certs at all? I brought this up a few weeks ago and the general answer was there is no technical reason to keep the certs, so I am considering deleting them immediately. Now I don't have to worry about backing up the puppetca! Next, and this is where my SSL weakness will shine, could you have all of your HA-puppetmasters run as CAs, too, and then have multiple CA certs on trusted list on the puppet masters? Something like this: 1. foo-east01 comes up, and gets an auto-signed vert from pm-east01. 2. pm-east01 hit by asteroid, so foo-east01 automatically fails over to foo-west01 3. pm-west01 knows to trust the pm-east-01 signed cert. 4. We stand up a pm-east0.new1, generate a new vert for it and append said cert to the trusted list for all clients/PMs. 5. foo-east01 starts using pm-east01.new again 6. foo-east02 comes up, gets a cert from pm-east01.new (This is starting to feel like a certificate rotation strategy in some weird way). One thing I wonder is if I'll actually be a little more secure. Instead of having to have a single CA with a huge FW configuration (we have a lot of independent networks across the 'net), each PM/CA has only a very specific FW ruleset. On May 14, 2013, at 7:35 AM, Erik Dalén erik.gustav.da...@gmail.com wrote: On 10 May 2013 19:52, Ramin K ramin-l...@badapple.net wrote: In any case I'd like to see more discussion on highly available Puppet regardless of way it's implemented. We are using SRV records for running multiple puppetmasters and selecting a site local but allowing fallback to others in case it is down. We have 6 puppetmasters for the production environment running in this way currently. Each normally handling 500-1000 nodes. The git repository is push replicated to each one of them. But only one is CA, it is backed up. If it would crash we are fine with having a outage on installing new nodes until we have restored that part to another node. But we have looked into some solutions for maybe making it more resilient though. For PuppetDB we have two service nodes and a master and hot standby for the postgres database. -- Erik Dalén -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/Ze5QFJ95y3E/unsubscribe?hl=en . To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Help with setting facts for MySQL replication
I put server_id.rb in /etc/puppetlabs/puppet/environments/qa/ecm-puppet/ecm/lib/facter/server_id.rb on puppet server how do you build upon this to create a master-slave relationship through puppet. I have a mysql db on db01.xxx.xxx and a slave on db02.xxx.xxx Thanks Mac On Wednesday, July 28, 2010 8:42:49 AM UTC-7, Disconnect wrote: I use a custom fact in modules/mysql/lib/facter/server_id.rb: # Converts ip address to long for mysql id def get_mysql_id mysql_id = nil; mysql_id = Facter.ipaddress.split('.').inject(0) {|total,value| (total 8 ) + value.to_i} end Facter.add(mysql_server_id) do setcode do get_mysql_id end end Then the mysql_id is used by the template as the node id. On Wed, Jul 28, 2010 at 8:49 AM, Tore tore@gmail.com javascript:wrote: I use cobbler and I push certain information to the kickstarting system via ksmeta, e.g.: cobbler system add --name=rhel-32bit --mac=XX:XX:XX:XX:XX:XX [...] -- ksmeta=swap=256 puppet=true This example allows us to define the swap size and if puppet should be installed and configured. We use the last part alot to allow people to deploy a test node which have a lifespan of 7 days. Is this helpful? On 27 Jul, 23:27, Matthew Macdonald-Wallace li...@truthisfreedom.org.uk wrote: Hi all, I'm trying to work on a solution to setting up mysql in a semi-automated fashion using facts to populate a puppet template. I'm using Cobbler as my build system and I was hoping to pass the values needed for replicate_do_db and server_id as ksmeta information, however it's looking increasingly unlikely that will work. Can anyone share how they configure MySQL for this kind of thing using puppet given that multiple servers may be replicating different databases and all servers require a unique ID? Thanks in advance, Matt -- Matthew Macdonald-Wallace li...@truthisfreedom.org.ukhttp://www.threedrunkensysadsonthe.net/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Help with setting facts for MySQL replication
I put server_id.rb at /etc/puppetlabs/puppet/environments/qa/ecm-puppet/ecm/lib/facter/server_id.rb how do i build on this to create a master-slave replication db01.xxx.xxx(master) db02.xxx.xxx(slave). Thanks Mac On Wednesday, July 28, 2010 8:42:49 AM UTC-7, Disconnect wrote: I use a custom fact in modules/mysql/lib/facter/server_id.rb: # Converts ip address to long for mysql id def get_mysql_id mysql_id = nil; mysql_id = Facter.ipaddress.split('.').inject(0) {|total,value| (total 8 ) + value.to_i} end Facter.add(mysql_server_id) do setcode do get_mysql_id end end Then the mysql_id is used by the template as the node id. On Wed, Jul 28, 2010 at 8:49 AM, Tore tore@gmail.com javascript:wrote: I use cobbler and I push certain information to the kickstarting system via ksmeta, e.g.: cobbler system add --name=rhel-32bit --mac=XX:XX:XX:XX:XX:XX [...] -- ksmeta=swap=256 puppet=true This example allows us to define the swap size and if puppet should be installed and configured. We use the last part alot to allow people to deploy a test node which have a lifespan of 7 days. Is this helpful? On 27 Jul, 23:27, Matthew Macdonald-Wallace li...@truthisfreedom.org.uk wrote: Hi all, I'm trying to work on a solution to setting up mysql in a semi-automated fashion using facts to populate a puppet template. I'm using Cobbler as my build system and I was hoping to pass the values needed for replicate_do_db and server_id as ksmeta information, however it's looking increasingly unlikely that will work. Can anyone share how they configure MySQL for this kind of thing using puppet given that multiple servers may be replicating different databases and all servers require a unique ID? Thanks in advance, Matt -- Matthew Macdonald-Wallace li...@truthisfreedom.org.ukhttp://www.threedrunkensysadsonthe.net/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Creating defined resources based on array of parameters.
John, thank you so much for such a detailed and thoughtful response!! I was definitely confused about resource titles' data type, and I think variable scope too. Also I made an incorrect assumption that providing a hash as a resource title will somehow expand its values for use within the declaration. Thanks for making these concepts clear. I was already using defined types for my apache::vhost and git::clone., so your approach worked perfectly. This is what I ended up doing: # in site.pp: $sitenames = ['foo', 'bar'] $sitedata = { 'foo' = { sitedomain = 'foo.dev', repo = 'git@host/Foo.git', branch = 'develop', serveralias = , priority = '010' }, 'bar' = { . } } deployed_sites { $sitenames : sitedata = $sitedata } # in a module: define baz::deployed_sites ($sitedata) { $settings = $sitedata[$title] apache::vhost { $title : priority = $settings[priority], sitedomain= $settings[sitedomain], serveralias = $settings[serveralias], } git::clone { $title : repo = $settings[repo], branch= $settings[branch], sitedomain= $settings[sitedomain], } } Once again, thank you very much for this, and hope it helps someone else down the road. Eugene On Monday, May 13, 2013 4:42:42 PM UTC-4, jcbollinger wrote: The specific approach you are attempting will not work, but there are variations that will. First off, the title of a resource is always a string. Not a hash, not an array, but a string. Puppet DSL provides a shortcut for declaring multiple resources (native or defined-type) having the same parameters, by writing a single resource declaration where the (string) titles are given as an array literal or an array-valued variable. The result is exactly equivalent to multiple resource declarations, one for each given title, each with the specified parameters. That shortcut does not generalize. It never makes sense to specify a hash as a resource title, nor an array containing any non-string values. Moreover, all elements of a resource declaration itself are evaluated in the context in which the declaration appears. That applies here in that inside your resource *declarations*, there cannot be a sense of a 'current' element of a composite title. That sort of thing has to go into the *implementation* of the resource type (where the 'current' element is just the plain resource title of one of several similar resources). Again: titles are always strings. Back to the question of how you achieve what you're after. There are at least two relatively straightforward ways, both requiring a slightly different form for your data. Instead of an array of hashes, you need a hash of hashes, with the keys of the outer hash being identifying strings suitable for use as resource titles or parts of them. The inner hashes can be similar or perhaps the same as the parameter hashes you have now. For example: $sites = { 'site1' = { sitedomain = 'site1.domain.dev', repo = 'git@repo.address/Repo', branch = 'develop', serveralias = , priority = '010' }, ... } Having your data in that general form, you have two basic alternatives: 1. Use the built-in create_resources() function 2. Create a defined type that performs a similar function If, as in your case, your inner hashes combine parameters for resources of different types, option (1) would require a defined-type wrapper to use as the resource type passed to create_resources(), so that doesn't end up being any simpler. You should read docs for that function, but there isn't really much more to say. I will illustrate the alternative, however. The defined type you need for option (2) is a bit different from the one you would need for option (1). In this case, the defined type needs only one parameter, that being the hash of hashes: define mymodule::site($sites) { include 'apache' # if necessary include 'git' # if necessary # Select the inner hash for this site from # the hash of hashes, using this resource's # title as the key: $site_data = $sites[$title] # Declare resources apache::vhost { ${title}-vhost : priority = $site_data['priority'], sitedomain = $site_data['sitedomain'], serveralias = $site_data['serveralias'], } git::clone { ${title}-git : repo = $site_data['repo'], branch= $site_data['branch'], } } You use then that defined type like so: class somemodule::someclass { $site_names = see below mymodule::sites { $keys: sites = $sites } } The last bit is how to get the site names. It may be the case that which sites to declare is a separate question from which sites' parameters are recorded in the $sites hash, in which case you'll have to determine for yourself how to get a suitable array of site names (each being one of the
Re: [Puppet Users] Using FACTER in other ruby code
Matt Did you ever get puppet to automate replication between a master mysql db and a slave mysql db. For example my host for the master is db01.xxx.xxx and the slave is db01.xxx.xxx. This seems to be an issue Puppet Labs does not support. Once I get a working solution I would like to present a presentation to San Francisco Puppet Master's group as a demo to spread the knowledge. Thanks Mac On Thursday, September 2, 2010 6:09:00 AM UTC-7, macwall wrote: On 2 September 2010 13:52, R.I.Pienaar r...@devco.net javascript: wrote: add around here: ENV['FACTERLIB'] = /var/lib/puppet/lib/facter:/var/lib/puppet/facts substitute with wherever your pluginsync is putting the facts Works a treat. (as always!) Thanks for the heads-up. How do I get this into the puppet/facter documentation? Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] module dependancy
I have two modules, and I'm having some dependacy problems: 1 - Install python pip: class pythonpip::install { file {/root/.pip: ensure = directory, owner = root, group = root, mode = 755 } file {/root/.pip/pip.conf: ensure = present, source = 'puppet:///modules/pythonlinux/pip.conf', mode= 0644, } } 2 - install some python packages via pip: class myapp::install { package { mechanize: provider = pip; numpy: provider = pip; pandas: provider = pip; reportlab: provider = pip; } } I want to make sure tha the pythonpip::install is alway run before the myapp::install. How can I do that? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] [Announce] Puppet Request Tracker Module
This is a cross-list post. I'd like to announce the initial release of a puppet request-tracker module, darin-rt, for managing Request Tracker. The module will install request-tracker and database packages, install request-tracker extensions (if packages are available in the repo), and create basic request-tracker queues. This is also a request for help in extending the module to support more operating systems! Currently it only supports SuSE systems, my distro of choice, so I'm hopeful people from the community who use RT and Puppet will extend this module to support a more verbose set of operating systems. If you're interested in contributing please contact me off-list and I'll help get you up to speed. Enjoy! Puppet Forge: http://forge.puppetlabs.com/darin/rt GitHub: https://github.com/deadpoint/puppet-rt Installation: puppet module install darin-rt -- Later, Darin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Installing packages on windows - fail :(
On Tue, May 14, 2013 at 7:27 AM, Klavs Klavsen kl...@enableit.dk wrote: I switched to the winxp edition - and sflow now installs perfectly. I edited path to NSCP - to be EXACTLY the same as I use for sflow agent msi - and now it works too - atleast on win2003/x86 machines. Haven't had time to test on win2008. One odd thing - I'musing a path like this - which works: my-software01\\autorepo\$\\NSCP-0.4.0.183-Win32.msi I've updated #20534 with more information. msiexec is fragile that way, as is cmd.exe. However, this path works fine NSCP - the exact same - for the sflow agent ONLY works for windows servers on same Domain as the my-software01 machine. The machine on this other domain - can easily open \\my-software01\autorepo$ in a file explorer on the machine - but msieexec says it can't find the network path.. If you are running msiexec directly from the command line, and it can't connect, but file explorer can, then it sounds like an issue with msiexec. Are you using DFS perhaps? Or perhaps an older version of windows installer? It seems a pretty fragile package distribution mechanism :( You should check out http://chocolatey.org, it's like apt-get for windows. There's a puppet chocolatey package provider here: https://github.com/chocolatey/puppet-chocolatey Josh -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2013, August 22-23 in San Francisco - * http://bit.ly/pupconf13* **Register now and take advantage of the Early Bird discount - save 25%!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: RHEL patches broke my puppetd
On Monday, May 13, 2013 9:20:54 AM UTC-4, jcbollinger wrote: On Friday, May 10, 2013 3:17:00 PM UTC-5, dsdtas wrote: Earlier this week, I applied RHEL patches to a couple of dev server with puppet 0.25.5 and now I can no longer run puppetd commands without constantly getting the message: [root@dev2 ~]# puppetd --test --verbose --noop notice: Run of Puppet configuration client already in progress; skipping Killing the process and then clearing out the lock file every time is not really an option. How about stopping the agent before performing OS upgrades (as opposed to just applying updates released for the current OS version)? This did not occur to me. Sounds Windows-y... LOL Also, I am finding that puppetd --enable is not having any effect on my problem Just to be sure: you're running that with privilege, right? Yes, running as root. I am guessing that some puppet dependency got updated by the update from RHEL 5.5 to 5.6. Any suggestions on how to troubleshoot this? If by troubleshoot this you mean get Puppet working correctly again, then there is probably no alternative to forcing Puppet stopped and then removing the lock file. That might involve manually killing a stalled puppetd. If you prefer, that could take the form of restarting the whole server, after which it would be safe to remove the lock file without shutting down the agent. You really should not remove the lock file, neither manually nor via puppetd --enable, while the puppetd process that created it is alive, however. If by troubleshoot this you mean determine what went wrong and why, then you need to gather information, including: - The actual state of the system. Is the agent in fact running? Is the lock file in fact present? - The logs of the most recent Puppet activity not related to your failed / skipped runs and diagnostic efforts. What did puppet last do -- or what was it in the process of doing -- when it entered the state it is now in? - The updates that were actually applied to get from your (possibly updated) RHEL 5.5 to the current (possibly updated) 5.6. Then you need to conduct an analysis, on which I cannot advise you in any detail. I think it more likely that the update clobbered application of some resource, causing the agent to stall in a manner tied to the resource type and its chosen provider, than that the update clobbered the core puppet engine. But I can't be sure. Ultimately, even if you are able to form a good hypothesis about what happened, and even if you are able to test that hypothesis to prove its plausibility, I don't know any way to be *certain* that what you come up with is the correct explanation for what actually happened. You'll have to use your best judgement. John Thanks for going into detail about this. I too believe that some puppet resource was indeed stepped on by the RHEL update from 5.5 to 5.6. I am in the process of reverting the ruby packages on the affected servers from 1.8.5.-19 to 1.8.5.-5. Also related, I discovered that the puppet listener wasn't properly restarting itself due to the control script not specifying the correct location of the PID file. That issue has been fixed so I no longer have to manually kill the process. Will update the thread later this week with progress Thanks DS -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] PuppetDB Failed to submit 'replace facts' command
I have a small environment with a single puppetmaster and puppetdb on the same node that I get sporadic Failed to submit 'replace facts' command errors from nodes. It isn't consistent about which nodes are causing the error and I can't find anything else going on at the same time on either the master or the agent that these errors happen. Here are the logs from a previous event The puppet client log: Retrieving plugin Loading facts in /var/lib/puppet/lib/facter/pe_version.rb Loading facts in /var/lib/puppet/lib/facter/root_home.rb Loading facts in /var/lib/puppet/lib/facter/classes.rb Loading facts in /var/lib/puppet/lib/facter/puppet_enabled.rb Loading facts in /var/lib/puppet/lib/facter/puppetdb_keystore_pw.rb Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb Loading facts in /var/lib/puppet/lib/facter/disposition.rb Loading facts in /var/lib/puppet/lib/facter/ec2_security_groups_cached.rb Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb Loading facts in /var/lib/puppet/lib/facter/jenkins_plugver.rb Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb Loading facts in /var/lib/puppet/lib/facter/ec2_instance_id_cached.rb Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for ue1a-devweb02.mycompany.com to PuppetDB atpuppet.mycompany.com:8081: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A Not using cache on failed catalog Could not retrieve catalog; skipping run The puppet master: May 13 21:46:24 ue1a-util01 puppet-master[28860]: Compiled catalog for ue1a-devweb02.mycompany.com in environment production in 2.36 seconds PuppetDB: 2013-05-13 21:46:22,424 INFO [command-proc-46] [puppetdb.command] [e393b600-02c6-4b60-886e-7056516afef7] [replace facts] ue1a-devweb02.mycompany.com 2013-05-13 21:46:31,497 INFO [command-proc-46] [puppetdb.command] [b6f94e37-6732-44fa-b369-1bc36ed2ef54] [replace catalog] ue1a-devweb02.mycompany.com I turned on debug logging for puppetdb and looked through the logs when an event happened and saw this in the logs: 2013-05-14 20:19:19,237 WARN [qtp874952411-436] [io.nio] javax.net.ssl.SSLHandshakeException: Invalid Padding length: 41 I'm not sure if that's the actual issue or not, but it's what jumped out at me. Anyone else having this issue or know of what to fix? I can provide more logs if needed - I'm just not sure what all is relevant out of the puppetdb debug logs. Puppet 3.1.1, PuppetDB 1.3.0, CentOS 6.4. Thanks, Justin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] PuppetDB Cannot Find Postgresql Driver
Puppet 3.3.1 // CentOS release 6.4 (Final) rpm -qa | grep puppet puppetlabs-release-6-7.noarch puppet-3.1.1-1.el6.noarch puppetdb-1.3.0-1.el6.noarch puppet-server-3.1.1-1.el6.noarch puppetdb-terminus-1.3.0-1.el6.noarch Installed from yum packages: Running Transaction Installing : puppetdb-1.3.0-1.el6.noarch 1/1 Certificate was added to keystore Backing up /etc/puppetdb/conf.d/jetty.ini to /etc/puppetdb/conf.d/jetty.ini.bak.1368570333 before making changes Updated default settings from package installation for ssl-host in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for ssl-port in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for key-password in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for trust-password in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for keystore in /etc/puppetdb/conf.d/jetty.ini. Updated default settings from package installation for truststore in /etc/puppetdb/conf.d/jetty.ini. Verifying : puppetdb-1.3.0-1.el6.noarch 1/1 Installed: puppetdb.noarch 0:1.3.0-1.el6 Complete! After following numerous posts all over the net, and of course PuppetLabs' docs I simply cannot get PuppetDB to run. It cannot find the Java Driver and dies after about a minute of running: java.lang.ClassNotFoundException: org.postgresql.jdbcDriver at java.net.URLClassLoader$1.run(URLClassLoader.java:366) at java.net.URLClassLoader$1.run(URLClassLoader.java:355) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:354) at clojure.lang.DynamicClassLoader.findClass(DynamicClassLoader.java:61) at java.lang.ClassLoader.loadClass(ClassLoader.java:423) at java.lang.ClassLoader.loadClass(ClassLoader.java:356) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:188) at com.puppetlabs.jdbc$make_connection_pool.invoke(jdbc.clj:161) at com.puppetlabs.jdbc$pooled_datasource.invoke(jdbc.clj:189) at com.puppetlabs.puppetdb.cli.services$_main.doInvoke(services.clj:366) at clojure.lang.RestFn.invoke(RestFn.java:421) at clojure.lang.Var.invoke(Var.java:419) at clojure.lang.AFn.applyToHelper(AFn.java:163) at clojure.lang.Var.applyTo(Var.java:532) at clojure.core$apply.invoke(core.clj:601) at com.puppetlabs.puppetdb.core$_main.doInvoke(core.clj:79) at clojure.lang.RestFn.applyTo(RestFn.java:137) at com.puppetlabs.puppetdb.core.main(Unknown Source) Puppet Settings /etc/sysconfig/puppet- default - no change /etc/sysconfig/puppetdb - default- no change -- /etc/puppet/routes.yaml --- master: facts: terminus: puppetdb cache: yaml --- /etc/puppet/puppet.conf [master] storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb facts_terminus = puppetdb-terminus /etc/puppet/puppetdb.conf [main] server = fqdn-hostname port = 8081 - /etc/puppetdb/log4j.properties - default - no change /etc/puppetdb/conf.d/config.ini - default - no change /etc/puppetdb/conf.d/jetty.ini - default - no change /etc/puppetdb/conf.d/repl.ini - default - no change - /etc/puppetdb/conf.d/database.ini: classname = org.postgresql.jdbcDriver subprotocol = postgresql subname = //localhost:5432/puppetdb username= puppetdb password= puppetdb gc-interval = 60 log-slow-statements = 10 = Postgresql Settings = psql -U puppetdb Password for user puppetdb: psql (8.4.13) Type help for help. puppetdb= \l List of databases Name| Owner | Encoding | Collation |Ctype|Access privileges ---+--+--+-+-+-- postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | puppetdb | puppetdb | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/puppetdb : puppetdb=C*T*c*/puppetdb template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
Re: [Puppet Users] puppet and custom nagios object variables
I think icinga can use those as well. I don't believe it is supported in the puppet resources yet. It may be time to find out how to add it. On 14 May 2013 23:38, Mason Turner opsma...@gmail.com wrote: Nagios support custom object variables ( http://nagios.sourceforge.net/docs/nagioscore/3/en/customobjectvars.html) buy prefixing them with an underscore: define host{ host_name linuxserver *_mac_address 00:06:5B:A6:AD:AA* * _rack_number R32* } However, I can't determine how to use these with puppet nagios resources. I'm assuming they aren't supported, but I'm also hoping that I just missed it in the documentation. Is anyone creating custom nagios object variables with puppet? Thanks for the help. — Mason Turner -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet, git security
Hi all, In my company we have a security policy that frowns upon things like puppet masters making git pull requests to other network segments. Allowing code to be pushed into these segments is less of a problem. This policy makes it difficult to do stuff like, https://puppetlabs.com/blog/git-workflow-and-puppet-environments/ I am wondering if anyone out there has ever faced a similar problem and has worked out a way to build a push-only configuration from GIT code repositories to puppet masters. Best regards, Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet, git security
Sorry for the top posting. Imho, i think this is a question that could be asked on the git mailing list. Best 2013/5/15, Alex Harvey alexharv...@gmail.com: Hi all, In my company we have a security policy that frowns upon things like puppet masters making git pull requests to other network segments. Allowing code to be pushed into these segments is less of a problem. This policy makes it difficult to do stuff like, https://puppetlabs.com/blog/git-workflow-and-puppet-environments/ I am wondering if anyone out there has ever faced a similar problem and has worked out a way to build a push-only configuration from GIT code repositories to puppet masters. Best regards, Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet/hiera - how to debug errors ?
Funny this should come up as I got the same error just today. Incorrect YAML file was the culprit. Error is non-descriptive though. This will help you find the file. for i in `find ./ -name *.yaml` ;do echo $i ; ruby -e require 'yaml'; YAML.parse(File.open('$i')) ;done Cheers, Den On Tue, May 14, 2013 at 11:59 PM, przemol p@cmcmarkets.com wrote: I have included it in my first post: /etc/puppet/environments/env1/ **manifests/site.pp node default { hiera_include ( classes, [] ) } On Tuesday, May 14, 2013 2:45:02 PM UTC+1, denmat wrote: What's on that line? On 14/05/2013, at 22:02, przemol p@cmcmarkets.com wrote: etc/puppet/environments/env1/**manifests/site.pp:2 on -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet, git security
I haven't worked out a pure git way but Jenkins, git export, rsync are a good solid combo :) On 15/05/2013, at 14:51, devzero2000 pinto.e...@gmail.com wrote: Sorry for the top posting. Imho, i think this is a question that could be asked on the git mailing list. Best 2013/5/15, Alex Harvey alexharv...@gmail.com: Hi all, In my company we have a security policy that frowns upon things like puppet masters making git pull requests to other network segments. Allowing code to be pushed into these segments is less of a problem. This policy makes it difficult to do stuff like, https://puppetlabs.com/blog/git-workflow-and-puppet-environments/ I am wondering if anyone out there has ever faced a similar problem and has worked out a way to build a push-only configuration from GIT code repositories to puppet masters. Best regards, Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Inviato dal mio dispositivo mobile -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet, git security
On Wednesday, May 15, 2013 3:40:28 PM UTC+10, denmat wrote: I haven't worked out a pure git way but Jenkins, git export, rsync are a good solid combo :) Do you know of any documentation or blog posts from others using a configuration like this? My initial thinking was to use rsync but I am concerned about getting bitten by Puppet manageability or scalability issues down the track that I haven't thought of. Thus my interest in the experiences of others who may have a push-only relationship between their revision control systems and the puppet masters. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.