Re: [Puppet Users] Run a File resource only if another file is missing
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${title}@example.com
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
The gitconfig.erb has the following content :
/bin/cat %= home %/.gitconfig EOF
[user]
name = %= @gitconfig_user_name %
email = %= @gitconfig_user_email %
EOF
Basically, just don't have either 'source' nor 'content' for your file
resource, and create the initial content using an exec with the
'creates' condition.
Matthias
Dan White y...@comcast.net wrote:
Short Answer: You need to create a custom fact that would drive the
decision to create the new file resource.
I just went thru this issue and also performing an action based on
whether or not a package (RPM in my case) is installed.
Same answer to both.
For the existence of a file, you can do this:
#!/bin/bash
test -f /var/www/owncloud/config/config.php
rc=$?
echo is_my_file_there=${rc}
That goes into /etc/facter/facts.d/ as an executable shell script and
then in your manifest:
if $::is_my_file_there != 0 {
file { 'autoconfig.php':
.
}
}
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: John Naggets hostingnugg...@gmail.com
To: puppet-users@googlegroups.com
Sent: Thursday, May 30, 2013 4:04:29 PM
Subject: [Puppet Users] Run a File resource only if another file is
missing
Hi,
I would like to run the File resource below:
file { 'autoconfig.php':
path = '/var/www/owncloud/config/autoconfig.php',
ensure = file,
owner = 'www-data',
group = 'www-data',
content = template(owncloud/autoconfig.php.erb),
}
only when a specific file (in my
case: /var/www/owncloud/config/config.php) is missing. Is this
somehow possible? Couldn't find my case in the puppet
documentation...
Thanks!
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Issue with Puppet Packages which are installed multiple times
Hi Nan, thanks a lot. Perhaps I'll get around that issue by specifying the arch while installing. I just was a bit surprised why installing and uninstalling (with the same options: none :) ) leaves the system in a different state than before. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Grouping hosts within environments
Yes you can just tag them from there:
accounts::users::accounts:
sysadmin:
ensure: present
home: /home/sysadmin
managehome: true
shell: /bin/bash
uid: 4000
gid: sysadmin
comment: Systems Admin
tags aren't special in any way - they are just a metaparameter that each
resource in puppet can have -
http://docs.puppetlabs.com/references/latest/metaparameter.html#tag
If you don't want to repeat yourself and can deduce the user team(group)
from the yaml file or something, you can use the third parameter for
create_resource which is just the default parameters. So you would have
something like this:
$tags = {
tag = 'app1'
}
create_resource(user, $myhash, $tags)
--
Nikola
On Thu, May 30, 2013 at 09:51:48AM -0700, przemol wrote:
This approach requires to keep all the users in *.pp files.
Currently we keep users in yaml file:
accounts::users::accounts:
sysadmin:
ensure: present
home: /home/sysadmin
managehome: true
shell: /bin/bash
uid: 4000
gid: sysadmin
comment: Systems Admin
etc
and create them using create_resource. Is it possible to use hiera to
associate all the users to particular servers ?
On Thursday, May 30, 2013 4:39:02 PM UTC+1, nikolavp wrote:
You can always use tags with virtual resources of some sort. Let's say
that user1 is in group app1, user2 and user3 are in group app2. You can
tag those user accounts with that:
user{'user1'
...
tag = 'app1',
}
user {['user2', 'user3']:
...
tag = 'app2',
}
now in your hiera configurations or somewhere else(like ENC) you can
specify which user accounts belong to that host by realizing only those
that you need.
node node10,node20 {
User| tag == 'app1' |
}
I would also introduce a fact that exposes the fact that user accounts
of 'app1' belong to a particular host
On Thu, May 30, 2013 at 08:02:34AM -0700, przemol wrote:
Hello,
we have been using puppet 3 with hiera based config and several (usually
typical) environments:
test
predev
dev
preprod
prod
...
Basically we apply the puppet config to test, then predev, then dev, etc
But within each environment we have quite a large number of hosts
(20/50/100/300/...).
We would like to group them into sort of subgroups. For example dev
hosts
are for developers from different applications teams: app1, app2, app3,
appN.
We need to create accounts (user accounts are just an example - there
are
other similar tasks) on all servers from dev environments:
user accounts for dev team app1 don't need to be on all dev servers -
just
on the following nodes: node10 - node20
user accounts for dev team app2 should be just on the following nodes:
node35 - node88
etc
(and I can't use any regular expressions to select nodes - the same
servers
in each group could have quite different FQDN)
Can you recommend what puppet/hiera feature could I use to group servers
?
It would be good if I could use it just on central puppet master server
and
not need to login to every node
and assign it locally to a group.
Regards
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users...@googlegroups.com javascript:.
To post to this group, send email to
puppet...@googlegroups.comjavascript:.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
That is an excellent example, but I think you miss the original point:
Your example deals with only one file resource - the dot-gitconfig file
Suppose you only wanted to perform this action if git was installed on the
system, and do nothing if it was not ?
This additional requirement puts it closer to the original question and this is
where a custom fact is called for in the opinion of several folks on the list
including myself.
If you can offer an example that demonstrates otherwise, I would welcome it.
I do not believe it possible without the custom fact and I have several hours
of frustrated tinkering to show for it. I wanted to set a parameter in a
config file but only if (the config file exists and/or the associated package
is installed) and found I could not do it completely from within the manifest.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin Hobbes)
- Original Message -
From: Matthias Saou matth...@saou.eu
To: puppet-users@googlegroups.com
Sent: Friday, May 31, 2013 4:00:15 AM
Subject: Re: [Puppet Users] Run a File resource only if another file is missing
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${title}@example.com
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
The gitconfig.erb has the following content :
/bin/cat %= home %/.gitconfig EOF
[user]
name = %= @gitconfig_user_name %
email = %= @gitconfig_user_email %
EOF
Basically, just don't have either 'source' nor 'content' for your file
resource, and create the initial content using an exec with the
'creates' condition.
Matthias
Dan White y...@comcast.net wrote:
Short Answer: You need to create a custom fact that would drive the
decision to create the new file resource.
I just went thru this issue and also performing an action based on
whether or not a package (RPM in my case) is installed.
Same answer to both.
For the existence of a file, you can do this:
#!/bin/bash
test -f /var/www/owncloud/config/config.php
rc=$?
echo is_my_file_there=${rc}
That goes into /etc/facter/facts.d/ as an executable shell script and
then in your manifest:
if $::is_my_file_there != 0 {
file { 'autoconfig.php':
.
}
}
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: John Naggets hostingnugg...@gmail.com
To: puppet-users@googlegroups.com
Sent: Thursday, May 30, 2013 4:04:29 PM
Subject: [Puppet Users] Run a File resource only if another file is
missing
Hi,
I would like to run the File resource below:
file { 'autoconfig.php':
path = '/var/www/owncloud/config/autoconfig.php',
ensure = file,
owner = 'www-data',
group = 'www-data',
content = template(owncloud/autoconfig.php.erb),
}
only when a specific file (in my
case: /var/www/owncloud/config/config.php) is missing. Is this
somehow possible? Couldn't find my case in the puppet
documentation...
Thanks!
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Packages for Ubuntu 13.04 Raring
I think they already are? If you grab http://apt.puppetlabs.com/puppetlabs-release-raring.deb and install that you should be able to get all the latest packages for raring. On Thu, May 30, 2013 at 7:22 PM, Vlad v...@vladgh.com wrote: When packages for Ubuntu 13.04 Raring going to be released? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
Hi,
Indeed, I had missed that John was mentioning two different files
(config.php vs. autoconfig.php). In that case, my only bit of
(useless) advice is : You're not using puppet in the way it's most
efficient, as it's not meant to manage nodes based on changes it
doesn't make itself.
Custom fact, it is...
Matthias
Dan White y...@comcast.net wrote:
That is an excellent example, but I think you miss the original point:
Your example deals with only one file resource - the dot-gitconfig
file Suppose you only wanted to perform this action if git was
installed on the system, and do nothing if it was not ?
This additional requirement puts it closer to the original question
and this is where a custom fact is called for in the opinion of
several folks on the list including myself.
If you can offer an example that demonstrates otherwise, I would
welcome it. I do not believe it possible without the custom fact and
I have several hours of frustrated tinkering to show for it. I
wanted to set a parameter in a config file but only if (the config
file exists and/or the associated package is installed) and found I
could not do it completely from within the manifest.
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: Matthias Saou matth...@saou.eu
To: puppet-users@googlegroups.com
Sent: Friday, May 31, 2013 4:00:15 AM
Subject: Re: [Puppet Users] Run a File resource only if another file
is missing
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${title}@example.com
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
The gitconfig.erb has the following content :
/bin/cat %= home %/.gitconfig EOF
[user]
name = %= @gitconfig_user_name %
email = %= @gitconfig_user_email %
EOF
Basically, just don't have either 'source' nor 'content' for your file
resource, and create the initial content using an exec with the
'creates' condition.
Matthias
Dan White y...@comcast.net wrote:
Short Answer: You need to create a custom fact that would drive the
decision to create the new file resource.
I just went thru this issue and also performing an action based on
whether or not a package (RPM in my case) is installed.
Same answer to both.
For the existence of a file, you can do this:
#!/bin/bash
test -f /var/www/owncloud/config/config.php
rc=$?
echo is_my_file_there=${rc}
That goes into /etc/facter/facts.d/ as an executable shell script
and then in your manifest:
if $::is_my_file_there != 0 {
file { 'autoconfig.php':
.
}
}
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: John Naggets hostingnugg...@gmail.com
To: puppet-users@googlegroups.com
Sent: Thursday, May 30, 2013 4:04:29 PM
Subject: [Puppet Users] Run a File resource only if another file is
missing
Hi,
I would like to run the File resource below:
file { 'autoconfig.php':
path = '/var/www/owncloud/config/autoconfig.php',
ensure = file,
owner = 'www-data',
group = 'www-data',
content = template(owncloud/autoconfig.php.erb),
}
only when a specific file (in my
case: /var/www/owncloud/config/config.php) is missing. Is this
somehow possible? Couldn't find my case in the puppet
documentation...
Thanks!
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Issue with Puppet Packages which are installed multiple times
The installation of both i386 and x86_64 packages is a YUM configuration issue in RHEL 5. This is not the default behavior in RHEL 6. http://serverfault.com/questions/77122/rhel5-forbid-installation-of-i386-packages-on-64-bit-systems On Friday, May 31, 2013 3:06:49 AM UTC-5, bjoern pohl wrote: Hi Nan, thanks a lot. Perhaps I'll get around that issue by specifying the arch while installing. I just was a bit surprised why installing and uninstalling (with the same options: none :) ) leaves the system in a different state than before. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: augeas for hosts.allow
To anyone interested, this thread has been duplicated (and answered) on
https://www.redhat.com/archives/augeas-devel/2013-May/msg00028.html
Raphaël
On Wednesday, May 29, 2013 4:35:30 PM UTC+2, kashif wrote:
Hi
I am trying to configure hosts.allow using augeas with puppet. I can add a
ip range if process exists with this code
augeas { Add ${name} to ${process}:
context = /files/etc/hosts.allow,
changes = set *[process='${process}']/client[last()+1] ${name},
onlyif = match *[process='${process}']/client[.='${name}'] size ==
0,
but if a process doesn't exist then I can't do it dynamically, some
thing like this works
augeas { Add ${name} - ${process}:
context = /files/etc/hosts.allow,
changes = [ set 02/process ${process}, set 02/client[.='{$name}']
${name} ],
onlyif = match *[process='${process}'] size == 0,
}
But I have to provide node number (02 here) . The above code is mostly
based on
https://gist.github.com/rodjek/18c50d8800840696bac0
Can some one give a better option. What I want is that I can define
different process and ip range in node manifest file like this
ssh::hosts_allow { [ '1.1.1.1', '2.2.2.2', ]:
process = 'sshd',
ssh::hosts_allow { [ '3.3.3.3 ]:
process = 'nrpe',
Thanks
Kashif
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Dashboard showing newline character
I found the solution. Dashboard does not play well with ruby 1.9.3. I will try the rails3 branch and see if it works better. /Thomas On Wednesday, May 22, 2013 7:48:52 PM UTC+2, Jordan Hayes wrote: I am having this exact same issue. I installed Puppet this past April, from the PuppetLabs repository on a Debian Wheezy box. I see these new line characters under the reports, as you have shown. I am also new to Puppet and new to Ruby, which makes this problem even more frustrating. On Thursday, April 4, 2013 7:46:34 AM UTC-7, Kevin Squire wrote: I just completed the install of dashboard on a Debian Wheezy box, using the deb package provided by puppetlabs repository. After following the directions http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html I now have it up and running (collecting reports only at the moment) I am noticing that on all my reports page, I get a ton of \n characters showing up. Since I am new to Ruby as well as Puppet, I am having a hard time finding WHY these are getting inserted. Any help would be appreciated. Attached is a screenshot showing the issue... same image is also available at http://www.wikiak.org/temp/dashboard.png -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Dashboard showing newline character
Me too have the same issue, did you find any solution? On Wednesday, May 22, 2013 7:48:52 PM UTC+2, Jordan Hayes wrote: I am having this exact same issue. I installed Puppet this past April, from the PuppetLabs repository on a Debian Wheezy box. I see these new line characters under the reports, as you have shown. I am also new to Puppet and new to Ruby, which makes this problem even more frustrating. On Thursday, April 4, 2013 7:46:34 AM UTC-7, Kevin Squire wrote: I just completed the install of dashboard on a Debian Wheezy box, using the deb package provided by puppetlabs repository. After following the directions http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html I now have it up and running (collecting reports only at the moment) I am noticing that on all my reports page, I get a ton of \n characters showing up. Since I am new to Ruby as well as Puppet, I am having a hard time finding WHY these are getting inserted. Any help would be appreciated. Attached is a screenshot showing the issue... same image is also available at http://www.wikiak.org/temp/dashboard.png -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: What data on the server can a compromized host read
Nick,
Thank you very much for the detailed explanation!
Vlad
On 05/30/13 20:09, Nick Fagerlund wrote:
Hi Vlad,
This is all more or less dictated by the auth.conf file, although the
implications can take a little while to chase down. You can see
http://docs.puppetlabs.com/guides/rest_auth_conf.html for the syntax of
this file and its general capabilities. The default rules in Puppet 3.x
are here: https://github.com/puppetlabs/puppet/blob/master/conf/auth.conf
Moving on to your concrete questions:
- Owned would NOT be able to directly access ANY manifests or Hiera data.
In current versions of Puppet with default auth.conf, it works like
this: A node is allowed to access the /catalog/NAME HTTP endpoint,
where NAME *must* be the node's own certificate name. (Nodes cannot
access /catalog/SOMEONE ELSE.) A GET request to this endpoint causes
the puppet master to use its manifests and Hiera data to compile a
catalog. (We mention this here:
http://docs.puppetlabs.com/puppet/latest/reference/lang_summary.html#compilation-and-catalogs)
A catalog is not just a subset of manifests; it removes all conditional
logic, irrelevant data, etc., and becomes an unambiguous single-node
document, rather than a contingent multi-node piece of code. All Hiera
data gets resolved, and becomes literal node-appropriate values in the
catalog.
- By default, owned WOULD be able to access file contents in
modulepath/module_name/files. This can be prevented by making
additional rules in auth.conf for specific modules you are worried about.
The default auth.conf allows all certified nodes to access any endpoint
beginning with /file. When fetching file contents for
modulepath/my_module/files/this_file.txt, puppet agent hits
/file_metadata/modules/my_module/this_file.txt (to check whether it
already has the correct content) and then
/file_content/modules/my_module/this_file.txt (to fetch the content if
it isn't up to date). These are both prefixed by /file, so everyone
can get them. Nodes can also use the file_metadatas endpoint to get
directory listings.
If you have files in a special module that you are worried about, and if
you can express the nodes who are allowed to access it in terms of
certificate name or IP address, you can create a new auth.conf rule for
that module and place it ABOVE the /file rule in auth.conf:
path ~ ^/file_(metadata|content)s?/modules/my_module
auth yes
allow /^(.+)\.dmz\.example\.com$/
allow_ip 192.168.100.0/24
This trick also works for custom fileserver mount points as defined in
fileserver.conf (http://docs.puppetlabs.com/guides/file_serving.html),
which may be a better choice for highly sensitive files.
Finally, for truly sensitive content, you have some extra options:
- You can avoid the source attribute for sensitive files, and use
content instead. This compiles the approved content for THAT NODE into
the catalog. You can use the template() function
(http://docs.puppetlabs.com/references/latest/function.html#template) to
get content from an external file which nodes cannot directly access,
and if your manifests make sure that only highly trusted nodes will have
that content compiled into their catalogs, the information is
effectively protected from less-trusted nodes that get owned.
- You can investigate the hiera-gpg tool, which... I'm afraid I haven't
learned how to use it, yet, but it promises a fairly robust way to
handle dangerous content.
Also, keep in mind that facts
(http://docs.puppetlabs.com/puppet/latest/reference/lang_variables.html#facts-and-built-in-variables)
reported by the node are not necessarily trustworthy -- If you are using
facts to make decisions about who can access certain content, it may be
possible for an attacker to guess a fact value that will get them
something interesting in their catalog. Note also that the special
$clientcert variable is essentially just a fact; it isn't validated by
the puppet master. We're currently investigating adding a trusted
certificate name variable, see here:
http://projects.puppetlabs.com/issues/19514
Hope that helps,
N
On Thursday, May 30, 2013 1:24:27 PM UTC-7, Vladimir Brik wrote:
Hello,
I am trying to better understand the security impact a compromised
host managed by puppet could have on our infrastructure.
Suppose an attacker gained root on a machine called 'owned', and we
have this in site.pp:
node owned {
file {'foo':
content = 'puppet:///modules/module_name/foo',
}
}
Will agent running on 'owned' be able to retrieve:
- modulepath/module_name/files/bar
- modulepath/module_name/manifests
- hiera data (other than what it's supposed to have access to)
Thanks very much,
Vlad
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send
Re: [Puppet Users] Packages for Ubuntu 13.04 Raring
The release package is indeed present, but it's the only one in the Raring pool (http://apt.puppetlabs.com/dists/raring/main/binary-amd64/Packages; http://apt.puppetlabs.com/pool/raring/main/). My bootstrap scripts installed the repo successfully, but, to my surprise, the puppet and facter packages are the ones from Ubuntu. On Friday, May 31, 2013 7:56:19 AM UTC-5, Ashley Penney wrote: I think they already are? If you grab http://apt.puppetlabs.com/puppetlabs-release-raring.deb and install that you should be able to get all the latest packages for raring. On Thu, May 30, 2013 at 7:22 PM, Vlad vl...@vladgh.com javascript:wrote: When packages for Ubuntu 13.04 Raring going to be released? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
On Fri, May 31, 2013 at 1:00 AM, Matthias Saou matth...@saou.eu wrote:
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${title}@example.com
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
A bit off topic, but you should use file attribute replace = false instead
of an exec.
Nan
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] AD user add to local windows group?
Pardon my noobness to this, but is anyone able to get around this
issuehttps://projects.puppetlabs.com/issues/15326
?
group {'testgroup':
ensure = present,
members = 'DOMAIN\user',
name = 'test'
}
Yields
OLE error code:8007056B in Active Directory A member could not be added
to or removed from the local group because the member does not exist.
I'm running v3.2.1 and the bug report is from v2.7.17 -- am I doing
something wrong?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
Thanks guys for your input. That's correct I am looking to act upon another
file's nonexistence... I will go with facter.
On Friday, May 31, 2013 2:57:56 PM UTC+2, Matthias Saou wrote:
Hi,
Indeed, I had missed that John was mentioning two different files
(config.php vs. autoconfig.php). In that case, my only bit of
(useless) advice is : You're not using puppet in the way it's most
efficient, as it's not meant to manage nodes based on changes it
doesn't make itself.
Custom fact, it is...
Matthias
Dan White yg...@comcast.net javascript: wrote:
That is an excellent example, but I think you miss the original point:
Your example deals with only one file resource - the dot-gitconfig
file Suppose you only wanted to perform this action if git was
installed on the system, and do nothing if it was not ?
This additional requirement puts it closer to the original question
and this is where a custom fact is called for in the opinion of
several folks on the list including myself.
If you can offer an example that demonstrates otherwise, I would
welcome it. I do not believe it possible without the custom fact and
I have several hours of frustrated tinkering to show for it. I
wanted to set a parameter in a config file but only if (the config
file exists and/or the associated package is installed) and found I
could not do it completely from within the manifest.
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: Matthias Saou matt...@saou.eu javascript:
To: puppet...@googlegroups.com javascript:
Sent: Friday, May 31, 2013 4:00:15 AM
Subject: Re: [Puppet Users] Run a File resource only if another file
is missing
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${tit...@example.com javascript:
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
The gitconfig.erb has the following content :
/bin/cat %= home %/.gitconfig EOF
[user]
name = %= @gitconfig_user_name %
email = %= @gitconfig_user_email %
EOF
Basically, just don't have either 'source' nor 'content' for your file
resource, and create the initial content using an exec with the
'creates' condition.
Matthias
Dan White yg...@comcast.net javascript: wrote:
Short Answer: You need to create a custom fact that would drive the
decision to create the new file resource.
I just went thru this issue and also performing an action based on
whether or not a package (RPM in my case) is installed.
Same answer to both.
For the existence of a file, you can do this:
#!/bin/bash
test -f /var/www/owncloud/config/config.php
rc=$?
echo is_my_file_there=${rc}
That goes into /etc/facter/facts.d/ as an executable shell script
and then in your manifest:
if $::is_my_file_there != 0 {
file { 'autoconfig.php':
.
}
}
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: John Naggets hosting...@gmail.com javascript:
To: puppet...@googlegroups.com javascript:
Sent: Thursday, May 30, 2013 4:04:29 PM
Subject: [Puppet Users] Run a File resource only if another file is
missing
Hi,
I would like to run the File resource below:
file { 'autoconfig.php':
path = '/var/www/owncloud/config/autoconfig.php',
ensure = file,
owner = 'www-data',
group = 'www-data',
content = template(owncloud/autoconfig.php.erb),
}
only when a specific file (in my
case: /var/www/owncloud/config/config.php) is missing. Is this
somehow possible? Couldn't find my case in the puppet
documentation...
Thanks!
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Re: [Puppet Users] AD user add to local windows group?
Hi Vince,
On Fri, May 31, 2013 at 8:31 AM, VinceH vince.hrabo...@gmail.com wrote:
Pardon my noobness to this, but is anyone able to get around this
issuehttps://projects.puppetlabs.com/issues/15326
?
group {'testgroup':
ensure = present,
members = 'DOMAIN\user',
name = 'test'
}
Yields
OLE error code:8007056B in Active Directory A member could not be added
to or removed from the local group because the member does not exist.
I'm running v3.2.1 and the bug report is from v2.7.17 -- am I doing
something wrong?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
This is bug https://projects.puppetlabs.com/issues/17031
Josh
--
Josh Cooper
Developer, Puppet Labs
*Join us at PuppetConf 2013, August 22-23 in San Francisco - *
http://bit.ly/pupconf13*
**Register now and take advantage of the Early Bird discount - save 25%!*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] ruby issue
Hi, I am having problems installing Puppet Server. My gem list follows and then the attempt to install puppet-server. The specific errors are: Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-augeas Error: Package: hiera-1.2.1-1.el6.noarch (puppetlabs) Requires: rubygem-json Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-rgen Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-shadow I do not know where to get nor how to install the above. Console Log [root@ca-sna-pm01 rubygems-1.8.25]# gem list *** LOCAL GEMS *** actionmailer (3.2.13) actionpack (3.2.13) activemodel (3.2.13) activerecord (3.2.13) activeresource (3.2.13) activesupport (3.2.13) archive-tar-minitar (0.5.2) arel (3.0.2) builder (3.0.4) bundler (1.3.5) cgi_multipart_eof_fix (2.5.0) columnize (0.3.6) daemons (1.1.9) erubis (2.7.0) fastthread (1.0.7) gem_plugin (0.2.3) hike (1.2.2) i18n (0.6.1) journey (1.0.4) json (1.8.0) mail (2.5.4) mime-types (1.23) mongrel (1.1.5) multi_json (1.7.4) polyglot (0.3.3) rack (1.4.5) rack-cache (1.2) rack-ssl (1.3.3) rack-test (0.6.2) rails (3.2.13) railties (3.2.13) rake (10.0.4) rdoc (3.12.2) rgen (0.6.2) ruby-json (1.1.2) ruby-shadow (2.2.0) ruby_core_source (0.1.5) shadow (1.1) sprockets (2.2.2) thor (0.18.1) tilt (1.4.1) treetop (1.4.12) tzinfo (0.3.37) [root@ca-sna-pm01 rubygems-1.8.25]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: -- puppet-server-3.2.1-1.el6.noarch Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: hiera = 1.0.0 for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby(selinux) for package: puppet-3.2.1-1.el6.noarch Processing -- Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-shadow for -- package: puppet-3.2.1-1.el6.noarch Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed Package --- hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be --- installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: -- libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: ruby-augeas for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-rgen for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby-shadow for package: puppet-3.2.1-1.el6.noarch Running -- transaction check --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: -- libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: ruby-augeas for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-rgen for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby-shadow for package: puppet-3.2.1-1.el6.noarch Running -- transaction check --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will be updated --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be an --- update Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: ruby-augeas for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-rgen for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby-shadow for package: puppet-3.2.1-1.el6.noarch Finished -- Dependency Resolution Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-augeas Error: Package: hiera-1.2.1-1.el6.noarch (puppetlabs) Requires: rubygem-json Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-rgen Error: Package:
Re: [Puppet Users] ruby issue
Stuart, You need to have either EPEL or our dependencies repo enabled to get ruby-augeas, rubygem-json, and ruby-shadow. ruby-rgen is only available in our dependencies repo currently. The dependencies repo can be added to yum with the following repo definition (assuming you have the gpg key installed already, which you likely do if using our products repo): [puppetlabs-deps] name=Puppet Labs Dependencies EL 6 - x86_64 baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs keepalive=1 On Fri, May 31, 2013 at 10:30 AM, Stuart Cracraft smcracr...@gmail.com wrote: Hi, I am having problems installing Puppet Server. My gem list follows and then the attempt to install puppet-server. The specific errors are: Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-augeas Error: Package: hiera-1.2.1-1.el6.noarch (puppetlabs) Requires: rubygem-json Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-rgen Error: Package: puppet-3.2.1-1.el6.noarch (puppetlabs) Requires: ruby-shadow I do not know where to get nor how to install the above. Console Log [root@ca-sna-pm01 rubygems-1.8.25]# gem list *** LOCAL GEMS *** actionmailer (3.2.13) actionpack (3.2.13) activemodel (3.2.13) activerecord (3.2.13) activeresource (3.2.13) activesupport (3.2.13) archive-tar-minitar (0.5.2) arel (3.0.2) builder (3.0.4) bundler (1.3.5) cgi_multipart_eof_fix (2.5.0) columnize (0.3.6) daemons (1.1.9) erubis (2.7.0) fastthread (1.0.7) gem_plugin (0.2.3) hike (1.2.2) i18n (0.6.1) journey (1.0.4) json (1.8.0) mail (2.5.4) mime-types (1.23) mongrel (1.1.5) multi_json (1.7.4) polyglot (0.3.3) rack (1.4.5) rack-cache (1.2) rack-ssl (1.3.3) rack-test (0.6.2) rails (3.2.13) railties (3.2.13) rake (10.0.4) rdoc (3.12.2) rgen (0.6.2) ruby-json (1.1.2) ruby-shadow (2.2.0) ruby_core_source (0.1.5) shadow (1.1) sprockets (2.2.2) thor (0.18.1) tilt (1.4.1) treetop (1.4.12) tzinfo (0.3.37) [root@ca-sna-pm01 rubygems-1.8.25]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: -- puppet-server-3.2.1-1.el6.noarch Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: hiera = 1.0.0 for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby(selinux) for package: puppet-3.2.1-1.el6.noarch Processing -- Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-shadow for -- package: puppet-3.2.1-1.el6.noarch Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed Package --- hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be --- installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: -- libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: ruby-augeas for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-rgen for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby-shadow for package: puppet-3.2.1-1.el6.noarch Running -- transaction check --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: -- libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: ruby-augeas for package: -- puppet-3.2.1-1.el6.noarch Processing Dependency: ruby-rgen for -- package: puppet-3.2.1-1.el6.noarch Processing Dependency: -- ruby-shadow for package: puppet-3.2.1-1.el6.noarch Running -- transaction check --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: -- hiera-1.2.1-1.el6.noarch --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will
[Puppet Users] Re: ruby issue
Okay, things are better but I am getting this error for json and rubygems. [root@ca-sna-pm01 augeas-1.0.0]# gem install json Building native extensions. This could take a while... Successfully installed json-1.8.0 1 gem installed Installing ri documentation for json-1.8.0... Installing RDoc documentation for json-1.8.0... [root@ca-sna-pm01 augeas-1.0.0]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: puppet-server-3.2.1-1.el6.noarch -- Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: hiera = 1.0.0 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby(selinux) for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.2.1-1.el6.noarch -- Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-rgen.noarch 0:0.6.2-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Running transaction check --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Running transaction check --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will be updated --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Finished Dependency Resolution Error: Package: rubygem-json-1.5.5-1.el6.x86_64 (puppetlabs-deps) Requires: rubygems You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root@ca-sna-pm01 augeas-1.0.0]# -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: ruby issue
Stuart, rubygems comes from the redhat optional repo, so you'll need to have that repo enabled to get the rubygems package. On Fri, May 31, 2013 at 10:59 AM, Stuart Cracraft smcracr...@gmail.com wrote: Okay, things are better but I am getting this error for json and rubygems. [root@ca-sna-pm01 augeas-1.0.0]# gem install json Building native extensions. This could take a while... Successfully installed json-1.8.0 1 gem installed Installing ri documentation for json-1.8.0... Installing RDoc documentation for json-1.8.0... [root@ca-sna-pm01 augeas-1.0.0]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: puppet-server-3.2.1-1.el6.noarch -- Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: hiera = 1.0.0 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby(selinux) for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.2.1-1.el6.noarch -- Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-rgen.noarch 0:0.6.2-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Running transaction check --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Running transaction check --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will be updated --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Finished Dependency Resolution Error: Package: rubygem-json-1.5.5-1.el6.x86_64 (puppetlabs-deps) Requires: rubygems You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root@ca-sna-pm01 augeas-1.0.0]# -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2013, August 22-23 in San Francisco - http://bit.ly/pupconf13 Register now and take advantage of the Early Bird discount - save 25%! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] AD user add to local windows group?
This sounds like the other side of the coin to a bug that I filed:
https://projects.puppetlabs.com/issues/19414
Not being able to add AD/LDAP users to a local group is a fail.
Thanks,
Trevor
On Fri, May 31, 2013 at 1:19 PM, Josh Cooper j...@puppetlabs.com wrote:
Hi Vince,
On Fri, May 31, 2013 at 8:31 AM, VinceH vince.hrabo...@gmail.com wrote:
Pardon my noobness to this, but is anyone able to get around this
issuehttps://projects.puppetlabs.com/issues/15326
?
group {'testgroup':
ensure = present,
members = 'DOMAIN\user',
name = 'test'
}
Yields
OLE error code:8007056B in Active Directory A member could not be added
to or removed from the local group because the member does not exist.
I'm running v3.2.1 and the bug report is from v2.7.17 -- am I doing
something wrong?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
This is bug https://projects.puppetlabs.com/issues/17031
Josh
--
Josh Cooper
Developer, Puppet Labs
*Join us at PuppetConf 2013, August 22-23 in San Francisco - *
http://bit.ly/pupconf13*
**Register now and take advantage of the Early Bird discount - save 25%!*
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaug...@onyxpoint.com
-- This account not approved for unencrypted proprietary information --
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: ruby issue
Can you copy/paste the repo entry which works for you in reply? On May 31, 2013, at 11:50 AM, Matthaus Owens matth...@puppetlabs.com wrote: Stuart, rubygems comes from the redhat optional repo, so you'll need to have that repo enabled to get the rubygems package. On Fri, May 31, 2013 at 10:59 AM, Stuart Cracraft smcracr...@gmail.com wrote: Okay, things are better but I am getting this error for json and rubygems. [root@ca-sna-pm01 augeas-1.0.0]# gem install json Building native extensions. This could take a while... Successfully installed json-1.8.0 1 gem installed Installing ri documentation for json-1.8.0... Installing RDoc documentation for json-1.8.0... [root@ca-sna-pm01 augeas-1.0.0]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: puppet-server-3.2.1-1.el6.noarch -- Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: hiera = 1.0.0 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby(selinux) for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.2.1-1.el6.noarch -- Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-rgen.noarch 0:0.6.2-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Running transaction check --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Running transaction check --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will be updated --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Finished Dependency Resolution Error: Package: rubygem-json-1.5.5-1.el6.x86_64 (puppetlabs-deps) Requires: rubygems You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root@ca-sna-pm01 augeas-1.0.0]# -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2013, August 22-23 in San Francisco - http://bit.ly/pupconf13 Register now and take advantage of the Early Bird discount - save 25%! -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/ghDZsdkC3C0/unsubscribe?hl=en. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this
Re: [Puppet Users] Re: ruby issue
I don't have a rhel box handy to enable that repo on, but here's the top google hit. https://access.redhat.com/site/documentation/en-US/Red_Hat_Subscription_Management/1.0/html/Subscription_Management_Guide/entitlements-and-yum.html On Fri, May 31, 2013 at 11:57 AM, Stuart Cracraft smcracr...@me.com wrote: Can you copy/paste the repo entry which works for you in reply? On May 31, 2013, at 11:50 AM, Matthaus Owens matth...@puppetlabs.com wrote: Stuart, rubygems comes from the redhat optional repo, so you'll need to have that repo enabled to get the rubygems package. On Fri, May 31, 2013 at 10:59 AM, Stuart Cracraft smcracr...@gmail.com wrote: Okay, things are better but I am getting this error for json and rubygems. [root@ca-sna-pm01 augeas-1.0.0]# gem install json Building native extensions. This could take a while... Successfully installed json-1.8.0 1 gem installed Installing ri documentation for json-1.8.0... Installing RDoc documentation for json-1.8.0... [root@ca-sna-pm01 augeas-1.0.0]# yum install puppet-server Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Setting up Install Process Resolving Dependencies -- Running transaction check --- Package puppet-server.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: puppet = 3.2.1-1.el6 for package: puppet-server-3.2.1-1.el6.noarch -- Running transaction check --- Package puppet.noarch 0:3.2.1-1.el6 will be installed -- Processing Dependency: facter = 1.6.11 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: hiera = 1.0.0 for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby(selinux) for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-augeas for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-rgen for package: puppet-3.2.1-1.el6.noarch -- Processing Dependency: ruby-shadow for package: puppet-3.2.1-1.el6.noarch -- Running transaction check --- Package facter.i386 1:1.7.1-1.el6 will be installed --- Package hiera.noarch 0:1.2.1-1.el6 will be installed -- Processing Dependency: rubygem-json for package: hiera-1.2.1-1.el6.noarch --- Package libselinux-ruby.x86_64 0:2.0.94-5.3.el6_4.1 will be installed -- Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 --- Package ruby-augeas.x86_64 0:0.4.1-1.el6 will be installed --- Package ruby-rgen.noarch 0:0.6.2-1.el6 will be installed --- Package ruby-shadow.x86_64 0:1.4.1-13.el6 will be installed -- Running transaction check --- Package libselinux.x86_64 0:2.0.94-5.3.el6 will be updated -- Processing Dependency: libselinux = 2.0.94-5.3.el6 for package: libselinux-utils-2.0.94-5.3.el6.x86_64 --- Package libselinux.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Running transaction check --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6 will be updated --- Package libselinux-utils.x86_64 0:2.0.94-5.3.el6_4.1 will be an update --- Package rubygem-json.x86_64 0:1.5.5-1.el6 will be installed -- Processing Dependency: rubygems for package: rubygem-json-1.5.5-1.el6.x86_64 -- Finished Dependency Resolution Error: Package: rubygem-json-1.5.5-1.el6.x86_64 (puppetlabs-deps) Requires: rubygems You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root@ca-sna-pm01 augeas-1.0.0]# -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2013, August 22-23 in San Francisco - http://bit.ly/pupconf13 Register now and take advantage of the Early Bird discount - save 25%! -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/ghDZsdkC3C0/unsubscribe?hl=en. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit
Re: [Puppet Users] Announce: Puppet 3.2.1 Available
On Friday, May 24, 2013 9:15:47 AM UTC-7, Andreas Ntaflos wrote: On 24/05/13 11:43, Paul T�tterman wrote: Did something change in the way Puppet outputs messages? Until this morning we used the following to run Puppet from Cron on all our nodes: But as of 3.2.1 this produces output on every Puppet agent run and that output is mailed out, resulting in hundreds of messages which contain nothing of importance (see below). This had worked fine for almost two years now, with output only generated on errors and problems (such as DNS not available). I'm having the same issue. I couldn't find a bug report about this. There is --verbose and --debug, but not --silent or --quiet. Should we maybe use --logdest? Anyway the behaviour has changed from 3.1.1 We have always been using --logdest syslog, it is only with 3.2.1 that log messages now seem to go not only to syslog but also to stdout, which is why Cron generates annoying mail messages. Even more interesting: before 3.2.1 /var/log/syslog would only show the finished catalog run message when running Puppet from Cron with puppet agent -o --no-daemonize --logdest syslog: ... So, I am asking the Puppet devs: is this behaviour intended or a bug? Should I open a bug report? Andreas This is a bug; it's an unintended side effect of a patch that went in to 3.2.x intended to provide better log output prior to the puppet agent daemonizing. It's currently tracked in Redmine as 20900 and 20919. The patch has been reverted and this is schedule to be released in 3.2.2, which should be out soon. Sorry for the inconvenience! Josh Partlow Puppet Dev -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Could not request certificate: Error 405 on SERVER
I found a solution for this...use an older version of Passenger, specifically Passenger 3.0.21 To do this I uninstalled the Passenger gem: gem uninstall passenger Then installed the older version: gem install passenger --version 3.0.21 Then rebuilt libraries: passenger-install-apache2-module On Thursday, May 30, 2013 2:19:47 PM UTC-7, Jonathan wrote: Hi all, I have experience using puppet, however I am new to setting puppet up as it was already done for me in past environments. I am running into an issue while trying to set puppet up for the first time on RHEL 6.4. I was hoping y'all might be able to help me! I get the following error from the puppet client's /var/log/messages log: May 30 07:06:30 pclient puppet-agent[1458]: Creating a new SSL certificate request for pclient May 30 07:06:30 pclient puppet-agent[1458]: Certificate Request fingerprint (SHA256): 62:1A:83:7D:DA:8B:A5:4B:14:D8:85:CF:D2:87:72:FA:88:9C:F5:88:46:28:3D:59:10:99:30:D8:50:9D:7A:2E May 30 07:06:30 pclient puppet-agent[1458]: Could not request certificate: Error 405 on SERVER: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN May 30 07:06:30 pclient puppet-agent[1458]: htmlhead May 30 07:06:30 pclient puppet-agent[1458]: title405 Method Not Allowed/title May 30 07:06:30 pclient puppet-agent[1458]: /headbody May 30 07:06:30 pclient puppet-agent[1458]: h1Method Not Allowed/h1 May 30 07:06:30 pclient puppet-agent[1458]: pThe requested method PUT is not allowed for the URL /production/certificate_request/pclient./p ...truncated... On the puppet master I get stuff like this in the apache logs: [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/node [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadatas [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadata [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/catalog [Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate [Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate_request/pclient Here is some relevant apache config info: # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ Directory /usr/share/puppet/rack/puppetmasterd/ Options None AllowOverride None Order Allow,Deny Allow from All /Directory Any ideas? I'm sure this is something VERY basic that I missed, but I keep reading through the setup guide and coming up with nothing to try. Most appreciated! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Unable to generate certificate on Puppet Agent through Master
I am running into the same problem and it just dawned on me that Solaris might put it in another directory, the master is redhat, the clients are Solaris. What would change for a solaris certificate? On Tuesday, August 28, 2012 2:08:51 AM UTC-7, Ajeet Raina wrote: Hi, I have a puppet master and agent installed. I want to generate and configure master-agent certificate and followed the steps: Master: == 1. Cleaned up all certificate on Master: [root@puppet-server manifests]# puppet cert sign --all No waiting certificate requests to sign [root@puppet-server manifests]# puppet cert clean --all notice: Revoked certificate with serial 16 notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat '/var/lib/puppet/ssl/ca/signed/puppet-client.test.com.pem' notice: Removing file Puppet::SSL::Certificate puppet-client.test.comat '/var/lib/puppet/ssl/certs/puppet-client.test.com.pem' [root@puppet-server manifests]# puppet cert clean --all [root@puppet-server manifests]# 2. Removed all ssl/* from Agent [root@puppet-client yum.repos.d]# rm -fr /var/lib/puppet/ssl/* [root@puppet-client yum.repos.d]# cd /var/lib/puppet/ssl/ [root@puppet-client ssl]# ls [root@puppet-client ssl]# 3. Generating Certificate from Agent: [root@puppet-client ssl]# puppet agent --test --verbose --server puppet-server.test.com info: Creating a new SSL key for puppet-client.test.com info: Caching certificate for ca info: Creating a new SSL certificate request for puppet-client.test.com info: Certificate Request fingerprint (md5): AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1 Exiting; no certificate found and waitforcert is disabled [root@puppet-client ssl]# 4. Accepting it through Master: [root@puppet-server manifests]# puppetca -l puppet-client.test.com (AC:EA:5B:B7:C6:A5:94:CE:26:1A:49:9E:F3:B1:EF:B1) [root@puppet-server manifests]# [root@puppet-server manifests]# puppet cert sign --all notice: Signed certificate request for puppet-client.test.com notice: Removing file Puppet::SSL::CertificateRequest puppet-client.test.com at '/var/lib/puppet/ssl/ca/requests/puppet-client.test.com.pem' [root@puppet-server manifests]# Well going. 5.[root@puppet-client ssl]# puppet agent --test --verbose --server puppet-server.test.com info: Caching certificate for puppet-client.test.com info: Caching certificate_revocation_list for ca err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=puppet-server.test.com] warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=puppet-server.test.com] [root@puppet-client ssl]# I tried to remove all the certificate from agent manually /var/lib/puppet/ssl/* but things dint fix the issue. I also tried to generate the certificate on server through : puppet agent --test --server=`hostname` and then performed all the steps above. No Luck with this too. How to fix this issue? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run a File resource only if another file is missing
You should really reconsider how you are going about things and organizing
your resources if you have to do stuff like this.
Puppet was never meant to be reactionary in this sense. It's entire purpose
is to define the state of the system and enforce that state, not to respond
to the state of the system conditionally.
On Friday, May 31, 2013 10:01:19 AM UTC-6, John Naggets wrote:
Thanks guys for your input. That's correct I am looking to act upon
another file's nonexistence... I will go with facter.
On Friday, May 31, 2013 2:57:56 PM UTC+2, Matthias Saou wrote:
Hi,
Indeed, I had missed that John was mentioning two different files
(config.php vs. autoconfig.php). In that case, my only bit of
(useless) advice is : You're not using puppet in the way it's most
efficient, as it's not meant to manage nodes based on changes it
doesn't make itself.
Custom fact, it is...
Matthias
Dan White yg...@comcast.net wrote:
That is an excellent example, but I think you miss the original point:
Your example deals with only one file resource - the dot-gitconfig
file Suppose you only wanted to perform this action if git was
installed on the system, and do nothing if it was not ?
This additional requirement puts it closer to the original question
and this is where a custom fact is called for in the opinion of
several folks on the list including myself.
If you can offer an example that demonstrates otherwise, I would
welcome it. I do not believe it possible without the custom fact and
I have several hours of frustrated tinkering to show for it. I
wanted to set a parameter in a config file but only if (the config
file exists and/or the associated package is installed) and found I
could not do it completely from within the manifest.
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: Matthias Saou matt...@saou.eu
To: puppet...@googlegroups.com
Sent: Friday, May 31, 2013 4:00:15 AM
Subject: Re: [Puppet Users] Run a File resource only if another file
is missing
There are other ways. None are nice and clean, but a custom fact just
for this seems overkill.
Here's a quick example of how I've implemented creating a default
~/.gitconfig for users if it doesn't exist, but not modify it if it's
already there or has been modified.
$gitconfig_user_name = $mymodule::uservar::fullname[$title]
$gitconfig_user_email = ${tit...@example.com
file { ${home}/.gitconfig:
owner = $owner,
group = $group,
mode= '0644',
require = Exec[create-gitconfig-${title}],
}
exec { create-gitconfig-${title}:
command = template('mymodule/user/gitconfig.erb'),
require = User[$title],
creates = ${home}/.gitconfig,
}
The gitconfig.erb has the following content :
/bin/cat %= home %/.gitconfig EOF
[user]
name = %= @gitconfig_user_name %
email = %= @gitconfig_user_email %
EOF
Basically, just don't have either 'source' nor 'content' for your file
resource, and create the initial content using an exec with the
'creates' condition.
Matthias
Dan White yg...@comcast.net wrote:
Short Answer: You need to create a custom fact that would drive the
decision to create the new file resource.
I just went thru this issue and also performing an action based on
whether or not a package (RPM in my case) is installed.
Same answer to both.
For the existence of a file, you can do this:
#!/bin/bash
test -f /var/www/owncloud/config/config.php
rc=$?
echo is_my_file_there=${rc}
That goes into /etc/facter/facts.d/ as an executable shell script
and then in your manifest:
if $::is_my_file_there != 0 {
file { 'autoconfig.php':
.
}
}
“Sometimes I think the surest sign that intelligent life exists
elsewhere in the universe is that none of it has tried to contact
us.” Bill Waterson (Calvin Hobbes)
- Original Message -
From: John Naggets hosting...@gmail.com
To: puppet...@googlegroups.com
Sent: Thursday, May 30, 2013 4:04:29 PM
Subject: [Puppet Users] Run a File resource only if another file is
missing
Hi,
I would like to run the File resource below:
file { 'autoconfig.php':
path = '/var/www/owncloud/config/autoconfig.php',
ensure = file,
owner = 'www-data',
group = 'www-data',
content = template(owncloud/autoconfig.php.erb),
}
only when a specific file (in my
case: /var/www/owncloud/config/config.php) is missing. Is this
somehow possible? Couldn't find my case in the puppet
documentation...
Thanks!
John
[Puppet Users] Problems with puppetdb and SSL
When I run openssl s_client -host puppet -port 8081 -CAfile /etc/puppet/ssl/certs/puppet.fqdn I get Verify return code: 21 (unable to verify the first certificate). If I run the same command, but use port 8140 to connect to puppet, I get a return code of 19 (which is correct). I believe that, if I fix this SSL problem then it would fix my main problem which is : Report processor failed: Failed to submit 'store report' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] ssh_authorized_key filling /var/log/messages
Having weird issue that I can't seem to find any solution to:
puppet 2.7.21 and 2.6.9
here is my stanza: ssh_authorized_key{ “$name”:
ensure = present,
name = $name,
key = $key,
type = $type,
user = $name,
require = File[$myhome/.ssh]
}
All the variables are declared correctly. This works without any issues
except that the authorized_key file gets updated each time puppet runs. The
only thing that changes is the timestamp in the HEADER section of the file.
This in turn creates continual entries in the clientbucket and
/var/log/messages.
Running in debug is this: The container users::Mkuser[] will propagate my
refresh event debug: users::Mkuser[]: The container Class[T4_users] will
propagate my refresh event debug: Class[users]: The container Stage[main]
will propagate my refresh event
In the clientbucket there are no indication that anything else changed nor
was updated.
As you can see I have no ssh “options”, the whole thing is vanilla. The
required file simply ensures that .ssh directory exist and it is correct
permission. No changes to this directory take place.
Looking online people tend to have issues if options aren't specified
correctly or permission issue, neither of which are my issue (I don't use
options, and permissions are set correctly).
Any help would be greatly appreciated!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ruby issue
Hey, good news. All is well. Ruby related are good. Puppet too. And Red Hat. Also, I've documented/wiki'd the Puppet Master + Client install with respect to bare metal to delivered system for all related aspects and transmitted, fully, disclosed entirely, to staff. Next week, I will be tuning the configuration file on master and agents and writing many more puppet patterns plus training staff. As it is their only hope! --Stuart P.S. The firm's personnel have had heart attacks, strokes and other major maladies amongst staff in the past year due to the LACK OF AUTOMATION!!! Puppet is the Cure Kick Chef and CF Engine's non-collective butts! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
