[Puppet Users] Re: optional defined type and dependencies
Hi, thanks for your answer.
On Thursday, May 30, 2013 3:13:45 PM UTC+2, jcbollinger wrote:
For this particular pattern of requirements, I strongly prefer method 1.
It keeps everything associated directly with the defined type together in
one place. I would suggest one tweak, however: the defined type should
explicitly 'include' class 'software' if it refers to resources declared by
that class. For example:
define software::mydefinedtype {
include 'software'
file { /path/to/${name}:
[...]
require = Package['software'],
before = Service['software'],
}
}
Yes, that's what I actually did in the end. And I've also used the include,
as you suggested (I didn't post my whole code in the first post, just the
relevant part).
Note also that if you prefer the chain operators to the metaparameters, you
can use the former in your defined type:
define software::mydefinedtype {
include 'software'
file { /path/to/${name}:
[...]
}
Package['software'] - File[/path/to/${name}] - Service['software']
}
Indeed, I think you can even write it like this:
define software::mydefinedtype {
include 'software'
Package['software'] -
file { /path/to/${name}:
[...]
} -
Service['software']
}
Clever! Thanks :)
One doubt about method 2:
at http://docs.puppetlabs.com/puppet/3/reference/lang_relationships.html,
I can read:
If one of the resources in a relationship is never declared, compilation
will fail with one of the following errors [...]
I suppose that this doesn't apply in case of resources chained through
resource collectors, does it? I'm asking because, even without declarations
of instances of the defined type, I got no such errors.
Personally, I am uncomfortable with relying on undocumented behavior. It
may change without warning from one version of the software to another.
Even if that does not bother you, in this particular case you should also
verify that the transitively implied relationship between
Package['software'] and Service['software'] is still present when no
instances of Software::Mydefinedtype are declared. You can make puppet
generate a relationship graph to check.
I avoided the issue too, I'll try to generate the graphs as soon as I have
some spare time.
John
Thanks again,
Fabio
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Developing custom type/providers for multiple OS
Thanks for your ideas Trevor,
Looking at the current types and providers I could see some different ways
to do the same so I will give them a look during this week. As soon as I
have a working solution I will give feedback for others to work with.
Regards,
On Thursday, May 30, 2013 4:25:49 PM UTC+2, Trevor Vaughan wrote:
Looking through some additional code that does similar things, I'm fairly
certain that the first method will work but I'm not sure if my follow on
suggestions will.
The 'package' and 'user' types use alternative providers but they do some
interesting things with manipulating the provider directly so I'm not
exactly sure how you would make this elegant.
That said, you might also be able to do this with features in your type
and later provider confinement.
Sorry to be so all over the place, I haven't done anything *exactly* like
this and the existing providers don't seem to either.
Hopefully, one of the Puppet Labs folks will hop on and help out with a
working example.
Trevor
On Thu, May 30, 2013 at 9:34 AM, Trevor Vaughan
tvau...@onyxpoint.comjavascript:
wrote:
Looking at the 'host' provider from puppet, it looks like, to use a
single provider, you'll need to both confine it and to use the
:operatingsystem fact to create a case statement inside the provider.
So, yes, you can do what you want but not exactly in the most obvious
fashion.
Something like the following should work (untested):
Puppet::Type.type(:unpack).provide(:zip) do
case Facter.value(:operatingsystem)
when windows
...do windows stuff...
when Solaris
...do solaris stuff...
else
do linux stuff
end
end
Another way of possibly doing this would be to munge the provider name
before calling your provider.
You would use your example #2 above and then use the :operatingsystem
fact to change the provider name. This may be a code smell/horrible
practice but it *should* work (haven't tested this either).
Something like:
newparam(:provider) do
munge do |value|
#{Facter.value(:operatingsystem)}_#{self[:provider]}
end
end
If that doesn't work, you might have to hack it into the type initialize
define.
Something like:
def initialize(args)
super
self[:provider] =
#{Facter.value(:operatingsystem)}_#{self[:provider]}
end
Good luck!
Trevor
On Thu, May 30, 2013 at 6:58 AM, David Campos
noymn.the...@gmail.comjavascript:
wrote:
Hello Trevor,
Thanks for the reply. I did knew that I should use confine statement to
reach that goal but I did not know whether I did need a new provider for
each OS or if I can share it.
Sample:
File rar-windows.rb
Puppet::Type.type(:zipfile).provide(:rar, ...)
confine :operatingsystem = :windows
File rar-unix.rb
Puppet::Type.type(:zipfile).provide(:rar, ...)
confine :operatingsystem = :linux
If puppet allows the same provider to be defined twice or more times
this would work and would be perfect because I could select provider = zip
and forget about OS.
Sample2
File rar-windows.rb
Puppet::Type.type(:zipfile).provide(:rar-windows, ...)
confine :operatingsystem = :windows
File rar-unix.rb
Puppet::Type.type(:zipfile).provide(:rar-unix, ...)
confine :operatingsystem = :linux
If the first sample does not work, this would mean that I have to select
the provider with puppet selectors before sending the parameter into the
resource.
On Wednesday, May 29, 2013 4:09:04 PM UTC+2, Trevor Vaughan wrote:
David,
You'll need to use confine statements to set the suitability of a
particular provider to the OS.
See: http://projects.puppetlabs.**com/projects/1/wiki/**
Development_Provider_**Developmenthttp://projects.puppetlabs.com/projects/1/wiki/Development_Provider_Developmentunder
'Suitability'.
The new Types and Providers book covers this reasonably well also.
Finally, take a look at the 'group' provider in the Puppet core code to
see how they go between Windows and other OS's.
Good Luck!
Trevor
On Wed, May 29, 2013 at 5:40 AM, David Campos noymn.the...@gmail.com**
wrote:
Hello all,
I am developing a few custom providers for some features that I need
into my system (such as dealing with different zipped files or generating
some JSON data based on OS files) and I have hit into a question about
how
to do this for multiple OS?
Lets focus into the zipped file provider that should provide a common
method to pack or unpack zipped files (tar, tar.gz, rar, zip or any)
backed
on OS tools or native ruby methods. Maybe the ruby approach would be the
most portable one but I will keep that approach aside right now. We end
up
with 3 providers for the custom type 'zipfile': zip, rar and tar.
Those providers may share code but they differ on how to delegate its
functionality to third-party apps (7zip on windows and zip/unzip on linux
as an example). How can I deal with that? Can I
Re: [Puppet Users] Run a File resource only if another file is missing
On Fri, 31 May 2013 07:52:25 -0700 Nan Liu nan@gmail.com wrote: A bit off topic, but you should use file attribute replace = false instead of an exec. Indeed. I'm not sure how I've missed that parameter. And it seems to have existed for a loong time. Thanks a lot for correcting me! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet_dashboard.rb keeps getting deleted by puppet agent
I am currently using puppet in testing, on a centos 6.4 machine running
puppet-master, puppet-agent, dashboard, and foreman. The manifest for the
puppet matser machine in empty, like so:
node 'puppet' {
}
However, when the pupper agent runs, it always deleted the dashboard report
module, which I keep restoring:
from the log:
Debug: /File[/var/lib/puppet/lib/puppet/reports]: Removing existing
directory for replacement with absent
Notice: /File[/var/lib/puppet/lib/puppet/reports]/ensure: removed
Debug: /File[/var/lib/puppet/lib/puppet/reports]: The container
/var/lib/puppet/lib will propagate my refresh event
Debug: Finishing transaction -610873838
what causes this and how can I figure out where this is coming from? The
debug logs are difficult to read and I can't seem to identify the source of
this problem.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 2.7 deprecation warnings
Hello all. I am modifying puppet code in order to make it puppet v3 compliant. Currently I am running puppet 2.7. When it comes to deprecation warnings I got 2 different types. *Type 1:* *puppet-master[6426]: Dynamic lookup of $apache_port at /etc/puppet/environments/production/modules/apache/manifests/init.pp:24 is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* *Type 2:* *puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* * * As you can see, type 2 has no reference to the code. Am I right to assume that type 2 logs are related to ruby functions or .erb templates? Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet agent removes puppet_dashboard.rb
I have a test puppet installation on CentOS 6.4, version 3.2.1, all
uptodate with the puppetlabs repos. It is running the puppet master, a
puppet agent, dashboard, with foreman installed but not yet configured.
Part of the install for dashboard is copying the puppet_dashboard.rb file
to the /var/lib/puppet/lib/puppet/reports directory so that dashboard can
see the reports.
The system itself is defined in nodes.pp as:
node 'yoda' {
}
However, each time that puppet agent runs, it deletes the
puppet_dashboard.rb files, as well as the entire reports directory :
Debug: /File[/var/lib/puppet/lib/puppet/reports]: Removing existing
directory for replacement with absent
Notice: /File[/var/lib/puppet/lib/puppet/reports]/ensure: removed
Debug: /File[/var/lib/puppet/lib/puppet/reports]: The container
/var/lib/puppet/lib will propagate my refresh event
Even in debug mode, I have been unable to discover why this is happening. I
have turned off the puppet agent for now, but can anyone enlightne me as
to why this occurs and how to fix it?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: puppet agent removes puppet_dashboard.rb
Sorry, this is a repost of an earlier topic; I couldn't find the earlier post so I thought it had not made it. I'm new to Google groups. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Unknown function validate_bool when trying puppet labs apache class
On Sun, Jun 2, 2013 at 9:21 PM, Francisco Reyes franci...@natserv.netwrote: Is there a way to list all the available modules? Or basically anything in the git repository should be able to be installed that way? Well, your best bet is actually to flip over from using git to the forge. http://forge.puppetlabs.com/ is the url and this is where 'puppet module install x' goes to look. Here the modules are versioned so you're (generally) getting known good versions of modules that are tested together. If you had a blank setup and used puppet module install puppetlabs-apache it would automatically check for dependencies and fetch all of those as well. You can find a ton of other modules on here too. Sometimes I install them from the forge and sometimes I google those modules and find them on git and go right to the source, depending on when they were last released. (Sometimes people add them to forge and forget to ever update them). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Database* resources
Hi folks,
I've been staring for a long time now at this issue in the
PostgreSQL puppet module, discussing whether to
Implement database, database_user, and database_grant provider
https://github.com/puppetlabs/puppetlabs-postgresql/issues/27
The bug has been closed and that's a little unsatisfying.
database, database_user and database_grant are resources internal
to puppet, but only puppetlabs-mysql implements them.
It's clear to me that one might have to break compatibility
with the current *mysql* module to be able to introduce these
resources into puppetlabs-postgresql.
I'll explain my patch below, but I'd first like to know if there's
any interest in this happening from either puppetlabs-mysql or
puppetlabs-postgresql users and developers! I am generally more
concerned with puppetlabs-mysql here, because its development seems
to have stagnated, judging from the bug reports and the pull requests:
http://projects.puppetlabs.com/projects/modules/issues?utf8=%E2%9C%93set_filter=1f[]=status_idop[status_id]=of[]=category_idop[category_id]=%3Dv[category_id][]=234f[]=c[]=trackerc[]=statusc[]=priorityc[]=subjectc[]=assigned_toc[]=fixed_versiongroup_by=
https://github.com/puppetlabs/puppetlabs-mysql/pulls
* * * *
My take on this (see attachment or this paste: http://apaste.info/jH0C )
is to first add the ability to use host/netmask or network/netmask
as mysql $host that the mysql user is connecting.
This is something that mysql can do, even though it's not often
used, it seems, but it's pretty much standard in PostgreSQL land's
pg_hba.conf. I'm using the # as new seperator instead of /
That's where I break compatibility, but that's also what makes the regex
instantly more readable, because I avoid the dreaded toothpicks.
That's all from me. I ♥ly welcome your comments,
-- i
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
diff --git Modulefile Modulefile
index dc5b34a..be99591 100644
--- Modulefile
+++ Modulefile
@@ -1,5 +1,5 @@
name 'puppetlabs-mysql'
-version '0.6.1'
+version '0.7.0'
source 'git://github.com/puppetlabs/puppetlabs-mysql.git'
author 'Puppet Labs'
license 'Apache 2.0'
diff --git README.md README.md
index 90f7151..33063f7 100644
--- README.md
+++ README.md
@@ -123,7 +123,9 @@ The custom resources can be used in any other manifests:
password_hash = mysql_password('foo')
}
-database_grant { 'user@localhost/database':
+database_grant { 'user@host/netmask#database':
+ # note that /netmask is optional. This is also a backwards-incompatible to 0.6.x and lower
+ # It was done to create, instead, compatibility with PostgreSQL's database_grant resource.
privileges = ['all'] ,
# Or specify individual privileges with columns from the mysql.db table:
# privileges = ['Select_priv', 'Insert_priv', 'Update_priv', 'Delete_priv']
diff --git lib/puppet/provider/database_grant/mysql.rb lib/puppet/provider/database_grant/mysql.rb
index 3989e1f..564dfc7 100644
--- lib/puppet/provider/database_grant/mysql.rb
+++ lib/puppet/provider/database_grant/mysql.rb
@@ -1,7 +1,10 @@
# A grant is either global or per-db. This can be distinguished by the syntax
# of the name:
# user@host = global
-# user@host/db = per-db
+# user@host#db = per-db
+# n.b.: host can have an optional /network part:
+# user@host/32 = global
+# user@host/24#db = per-db
Puppet::Type.type(:database_grant).provide(:mysql) do
@@ -51,7 +54,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do
# this parses the
def split_name(string)
-matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact
+matches = /^([^@]*)@([^#]*)(#(.*))?$/.match(string).captures.compact
case matches.length
when 2
{
diff --git lib/puppet/type/database_grant.rb lib/puppet/type/database_grant.rb
index 965695b..6bb35a7 100644
--- lib/puppet/type/database_grant.rb
+++ lib/puppet/type/database_grant.rb
@@ -6,7 +6,7 @@ Puppet::Type.newtype(:database_grant) do
autorequire :database do
# puts Starting db autoreq for %s % self[:name]
reqs = []
-matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/)
+matches = self[:name].match(/^([^@]+)@([^#]+)#(.+)$/)
unless matches.nil?
reqs matches[3]
end
@@ -17,7 +17,7 @@ Puppet::Type.newtype(:database_grant) do
autorequire :database_user do
# puts Starting user autoreq for %s % self[:name]
reqs = []
-matches =
Re: [Puppet Users] Database* resources
Implement database, database_user, and database_grant provider https://github.com/puppetlabs/puppetlabs-postgresql/issues/27 The bug has been closed and that's a little unsatisfying. database, database_user and database_grant are resources internal to puppet, but only puppetlabs-mysql implements them. Actually ... its still open. I'll explain my patch below, but I'd first like to know if there's any interest in this happening from either puppetlabs-mysql or puppetlabs-postgresql users and developers! I am generally more concerned with puppetlabs-mysql here, because its development seems to have stagnated, judging from the bug reports and the pull requests: I think overall it would be a positive move. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problems with puppetdb and SSL
Seems like to me the SSL loaded into PuppetDB (the port 8081 you mention) is not valid. A simple activity would be to use our provided tool to reload the certificates again: * Move /etc/puppetdb/ssl to ssl.bak to preserve the original * Backup /etc/puppetdb/conf.d/jetty.ini to say jetty.ini.bak to preserve the original again * Run puppetdb-ssl-setup -f This will try to obtain the certificates from your puppet agent installation and load them into the relevant keystores for PuppetDB. If this doesn't help, let me know. ken. On Fri, May 31, 2013 at 10:36 PM, gen...@allantgroup.com andyr...@gmail.com wrote: When I run openssl s_client -host puppet -port 8081 -CAfile /etc/puppet/ssl/certs/puppet.fqdn I get Verify return code: 21 (unable to verify the first certificate). If I run the same command, but use port 8140 to connect to puppet, I get a return code of 19 (which is correct). I believe that, if I fix this SSL problem then it would fix my main problem which is : Report processor failed: Failed to submit 'store report' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet master fails to set selinux context on /etc/puppet/auth.conf
I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I keep getting these messages in the log: (every 30 minutes) Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/manifests/site.pp Jun 3 11:24:55 yoda puppet-master[20292]: Starting Puppet master version 3.2.1 Currently, selinux is running in permissive mode, and the actual selinux context for these files is: -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 auth.conf -rw-r--r--. root root system_u:object_r:puppet_etc_t:s0 auth.conf.rpmnew -rw-r--r--. root root system_u:object_r:puppet_etc_t:s0 fileserver.conf drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 manifests drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 modules -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 puppet.conf restorecon sets all files in the subdirectories to unconfined_u. puppet master runs as root, so it should be able to modify the file labels. Anyone have any idea why these messages keep popping up? and how to fix the problem? Admittedly, I can just change the file labels manually, but that doesn't solve the underlying problem. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet 2.7 deprecation warnings
On 03/06/13 04:30 AM, Marc wrote: *Type 2:* /puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag./ / / As you can see, type 2 has no reference to the code. Am I right to assume that type 2 logs are related to ruby functions or .erb templates? one way to have a better idea what causes the error is to run with --debug to see the full trace. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] ssh_authorized_key filling /var/log/messages
On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte wrote:
On Fri, 31 May 2013 15:56:30 -0700 (PDT)
Marek Dohojda chr...@gmail.com javascript: wrote:
Having weird issue that I can't seem to find any solution to:
puppet 2.7.21 and 2.6.9
here is my stanza: ssh_authorized_key{ �$name�:
ensure = present,
name = $name,
key = $key,
type = $type,
user = $name,
require = File[$myhome/.ssh]
}
a common pitfall is that name contains spaces (at least trailing spaces
should cause issues) or that people specify the key parameter as
something like ssh-rsa B3NzaC1kc3MAAA while instead you have to
specify B3NzaC1kc3MAAA as the key and ssh-rsa as the type.
So does `$key` contain any spaces? Does `$name` contain any trailing
spaces?
Can you please post one of the entries that is filling up
your /var/log/messages?
-Stefan
I wish it was so simple :) I ensured the keys are fine, and there are no
spaces.
here is a sample (sanitized)
(/Stage[main]/class/class::Mkuser[user]/Ssh_authorized_key[user]/ensure)
created
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet Tutorial: Learning - Manifests
Fellow Puppet Users,
I was assigned to learn how puppet works to integrate it into our
department and I am trying to go through the tutorial. I am a beginner in
IT work and am slowly starting to understand these processes. Right now I
am stuck on the last part of the Manifests tutorial, found at the bottom of
this page: http://docs.puppetlabs.com/learning/manifests.html.
I am on the first exercise, where it instructs the user to write and apply
a manifest to install tge Apache package (httpd), then make sure the Apache
service (also httpd) is running. I feel as if I am on the right track, but
after hours of googling and research, I was pulled in a few different
directions. If anyone could explain this in as detailed and simple of a way
possible to help me through this, it would be extremely appreciated.
Attempt 1:
# /root/learning-manifests/1.apache.pp
package {‘httpd’:
ensure = latest,
}
Service {httpd’:
ensure = stopped,
enable = false,
}
Attempt 2:
# /root/learning-manifests/2.apache.pp
package {‘apache’:
ensure = present,
}
service {‘httpd’:
ensure = running,
}
Attempt 3:
# /root/learning-manfiests/3.apache.pp
class {‘apache’: }
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Problems with puppetdb and SSL
Thanks, that solved the ssl problem. Andy On Friday, May 31, 2013 4:36:04 PM UTC-5, gen...@allantgroup.com wrote: When I run openssl s_client -host puppet -port 8081 -CAfile /etc/puppet/ssl/certs/puppet.fqdn I get Verify return code: 21 (unable to verify the first certificate). If I run the same command, but use port 8140 to connect to puppet, I get a return code of 19 (which is correct). I believe that, if I fix this SSL problem then it would fix my main problem which is : Report processor failed: Failed to submit 'store report' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Tutorial: Learning - Manifests
Attempt 2 is on the right track. What OS are you on and what error messages
in particular are you running into?
On Monday, June 3, 2013 9:17:35 AM UTC-7, Alexandra Ferguson wrote:
Fellow Puppet Users,
I was assigned to learn how puppet works to integrate it into our
department and I am trying to go through the tutorial. I am a beginner in
IT work and am slowly starting to understand these processes. Right now I
am stuck on the last part of the Manifests tutorial, found at the bottom of
this page: http://docs.puppetlabs.com/learning/manifests.html.
I am on the first exercise, where it instructs the user to write and apply
a manifest to install tge Apache package (httpd), then make sure the Apache
service (also httpd) is running. I feel as if I am on the right track, but
after hours of googling and research, I was pulled in a few different
directions. If anyone could explain this in as detailed and simple of a way
possible to help me through this, it would be extremely appreciated.
Attempt 1:
# /root/learning-manifests/1.apache.pp
package {‘httpd’:
ensure = latest,
}
Service {httpd’:
ensure = stopped,
enable = false,
}
Attempt 2:
# /root/learning-manifests/2.apache.pp
package {‘apache’:
ensure = present,
}
service {‘httpd’:
ensure = running,
}
Attempt 3:
# /root/learning-manfiests/3.apache.pp
class {‘apache’: }
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Problem executing puppet device
Hi all,
I have started with puppet recently and the intention is to manage network
devices, for now I'm working with a switch (cisco catalyst 2950) and trying
to configure ports.
I installed puppet following the installation guide on puppetlabs.com
OS: CentOS 6
Services running: puppetmaster puppet
Puppet version: 3.2.1
When I execute puppet device -v I have the following output
# puppet device -v
Info: starting applying configuration to switch1 at
telnet://root:password@192.168.33.93/
Info: Retrieving plugin
Info: Caching catalog for switch1
Info: Applying configuration version '1370281505'
Error: Could not prefetch interface provider 'cisco': Unknown switchport
mode: dynamic desirable for FastEthernet0/1
Notice: /Stage[main]//Node[switch1]/Interface[Fa0/1]/description: defined
'description' as 'Hello Switch'
Error: /Stage[main]//Node[switch1]/Interface[Fa0/1]: Could not evaluate:
undefined method `command' for #Puppet::Type::Interface:0x7fc7cc1b7e48
Notice: Finished catalog run in 12.81 seconds
---
Content of device.conf:
[switch1]
type cisco
url telnet://root:password@192.168.33.93/
---
Content of site.pp:
#import templates
import node
Content of node.pp
node switch1{
interface {
Fa0/1:
description = Hello Switch
}
}
-
I can telnet the switch at that IP directly from the terminal and able to
change configuration.
Is there anything else which needs to be configured? or am I doing
something wrong?
Please help me out, stuck with this error from 2 days.
I appreciate your time and help
Thanks,
Vatsa
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Tutorial: Learning - Manifests
Hi Alexandra, Attempt 2 is on the right track. The thing to keep in mind here is that the package and service types both rely on the platform's own naming conventions, so you'll often have to do a bit of research when you're first starting to automate a new service or whatever. In this case, you must find out what names your target platform uses for the Apache package, and the Apache service. On CentOS, I believe they're both called httpd, so in that case, your package resource currently has the wrong title. (On Debian-like systems, I think the package and service names are apache2 instead.) Also, there's a 50% chance that the manifest you're writing will fail on the first run and then succeed on the second run, so be ready for that. The reason for this is covered in the NEXT learning puppet chapter, Ordering. Good luck, N -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: PuppetDB 1.3.2 Available
PuppetDB 1.3.2 is now available for download! This is a very minor compatibility release for the 1.3 series of PuppetDB. === ## Downloads ## === Available in native package format at: http://yum.puppetlabs.com and http://apt.puppetlabs.com Puppet module: http://forge.puppetlabs.com/puppetlabs/puppetdb Source (same license as Puppet): http://github.com/puppetlabs/puppetdb/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb/1.http://docs.puppetlabs.com/puppetdb/1.2 3 # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # See our development board on Trello: http://links.puppetlabs.com/puppetdb-trello ## PuppetDB 1.3.2 Release Notes ## Bug fixes: * Size of column `puppet_version` in the database schema is insufficient There is a field in the database that is used to store a string representation of the puppet version along with each report. Previously, this column could contain a maximum of 40 characters, but for certain builds of Puppet Enterprise, the version string could be longer than that. This change simply increases the maximum length of the column. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet reading/compiling production when using other environments
On Monday, May 13, 2013 3:56:02 PM UTC-4, LTH wrote: We have several servers using various environments. However we have noticed when a server requests any of the non-production environments, that the production environment's last access time still changes along with the specific environment's last accessed time. In our particular case we were also troubleshooting a custom fact that in spite of being completely removed from the development environment, puppet complained about it until we also removed it from the production environment. Do we have something set up incorrectly, is this an intentional behavior, or is something else going on? From our reading of the O'Reilly book, Puppet Types and Providers this is a known behavior. :( -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Pre-commit hooks for your modules?
Here is what I have:
Essentially I use the command line tools instead of ruby functions.
This tells me exactly where the problem is down to the line number.
+1 for checking the erb files, I'll have to add that to my script.
I have the json check for my hieradata since I keep hiera in JSON format.
https://gist.github.com/logicminds/5700014
On Monday, December 10, 2012 2:27:26 PM UTC-8, Jakov Sosic wrote:
Hi.
I was wondering what kind of precommit hooks are you guys using?
Here's what I've come up to in last hour:
$ cat .hg/hgrc | grep -A 1 hooks
[hooks]
pretxncommit.puppet = .hg/check_puppet.rb
$ cat .hg/check_puppet.rb
#!/usr/bin/ruby
def puppet_parser_validate(file)
if !system('puppet parser validate ' + file + ' /dev/null 21')
print('Syntax error in file: ' + file + \n)
system('puppet parser validate ' + file)
exit(1)
end
end
def puppet_lint(file)
if !system('puppet-lint --no-80chars-check ' + file + ' /dev/null
21')
print('Coding style error in file: ' + file + \n)
system('puppet-lint --no-80chars-check ' + file)
exit(1)
end
end
def puppet_erb_check(file)
if !system('erb -x -T \'-\' ' + file + ' | ruby -c /dev/null 21')
print('Syntax error in erb template: ' + file + \n)
system('erb -x -T \'-\' ' + file + ' | ruby -c')
exit(1)
end
end
# go through list of files, and call adequate checks
IO.popen('hg status').readlines.each { |file|
file.sub!(/^\w (.*)\n/,'\1')
if file.match('.pp$')
puppet_parser_validate file
puppet_lint file
elsif file.match('.erb$')
puppet_erb_check file
end
}
These are very basic checks, but I would like to implement also
something like checking if file from 'source =' is present in module's
files/ or if template from manifest is present in templates/ and things
like that.
Do you have any other ideas?
--
Jakov Sosic
www.srce.unizg.hr
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Unable to generate certificate on Puppet Agent through Master
I got mine solved...on puppet labs enterprise edition.. On each Client which is not connecting right …giving that error on puppet agent -t cd /etc/puppetlabs/puppet/ ssl rm -rf ca certs public_keys certificate_requsts private_keys # make sure all files removed from SSL dir puppet agent –t # this will run a few minutes the first time. THEN On server: puppet cert clean p11.mync.com puppet cert list cd /etc/init.d/ ./pe-httpd restart puppet cert list puppet cert sign –a # if you recognize all the servers in your cert list. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: optional defined type and dependencies
There's a third way, too. In the defined type's definition:
define software::mydefinedtype {
include software
Package['software'] - Software::Mydefinedtype[$title]
...
...etc.
}
That creates a relationship between the package and every resource in each
instance of the defined type. Every instance you declare will create its
own relationships.
This approach has the concision of the second example you were considering,
but works more like the first example.
Also:
One doubt about method 2:
at http://docs.puppetlabs.com/puppet/3/reference/lang_relationships.html,
I can read:
If one of the resources in a relationship is never declared, compilation
will fail with one of the following errors [...]
I suppose that this doesn't apply in case of resources chained through
resource collectors, does it? I'm asking because, even without declarations
of instances of the defined type, I got no such errors.
Yeah, with a collector that doesn't catch anything, a chaining statement
won't create any relationships, and shouldn't blow up.
N
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Exported Resources
Need some assistance with what I believe is a requirement that can be
solved using Exported Resources (or maybe there is another method which is
better suited).
I have a module svn::server::init. This module can be called with a
parameter is_master which defines whether it is a master SVN server or a
slave SVN system. What I need to be able to do is report back all the nodes
that are called with is_master = false so that the master is aware of all
the slaves.
The solution I had some up with was the following:
if $is_master {
File | tag == 'svn_slave' | { }
} else {
@@file { $svn::params::c_path/slave.$hostname:
content = hostname = $fqdn\nip =
$ipaddress\n,
tag = 'svn_slave',
}
}
So basically what that does is export a file /etc/subversion/slave.HOSTNAME
for every client. The master then realizes those and creates a file for
each client in /etc/subversion. That works pretty well. But my issue is
that I need to use the hostname/FQDN of each client in a template
(generating hooks to mirror the repos to each slave that is out there).
Thinking of how to do this I thought well I could write a FACT that then
parses those /etc/subversion/slave.HOSTNAME files. Is that the best way to
do that? Or is there a way through exporting a resource that I could get
the details directly in my manifest? If I wrote a fact to do it I would
essentially have to run puppet twice in order to spin up a new slave. First
run would create the /etc/subversion/slave.HOSTNAME file and second run
that would be included in the fact (first run it wouldn't because the file
didn't exist yet).
Thanks for your help
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Lock file /var/lib/puppet/state/puppetdlock
We are also having this similar issue with v2.7.10.1. Short term fix is
deleting the lockfile that hasn't updated in 2x{puppet-run-cycle} and
restarting puppet.
On Tuesday, February 10, 2009 2:25:53 AM UTC-8, Keith Edmunds wrote:
I'm just starting a roll out of Puppet and I'm seeing a problem on maybe
25% of client nodes. The symptoms are that the clients stop updating. In
the Puppetmaster log, I'm seeing things like:
Feb 9 20:10:23 vs4 puppetmasterd[17942]: Compiled catalog for in
0.05 seconds
Feb 9 20:40:41 vs4 puppetmasterd[17942]: Compiled catalog for in
0.05 seconds
Feb 9 21:11:16 vs4 puppetmasterd[17942]: Compiled catalog for in
1.83 seconds
Feb 9 21:41:37 vs4 puppetmasterd[17942]: Compiled catalog for in
0.91 seconds
These are all for the same client; everything appears normal until 21:41,
then no more checks from the client (it's now 10:17 on Feb 10).
On the client, I tried running puppetd manually:
# puppetd -t
notice: Lock file /var/lib/puppet/state/puppetdlock exists; skipping
catalog run
A look at the lock file:
# ls -l /var/lib/puppet/state/puppetdlock
-rw-r--r-- 1 root root 5 2009-02-09 22:11 /var/lib/puppet/state/puppetdlock
...shows that it was probably created at the next run after the last one
logged on the Puppetmaster (above).
Looking at the lock file:
# echo $(cat /var/lib/puppet/state/puppetdlock)
32400
# ps -fp 32400
UIDPID PPID C STIME TTY TIME CMD
root 32400 1 0 Feb06 ?00:01:41 ruby /usr/sbin/puppetd -w 5
...shows that the puppetd is still running.
Why would the lock file be created and not subsequently deleted?
If it helps, it is likely that the Puppetmaster was very busy at that
time, but even so I would expect the client to deal with that graciously.
Maybe related, maybe not: I can't stop puppetd in the usual way:
# /etc/init.d/puppet stop
Stopping puppet configuration management tool.
# ps -fp 32400
UIDPID PPID C STIME TTY TIME CMD
root 32400 1 0 Feb06 ?00:01:41 ruby /usr/sbin/puppetd -w 5
If I 'kill -9' the puppetd process, remove the /var/run/puppetd.pid file
and remove the lock file, I can restart puppetd and it runs OK for a
while, but eventually the puppetdlock file causes this problem again.
Versions: 0.24.5-3, the Debian Lenny package compiled for Debian Etch.
Grateful for any suggestions / pointers / etc.
Thanks,
Keith
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
