[Puppet Users] Re: optional defined type and dependencies
Hi, thanks for your answer. On Thursday, May 30, 2013 3:13:45 PM UTC+2, jcbollinger wrote: For this particular pattern of requirements, I strongly prefer method 1. It keeps everything associated directly with the defined type together in one place. I would suggest one tweak, however: the defined type should explicitly 'include' class 'software' if it refers to resources declared by that class. For example: define software::mydefinedtype { include 'software' file { /path/to/${name}: [...] require = Package['software'], before = Service['software'], } } Yes, that's what I actually did in the end. And I've also used the include, as you suggested (I didn't post my whole code in the first post, just the relevant part). Note also that if you prefer the chain operators to the metaparameters, you can use the former in your defined type: define software::mydefinedtype { include 'software' file { /path/to/${name}: [...] } Package['software'] - File[/path/to/${name}] - Service['software'] } Indeed, I think you can even write it like this: define software::mydefinedtype { include 'software' Package['software'] - file { /path/to/${name}: [...] } - Service['software'] } Clever! Thanks :) One doubt about method 2: at http://docs.puppetlabs.com/puppet/3/reference/lang_relationships.html, I can read: If one of the resources in a relationship is never declared, compilation will fail with one of the following errors [...] I suppose that this doesn't apply in case of resources chained through resource collectors, does it? I'm asking because, even without declarations of instances of the defined type, I got no such errors. Personally, I am uncomfortable with relying on undocumented behavior. It may change without warning from one version of the software to another. Even if that does not bother you, in this particular case you should also verify that the transitively implied relationship between Package['software'] and Service['software'] is still present when no instances of Software::Mydefinedtype are declared. You can make puppet generate a relationship graph to check. I avoided the issue too, I'll try to generate the graphs as soon as I have some spare time. John Thanks again, Fabio -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Developing custom type/providers for multiple OS
Thanks for your ideas Trevor, Looking at the current types and providers I could see some different ways to do the same so I will give them a look during this week. As soon as I have a working solution I will give feedback for others to work with. Regards, On Thursday, May 30, 2013 4:25:49 PM UTC+2, Trevor Vaughan wrote: Looking through some additional code that does similar things, I'm fairly certain that the first method will work but I'm not sure if my follow on suggestions will. The 'package' and 'user' types use alternative providers but they do some interesting things with manipulating the provider directly so I'm not exactly sure how you would make this elegant. That said, you might also be able to do this with features in your type and later provider confinement. Sorry to be so all over the place, I haven't done anything *exactly* like this and the existing providers don't seem to either. Hopefully, one of the Puppet Labs folks will hop on and help out with a working example. Trevor On Thu, May 30, 2013 at 9:34 AM, Trevor Vaughan tvau...@onyxpoint.comjavascript: wrote: Looking at the 'host' provider from puppet, it looks like, to use a single provider, you'll need to both confine it and to use the :operatingsystem fact to create a case statement inside the provider. So, yes, you can do what you want but not exactly in the most obvious fashion. Something like the following should work (untested): Puppet::Type.type(:unpack).provide(:zip) do case Facter.value(:operatingsystem) when windows ...do windows stuff... when Solaris ...do solaris stuff... else do linux stuff end end Another way of possibly doing this would be to munge the provider name before calling your provider. You would use your example #2 above and then use the :operatingsystem fact to change the provider name. This may be a code smell/horrible practice but it *should* work (haven't tested this either). Something like: newparam(:provider) do munge do |value| #{Facter.value(:operatingsystem)}_#{self[:provider]} end end If that doesn't work, you might have to hack it into the type initialize define. Something like: def initialize(args) super self[:provider] = #{Facter.value(:operatingsystem)}_#{self[:provider]} end Good luck! Trevor On Thu, May 30, 2013 at 6:58 AM, David Campos noymn.the...@gmail.comjavascript: wrote: Hello Trevor, Thanks for the reply. I did knew that I should use confine statement to reach that goal but I did not know whether I did need a new provider for each OS or if I can share it. Sample: File rar-windows.rb Puppet::Type.type(:zipfile).provide(:rar, ...) confine :operatingsystem = :windows File rar-unix.rb Puppet::Type.type(:zipfile).provide(:rar, ...) confine :operatingsystem = :linux If puppet allows the same provider to be defined twice or more times this would work and would be perfect because I could select provider = zip and forget about OS. Sample2 File rar-windows.rb Puppet::Type.type(:zipfile).provide(:rar-windows, ...) confine :operatingsystem = :windows File rar-unix.rb Puppet::Type.type(:zipfile).provide(:rar-unix, ...) confine :operatingsystem = :linux If the first sample does not work, this would mean that I have to select the provider with puppet selectors before sending the parameter into the resource. On Wednesday, May 29, 2013 4:09:04 PM UTC+2, Trevor Vaughan wrote: David, You'll need to use confine statements to set the suitability of a particular provider to the OS. See: http://projects.puppetlabs.**com/projects/1/wiki/** Development_Provider_**Developmenthttp://projects.puppetlabs.com/projects/1/wiki/Development_Provider_Developmentunder 'Suitability'. The new Types and Providers book covers this reasonably well also. Finally, take a look at the 'group' provider in the Puppet core code to see how they go between Windows and other OS's. Good Luck! Trevor On Wed, May 29, 2013 at 5:40 AM, David Campos noymn.the...@gmail.com** wrote: Hello all, I am developing a few custom providers for some features that I need into my system (such as dealing with different zipped files or generating some JSON data based on OS files) and I have hit into a question about how to do this for multiple OS? Lets focus into the zipped file provider that should provide a common method to pack or unpack zipped files (tar, tar.gz, rar, zip or any) backed on OS tools or native ruby methods. Maybe the ruby approach would be the most portable one but I will keep that approach aside right now. We end up with 3 providers for the custom type 'zipfile': zip, rar and tar. Those providers may share code but they differ on how to delegate its functionality to third-party apps (7zip on windows and zip/unzip on linux as an example). How can I deal with that? Can I
Re: [Puppet Users] Run a File resource only if another file is missing
On Fri, 31 May 2013 07:52:25 -0700 Nan Liu nan@gmail.com wrote: A bit off topic, but you should use file attribute replace = false instead of an exec. Indeed. I'm not sure how I've missed that parameter. And it seems to have existed for a loong time. Thanks a lot for correcting me! Matthias -- Matthias Saou ██ ██ ██ ██ Web: http://matthias.saou.eu/ ██ Mail/XMPP: matth...@saou.eu ██ ██ GPG: 4096R/E755CC63██ ██ ██ 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ 21A9 7A51 7B82 E755 CC63 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet_dashboard.rb keeps getting deleted by puppet agent
I am currently using puppet in testing, on a centos 6.4 machine running puppet-master, puppet-agent, dashboard, and foreman. The manifest for the puppet matser machine in empty, like so: node 'puppet' { } However, when the pupper agent runs, it always deleted the dashboard report module, which I keep restoring: from the log: Debug: /File[/var/lib/puppet/lib/puppet/reports]: Removing existing directory for replacement with absent Notice: /File[/var/lib/puppet/lib/puppet/reports]/ensure: removed Debug: /File[/var/lib/puppet/lib/puppet/reports]: The container /var/lib/puppet/lib will propagate my refresh event Debug: Finishing transaction -610873838 what causes this and how can I figure out where this is coming from? The debug logs are difficult to read and I can't seem to identify the source of this problem. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet 2.7 deprecation warnings
Hello all. I am modifying puppet code in order to make it puppet v3 compliant. Currently I am running puppet 2.7. When it comes to deprecation warnings I got 2 different types. *Type 1:* *puppet-master[6426]: Dynamic lookup of $apache_port at /etc/puppet/environments/production/modules/apache/manifests/init.pp:24 is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* *Type 2:* *puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag.* * * As you can see, type 2 has no reference to the code. Am I right to assume that type 2 logs are related to ruby functions or .erb templates? Thank you! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet agent removes puppet_dashboard.rb
I have a test puppet installation on CentOS 6.4, version 3.2.1, all uptodate with the puppetlabs repos. It is running the puppet master, a puppet agent, dashboard, with foreman installed but not yet configured. Part of the install for dashboard is copying the puppet_dashboard.rb file to the /var/lib/puppet/lib/puppet/reports directory so that dashboard can see the reports. The system itself is defined in nodes.pp as: node 'yoda' { } However, each time that puppet agent runs, it deletes the puppet_dashboard.rb files, as well as the entire reports directory : Debug: /File[/var/lib/puppet/lib/puppet/reports]: Removing existing directory for replacement with absent Notice: /File[/var/lib/puppet/lib/puppet/reports]/ensure: removed Debug: /File[/var/lib/puppet/lib/puppet/reports]: The container /var/lib/puppet/lib will propagate my refresh event Even in debug mode, I have been unable to discover why this is happening. I have turned off the puppet agent for now, but can anyone enlightne me as to why this occurs and how to fix it? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: puppet agent removes puppet_dashboard.rb
Sorry, this is a repost of an earlier topic; I couldn't find the earlier post so I thought it had not made it. I'm new to Google groups. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Unknown function validate_bool when trying puppet labs apache class
On Sun, Jun 2, 2013 at 9:21 PM, Francisco Reyes franci...@natserv.netwrote: Is there a way to list all the available modules? Or basically anything in the git repository should be able to be installed that way? Well, your best bet is actually to flip over from using git to the forge. http://forge.puppetlabs.com/ is the url and this is where 'puppet module install x' goes to look. Here the modules are versioned so you're (generally) getting known good versions of modules that are tested together. If you had a blank setup and used puppet module install puppetlabs-apache it would automatically check for dependencies and fetch all of those as well. You can find a ton of other modules on here too. Sometimes I install them from the forge and sometimes I google those modules and find them on git and go right to the source, depending on when they were last released. (Sometimes people add them to forge and forget to ever update them). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Database* resources
Hi folks, I've been staring for a long time now at this issue in the PostgreSQL puppet module, discussing whether to Implement database, database_user, and database_grant provider https://github.com/puppetlabs/puppetlabs-postgresql/issues/27 The bug has been closed and that's a little unsatisfying. database, database_user and database_grant are resources internal to puppet, but only puppetlabs-mysql implements them. It's clear to me that one might have to break compatibility with the current *mysql* module to be able to introduce these resources into puppetlabs-postgresql. I'll explain my patch below, but I'd first like to know if there's any interest in this happening from either puppetlabs-mysql or puppetlabs-postgresql users and developers! I am generally more concerned with puppetlabs-mysql here, because its development seems to have stagnated, judging from the bug reports and the pull requests: http://projects.puppetlabs.com/projects/modules/issues?utf8=%E2%9C%93set_filter=1f[]=status_idop[status_id]=of[]=category_idop[category_id]=%3Dv[category_id][]=234f[]=c[]=trackerc[]=statusc[]=priorityc[]=subjectc[]=assigned_toc[]=fixed_versiongroup_by= https://github.com/puppetlabs/puppetlabs-mysql/pulls * * * * My take on this (see attachment or this paste: http://apaste.info/jH0C ) is to first add the ability to use host/netmask or network/netmask as mysql $host that the mysql user is connecting. This is something that mysql can do, even though it's not often used, it seems, but it's pretty much standard in PostgreSQL land's pg_hba.conf. I'm using the # as new seperator instead of / That's where I break compatibility, but that's also what makes the regex instantly more readable, because I avoid the dreaded toothpicks. That's all from me. I ♥ly welcome your comments, -- i Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. diff --git Modulefile Modulefile index dc5b34a..be99591 100644 --- Modulefile +++ Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-mysql' -version '0.6.1' +version '0.7.0' source 'git://github.com/puppetlabs/puppetlabs-mysql.git' author 'Puppet Labs' license 'Apache 2.0' diff --git README.md README.md index 90f7151..33063f7 100644 --- README.md +++ README.md @@ -123,7 +123,9 @@ The custom resources can be used in any other manifests: password_hash = mysql_password('foo') } -database_grant { 'user@localhost/database': +database_grant { 'user@host/netmask#database': + # note that /netmask is optional. This is also a backwards-incompatible to 0.6.x and lower + # It was done to create, instead, compatibility with PostgreSQL's database_grant resource. privileges = ['all'] , # Or specify individual privileges with columns from the mysql.db table: # privileges = ['Select_priv', 'Insert_priv', 'Update_priv', 'Delete_priv'] diff --git lib/puppet/provider/database_grant/mysql.rb lib/puppet/provider/database_grant/mysql.rb index 3989e1f..564dfc7 100644 --- lib/puppet/provider/database_grant/mysql.rb +++ lib/puppet/provider/database_grant/mysql.rb @@ -1,7 +1,10 @@ # A grant is either global or per-db. This can be distinguished by the syntax # of the name: # user@host = global -# user@host/db = per-db +# user@host#db = per-db +# n.b.: host can have an optional /network part: +# user@host/32 = global +# user@host/24#db = per-db Puppet::Type.type(:database_grant).provide(:mysql) do @@ -51,7 +54,7 @@ Puppet::Type.type(:database_grant).provide(:mysql) do # this parses the def split_name(string) -matches = /^([^@]*)@([^\/]*)(\/(.*))?$/.match(string).captures.compact +matches = /^([^@]*)@([^#]*)(#(.*))?$/.match(string).captures.compact case matches.length when 2 { diff --git lib/puppet/type/database_grant.rb lib/puppet/type/database_grant.rb index 965695b..6bb35a7 100644 --- lib/puppet/type/database_grant.rb +++ lib/puppet/type/database_grant.rb @@ -6,7 +6,7 @@ Puppet::Type.newtype(:database_grant) do autorequire :database do # puts Starting db autoreq for %s % self[:name] reqs = [] -matches = self[:name].match(/^([^@]+)@([^\/]+)\/(.+)$/) +matches = self[:name].match(/^([^@]+)@([^#]+)#(.+)$/) unless matches.nil? reqs matches[3] end @@ -17,7 +17,7 @@ Puppet::Type.newtype(:database_grant) do autorequire :database_user do # puts Starting user autoreq for %s % self[:name] reqs = [] -matches =
Re: [Puppet Users] Database* resources
Implement database, database_user, and database_grant provider https://github.com/puppetlabs/puppetlabs-postgresql/issues/27 The bug has been closed and that's a little unsatisfying. database, database_user and database_grant are resources internal to puppet, but only puppetlabs-mysql implements them. Actually ... its still open. I'll explain my patch below, but I'd first like to know if there's any interest in this happening from either puppetlabs-mysql or puppetlabs-postgresql users and developers! I am generally more concerned with puppetlabs-mysql here, because its development seems to have stagnated, judging from the bug reports and the pull requests: I think overall it would be a positive move. ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problems with puppetdb and SSL
Seems like to me the SSL loaded into PuppetDB (the port 8081 you mention) is not valid. A simple activity would be to use our provided tool to reload the certificates again: * Move /etc/puppetdb/ssl to ssl.bak to preserve the original * Backup /etc/puppetdb/conf.d/jetty.ini to say jetty.ini.bak to preserve the original again * Run puppetdb-ssl-setup -f This will try to obtain the certificates from your puppet agent installation and load them into the relevant keystores for PuppetDB. If this doesn't help, let me know. ken. On Fri, May 31, 2013 at 10:36 PM, gen...@allantgroup.com andyr...@gmail.com wrote: When I run openssl s_client -host puppet -port 8081 -CAfile /etc/puppet/ssl/certs/puppet.fqdn I get Verify return code: 21 (unable to verify the first certificate). If I run the same command, but use port 8140 to connect to puppet, I get a return code of 19 (which is correct). I believe that, if I fix this SSL problem then it would fix my main problem which is : Report processor failed: Failed to submit 'store report' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet master fails to set selinux context on /etc/puppet/auth.conf
I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I keep getting these messages in the log: (every 30 minutes) Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/manifests/site.pp Jun 3 11:24:55 yoda puppet-master[20292]: Starting Puppet master version 3.2.1 Currently, selinux is running in permissive mode, and the actual selinux context for these files is: -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 auth.conf -rw-r--r--. root root system_u:object_r:puppet_etc_t:s0 auth.conf.rpmnew -rw-r--r--. root root system_u:object_r:puppet_etc_t:s0 fileserver.conf drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 manifests drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 modules -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 puppet.conf restorecon sets all files in the subdirectories to unconfined_u. puppet master runs as root, so it should be able to modify the file labels. Anyone have any idea why these messages keep popping up? and how to fix the problem? Admittedly, I can just change the file labels manually, but that doesn't solve the underlying problem. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet 2.7 deprecation warnings
On 03/06/13 04:30 AM, Marc wrote: *Type 2:* /puppet-master[6246]: Dynamic lookup of $apache_ldap_auth is deprecated. For more information, see http://docs.puppetlabs.com/guides/scope_and_puppet.html. To see the change in behavior, use the --debug flag./ / / As you can see, type 2 has no reference to the code. Am I right to assume that type 2 logs are related to ruby functions or .erb templates? one way to have a better idea what causes the error is to run with --debug to see the full trace. -- Gabriel Filion signature.asc Description: OpenPGP digital signature
Re: [Puppet Users] ssh_authorized_key filling /var/log/messages
On Saturday, June 1, 2013 1:59:36 PM UTC-6, Stefan Schulte wrote: On Fri, 31 May 2013 15:56:30 -0700 (PDT) Marek Dohojda chr...@gmail.com javascript: wrote: Having weird issue that I can't seem to find any solution to: puppet 2.7.21 and 2.6.9 here is my stanza: ssh_authorized_key{ �$name�: ensure = present, name = $name, key = $key, type = $type, user = $name, require = File[$myhome/.ssh] } a common pitfall is that name contains spaces (at least trailing spaces should cause issues) or that people specify the key parameter as something like ssh-rsa B3NzaC1kc3MAAA while instead you have to specify B3NzaC1kc3MAAA as the key and ssh-rsa as the type. So does `$key` contain any spaces? Does `$name` contain any trailing spaces? Can you please post one of the entries that is filling up your /var/log/messages? -Stefan I wish it was so simple :) I ensured the keys are fine, and there are no spaces. here is a sample (sanitized) (/Stage[main]/class/class::Mkuser[user]/Ssh_authorized_key[user]/ensure) created -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet Tutorial: Learning - Manifests
Fellow Puppet Users, I was assigned to learn how puppet works to integrate it into our department and I am trying to go through the tutorial. I am a beginner in IT work and am slowly starting to understand these processes. Right now I am stuck on the last part of the Manifests tutorial, found at the bottom of this page: http://docs.puppetlabs.com/learning/manifests.html. I am on the first exercise, where it instructs the user to write and apply a manifest to install tge Apache package (httpd), then make sure the Apache service (also httpd) is running. I feel as if I am on the right track, but after hours of googling and research, I was pulled in a few different directions. If anyone could explain this in as detailed and simple of a way possible to help me through this, it would be extremely appreciated. Attempt 1: # /root/learning-manifests/1.apache.pp package {‘httpd’: ensure = latest, } Service {httpd’: ensure = stopped, enable = false, } Attempt 2: # /root/learning-manifests/2.apache.pp package {‘apache’: ensure = present, } service {‘httpd’: ensure = running, } Attempt 3: # /root/learning-manfiests/3.apache.pp class {‘apache’: } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Problems with puppetdb and SSL
Thanks, that solved the ssl problem. Andy On Friday, May 31, 2013 4:36:04 PM UTC-5, gen...@allantgroup.com wrote: When I run openssl s_client -host puppet -port 8081 -CAfile /etc/puppet/ssl/certs/puppet.fqdn I get Verify return code: 21 (unable to verify the first certificate). If I run the same command, but use port 8140 to connect to puppet, I get a return code of 19 (which is correct). I believe that, if I fix this SSL problem then it would fix my main problem which is : Report processor failed: Failed to submit 'store report' command for puppet1.allantgroup.com to PuppetDB at fqdn:8081: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=fqdn] I have puppetdb in the dns_alt_names line in puppet.conf Why does it work on 8140. but not 8081? How can I fix this problem? Thanks, Andy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Tutorial: Learning - Manifests
Attempt 2 is on the right track. What OS are you on and what error messages in particular are you running into? On Monday, June 3, 2013 9:17:35 AM UTC-7, Alexandra Ferguson wrote: Fellow Puppet Users, I was assigned to learn how puppet works to integrate it into our department and I am trying to go through the tutorial. I am a beginner in IT work and am slowly starting to understand these processes. Right now I am stuck on the last part of the Manifests tutorial, found at the bottom of this page: http://docs.puppetlabs.com/learning/manifests.html. I am on the first exercise, where it instructs the user to write and apply a manifest to install tge Apache package (httpd), then make sure the Apache service (also httpd) is running. I feel as if I am on the right track, but after hours of googling and research, I was pulled in a few different directions. If anyone could explain this in as detailed and simple of a way possible to help me through this, it would be extremely appreciated. Attempt 1: # /root/learning-manifests/1.apache.pp package {‘httpd’: ensure = latest, } Service {httpd’: ensure = stopped, enable = false, } Attempt 2: # /root/learning-manifests/2.apache.pp package {‘apache’: ensure = present, } service {‘httpd’: ensure = running, } Attempt 3: # /root/learning-manfiests/3.apache.pp class {‘apache’: } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Problem executing puppet device
Hi all, I have started with puppet recently and the intention is to manage network devices, for now I'm working with a switch (cisco catalyst 2950) and trying to configure ports. I installed puppet following the installation guide on puppetlabs.com OS: CentOS 6 Services running: puppetmaster puppet Puppet version: 3.2.1 When I execute puppet device -v I have the following output # puppet device -v Info: starting applying configuration to switch1 at telnet://root:password@192.168.33.93/ Info: Retrieving plugin Info: Caching catalog for switch1 Info: Applying configuration version '1370281505' Error: Could not prefetch interface provider 'cisco': Unknown switchport mode: dynamic desirable for FastEthernet0/1 Notice: /Stage[main]//Node[switch1]/Interface[Fa0/1]/description: defined 'description' as 'Hello Switch' Error: /Stage[main]//Node[switch1]/Interface[Fa0/1]: Could not evaluate: undefined method `command' for #Puppet::Type::Interface:0x7fc7cc1b7e48 Notice: Finished catalog run in 12.81 seconds --- Content of device.conf: [switch1] type cisco url telnet://root:password@192.168.33.93/ --- Content of site.pp: #import templates import node Content of node.pp node switch1{ interface { Fa0/1: description = Hello Switch } } - I can telnet the switch at that IP directly from the terminal and able to change configuration. Is there anything else which needs to be configured? or am I doing something wrong? Please help me out, stuck with this error from 2 days. I appreciate your time and help Thanks, Vatsa -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Tutorial: Learning - Manifests
Hi Alexandra, Attempt 2 is on the right track. The thing to keep in mind here is that the package and service types both rely on the platform's own naming conventions, so you'll often have to do a bit of research when you're first starting to automate a new service or whatever. In this case, you must find out what names your target platform uses for the Apache package, and the Apache service. On CentOS, I believe they're both called httpd, so in that case, your package resource currently has the wrong title. (On Debian-like systems, I think the package and service names are apache2 instead.) Also, there's a 50% chance that the manifest you're writing will fail on the first run and then succeed on the second run, so be ready for that. The reason for this is covered in the NEXT learning puppet chapter, Ordering. Good luck, N -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: PuppetDB 1.3.2 Available
PuppetDB 1.3.2 is now available for download! This is a very minor compatibility release for the 1.3 series of PuppetDB. === ## Downloads ## === Available in native package format at: http://yum.puppetlabs.com and http://apt.puppetlabs.com Puppet module: http://forge.puppetlabs.com/puppetlabs/puppetdb Source (same license as Puppet): http://github.com/puppetlabs/puppetdb/ # Documentation (including how to install): http://docs.puppetlabs.com/puppetdb/1.http://docs.puppetlabs.com/puppetdb/1.2 3 # Issues can be filed at: http://projects.puppetlabs.com/projects/puppetdb/issues # See our development board on Trello: http://links.puppetlabs.com/puppetdb-trello ## PuppetDB 1.3.2 Release Notes ## Bug fixes: * Size of column `puppet_version` in the database schema is insufficient There is a field in the database that is used to store a string representation of the puppet version along with each report. Previously, this column could contain a maximum of 40 characters, but for certain builds of Puppet Enterprise, the version string could be longer than that. This change simply increases the maximum length of the column. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet reading/compiling production when using other environments
On Monday, May 13, 2013 3:56:02 PM UTC-4, LTH wrote: We have several servers using various environments. However we have noticed when a server requests any of the non-production environments, that the production environment's last access time still changes along with the specific environment's last accessed time. In our particular case we were also troubleshooting a custom fact that in spite of being completely removed from the development environment, puppet complained about it until we also removed it from the production environment. Do we have something set up incorrectly, is this an intentional behavior, or is something else going on? From our reading of the O'Reilly book, Puppet Types and Providers this is a known behavior. :( -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Pre-commit hooks for your modules?
Here is what I have: Essentially I use the command line tools instead of ruby functions. This tells me exactly where the problem is down to the line number. +1 for checking the erb files, I'll have to add that to my script. I have the json check for my hieradata since I keep hiera in JSON format. https://gist.github.com/logicminds/5700014 On Monday, December 10, 2012 2:27:26 PM UTC-8, Jakov Sosic wrote: Hi. I was wondering what kind of precommit hooks are you guys using? Here's what I've come up to in last hour: $ cat .hg/hgrc | grep -A 1 hooks [hooks] pretxncommit.puppet = .hg/check_puppet.rb $ cat .hg/check_puppet.rb #!/usr/bin/ruby def puppet_parser_validate(file) if !system('puppet parser validate ' + file + ' /dev/null 21') print('Syntax error in file: ' + file + \n) system('puppet parser validate ' + file) exit(1) end end def puppet_lint(file) if !system('puppet-lint --no-80chars-check ' + file + ' /dev/null 21') print('Coding style error in file: ' + file + \n) system('puppet-lint --no-80chars-check ' + file) exit(1) end end def puppet_erb_check(file) if !system('erb -x -T \'-\' ' + file + ' | ruby -c /dev/null 21') print('Syntax error in erb template: ' + file + \n) system('erb -x -T \'-\' ' + file + ' | ruby -c') exit(1) end end # go through list of files, and call adequate checks IO.popen('hg status').readlines.each { |file| file.sub!(/^\w (.*)\n/,'\1') if file.match('.pp$') puppet_parser_validate file puppet_lint file elsif file.match('.erb$') puppet_erb_check file end } These are very basic checks, but I would like to implement also something like checking if file from 'source =' is present in module's files/ or if template from manifest is present in templates/ and things like that. Do you have any other ideas? -- Jakov Sosic www.srce.unizg.hr -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Unable to generate certificate on Puppet Agent through Master
I got mine solved...on puppet labs enterprise edition.. On each Client which is not connecting right …giving that error on puppet agent -t cd /etc/puppetlabs/puppet/ ssl rm -rf ca certs public_keys certificate_requsts private_keys # make sure all files removed from SSL dir puppet agent –t # this will run a few minutes the first time. THEN On server: puppet cert clean p11.mync.com puppet cert list cd /etc/init.d/ ./pe-httpd restart puppet cert list puppet cert sign –a # if you recognize all the servers in your cert list. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: optional defined type and dependencies
There's a third way, too. In the defined type's definition: define software::mydefinedtype { include software Package['software'] - Software::Mydefinedtype[$title] ... ...etc. } That creates a relationship between the package and every resource in each instance of the defined type. Every instance you declare will create its own relationships. This approach has the concision of the second example you were considering, but works more like the first example. Also: One doubt about method 2: at http://docs.puppetlabs.com/puppet/3/reference/lang_relationships.html, I can read: If one of the resources in a relationship is never declared, compilation will fail with one of the following errors [...] I suppose that this doesn't apply in case of resources chained through resource collectors, does it? I'm asking because, even without declarations of instances of the defined type, I got no such errors. Yeah, with a collector that doesn't catch anything, a chaining statement won't create any relationships, and shouldn't blow up. N -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Exported Resources
Need some assistance with what I believe is a requirement that can be solved using Exported Resources (or maybe there is another method which is better suited). I have a module svn::server::init. This module can be called with a parameter is_master which defines whether it is a master SVN server or a slave SVN system. What I need to be able to do is report back all the nodes that are called with is_master = false so that the master is aware of all the slaves. The solution I had some up with was the following: if $is_master { File | tag == 'svn_slave' | { } } else { @@file { $svn::params::c_path/slave.$hostname: content = hostname = $fqdn\nip = $ipaddress\n, tag = 'svn_slave', } } So basically what that does is export a file /etc/subversion/slave.HOSTNAME for every client. The master then realizes those and creates a file for each client in /etc/subversion. That works pretty well. But my issue is that I need to use the hostname/FQDN of each client in a template (generating hooks to mirror the repos to each slave that is out there). Thinking of how to do this I thought well I could write a FACT that then parses those /etc/subversion/slave.HOSTNAME files. Is that the best way to do that? Or is there a way through exporting a resource that I could get the details directly in my manifest? If I wrote a fact to do it I would essentially have to run puppet twice in order to spin up a new slave. First run would create the /etc/subversion/slave.HOSTNAME file and second run that would be included in the fact (first run it wouldn't because the file didn't exist yet). Thanks for your help -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Lock file /var/lib/puppet/state/puppetdlock
We are also having this similar issue with v2.7.10.1. Short term fix is deleting the lockfile that hasn't updated in 2x{puppet-run-cycle} and restarting puppet. On Tuesday, February 10, 2009 2:25:53 AM UTC-8, Keith Edmunds wrote: I'm just starting a roll out of Puppet and I'm seeing a problem on maybe 25% of client nodes. The symptoms are that the clients stop updating. In the Puppetmaster log, I'm seeing things like: Feb 9 20:10:23 vs4 puppetmasterd[17942]: Compiled catalog for in 0.05 seconds Feb 9 20:40:41 vs4 puppetmasterd[17942]: Compiled catalog for in 0.05 seconds Feb 9 21:11:16 vs4 puppetmasterd[17942]: Compiled catalog for in 1.83 seconds Feb 9 21:41:37 vs4 puppetmasterd[17942]: Compiled catalog for in 0.91 seconds These are all for the same client; everything appears normal until 21:41, then no more checks from the client (it's now 10:17 on Feb 10). On the client, I tried running puppetd manually: # puppetd -t notice: Lock file /var/lib/puppet/state/puppetdlock exists; skipping catalog run A look at the lock file: # ls -l /var/lib/puppet/state/puppetdlock -rw-r--r-- 1 root root 5 2009-02-09 22:11 /var/lib/puppet/state/puppetdlock ...shows that it was probably created at the next run after the last one logged on the Puppetmaster (above). Looking at the lock file: # echo $(cat /var/lib/puppet/state/puppetdlock) 32400 # ps -fp 32400 UIDPID PPID C STIME TTY TIME CMD root 32400 1 0 Feb06 ?00:01:41 ruby /usr/sbin/puppetd -w 5 ...shows that the puppetd is still running. Why would the lock file be created and not subsequently deleted? If it helps, it is likely that the Puppetmaster was very busy at that time, but even so I would expect the client to deal with that graciously. Maybe related, maybe not: I can't stop puppetd in the usual way: # /etc/init.d/puppet stop Stopping puppet configuration management tool. # ps -fp 32400 UIDPID PPID C STIME TTY TIME CMD root 32400 1 0 Feb06 ?00:01:41 ruby /usr/sbin/puppetd -w 5 If I 'kill -9' the puppetd process, remove the /var/run/puppetd.pid file and remove the lock file, I can restart puppetd and it runs OK for a while, but eventually the puppetdlock file causes this problem again. Versions: 0.24.5-3, the Debian Lenny package compiled for Debian Etch. Grateful for any suggestions / pointers / etc. Thanks, Keith -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.