[Puppet Users] Re: Packages for Ubuntu 13.04 (raring)

[Vlad]

Any news about the packages for Raring?

On Monday, June 10, 2013 10:24:25 AM UTC-5, Andreas Ntaflos wrote:
>
> It seems there are no packages available for Ubuntu 13.04. There is a 
> puppetlabs-release package for raring, but except for that the directory 
> http://apt.puppetlabs.com/pool/raring/main/p/ is empty. 
>
> I see no packages anywhere else for 13.04, only the ones in the official 
> Ubuntu repos. This doesn't seem right, does it? 
>
> Andreas 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Could not request certificate: Error 405 on SERVER

[Don Harden]

Hello,

I followed the instructions on puppetlabs to install puppet 3.2.1 and 
Passenger on RedHat 6.4 x86_64.
http://docs.puppetlabs.com/guides/installation.html
http://docs.puppetlabs.com/guides/passenger.html

I also installed puppet 3.2.1 on a RedHat 5.6  as the client.

I finally got puppet agent to successfully retrieve the catalog from the 
master and apply it when using  WEBrick.  But when using apache and 
Passenger 4.05 and got the same 405 error above.  I saw your post and 
downgraded to Passenger 3.0.21 per your instructions, but I still have the 
same 405 error.

client > puppet agent --test --verbose --server vm1415701.bwi40g.vzbi.caas
Info: Creating a new SSL certificate request for vm1340701.bwi40g.vzbi.caas
Info: Certificate Request fingerprint (SHA256): 
31:AE:B8:AC:F5:01:D3:C7:5B:83:7C:3A:9E:87:AC:5C:24:C7:E3:E0:89:63:0D:B4:0E:AD:E5:9B:95:F5:52:E5
Error: Could not request certificate: Error 405 on SERVER: 

405 Method Not Allowed

Method Not Allowed
The requested method PUT is not allowed for the URL 
/production/certificate_request/vm1340701.bwi40g.vzbi.caas.

Apache/2.2.15 (Red Hat) Server at vm1415701.bwi40g.vzbi.caas Port 
8140


Exiting; failed to retrieve certificate and waitforcert is disabled



The Apache logs have these entries:
error:
[Thu Jun 13 18:10:41 2013] [notice] Apache/2.2.15 (Unix) DAV/2 
Phusion_Passenger/3.0.21 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- 
resuming normal operations
[Thu Jun 13 18:10:59 2013] [error] [client 10.105.80.149] File does not 
exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate
[Thu Jun 13 18:10:59 2013] [error] [client 10.105.80.149] File does not 
exist: 
/usr/share/puppet/rack/puppetmasterd/public/production/certificate_request

access:
[13/Jun/2013:18:10:59 -0400] "GET /production/certificate/ca? HTTP/1.1" 404 
318 "-" "-"
[13/Jun/2013:18:10:59 -0400] "GET 
/production/certificate_request/vm1340701.bwi40g.vzbi.caas? HTTP/1.1" 404 
350 "-" "-"
[13/Jun/2013:18:10:59 -0400] "PUT 
/production/certificate_request/vm1340701.bwi40g.vzbi.caas HTTP/1.1" 405 
373 "-" "-"

Any ideas on what to do next?
Thanks,
Don


On Friday, May 31, 2013 5:05:20 PM UTC-4, Jonathan wrote:
>
> I found a solution for this...use an older version of Passenger, 
> specifically Passenger 3.0.21
>
> To do this I uninstalled the Passenger gem: 
> gem uninstall passenger
>
> Then installed the older version:
> gem install passenger --version 3.0.21
>
> Then rebuilt libraries:
> passenger-install-apache2-module
>
> On Thursday, May 30, 2013 2:19:47 PM UTC-7, Jonathan wrote:
>>
>> Hi all,
>>
>> I have experience using puppet, however I am new to setting puppet up as 
>> it was already done for me in past environments.  I am running into an 
>> issue while trying to set puppet up for the first time on RHEL 6.4.  I was 
>> hoping y'all might be able to help me!
>>
>> I get the following error from the puppet client's /var/log/messages log:
>>
>> May 30 07:06:30 pclient puppet-agent[1458]: Creating a new SSL 
>> certificate request for pclient
>> May 30 07:06:30 pclient puppet-agent[1458]: Certificate Request 
>> fingerprint (SHA256): 
>> 62:1A:83:7D:DA:8B:A5:4B:14:D8:85:CF:D2:87:72:FA:88:9C:F5:88:46:28:3D:59:10:99:30:D8:50:9D:7A:2E
>> May 30 07:06:30 pclient puppet-agent[1458]: Could not request 
>> certificate: Error 405 on SERVER: > 2.0//EN">
>> May 30 07:06:30 pclient puppet-agent[1458]: 
>> May 30 07:06:30 pclient puppet-agent[1458]: 405 Method Not 
>> Allowed
>> May 30 07:06:30 pclient puppet-agent[1458]: 
>> May 30 07:06:30 pclient puppet-agent[1458]: Method Not Allowed
>> May 30 07:06:30 pclient puppet-agent[1458]: The requested method PUT 
>> is not allowed for the URL /production/certificate_request/pclient.
>> <...truncated...>
>>
>> On the puppet master I get stuff like this in the apache logs:
>> [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not 
>> exist: /usr/share/puppet/rack/puppetmasterd/public/production/node
>> [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not 
>> exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadatas
>> [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not 
>> exist: /usr/share/puppet/rack/puppetmasterd/public/production/file_metadata
>> [Thu May 30 07:05:45 2013] [error] [client 192.168.223.129] File does not 
>> exist: /usr/share/puppet/rack/puppetmasterd/public/production/catalog
>> [Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not 
>> exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate
>> [Thu May 30 07:06:31 2013] [error] [client 192.168.223.131] File does not 
>> exist: 
>> /usr/share/puppet/rack/puppetmasterd/public/production/certificate_request/pclient
>>
>> Here is some relevant apache config info:
>> # Only allow high security cryptography. Alter if needed for 
>> compatibility.
>> SSLProtocol All -SSLv2
>> SSLCipherSuite  HIGH:!ADH:RC4

[Puppet Users] Agent revoked and reinstalled, now can't get server to see its new cert

[Josiah Ritchie]

I have a Ubuntu agent that I did all sorts of things to including revoking 
the cert. It was a master for awhile and I played with foreman on it. I 
then went through and apt-get purged all puppet related packages and 
cleaned out anything left in the file system that had the name "puppet" in 
it including puppet-common, did an apt-get autoremove.

After the cleanup I went to the master and did a 'puppet cert clean 
agent.name' and checked 'puppet cert list --all' to be certain it wasn't 
present, stopped apache2 and made sure all master and passenger services 
were stopped. Restarted apache2. 

I went back to the agent, 'sudo apt-get install puppet' and 'sudo puppet 
agent -t'. It generated the new key using the name I'd expect and cached 
it, exiting with the message "no certificate found and waitforcert is 
disabled"

I can ping puppet and puppet.mydomain from the agent. It has the proper IP 
set in /etc/hosts. The master can also ping the agent using the appropriate 
name with and without domain.

I went into /var/lib/puppet/ssl/ca/inventory.txt and removed the reference 
to the agent. I confirmed nothing was in 
/var/lib/puppet/ssl/certificate_requests and this agent is not 
in /var/lib/puppet/ssl/ca/signed and ca/requests is empty.

I tried 'locate agentname' and found nothing in the file system.

I used tcpdump to confirm that when I run 'puppet agent -t' on the agent it 
does talk to the master and the master talks back on port 8140.

If I run it as 'sudo puppet agent --server puppet.mydomain --no-daemonize 
--onetime --certname testagent.myotherdomain --waitforcert 60', it 
dutifully creates a cert and waits while I go to the master and find 
nothing it the 'puppet cert list'. Every 60 seconds I see 17 packets of 
info passed around.

What else can I do to get this agent back in the pen?

Thanks,
JSR/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Introducing Pysa - Reverse your servers’ configurations!

[Mohit Chawla]

Hello,

Link ? :) Also, is it similar to https://github.com/devstructure/blueprint?

On Thu, Jun 13, 2013 at 6:12 PM, Thibault Bronchain <
thibault.bronch...@gmail.com> wrote:

> Greetings all,
>
> I’m leaving this message about the development of a new configuration
> reverse engineering tool: Pysa.
>
> Pysa aims to help anyone who wants to replicate an existing configuration
> and not simply clone the entire machine.
> It can be use to migrate configurations from one computer to another (as
> physical machines to virtual clouds), backup existing configurations, or
> any other migration purpose.
>
> After scanning your system configuration, Pysa generates some Puppet
> recipes for the basic setup of your servers: groups, users, hosts,
> packages, configuration files, SSH keys, services, crons, source
> repositories, etc.
> From this starting point you can modify the scripts to suit your exact
> requirements.
>
> Pysa is open-source software (GNU/GPL license) published under
> MadeiraCloud Ltd. Authority, and is still in its early-development stage
> (alpha release).
> Please don’t hesitate to report any bugs, requirements, advice,
> criticisms, hate or love messages to either pysa-user@googlegroups.comfor 
> public discussions and
> p...@mc2.io for private messages.
>
> We depend on your feedback to help make this a useful tool for the
> community.
>
> Best Regards,
>
> Thibault BRONCHAIN
> Pysa Lead Developer
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet Windows package not seeing DisplayName in Registry?

[Reginald Choudari]

IdentifyingNumber : {FC835376-FF3B-4CAA-83E0-2148B3FB7C98}
Name  : SQL Server 2008 R2 SP2 Common Files
Vendor: Microsoft Corporation
Version   : 10.52.4000.0
Caption   : SQL Server 2008 R2 SP2 Common Files

On Thursday, June 13, 2013 11:51:51 AM UTC-4, Kevin D wrote:
>
> I don't think that I understand.
>
> Can you please provide the output?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet Windows package not seeing DisplayName in Registry?

[Kevin D]

I don't think that I understand.

Can you please provide the output?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet Windows package not seeing DisplayName in Registry?

[Reginald Choudari]

Kevin,

My apologies, I failed to mention that the record for the installer was 
outputted from the powershell command.

Thanks,
Reginald

On Thursday, June 13, 2013 10:58:52 AM UTC-4, Kevin D wrote:
>
> Can you also provide the output from this powershell command:
>
> Get-WmiObject -class win32_product | Where-Object {$_.name.contains("SQL 
> Server 2008")}
>
> If a record for the installer isn't in the registry location 
> "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" or 
> the WMI Win32_Product class, the package may not have installed properly.  
> Can you install the package manually and get these values?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Error: Could not retrieve catalog from remote server: Error 400 on SERVER: A JSON text must at least contain two octets! at /etc/puppet/manifests/site.pp:4 on node irnode

[KC1987]

Hi everyone. 

I am receiving an error on this line:

hiera_include('classes')

According to documentation here: 
http://docs.puppetlabs.com/hiera/1/puppet.html#hiera-lookup-functions it 
seems to the standard way to call hiera_include.

Has anyone run into this issue? It only happens after a single puppet run.

Thank you

Kyle C

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet Windows package not seeing DisplayName in Registry?

[Kevin D]

Can you also provide the output from this powershell command:

Get-WmiObject -class win32_product | Where-Object {$_.name.contains("SQL 
Server 2008")}

If a record for the installer isn't in the registry location 
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" or 
the WMI Win32_Product class, the package may not have installed properly.  
Can you install the package manually and get these values?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Could not find default node or by name

[espeake97]

I am having the same issue.  The node it says it can't find is my puppet 
master.  when I apply the manifests on my puppet master it says cannot find 
the name of my puppet master.

Really weird.

Eric

On Thursday, November 4, 2010 7:57:11 AM UTC-5, theirpuppet wrote:
>
> On Nov 4, 12:03 pm, Felix Frank  
> wrote: 
> > 
> > 
> > This is not a network or name resolution issue; your manifest contains 
> > no node definition that fits your client machine. 
> > 
> > Regards, 
> > Felix 
>
> Felix, holy cow! All that effort and it was a typo. I use a regex to 
> group my nodes and I typo'ed on the domain. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: White Paper: Migrating from Redhat satellite server to Puppet + Foreman

[Chuck]

You could also look at the Satellite 6 upsteam project Katello.

http://www.katello.org/

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] defined() implicitly requiring resource reference

[jcbollinger]

On Wednesday, June 12, 2013 9:15:22 AM UTC-5, Tom Lanyon wrote:
>
> On 05/06/2013, at 11:51 PM, jcbollinger [...] wrote: 
> > I don't much like that general approach in the first place on account of 
> the $requested_package parameter.  That you encounter difficulty when you 
> try something a bit dodgy should not be surprising. 
>
> Can you explain this further so I can understand the issue? 
>
>

Initially, it was mostly a gut feeling.  After having had time to step back 
from the issue and return to it fresh, I think it's a combination of 
things, mostly revolving around what you're actually modeling, and how 
you're modeling it.

Basically, the 'myapp' definition represents one package chosen from a list 
of mutually exclusive packages.  If that's all it is, then its name is 
misleading -- it should be more generic -- and it should probably take the 
exclusive list as a second parameter.  On the other hand, if it is indeed 
supposed to be something specific, then it doesn't take much advantage of 
that.  In particular -- and here's where my previous comment came from -- 
if it supposed to represent something specific to your application, then 
why doesn't it know anything about the application's package names?

Also, if the point is supposed to be that only one version of the 
application can be installed at a time, and the definition is specific to 
that application, then it really ought to be a class instead.
 


> > In fact, despite my dissatisfaction with your approach, you can indeed 
> do this without defined(), and without even disrupting your current 
> structure very much.  Here's one way I think would work: 
> > 
> > # This class ensures all known app packages are 
> > # by default purged 
> > class app::packages { 
> >$apps = split($::app_packages, ',') 
> >package { $apps: 
> >ensure => 'purged' 
> >} 
> > } 
> > 
> > # Overrides the requested package to be declared 
> > # present instead of purged. 
> > define app::myapp($requested_package) { 
> >include 'app::packages' 
> >Package<| title == $requested_package |> { 
> >ensure => 'present' 
> >} 
> > } 
> > 
> > # no separate package_cleanup required 
>
>
> OK, I wondered whether we could do something like this however - forgive 
> my naivety - I still can't see how this could be a complete solution 
> without something like defined(). 
>
> As an example... your above snippet works fine to ensure already installed 
> packages remain installed, but what if we wanted to install a brand new 
> version of app::myapp?  Because a 'package' resource with title 
> $requested_package does not yet exist, the Package<||> collector matches no 
> resources and the new package is not installed.  The only solution that I 
> can come up with is to check whether such a resource is already defined 
> and, if not, define one. 
>
>

You appear to have a serious misunderstanding.  Resource collectors have no 
direct relationship with or dependency on which resources are already 
installed on the target system.  They work exclusively with resource *
declarations* in your manifests, and they do so at catalog compilation 
time.  Moreover, they are independent of parse order (though the example 
anyway ensures a parse order that would work if collectors were parse-order 
dependent).

Explanation of the example:

   - class app::packages declares all of the possible application packages, 
   specifying the intended state for each one as 'purged'.  If that is the 
   only thing applied to the target node then it will cause the removal of 
   each and every one of those packages that is installed.  ('purged' is 
   stronger than 'absent'.  The former is more sure to remove the specified 
   package, but the latter takes care to avoid causing any other packages to 
   be removed, and therefore fails if any other package depends on the target 
   package.)  It is necessary that the list of possible packages include every 
   one that you may want to have installed, so it needs to be updated whenever 
   you introduce a new one that you want to manage.  That was already a 
   requirement for you, however, whether you recognized it or not.
   - Resources of defined type app::myapp ensure that class app::packages 
   is declared on the target node (by declaring it itself)
   - Resources of defined type app::myapp override the declaration of the 
   target package (made by class app::packages) so that its target state is 
   'present' instead of 'purged'.  This will cause it to be installed if it is 
   not already present, and will avoid removing it if it is present.
   - To use the example, simply declare one or more instances of app::myapp 
   for the target node, either in a node block or in some class assigned to 
   the node.  You may also declare class app::packages directly for any node, 
   whether or not they declare any app::myapp instances.  That is useful if 
   you have nodes on which you want to ensure that no versio

[Puppet Users] puppet: 3.1.1 -> 3.2.1 load increase

[christian . le . flamm]

Hi,
I recently updated from puppet 3.1.1 to 3.2.1 and noticed quite a bit of 
increased load on the puppetmaster machine. I'm using 
the Apache/passenger/rack way of puppetmastering. 
Main symptom is: higher load on puppetmaster machine (8 cores): 

   - 3.1.1: around 4
   - 3.2.1: around 9-10
   
Any idea why there's more load on the machine with 3.2.1?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Can't find source of "Removing mount" errors

[jcbollinger]

On Thursday, June 13, 2013 1:34:32 AM UTC-5, denmat wrote:
>
> Hi, 
>
> You sure that a grep for 'mount' through your manifest finds nothing? 
>
>
Yes, that's what I was about to recommend.  And it is necessary to check 
all manifest locations -- the 'manifests' subdirectory of every directory 
in the module path (recursively), the entry-point manifest (normally 
site.pp), and every manifest 'import'ed by any of those manifests 
(recursively).

It is not sufficient to search for the mount-point directory names, because 
these do not necessarily exist as complete strings anywhere in the 
manifests.  They may instead be assembled at need from two or more parts, 
one or both of which may be variables.  Some variables involved could even 
be provided by Puppet rather than declared in any manifest.

I can think of at least one way to obfuscate manifests so that the 'mount' 
resource type name would not appear either, but I cannot imagine that 
happening accidentally, and I'm not up for helping overcome intentional 
manifest obfuscation.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] How to apply puppet manifests toa remote host?

[Sirisha]

Hi All,

Am new to puppet and started writing simple  manifest files.

I have setup Server/Client mode for puppet and when I try to apply my 
manifest to local machine using "puppet agent" everything works well.

Is there any option to apply the manifests to a remote machine without ssh 
into the machine?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: White Paper: Migrating from Redhat satellite server to Puppet + Foreman

[Stephen Benjamin]

Hi,

Interesting paper.   For full disclosure, I do work for Red Hat, so you 
know, I could be biased :)

I agree about Puppet being miles ahead for configuration.  For customers 
who can, I think they should rely on Puppet instead of Satellite for 
configuration, unless they have simple needs.

But I prefer Satellite's software management.

There's no reason you can't use Satellite alongside the Foreman or with 
plain Puppet.  I have many customers who do, and I do on my own home 
network.  The hybrid approach works well. You can, of course, leave 
Satellite to setup your own roll your own yum repos with mrepo/grindr, or 
using Pulp.  IMHO, I think you spend a lot of effort for a solution that's 
not as good.

Cloned channels, for the moment, is really the best way to lock multiple 
systems to the same versions.  A roll-your-own with yum repos makes that 
difficult --  you're left with having multiple copies of everything on the 
filesystem.  For Pulp, you need at least 2 copies of all the software (the 
mrepo/grindr dump, and the internal pulp copy).  Pulp does has similar 
features like cloned channels but last time I looked it wasn't as mature as 
Satellite's. I also remember having quite a bit of difficulty getting 
install trees to import correctly into Pulp.

Satellite also gives you a really nice view into the latest errata, 
including security updates, and the ability to compare systems and look at 
their package profiles in detail.

Overall, I think patch management plan needs a closer look in your solution.

As far as the list of complaints about Satellite, I disagree with most. 
 There's two pages of complaing about Satellite when admittedly, you're 
running this on a pretty old version of Satellite.  Most of your complaints 
could be addressed by just upgrading or understanding the product better. 

Just a few notes about your complaints:

* Reporting for software related information is good - you can see the full 
package set on systems, and do a "diff" of two systems.

* You can see what systems are not checking in quite easily...

* Duplicate node finder was available starting with 5.3 (5.4?) although I 
don't think it's perfect. You're better of making sure you're using 
reactivation keys, which I think are now included in the latest RHN 
registration snippet.

* Inventory? Satellite has *a lot* of information about a system.  For 
custom data you can use key/value pairs.  For example, I have a script that 
syncs Facter info to Satellite: https://github.com/stbenjam/spacewalk-facter

* Speed complaints - TBH, this sounds like there was some underlying 
problems with your Satellite server.  I'd have opened a ticket with Red Hat 
to have them look at it in detail.  Building a new server total time takes 
under 5 minutes for me, including registration to Satellite.

* Kickstart - host renaming from localhost is easily fixed by writing a 
better kickstart, e.g. using 
https://github.com/stbenjam/junk-drawer/blob/master/kickstart/pre_parse_kernel_cmdline.txt
 
and 
https://github.com/stbenjam/junk-drawer/blob/master/kickstart/cmdline_network



- Stephen


On Monday, June 10, 2013 3:04:17 PM UTC+2, Keiran Sweet wrote:
>
> Hi Everyone,
> I've written a paper that captures the approach that we took when moving 
> from Redhat Satellite for configuration and software management to Puppet 
> and Foreman (alongside some other assorted technologies).
>
> The paper contains a number of lessons learnt in the Ruby, Puppet, Foreman 
> and Software deployment spaces that are likely to be useful for other 
> administrators looking to move from Satellite or similar technologies.
>
> It is important to note that whilst this approach to migrating from 
> Satellite server was ideal for this particular business and environment, it 
> is not suitable for everyone. It is also worth mentioning that a number of 
> the Puppet techniques used in this document may no longer be considered 
> best practice as the product evolves rapidly and features that are now 
> available such as hiera did not exist at the time the environment was being 
> designed and deployed. 
>
> The document can be found here: 
> - De-Orbiting Satellite (PDF) - http://goo.gl/0CAcy
>
>
> I hope some of you find this of some use and if you have any questions, 
> feedback, etc feel free to drop me a line.
>
> Cheers,
>
> K
>
> Keiran (at) gmail.com || @keiran_s
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet agent errors for non included module.

[Jeremiah Jester]

Does anyone know why i would get a module error for my 'base' module that 
I'm not even including for a node?  I'm explicitly NOT include the 'base', 
yet puppet-client-t2 still errors when i pull it in. Snips from both are 
below. Any ideas why this would happen?

Thanks,
JJ



site.pp file

[root@puppet-master-t1 puppet]# cat manifests/site.pp 
node 'puppet-client-t1' {
include base
include base::firewall
}
node 'puppet-client-t2' {
include monitoring
}

puppet agent run on client...

jjest@puppet-client-t2 puppet]$ su -c "puppet agent -t"
Password: 
Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in 
/var/lib/puppet/lib/facter/iptables_persistent_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/ip6tables_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/iptables_version.rb
*Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find data item rsfw_rules in any Hiera data file and no default 
supplied at /etc/puppet/modules/base/manifests/firewall.pp:1 on node 
puppet-client-t2.mcis.washington.edu*
*Warning: Not using cache on failed catalog*
*Error: Could not retrieve catalog; skipping run*


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] master on multiple bindaddresses?

[Jonathan Reed]

I'm trying to start puppetmaster on both of my tun interfaces 10.10.10.6 
and 10.10.11.6. What is the syntax to support that when I want to avoid 
having it listen on 0.0.0.0?
I tried bindaddress=10.10.10.6, 10.10.11.6. no worky.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Introducing Pysa - Reverse your servers’ configurations!

[Thibault Bronchain]

Greetings all,

I’m leaving this message about the development of a new configuration
reverse engineering tool: Pysa.

Pysa aims to help anyone who wants to replicate an existing configuration
and not simply clone the entire machine.
It can be use to migrate configurations from one computer to another (as
physical machines to virtual clouds), backup existing configurations, or
any other migration purpose.

After scanning your system configuration, Pysa generates some Puppet
recipes for the basic setup of your servers: groups, users, hosts,
packages, configuration files, SSH keys, services, crons, source
repositories, etc.
>From this starting point you can modify the scripts to suit your exact
requirements.

Pysa is open-source software (GNU/GPL license) published under MadeiraCloud
Ltd. Authority, and is still in its early-development stage (alpha release).
Please don’t hesitate to report any bugs, requirements, advice, criticisms,
hate or love messages to either pysa-u...@googlegroups.com for public
discussions and p...@mc2.io for private messages.

We depend on your feedback to help make this a useful tool for the
community.

Best Regards,

Thibault BRONCHAIN
Pysa Lead Developer

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: White Paper: Migrating from Redhat satellite server to Puppet + Foreman

[Keiran Sweet]

Hi There,
At the moment we don't, but it is something we need to look at.

Part of the challenge with this particular environment was that every
system was literally different in configuration and installed package
versions. What I opted to do was pick a modern baseline OS to bring the
whole fleet up to (at the time RHEL 4.9, 5.8 and 6.3), address the
configuration issues with puppet then revisit the issue.

Long term, I think I would look to use mcollective to write/implement a set
of tools that allowed real time reporting of various OS patch levels across
the fleet, and possibly move from the Apache + yum platform that works very
well as a stop gap to pulp for a more streamlined workflow , however it is
still something I need to research further, and patch and package
management currently isn't the lowest hanging fruit in this particular
environment.

One thing Foreman does offer out of the box is some levels of reporting on
fact data, so you can get an idea of fleet composition based on OS release
and sub versions, which is of some use, and better than flying blind as we
were before..

Hope this helps, and if you have ideas or suggestions I'd be keen to hear
them too.

Cheers,

K
On 11 Jun 2013 15:38, "Matthew Reams"  wrote:

> Hi.
>
> I really appreciate this knowledge sharing.  I currently use Spacewalk
> instead of Red Hat Satellite for patch management of my RHEL hosts, but I'm
> not happy with it for configuration management and working towards
> implementing Puppet.  How do you audit and report your current package
> levels on your servers now that you've moved to this new solution?
>
> Thanks!
>
> On Monday, June 10, 2013 9:04:17 AM UTC-4, Keiran Sweet wrote:
>>
>> Hi Everyone,
>> I've written a paper that captures the approach that we took when moving
>> from Redhat Satellite for configuration and software management to Puppet
>> and Foreman (alongside some other assorted technologies).
>>
>> The paper contains a number of lessons learnt in the Ruby, Puppet,
>> Foreman and Software deployment spaces that are likely to be useful for
>> other administrators looking to move from Satellite or similar technologies.
>>
>> It is important to note that whilst this approach to migrating from
>> Satellite server was ideal for this particular business and environment, it
>> is not suitable for everyone. It is also worth mentioning that a number of
>> the Puppet techniques used in this document may no longer be considered
>> best practice as the product evolves rapidly and features that are now
>> available such as hiera did not exist at the time the environment was being
>> designed and deployed.
>>
>> The document can be found here:
>> - De-Orbiting Satellite (PDF) - http://goo.gl/0CAcy
>>
>>
>> I hope some of you find this of some use and if you have any questions,
>> feedback, etc feel free to drop me a line.
>>
>> Cheers,
>>
>> K
>>
>> Keiran (at) gmail.com || @keiran_s
>>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/-74LLSshgpY/unsubscribe?hl=en
> .
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Manage users with Winbind (Samba) installed

[Paul Tötterman]

Hi,

How can I fix it? I need to tell Puppet to remove only users with ID from 
> 1000 to 299 (because from 300 starts winbind mapping) and not to 
> try to remove winbind users
>

Have you considered writing a suitable user provider? 

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] certificate problem [solved]

[Werner Flamme]

Werner Flamme [12.06.2013 18:47]:
> Thank you, Erick,
> 
> the names were correct, I use certname entries in my config.
> 
> The problem was resolved by deleting the node certificate (mv
> /var/lib/puppet/ssl /var/lib/puppet/ssl.original) and recreating it by
> "puppet agent -t".
> 
> I found the solution some minutes after posting here, after rephrasing
> my search... Since I searched in the office and I am at home now, I
> can't provide the URL, but will do so tomorrow (probably).

FTR: The URL I found was
.
I just renamed the ssl directory instead of removing it, and created a
new, empty ssl directory with the same owner and rights as the old one.

Regards,
Werner

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.