Re: [Puppet Users] Puppet under HA Environment
In your situation, I'd be tempted to not run the puppet agent in daemon mode at all so that you can retain full control of when the agents will check in. I can't see how the splay option will help avoid concurrent checkins: Imagine HA node 1 is rebooted for whatever reason and comes back up at 12:00 at which point the puppet agent checks in due to its boot script running. Its splay parameter is set to true, its runinterval is the default 30m and its psuedo-random splay time is 5 mins. It will therefore next check in at 12:35. Now, HA node 2 just so happens to have checked in last at 11:55 and its pseudo-random splay time is 10 mins, so it's going to next check in at 12:35. As you, by definition, cannot control the pseudo-random delay time you cannot guarantee the availability of services managed by Puppet. So, instead of running puppet in daemon mode, I'd look to use something like mcollective to control when the agents check in with the master. Kind Regards, Matt. On 29 August 2013 21:50, rjbutl...@gmail.com wrote: How do I avoid a situation where all of my Linux servers execute a service restart at the same time upon receiving a new configuration change via Puppet? I am trying to avoid any possibility that the service would be unavailable for any length of time. The servers are behind a load balancer. At least one node needs to remain available. Any idea how I might configure Puppet to work in this HA environment? Thank you for your feedback! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
On 30 August 2013 10:42, Matthew Burgess matthew.2.burg...@gmail.comwrote: So, instead of running puppet in daemon mode, I'd look to use something like mcollective to control when the agents check in with the master. You could of course just set up a cron job on each host, ensuring they check in at different times. Kind Regards, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Could not find certificate Error: header too long
I'm having a strange issue: A new machine created this morning showed thi error: ON PUPPET AGENT [root@wso2greg ~]# puppet agent --environment=production --verbose --no-daemonize --debug Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Debug: Puppet::Type::User::ProviderPw: file pw does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist Debug: /User[puppet]: Provider useradd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:links=:follow, :ensure=:fi le, :backup=false, :owner=puppet, :mode=644, :loglevel=:debug, :path=/var/lib/puppet/ssl/certs/ca.pem}' Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:links=:follow, :ensure=:directory, :backup=fals e, :loglevel=:debug, :path=/var/lib/puppet}' Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:links=:follow, :ensure=:directory, :backup=fals e, :mode=755, :loglevel=:debug, :path=/var/run/puppet}' Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:links=:follow, :ensure=:directory, :b ackup=false, :owner=puppet, :loglevel=:debug, :path=/var/lib/puppet/ssl/certs}' Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:links=:follow, :ensu re=:directory, :backup=false, :owner=puppet, :loglevel=:debug, :path=/var/lib/puppet/ssl/certificate_requests}' Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:links=:follow, :ensure=:directory, :back up=false, :loglevel=:debug, :path=/var/lib/puppet/lib}' Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:links=:follow, :ensure=:direc tory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/client_yaml}' Debug: Puppet::Type::Group::ProviderPw: file pw does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist Debug: /Group[puppet]: Provider groupadd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:links=:follow, :ensure=:directory, :group=pupp et, :backup=false, :owner=puppet, :mode=750, :loglevel=:debug, :path=/var/log/puppet}' Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/wso2greg.test.italy.cloudlabcs i.local.pem]{:links=:follow, :ensure=:file, :backup=false, :owner=puppet, :mode=600, :loglevel=:debug, :path=/var/li b/puppet/ssl/private_keys/wso2greg.test.italy.cloudlabcsi.local.pem}' Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:links=:follow, :ensure=:di rectory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/clientbucket}' Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:links=:follow, :ensure=:directory, :backup= false, :owner=puppet, :mode=771, :loglevel=:debug, :path=/var/lib/puppet/ssl}' Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:links=:follow, :ensure=:directory , :backup=false, :loglevel=:debug, :path=/var/lib/puppet/state/graphs}' Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:links=:follow, :ensure=: directory, :backup=false, :owner=puppet, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/ssl/private_keys}' Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:links=:follow, :ensure=:dire ctory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/client_data}' Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:links=:follow, :ensure=:directory, :backup=false, :loglevel=:debug, :path=/etc/puppet}' Debug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/wso2greg.test.italy.cloudlabcsi. local.pem]{:links=:follow, :ensure=:file, :backup=false, :owner=puppet, :mode=644, :loglevel=:debug, :path=/var/lib/ puppet/ssl/public_keys/wso2greg.test.italy.cloudlabcsi.local.pem}' Debug: Using settings: adding file resource 'statedir': 'File[/var/lib/puppet/state]{:links=:follow, :ensure=:directory, :back up=false, :mode=1755,
Re: [Puppet Users] Hiera and hiera-gpg
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk signature.asc Description: Digital signature
[Puppet Users] Get the date and the state of the last run with puppet 2.6
Hi, On Debian Squeeze, I would like to get the date and the state of the last run of puppet agent. On Debian Squeeze, we have: ~# puppet agent --version 2.6.2 Unfortunately, with this version the lastrunfile (/var/lib/puppet/state/last_run_summary.yaml) doesn't exist. Nevertheless, is there a way to get the date and the state of the last run? (maybe with the timestamp of a good file and some grep, sed etc.) Thanks in advance. -- Francois Lafont -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Share data between classes/modules, best practices
On Tuesday, August 27, 2013 7:26:41 PM UTC-5, François Lafont wrote: I thought about another way with the extlookup function. --- snmp: community: extvalue_community monitoring: community: extvalue_community And in a common.csv file: extvalue_community,abcd1234 Then: class snmp { $snmp = hiera_hash('snmp') $community = extlookup($snmp['community']) # and the rest of the class... } class monitoring { $monitoring = hiera_hash('monitoring') $community = extlookup($monitoring['community']) # and the rest of the class... } I don't know if it's good method. Thanks for your help John. -- Francois Lafont I think you're taking an extra step and arriving at the same solution. Eliminate the extlookup step and instead have both modules look at the same variable in hiera. Make it some arbitrary name that doesn't conflict with any module (and hopefully won't in the future either). Then just lookup that value explicitly with the hiera function in any module that needs it. --- snmp_community: abcd1234 class snmp { $snmp_community = hiera('snmp_community') } class monitoring { $snmp_community = hiera('snmp_community') } If you do use a hash like you were using in Hiera, please note that you do not need to use hiera_hash() to get the data unless you're merging that hash up your hierarchy (i.e. Setting part of the hash data in global and setting some more pieces of the hash in another part of the hierarchy that you want to merge together for the final data). hiera() will get the hash just fine but will not merge it up the tree. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Could not find certificate Error: header too long
SOLVED on puppet master there was a 0 size certificate request that caused all the problem even with puppet cert list I got no good output. Removed the unwanted file and all works again. Could it be a not so clear error message? May be telling something more could help solve the problem. Luca Il giorno venerdì 30 agosto 2013 12:27:19 UTC+2, Luca Gioppo ha scritto: I'm having a strange issue: A new machine created this morning showed thi error: ON PUPPET AGENT [root@wso2greg ~]# puppet agent --environment=production --verbose --no-daemonize --debug Debug: Puppet::Type::User::ProviderUser_role_add: file rolemod does not exist Debug: Puppet::Type::User::ProviderPw: file pw does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist Debug: /User[puppet]: Provider useradd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:links=:follow, :ensure=:fi le, :backup=false, :owner=puppet, :mode=644, :loglevel=:debug, :path=/var/lib/puppet/ssl/certs/ca.pem}' Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:links=:follow, :ensure=:directory, :backup=fals e, :loglevel=:debug, :path=/var/lib/puppet}' Debug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:links=:follow, :ensure=:directory, :backup=fals e, :mode=755, :loglevel=:debug, :path=/var/run/puppet}' Debug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:links=:follow, :ensure=:directory, :b ackup=false, :owner=puppet, :loglevel=:debug, :path=/var/lib/puppet/ssl/certs}' Debug: Using settings: adding file resource 'requestdir': 'File[/var/lib/puppet/ssl/certificate_requests]{:links=:follow, :ensu re=:directory, :backup=false, :owner=puppet, :loglevel=:debug, :path=/var/lib/puppet/ssl/certificate_requests}' Debug: Using settings: adding file resource 'plugindest': 'File[/var/lib/puppet/lib]{:links=:follow, :ensure=:directory, :back up=false, :loglevel=:debug, :path=/var/lib/puppet/lib}' Debug: Using settings: adding file resource 'clientyamldir': 'File[/var/lib/puppet/client_yaml]{:links=:follow, :ensure=:direc tory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/client_yaml}' Debug: Puppet::Type::Group::ProviderPw: file pw does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist Debug: /Group[puppet]: Provider groupadd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:links=:follow, :ensure=:directory, :group=pupp et, :backup=false, :owner=puppet, :mode=750, :loglevel=:debug, :path=/var/log/puppet}' Debug: Using settings: adding file resource 'hostprivkey': 'File[/var/lib/puppet/ssl/private_keys/wso2greg.test.italy.cloudlabcs i.local.pem]{:links=:follow, :ensure=:file, :backup=false, :owner=puppet, :mode=600, :loglevel=:debug, :path=/var/li b/puppet/ssl/private_keys/wso2greg.test.italy.cloudlabcsi.local.pem}' Debug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:links=:follow, :ensure=:di rectory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/clientbucket}' Debug: Using settings: adding file resource 'ssldir': 'File[/var/lib/puppet/ssl]{:links=:follow, :ensure=:directory, :backup= false, :owner=puppet, :mode=771, :loglevel=:debug, :path=/var/lib/puppet/ssl}' Debug: Using settings: adding file resource 'graphdir': 'File[/var/lib/puppet/state/graphs]{:links=:follow, :ensure=:directory , :backup=false, :loglevel=:debug, :path=/var/lib/puppet/state/graphs}' Debug: Using settings: adding file resource 'privatekeydir': 'File[/var/lib/puppet/ssl/private_keys]{:links=:follow, :ensure=: directory, :backup=false, :owner=puppet, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/ssl/private_keys}' Debug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:links=:follow, :ensure=:dire ctory, :backup=false, :mode=750, :loglevel=:debug, :path=/var/lib/puppet/client_data}' Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:links=:follow, :ensure=:directory, :backup=false, :loglevel=:debug, :path=/etc/puppet}' Debug: Using settings: adding file resource 'hostpubkey':
Re: [Puppet Users] Re: Share data between classes/modules, best practices
Since I need to store things like Db passwords (used on DB node to create stuff and on the app_server node to establish the connection) I could use either a hash dedicated to generic DB stuff or a hash for passwords and in this way I could also use hiera-gpg All too simple. Thanks Luca Il giorno venerdì 30 agosto 2013 14:15:14 UTC+2, Drew Blessing ha scritto: On Tuesday, August 27, 2013 7:26:41 PM UTC-5, François Lafont wrote: I thought about another way with the extlookup function. --- snmp: community: extvalue_community monitoring: community: extvalue_community And in a common.csv file: extvalue_community,abcd1234 Then: class snmp { $snmp = hiera_hash('snmp') $community = extlookup($snmp['community']) # and the rest of the class... } class monitoring { $monitoring = hiera_hash('monitoring') $community = extlookup($monitoring['community']) # and the rest of the class... } I don't know if it's good method. Thanks for your help John. -- Francois Lafont I think you're taking an extra step and arriving at the same solution. Eliminate the extlookup step and instead have both modules look at the same variable in hiera. Make it some arbitrary name that doesn't conflict with any module (and hopefully won't in the future either). Then just lookup that value explicitly with the hiera function in any module that needs it. --- snmp_community: abcd1234 class snmp { $snmp_community = hiera('snmp_community') } class monitoring { $snmp_community = hiera('snmp_community') } If you do use a hash like you were using in Hiera, please note that you do not need to use hiera_hash() to get the data unless you're merging that hash up your hierarchy (i.e. Setting part of the hash data in global and setting some more pieces of the hash in another part of the hierarchy that you want to merge together for the final data). hiera() will get the hash just fine but will not merge it up the tree. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Problem of ordering with exported files
On Thursday, August 29, 2013 4:59:16 PM UTC-5, François Lafont wrote: Le 28/08/2013 16:53, jcbollinger wrote : As a result, I have deduced that this code below was correct *and* not redundant: # 1. One declaration. file { '/usr/local/puppet_host/list': mode= 440, content = List.\n, } # 2. Another one. File | tag == 'exported' | { mode = 0644, } # 3. Ordering. File['/usr/local/puppet_host/list'] - File | tag == 'exported' | Am I wrong? Yes. The code is at least redundant, in that both appearances of File | tag == 'exported' | specify the inclusion of the matching resources in the target node's catalog, regardless of the fact that they appear in contexts that carry distinct additional implications. Ok, so if I follow your logic, this simple code below is correct and redundant too, isn't it? (and the rendundancy is not a problem) # 1. One declaration. file {'/tmp/test1': ensure = present, content = Hi., } # 2. Another one. notify {'after': message = '/tmp/test1 has already been synced.', } # 3. Ordering. File['/tmp/test1'] - Notify['after'] No, that is not redundant. Resource references do not direct Puppet to include the referenced resources in the target node's catalog. Instead, they depend on those resources being declared by other means, else catalog compilation will fail. Collectors are different, partly because they combine two distinct functions: 1. to realize virtual resources or import exported resources (depending on the form of the collector), and 2. to serve essentially as a reference to the whole group of collected resources It is with respect to the former that collecting the same resources multiple times is redundant, and ordinary resource references do not serve that purpose. Nevertheless, I'm really just trying to rationalize the odd behavior you observed. I would not have expected your original code to exhibit the problems it did, and I think it would be better for Puppet to behave as you expected in this regard. Me too. Don't you think that it can be interpreted as a little bug? (or just a inconsistency?) Yes, I think it would be reasonable to interpret the behavior as buggy. I think you would be justified in filing a bug ticket with PuppetLabs over this. There might even be one already; I didn't check. It's very curious, if I just change the title of the exported files, then the order is as we expect (I give an example in my message #2). I think that's just luck. Your original code clearly does not result in the desired ordering relationship being included in the node's catalog. Where relationships do not constrain the relative order of two resources, Puppet is free to apply them in either order. In practice, it uses an order that is essentially unpredictable, but that remains stable *provided that the affected resources do not change*. Changing resource titles, however, can result in a different order of application. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Best practices for infrastructure
On Thu, Aug 29, 2013 at 9:02 AM, jcbollinger john.bollin...@stjude.org wrote: The master will always choose the node block to use based on the client's SSL certname (spelled $::clientcert in Puppet DSL). Oh, that is considerably safer than what I feared. Thanks for the clarification. My comments earlier in this thread were under the mistaken understanding that the Puppet master in its default behaviour would allow match nodename based on $::hostname. thank you! m -- martin.langh...@gmail.com - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin_Langhoff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.uk wrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] MultiNode Openstack deployement using Puppet Module
Hi All, I want to deploy openstack mult node deployment on 2 physical node with 2 NIC on each of them. I have tried stackforge openstack module. It installed properly but due to some reason i couldn't launch VM instance. Can anyone suggest the proper step by step guide to configure, setup and test Image on Openstack? Also it would be helpful if you provide Network configuration assumption if any. Thanks in advance. JK -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beeworke...@gmail.com wrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Creating Windows services
For posterity, here's what I ended up with (no graceful service stop): $process_name = 'myprocess' $service_name = 'myservice' $package_source = 'C:/source' $package_target = 'C:/target' $service_config = start= auto binPath= \$package_target/bin/$process_name.exe\ $service_exists = powershell get-service -name $service_name Exec { path = $::path } exec { 'create_service': command = sc create $service_name $service_config, unless = $service_exists, } - exec { 'update_service': command = sc config $service_name $service_config, onlyif = $service_exists, } - exec { 'configure_recovery': command = sc failure $service_name reset= 0 actions= restart/1/restart/1/restart/1, } - exec { 'disable_recovery': command = sc failureflag $service_name 0, } - exec { 'stop_service': command = powershell stop-process -name $process_name, returns = [0, 1], } - file { 'copy_package': ensure = directory, force = true, mode = '0600', path = $package_target, purge = true, recurse = true, source = $package_source, } - exec { 'inherit_permissions': command = icacls $package_target /reset /T, } - exec { 'configure_service': command = cmd /C $package_target/config.cmd, } - exec { 'enable_recovery': command = sc failureflag $service_name 1, } - exec { 'start_service': command = sc start $service_name, } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Nagios server automating
Hello, i 'm try automatizando my nagios monitoring i've running puppet with puppetDB and postgres and this running ok. The problem that present in this moment is the nagios structure in the server with generate puppet for example: When I connect my node agent (puppet agent --test) and my nagios server after run (puppet agent --test) generate the archives: /etc/nagios/nagios_host.cfg --- (host definition) [..] # HEADER: This file was autogenerated at Fri Aug 30 17:06:55 -0400 2013 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define host { address10.0.0.133 uselinux-server host_name node5.example.com alias node5 } [..] resource.d/host_node1.example.com.cfg (service monitoring) [..] # HEADER: This file was autogenerated at Fri Aug 30 17:06:54 -0400 2013 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define service { ## --PUPPET_NAME-- (called '_naginator_name' in the manifest) check_users_node1 usegeneric-service service_descriptionnode1_check_users host_name node1.example.com check_command check_nrpe!check_users } [..] But when the service nagios is restarted say error message [..] Error: Could not find any host matching 'node1.example.com' (config file '/etc/nagios/resource.d/host_node1.example.com.cfg', starting on line 4) Error: Could not expand hostgroups and/or hosts specified in service (config file '/etc/nagios/resource.d/host_node5.example.com.cfg', starting on line 4) [..] And the solution is placed (manually) the host definition /etc/nagios/nagios_host.cfg within resource.d/host_node1.example.com.cfg . For example: [..] [root@nagios nagios]# cat resource.d/host_node5.example.com.cfg # HEADER: This file was autogenerated at Fri Aug 30 17:06:54 -0400 2013 # HEADER: by puppet. While it can still be managed manually, it # HEADER: is definitely not recommended. define host { address10.0.0.133 uselinux-server host_name node5.example.com alias node5 } define service { ## --PUPPET_NAME-- (called '_naginator_name' in the manifest) check_users_node5 usegeneric-service service_descriptionnode5_check_users host_name node5.example.com check_command check_nrpe!check_users } [..] My export class is (node information) is: [..] class nagios::export { @@nagios_host { $::fqdn: ensure = present, alias = $::hostname, address = $::ipaddress, use = linux-server, notify = Service[nagios], } @@nagios_service { check_users_${hostname}: # check_command = check_ping!100.0,20%!500.0,60%, check_command = check_nrpe!check_users, use = generic-service, host_name = $fqdn, service_description = ${hostname}_check_users, target = /etc/nagios/resource.d/host_${::fqdn}.cfg, } } [..] ¿How to make the definition is within the same resource? ¿is possible? or ¿What is the way to correct the problem? Thanks.!! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Incorrect return code for failed exec
Hello, I'm running puppet agent standalone on Windows. The last step in the manifest is exec { 'start_service': command = sc start MyService }. When the service has a problem and doesn't start, Puppet logs: /Stage[main]//Exec[start_service]/returns (err): change from notrun to 0 failed: sc start MyService returned 29 instead of one of [0] However, the %errorlevel% returned is still 0. However, if I use --detailed-exitcodes, the %errorlevel% is correctly set to 6. Regards, Igor. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Roles/profiles and hiera
Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
On 8/30/2013 3:48 PM, Frederiko Costa wrote: Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred Couple of links on the subject that I like. Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his original articles, http://www.slideshare.net/PuppetLabs/roles-talk Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will become a very influential presentation over the next year as generally available tooling catches up to the ideas presented. I'm surprised there hasn't been more discussion about it. http://carlasouza.com/puppetconf13/#/slide1 Hunner's github repo for his Role/Profile session at Puppet Conf. https://github.com/hunner/roles_and_profiles My example of using role/profile. I skipped over most of the design and philosophy which Craig covered quite well and dove straight into what it might looks like with a complicated set of data in a real world application. https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/ Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] rspec-puppet not working
Ok, I found the solution - it was a simple case of adding the path to the rspec bin directory to my PATH. Rake is using the -S switch, which uses PATH to find the rspec binary. Thanks, Guy On Fri, Aug 30, 2013 at 4:23 PM, Guy Knights g...@eastsidegamestudio.comwrote: Do I need to replace the entire contents of spec_helper.rb with that file? Also, do I need to change my rake file from the following content? require 'rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new(:spec) do |t| t.pattern = 'spec/*/*_spec.rb' end On Fri, Aug 30, 2013 at 4:20 PM, Ashley Penney ashley.pen...@puppetlabs.com wrote: As an alternative to the rspec-puppet-init stuff try installing the 'puppetlabs_spec_helper' gem and then update spec_helper.rb to be: require 'puppetlabs_spec_helper/module_spec_helper' Then you can just 'rake spec' and see if that works out better for you. On Fri, Aug 30, 2013 at 6:58 PM, Guy Knights g...@eastsidegamestudio.comwrote: I'm trying to get rspec-puppet working and have run into a problem. I have a VM running ubuntu lucid, have installed rubygems 1.3.5 from the apt package and have install rspec-puppet (and other required gems), and rake, using gem install. I've run rspec-puppet-init in the module I want to test, and have created a very basic spec file for one of the classes in my module. However, when I run 'rake spec' from the top level of the module directory, I get the following error: *(in /modules/couchbase)* */usr/bin/ruby1.8 -S rspec spec/classes/init_spec.rb* */usr/bin/ruby1.8: No such file or directory -- rspec (LoadError)* */usr/bin/ruby1.8 -S rspec spec/classes/init_spec.rb failed* It seems like it can't load rspec, but if I do 'gem list --local' it shows in the list of locally installed gems: *vagrant@ubuntu-server-10044-x64-vbox4210-nocm:/modules/couchbase$ gem list --local* * * LOCAL GEMS * * *diff-lcs (1.2.4)* *metaclass (0.0.1)* *mocha (0.14.0)* *puppet-lint (0.3.2)* *puppetlabs_spec_helper (0.4.1)* *rake (10.1.0)* *rspec (2.14.1)* *rspec-core (2.14.5)* *rspec-expectations (2.14.2)* *rspec-mocks (2.14.3)* *rspec-puppet (0.1.6)* * * Does anyone know why it's not working? I've searched for an answer online, but I'm not overly familiar with ruby, gems, rake, etc and I'm at a bit of a loss. Thanks, Guy -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Ashley Penney ashley.pen...@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/l2YHBCvdKF0/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Guy Knights Lead Systems Administrator http://eastsidegamestudio.com www.eastsidegamestudio.com g...@eastsidegamestudio.com g...@eastsidegamestudio.com -- Guy Knights Lead Systems Administrator http://eastsidegamestudio.com www.eastsidegamestudio.com g...@eastsidegamestudio.com g...@eastsidegamestudio.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs/openstack
it's really hard to look at the parameters and tell if something is missing. I would check the service logs for clues. first have a look at: /var/log/nova/nova-compute.log On Thu, Aug 29, 2013 at 3:27 AM, Thomas Bendler thomas.bend...@gmail.comwrote: Hi @all, I'm trying to setup an openstack test cluster with one controller node and three compute nodes. Therefor I've used the puppetlabs openstack modules. On the controller node I've used: - openstack::auth_file - openstack::controller - openstack::repo - openstack::repo::yum_refresh - openstack::test_file On the compute node I've used: - openstack::compute - openstack::repo - openstack::repo::yum_refresh The configuration is completely done with parameters. On the controller node I specified the following parameters (the rest remain default as specified in params.pp): openstack::auth_file admin_password s3cret openstack::controlleradmin_emailjohn.doe@example.local admin_password s3cret bridge_interface eth1 cinder_db_password s3cret cinder_user_password s3cret floating_range 172.17.0.128/25 glance_api_servers 127.0.0.1:9292 glance_db_password s3cret glance_user_password s3cret horizon_app_links http://monitor.example.local/; keystone_admin_token keystone_admin_token keystone_db_password s3cret multi_host true mysql_root_passwords3cret nova_db_password s3cret nova_user_password s3cret private_interface eth1 public_address 192.168.1.1 public_interface eth0 quantumfalse rabbit_passwords3cret secret_key s3cret verbosetrue openstack::test_file floating_iptrue quantumfalse sleep_time 120 On the compute nodes the configuration is like this (for testing I have both, KVM and QUEMU nodes): openstack::compute cinder_db_password s3cret db_hostcontroller1.example.local fixed_range10.0.0.0/24 glance_api_servers controller1.example.local:9292 internal_address 192.168.1.2 keystone_host controller1.example.local libvirt_type qemu multi_host true nova_db_password s3cret nova_user_password s3cret private_interface eth1 public_interface eth0 purge_nova_config false quantumfalse quantum_user_password s3cret rabbit_hostcontroller1.example.local rabbit_passwords3cret setup_test_volume true verbosetrue vncproxy_host controller1.example.local Preparations with volume groups as stated in the module documentation are done before installation. The installation is working so far, I can connect to the controller node but several things don't work as expected. I.e., when I go to the system info page I only see services from the controller node but no service from the compute nodes. I can create VMs without storage but no VMs with storage. So I guess I did something wrong or not completely. Does anyone know if I miss something (i.e. with the parameters)? The platform is Scientific 6.4 with openstack modules version 2.1.0. Regards Thomas -- Linux ... enjoy the ride! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop
Re: [Puppet Users] MultiNode Openstack deployement using Puppet Module
On Fri, Aug 30, 2013 at 3:42 AM, JK jkumbh...@gmail.com wrote: Hi All, I want to deploy openstack mult node deployment on 2 physical node with 2 NIC on each of them. I have tried stackforge openstack module. It installed properly but due to some reason i couldn't launch VM instance. without some log exerts, it's going to be really hard to assist you. Have you looked at /var/log/nova/nova-compute.log on the compute host? Can anyone suggest the proper step by step guide to configure, setup and test Image on Openstack? Also it would be helpful if you provide Network configuration assumption if any. Thanks in advance. JK -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.