Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
Found the bug that Jeff created http://projects.puppetlabs.com/issues/11303 On Mon, Sep 2, 2013 at 11:42 PM, William Van Hevelingen wva...@gmail.comwrote: I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
Actually the umbrella bug is now. http://projects.puppetlabs.com/issues/20522 On Mon, Sep 2, 2013 at 11:47 PM, William Van Hevelingen wva...@gmail.comwrote: Found the bug that Jeff created http://projects.puppetlabs.com/issues/11303 On Mon, Sep 2, 2013 at 11:42 PM, William Van Hevelingen wva...@gmail.comwrote: I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- Thanks, William -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
On 2 September 2013 17:01, Stuart Cracraft smcracr...@me.com wrote: How can this be randomized within a range? I don't think it can; it suffers from the same issue as splay does, which I explained in some detail last week. My fear is that all the boxes will request at a similar some day, by chance and send a tidal wave over to the master. I think the only way to allay that fear is to maintain strict control over when each client (or group of clients) checks in, either using cron or mcollective. Or you could set up multiple masters in a load balanced configuration so that your puppet masters can cope with the maximum possible load that can be thrown at them. Regards, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Incorrect return code for failed exec
As I mentioned, I'm running into this issue when the service fails to start.
sc start returns a failure, Puppet mentions it in the log file.
The problem is that puppet apply returns 0 (success) to the shell when
sc start fails.
However, puppet apply --detailed-exitcodes returns a failure to the shell
correctly.
On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
Hi Igor,
You can run sc start MyService command manually on your machine and
check whether the service run correctly. Also check the environment
parameters are set for that service.
Can you explain your query in more detail manner.
Thanks and Regards,
Rahul Khengare,
NTT DATA OSS Center, Pune, India.
On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
Hello,
I'm running puppet agent standalone on Windows.
The last step in the manifest is exec { 'start_service': command = sc
start MyService }.
When the service has a problem and doesn't start, Puppet logs:
/Stage[main]//Exec[start_service]/returns (err): change from notrun to 0
failed: sc start MyService returned 29 instead of one of [0]
However, the %errorlevel% returned is still 0.
However, if I use --detailed-exitcodes, the %errorlevel% is correctly
set to 6.
Regards,
Igor.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Jason,
We have the built in Windows Package provider that you can use to install
an MSI from the network share. This looks something like this (from
http://docs.puppetlabs.com/windows/writing.html#packagepackage):
package { 'Name in Programs and Features':
ensure = installed,
provider= windows,
source = '\\server\share\msiname.msi',
install_options = { 'INSTALLDIR' = 'C:\specialDir' },
}
On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew
jasonitconsult...@gmail.comwrote:
Hello All,
I am new to the Puppet world. What Im trying to do is do a Proof of
Concept for puppet to see if we can use it to manage our windows nodes. I
have a Dev environment setup with a SLES 11 Puppet master and some windows
nodes (Win7,Win2k8).
What i'm trying to do is create a module to install a windows MSI from a
network file share. Can someone share some examples of what I need from
the init.pp and also what settings I need to change on the fileserver.conf
file?
Thanks!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Because you are trying out a proof of concept, there is also a chocolatey
provider that I want to mention that will handle packaging on Windows.
There is a hands on lab that you can check out -
https://github.com/chocolatey/puppet-chocolatey-handsonlab
On Tue, Sep 3, 2013 at 9:29 AM, Rob Reynolds r...@puppetlabs.com wrote:
Jason,
We have the built in Windows Package provider that you can use to install
an MSI from the network share. This looks something like this (from
http://docs.puppetlabs.com/windows/writing.html#packagepackage):
package { 'Name in Programs and Features':
ensure = installed,
provider= windows,
source = '\\server\share\msiname.msi',
install_options = { 'INSTALLDIR' = 'C:\specialDir' },
}
On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew
jasonitconsult...@gmail.com wrote:
Hello All,
I am new to the Puppet world. What Im trying to do is do a Proof of
Concept for puppet to see if we can use it to manage our windows nodes. I
have a Dev environment setup with a SLES 11 Puppet master and some windows
nodes (Win7,Win2k8).
What i'm trying to do is create a module to install a windows MSI from
a network file share. Can someone share some examples of what I need from
the init.pp and also what settings I need to change on the fileserver.conf
file?
Thanks!
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
What does cmd /c sc start MyService return?
On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger codewiz...@gmail.com wrote:
As I mentioned, I'm running into this issue when the service fails to
start.
sc start returns a failure, Puppet mentions it in the log file.
The problem is that puppet apply returns 0 (success) to the shell when
sc start fails.
However, puppet apply --detailed-exitcodes returns a failure to the
shell correctly.
On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
Hi Igor,
You can run sc start MyService command manually on your machine and
check whether the service run correctly. Also check the environment
parameters are set for that service.
Can you explain your query in more detail manner.
Thanks and Regards,
Rahul Khengare,
NTT DATA OSS Center, Pune, India.
On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
Hello,
I'm running puppet agent standalone on Windows.
The last step in the manifest is exec { 'start_service': command = sc
start MyService }.
When the service has a problem and doesn't start, Puppet logs:
/Stage[main]//Exec[start_**service]/returns (err): change from notrun
to 0 failed: sc start MyService returned 29 instead of one of [0]
However, the %errorlevel% returned is still 0.
However, if I use --detailed-exitcodes, the %errorlevel% is correctly
set to 6.
Regards,
Igor.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
It returns 1053. The sc start command prints:
[SC] StartService FAILED 1053: The service did not respond to the start
or control request in a timely fashion.
You can easily reproduce it by registering a service with a non-existing
executable:
sc create MyService binPath= C:\NotThere.exe
Then add this to a test.cmd file:
sc start MyService
echo %errorlevel%
On Tuesday, September 3, 2013 10:34:32 AM UTC-4, Rob Reynolds wrote:
What does cmd /c sc start MyService return?
On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger codew...@gmail.comjavascript:
wrote:
As I mentioned, I'm running into this issue when the service fails to
start.
sc start returns a failure, Puppet mentions it in the log file.
The problem is that puppet apply returns 0 (success) to the shell when
sc start fails.
However, puppet apply --detailed-exitcodes returns a failure to the
shell correctly.
On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote:
Hi Igor,
You can run sc start MyService command manually on your machine
and check whether the service run correctly. Also check the environment
parameters are set for that service.
Can you explain your query in more detail manner.
Thanks and Regards,
Rahul Khengare,
NTT DATA OSS Center, Pune, India.
On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote:
Hello,
I'm running puppet agent standalone on Windows.
The last step in the manifest is exec { 'start_service': command =
sc start MyService }.
When the service has a problem and doesn't start, Puppet logs:
/Stage[main]//Exec[start_**service]/returns (err): change from notrun
to 0 failed: sc start MyService returned 29 instead of one of [0]
However, the %errorlevel% returned is still 0.
However, if I use --detailed-exitcodes, the %errorlevel% is
correctly set to 6.
Regards,
Igor.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users...@googlegroups.com javascript:.
To post to this group, send email to puppet...@googlegroups.comjavascript:
.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...
Notice if I attempt to decrypt vi the command line and do not indicate
env=live, it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
- gpg
:logger: console
:hierarchy: - %{env}/%{location}/%{calling_module}
- %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
_
my encrypted files are in /etc/puppet/hieradata/live
Thanks in advance for any help!
Bee
On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beeworke...@gmail.com wrote:
Hi Guys;
I really appreciate your help and apologize for the continued questions...
however, apaprently, I am missing something here. I cannot get this
working.
I have set hiera-gpg up as per the docs I can find but, I still cannot
seem to get my manifests correct. If someone would kindly provide a smaple
manifest, I would be grateful!
Also, per Craig Dunn's blog, he is placing hieradata files in
/etc/puppet/hieradata/live. Is the live subdir required? Is there some
sort of environment limitation that requires the files live in this subdir?
Thank you very much!
Bee
On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs r...@richburroughs.comwrote:
Your manifests look the same. You do a hiera lookup just as you would
if you weren't using the GPG integration. It's just another data store for
hiera.
You do need to set that up, as other people have mentioned. But it's no
different in the manifests.
On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beeworke...@gmail.comwrote:
I am looking for some manifest examples, if anyone has any to share!
On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.ukwrote:
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
I am having a bit of difficulty implementing hiera-gpg; particularly
with
accomplishing the deencryption in my manifests. Can anyone either
provide
a simple example or point me to a good resource? I have searched
alot and
am still struggling.
Any help would be very appreciated!
Thanks!
Bee
You just need to have the hiera-gpg gem installed, make sure that gpg is
listed in the backends array in hiera.yaml, then the puppet user needs
to have the private key configured within it's $HOME/.gnupg -where $HOME
is usually /var/lib/puppet.
By default pgp keys are encrypted with a passphrase, which would need to
be supplied and held in a running keyring for that user, so was
previously working around this by using a non-passphrase protected
subkey.
I've now however moved away from hiera-gpg due to performance overhead
on large catalogs and moved to a git post-commit hook that decrypts any
.gpg files to .yaml within a dedicated hierarchy for decrypted files,
using that same insecure private subkey.
Cheers,
--
Richard Clark
rich...@fohnet.co.uk
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I just started a big reply to your last email and it looks like you've
figured most of it out. At least your not still thinking manifests your
problem is in hiera.yaml ;-)
On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...
Notice if I attempt to decrypt vi the command line and do not indicate
env=live, it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass
The reason that works is written in your hiera.yaml config below. You've
told Hiera that your Hierarchy contains the variable %{env}. Now while that
works fine on the command line, when the Hiera function is called during
catalog compilation in a manifest I'm betting that the 'env' variable does
not exist, which is why your key is not found. What is %{env}? Did you copy
it straight from Craig's blog or do you actually use it in your Hierarchy?
From the way you've got your Hierarchy specified now, if I ran a find
across your hieradata directory, this is what I'd expect to find:
/etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
/etc/puppet/hieradata/some_env/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_calling_module.gpg
/etc/puppet/hieradata/common.yaml
/etc/puppet/hieradata/common.gpg
The hierarchy you've got must match the path of the Hiera data files in
that directory.
When run from the command line, the %{env}, %{location} and
%{calling_module} variables are passed on the command line. When the hiera
function call is made during a Puppet catalog compilation then those
variables must be defined for that node ($env, $location, but
$calling_module is implicit), either as Facter Facts or as normal variables
in a Puppet manifest.
... That's not explained very well but I can't think of a better way to
phrase it yet. Does that help so far?
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
- gpg
:logger: console
:hierarchy: - %{env}/%{location}/%{calling_module}
- %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
_
my encrypted files are in /etc/puppet/hieradata/live
Thanks in advance for any help!
Bee
On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.comjavascript:
wrote:
Hi Guys;
I really appreciate your help and apologize for the continued
questions... however, apaprently, I am missing something here. I cannot
get this working.
I have set hiera-gpg up as per the docs I can find but, I still cannot
seem to get my manifests correct. If someone would kindly provide a smaple
manifest, I would be grateful!
Also, per Craig Dunn's blog, he is placing hieradata files in
/etc/puppet/hieradata/live. Is the live subdir required? Is there some
sort of environment limitation that requires the files live in this subdir?
Thank you very much!
Bee
On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs
ri...@richburroughs.comjavascript:
wrote:
Your manifests look the same. You do a hiera lookup just as you would
if you weren't using the GPG integration. It's just another data store for
hiera.
You do need to set that up, as other people have mentioned. But it's no
different in the manifests.
On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.comjavascript:
wrote:
I am looking for some manifest examples, if anyone has any to share!
On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark
ric...@fohnet.co.ukjavascript:
wrote:
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
I am having a bit of difficulty implementing hiera-gpg; particularly
with
accomplishing the deencryption in my manifests. Can anyone either
provide
a simple example or point me to a good resource? I have searched
alot and
am still struggling.
Any help would be very appreciated!
Thanks!
Bee
You just need to have the hiera-gpg gem installed, make sure that gpg
is
listed in the backends array in hiera.yaml, then the puppet user needs
to have the private key configured within it's $HOME/.gnupg -where
$HOME
is usually /var/lib/puppet.
By default pgp keys are encrypted with a passphrase, which would need
to
be supplied and held in a running keyring for that user, so was
previously working around this by using a non-passphrase protected
subkey.
I've now however moved away from hiera-gpg due to performance overhead
on large catalogs and moved to a git post-commit hook that decrypts any
.gpg files to .yaml within a dedicated
Re: [Puppet Users] Hiera and hiera-gpg
Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs r...@richburroughs.comwrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beeworke...@gmail.com wrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
... That's not explained very well but I can't think of a better way to
phrase it yet. Does that help so far?
Perhaps I can show you what I mean. Run these commands and look at the
debug output in what files Hiera is trying to open, see how it's
interpreting each variable you add on the command line as new sub
directories of your hieradata directory, based on how you use the %{env}
%{location} and %{calling_module} variables in hiera.yaml.
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd --debug
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live --debug
hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live
location=woofwoof --debug
Once you understand that, you've got to get those variables into your
Puppet manifest before the hiera() function call. This is a very very very
bad example, but it shows how you need to have those variables present in
the manifest for Hiera to use them in a lookup:
class motd {
$env = 'live'
#$calling_module --- should be an automatic variable given to you by
Puppet's hiera() function call
$location = ''
rootpwd = hiera('rootpwd')
}
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Module team update: 2013-08-09 - 2013-09-03
Going forward I'm going to aim for this twice a month as weekly is too frequent and I forget to write them every week. This update is dedicated to blkperl who keeps me writing them by reminding me every time I forget. It's been a busy month and with Puppetconf falling in the middle of the month progress has been a bit all over the place. Our focus this month has been on connecting with the community, discussing module standards, testing, and all the stuff around the edges of modules. One piece of solid work that's come out of this is the Beginners Guide to Modules, the very beginning piece of our drive towards having a coherent set of module documentation that covers everything from how a beginner should lay out a module to best practices for types/providers, all the way to testing frameworks. Obviously this is a new thing for us so you'll have to help us to help you by giving us awesome feedback on how to improve the guide and what information you would most like to see Puppetlabs standardize and define next. The guide is at http://links.puppetlabs.com/bgtm and we'll be working to clean it up, move it to our real documentation site and get space built for us to write more. I've already done some more work towards an Advanced guide and towards some blog posts to showcase existing modules (like stdlib) and other techniques to help you improve modules. RELEASES: Not as many releases this month, we're sort of focused on other areas and groundwork to make this easier going forward: http://forge.puppetlabs.com/puppetlabs/nodejs/0.4.0 http://forge.puppetlabs.com/puppetlabs/firewall/0.4.1 http://forge.puppetlabs.com/puppetlabs/concat/1.0.0 http://forge.puppetlabs.com/puppetlabs/gcc/0.1.0 http://forge.puppetlabs.com/puppetlabs/rabbitmq/3.0.0 http://forge.puppetlabs.com/puppetlabs/ntp/2.0.0 From other groups: http://forge.puppetlabs.com/puppetlabs/puppetdb/1.6.0 http://forge.puppetlabs.com/puppetlabs/gce_compute/0.1.0 - from google! WORK IN PROGRESS Hunter has been working on puppetlabs-apache, merging in endless PRs and helping to improve that module even more. Alongside that he's working on beaker, the previously named puppet-acceptance framework. We're looking to adopt it for testing modules but we're in the middle of learning about it and figuring out how to best adopt it so it's easy for community members to get going with. The earlier part of the month was taken up with Puppetconf prep for his talk (which I heard was awesome and enjoyed by all!) He also made https://github.com/hunner/roles_and_profiles as part of this, so check that out. Ken (honorary member of the module team this week!) has completely refactored puppetlabs-postgresql and has a massive pull request in completely overhauling the module. It looks fantastic and will be vastly easier to work with and ensure that we don't have weird dependency issues going forward. Ashley (me) has been in the weeds in the MySQL module for a while now. I've written some new types: mysql_user, mysql_db, mysql_grant to replace the existing ones that had a number of issues that were making working with this module difficult. The new ones can all be called with puppet resource allowing you to manipulate mysql via puppet without having to use manifests. They all have various improvements and will underlie the refactoring work that I plan to do in the MySQL module in the next few weeks. Puppetconf made it very clear to me that the community cares deeply about the MySQL module but many people fork it off due to the difficulty with adding your own configuration params, installation sources, and general ability to tweak the module without difficulty. One of the reasons I've been working on the providers and types is to make sure I have fresh pain in my mind before I start writing some beginner provider/types documentation for the module team. MySQL has proven to be an absolute nightmare to write these types for so I'm full of pain points to touch on to make sure the rest of you have an easier time in the future. -- Ashley Penney ashley.pen...@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not too
confident of how we setup roles and profiles, specially when it comes to
add hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will be
generated using erb templated with data coming from parametized classes. So
far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario.
Say you now have multiple data centers with different zabbix servers on
each. The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip = 1.2.3.4,
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I don't a
straightforward way to use hiera and benefit the data separation. I have to
include the business logic in the profile. How would I actually do that
using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually created
two modules: roles and profiles. If I want to change, I have to actually
change the modules. Isn't it desirable to have these out of the
modulespath? I don't see why we have to do this way if are trying to
abstract things and avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
On 8/30/2013 3:48 PM, Frederiko Costa wrote:
Hi everyone,
Do you guys know any article/doc talking about the use of roles/profiles
approach with hiera?
I'm particularly interested in how to organize the manifests when having
multiple data centers, parametized classes and wants to use hiera.
Being even more specific, how to organize the code using the Craig's
article (http://www.craigdunn.org/2012/05/239/) and use hiera to
provide node specific data.
thank you,
-fred
Couple of links on the subject that I like.
Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
original articles, http://www.slideshare.net/PuppetLabs/roles-talk
Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
become a very influential presentation over the next year as generally
available tooling catches up to the ideas presented. I'm surprised there
hasn't been more discussion about it.
http://carlasouza.com/puppetconf13/#/slide1
Hunner's github repo for his Role/Profile session at Puppet Conf.
https://github.com/hunner/roles_and_profiles
My example of using role/profile. I skipped over most of the design and
philosophy which Craig covered quite well and dove straight into what it
might looks like with a complicated set of data in a real world
application.
https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
Ramin
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
Stuart, If I'm understanding your needs correctly, this may be what you're looking for: http://www.devco.net/archives/2010/03/17/scheduling_puppet_with_mcollective.php On Monday, September 2, 2013 11:01:46 AM UTC-5, Stuart Cracraft wrote: How can this be randomized within a range? I believe someone mentioned splay ? My fear is that all the boxes will request at a similar some day, by chance and send a tidal wave over to the master. On Sep 1, 2013, at 10:27 PM, Rahul Khengare rahul...@gmail.comjavascript: wrote: You can use different *runinterval *for each client. This can be done using editing of /etc/puppet/puppet.conf on each client machine. Set the following (add a new line if it's not already present) in the [agent] section of the file: runinterval=XXX where, XXX is the time in seconds(default is 180), Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Friday, August 30, 2013 2:20:36 AM UTC+5:30, rjbu...@gmail.com wrote: How do I avoid a situation where all of my Linux servers execute a service restart at the same time upon receiving a new configuration change via Puppet? I am trying to avoid any possibility that the service would be unavailable for any length of time. The servers are behind a load balancer. At least one node needs to remain available. Any idea how I might configure Puppet to work in this HA environment? Thank you for your feedback! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] failed to install pkg on Solaris node
Hi everyone. I've recently started testing puppet enteprise. Puppet master is on RHEL 6.4, my node connected for test purposes is Solaris 10u10. Puppet master is 3.0.1, fresh installation. Using Advanced tasks I'm trying to install PKG from CSW. I'm selecting node for installation, in field for package name I'm entering package name, ie. vim and after pressing Run there is empty output for this node. I can't also find any trace in logs. Can anyone point me in right direction? How can I enable pkgutil pkg provider on my puppet master? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppetdb - getting a list of specific facts for specific hosts?
Is it acceptable to do the search based on 'certname'? ie: curl -G 'http://localhost:8080/v2/facts' --data-urlencode 'query=[and,[~,certname,puppetdb?],[or,[=,name,ipaddress],[=,name,hostname]]]' ken. On Mon, Sep 2, 2013 at 7:00 AM, Klavs Klavsen kl...@enableit.dk wrote: This gives me the ipaddress (and hostname).. now to figure out how to filter on hostname regex.. 'query=[=, name, ipaddress]' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: How to override $::operatingsystem fact
Just for the record, this is the code I'm using: Facter.add(:operatingsystem) do confine :kernel = [ 'Linux' ] has_weight 100 setcode do if FileTest.exists?(/usr/bin/pveversion) then Proxmox end end end Facter.add(:operatingsystemrelease) do confine :kernel = [ 'Linux' ] has_weight 100 setcode do if FileTest.exists?(/usr/bin/pveversion) then Facter::Util::Resolution.exec(/usr/bin/pveversion) end end end On Tuesday, July 17, 2012 9:30:15 AM UTC-4, julien cosmao wrote: Hi, I want to introduce Proxmox as new value in $::operatingsystem. Proxmox is based on Debian, so the normal value is currently Debian. To change that, I just write a custom fact based on the facter fact operatingsystem Facter.add(:operatingsystem) do ... setcode do ... elsif FileTest.exists?(/usr/bin/pveversion) Proxmox This method doesn't override the original fact. I've also tried to set $::operatingsystem = Proxmox directly in my node. What's the best way to do override an existing fact ? Regards, Julien -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Random Yum errors during provisioning
Any ideas???
On Friday, June 28, 2013 9:38:29 AM UTC-4, Glenn Poston wrote:
Running Amazon Linux (which is essentially Centos5.5).
Anyone seen random yum errors like this one? I don't think
it's necessarily related to Puppet, but it randomly fails my puppet runs
and I don't know how to fix it.
Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
/Stage[main]/Zookeeper/Package[zookeeper]/ensure: created
Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
/Stage[main]/Zookeeper/File[/var/lib/zookeeper/data]/ensure: created
Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
/Stage[main]/Zookeeper/File[/var/lib/zookeeper/data/myid]/ensure: created
Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice:
/Stage[main]/Yum_repo::Configs/File[/etc/yum.repos.d/inin-epel.repo]/ensure:
defined content as '{md5}b94171f63e31f07b8bd75444073e301c'
Jun 28 08:41:35 ip-10-159-65-145 run_puppet: [Notice:
/Stage[main]/Zookeeper/File[/etc/zookeeper/zookeeper-env.sh]/content:
content changed '{md5}cd666c7520ce5279ddbc185512b0b177' to
'{md5}5cb59b25f5e7567d94ba14b06f6e7081'
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error: Execution of
'/usr/bin/yum -d 0 -e 0 -y install daemonize' returned 1: Existing lock
/var/run/yum.pid: another copy is running as pid 2502.
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently
holding the yum lock; waiting for it to exit...
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is:
yum
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235
MB VSZ)
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28
08:41:33 2013 - 00:03 ago
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid:
2502
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is
malformed
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error:
/Stage[main]/Mcollective/Package[daemonize]/ensure: change from absent to
present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install daemonize'
returned 1: Existing lock /var/run/yum.pid: another copy is running as pid
2502.
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently
holding the yum lock; waiting for it to exit...
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is:
yum
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235
MB VSZ)
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28
08:41:33 2013 - 00:03 ago
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid:
2502
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is
malformed
Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [mNotice:
/Stage[main]/Zookeeper/File[/etc/zookeeper/zoo.cfg]/content: content
changed '{md5}5c543298c5572c3caf40a3d108309019' to
'{md5}31db609f6601a8a02561d411e98db12b'
Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice:
/Stage[main]/Puppet/File[/usr/local/bin/run_puppet.sh]/content: content
changed '{md5}4e9496313a0b4152c663defce5100af5' to
'{md5}49d78e473fa2202dea13e9b195e63575'
Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice:
/Stage[main]/Yum_repo::Configs/Exec[puppet_repo]/returns: executed
successfully
Jun 28 08:41:48 ip-10-159-65-145 run_puppet: [mNotice:
/Stage[main]/Mcollective::Common/Package[mcollective-package-agent]/ensure:
created
The problem does not persist. Yum packages are installed by puppet before
and after the errors. A subsequent puppet run installs the previously
skipped packages fine.
It's as if some background process creates a lock, while updating the yum
DB, but when the lock is released, the yum DB is still in a bad state
(momentarily).
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
Hi Luke;
So, what you said does make sense and, I did make the changes you explained
to my manifest and it worked! :)
I am confused though and I am so sorry to be so ignorant but, what
does %{location} refer to?
Thank you VERY, VERY much!
bee
On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum luke.bi...@lmax.com wrote:
I just started a big reply to your last email and it looks like you've
figured most of it out. At least your not still thinking manifests your
problem is in hiera.yaml ;-)
On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...
Notice if I attempt to decrypt vi the command line and do not indicate
env=live, it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass
The reason that works is written in your hiera.yaml config below. You've
told Hiera that your Hierarchy contains the variable %{env}. Now while that
works fine on the command line, when the Hiera function is called during
catalog compilation in a manifest I'm betting that the 'env' variable does
not exist, which is why your key is not found. What is %{env}? Did you copy
it straight from Craig's blog or do you actually use it in your Hierarchy?
From the way you've got your Hierarchy specified now, if I ran a find
across your hieradata directory, this is what I'd expect to find:
/etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
/etc/puppet/hieradata/some_env/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_calling_module.gpg
/etc/puppet/hieradata/common.yaml
/etc/puppet/hieradata/common.gpg
The hierarchy you've got must match the path of the Hiera data files in
that directory.
When run from the command line, the %{env}, %{location} and
%{calling_module} variables are passed on the command line. When the hiera
function call is made during a Puppet catalog compilation then those
variables must be defined for that node ($env, $location, but
$calling_module is implicit), either as Facter Facts or as normal variables
in a Puppet manifest.
... That's not explained very well but I can't think of a better way to
phrase it yet. Does that help so far?
__**__**
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
- gpg
:logger: console
:hierarchy: - %{env}/%{location}/%{calling_**module}
- %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
__**___
my encrypted files are in /etc/puppet/hieradata/live
Thanks in advance for any help!
Bee
On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.com wrote:
Hi Guys;
I really appreciate your help and apologize for the continued
questions... however, apaprently, I am missing something here. I cannot
get this working.
I have set hiera-gpg up as per the docs I can find but, I still cannot
seem to get my manifests correct. If someone would kindly provide a smaple
manifest, I would be grateful!
Also, per Craig Dunn's blog, he is placing hieradata files in
/etc/puppet/hieradata/live. Is the live subdir required? Is there some
sort of environment limitation that requires the files live in this subdir?
Thank you very much!
Bee
On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs ri...@richburroughs.com
wrote:
Your manifests look the same. You do a hiera lookup just as you would
if you weren't using the GPG integration. It's just another data store for
hiera.
You do need to set that up, as other people have mentioned. But it's no
different in the manifests.
On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.com wrote:
I am looking for some manifest examples, if anyone has any to share!
On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark ric...@fohnet.co.ukwrote:
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
I am having a bit of difficulty implementing hiera-gpg;
particularly with
accomplishing the deencryption in my manifests. Can anyone either
provide
a simple example or point me to a good resource? I have searched
alot and
am still struggling.
Any help would be very appreciated!
Thanks!
Bee
You just need to have the hiera-gpg gem installed, make sure that gpg
is
listed in the backends array in hiera.yaml, then the puppet user needs
to have the private key configured within it's $HOME/.gnupg -where
$HOME
is usually /var/lib/puppet.
By default pgp keys are encrypted with a passphrase, which would need
to
be supplied and held in a running keyring for that user, so was
Re: [Puppet Users] Hiera and hiera-gpg
Ughh; and I spoke too soon for some reason, it is not decrypting when
running via puppet run/manifest (I had mistakenly left the unencrypted in
the directory and it was failing back to reading the yaml_
Thanks!
On Tue, Sep 3, 2013 at 4:03 PM, Worker Bee beeworke...@gmail.com wrote:
Hi Luke;
So, what you said does make sense and, I did make the changes you
explained to my manifest and it worked! :)
I am confused though and I am so sorry to be so ignorant but, what
does %{location} refer to?
Thank you VERY, VERY much!
bee
On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum luke.bi...@lmax.com wrote:
I just started a big reply to your last email and it looks like you've
figured most of it out. At least your not still thinking manifests your
problem is in hiera.yaml ;-)
On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote:
I am pretty sure I still have something wrong with my set up but, I just
cannot seem to see what it is...
Notice if I attempt to decrypt vi the command line and do not indicate
env=live, it fails..
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd
nil
[root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=motd env=live
rootpass
The reason that works is written in your hiera.yaml config below. You've
told Hiera that your Hierarchy contains the variable %{env}. Now while that
works fine on the command line, when the Hiera function is called during
catalog compilation in a manifest I'm betting that the 'env' variable does
not exist, which is why your key is not found. What is %{env}? Did you copy
it straight from Craig's blog or do you actually use it in your Hierarchy?
From the way you've got your Hierarchy specified now, if I ran a find
across your hieradata directory, this is what I'd expect to find:
/etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg
/etc/puppet/hieradata/some_env/some_calling_module.yaml
/etc/puppet/hieradata/some_env/some_calling_module.gpg
/etc/puppet/hieradata/common.yaml
/etc/puppet/hieradata/common.gpg
The hierarchy you've got must match the path of the Hiera data files in
that directory.
When run from the command line, the %{env}, %{location} and
%{calling_module} variables are passed on the command line. When the hiera
function call is made during a Puppet catalog compilation then those
variables must be defined for that node ($env, $location, but
$calling_module is implicit), either as Facter Facts or as normal variables
in a Puppet manifest.
... That's not explained very well but I can't think of a better way to
phrase it yet. Does that help so far?
__**__**
[root@me puppet]# more hiera.yaml
---
:backends: - yaml
- gpg
:logger: console
:hierarchy: - %{env}/%{location}/%{calling_**module}
- %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
__**___
my encrypted files are in /etc/puppet/hieradata/live
Thanks in advance for any help!
Bee
On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.com wrote:
Hi Guys;
I really appreciate your help and apologize for the continued
questions... however, apaprently, I am missing something here. I cannot
get this working.
I have set hiera-gpg up as per the docs I can find but, I still cannot
seem to get my manifests correct. If someone would kindly provide a smaple
manifest, I would be grateful!
Also, per Craig Dunn's blog, he is placing hieradata files in
/etc/puppet/hieradata/live. Is the live subdir required? Is there some
sort of environment limitation that requires the files live in this subdir?
Thank you very much!
Bee
On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs
ri...@richburroughs.com wrote:
Your manifests look the same. You do a hiera lookup just as you
would if you weren't using the GPG integration. It's just another data
store for hiera.
You do need to set that up, as other people have mentioned. But it's
no different in the manifests.
On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.comwrote:
I am looking for some manifest examples, if anyone has any to share!
On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark
ric...@fohnet.co.ukwrote:
On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote:
I am having a bit of difficulty implementing hiera-gpg;
particularly with
accomplishing the deencryption in my manifests. Can anyone either
provide
a simple example or point me to a good resource? I have searched
alot and
am still struggling.
Any help would be very appreciated!
Thanks!
Bee
You just need to have the hiera-gpg gem installed, make sure that
gpg is
listed in the
Re: [Puppet Users] Roles/profiles and hiera
LIke this:
class profile::zabbix20::server (
bind_ip,
...
) {
class { '::zabbix20::server':
bind_ip = $bind_ip,
...
}
}
Then your hieradata would set
in a.b.c.d.yaml:
profile::zabbix20::server::bind_ip: 1.2.2.3
in x.y.z.w.yaml:
profile::zabbix20::server::bind_ip: 1.2.3.4
That way you have a single profile for all datacenters.
- Chad
On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa freder...@gmail.com wrote:
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not too
confident of how we setup roles and profiles, specially when it comes to add
hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will be
generated using erb templated with data coming from parametized classes. So
far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario. Say
you now have multiple data centers with different zabbix servers on each.
The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip = 1.2.3.4,
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I don't a
straightforward way to use hiera and benefit the data separation. I have to
include the business logic in the profile. How would I actually do that
using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually created
two modules: roles and profiles. If I want to change, I have to actually
change the modules. Isn't it desirable to have these out of the modulespath?
I don't see why we have to do this way if are trying to abstract things and
avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
On 8/30/2013 3:48 PM, Frederiko Costa wrote:
Hi everyone,
Do you guys know any article/doc talking about the use of roles/profiles
approach with hiera?
I'm particularly interested in how to organize the manifests when having
multiple data centers, parametized classes and wants to use hiera.
Being even more specific, how to organize the code using the Craig's
article (http://www.craigdunn.org/2012/05/239/) and use hiera to
provide node specific data.
thank you,
-fred
Couple of links on the subject that I like.
Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
original articles, http://www.slideshare.net/PuppetLabs/roles-talk
Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
become a very influential presentation over the next year as generally
available tooling catches up to the ideas presented. I'm surprised there
hasn't been more discussion about it.
http://carlasouza.com/puppetconf13/#/slide1
Hunner's github repo for his Role/Profile session at Puppet Conf.
https://github.com/hunner/roles_and_profiles
My example of using role/profile. I skipped over most of the design and
philosophy which Craig covered quite well and dove straight into what it
might looks like with a complicated set of data in a real world
application.
https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
Ramin
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Chad M. Huneycutt
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit
[Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
Has anyone been able to get this working?
For some reason, I am unable to get values decrypted via a puppet run,
despite being able to decrpyt via command line
I am starting to wonder if there is a bug or something I am missing??
I SO appreciate ANY help!
__
/etc/puppet/hiera.yaml
---
:backends: - gpg
- yaml
:logger: console
:hierarchy: - %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
Here is my init.pp file
# Class: testdecry
#
# [Remember: No empty lines between comments and class definition]
class testdecry {
$env = 'live'
$pass = hiera(rootpwd)
notify{The value is: ${pass}:}
}
My encrypted file is in:
/etc/puppet/hieradata/live
[root@me]# ls
testdecry.gpg
___
Command line works:
[root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=testdecry env=live
rootpass
Running via puppet fails
[root@me]# puppet agent --test
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
can't convert nil into String at
/etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I am totally at a loss here
Thanks!
Bee
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Thanks Chad ...
I understand it from the syntax point of view, but my point is more of a
conceptual question in how to apply Craig's concepts using hiera with
parasitized classes ... in that case, the node definition using hiera
declares one (and only one role). The profile would define the technology
stack with all the modules.
That's what Craig's article suggests (he doesn't mention hiera in the
article). A role could specify 1+ profiles. So far, great.
The thing is, in the node definition, using hiera, I'd break what they're
proposing, because I'm actually not totally separating and externalizing
the data. The yaml file would be (the way I see).
x.y.z.w.yaml:
role::zabbix20::server::dc2
a.b.c.d.yaml:
role::zabbix20::server::dc1
Now, what I expected to have, for example, is the bind_ip parameter passed
here in hiera, not in the profile definition.
I hope I'm being clear ... :-)
-frederiko
On Tue, Sep 3, 2013 at 2:19 PM, Chad Huneycutt chad.huneyc...@gmail.comwrote:
LIke this:
class profile::zabbix20::server (
bind_ip,
...
) {
class { '::zabbix20::server':
bind_ip = $bind_ip,
...
}
}
Then your hieradata would set
in a.b.c.d.yaml:
profile::zabbix20::server::bind_ip: 1.2.2.3
in x.y.z.w.yaml:
profile::zabbix20::server::bind_ip: 1.2.3.4
That way you have a single profile for all datacenters.
- Chad
On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa freder...@gmail.com
wrote:
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not
too
confident of how we setup roles and profiles, specially when it comes to
add
hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will
be
generated using erb templated with data coming from parametized classes.
So
far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario.
Say
you now have multiple data centers with different zabbix servers on each.
The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip = 1.2.3.4,
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I
don't a
straightforward way to use hiera and benefit the data separation. I have
to
include the business logic in the profile. How would I actually do that
using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually created
two modules: roles and profiles. If I want to change, I have to actually
change the modules. Isn't it desirable to have these out of the
modulespath?
I don't see why we have to do this way if are trying to abstract things
and
avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
On 8/30/2013 3:48 PM, Frederiko Costa wrote:
Hi everyone,
Do you guys know any article/doc talking about the use of
roles/profiles
approach with hiera?
I'm particularly interested in how to organize the manifests when
having
multiple data centers, parametized classes and wants to use hiera.
Being even more specific, how to organize the code using the Craig's
article (http://www.craigdunn.org/2012/05/239/) and use hiera to
provide node specific data.
thank you,
-fred
Couple of links on the subject that I like.
Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
original articles, http://www.slideshare.net/PuppetLabs/roles-talk
Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will
become a very influential presentation over the next year as generally
available tooling catches up to the ideas presented. I'm surprised there
hasn't been more discussion about it.
http://carlasouza.com/puppetconf13/#/slide1
Hunner's github repo for his Role/Profile session at Puppet Conf.
https://github.com/hunner/roles_and_profiles
My example of using role/profile. I
Re: [Puppet Users] Roles/profiles and hiera
Without hiera you have all those extra classes you posted below
including this very specific one. I think your classes are too
complicated to begin with regardless of where the data is, but the lack
of data separation probably sent you down that path.
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
With Hiera this is enough
include role::zabbix
You're now thinking, How do I specify this machine is a server, in dc1,
and installing zabbix 2? To answer we will start over and try to build
what you have with Hiera. This is a little hard to deal with in email,
but I think you'll get the idea.
node zabbixserver {
# this is a top level role for the zabbix server
include role::zabbix
}
class role::zabbix {
include profile::base
include profile::zabbixserver
}
class profile::zabbixserver {
include profile::apache
include zabbix
}
class zabbix(
$bind_ip = 127.0.0.1,
$version = present,
) {
blah blah
}
This Hiera config assumes you have a dc and role fact of some sort. This
may or may not be easy in your environment.
hiera.yaml
---
:hierarchy:
- %{fqdn}
- %{dc}
- %{role}
- %{environment}
- common
This is our role data
./hieradata/common.yaml
---
zabbix::version: '2.0'
zabbix::bind_ip: '1.1.1.1'
These are the dc bits of data
./hieradata/dc1.yaml
---
zabbix::bind_ip: '1.2.3.1'
./hieradata/dc1.yaml
---
zabbix::bind_ip: '1.4.5.1'
Your parametrized class will autolookup matching parameters from Hiera
in Puppet 3.x or you can specify them manually. Machines in dc1 get
1.2.3.1, dc2 gets 1.4.5.1, and any machine gets 1.1.1.1.
In summary we move data into Hiera and replace module::someclass::dc
with a simple module that does a lookup to a data file based on facts
that have classified the node.
Ramin
On 9/3/2013 8:49 AM, Frederiko Costa wrote:
Excellent.. thanks!
And now sorry for the long email... hopefully I'm clear enough.
I'd also to expose one example that I have here in my company. I'm not
too confident of how we setup roles and profiles, specially when it
comes to add hiera into the game.
Say we have a module called zabbix20::agent. The configuration file will
be generated using erb templated with data coming from parametized
classes. So far, it looks good. Data separation, modules look portable, etc.
As far as I understood going through the article is that you define the
technology stack in the profile, and the role as collection of profiles.
Well, in that case I'd say I would have something similar to this:
class profile::zabbix20::server {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
and then it would probably go to a base profile (profile::base) and
inherited by a base role. That fits perfectly with single site scenario.
Say you now have multiple data centers with different zabbix servers on
each. The way I understood ...
class profile::zabbix20::server::dc1 {
class { '::zabbix20::server' :
bind_ip = 1.2.2.3,
...
}
}
class profile::zabbix20::server::dc2 {
class { '::zabbix20::server' :
bind_ip = 1.2.3.4,
...
}
include httpd
...
}
then the roles:
class role::zabbix20::server::dc1 {
include profile::zabbix20::server::dc1
}
and the nodes ...
node 'a.b.c.d' { include include profile::zabbix20::server::dc1 }
node 'x.y.z.w' { include include profile::zabbix20::server::dc2 }
That being said ... How would I actually add hiera into the game? I
don't a straightforward way to use hiera and benefit the data
separation. I have to include the business logic in the profile. How
would I actually do that using hiera? Can't see a direct way.
The other discussion I had with my co-worker is ... they actually
created two modules: roles and profiles. If I want to change, I have to
actually change the modules. Isn't it desirable to have these out of the
modulespath? I don't see why we have to do this way if are trying to
abstract things and avoiding touching modules whenever we can.
Thanks in advance.
On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote:
On 8/30/2013 3:48 PM, Frederiko Costa wrote:
Hi everyone,
Do you guys know any article/doc talking about the use of
roles/profiles
approach with hiera?
I'm particularly interested in how to organize the manifests when
having
multiple data centers, parametized classes and wants to use hiera.
Being even more specific, how to organize the code using the Craig's
article (http://www.craigdunn.org/2012/05/239/
http://www.craigdunn.org/2012/05/239/) and use hiera to
provide node specific data.
thank you,
-fred
Couple of links on the subject that I like.
Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his
original articles, http://www.slideshare.net/PuppetLabs/roles-talk
http://www.slideshare.net/PuppetLabs/roles-talk
Carla Souza's Puppet Conf
Re: [Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
We're still using Puppet 2.7, but looking at our puppet-gpg config the
only major difference I see is we use :key_dir for the gpg key's instead
of the puppet users home directory. So our hiera.yaml file looks like:
# Hiera configuration file
---
:backends:
- yaml
- gpg
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
:key_dir: /srv/keyrings
:hierarchy:
- hosts/%{fqdn}
- %{environment}/hostgroups/%{hostgroup}
- hostgroups/%{hostgroup}
- %{environment}/servicegroups/%{servicegroup}
- servicegroups/%{servicegroup}
- %{environment}/%{calling_module}
- %{calling_module}
- %{environment}
- global
Of course you have to have the gpgme rpm and the gpgme ruby gem
installed on all your puppet masters. We install the same password-less
gpg private key on all the puppet masters and encrypt the yaml files
with the corresponding public key. .
JMN
On 9/3/2013 5:57 PM, Worker Bee wrote:
Has anyone been able to get this working?
For some reason, I am unable to get values decrypted via a puppet run,
despite being able to decrpyt via command line
I am starting to wonder if there is a bug or something I am missing??
I SO appreciate ANY help!
__
/etc/puppet/hiera.yaml
---
:backends: - gpg
- yaml
:logger: console
:hierarchy: - %{env}/%{calling_module}
- common
:yaml:
:datadir: /etc/puppet/hieradata
:gpg:
:datadir: /etc/puppet/hieradata
Here is my init.pp file
# Class: testdecry
#
# [Remember: No empty lines between comments and class definition]
class testdecry {
$env = 'live'
$pass = hiera(rootpwd)
notify{The value is: ${pass}:}
}
My encrypted file is in:
/etc/puppet/hieradata/live
[root@me]# ls
testdecry.gpg
___
Command line works:
[root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd
calling_module=testdecry env=live
rootpass
Running via puppet fails
[root@me]# puppet agent --test
Info: Retrieving plugin
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: can't convert nil into String at
/etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net
http://me.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
I am totally at a loss here
Thanks!
Bee
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
