Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
Found the bug that Jeff created http://projects.puppetlabs.com/issues/11303 On Mon, Sep 2, 2013 at 11:42 PM, William Van Hevelingen wva...@gmail.comwrote: I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Error with service: invalid byte sequence in US-ASCII
Actually the umbrella bug is now. http://projects.puppetlabs.com/issues/20522 On Mon, Sep 2, 2013 at 11:47 PM, William Van Hevelingen wva...@gmail.comwrote: Found the bug that Jeff created http://projects.puppetlabs.com/issues/11303 On Mon, Sep 2, 2013 at 11:42 PM, William Van Hevelingen wva...@gmail.comwrote: I get the same error when running puppet-lint puppet 3.1.x regression? rake aborted! invalid byte sequence in US-ASCII /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `[]' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:120:in `block in tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/lexer.rb:119:in `tokenise' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:40:in `load_data' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/plugin.rb:54:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint.rb:155:in `run' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:23:in `block (3 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `each' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:21:in `block (2 levels) in initialize' /shadow/home/blkperl/.rvm/gems/ruby-1.9.3-p194/gems/puppet-lint-0.3.2/lib/puppet-lint/tasks/puppet-lint.rb:13:in `block in initialize' Tasks: TOP = lint On Tue, May 21, 2013 at 2:43 AM, David Schmitt da...@dasz.at wrote: On 19.05.2013 14:18, Mateusz Fiołka wrote: I'm not sure if it is related to the services. It rather looks like puppet related to me. I'm having a similar problem on a newly created vps. When I do puppet apply first time I get the message: Error: Could not set 'present' on ensure: invalid byte sequence in US-ASCII at 3:/root/mf-prod.pp I've seen this error when the puppet master process started by init receives a different locale environment than when it is started from the command line. Check /proc/$pid/env of the running puppet master process for LANG/LC_* and compare that to your shell env. Regards, David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@**googlegroups.compuppet-users%2bunsubscr...@googlegroups.com . To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Thanks, William -- Thanks, William -- Thanks, William -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
On 2 September 2013 17:01, Stuart Cracraft smcracr...@me.com wrote: How can this be randomized within a range? I don't think it can; it suffers from the same issue as splay does, which I explained in some detail last week. My fear is that all the boxes will request at a similar some day, by chance and send a tidal wave over to the master. I think the only way to allay that fear is to maintain strict control over when each client (or group of clients) checks in, either using cron or mcollective. Or you could set up multiple masters in a load balanced configuration so that your puppet masters can cope with the maximum possible load that can be thrown at them. Regards, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Incorrect return code for failed exec
As I mentioned, I'm running into this issue when the service fails to start. sc start returns a failure, Puppet mentions it in the log file. The problem is that puppet apply returns 0 (success) to the shell when sc start fails. However, puppet apply --detailed-exitcodes returns a failure to the shell correctly. On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote: Hi Igor, You can run sc start MyService command manually on your machine and check whether the service run correctly. Also check the environment parameters are set for that service. Can you explain your query in more detail manner. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote: Hello, I'm running puppet agent standalone on Windows. The last step in the manifest is exec { 'start_service': command = sc start MyService }. When the service has a problem and doesn't start, Puppet logs: /Stage[main]//Exec[start_service]/returns (err): change from notrun to 0 failed: sc start MyService returned 29 instead of one of [0] However, the %errorlevel% returned is still 0. However, if I use --detailed-exitcodes, the %errorlevel% is correctly set to 6. Regards, Igor. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Jason, We have the built in Windows Package provider that you can use to install an MSI from the network share. This looks something like this (from http://docs.puppetlabs.com/windows/writing.html#packagepackage): package { 'Name in Programs and Features': ensure = installed, provider= windows, source = '\\server\share\msiname.msi', install_options = { 'INSTALLDIR' = 'C:\specialDir' }, } On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew jasonitconsult...@gmail.comwrote: Hello All, I am new to the Puppet world. What Im trying to do is do a Proof of Concept for puppet to see if we can use it to manage our windows nodes. I have a Dev environment setup with a SLES 11 Puppet master and some windows nodes (Win7,Win2k8). What i'm trying to do is create a module to install a windows MSI from a network file share. Can someone share some examples of what I need from the init.pp and also what settings I need to change on the fileserver.conf file? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet for Managing Windows Nodes??
Because you are trying out a proof of concept, there is also a chocolatey provider that I want to mention that will handle packaging on Windows. There is a hands on lab that you can check out - https://github.com/chocolatey/puppet-chocolatey-handsonlab On Tue, Sep 3, 2013 at 9:29 AM, Rob Reynolds r...@puppetlabs.com wrote: Jason, We have the built in Windows Package provider that you can use to install an MSI from the network share. This looks something like this (from http://docs.puppetlabs.com/windows/writing.html#packagepackage): package { 'Name in Programs and Features': ensure = installed, provider= windows, source = '\\server\share\msiname.msi', install_options = { 'INSTALLDIR' = 'C:\specialDir' }, } On Thu, Aug 29, 2013 at 10:35 AM, Jason Mathew jasonitconsult...@gmail.com wrote: Hello All, I am new to the Puppet world. What Im trying to do is do a Proof of Concept for puppet to see if we can use it to manage our windows nodes. I have a Dev environment setup with a SLES 11 Puppet master and some windows nodes (Win7,Win2k8). What i'm trying to do is create a module to install a windows MSI from a network file share. Can someone share some examples of what I need from the init.pp and also what settings I need to change on the fileserver.conf file? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
What does cmd /c sc start MyService return? On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger codewiz...@gmail.com wrote: As I mentioned, I'm running into this issue when the service fails to start. sc start returns a failure, Puppet mentions it in the log file. The problem is that puppet apply returns 0 (success) to the shell when sc start fails. However, puppet apply --detailed-exitcodes returns a failure to the shell correctly. On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote: Hi Igor, You can run sc start MyService command manually on your machine and check whether the service run correctly. Also check the environment parameters are set for that service. Can you explain your query in more detail manner. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote: Hello, I'm running puppet agent standalone on Windows. The last step in the manifest is exec { 'start_service': command = sc start MyService }. When the service has a problem and doesn't start, Puppet logs: /Stage[main]//Exec[start_**service]/returns (err): change from notrun to 0 failed: sc start MyService returned 29 instead of one of [0] However, the %errorlevel% returned is still 0. However, if I use --detailed-exitcodes, the %errorlevel% is correctly set to 6. Regards, Igor. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Incorrect return code for failed exec
It returns 1053. The sc start command prints: [SC] StartService FAILED 1053: The service did not respond to the start or control request in a timely fashion. You can easily reproduce it by registering a service with a non-existing executable: sc create MyService binPath= C:\NotThere.exe Then add this to a test.cmd file: sc start MyService echo %errorlevel% On Tuesday, September 3, 2013 10:34:32 AM UTC-4, Rob Reynolds wrote: What does cmd /c sc start MyService return? On Tue, Sep 3, 2013 at 9:23 AM, Igor Berger codew...@gmail.comjavascript: wrote: As I mentioned, I'm running into this issue when the service fails to start. sc start returns a failure, Puppet mentions it in the log file. The problem is that puppet apply returns 0 (success) to the shell when sc start fails. However, puppet apply --detailed-exitcodes returns a failure to the shell correctly. On Monday, September 2, 2013 1:51:31 AM UTC-4, Rahul Khengare wrote: Hi Igor, You can run sc start MyService command manually on your machine and check whether the service run correctly. Also check the environment parameters are set for that service. Can you explain your query in more detail manner. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Saturday, August 31, 2013 3:20:54 AM UTC+5:30, Igor Berger wrote: Hello, I'm running puppet agent standalone on Windows. The last step in the manifest is exec { 'start_service': command = sc start MyService }. When the service has a problem and doesn't start, Puppet logs: /Stage[main]//Exec[start_**service]/returns (err): change from notrun to 0 failed: sc start MyService returned 29 instead of one of [0] However, the %errorlevel% returned is still 0. However, if I use --detailed-exitcodes, the %errorlevel% is correctly set to 6. Regards, Igor. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I am pretty sure I still have something wrong with my set up but, I just cannot seem to see what it is... Notice if I attempt to decrypt vi the command line and do not indicate env=live, it fails.. [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd nil [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live rootpass [root@me puppet]# more hiera.yaml --- :backends: - yaml - gpg :logger: console :hierarchy: - %{env}/%{location}/%{calling_module} - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata _ my encrypted files are in /etc/puppet/hieradata/live Thanks in advance for any help! Bee On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beeworke...@gmail.com wrote: Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs r...@richburroughs.comwrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beeworke...@gmail.comwrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
I just started a big reply to your last email and it looks like you've figured most of it out. At least your not still thinking manifests your problem is in hiera.yaml ;-) On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote: I am pretty sure I still have something wrong with my set up but, I just cannot seem to see what it is... Notice if I attempt to decrypt vi the command line and do not indicate env=live, it fails.. [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd nil [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live rootpass The reason that works is written in your hiera.yaml config below. You've told Hiera that your Hierarchy contains the variable %{env}. Now while that works fine on the command line, when the Hiera function is called during catalog compilation in a manifest I'm betting that the 'env' variable does not exist, which is why your key is not found. What is %{env}? Did you copy it straight from Craig's blog or do you actually use it in your Hierarchy? From the way you've got your Hierarchy specified now, if I ran a find across your hieradata directory, this is what I'd expect to find: /etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg /etc/puppet/hieradata/some_env/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_calling_module.gpg /etc/puppet/hieradata/common.yaml /etc/puppet/hieradata/common.gpg The hierarchy you've got must match the path of the Hiera data files in that directory. When run from the command line, the %{env}, %{location} and %{calling_module} variables are passed on the command line. When the hiera function call is made during a Puppet catalog compilation then those variables must be defined for that node ($env, $location, but $calling_module is implicit), either as Facter Facts or as normal variables in a Puppet manifest. ... That's not explained very well but I can't think of a better way to phrase it yet. Does that help so far? [root@me puppet]# more hiera.yaml --- :backends: - yaml - gpg :logger: console :hierarchy: - %{env}/%{location}/%{calling_module} - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata _ my encrypted files are in /etc/puppet/hieradata/live Thanks in advance for any help! Bee On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.comjavascript: wrote: Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs ri...@richburroughs.comjavascript: wrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.comjavascript: wrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark ric...@fohnet.co.ukjavascript: wrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated
Re: [Puppet Users] Hiera and hiera-gpg
Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs r...@richburroughs.comwrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beeworke...@gmail.com wrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark rich...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
... That's not explained very well but I can't think of a better way to phrase it yet. Does that help so far? Perhaps I can show you what I mean. Run these commands and look at the debug output in what files Hiera is trying to open, see how it's interpreting each variable you add on the command line as new sub directories of your hieradata directory, based on how you use the %{env} %{location} and %{calling_module} variables in hiera.yaml. hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd --debug hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live --debug hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live location=woofwoof --debug Once you understand that, you've got to get those variables into your Puppet manifest before the hiera() function call. This is a very very very bad example, but it shows how you need to have those variables present in the manifest for Hiera to use them in a lookup: class motd { $env = 'live' #$calling_module --- should be an automatic variable given to you by Puppet's hiera() function call $location = '' rootpwd = hiera('rootpwd') } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Module team update: 2013-08-09 - 2013-09-03
Going forward I'm going to aim for this twice a month as weekly is too frequent and I forget to write them every week. This update is dedicated to blkperl who keeps me writing them by reminding me every time I forget. It's been a busy month and with Puppetconf falling in the middle of the month progress has been a bit all over the place. Our focus this month has been on connecting with the community, discussing module standards, testing, and all the stuff around the edges of modules. One piece of solid work that's come out of this is the Beginners Guide to Modules, the very beginning piece of our drive towards having a coherent set of module documentation that covers everything from how a beginner should lay out a module to best practices for types/providers, all the way to testing frameworks. Obviously this is a new thing for us so you'll have to help us to help you by giving us awesome feedback on how to improve the guide and what information you would most like to see Puppetlabs standardize and define next. The guide is at http://links.puppetlabs.com/bgtm and we'll be working to clean it up, move it to our real documentation site and get space built for us to write more. I've already done some more work towards an Advanced guide and towards some blog posts to showcase existing modules (like stdlib) and other techniques to help you improve modules. RELEASES: Not as many releases this month, we're sort of focused on other areas and groundwork to make this easier going forward: http://forge.puppetlabs.com/puppetlabs/nodejs/0.4.0 http://forge.puppetlabs.com/puppetlabs/firewall/0.4.1 http://forge.puppetlabs.com/puppetlabs/concat/1.0.0 http://forge.puppetlabs.com/puppetlabs/gcc/0.1.0 http://forge.puppetlabs.com/puppetlabs/rabbitmq/3.0.0 http://forge.puppetlabs.com/puppetlabs/ntp/2.0.0 From other groups: http://forge.puppetlabs.com/puppetlabs/puppetdb/1.6.0 http://forge.puppetlabs.com/puppetlabs/gce_compute/0.1.0 - from google! WORK IN PROGRESS Hunter has been working on puppetlabs-apache, merging in endless PRs and helping to improve that module even more. Alongside that he's working on beaker, the previously named puppet-acceptance framework. We're looking to adopt it for testing modules but we're in the middle of learning about it and figuring out how to best adopt it so it's easy for community members to get going with. The earlier part of the month was taken up with Puppetconf prep for his talk (which I heard was awesome and enjoyed by all!) He also made https://github.com/hunner/roles_and_profiles as part of this, so check that out. Ken (honorary member of the module team this week!) has completely refactored puppetlabs-postgresql and has a massive pull request in completely overhauling the module. It looks fantastic and will be vastly easier to work with and ensure that we don't have weird dependency issues going forward. Ashley (me) has been in the weeds in the MySQL module for a while now. I've written some new types: mysql_user, mysql_db, mysql_grant to replace the existing ones that had a number of issues that were making working with this module difficult. The new ones can all be called with puppet resource allowing you to manipulate mysql via puppet without having to use manifests. They all have various improvements and will underlie the refactoring work that I plan to do in the MySQL module in the next few weeks. Puppetconf made it very clear to me that the community cares deeply about the MySQL module but many people fork it off due to the difficulty with adding your own configuration params, installation sources, and general ability to tweak the module without difficulty. One of the reasons I've been working on the providers and types is to make sure I have fresh pain in my mind before I start writing some beginner provider/types documentation for the module team. MySQL has proven to be an absolute nightmare to write these types for so I'm full of pain points to touch on to make sure the rest of you have an easier time in the future. -- Ashley Penney ashley.pen...@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Excellent.. thanks! And now sorry for the long email... hopefully I'm clear enough. I'd also to expose one example that I have here in my company. I'm not too confident of how we setup roles and profiles, specially when it comes to add hiera into the game. Say we have a module called zabbix20::agent. The configuration file will be generated using erb templated with data coming from parametized classes. So far, it looks good. Data separation, modules look portable, etc. As far as I understood going through the article is that you define the technology stack in the profile, and the role as collection of profiles. Well, in that case I'd say I would have something similar to this: class profile::zabbix20::server { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } and then it would probably go to a base profile (profile::base) and inherited by a base role. That fits perfectly with single site scenario. Say you now have multiple data centers with different zabbix servers on each. The way I understood ... class profile::zabbix20::server::dc1 { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } class profile::zabbix20::server::dc2 { class { '::zabbix20::server' : bind_ip = 1.2.3.4, ... } include httpd ... } then the roles: class role::zabbix20::server::dc1 { include profile::zabbix20::server::dc1 } and the nodes ... node 'a.b.c.d' { include include profile::zabbix20::server::dc1 } node 'x.y.z.w' { include include profile::zabbix20::server::dc2 } That being said ... How would I actually add hiera into the game? I don't a straightforward way to use hiera and benefit the data separation. I have to include the business logic in the profile. How would I actually do that using hiera? Can't see a direct way. The other discussion I had with my co-worker is ... they actually created two modules: roles and profiles. If I want to change, I have to actually change the modules. Isn't it desirable to have these out of the modulespath? I don't see why we have to do this way if are trying to abstract things and avoiding touching modules whenever we can. Thanks in advance. On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote: On 8/30/2013 3:48 PM, Frederiko Costa wrote: Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred Couple of links on the subject that I like. Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his original articles, http://www.slideshare.net/PuppetLabs/roles-talk Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will become a very influential presentation over the next year as generally available tooling catches up to the ideas presented. I'm surprised there hasn't been more discussion about it. http://carlasouza.com/puppetconf13/#/slide1 Hunner's github repo for his Role/Profile session at Puppet Conf. https://github.com/hunner/roles_and_profiles My example of using role/profile. I skipped over most of the design and philosophy which Craig covered quite well and dove straight into what it might looks like with a complicated set of data in a real world application. https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/ Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet under HA Environment
Stuart, If I'm understanding your needs correctly, this may be what you're looking for: http://www.devco.net/archives/2010/03/17/scheduling_puppet_with_mcollective.php On Monday, September 2, 2013 11:01:46 AM UTC-5, Stuart Cracraft wrote: How can this be randomized within a range? I believe someone mentioned splay ? My fear is that all the boxes will request at a similar some day, by chance and send a tidal wave over to the master. On Sep 1, 2013, at 10:27 PM, Rahul Khengare rahul...@gmail.comjavascript: wrote: You can use different *runinterval *for each client. This can be done using editing of /etc/puppet/puppet.conf on each client machine. Set the following (add a new line if it's not already present) in the [agent] section of the file: runinterval=XXX where, XXX is the time in seconds(default is 180), Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Friday, August 30, 2013 2:20:36 AM UTC+5:30, rjbu...@gmail.com wrote: How do I avoid a situation where all of my Linux servers execute a service restart at the same time upon receiving a new configuration change via Puppet? I am trying to avoid any possibility that the service would be unavailable for any length of time. The servers are behind a load balancer. At least one node needs to remain available. Any idea how I might configure Puppet to work in this HA environment? Thank you for your feedback! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] failed to install pkg on Solaris node
Hi everyone. I've recently started testing puppet enteprise. Puppet master is on RHEL 6.4, my node connected for test purposes is Solaris 10u10. Puppet master is 3.0.1, fresh installation. Using Advanced tasks I'm trying to install PKG from CSW. I'm selecting node for installation, in field for package name I'm entering package name, ie. vim and after pressing Run there is empty output for this node. I can't also find any trace in logs. Can anyone point me in right direction? How can I enable pkgutil pkg provider on my puppet master? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppetdb - getting a list of specific facts for specific hosts?
Is it acceptable to do the search based on 'certname'? ie: curl -G 'http://localhost:8080/v2/facts' --data-urlencode 'query=[and,[~,certname,puppetdb?],[or,[=,name,ipaddress],[=,name,hostname]]]' ken. On Mon, Sep 2, 2013 at 7:00 AM, Klavs Klavsen kl...@enableit.dk wrote: This gives me the ipaddress (and hostname).. now to figure out how to filter on hostname regex.. 'query=[=, name, ipaddress]' -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: How to override $::operatingsystem fact
Just for the record, this is the code I'm using: Facter.add(:operatingsystem) do confine :kernel = [ 'Linux' ] has_weight 100 setcode do if FileTest.exists?(/usr/bin/pveversion) then Proxmox end end end Facter.add(:operatingsystemrelease) do confine :kernel = [ 'Linux' ] has_weight 100 setcode do if FileTest.exists?(/usr/bin/pveversion) then Facter::Util::Resolution.exec(/usr/bin/pveversion) end end end On Tuesday, July 17, 2012 9:30:15 AM UTC-4, julien cosmao wrote: Hi, I want to introduce Proxmox as new value in $::operatingsystem. Proxmox is based on Debian, so the normal value is currently Debian. To change that, I just write a custom fact based on the facter fact operatingsystem Facter.add(:operatingsystem) do ... setcode do ... elsif FileTest.exists?(/usr/bin/pveversion) Proxmox This method doesn't override the original fact. I've also tried to set $::operatingsystem = Proxmox directly in my node. What's the best way to do override an existing fact ? Regards, Julien -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Random Yum errors during provisioning
Any ideas??? On Friday, June 28, 2013 9:38:29 AM UTC-4, Glenn Poston wrote: Running Amazon Linux (which is essentially Centos5.5). Anyone seen random yum errors like this one? I don't think it's necessarily related to Puppet, but it randomly fails my puppet runs and I don't know how to fix it. Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice: /Stage[main]/Zookeeper/Package[zookeeper]/ensure: created Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice: /Stage[main]/Zookeeper/File[/var/lib/zookeeper/data]/ensure: created Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice: /Stage[main]/Zookeeper/File[/var/lib/zookeeper/data/myid]/ensure: created Jun 28 08:41:34 ip-10-159-65-145 run_puppet: [Notice: /Stage[main]/Yum_repo::Configs/File[/etc/yum.repos.d/inin-epel.repo]/ensure: defined content as '{md5}b94171f63e31f07b8bd75444073e301c' Jun 28 08:41:35 ip-10-159-65-145 run_puppet: [Notice: /Stage[main]/Zookeeper/File[/etc/zookeeper/zookeeper-env.sh]/content: content changed '{md5}cd666c7520ce5279ddbc185512b0b177' to '{md5}5cb59b25f5e7567d94ba14b06f6e7081' Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install daemonize' returned 1: Existing lock /var/run/yum.pid: another copy is running as pid 2502. Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently holding the yum lock; waiting for it to exit... Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is: yum Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235 MB VSZ) Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28 08:41:33 2013 - 00:03 ago Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid: 2502 Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is malformed Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [Error: /Stage[main]/Mcollective/Package[daemonize]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install daemonize' returned 1: Existing lock /var/run/yum.pid: another copy is running as pid 2502. Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Another app is currently holding the yum lock; waiting for it to exit... Jun 28 08:41:38 ip-10-159-65-145 run_puppet: The other application is: yum Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Memory : 40 M RSS (235 MB VSZ) Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Started: Fri Jun 28 08:41:33 2013 - 00:03 ago Jun 28 08:41:38 ip-10-159-65-145 run_puppet: State : Running, pid: 2502 Jun 28 08:41:38 ip-10-159-65-145 run_puppet: Error: database disk image is malformed Jun 28 08:41:38 ip-10-159-65-145 run_puppet: [mNotice: /Stage[main]/Zookeeper/File[/etc/zookeeper/zoo.cfg]/content: content changed '{md5}5c543298c5572c3caf40a3d108309019' to '{md5}31db609f6601a8a02561d411e98db12b' Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice: /Stage[main]/Puppet/File[/usr/local/bin/run_puppet.sh]/content: content changed '{md5}4e9496313a0b4152c663defce5100af5' to '{md5}49d78e473fa2202dea13e9b195e63575' Jun 28 08:41:39 ip-10-159-65-145 run_puppet: [mNotice: /Stage[main]/Yum_repo::Configs/Exec[puppet_repo]/returns: executed successfully Jun 28 08:41:48 ip-10-159-65-145 run_puppet: [mNotice: /Stage[main]/Mcollective::Common/Package[mcollective-package-agent]/ensure: created The problem does not persist. Yum packages are installed by puppet before and after the errors. A subsequent puppet run installs the previously skipped packages fine. It's as if some background process creates a lock, while updating the yum DB, but when the lock is released, the yum DB is still in a bad state (momentarily). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Hiera and hiera-gpg
Hi Luke; So, what you said does make sense and, I did make the changes you explained to my manifest and it worked! :) I am confused though and I am so sorry to be so ignorant but, what does %{location} refer to? Thank you VERY, VERY much! bee On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum luke.bi...@lmax.com wrote: I just started a big reply to your last email and it looks like you've figured most of it out. At least your not still thinking manifests your problem is in hiera.yaml ;-) On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote: I am pretty sure I still have something wrong with my set up but, I just cannot seem to see what it is... Notice if I attempt to decrypt vi the command line and do not indicate env=live, it fails.. [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd nil [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live rootpass The reason that works is written in your hiera.yaml config below. You've told Hiera that your Hierarchy contains the variable %{env}. Now while that works fine on the command line, when the Hiera function is called during catalog compilation in a manifest I'm betting that the 'env' variable does not exist, which is why your key is not found. What is %{env}? Did you copy it straight from Craig's blog or do you actually use it in your Hierarchy? From the way you've got your Hierarchy specified now, if I ran a find across your hieradata directory, this is what I'd expect to find: /etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg /etc/puppet/hieradata/some_env/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_calling_module.gpg /etc/puppet/hieradata/common.yaml /etc/puppet/hieradata/common.gpg The hierarchy you've got must match the path of the Hiera data files in that directory. When run from the command line, the %{env}, %{location} and %{calling_module} variables are passed on the command line. When the hiera function call is made during a Puppet catalog compilation then those variables must be defined for that node ($env, $location, but $calling_module is implicit), either as Facter Facts or as normal variables in a Puppet manifest. ... That's not explained very well but I can't think of a better way to phrase it yet. Does that help so far? __**__** [root@me puppet]# more hiera.yaml --- :backends: - yaml - gpg :logger: console :hierarchy: - %{env}/%{location}/%{calling_**module} - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata __**___ my encrypted files are in /etc/puppet/hieradata/live Thanks in advance for any help! Bee On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.com wrote: Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs ri...@richburroughs.com wrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.com wrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark ric...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was
Re: [Puppet Users] Hiera and hiera-gpg
Ughh; and I spoke too soon for some reason, it is not decrypting when running via puppet run/manifest (I had mistakenly left the unencrypted in the directory and it was failing back to reading the yaml_ Thanks! On Tue, Sep 3, 2013 at 4:03 PM, Worker Bee beeworke...@gmail.com wrote: Hi Luke; So, what you said does make sense and, I did make the changes you explained to my manifest and it worked! :) I am confused though and I am so sorry to be so ignorant but, what does %{location} refer to? Thank you VERY, VERY much! bee On Tue, Sep 3, 2013 at 12:18 PM, Luke Bigum luke.bi...@lmax.com wrote: I just started a big reply to your last email and it looks like you've figured most of it out. At least your not still thinking manifests your problem is in hiera.yaml ;-) On Tuesday, September 3, 2013 5:04:19 PM UTC+1, Worker Bee wrote: I am pretty sure I still have something wrong with my set up but, I just cannot seem to see what it is... Notice if I attempt to decrypt vi the command line and do not indicate env=live, it fails.. [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd nil [root@me puppet]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=motd env=live rootpass The reason that works is written in your hiera.yaml config below. You've told Hiera that your Hierarchy contains the variable %{env}. Now while that works fine on the command line, when the Hiera function is called during catalog compilation in a manifest I'm betting that the 'env' variable does not exist, which is why your key is not found. What is %{env}? Did you copy it straight from Craig's blog or do you actually use it in your Hierarchy? From the way you've got your Hierarchy specified now, if I ran a find across your hieradata directory, this is what I'd expect to find: /etc/puppet/hieradata/some_env/some_location/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_location/some_calling_module.gpg /etc/puppet/hieradata/some_env/some_calling_module.yaml /etc/puppet/hieradata/some_env/some_calling_module.gpg /etc/puppet/hieradata/common.yaml /etc/puppet/hieradata/common.gpg The hierarchy you've got must match the path of the Hiera data files in that directory. When run from the command line, the %{env}, %{location} and %{calling_module} variables are passed on the command line. When the hiera function call is made during a Puppet catalog compilation then those variables must be defined for that node ($env, $location, but $calling_module is implicit), either as Facter Facts or as normal variables in a Puppet manifest. ... That's not explained very well but I can't think of a better way to phrase it yet. Does that help so far? __**__** [root@me puppet]# more hiera.yaml --- :backends: - yaml - gpg :logger: console :hierarchy: - %{env}/%{location}/%{calling_**module} - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata __**___ my encrypted files are in /etc/puppet/hieradata/live Thanks in advance for any help! Bee On Tue, Sep 3, 2013 at 11:38 AM, Worker Bee beewo...@gmail.com wrote: Hi Guys; I really appreciate your help and apologize for the continued questions... however, apaprently, I am missing something here. I cannot get this working. I have set hiera-gpg up as per the docs I can find but, I still cannot seem to get my manifests correct. If someone would kindly provide a smaple manifest, I would be grateful! Also, per Craig Dunn's blog, he is placing hieradata files in /etc/puppet/hieradata/live. Is the live subdir required? Is there some sort of environment limitation that requires the files live in this subdir? Thank you very much! Bee On Fri, Aug 30, 2013 at 1:31 PM, Rich Burroughs ri...@richburroughs.com wrote: Your manifests look the same. You do a hiera lookup just as you would if you weren't using the GPG integration. It's just another data store for hiera. You do need to set that up, as other people have mentioned. But it's no different in the manifests. On Fri, Aug 30, 2013 at 6:30 AM, Worker Bee beewo...@gmail.comwrote: I am looking for some manifest examples, if anyone has any to share! On Fri, Aug 30, 2013 at 7:16 AM, Richard Clark ric...@fohnet.co.ukwrote: On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: I am having a bit of difficulty implementing hiera-gpg; particularly with accomplishing the deencryption in my manifests. Can anyone either provide a simple example or point me to a good resource? I have searched alot and am still struggling. Any help would be very appreciated! Thanks! Bee You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the
Re: [Puppet Users] Roles/profiles and hiera
LIke this: class profile::zabbix20::server ( bind_ip, ... ) { class { '::zabbix20::server': bind_ip = $bind_ip, ... } } Then your hieradata would set in a.b.c.d.yaml: profile::zabbix20::server::bind_ip: 1.2.2.3 in x.y.z.w.yaml: profile::zabbix20::server::bind_ip: 1.2.3.4 That way you have a single profile for all datacenters. - Chad On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa freder...@gmail.com wrote: Excellent.. thanks! And now sorry for the long email... hopefully I'm clear enough. I'd also to expose one example that I have here in my company. I'm not too confident of how we setup roles and profiles, specially when it comes to add hiera into the game. Say we have a module called zabbix20::agent. The configuration file will be generated using erb templated with data coming from parametized classes. So far, it looks good. Data separation, modules look portable, etc. As far as I understood going through the article is that you define the technology stack in the profile, and the role as collection of profiles. Well, in that case I'd say I would have something similar to this: class profile::zabbix20::server { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } and then it would probably go to a base profile (profile::base) and inherited by a base role. That fits perfectly with single site scenario. Say you now have multiple data centers with different zabbix servers on each. The way I understood ... class profile::zabbix20::server::dc1 { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } class profile::zabbix20::server::dc2 { class { '::zabbix20::server' : bind_ip = 1.2.3.4, ... } include httpd ... } then the roles: class role::zabbix20::server::dc1 { include profile::zabbix20::server::dc1 } and the nodes ... node 'a.b.c.d' { include include profile::zabbix20::server::dc1 } node 'x.y.z.w' { include include profile::zabbix20::server::dc2 } That being said ... How would I actually add hiera into the game? I don't a straightforward way to use hiera and benefit the data separation. I have to include the business logic in the profile. How would I actually do that using hiera? Can't see a direct way. The other discussion I had with my co-worker is ... they actually created two modules: roles and profiles. If I want to change, I have to actually change the modules. Isn't it desirable to have these out of the modulespath? I don't see why we have to do this way if are trying to abstract things and avoiding touching modules whenever we can. Thanks in advance. On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote: On 8/30/2013 3:48 PM, Frederiko Costa wrote: Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred Couple of links on the subject that I like. Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his original articles, http://www.slideshare.net/PuppetLabs/roles-talk Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will become a very influential presentation over the next year as generally available tooling catches up to the ideas presented. I'm surprised there hasn't been more discussion about it. http://carlasouza.com/puppetconf13/#/slide1 Hunner's github repo for his Role/Profile session at Puppet Conf. https://github.com/hunner/roles_and_profiles My example of using role/profile. I skipped over most of the design and philosophy which Craig covered quite well and dove straight into what it might looks like with a complicated set of data in a real world application. https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/ Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Chad M. Huneycutt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit
[Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
Has anyone been able to get this working? For some reason, I am unable to get values decrypted via a puppet run, despite being able to decrpyt via command line I am starting to wonder if there is a bug or something I am missing?? I SO appreciate ANY help! __ /etc/puppet/hiera.yaml --- :backends: - gpg - yaml :logger: console :hierarchy: - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata Here is my init.pp file # Class: testdecry # # [Remember: No empty lines between comments and class definition] class testdecry { $env = 'live' $pass = hiera(rootpwd) notify{The value is: ${pass}:} } My encrypted file is in: /etc/puppet/hieradata/live [root@me]# ls testdecry.gpg ___ Command line works: [root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=testdecry env=live rootpass Running via puppet fails [root@me]# puppet agent --test Info: Retrieving plugin Error: Could not retrieve catalog from remote server: Error 400 on SERVER: can't convert nil into String at /etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I am totally at a loss here Thanks! Bee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Roles/profiles and hiera
Thanks Chad ... I understand it from the syntax point of view, but my point is more of a conceptual question in how to apply Craig's concepts using hiera with parasitized classes ... in that case, the node definition using hiera declares one (and only one role). The profile would define the technology stack with all the modules. That's what Craig's article suggests (he doesn't mention hiera in the article). A role could specify 1+ profiles. So far, great. The thing is, in the node definition, using hiera, I'd break what they're proposing, because I'm actually not totally separating and externalizing the data. The yaml file would be (the way I see). x.y.z.w.yaml: role::zabbix20::server::dc2 a.b.c.d.yaml: role::zabbix20::server::dc1 Now, what I expected to have, for example, is the bind_ip parameter passed here in hiera, not in the profile definition. I hope I'm being clear ... :-) -frederiko On Tue, Sep 3, 2013 at 2:19 PM, Chad Huneycutt chad.huneyc...@gmail.comwrote: LIke this: class profile::zabbix20::server ( bind_ip, ... ) { class { '::zabbix20::server': bind_ip = $bind_ip, ... } } Then your hieradata would set in a.b.c.d.yaml: profile::zabbix20::server::bind_ip: 1.2.2.3 in x.y.z.w.yaml: profile::zabbix20::server::bind_ip: 1.2.3.4 That way you have a single profile for all datacenters. - Chad On Tue, Sep 3, 2013 at 11:49 AM, Frederiko Costa freder...@gmail.com wrote: Excellent.. thanks! And now sorry for the long email... hopefully I'm clear enough. I'd also to expose one example that I have here in my company. I'm not too confident of how we setup roles and profiles, specially when it comes to add hiera into the game. Say we have a module called zabbix20::agent. The configuration file will be generated using erb templated with data coming from parametized classes. So far, it looks good. Data separation, modules look portable, etc. As far as I understood going through the article is that you define the technology stack in the profile, and the role as collection of profiles. Well, in that case I'd say I would have something similar to this: class profile::zabbix20::server { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } and then it would probably go to a base profile (profile::base) and inherited by a base role. That fits perfectly with single site scenario. Say you now have multiple data centers with different zabbix servers on each. The way I understood ... class profile::zabbix20::server::dc1 { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } class profile::zabbix20::server::dc2 { class { '::zabbix20::server' : bind_ip = 1.2.3.4, ... } include httpd ... } then the roles: class role::zabbix20::server::dc1 { include profile::zabbix20::server::dc1 } and the nodes ... node 'a.b.c.d' { include include profile::zabbix20::server::dc1 } node 'x.y.z.w' { include include profile::zabbix20::server::dc2 } That being said ... How would I actually add hiera into the game? I don't a straightforward way to use hiera and benefit the data separation. I have to include the business logic in the profile. How would I actually do that using hiera? Can't see a direct way. The other discussion I had with my co-worker is ... they actually created two modules: roles and profiles. If I want to change, I have to actually change the modules. Isn't it desirable to have these out of the modulespath? I don't see why we have to do this way if are trying to abstract things and avoiding touching modules whenever we can. Thanks in advance. On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote: On 8/30/2013 3:48 PM, Frederiko Costa wrote: Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred Couple of links on the subject that I like. Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his original articles, http://www.slideshare.net/PuppetLabs/roles-talk Carla Souza's Puppet Conf talk on managing Hiera values. IMO this will become a very influential presentation over the next year as generally available tooling catches up to the ideas presented. I'm surprised there hasn't been more discussion about it. http://carlasouza.com/puppetconf13/#/slide1 Hunner's github repo for his Role/Profile session at Puppet Conf. https://github.com/hunner/roles_and_profiles My example of using role/profile. I
Re: [Puppet Users] Roles/profiles and hiera
Without hiera you have all those extra classes you posted below including this very specific one. I think your classes are too complicated to begin with regardless of where the data is, but the lack of data separation probably sent you down that path. class role::zabbix20::server::dc1 { include profile::zabbix20::server::dc1 } With Hiera this is enough include role::zabbix You're now thinking, How do I specify this machine is a server, in dc1, and installing zabbix 2? To answer we will start over and try to build what you have with Hiera. This is a little hard to deal with in email, but I think you'll get the idea. node zabbixserver { # this is a top level role for the zabbix server include role::zabbix } class role::zabbix { include profile::base include profile::zabbixserver } class profile::zabbixserver { include profile::apache include zabbix } class zabbix( $bind_ip = 127.0.0.1, $version = present, ) { blah blah } This Hiera config assumes you have a dc and role fact of some sort. This may or may not be easy in your environment. hiera.yaml --- :hierarchy: - %{fqdn} - %{dc} - %{role} - %{environment} - common This is our role data ./hieradata/common.yaml --- zabbix::version: '2.0' zabbix::bind_ip: '1.1.1.1' These are the dc bits of data ./hieradata/dc1.yaml --- zabbix::bind_ip: '1.2.3.1' ./hieradata/dc1.yaml --- zabbix::bind_ip: '1.4.5.1' Your parametrized class will autolookup matching parameters from Hiera in Puppet 3.x or you can specify them manually. Machines in dc1 get 1.2.3.1, dc2 gets 1.4.5.1, and any machine gets 1.1.1.1. In summary we move data into Hiera and replace module::someclass::dc with a simple module that does a lookup to a data file based on facts that have classified the node. Ramin On 9/3/2013 8:49 AM, Frederiko Costa wrote: Excellent.. thanks! And now sorry for the long email... hopefully I'm clear enough. I'd also to expose one example that I have here in my company. I'm not too confident of how we setup roles and profiles, specially when it comes to add hiera into the game. Say we have a module called zabbix20::agent. The configuration file will be generated using erb templated with data coming from parametized classes. So far, it looks good. Data separation, modules look portable, etc. As far as I understood going through the article is that you define the technology stack in the profile, and the role as collection of profiles. Well, in that case I'd say I would have something similar to this: class profile::zabbix20::server { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } and then it would probably go to a base profile (profile::base) and inherited by a base role. That fits perfectly with single site scenario. Say you now have multiple data centers with different zabbix servers on each. The way I understood ... class profile::zabbix20::server::dc1 { class { '::zabbix20::server' : bind_ip = 1.2.2.3, ... } } class profile::zabbix20::server::dc2 { class { '::zabbix20::server' : bind_ip = 1.2.3.4, ... } include httpd ... } then the roles: class role::zabbix20::server::dc1 { include profile::zabbix20::server::dc1 } and the nodes ... node 'a.b.c.d' { include include profile::zabbix20::server::dc1 } node 'x.y.z.w' { include include profile::zabbix20::server::dc2 } That being said ... How would I actually add hiera into the game? I don't a straightforward way to use hiera and benefit the data separation. I have to include the business logic in the profile. How would I actually do that using hiera? Can't see a direct way. The other discussion I had with my co-worker is ... they actually created two modules: roles and profiles. If I want to change, I have to actually change the modules. Isn't it desirable to have these out of the modulespath? I don't see why we have to do this way if are trying to abstract things and avoiding touching modules whenever we can. Thanks in advance. On Friday, August 30, 2013 4:09:39 PM UTC-7, Ramin K wrote: On 8/30/2013 3:48 PM, Frederiko Costa wrote: Hi everyone, Do you guys know any article/doc talking about the use of roles/profiles approach with hiera? I'm particularly interested in how to organize the manifests when having multiple data centers, parametized classes and wants to use hiera. Being even more specific, how to organize the code using the Craig's article (http://www.craigdunn.org/2012/05/239/ http://www.craigdunn.org/2012/05/239/) and use hiera to provide node specific data. thank you, -fred Couple of links on the subject that I like. Craig Dunn at Puppet Camp Feb 2013 which is a good addendum to his original articles, http://www.slideshare.net/PuppetLabs/roles-talk http://www.slideshare.net/PuppetLabs/roles-talk Carla Souza's Puppet Conf
Re: [Puppet Users] hiera-gpg, CentOS6 and puppet 3.2.4
We're still using Puppet 2.7, but looking at our puppet-gpg config the only major difference I see is we use :key_dir for the gpg key's instead of the puppet users home directory. So our hiera.yaml file looks like: # Hiera configuration file --- :backends: - yaml - gpg :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata :key_dir: /srv/keyrings :hierarchy: - hosts/%{fqdn} - %{environment}/hostgroups/%{hostgroup} - hostgroups/%{hostgroup} - %{environment}/servicegroups/%{servicegroup} - servicegroups/%{servicegroup} - %{environment}/%{calling_module} - %{calling_module} - %{environment} - global Of course you have to have the gpgme rpm and the gpgme ruby gem installed on all your puppet masters. We install the same password-less gpg private key on all the puppet masters and encrypt the yaml files with the corresponding public key. . JMN On 9/3/2013 5:57 PM, Worker Bee wrote: Has anyone been able to get this working? For some reason, I am unable to get values decrypted via a puppet run, despite being able to decrpyt via command line I am starting to wonder if there is a bug or something I am missing?? I SO appreciate ANY help! __ /etc/puppet/hiera.yaml --- :backends: - gpg - yaml :logger: console :hierarchy: - %{env}/%{calling_module} - common :yaml: :datadir: /etc/puppet/hieradata :gpg: :datadir: /etc/puppet/hieradata Here is my init.pp file # Class: testdecry # # [Remember: No empty lines between comments and class definition] class testdecry { $env = 'live' $pass = hiera(rootpwd) notify{The value is: ${pass}:} } My encrypted file is in: /etc/puppet/hieradata/live [root@me]# ls testdecry.gpg ___ Command line works: [root@me ]# hiera -c /etc/puppet/hiera.yaml rootpwd calling_module=testdecry env=live rootpass Running via puppet fails [root@me]# puppet agent --test Info: Retrieving plugin Error: Could not retrieve catalog from remote server: Error 400 on SERVER: can't convert nil into String at /etc/puppet/modules/testdecry/manifests/init.pp:17 on node me.net http://me.net Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run I am totally at a loss here Thanks! Bee -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.