[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: tl;dr: Windows manages permissions in a way that doesn't always translate well to mode. We're putting together a solution for this. Jump in the discussion. I wanted to get this conversation started. We've put a lot of thought into how the model should look and focused on ease of use up to more advanced scenarios. However I don't feel that what we have is complete. If you are familiar with Windows, we'd love to get your feedback. If you are not familiar with Windows, we'd still love to get your feedback. A couple of notes to start it off: 1. This is currently planned to be a module on the forge. 2. We have some changes to make to core puppet to better enable handing windows permissions (changes around how mode is applied on Windows now when not explicitly specified). IMHO it should be possible to leave out mode (especially when ones declare an acl instead) - and puppet should NOT care about mode (as in shouldn't try to set it as it does not, and breaks windows permissions). 3. We tried to map somewhat close to the way Windows ACLs/DACLs/ACEs work. 4. We've also attempted to leave room for future expansion or application on POSIX systems. Note: this is not a primary goal, so unless there is a design consideration on the model, it's probably not something we will approach with this current effort. acl should most definetely be applicable for any unix filesystem mounted with ACL support :) The format could look something like the following: acl { 'c:/windows/temp/tempfile.txt': ensure = present, permissions = { 'Administrators' = ['full'] 'bob' = ['mwrx'], 'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'], 'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only'] }, } acl { 'c:/windows/temp/locked_dir': ensure = exact, That one throws me.. ensure exact? I would expect 'exact' to be the same as 'present' (which in thise case is kinda odd wording- but so is exact.. who would want puppet to almost ensure something? permissions = { 'Administrators' = ['full'] }, } Before you have an opportunity to look at the proposal and comment on specifics, how self-documenting is the above model? What would you add or remove? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Managing conflicting forge dependencies
Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet agent not running automatically
Hi Michael, puppetd daemon run in background when we configure to run automatically. It does not send the output of catalog running to standard output terminal. runinterval =1800 This specify that on your puppet client manifests catalog is deploye after every 30 minutes(1800 Second). Refer http://docs.puppetlabs.com/references/latest/configuration.html#runinterval Try enabling the runlevel of puppet service # chkconfig puppet --list Hope this will help. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet agent not running automatically
Hi Michael, puppetd daemon run in background when we configure to run automatically. It does not send the output of catalog running to standard output terminal. runinterval =1800 This specify that on your puppet client manifests catalog is deploye after every 30 minutes(1800 Second). Refer http://docs.puppetlabs.com/references/latest/configuration.html#runinterval Try enabling the runlevel of puppet service ON # chkconfig puppet on Hope this will help. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Friday, October 25, 2013 9:32:57 PM UTC+5:30, Michael Buckner wrote: The puppet agent is already running, it just never actually checks in with the puppetmaster unless I manually run puppet agent -t Puppet was install automatically via the foreman-installer. Here are the contents of [agent] in puppet.conf: [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig # Disable the default schedules as they cause continual skipped # resources to be displayed in Foreman - only for Puppet = 3.4 default_schedules = false report = true pluginsync = true masterport = 8140 environment = production certname= puppet.mycompany.com server = puppet.mycompany.com listen = false splay = false runinterval = 1800 noop= false show_diff = false On Friday, October 25, 2013 11:55:31 AM UTC-4, puppetstan wrote: Hi, When you doing /etc/init.d/puppet start it s not good? regards Le vendredi 25 octobre 2013 16:47:15 UTC+2, Michael Buckner a écrit : Brand new install or Foreman/Puppet. Puppet agent runs fine manually but does not run automatically. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Using puppetlabs_spec_helper on Windows 7
I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my Puppet modules. Is this supported ? Because I encountered some problems: 1. symlinks were not created on Windows 7 (even if the functionnality are availabe). To manage that I added to rake_tasks.rb an ugly function: def make_link(source,target) ruby_platform = RbConfig::CONFIG['host_os'] if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then #Windows Stuff source_win=source.tr(/,\\) target_win=target.tr(/,\\) `call mklink /D #{target_win} #{source_win}` elsif RUBY_PLATFORM =~ /linux/ then FileUtils::ln_s(source, target) end end 2. undefined method `fetch' for nil:NilClass: Failure/Error: Unable to find matching line from backtrace NoMethodError: undefined method `fetch' for nil:NilClass # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in after_each_test' # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each' # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `after_each_test' 3. I use the concat module. And when running rake test, I got: Failure/Error: should contain_package('nfs-utils') Puppet::Error: $concat_basedir not defined. Try running again with pluginsync=true on the [master] section of your node's '/etc/puppet/puppet.conf'. Is it a lost cause ? Or someone succeeded to test puppet modules on Windows ? Thank you for your help ! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Using puppetlabs_spec_helper on Windows 7
I do have the same error on linux. It has something tot do with the concat module. If you write a rspec file for a class not using the concat module, it should work. Unfortunately, i do not have a solution for our problem. Grts Jo On 10/28/2013 11:44 AM, Matthieu Nantern wrote: I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my Puppet modules. Is this supported ? Because I encountered some problems: 1. symlinks were not created on Windows 7 (even if the functionnality are availabe). To manage that I added to rake_tasks.rb an ugly function: def make_link(source,target) ruby_platform = RbConfig::CONFIG['host_os'] if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then #Windows Stuff source_win=source.tr(/,\\) target_win=target.tr(/,\\) `call mklink /D #{target_win} #{source_win}` elsif RUBY_PLATFORM =~ /linux/ then FileUtils::ln_s(source, target) end end 2. undefined method `fetch' for nil:NilClass: Failure/Error: Unable to find matching line from backtrace NoMethodError: undefined method `fetch' for nil:NilClass # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in after_each_test' # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each' # C:/Program Files/Puppet Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `after_each_test' 3. I use the concat module. And when running rake test, I got: Failure/Error: should contain_package('nfs-utils') Puppet::Error: $concat_basedir not defined. Try running again with pluginsync=true on the [master] section of your node's '/etc/puppet/puppet.conf'. Is it a lost cause ? Or someone succeeded to test puppet modules on Windows ? Thank you for your help ! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Puppet Advanced Training | https://www.open-future.be/puppet-advanced-training-12-till-14th-november Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-18-till-20th-november Zabbix Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-21-till-22nd-november Puppet Fundamentals Training | http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ENC - how to get info about the node
Steven, Can you be a little more specific about what you're trying to do? Normally, you'd set that department variable in the ENC itself. Puppet calls the ENC script (node_terminus) with the certificate name (or is it the FQDN? I never remember, since they're both the same for me) of the node that is requesting a catalog. Any additional information that the ENC needs, it needs to get on its own. In the past I've always followed the paradigm of a person manually inputting data into the ENC via CLI script or Web UI - usually some combination of classes, parameters and groups (templating containers holding one or more classes, parameters, or other groups, and applied to multiple nodes). However I don't see a reason other than time/performance why the ENC couldn't also lookup information from facts (via PuppetDB or some other method), Hiera, or other external data sources. -jantman On 10/27/2013 08:34 AM, Steven Jonthen wrote: Hi guys, It is only allowed to pass one parameter to your own ENC-Class in Puppet. But how can I set a department variable for each node and use it in my ENC-Script? Has anyone a clue how to do it? Thank's in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet 3.3.1: custom function change requires restart of puppetmaster
On Saturday, October 26, 2013 5:47:07 AM UTC-5, Sergey Arlashin wrote: Hi! I've spent quite a while before I understood that for Puppet to see changes in custom functions' code Puppetmaster needs to be restarted. Is this a normal behaviour or may be it's a bug ? It is normal behavior, arising in part from the behavior of the underlying Ruby. I am uncertain whether there is any reasonable possibility of Puppet behavior differently than it does in this regard, but at minimum it would be a significant challenge. You should feel free to file a feature request if you are inclined to do so, however, or if there is an existing one then to vote it up. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote: Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: [...] The format could look something like the following: acl { 'c:/windows/temp/tempfile.txt': ensure = present, permissions = { 'Administrators' = ['full'] 'bob' = ['mwrx'], 'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'], 'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only'] }, } acl { 'c:/windows/temp/locked_dir': ensure = exact, That one throws me.. ensure exact? I would expect 'exact' to be the same as 'present' (which in thise case is kinda odd wording- but so is exact.. who would want puppet to almost ensure something? I think Klavs has an excellent point there. After some consideration, I think I understand what 'exact' is supposed to mean -- that the ACL should contain the specified entries *and no others* -- but the perceived need for such a thing suggests that the proposed model is too high level. Instead of wrapping everything up into a single Acl resource type, I think you need a resource type for individual ACEs. That would also allow you to ensure some specific entries present in and some others absent from the same ACL, without requiring that all wanted entries be enumerated. A model inspired by the Concat module might be suitable. Note too that in the Puppet universe, a parameter or value indicating that unmanaged resources should be removed is conventionally spelled purge or purged. Additionally, although POSIX ACEs are unordered, it is my understanding that the order of ACEs within a Windows ACL is significant. If that is indeed correct then I don't see how the proposed model accounts for it. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet master upgrade from 2.7 to 3.0 certificate issues
I've gone through the upgrade check list for puppet at this URL: http://docs.puppetlabs.com/guides/upgrading.html I first tries 2.7 - 3.3.x but that had the same issue as below and I decided that maybe the jump was too big and I should go from 2.7 - 3.0.x - 3.2.x - 3.3.x But I'm getting some weird behavior with my certs even when I go from 2.7.20 - 3.0.3 After upgrading the puppet-server package using yum all of my puppet agents get this error whether I remove the certs or not. Exiting; no certificate found and waitforcert is disabled I autosign our certs with the autosign.conf file and this works if I go nack to 2.7.20. I clean out the client certs with 'rm -rf /var/lib/puppet/ssl' Here are my specs: RHEL 6.3 puppet - 3.0.2-1 puppet-server - 3.0.2-1 puppetdb - 1.5.2-1 passender - see below [root@puppet puppet]# gem list daemon_controller (1.1.1) fastthread (1.0.7) json (1.5.5) passenger (4.0.21) rack (1.5.2) rake (10.0.3) PS. If I run the agent standalone using puppet apply everything works just fine. Or if I downgrade my puppet master back to 2.7.20 it also works well. Please let me know if anymore info or config files are needed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet dashboard blank stylesheet
Hi, I'm trying to switch my working puppet-dashboard installation over from the test server that it comes with to an Apache/Passenger setup. Puppet seems to be humming along just fine under this setup, but dashboard is unhappy. The web interface comes up with no style. I've taken a look with Safari's developer windows at what it thinks is going on and I'm seeing an all.cis that is coming up empty. And yet the transfer logs show a sizable all.css being transferred, and if I grab all.css directly I end up with content. I do see that there's a bug (8121) on something like this, but as far as I can tell, my version of puppet-dashboard (xxx) is greater than the version where that bug is fixed. It seems likely that something has gone miss in the whole Apache-Passenger-Rails relationship, but I don't know enough about this to figure out how to debug it. Any ideas? The server is Centos6 Apache is 2.2.15 Puppet is 3.2.4 Puppet-dashboard is 1.2.23 Ruby is 1.8.7 Passenger is 4.0.19 Thanks in advance, tom -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Here's the log: I, [2013-10-28T16:30:07.990102 #1332] INFO -- : activemq.rb:121:in `on_ssl_connecting' Estblishing SSL session with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:07.990465 #1332] INFO -- : activemq.rb:96:in `on_connecting' TCP Connection attempt 11 to stomp+ssl://mcollective@sisop-virtualbox:61613 E, [2013-10-28T16:30:07.996130 #1332] ERROR -- : activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@sisop-virtualbox:61613 failed: Co$ I, [2013-10-28T16:30:07.996368 #1332] INFO -- : activemq.rb:111:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@sisop-virtualbox:61613 failed on attempt 11 I, [2013-10-28T16:30:28.483057 #1332] INFO -- : activemq.rb:121:in `on_ssl_connecting' Estblishing SSL session with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:28.483657 #1332] INFO -- : activemq.rb:96:in `on_connecting' TCP Connection attempt 12 to stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:29.645117 #1332] INFO -- : activemq.rb:126:in `on_ssl_connected' SSL session established with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:29.839742 #1332] INFO -- : activemq.rb:101:in `on_connected' Conncted to stomp+ssl://mcollective@sisop-virtualbox:61613 Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] User and group issues
I am currently in the process of cleaning up some of my puppet config files in particular some user and some virtual templates: I get the following error: *err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Group[testgroup] is already defined in file /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at /etc/puppet/manifests/templates/accounts.pp:22 on node puppettest.test.internal* If I remove My files: *users.pp* *class users * *{* * @accounts::virtual * * { * * 'test.user':* * realname= 'testusername',* * pass= 'testpass',* * gid = testgroup,* * } * * * * @accounts::virtual * * { * * 'test.user2':* * realname= 'testuser2name',* * pass= 'testpass',* * gid = testgroup2,* * } * * * * @accounts::virtual * * { * * 'test.user3':* * realname= 'testuser3name',* * pass = 'testpass',* * gid = testgroup,* * }* *accounts.pp* * * *define accounts::virtual ($realname,$pass,$gid,$sshkey=) * *{ * * user * * { * * $title:* * ensure= present,* * comment = ${realname} ${gid} User,* * gid = $title,* * shell = '/bin/bash',* * require = Group[$gid],* * home = /home/${title},* * managehome= true,* * password = $pass,* * }* * * * group * * { * * $gid:* * ensure = present,* * }* * * * file * * { * * /home/${title}:* * ensure= directory,* * owner = $title,* * group = $gid,* * mode = 0700,* * require = [ User[$title], Group[$gid] ],* * }* * * * # If we have an SSH key present then insert it onto the user* * if ( $sshkey != ) * * {* * ssh_authorized_key * * { * * $title:* * ensure = present,* * type= ssh-rsa,* * key = $sshkey,* * user= $title,* * require = User[$title],* * name= $title,* * }* * }* * * * # If there is no key specified, make sure this value is blank * * if ( $sshkey == ) * * {* * ssh_authorized_key * * { * * $title:* * ensure = absent,* * user= $title,* * require = User[$title],* * }* * }* *}* then inside *site.pp* * * *include users* *realize (Accounts::Virtual['test.user','test.user2','test.user3'])* * * If I remove test.user3 it all works fine, so this is something related to the group being declared or what puppet thinks is declared twice because of the way I have created a virtual class. Is there any obvious solutions to this besides absolutely declaring each user individually? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
fix 1: i syncronized the clocks Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Mon, Oct 28, 2013 at 2:55 AM, Klavs Klavsen kl...@enableit.dk wrote: Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: tl;dr: Windows manages permissions in a way that doesn't always translate well to mode. We're putting together a solution for this. Jump in the discussion. I wanted to get this conversation started. We've put a lot of thought into how the model should look and focused on ease of use up to more advanced scenarios. However I don't feel that what we have is complete. If you are familiar with Windows, we'd love to get your feedback. If you are not familiar with Windows, we'd still love to get your feedback. A couple of notes to start it off: 1. This is currently planned to be a module on the forge. 2. We have some changes to make to core puppet to better enable handing windows permissions (changes around how mode is applied on Windows now when not explicitly specified). IMHO it should be possible to leave out mode (especially when ones declare an acl instead) - and puppet should NOT care about mode (as in shouldn't try to set it as it does not, and breaks windows permissions). Yes, this is what I was referring to. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Why there is a need for the architecture fact when it is only using hardwaremodel fact?
Got it, thank you very much On Friday, October 25, 2013 2:45:31 PM UTC-4, Daniele Sluijters wrote: Hi, It doesn't only use hardwaremodel fact: https://github.com/puppetlabs/facter/blob/master/lib/facter/architecture.rb#L6:L10 # Resolution: # On non-AIX IBM, OpenBSD, Linux and Debian's kfreebsd, use the hardwaremodel fact. # On AIX get the arch value from lsattr -El proc0 -a type # Gentoo and Debian call x86_86 amd64. # Gentoo also calls i386 x86. -- Daniele Sluijters On Thursday, 24 October 2013 16:49:57 UTC+2, beyonddc...@gmail.com wrote: Hi all, hopefully this is a quick question. I would like to know why there is a need for the architecture fact when it is only using hardwaremodel fact? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Managing conflicting forge dependencies
On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote: Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. Looks like you a hit that issue while they were transitioning from ripienaar to puppetlabs. The postgresql module now correctly refers to the new puppetlabs/concat module[1]. As for managing modules that require conflicting versions for dependencies, there is not an easy solution; you have to resolve the dependencies. This usually entails upgrading something. For the specific issue you had above, I believe that would have been caught by librarian-puppet, since it does dependency checking, though it should have just worked if you used librarian-puppet-simple[2]. [1] - https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13 [2] - https://github.com/bodepd/librarian-puppet-simple Cheers, -g -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] inline_template private method `gets' called for false:FalseClass
Hi, I am new to Ruby ERB and inline_template. Can anyone spot what's wrong with this inline_template? $moddedContent = inline_template(%= puts gets(nil).gsub(/one two three/,\\) /tmp/blah %) exec { /bin/echo '${moddedContent}' /tmp/blah : } When I try to apply it, I got the following error. Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse inline template: private method `gets' called for false:FalseClass at foo.pp:33 on node testnode Thanks! David -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Mon, Oct 28, 2013 at 8:42 AM, jcbollinger john.bollin...@stjude.orgwrote: On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote: Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: [...] The format could look something like the following: acl { 'c:/windows/temp/tempfile.txt'**: ensure = present, permissions = { 'Administrators' = ['full'] 'bob' = ['mwrx'], 'SomeDomain\Lisa' = [x1000,'allow','inherit','**one_level'], 'S-5-1-18' = ['wrx','deny','inherit_**objects_only','inherit_only'] }, } acl { 'c:/windows/temp/locked_dir': ensure = exact, That one throws me.. ensure exact? I would expect 'exact' to be the same as 'present' (which in thise case is kinda odd wording- but so is exact.. who would want puppet to almost ensure something? I think Klavs has an excellent point there. After some consideration, I think I understand what 'exact' is supposed to mean -- that the ACL should contain the specified entries *and no others* -- but the perceived need for such a thing suggests that the proposed model is too high level. Instead of wrapping everything up into a single Acl resource type, I think you need a resource type for individual ACEs. That would also allow you to ensure some specific entries present in and some others absent from the same ACL, without requiring that all wanted entries be enumerated. A model inspired by the Concat module might be suitable. Yes, this is indeed the area I was talking about that is needing more discussion. Splitting to a resource type for individual ACEs might be beneficial, but it also might be too verbose. For an absent ACE, I was considering `'bob' = []`. The actual idea on ensure present versus exact (versus the other values) and Windows is that there are some inherited ACEs. When you specify permissions, you are specifying explicit ACEs and not inherited ACEs. Would you always want to specify 'SYSTEM' and 'Administrators' in every acl or would that get old having to specify for items that are already going to be inherited? Are there other permissions that may already be there that you don't want to manage? That's really where the difference between present and exact came about. In a way of saying, I want to manage this particular set of permissions, plus any that are already inherited (idea of present). If you don't want to have inherited permissions on a particular ACL, that's where exact would come in. Note too that in the Puppet universe, a parameter or value indicating that unmanaged resources should be removed is conventionally spelled purge or purged. I think I understand, but let me see if I have this correctly: acl { 'c:/windows/temp/locked_dir': ensure = purge, permissions = { 'Administrators' = ['full'] }, } Any value not in the list above would be purged, correct? Unfortunately, I avoided this convention specifically due to how it self documents. It appears to be ensuring that the specified permission is removed, even though those that understand the convention know this is not the case. Additionally, although POSIX ACEs are unordered, it is my understanding that the order of ACEs within a Windows ACL is significant. If that is indeed correct then I don't see how the proposed model accounts for it. Yes, you are correct. We're talking about this and whether the module should reorder appropriately for the order in some cases. We've talked about an array instead of a hash for ACEs. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
issue still exists Il giorno lunedì 28 ottobre 2013 17:31:40 UTC+1, alessandro mazzoli ha scritto: fix 1: i syncronized the clocks Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Changes to issue tracking for Puppet projects
On Thursday, October 24, 2013 2:32:11 PM UTC-7, Daniele Sluijters wrote: Hey Eric, I was curious if you could elaborate a bit more on the choice of JIRA. I'm currently in the exact opposite spot, migrating away from JIRA to Redmine. Heh! No system's perfect, I guess. We're moving company-wide to JIRA for a bunch of reasons, but the top three are - the integration with other Atlassian products like greenhopper and confluence - workflow that makes sense for dev teams, not just bug reporting - its planning/reporting capabilities The internal-facing/commercial teams are already using jira exclusively and its working out really well. The platform team are now in split-brain mode maintaining both redmine and jira for every issue so it's a bit crazy-making. Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 puppet platform // coffee // techno // bicycles -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d56a33c7-7ae2-4e78-8a4b-fbaecfeec0f9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] User and group issues
Hello You have both users with the gid 'testgroup'. I think you mean group 'testgroup'. I think its common/best practice for each user's gid to be uniq and named the same as the user Neil On 28 Oct 2013 16:18, boxr...@gmail.com wrote: I am currently in the process of cleaning up some of my puppet config files in particular some user and some virtual templates: I get the following error: *err: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate definition: Group[testgroup] is already defined in file /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at /etc/puppet/manifests/templates/accounts.pp:22 on node puppettest.test.internal* If I remove My files: *users.pp* *class users * *{* * @accounts::virtual * * { * * 'test.user':* * realname= 'testusername',* * pass= 'testpass',* * gid = testgroup,* * } * * * * @accounts::virtual * * { * * 'test.user2':* * realname= 'testuser2name',* * pass= 'testpass',* * gid = testgroup2,* * } * * * * @accounts::virtual * * { * * 'test.user3':* * realname= 'testuser3name',* * pass = 'testpass',* * gid = testgroup,* * }* *accounts.pp* * * *define accounts::virtual ($realname,$pass,$gid,$sshkey=) * *{ * * user * * { * * $title:* * ensure= present,* * comment = ${realname} ${gid} User,* * gid = $title,* * shell = '/bin/bash',* * require = Group[$gid],* * home = /home/${title},* * managehome= true,* * password = $pass,* * }* * * * group * * { * * $gid:* * ensure = present,* * }* * * * file * * { * * /home/${title}:* * ensure= directory,* * owner = $title,* * group = $gid,* * mode = 0700,* * require = [ User[$title], Group[$gid] ],* * }* * * * # If we have an SSH key present then insert it onto the user* * if ( $sshkey != ) * * {* * ssh_authorized_key * * { * * $title:* * ensure = present,* * type= ssh-rsa,* * key = $sshkey,* * user= $title,* * require = User[$title],* * name= $title,* * }* * }* * * * # If there is no key specified, make sure this value is blank * * if ( $sshkey == ) * * {* * ssh_authorized_key * * { * * $title:* * ensure = absent,* * user= $title,* * require = User[$title],* * }* * }* *}* then inside *site.pp* * * *include users* *realize (Accounts::Virtual['test.user','test.user2','test.user3'])* * * If I remove test.user3 it all works fine, so this is something related to the group being declared or what puppet thinks is declared twice because of the way I have created a virtual class. Is there any obvious solutions to this besides absolutely declaring each user individually? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAohVBc8L4OAnY%3DYTHVYZ5W%3DkcUtN55ATt_d%3DZYAKad4_--PCg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Managing conflicting forge dependencies
Yes, that dependency is solved with the puppetdb module upgrade to 3.0 Unfortunately, there are other interesting modules that still depend on ripienaar, such as example42/sudo. I guess I'll just have to wait for updates. Thanks for your time. On an unrelated issue (and since I'm still starting with modules), would this list be a good place to present a new module for review? On Mon, Oct 28, 2013 at 6:42 PM, Garrett Honeycutt g...@garretthoneycutt.comwrote: On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote: Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. Looks like you a hit that issue while they were transitioning from ripienaar to puppetlabs. The postgresql module now correctly refers to the new puppetlabs/concat module[1]. As for managing modules that require conflicting versions for dependencies, there is not an easy solution; you have to resolve the dependencies. This usually entails upgrading something. For the specific issue you had above, I believe that would have been caught by librarian-puppet, since it does dependency checking, though it should have just worked if you used librarian-puppet-simple[2]. [1] - https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13 [2] - https://github.com/bodepd/librarian-puppet-simple Cheers, -g -- Beware of programmers who carry screwdrivers! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANK4U2o1trzeh6vQ1etOoM0FqKwEvcpEVoKFMSUSNMdFH10%2B-A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet master does not start
I've tried to start puppet master but I'm getting next error traces: # /usr/sbin/puppetmasterd start --trace /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:132:in `convert_xid' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:89:in `change_group' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:80:in `change_privileges' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:728:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:758:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/external/lock.rb:34:in `lock_exclusive' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:751:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `open' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `readwritelock' /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:749:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:205:in `next_serial' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:273:in `sign' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:153:in `generate_ca_certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:242:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:166:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `init_singleton_instance' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value' /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:62:in `instance' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:154:in `setup_ssl' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:171:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/sbin/puppetmasterd:4 Could not prepare for execution: Invalid group: 0 Ruby version is 1.8.7 and Puppet version is 3.3.1. Could someone give me any clue of what is happenning? Thanks in advance, regards -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5c437df1-015b-497d-ab15-6f80169dff2e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet master does not start
I realize that I had installed 2.6 version of puppet instead 3.3.1. It has been solved, I update previous version to 3.3.1. I;m still having same problem with new version. I paste here all details: puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl server=test.example.com [master] certname=test.example.com # id uid=0(root) gid=0(root) groups=0(root),503(puppet) # ls -l /etc/puppet/ total 24 -rw-r--r-- 1 root root 4133 Oct 7 18:03 auth.conf -rw-r--r-- 1 root root 1462 Oct 7 18:00 fileserver.conf drwxr-xr-x 2 root root 4096 Oct 7 18:03 manifests drwxr-xr-x 2 root root 4096 Oct 7 18:03 modules -rw-r--r-- 1 root root 453 Oct 28 22:27 puppet.conf # ls -l /var/lib/puppet/ total 52 drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 bucket drwxr-x--- 2 root root 4096 Oct 28 19:30 clientbucket drwxr-x--- 2 root root 4096 Oct 28 19:30 client_data drwxr-x--- 2 root root 4096 Oct 28 19:30 client_yaml drwxr-xr-x 2 root root 4096 Oct 28 19:03 facts drwxr-xr-x 2 root root 4096 Oct 28 19:03 lib drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 reports drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 rrd drwx-- 2 root root 4096 Oct 28 19:12 run drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 server_data drwxrwx--x 8 puppet root 4096 Oct 28 19:03 ssl drwxr-xr-t 3 root root 4096 Oct 28 19:30 state drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 yaml # /etc/init.d/puppetmaster start Starting puppetmaster: [FAILED] Message in /var/log/messages file: Oct 28 22:29:27 rhel6-64 puppet-master[5855]: Could not prepare for execution: Invalid group: 0 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/35da2a50-5062-4856-a2b6-3aafea7f7577%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet master does not start
On 29 October 2013 09:31, josec.r...@gmail.com wrote: # id uid=0(root) gid=0(root) groups=0(root),503(puppet) Why have you added the root user to the group puppet? puppetmaster normally runs using the puppet user in the puppet group. What groups is your 'puppet' user part of? Here's mine: # id puppet uid=52(puppet) gid=52(puppet) groups=52(puppet) Sean -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADg9O%2BOhq7ZGOLrKPN4D1VoUNL354U4F82XMyxOjigg888nDRw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Help with scaling puppetdb/postgres
I reconfigured postgres based on the recommendations from pgtune and your document. I still had a lot of agent timeouts and eventually after running overnight the command queue on the puppetdb server was over 4000. Maybe I need a box with traditional RAID and a lot of spindles instead of the SSD. Or maybe I need a cluster of postgres servers (if that's possible), I don't know. The puppetdb docs said a laptop with a consumer grade SSD was enough for 5000 virtual nodes so I was optimistic this would be a simple setup. Oh well. On Thursday, October 24, 2013 1:02:55 PM UTC-4, Ken Barber wrote: pgtune is probably a good place to start: https://github.com/gregs1104/pgtune ... available as an rpm/deb on the more popular distros I believe. Also, this is probably very premature, but I have a draft doc with notes for how to tune your DB for PuppetDB: https://docs.google.com/document/d/1hpFbh2q0WmxAvwfWRlurdaEF70fLc6oZtdktsCq2UFU/edit?usp=sharing Use at your own risk, as it hasn't been completely vetted. Happy to get any feedback on this, as I plan on making this part of our endorsed documentation. Also ... there is an index that lately has been causing people problems 'idx_catalog_resources_tags_gin'. You might want to try dropping it to see if it improves performances (thanks to Erik Dalen and his colleagues for that one): DROP INDEX idx_catalog_resources_tags_gin; It is easily restored if it doesn't help ... but may take some time to build: CREATE INDEX idx_catalog_resources_tags_gin ON catalog_resources USING gin (tags COLLATE pg_catalog.default); ken. On Thu, Oct 24, 2013 at 4:55 PM, David Mesler david@gmail.comjavascript: wrote: Hello, I'm currently trying to deploy puppetdb to my environment but I'm having difficulties and am unsure on how to proceed. I have 1300+ nodes checking in at 15 minute intervals (3.7 million resources in the population). The load is spread across 6 puppet masters. I requisitioned what I thought would be a powerful enough machine for the puppetdb/postgres server. A machine with 128GB of RAM, 16 physical cpu cores, and a 500GB ssd for the database. I can point one or two of my puppet masters at puppetdb with reasonable enough performance, but anymore and commands start stacking up in the puppetdb command queue and agents start timing out. (Actually, even with just one puppet master using puppetdb I still have occasional agent timeouts.) Is one postgres server not going to cut it? Do I need to look into clustering? I'm sure some of you must run puppetdb in larger environments than this, any tips? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript:. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/32aeae93-6636-4f30-83a4-69036374b8fe%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Issues referencing a class from another module
Hi all, I'm currently experiencing an issue where a module cannot reference a class from another module. Currently, I've got two modules, workstation and nfs and I'm attempting to use a class from the nfs module inside the workstation module, like so: Workstation module: class acme_inc::workstation { # ensure the local acme user exists user { acme: ensure = present, uid = '1234', gid = 'acme', shell = '/bin/bash', home= '/home/$user_name', managehome = true, } ... SNIP ... # install and set up the nfs client class {'nfs': class = client, domain = acme.example.com, } } NFS Module: class nfs ($class = 'client', $domain = '') { # install the class specific packages if $class == 'client' { # install client NFS packages package { 'nfs-common': ensure = installed, } } else { # install server NFS packages package { 'nfs-kernel-server': ensure = installed, } } # make sure that idmapd is running service { 'idmapd': name = $service_name, ensure= running, enable= true, subscribe = File['idmapd.conf'], } # generate and send the config file file { 'idmapd.conf': path= '/etc/idmapd.conf', ensure = file, require = Package['nfs-common'], content = template(nfs/idmapd.conf.erb), } } Is what I intend to do something supported by puppet? or do I have to load the NFS module in the site manifest? Because my end goal is to create a module for each of my clients, where each module can then load say nginx::vhost to build that clients nginx virtual host. That way my server entry in site.pp is just: node 'server.example.com' { class {'ntp': servers = [ 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, ], } include client1 include client2 } Again, is this possible in puppet, or do I have to scrap this idea and simply include all the client stuff inside the node definition? Any advise would be appreciated. Regards, Daniel Sage -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cbdbfb44-643f-4eb4-bb73-f4db8c03c6c1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.