[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)

2013-10-28 Thread Klavs Klavsen


Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:

 tl;dr: Windows manages permissions in a way that doesn't always translate 
 well to mode. We're putting together a solution for this. Jump in the 
 discussion.


 I wanted to get this conversation started. We've put a lot of thought into 
 how the model should look and focused on ease of use up to more advanced 
 scenarios.

 However I don't feel that what we have is complete. If you are familiar 
 with Windows, we'd love to get your feedback. If you are not familiar with 
 Windows, we'd still love to get your feedback.

 A couple of notes to start it off:

 1. This is currently planned to be a module on the forge.

  

2. We have some changes to make to core puppet to better enable handing 
 windows permissions (changes around how mode is applied on Windows now when 
 not explicitly specified).


IMHO it should be possible to leave out mode (especially when ones declare 
an acl instead) - and puppet should NOT care about mode (as in shouldn't 
try to set it as it does not, and breaks windows permissions).

 

 3. We tried to map somewhat close to the way Windows ACLs/DACLs/ACEs work.


 

 4. We've also attempted to leave room for future expansion or application 
 on POSIX systems. Note: this is not a primary goal, so unless there is a 
 design consideration on the model, it's probably not something we will 
 approach with this current effort.


acl should most definetely be applicable for any unix filesystem mounted 
with ACL support :) 
 

 The format could look something like the following:

 acl { 'c:/windows/temp/tempfile.txt':
   ensure = present,
   permissions = {
 'Administrators' = ['full']
 'bob' = ['mwrx'],
 'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'],
 'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only']
   },
 }

 acl { 'c:/windows/temp/locked_dir':
   ensure = exact,


That one throws me.. ensure exact? I would expect 'exact' to be the same as 
'present' (which in thise case is kinda odd wording- but so is exact.. who 
would want puppet to almost ensure something?


   permissions = {
 'Administrators' = ['full']
   },
 }

 Before you have an opportunity to look at the proposal and comment on 
 specifics, how self-documenting is the above model?  What would you add or 
 remove?



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Managing conflicting forge dependencies

2013-10-28 Thread Andrei-Florian Staicu
Hi all,

How do you manage different forge modules that require conflicting versions
for the same module?
The most common example is ripienaar/concat vs puppetlabs/concat:
puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires
ripienaar/concat
puppetlabs/apache requires puppetlabs/concat

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Puppet agent not running automatically

2013-10-28 Thread Rahul Khengare
Hi Michael,
  puppetd daemon run in background when we configure to run automatically.
It does not send the output of catalog running to standard output terminal. 

 runinterval =1800 

This specify that on  your puppet client manifests catalog is deploye after 
every 30 minutes(1800 Second).

Refer 
http://docs.puppetlabs.com/references/latest/configuration.html#runinterval
 
 Try enabling the runlevel of puppet service 

# chkconfig puppet --list

Hope this will help.

Thanks and Regards,
Rahul Khengare,
NTT DATA OSS Center, Pune, India.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Puppet agent not running automatically

2013-10-28 Thread Rahul Khengare
Hi Michael,
  puppetd daemon run in background when we configure to run automatically.
It does not send the output of catalog running to standard output terminal. 

 runinterval =1800 

This specify that on  your puppet client manifests catalog is deploye after 
every 30 minutes(1800 Second).

Refer 
http://docs.puppetlabs.com/references/latest/configuration.html#runinterval
 
 Try enabling the runlevel of puppet service ON 

# chkconfig puppet on

Hope this will help.

Thanks and Regards,
Rahul Khengare,
NTT DATA OSS Center, Pune, India.


On Friday, October 25, 2013 9:32:57 PM UTC+5:30, Michael Buckner wrote:

 The puppet agent is already running, it just never actually checks in with 
 the puppetmaster unless I manually run puppet agent -t

 Puppet was install automatically via the foreman-installer. Here are the 
 contents of [agent] in puppet.conf:

 [agent]

 # The file in which puppetd stores a list of the classes

 # associated with the retrieved configuratiion.  Can be loaded in

 # the separate ``puppet`` executable using the ``--loadclasses``

 # option.

 # The default value is '$confdir/classes.txt'.

 classfile = $vardir/classes.txt


 # Where puppetd caches the local configuration.  An

 # extension indicating the cache format is added automatically.

 # The default value is '$confdir/localconfig'.

 localconfig = $vardir/localconfig


 # Disable the default schedules as they cause continual skipped

 # resources to be displayed in Foreman - only for Puppet = 3.4

 default_schedules = false


 report  = true

 pluginsync  = true

 masterport  = 8140

 environment = production

 certname= puppet.mycompany.com

 server  = puppet.mycompany.com

 listen  = false

 splay   = false

 runinterval = 1800

 noop= false

 show_diff   = false

 On Friday, October 25, 2013 11:55:31 AM UTC-4, puppetstan wrote:

 Hi,

 When you doing

 /etc/init.d/puppet start 

 it s not good?

 regards

 Le vendredi 25 octobre 2013 16:47:15 UTC+2, Michael Buckner a écrit :

 Brand new install or Foreman/Puppet. Puppet agent runs fine manually but 
 does not run automatically.

 Any suggestions?



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Using puppetlabs_spec_helper on Windows 7

2013-10-28 Thread Matthieu Nantern
I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my 
Puppet modules.
 
Is this supported ? Because I encountered some problems:

   1. symlinks were not created on Windows 7 (even if the functionnality 
   are availabe). To manage that I added to rake_tasks.rb an ugly function:
   
   def make_link(source,target)
 ruby_platform = RbConfig::CONFIG['host_os']
 if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then
   #Windows Stuff
   source_win=source.tr(/,\\)
   target_win=target.tr(/,\\)
   `call mklink /D #{target_win} #{source_win}`
 elsif RUBY_PLATFORM =~ /linux/ then
   FileUtils::ln_s(source, target)
 end
   end
   
   2. undefined method `fetch' for nil:NilClass:
   
Failure/Error: Unable to find matching line from backtrace
NoMethodError:
  undefined method `fetch' for nil:NilClass
# C:/Program Files/Puppet 
   Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in 
   after_each_test'
# C:/Program Files/Puppet 
   Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each'
# C:/Program Files/Puppet 
   Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `after_each_test'
   
   3. I use the concat module. And when running rake test, I got:
   
   Failure/Error: should contain_package('nfs-utils')
Puppet::Error:
  $concat_basedir not defined. Try running again with 
   pluginsync=true on the [master] section of your node's 
   '/etc/puppet/puppet.conf'.

 
Is it a lost cause ? Or someone succeeded to test puppet modules on Windows 
?
 
Thank you for your help !

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] Using puppetlabs_spec_helper on Windows 7

2013-10-28 Thread Johan De Wit

I do have the same error on linux.

It has something tot do with the concat module.

If you write a rspec file for a class not using the concat module, it 
should work.


Unfortunately, i do not have a solution for our problem.

Grts

Jo

On 10/28/2013 11:44 AM, Matthieu Nantern wrote:
I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my 
Puppet modules.

Is this supported ? Because I encountered some problems:

 1. symlinks were not created on Windows 7 (even if the functionnality
are availabe). To manage that I added to rake_tasks.rb an ugly
function:

def make_link(source,target)
  ruby_platform = RbConfig::CONFIG['host_os']
  if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then
#Windows Stuff
source_win=source.tr(/,\\)
target_win=target.tr(/,\\)
`call mklink /D #{target_win} #{source_win}`
  elsif RUBY_PLATFORM =~ /linux/ then
FileUtils::ln_s(source, target)
  end
end

 2. undefined method `fetch' for nil:NilClass:

 Failure/Error: Unable to find matching line from backtrace
 NoMethodError:
   undefined method `fetch' for nil:NilClass
 # C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in
after_each_test'
 # C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each'
 # C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in
`after_each_test'

 3. I use the concat module. And when running rake test, I got:

Failure/Error: should contain_package('nfs-utils')
 Puppet::Error:
   $concat_basedir not defined. Try running again with
pluginsync=true on the [master] section of your node's
'/etc/puppet/puppet.conf'.

Is it a lost cause ? Or someone succeeded to test puppet modules on 
Windows ?

Thank you for your help !
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.

To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.



--
Johan De Wit

Open Source Consultant

Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP006)
_
 
Open-Future Phone +32 (0)2/255 70 70

Zavelstraat 72  Fax   +32 (0)2/255 70 71
3071 KORTENBERG Mobile+32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_
 



Next Events:
Puppet Advanced Training | 
https://www.open-future.be/puppet-advanced-training-12-till-14th-november
Zabbix Certified Training | 
http://www.open-future.be/zabbix-certified-training-18-till-20th-november
Zabbix Large Environments Training | 
http://www.open-future.be/zabbix-large-environments-training-21-till-22nd-november
Puppet Fundamentals Training | 
http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december
Subscribe to our newsletter | http://eepurl.com/BUG8H

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] ENC - how to get info about the node

2013-10-28 Thread Jason Antman
Steven,

Can you be a little more specific about what you're trying to do?
Normally, you'd set that department variable in the ENC itself.

Puppet calls the ENC script (node_terminus) with the certificate name
(or is it the FQDN? I never remember, since they're both the same for
me) of the node that is requesting a catalog. Any additional information
that the ENC needs, it needs to get on its own. In the past I've always
followed the paradigm of a person manually inputting data into the ENC
via CLI script or Web UI - usually some combination of classes,
parameters and groups (templating containers holding one or more
classes, parameters, or other groups, and applied to multiple nodes).
However I don't see a reason other than time/performance why the ENC
couldn't also lookup information from facts (via PuppetDB or some other
method), Hiera, or other external data sources.

-jantman

On 10/27/2013 08:34 AM, Steven Jonthen wrote:
 Hi guys,

 It is only allowed to pass one parameter to your own ENC-Class in
 Puppet. But how can I set a department variable for each node and
 use it in my ENC-Script?

 Has anyone a clue how to do it? Thank's in advance!
 -- 
 You received this message because you are subscribed to the Google
 Groups Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Puppet 3.3.1: custom function change requires restart of puppetmaster

2013-10-28 Thread jcbollinger


On Saturday, October 26, 2013 5:47:07 AM UTC-5, Sergey Arlashin wrote:

 Hi! 
 I've spent quite a while before I understood that for Puppet to see 
 changes in custom functions' code Puppetmaster needs to be restarted. 
 Is this a normal behaviour or may be it's a bug ? 



It is normal behavior, arising in part from the behavior of the underlying 
Ruby.  I am uncertain whether there is any reasonable possibility of Puppet 
behavior differently than it does in this regard, but at minimum it would 
be a significant challenge.  You should feel free to file a feature request 
if you are inclined to do so, however, or if there is an existing one then 
to vote it up.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)

2013-10-28 Thread jcbollinger


On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote:



 Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: 

[...] 

 The format could look something like the following:

 acl { 'c:/windows/temp/tempfile.txt':
   ensure = present,
   permissions = {
 'Administrators' = ['full']
 'bob' = ['mwrx'],
 'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'],
 'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only']
   },
 }

 acl { 'c:/windows/temp/locked_dir':
   ensure = exact,


 That one throws me.. ensure exact? I would expect 'exact' to be the same 
 as 'present' (which in thise case is kinda odd wording- but so is exact.. 
 who would want puppet to almost ensure something?



I think Klavs has an excellent point there.  After some consideration, I 
think I understand what 'exact' is supposed to mean -- that the ACL should 
contain the specified entries *and no others* -- but the perceived need for 
such a thing suggests that the proposed model is too high level.  Instead 
of wrapping everything up into a single Acl resource type, I think you need 
a resource type for individual ACEs.  That would also allow you to ensure 
some specific entries present in and some others absent from the same ACL, 
without requiring that all wanted entries be enumerated.  A model inspired 
by the Concat module might be suitable.

Note too that in the Puppet universe, a parameter or value indicating that 
unmanaged resources should be removed is conventionally spelled purge or 
purged.

Additionally, although POSIX ACEs are unordered, it is my understanding 
that the order of ACEs within a Windows ACL is significant.  If that is 
indeed correct then I don't see how the proposed model accounts for it.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Puppet master upgrade from 2.7 to 3.0 certificate issues

2013-10-28 Thread Edson Manners
I've gone through the upgrade check list for puppet at this URL:
http://docs.puppetlabs.com/guides/upgrading.html

I first tries 2.7 - 3.3.x but that had the same issue as below and I 
decided that maybe the jump was too big and I should go from 2.7 - 3.0.x - 
3.2.x - 3.3.x

But I'm getting some weird behavior with my certs even when I go from 
2.7.20 - 3.0.3
After upgrading the puppet-server package using yum all of my puppet agents 
get this error whether I remove the certs or not.

Exiting; no certificate found and waitforcert is disabled

I autosign our certs with the autosign.conf file and this works if I go 
nack to 2.7.20.
I clean out the client certs with 'rm -rf /var/lib/puppet/ssl'

Here are my specs:
RHEL 6.3
puppet - 3.0.2-1
puppet-server - 3.0.2-1
puppetdb - 1.5.2-1
passender - see below

[root@puppet puppet]# gem list
daemon_controller (1.1.1)
fastthread (1.0.7)
json (1.5.5)
passenger (4.0.21)
rack (1.5.2)
rake (10.0.3)

PS. If I run the agent standalone using puppet apply everything works just 
fine. Or if I downgrade my puppet master back to 2.7.20 it also works well.

Please let me know if anymore info or config files are needed.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Puppet dashboard blank stylesheet

2013-10-28 Thread Fine, Thomas
Hi,

I'm trying to switch my working puppet-dashboard installation over from the
test server that it comes with to an Apache/Passenger setup.  Puppet seems
to be humming along just fine under this setup, but dashboard is unhappy.
 The web interface comes up with no style. I've taken a look with Safari's
developer windows at what it thinks is going on and I'm seeing an all.cis
that is coming up empty.  And yet the transfer logs show a sizable all.css
being transferred, and if I grab all.css directly I end up with content.

I do see that there's a bug (8121) on something like this, but as far as I
can tell, my version of puppet-dashboard (xxx) is greater than the version
where that bug is fixed.

It seems likely that something has gone miss in the whole
Apache-Passenger-Rails relationship, but I don't know enough about this to
figure out how to debug it.

Any ideas?

The server is Centos6
Apache is 2.2.15
Puppet is 3.2.4
Puppet-dashboard is 1.2.23
Ruby is 1.8.7
Passenger is 4.0.19

Thanks in advance,

  tom

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init

2013-10-28 Thread alessandro mazzoli
Hi all,
i'm stucked with an error on PE-Mcollective. 
I have a puppetmaster with PE-Console on it, i have an agent node connected 
which i want provide to it a module called LAMP, my newbie LAMP module
https://github.com/alemazz/lamp.git


When i run puppet agent -t on the puppetmaster i dont get any error, and 
the module will install on it, but when i call puppet agent -t on node 
agent i get this error:

Debug: /Schedule[weekly]: Skipping device resources because running on a 
host
Debug: /Schedule[puppet]: Skipping device resources because running on a 
host
*Debug: Service[pe-mcollective](provider=upstart): Could not find 
pe-mcollective.conf in /etc/init*
*Debug: Service[pe-mcollective](provider=upstart): Could not find 
pe-mcollective.conf in /etc/init.d*
*Debug: Service[pe-mcollective](provider=upstart): Could not find 
pe-mcollective in /etc/init*
Debug: Executing '/etc/init.d/pe-mcollective status'
Debug: Executing '/etc/init.d/pe-mcollective start'
Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: 
ensure changed 'stopped' to 'running'
Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The 
container Class[Pe_mcollective::Server] will propagate my refresh event
Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: 
Unscheduling refresh on Service[pe-mcollective]
Debug: Class[Pe_mcollective::Server]: The container Stage[main] will 
propagate my refresh event
Debug: Executing '/usr/bin/apt-cache policy php5-dev'
Debug: Class[Lamp]: The container Stage[main] will propagate my refresh 
event
Debug: Finishing transaction 87463220
Debug: Storing state
Debug: Stored state in 0.05 seconds
Notice: Finished catalog run in 15.14 seconds
Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson


Stderr from the command:

stdin: is not a tty
Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of 
'/sbin/status apache2' returned 1: status: Unknown job: apache2


Here's my /etc/init.d on puppetmaster and on agent node
-rwxr-xr.x root root  pe-mcollective 
service pe-mcollective statusrunning

but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont 
have any .conf on /etc/init.dis a bug on pe-installer that 
pe-mcollective service is on /etc/init.d and not on /etc/init?



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init

2013-10-28 Thread alessandro mazzoli

Here's the log:


I, [2013-10-28T16:30:07.990102 #1332]  INFO -- : activemq.rb:121:in 
 `on_ssl_connecting' Estblishing SSL session with 
stomp+ssl://mcollective@sisop-virtualbox:61613
I, [2013-10-28T16:30:07.990465 #1332]  INFO -- : activemq.rb:96:in 
 `on_connecting' TCP Connection attempt 11 to 
stomp+ssl://mcollective@sisop-virtualbox:61613
E, [2013-10-28T16:30:07.996130 #1332] ERROR -- : activemq.rb:131:in 
 `on_ssl_connectfail' SSL session creation with 
stomp+ssl://mcollective@sisop-virtualbox:61613 failed: Co$
I, [2013-10-28T16:30:07.996368 #1332]  INFO -- : activemq.rb:111:in 
 `on_connectfail' TCP Connection to 
stomp+ssl://mcollective@sisop-virtualbox:61613 failed on attempt 11
I, [2013-10-28T16:30:28.483057 #1332]  INFO -- : activemq.rb:121:in 
 `on_ssl_connecting' Estblishing SSL session with 
stomp+ssl://mcollective@sisop-virtualbox:61613
I, [2013-10-28T16:30:28.483657 #1332]  INFO -- : activemq.rb:96:in 
`on_connecting' TCP Connection attempt 12 to 
stomp+ssl://mcollective@sisop-virtualbox:61613
I, [2013-10-28T16:30:29.645117 #1332]  INFO -- : activemq.rb:126:in 
`on_ssl_connected' SSL session established with 
stomp+ssl://mcollective@sisop-virtualbox:61613
I, [2013-10-28T16:30:29.839742 #1332]  INFO -- : activemq.rb:101:in 
 `on_connected' Conncted to stomp+ssl://mcollective@sisop-virtualbox:61613


Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha 
scritto:

 Hi all,
 i'm stucked with an error on PE-Mcollective. 
 I have a puppetmaster with PE-Console on it, i have an agent node 
 connected which i want provide to it a module called LAMP, my newbie LAMP 
 module
 https://github.com/alemazz/lamp.git


 When i run puppet agent -t on the puppetmaster i dont get any error, and 
 the module will install on it, but when i call puppet agent -t on node 
 agent i get this error:

 Debug: /Schedule[weekly]: Skipping device resources because running on a 
 host
 Debug: /Schedule[puppet]: Skipping device resources because running on a 
 host
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init.d*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective in /etc/init*
 Debug: Executing '/etc/init.d/pe-mcollective status'
 Debug: Executing '/etc/init.d/pe-mcollective start'
 Notice: 
 /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure 
 changed 'stopped' to 'running'
 Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The 
 container Class[Pe_mcollective::Server] will propagate my refresh event
 Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: 
 Unscheduling refresh on Service[pe-mcollective]
 Debug: Class[Pe_mcollective::Server]: The container Stage[main] will 
 propagate my refresh event
 Debug: Executing '/usr/bin/apt-cache policy php5-dev'
 Debug: Class[Lamp]: The container Stage[main] will propagate my refresh 
 event
 Debug: Finishing transaction 87463220
 Debug: Storing state
 Debug: Stored state in 0.05 seconds
 Notice: Finished catalog run in 15.14 seconds
 Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson


 Stderr from the command:

 stdin: is not a tty
 Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution 
 of '/sbin/status apache2' returned 1: status: Unknown job: apache2


 Here's my /etc/init.d on puppetmaster and on agent node
 -rwxr-xr.x root root  pe-mcollective 
 service pe-mcollective statusrunning

 but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont 
 have any .conf on /etc/init.dis a bug on pe-installer that 
 pe-mcollective service is on /etc/init.d and not on /etc/init?





-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] User and group issues

2013-10-28 Thread boxrick
I am currently in the process of cleaning up some of my puppet config files 
in particular some user and some virtual templates:

I get the following error:

*err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Duplicate definition: Group[testgroup] is already defined in file 
/etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at 
/etc/puppet/manifests/templates/accounts.pp:22 on node 
puppettest.test.internal*

If I remove 

My files:

*users.pp*

*class users *
*{*
* @accounts::virtual
*
* { *
* 'test.user':*
* realname=  'testusername',*
* pass=  'testpass',*
* gid = testgroup,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user2':*
* realname=  'testuser2name',*
* pass=  'testpass',*
* gid = testgroup2,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user3':*
* realname=  'testuser3name',*
* pass  =  'testpass',*
* gid  = testgroup,*
* }*

*accounts.pp*
*
*
*define accounts::virtual ($realname,$pass,$gid,$sshkey=) *
*{ *
* user *
* { *
* $title:*
* ensure=  present,*
* comment   =  ${realname} ${gid} User,*
* gid   =  $title,*
* shell =  '/bin/bash',*
* require   =  Group[$gid],*
* home  =  /home/${title},*
* managehome=  true,*
* password  =  $pass,*
* }*
* *
* group *
* { *
* $gid:*
* ensure = present,*
* }*
* *
* file *
* { *
* /home/${title}:*
* ensure=  directory,*
* owner =  $title,*
* group =  $gid,*
* mode  =  0700,*
* require   =  [ User[$title], Group[$gid] ],*
* }*
* *
* # If we have an SSH key present then insert it onto the user*
* if ( $sshkey !=  ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure  =  present,*
* type=  ssh-rsa,*
* key =  $sshkey,*
* user=  $title,*
* require =  User[$title],*
* name=  $title,*
* }*
* }*
* *
* # If there is no key specified, make sure this value is blank *
* if ( $sshkey ==  ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure  =  absent,*
* user=  $title,*
* require =  User[$title],*
* }*
* }*
*}*

then inside *site.pp*
*
*
*include users*
*realize (Accounts::Virtual['test.user','test.user2','test.user3'])*
*
*
If I remove test.user3 it all works fine, so this is something related to 
the group being declared or what puppet thinks is declared twice because of 
the way I have created a virtual class. Is there any obvious solutions to 
this besides absolutely declaring each user individually?


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init

2013-10-28 Thread alessandro mazzoli
fix 1: i syncronized the clocks 

Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha 
scritto:

 Hi all,
 i'm stucked with an error on PE-Mcollective. 
 I have a puppetmaster with PE-Console on it, i have an agent node 
 connected which i want provide to it a module called LAMP, my newbie LAMP 
 module
 https://github.com/alemazz/lamp.git


 When i run puppet agent -t on the puppetmaster i dont get any error, and 
 the module will install on it, but when i call puppet agent -t on node 
 agent i get this error:

 Debug: /Schedule[weekly]: Skipping device resources because running on a 
 host
 Debug: /Schedule[puppet]: Skipping device resources because running on a 
 host
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init.d*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective in /etc/init*
 Debug: Executing '/etc/init.d/pe-mcollective status'
 Debug: Executing '/etc/init.d/pe-mcollective start'
 Notice: 
 /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure 
 changed 'stopped' to 'running'
 Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The 
 container Class[Pe_mcollective::Server] will propagate my refresh event
 Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: 
 Unscheduling refresh on Service[pe-mcollective]
 Debug: Class[Pe_mcollective::Server]: The container Stage[main] will 
 propagate my refresh event
 Debug: Executing '/usr/bin/apt-cache policy php5-dev'
 Debug: Class[Lamp]: The container Stage[main] will propagate my refresh 
 event
 Debug: Finishing transaction 87463220
 Debug: Storing state
 Debug: Stored state in 0.05 seconds
 Notice: Finished catalog run in 15.14 seconds
 Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson


 Stderr from the command:

 stdin: is not a tty
 Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution 
 of '/sbin/status apache2' returned 1: status: Unknown job: apache2


 Here's my /etc/init.d on puppetmaster and on agent node
 -rwxr-xr.x root root  pe-mcollective 
 service pe-mcollective statusrunning

 but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont 
 have any .conf on /etc/init.dis a bug on pe-installer that 
 pe-mcollective service is on /etc/init.d and not on /etc/init?





-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)

2013-10-28 Thread Rob Reynolds
On Mon, Oct 28, 2013 at 2:55 AM, Klavs Klavsen kl...@enableit.dk wrote:



 Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:

 tl;dr: Windows manages permissions in a way that doesn't always translate
 well to mode. We're putting together a solution for this. Jump in the
 discussion.


 I wanted to get this conversation started. We've put a lot of thought
 into how the model should look and focused on ease of use up to more
 advanced scenarios.

 However I don't feel that what we have is complete. If you are familiar
 with Windows, we'd love to get your feedback. If you are not familiar with
 Windows, we'd still love to get your feedback.

 A couple of notes to start it off:

 1. This is currently planned to be a module on the forge.



 2. We have some changes to make to core puppet to better enable handing
 windows permissions (changes around how mode is applied on Windows now when
 not explicitly specified).


 IMHO it should be possible to leave out mode (especially when ones declare
 an acl instead) - and puppet should NOT care about mode (as in shouldn't
 try to set it as it does not, and breaks windows permissions).


Yes, this is what I was referring to.



-- 
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init

2013-10-28 Thread alessandro mazzoli


Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha 
scritto:

 Hi all,
 i'm stucked with an error on PE-Mcollective. 
 I have a puppetmaster with PE-Console on it, i have an agent node 
 connected which i want provide to it a module called LAMP, my newbie LAMP 
 module
 https://github.com/alemazz/lamp.git


 When i run puppet agent -t on the puppetmaster i dont get any error, and 
 the module will install on it, but when i call puppet agent -t on node 
 agent i get this error:

 Debug: /Schedule[weekly]: Skipping device resources because running on a 
 host
 Debug: /Schedule[puppet]: Skipping device resources because running on a 
 host
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init.d*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective in /etc/init*
 Debug: Executing '/etc/init.d/pe-mcollective status'
 Debug: Executing '/etc/init.d/pe-mcollective start'
 Notice: 
 /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure 
 changed 'stopped' to 'running'
 Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The 
 container Class[Pe_mcollective::Server] will propagate my refresh event
 Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: 
 Unscheduling refresh on Service[pe-mcollective]
 Debug: Class[Pe_mcollective::Server]: The container Stage[main] will 
 propagate my refresh event
 Debug: Executing '/usr/bin/apt-cache policy php5-dev'
 Debug: Class[Lamp]: The container Stage[main] will propagate my refresh 
 event
 Debug: Finishing transaction 87463220
 Debug: Storing state
 Debug: Stored state in 0.05 seconds
 Notice: Finished catalog run in 15.14 seconds
 Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson


 Stderr from the command:

 stdin: is not a tty
 Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution 
 of '/sbin/status apache2' returned 1: status: Unknown job: apache2


 Here's my /etc/init.d on puppetmaster and on agent node
 -rwxr-xr.x root root  pe-mcollective 
 service pe-mcollective statusrunning

 but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont 
 have any .conf on /etc/init.dis a bug on pe-installer that 
 pe-mcollective service is on /etc/init.d and not on /etc/init?





-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Why there is a need for the architecture fact when it is only using hardwaremodel fact?

2013-10-28 Thread beyonddc . storage
Got it, thank you very much

On Friday, October 25, 2013 2:45:31 PM UTC-4, Daniele Sluijters wrote:

 Hi,

 It doesn't only use hardwaremodel fact:

 https://github.com/puppetlabs/facter/blob/master/lib/facter/architecture.rb#L6:L10
 # Resolution:
 #   On non-AIX IBM, OpenBSD, Linux and Debian's kfreebsd, use the 
 hardwaremodel fact.
 #   On AIX get the arch value from lsattr -El proc0 -a type
 #   Gentoo and Debian call x86_86 amd64.
 #   Gentoo also calls i386 x86.

 -- 
 Daniele Sluijters

 On Thursday, 24 October 2013 16:49:57 UTC+2, beyonddc...@gmail.com wrote:

 Hi all, hopefully this is a quick question.  I would like to know why 
 there is a need for the architecture fact when it is only using 
 hardwaremodel fact?

 Thanks!



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Managing conflicting forge dependencies

2013-10-28 Thread Garrett Honeycutt

On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote:

 Hi all,

 How do you manage different forge modules that require conflicting 
 versions for the same module?
 The most common example is ripienaar/concat vs puppetlabs/concat:
 puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires 
 ripienaar/concat
 puppetlabs/apache requires puppetlabs/concat

 Thanks.


Looks like you a hit that issue while they were transitioning from 
ripienaar to puppetlabs. The postgresql module now correctly refers to the 
new puppetlabs/concat module[1]. 

As for managing modules that require conflicting versions for dependencies, 
there is not an easy solution; you have to resolve the dependencies. This 
usually entails upgrading something.

For the specific issue you had above, I believe that would have been caught 
by librarian-puppet, since it does dependency checking, though it should 
have just worked if you used librarian-puppet-simple[2].

[1] - 
https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13
[2] - https://github.com/bodepd/librarian-puppet-simple

Cheers,
-g

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] inline_template private method `gets' called for false:FalseClass

2013-10-28 Thread beyonddc . storage
Hi,

I am new to Ruby ERB and inline_template.  Can anyone spot what's wrong 
with this inline_template?

$moddedContent = inline_template(%= puts gets(nil).gsub(/one 
two three/,\\) /tmp/blah %)
exec {
/bin/echo '${moddedContent}'  /tmp/blah :
}

When I try to apply it, I got the following error.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Failed to parse inline template: private method `gets' called for 
false:FalseClass at foo.pp:33 on node testnode

Thanks!

David

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)

2013-10-28 Thread Rob Reynolds
On Mon, Oct 28, 2013 at 8:42 AM, jcbollinger john.bollin...@stjude.orgwrote:



 On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote:



 Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:

 [...]

 The format could look something like the following:

 acl { 'c:/windows/temp/tempfile.txt'**:
   ensure = present,
   permissions = {
 'Administrators' = ['full']
 'bob' = ['mwrx'],
 'SomeDomain\Lisa' = [x1000,'allow','inherit','**one_level'],
 'S-5-1-18' = ['wrx','deny','inherit_**objects_only','inherit_only']
   },
 }

 acl { 'c:/windows/temp/locked_dir':
   ensure = exact,


 That one throws me.. ensure exact? I would expect 'exact' to be the same
 as 'present' (which in thise case is kinda odd wording- but so is exact..
 who would want puppet to almost ensure something?



 I think Klavs has an excellent point there.  After some consideration, I
 think I understand what 'exact' is supposed to mean -- that the ACL should
 contain the specified entries *and no others* -- but the perceived need
 for such a thing suggests that the proposed model is too high level.
 Instead of wrapping everything up into a single Acl resource type, I think
 you need a resource type for individual ACEs.  That would also allow you to
 ensure some specific entries present in and some others absent from the
 same ACL, without requiring that all wanted entries be enumerated.  A model
 inspired by the Concat module might be suitable.


Yes, this is indeed the area I was talking about that is needing more
discussion.

Splitting to a resource type for individual ACEs might be beneficial, but
it also might be too verbose. For an absent ACE, I was considering `'bob'
= []`.

The actual idea on ensure present versus exact (versus the other values)
and Windows is that there are some inherited ACEs. When you specify
permissions, you are specifying explicit ACEs and not inherited ACEs.

Would you always want to specify 'SYSTEM' and 'Administrators' in every acl
or would that get old having to specify for items that are already going to
be inherited? Are there other permissions that may already be there that
you don't want to manage? That's really where the difference between
present and exact came about. In a way of saying, I want to manage this
particular set of permissions, plus any that are already inherited (idea of
present).

If you don't want to have inherited permissions on a particular ACL, that's
where exact would come in.


 Note too that in the Puppet universe, a parameter or value indicating that
 unmanaged resources should be removed is conventionally spelled purge or
 purged.


I think I understand, but let me see if I have this correctly:

acl { 'c:/windows/temp/locked_dir':
  ensure = purge,
  permissions = {
'Administrators' = ['full']
  },
}

Any value not in the list above would be purged, correct? Unfortunately, I
avoided this convention specifically due to how it self documents. It
appears to be ensuring that the specified permission is removed, even
though those that understand the convention know this is not the case.



 Additionally, although POSIX ACEs are unordered, it is my understanding
 that the order of ACEs within a Windows ACL is significant.  If that is
 indeed correct then I don't see how the proposed model accounts for it.


Yes, you are correct. We're talking about this and whether the module
should reorder appropriately for the order in some cases. We've talked
about an array instead of a hash for ACEs.




 John

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.




-- 
Rob Reynolds
Developer, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init

2013-10-28 Thread alessandro mazzoli
issue still exists

Il giorno lunedì 28 ottobre 2013 17:31:40 UTC+1, alessandro mazzoli ha 
scritto:

 fix 1: i syncronized the clocks 

 Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha 
 scritto:

 Hi all,
 i'm stucked with an error on PE-Mcollective. 
 I have a puppetmaster with PE-Console on it, i have an agent node 
 connected which i want provide to it a module called LAMP, my newbie LAMP 
 module
 https://github.com/alemazz/lamp.git


 When i run puppet agent -t on the puppetmaster i dont get any error, 
 and the module will install on it, but when i call puppet agent -t on node 
 agent i get this error:

 Debug: /Schedule[weekly]: Skipping device resources because running on a 
 host
 Debug: /Schedule[puppet]: Skipping device resources because running on a 
 host
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective.conf in /etc/init.d*
 *Debug: Service[pe-mcollective](provider=upstart): Could not find 
 pe-mcollective in /etc/init*
 Debug: Executing '/etc/init.d/pe-mcollective status'
 Debug: Executing '/etc/init.d/pe-mcollective start'
 Notice: 
 /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure 
 changed 'stopped' to 'running'
 Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The 
 container Class[Pe_mcollective::Server] will propagate my refresh event
 Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: 
 Unscheduling refresh on Service[pe-mcollective]
 Debug: Class[Pe_mcollective::Server]: The container Stage[main] will 
 propagate my refresh event
 Debug: Executing '/usr/bin/apt-cache policy php5-dev'
 Debug: Class[Lamp]: The container Stage[main] will propagate my refresh 
 event
 Debug: Finishing transaction 87463220
 Debug: Storing state
 Debug: Stored state in 0.05 seconds
 Notice: Finished catalog run in 15.14 seconds
 Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson


 Stderr from the command:

 stdin: is not a tty
 Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution 
 of '/sbin/status apache2' returned 1: status: Unknown job: apache2


 Here's my /etc/init.d on puppetmaster and on agent node
 -rwxr-xr.x root root  pe-mcollective 
 service pe-mcollective statusrunning

 but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i 
 dont have any .conf on /etc/init.dis a bug on pe-installer that 
 pe-mcollective service is on /etc/init.d and not on /etc/init?





-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Changes to issue tracking for Puppet projects

2013-10-28 Thread Eric Sorenson


On Thursday, October 24, 2013 2:32:11 PM UTC-7, Daniele Sluijters wrote:

 Hey Eric,

 I was curious if you could elaborate a bit more on the choice of JIRA. I'm 
 currently in the exact opposite spot, migrating away from JIRA to Redmine.


Heh! No system's perfect, I guess. We're moving company-wide to JIRA for a 
bunch of reasons, but the top three are 
- the integration with other Atlassian products like greenhopper and 
confluence
- workflow that makes sense for dev teams, not just bug reporting
- its planning/reporting capabilities

The internal-facing/commercial teams are already using jira exclusively and 
its working out really well. The platform team are now in split-brain mode 
maintaining both redmine and jira for every issue so it's a bit 
crazy-making. 


Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 
puppet platform // coffee // techno // bicycles 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d56a33c7-7ae2-4e78-8a4b-fbaecfeec0f9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] User and group issues

2013-10-28 Thread Puppet List
Hello
You have both users with the gid 'testgroup'. I think you mean group
'testgroup'.
I think its common/best practice for each user's gid to be uniq and named
the same as the user
Neil
On 28 Oct 2013 16:18, boxr...@gmail.com wrote:

 I am currently in the process of cleaning up some of my puppet config
 files in particular some user and some virtual templates:

 I get the following error:

 *err: Could not retrieve catalog from remote server: Error 400 on
 SERVER: Duplicate definition: Group[testgroup] is already defined in file
 /etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at
 /etc/puppet/manifests/templates/accounts.pp:22 on node
 puppettest.test.internal*

 If I remove

 My files:

 *users.pp*

 *class users *
 *{*
 * @accounts::virtual
 *
 * { *
 * 'test.user':*
 * realname=  'testusername',*
 * pass=  'testpass',*
 * gid = testgroup,*
 * }
 *
 * *
 * @accounts::virtual *
 * { *
 * 'test.user2':*
 * realname=  'testuser2name',*
 * pass=  'testpass',*
 * gid = testgroup2,*
 * }
 *
 * *
 * @accounts::virtual *
 * { *
 * 'test.user3':*
 * realname=  'testuser3name',*
 * pass  =  'testpass',*
 * gid  = testgroup,*
 * }*

 *accounts.pp*
 *
 *
 *define accounts::virtual ($realname,$pass,$gid,$sshkey=) *
 *{ *
 * user *
 * { *
 * $title:*
 * ensure=  present,*
 * comment   =  ${realname} ${gid} User,*
 * gid   =  $title,*
 * shell =  '/bin/bash',*
 * require   =  Group[$gid],*
 * home  =  /home/${title},*
 * managehome=  true,*
 * password  =  $pass,*
 * }*
 * *
 * group *
 * { *
 * $gid:*
 * ensure = present,*
 * }*
 * *
 * file *
 * { *
 * /home/${title}:*
 * ensure=  directory,*
 * owner =  $title,*
 * group =  $gid,*
 * mode  =  0700,*
 * require   =  [ User[$title], Group[$gid] ],*
 * }*
 * *
 * # If we have an SSH key present then insert it onto the user*
 * if ( $sshkey !=  ) *
 * {*
 * ssh_authorized_key *
 * { *
 * $title:*
 * ensure  =  present,*
 * type=  ssh-rsa,*
 * key =  $sshkey,*
 * user=  $title,*
 * require =  User[$title],*
 * name=  $title,*
 * }*
 * }*
 * *
 * # If there is no key specified, make sure this value is blank *
 * if ( $sshkey ==  ) *
 * {*
 * ssh_authorized_key *
 * { *
 * $title:*
 * ensure  =  absent,*
 * user=  $title,*
 * require =  User[$title],*
 * }*
 * }*
 *}*

 then inside *site.pp*
 *
 *
 *include users*
 *realize (Accounts::Virtual['test.user','test.user2','test.user3'])*
 *
 *
 If I remove test.user3 it all works fine, so this is something related to
 the group being declared or what puppet thinks is declared twice because of
 the way I have created a virtual class. Is there any obvious solutions to
 this besides absolutely declaring each user individually?


  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To post to this group, send email to puppet-users@googlegroups.com.
 Visit this group at http://groups.google.com/group/puppet-users.
 For more options, visit https://groups.google.com/groups/opt_out.


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAohVBc8L4OAnY%3DYTHVYZ5W%3DkcUtN55ATt_d%3DZYAKad4_--PCg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Managing conflicting forge dependencies

2013-10-28 Thread Andrei-Florian Staicu
Yes, that dependency is solved with the puppetdb module upgrade to 3.0
Unfortunately, there are other interesting modules that still depend on
ripienaar, such as example42/sudo.
I guess I'll just have to wait for updates.

Thanks for your time.

On an unrelated issue (and since I'm still starting with modules), would
this list be a good place to present a new module for review?



On Mon, Oct 28, 2013 at 6:42 PM, Garrett Honeycutt
g...@garretthoneycutt.comwrote:


 On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote:

 Hi all,

 How do you manage different forge modules that require conflicting
 versions for the same module?
 The most common example is ripienaar/concat vs puppetlabs/concat:
 puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires
 ripienaar/concat
 puppetlabs/apache requires puppetlabs/concat

 Thanks.


 Looks like you a hit that issue while they were transitioning from
 ripienaar to puppetlabs. The postgresql module now correctly refers to the
 new puppetlabs/concat module[1].

 As for managing modules that require conflicting versions for
 dependencies, there is not an easy solution; you have to resolve the
 dependencies. This usually entails upgrading something.

 For the specific issue you had above, I believe that would have been
 caught by librarian-puppet, since it does dependency checking, though it
 should have just worked if you used librarian-puppet-simple[2].

 [1] -
 https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13
 [2] - https://github.com/bodepd/librarian-puppet-simple

 Cheers,
 -g




-- 
Beware of programmers who carry screwdrivers!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANK4U2o1trzeh6vQ1etOoM0FqKwEvcpEVoKFMSUSNMdFH10%2B-A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Puppet master does not start

2013-10-28 Thread josec . raya
I've tried to start puppet master but I'm getting next error traces:

# /usr/sbin/puppetmasterd start --trace
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:132:in `convert_xid'
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:89:in `change_group'
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:80:in 
`change_privileges'
/usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:728:in `writesub'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:758:in `readwritelock'
/usr/lib/ruby/site_ruby/1.8/puppet/external/lock.rb:34:in `lock_exclusive'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:751:in `readwritelock'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `open'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `readwritelock'
/usr/lib/ruby/1.8/sync.rb:230:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:749:in `readwritelock'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:205:in 
`next_serial'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:273:in 
`sign'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:153:in 
`generate_ca_certificate'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:242:in 
`setup'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:166:in 
`initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in 
`init_singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value'
/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value'
/usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance'
/usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:62:in 
`instance'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:154:in `setup_ssl'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:171:in `setup'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run'
/usr/sbin/puppetmasterd:4
Could not prepare for execution: Invalid group: 0

Ruby version is 1.8.7 and Puppet version is 3.3.1. Could someone give me 
any clue of what is happenning?

Thanks in advance,
regards

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5c437df1-015b-497d-ab15-6f80169dff2e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Re: Puppet master does not start

2013-10-28 Thread josec . raya
I realize that I had installed 2.6 version of puppet instead 3.3.1. It has 
been solved, I update previous version to 3.3.1. I;m still having same 
problem with new version. I paste here all details:

puppet.conf

[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet

# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet

# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl

server=test.example.com

[master]
certname=test.example.com


# id
uid=0(root) gid=0(root) groups=0(root),503(puppet)


# ls -l /etc/puppet/
total 24
-rw-r--r-- 1 root root 4133 Oct  7 18:03 auth.conf
-rw-r--r-- 1 root root 1462 Oct  7 18:00 fileserver.conf
drwxr-xr-x 2 root root 4096 Oct  7 18:03 manifests
drwxr-xr-x 2 root root 4096 Oct  7 18:03 modules
-rw-r--r-- 1 root root  453 Oct 28 22:27 puppet.conf


# ls -l /var/lib/puppet/
total 52
drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 bucket
drwxr-x--- 2 root   root   4096 Oct 28 19:30 clientbucket
drwxr-x--- 2 root   root   4096 Oct 28 19:30 client_data
drwxr-x--- 2 root   root   4096 Oct 28 19:30 client_yaml
drwxr-xr-x 2 root   root   4096 Oct 28 19:03 facts
drwxr-xr-x 2 root   root   4096 Oct 28 19:03 lib
drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 reports
drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 rrd
drwx-- 2 root   root   4096 Oct 28 19:12 run
drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 server_data
drwxrwx--x 8 puppet root   4096 Oct 28 19:03 ssl
drwxr-xr-t 3 root   root   4096 Oct 28 19:30 state
drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 yaml

# /etc/init.d/puppetmaster start
Starting puppetmaster: [FAILED]


Message in /var/log/messages file:
Oct 28 22:29:27 rhel6-64 puppet-master[5855]: Could not prepare for 
execution: Invalid group: 0







-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/35da2a50-5062-4856-a2b6-3aafea7f7577%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] Re: Puppet master does not start

2013-10-28 Thread Sean Crosby
On 29 October 2013 09:31,  josec.r...@gmail.com wrote:
 # id
 uid=0(root) gid=0(root) groups=0(root),503(puppet)


Why have you added the root user to the group puppet? puppetmaster
normally runs using the puppet user in the puppet group.

What groups is your 'puppet' user part of?

Here's mine:

# id puppet
uid=52(puppet) gid=52(puppet) groups=52(puppet)

Sean

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CADg9O%2BOhq7ZGOLrKPN4D1VoUNL354U4F82XMyxOjigg888nDRw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.


Re: [Puppet Users] Help with scaling puppetdb/postgres

2013-10-28 Thread David Mesler
I reconfigured postgres based on the recommendations from pgtune and your 
document. I still had a lot of agent timeouts and eventually after running 
overnight the command queue on the puppetdb server was over 4000. Maybe I 
need a box with traditional RAID and a lot of spindles instead of the SSD. 
Or maybe I need a cluster of postgres servers (if that's possible), I don't 
know. The puppetdb docs said a laptop with a consumer grade SSD was enough 
for 5000 virtual nodes so I was optimistic this would be a simple setup. Oh 
well. 

On Thursday, October 24, 2013 1:02:55 PM UTC-4, Ken Barber wrote:

 pgtune is probably a good place to start: 
 https://github.com/gregs1104/pgtune ... available as an rpm/deb on the 
 more popular distros I believe. 

 Also, this is probably very premature, but I have a draft doc with 
 notes for how to tune your DB for PuppetDB: 


 https://docs.google.com/document/d/1hpFbh2q0WmxAvwfWRlurdaEF70fLc6oZtdktsCq2UFU/edit?usp=sharing
  

 Use at your own risk, as it hasn't been completely vetted. Happy to 
 get any feedback on this, as I plan on making this part of our 
 endorsed documentation. 

 Also ... there is an index that lately has been causing people 
 problems 'idx_catalog_resources_tags_gin'. You might want to try 
 dropping it to see if it improves performances (thanks to Erik Dalen 
 and his colleagues for that one): 

 DROP INDEX idx_catalog_resources_tags_gin; 

 It is easily restored if it doesn't help ... but may take some time to 
 build: 

 CREATE INDEX idx_catalog_resources_tags_gin 
   ON catalog_resources 
   USING gin 
   (tags COLLATE pg_catalog.default); 

 ken. 

 On Thu, Oct 24, 2013 at 4:55 PM, David Mesler 
 david@gmail.comjavascript: 
 wrote: 
  Hello, I'm currently trying to deploy puppetdb to my environment but I'm 
  having difficulties and am unsure on how to proceed. 
  I have 1300+ nodes checking in at 15 minute intervals (3.7 million 
 resources 
  in the population). The load is spread across 6 puppet masters. I 
  requisitioned what I thought would be a powerful enough machine for the 
  puppetdb/postgres server. A machine with 128GB of RAM, 16 physical cpu 
  cores, and a 500GB ssd for the database. I can point one or two of my 
 puppet 
  masters at puppetdb with reasonable enough performance, but anymore and 
  commands start stacking up in the puppetdb command queue and agents 
 start 
  timing out. (Actually, even with just one puppet master using puppetdb I 
  still have occasional agent timeouts.) Is one postgres server not going 
 to 
  cut it? Do I need to look into clustering? I'm sure some of you must run 
  puppetdb in larger environments than this, any tips? 
  
  -- 
  You received this message because you are subscribed to the Google 
 Groups 
  Puppet Users group. 
  To unsubscribe from this group and stop receiving emails from it, send 
 an 
  email to puppet-users...@googlegroups.com javascript:. 
  To post to this group, send email to 
  puppet...@googlegroups.comjavascript:. 

  Visit this group at http://groups.google.com/group/puppet-users. 
  For more options, visit https://groups.google.com/groups/opt_out. 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/32aeae93-6636-4f30-83a4-69036374b8fe%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


[Puppet Users] Issues referencing a class from another module

2013-10-28 Thread Daniel Sage
Hi all,

I'm currently experiencing an issue where a module cannot reference a class 
from another module.

Currently, I've got two modules, workstation and nfs and I'm attempting to 
use a class from the nfs module inside the workstation module, like so:

Workstation module:

class acme_inc::workstation {

# ensure the local acme user exists
user { acme:
ensure  = present,
uid = '1234',
gid = 'acme',
shell   = '/bin/bash',
home= '/home/$user_name',
managehome = true,
}

... SNIP ...

# install and set up the nfs client
class {'nfs':
  class = client,
  domain = acme.example.com,
}
}

NFS Module:

class nfs ($class = 'client', $domain = '') {

   # install the class specific packages
if $class == 'client' {

# install client NFS packages
package { 'nfs-common':
ensure = installed,
}

} else {

# install server NFS packages
package { 'nfs-kernel-server':
ensure = installed,
}
}

# make sure that idmapd is running
service { 'idmapd':
name  = $service_name,
ensure= running,
enable= true,
subscribe = File['idmapd.conf'],
}

# generate and send the config file
file { 'idmapd.conf':
path= '/etc/idmapd.conf',
ensure  = file,
require = Package['nfs-common'],
content = template(nfs/idmapd.conf.erb),
}
}

Is what I intend to do something supported by puppet? or do I have to load 
the NFS module in the site manifest? Because my end goal is to create a 
module for each of my clients, where each module can then load say 
nginx::vhost to build that clients nginx virtual host.

That way my server entry in site.pp is just:

node 'server.example.com' {

class {'ntp':
  servers = [ 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, ],
}

include client1
include client2

}

Again, is this possible in puppet, or do I have to scrap this idea and 
simply include all the client stuff inside the node definition?

Any advise would be appreciated.

Regards,
Daniel Sage

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cbdbfb44-643f-4eb4-bb73-f4db8c03c6c1%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.