[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:
tl;dr: Windows manages permissions in a way that doesn't always translate
well to mode. We're putting together a solution for this. Jump in the
discussion.
I wanted to get this conversation started. We've put a lot of thought into
how the model should look and focused on ease of use up to more advanced
scenarios.
However I don't feel that what we have is complete. If you are familiar
with Windows, we'd love to get your feedback. If you are not familiar with
Windows, we'd still love to get your feedback.
A couple of notes to start it off:
1. This is currently planned to be a module on the forge.
2. We have some changes to make to core puppet to better enable handing
windows permissions (changes around how mode is applied on Windows now when
not explicitly specified).
IMHO it should be possible to leave out mode (especially when ones declare
an acl instead) - and puppet should NOT care about mode (as in shouldn't
try to set it as it does not, and breaks windows permissions).
3. We tried to map somewhat close to the way Windows ACLs/DACLs/ACEs work.
4. We've also attempted to leave room for future expansion or application
on POSIX systems. Note: this is not a primary goal, so unless there is a
design consideration on the model, it's probably not something we will
approach with this current effort.
acl should most definetely be applicable for any unix filesystem mounted
with ACL support :)
The format could look something like the following:
acl { 'c:/windows/temp/tempfile.txt':
ensure = present,
permissions = {
'Administrators' = ['full']
'bob' = ['mwrx'],
'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'],
'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only']
},
}
acl { 'c:/windows/temp/locked_dir':
ensure = exact,
That one throws me.. ensure exact? I would expect 'exact' to be the same as
'present' (which in thise case is kinda odd wording- but so is exact.. who
would want puppet to almost ensure something?
permissions = {
'Administrators' = ['full']
},
}
Before you have an opportunity to look at the proposal and comment on
specifics, how self-documenting is the above model? What would you add or
remove?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Managing conflicting forge dependencies
Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet agent not running automatically
Hi Michael, puppetd daemon run in background when we configure to run automatically. It does not send the output of catalog running to standard output terminal. runinterval =1800 This specify that on your puppet client manifests catalog is deploye after every 30 minutes(1800 Second). Refer http://docs.puppetlabs.com/references/latest/configuration.html#runinterval Try enabling the runlevel of puppet service # chkconfig puppet --list Hope this will help. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet agent not running automatically
Hi Michael, puppetd daemon run in background when we configure to run automatically. It does not send the output of catalog running to standard output terminal. runinterval =1800 This specify that on your puppet client manifests catalog is deploye after every 30 minutes(1800 Second). Refer http://docs.puppetlabs.com/references/latest/configuration.html#runinterval Try enabling the runlevel of puppet service ON # chkconfig puppet on Hope this will help. Thanks and Regards, Rahul Khengare, NTT DATA OSS Center, Pune, India. On Friday, October 25, 2013 9:32:57 PM UTC+5:30, Michael Buckner wrote: The puppet agent is already running, it just never actually checks in with the puppetmaster unless I manually run puppet agent -t Puppet was install automatically via the foreman-installer. Here are the contents of [agent] in puppet.conf: [agent] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig # Disable the default schedules as they cause continual skipped # resources to be displayed in Foreman - only for Puppet = 3.4 default_schedules = false report = true pluginsync = true masterport = 8140 environment = production certname= puppet.mycompany.com server = puppet.mycompany.com listen = false splay = false runinterval = 1800 noop= false show_diff = false On Friday, October 25, 2013 11:55:31 AM UTC-4, puppetstan wrote: Hi, When you doing /etc/init.d/puppet start it s not good? regards Le vendredi 25 octobre 2013 16:47:15 UTC+2, Michael Buckner a écrit : Brand new install or Foreman/Puppet. Puppet agent runs fine manually but does not run automatically. Any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Using puppetlabs_spec_helper on Windows 7
I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my
Puppet modules.
Is this supported ? Because I encountered some problems:
1. symlinks were not created on Windows 7 (even if the functionnality
are availabe). To manage that I added to rake_tasks.rb an ugly function:
def make_link(source,target)
ruby_platform = RbConfig::CONFIG['host_os']
if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then
#Windows Stuff
source_win=source.tr(/,\\)
target_win=target.tr(/,\\)
`call mklink /D #{target_win} #{source_win}`
elsif RUBY_PLATFORM =~ /linux/ then
FileUtils::ln_s(source, target)
end
end
2. undefined method `fetch' for nil:NilClass:
Failure/Error: Unable to find matching line from backtrace
NoMethodError:
undefined method `fetch' for nil:NilClass
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in
after_each_test'
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each'
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `after_each_test'
3. I use the concat module. And when running rake test, I got:
Failure/Error: should contain_package('nfs-utils')
Puppet::Error:
$concat_basedir not defined. Try running again with
pluginsync=true on the [master] section of your node's
'/etc/puppet/puppet.conf'.
Is it a lost cause ? Or someone succeeded to test puppet modules on Windows
?
Thank you for your help !
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Using puppetlabs_spec_helper on Windows 7
I do have the same error on linux.
It has something tot do with the concat module.
If you write a rspec file for a class not using the concat module, it
should work.
Unfortunately, i do not have a solution for our problem.
Grts
Jo
On 10/28/2013 11:44 AM, Matthieu Nantern wrote:
I'm trying to make puppetlabs_spec_helper runs on Windows 7 to test my
Puppet modules.
Is this supported ? Because I encountered some problems:
1. symlinks were not created on Windows 7 (even if the functionnality
are availabe). To manage that I added to rake_tasks.rb an ugly
function:
def make_link(source,target)
ruby_platform = RbConfig::CONFIG['host_os']
if RUBY_PLATFORM =~ /mswin|mingw|cygwin/ then
#Windows Stuff
source_win=source.tr(/,\\)
target_win=target.tr(/,\\)
`call mklink /D #{target_win} #{source_win}`
elsif RUBY_PLATFORM =~ /linux/ then
FileUtils::ln_s(source, target)
end
end
2. undefined method `fetch' for nil:NilClass:
Failure/Error: Unable to find matching line from backtrace
NoMethodError:
undefined method `fetch' for nil:NilClass
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:107:in `block in
after_each_test'
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in `each'
# C:/Program Files/Puppet
Labs/Puppet/puppet/lib/puppet/test/test_helper.rb:106:in
`after_each_test'
3. I use the concat module. And when running rake test, I got:
Failure/Error: should contain_package('nfs-utils')
Puppet::Error:
$concat_basedir not defined. Try running again with
pluginsync=true on the [master] section of your node's
'/etc/puppet/puppet.conf'.
Is it a lost cause ? Or someone succeeded to test puppet modules on
Windows ?
Thank you for your help !
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Johan De Wit
Open Source Consultant
Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP006)
_
Open-Future Phone +32 (0)2/255 70 70
Zavelstraat 72 Fax +32 (0)2/255 70 71
3071 KORTENBERG Mobile+32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_
Next Events:
Puppet Advanced Training |
https://www.open-future.be/puppet-advanced-training-12-till-14th-november
Zabbix Certified Training |
http://www.open-future.be/zabbix-certified-training-18-till-20th-november
Zabbix Large Environments Training |
http://www.open-future.be/zabbix-large-environments-training-21-till-22nd-november
Puppet Fundamentals Training |
http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december
Subscribe to our newsletter | http://eepurl.com/BUG8H
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ENC - how to get info about the node
Steven, Can you be a little more specific about what you're trying to do? Normally, you'd set that department variable in the ENC itself. Puppet calls the ENC script (node_terminus) with the certificate name (or is it the FQDN? I never remember, since they're both the same for me) of the node that is requesting a catalog. Any additional information that the ENC needs, it needs to get on its own. In the past I've always followed the paradigm of a person manually inputting data into the ENC via CLI script or Web UI - usually some combination of classes, parameters and groups (templating containers holding one or more classes, parameters, or other groups, and applied to multiple nodes). However I don't see a reason other than time/performance why the ENC couldn't also lookup information from facts (via PuppetDB or some other method), Hiera, or other external data sources. -jantman On 10/27/2013 08:34 AM, Steven Jonthen wrote: Hi guys, It is only allowed to pass one parameter to your own ENC-Class in Puppet. But how can I set a department variable for each node and use it in my ENC-Script? Has anyone a clue how to do it? Thank's in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet 3.3.1: custom function change requires restart of puppetmaster
On Saturday, October 26, 2013 5:47:07 AM UTC-5, Sergey Arlashin wrote: Hi! I've spent quite a while before I understood that for Puppet to see changes in custom functions' code Puppetmaster needs to be restarted. Is this a normal behaviour or may be it's a bug ? It is normal behavior, arising in part from the behavior of the underlying Ruby. I am uncertain whether there is any reasonable possibility of Puppet behavior differently than it does in this regard, but at minimum it would be a significant challenge. You should feel free to file a feature request if you are inclined to do so, however, or if there is an existing one then to vote it up. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote:
Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:
[...]
The format could look something like the following:
acl { 'c:/windows/temp/tempfile.txt':
ensure = present,
permissions = {
'Administrators' = ['full']
'bob' = ['mwrx'],
'SomeDomain\Lisa' = [x1000,'allow','inherit','one_level'],
'S-5-1-18' = ['wrx','deny','inherit_objects_only','inherit_only']
},
}
acl { 'c:/windows/temp/locked_dir':
ensure = exact,
That one throws me.. ensure exact? I would expect 'exact' to be the same
as 'present' (which in thise case is kinda odd wording- but so is exact..
who would want puppet to almost ensure something?
I think Klavs has an excellent point there. After some consideration, I
think I understand what 'exact' is supposed to mean -- that the ACL should
contain the specified entries *and no others* -- but the perceived need for
such a thing suggests that the proposed model is too high level. Instead
of wrapping everything up into a single Acl resource type, I think you need
a resource type for individual ACEs. That would also allow you to ensure
some specific entries present in and some others absent from the same ACL,
without requiring that all wanted entries be enumerated. A model inspired
by the Concat module might be suitable.
Note too that in the Puppet universe, a parameter or value indicating that
unmanaged resources should be removed is conventionally spelled purge or
purged.
Additionally, although POSIX ACEs are unordered, it is my understanding
that the order of ACEs within a Windows ACL is significant. If that is
indeed correct then I don't see how the proposed model accounts for it.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet master upgrade from 2.7 to 3.0 certificate issues
I've gone through the upgrade check list for puppet at this URL: http://docs.puppetlabs.com/guides/upgrading.html I first tries 2.7 - 3.3.x but that had the same issue as below and I decided that maybe the jump was too big and I should go from 2.7 - 3.0.x - 3.2.x - 3.3.x But I'm getting some weird behavior with my certs even when I go from 2.7.20 - 3.0.3 After upgrading the puppet-server package using yum all of my puppet agents get this error whether I remove the certs or not. Exiting; no certificate found and waitforcert is disabled I autosign our certs with the autosign.conf file and this works if I go nack to 2.7.20. I clean out the client certs with 'rm -rf /var/lib/puppet/ssl' Here are my specs: RHEL 6.3 puppet - 3.0.2-1 puppet-server - 3.0.2-1 puppetdb - 1.5.2-1 passender - see below [root@puppet puppet]# gem list daemon_controller (1.1.1) fastthread (1.0.7) json (1.5.5) passenger (4.0.21) rack (1.5.2) rake (10.0.3) PS. If I run the agent standalone using puppet apply everything works just fine. Or if I downgrade my puppet master back to 2.7.20 it also works well. Please let me know if anymore info or config files are needed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet dashboard blank stylesheet
Hi, I'm trying to switch my working puppet-dashboard installation over from the test server that it comes with to an Apache/Passenger setup. Puppet seems to be humming along just fine under this setup, but dashboard is unhappy. The web interface comes up with no style. I've taken a look with Safari's developer windows at what it thinks is going on and I'm seeing an all.cis that is coming up empty. And yet the transfer logs show a sizable all.css being transferred, and if I grab all.css directly I end up with content. I do see that there's a bug (8121) on something like this, but as far as I can tell, my version of puppet-dashboard (xxx) is greater than the version where that bug is fixed. It seems likely that something has gone miss in the whole Apache-Passenger-Rails relationship, but I don't know enough about this to figure out how to debug it. Any ideas? The server is Centos6 Apache is 2.2.15 Puppet is 3.2.4 Puppet-dashboard is 1.2.23 Ruby is 1.8.7 Passenger is 4.0.19 Thanks in advance, tom -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Here's the log: I, [2013-10-28T16:30:07.990102 #1332] INFO -- : activemq.rb:121:in `on_ssl_connecting' Estblishing SSL session with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:07.990465 #1332] INFO -- : activemq.rb:96:in `on_connecting' TCP Connection attempt 11 to stomp+ssl://mcollective@sisop-virtualbox:61613 E, [2013-10-28T16:30:07.996130 #1332] ERROR -- : activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@sisop-virtualbox:61613 failed: Co$ I, [2013-10-28T16:30:07.996368 #1332] INFO -- : activemq.rb:111:in `on_connectfail' TCP Connection to stomp+ssl://mcollective@sisop-virtualbox:61613 failed on attempt 11 I, [2013-10-28T16:30:28.483057 #1332] INFO -- : activemq.rb:121:in `on_ssl_connecting' Estblishing SSL session with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:28.483657 #1332] INFO -- : activemq.rb:96:in `on_connecting' TCP Connection attempt 12 to stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:29.645117 #1332] INFO -- : activemq.rb:126:in `on_ssl_connected' SSL session established with stomp+ssl://mcollective@sisop-virtualbox:61613 I, [2013-10-28T16:30:29.839742 #1332] INFO -- : activemq.rb:101:in `on_connected' Conncted to stomp+ssl://mcollective@sisop-virtualbox:61613 Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] User and group issues
I am currently in the process of cleaning up some of my puppet config files
in particular some user and some virtual templates:
I get the following error:
*err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate definition: Group[testgroup] is already defined in file
/etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at
/etc/puppet/manifests/templates/accounts.pp:22 on node
puppettest.test.internal*
If I remove
My files:
*users.pp*
*class users *
*{*
* @accounts::virtual
*
* { *
* 'test.user':*
* realname= 'testusername',*
* pass= 'testpass',*
* gid = testgroup,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user2':*
* realname= 'testuser2name',*
* pass= 'testpass',*
* gid = testgroup2,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user3':*
* realname= 'testuser3name',*
* pass = 'testpass',*
* gid = testgroup,*
* }*
*accounts.pp*
*
*
*define accounts::virtual ($realname,$pass,$gid,$sshkey=) *
*{ *
* user *
* { *
* $title:*
* ensure= present,*
* comment = ${realname} ${gid} User,*
* gid = $title,*
* shell = '/bin/bash',*
* require = Group[$gid],*
* home = /home/${title},*
* managehome= true,*
* password = $pass,*
* }*
* *
* group *
* { *
* $gid:*
* ensure = present,*
* }*
* *
* file *
* { *
* /home/${title}:*
* ensure= directory,*
* owner = $title,*
* group = $gid,*
* mode = 0700,*
* require = [ User[$title], Group[$gid] ],*
* }*
* *
* # If we have an SSH key present then insert it onto the user*
* if ( $sshkey != ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure = present,*
* type= ssh-rsa,*
* key = $sshkey,*
* user= $title,*
* require = User[$title],*
* name= $title,*
* }*
* }*
* *
* # If there is no key specified, make sure this value is blank *
* if ( $sshkey == ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure = absent,*
* user= $title,*
* require = User[$title],*
* }*
* }*
*}*
then inside *site.pp*
*
*
*include users*
*realize (Accounts::Virtual['test.user','test.user2','test.user3'])*
*
*
If I remove test.user3 it all works fine, so this is something related to
the group being declared or what puppet thinks is declared twice because of
the way I have created a virtual class. Is there any obvious solutions to
this besides absolutely declaring each user individually?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
fix 1: i syncronized the clocks Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Mon, Oct 28, 2013 at 2:55 AM, Klavs Klavsen kl...@enableit.dk wrote: Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds: tl;dr: Windows manages permissions in a way that doesn't always translate well to mode. We're putting together a solution for this. Jump in the discussion. I wanted to get this conversation started. We've put a lot of thought into how the model should look and focused on ease of use up to more advanced scenarios. However I don't feel that what we have is complete. If you are familiar with Windows, we'd love to get your feedback. If you are not familiar with Windows, we'd still love to get your feedback. A couple of notes to start it off: 1. This is currently planned to be a module on the forge. 2. We have some changes to make to core puppet to better enable handing windows permissions (changes around how mode is applied on Windows now when not explicitly specified). IMHO it should be possible to leave out mode (especially when ones declare an acl instead) - and puppet should NOT care about mode (as in shouldn't try to set it as it does not, and breaks windows permissions). Yes, this is what I was referring to. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Why there is a need for the architecture fact when it is only using hardwaremodel fact?
Got it, thank you very much On Friday, October 25, 2013 2:45:31 PM UTC-4, Daniele Sluijters wrote: Hi, It doesn't only use hardwaremodel fact: https://github.com/puppetlabs/facter/blob/master/lib/facter/architecture.rb#L6:L10 # Resolution: # On non-AIX IBM, OpenBSD, Linux and Debian's kfreebsd, use the hardwaremodel fact. # On AIX get the arch value from lsattr -El proc0 -a type # Gentoo and Debian call x86_86 amd64. # Gentoo also calls i386 x86. -- Daniele Sluijters On Thursday, 24 October 2013 16:49:57 UTC+2, beyonddc...@gmail.com wrote: Hi all, hopefully this is a quick question. I would like to know why there is a need for the architecture fact when it is only using hardwaremodel fact? Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Managing conflicting forge dependencies
On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote: Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. Looks like you a hit that issue while they were transitioning from ripienaar to puppetlabs. The postgresql module now correctly refers to the new puppetlabs/concat module[1]. As for managing modules that require conflicting versions for dependencies, there is not an easy solution; you have to resolve the dependencies. This usually entails upgrading something. For the specific issue you had above, I believe that would have been caught by librarian-puppet, since it does dependency checking, though it should have just worked if you used librarian-puppet-simple[2]. [1] - https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13 [2] - https://github.com/bodepd/librarian-puppet-simple Cheers, -g -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] inline_template private method `gets' called for false:FalseClass
Hi,
I am new to Ruby ERB and inline_template. Can anyone spot what's wrong
with this inline_template?
$moddedContent = inline_template(%= puts gets(nil).gsub(/one
two three/,\\) /tmp/blah %)
exec {
/bin/echo '${moddedContent}' /tmp/blah :
}
When I try to apply it, I got the following error.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Failed to parse inline template: private method `gets' called for
false:FalseClass at foo.pp:33 on node testnode
Thanks!
David
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet and Windows ACLs (Access Control Lists)
On Mon, Oct 28, 2013 at 8:42 AM, jcbollinger john.bollin...@stjude.orgwrote:
On Monday, October 28, 2013 2:55:32 AM UTC-5, Klavs Klavsen wrote:
Den fredag den 25. oktober 2013 22.10.40 UTC+2 skrev Rob Reynolds:
[...]
The format could look something like the following:
acl { 'c:/windows/temp/tempfile.txt'**:
ensure = present,
permissions = {
'Administrators' = ['full']
'bob' = ['mwrx'],
'SomeDomain\Lisa' = [x1000,'allow','inherit','**one_level'],
'S-5-1-18' = ['wrx','deny','inherit_**objects_only','inherit_only']
},
}
acl { 'c:/windows/temp/locked_dir':
ensure = exact,
That one throws me.. ensure exact? I would expect 'exact' to be the same
as 'present' (which in thise case is kinda odd wording- but so is exact..
who would want puppet to almost ensure something?
I think Klavs has an excellent point there. After some consideration, I
think I understand what 'exact' is supposed to mean -- that the ACL should
contain the specified entries *and no others* -- but the perceived need
for such a thing suggests that the proposed model is too high level.
Instead of wrapping everything up into a single Acl resource type, I think
you need a resource type for individual ACEs. That would also allow you to
ensure some specific entries present in and some others absent from the
same ACL, without requiring that all wanted entries be enumerated. A model
inspired by the Concat module might be suitable.
Yes, this is indeed the area I was talking about that is needing more
discussion.
Splitting to a resource type for individual ACEs might be beneficial, but
it also might be too verbose. For an absent ACE, I was considering `'bob'
= []`.
The actual idea on ensure present versus exact (versus the other values)
and Windows is that there are some inherited ACEs. When you specify
permissions, you are specifying explicit ACEs and not inherited ACEs.
Would you always want to specify 'SYSTEM' and 'Administrators' in every acl
or would that get old having to specify for items that are already going to
be inherited? Are there other permissions that may already be there that
you don't want to manage? That's really where the difference between
present and exact came about. In a way of saying, I want to manage this
particular set of permissions, plus any that are already inherited (idea of
present).
If you don't want to have inherited permissions on a particular ACL, that's
where exact would come in.
Note too that in the Puppet universe, a parameter or value indicating that
unmanaged resources should be removed is conventionally spelled purge or
purged.
I think I understand, but let me see if I have this correctly:
acl { 'c:/windows/temp/locked_dir':
ensure = purge,
permissions = {
'Administrators' = ['full']
},
}
Any value not in the list above would be purged, correct? Unfortunately, I
avoided this convention specifically due to how it self documents. It
appears to be ensuring that the specified permission is removed, even
though those that understand the convention know this is not the case.
Additionally, although POSIX ACEs are unordered, it is my understanding
that the order of ACEs within a Windows ACL is significant. If that is
indeed correct then I don't see how the proposed model accounts for it.
Yes, you are correct. We're talking about this and whether the module
should reorder appropriately for the order in some cases. We've talked
about an array instead of a hash for ACEs.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
Join us at PuppetConf 2014, September 23-24 in San Francisco
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init
issue still exists Il giorno lunedì 28 ottobre 2013 17:31:40 UTC+1, alessandro mazzoli ha scritto: fix 1: i syncronized the clocks Il giorno lunedì 28 ottobre 2013 17:11:27 UTC+1, alessandro mazzoli ha scritto: Hi all, i'm stucked with an error on PE-Mcollective. I have a puppetmaster with PE-Console on it, i have an agent node connected which i want provide to it a module called LAMP, my newbie LAMP module https://github.com/alemazz/lamp.git When i run puppet agent -t on the puppetmaster i dont get any error, and the module will install on it, but when i call puppet agent -t on node agent i get this error: Debug: /Schedule[weekly]: Skipping device resources because running on a host Debug: /Schedule[puppet]: Skipping device resources because running on a host *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective.conf in /etc/init.d* *Debug: Service[pe-mcollective](provider=upstart): Could not find pe-mcollective in /etc/init* Debug: Executing '/etc/init.d/pe-mcollective status' Debug: Executing '/etc/init.d/pe-mcollective start' Notice: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]/ensure: ensure changed 'stopped' to 'running' Debug: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: The container Class[Pe_mcollective::Server] will propagate my refresh event Info: /Stage[main]/Pe_mcollective::Server/Service[pe-mcollective]: Unscheduling refresh on Service[pe-mcollective] Debug: Class[Pe_mcollective::Server]: The container Stage[main] will propagate my refresh event Debug: Executing '/usr/bin/apt-cache policy php5-dev' Debug: Class[Lamp]: The container Stage[main] will propagate my refresh event Debug: Finishing transaction 87463220 Debug: Storing state Debug: Stored state in 0.05 seconds Notice: Finished catalog run in 15.14 seconds Debug: report supports formats: b64_zlib_yaml pson raw yaml; using pson Stderr from the command: stdin: is not a tty Error: /Stage[main]/Lamp/Service[apache2]: Could not evaluate: Execution of '/sbin/status apache2' returned 1: status: Unknown job: apache2 Here's my /etc/init.d on puppetmaster and on agent node -rwxr-xr.x root root pe-mcollective service pe-mcollective statusrunning but on /etc/init i dont have pe-mcollective or pe-mcollective.conf, i dont have any .conf on /etc/init.dis a bug on pe-installer that pe-mcollective service is on /etc/init.d and not on /etc/init? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Changes to issue tracking for Puppet projects
On Thursday, October 24, 2013 2:32:11 PM UTC-7, Daniele Sluijters wrote: Hey Eric, I was curious if you could elaborate a bit more on the choice of JIRA. I'm currently in the exact opposite spot, migrating away from JIRA to Redmine. Heh! No system's perfect, I guess. We're moving company-wide to JIRA for a bunch of reasons, but the top three are - the integration with other Atlassian products like greenhopper and confluence - workflow that makes sense for dev teams, not just bug reporting - its planning/reporting capabilities The internal-facing/commercial teams are already using jira exclusively and its working out really well. The platform team are now in split-brain mode maintaining both redmine and jira for every issue so it's a bit crazy-making. Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 puppet platform // coffee // techno // bicycles -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d56a33c7-7ae2-4e78-8a4b-fbaecfeec0f9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] User and group issues
Hello
You have both users with the gid 'testgroup'. I think you mean group
'testgroup'.
I think its common/best practice for each user's gid to be uniq and named
the same as the user
Neil
On 28 Oct 2013 16:18, boxr...@gmail.com wrote:
I am currently in the process of cleaning up some of my puppet config
files in particular some user and some virtual templates:
I get the following error:
*err: Could not retrieve catalog from remote server: Error 400 on
SERVER: Duplicate definition: Group[testgroup] is already defined in file
/etc/puppet/manifests/templates/accounts.pp at line 22; cannot redefine at
/etc/puppet/manifests/templates/accounts.pp:22 on node
puppettest.test.internal*
If I remove
My files:
*users.pp*
*class users *
*{*
* @accounts::virtual
*
* { *
* 'test.user':*
* realname= 'testusername',*
* pass= 'testpass',*
* gid = testgroup,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user2':*
* realname= 'testuser2name',*
* pass= 'testpass',*
* gid = testgroup2,*
* }
*
* *
* @accounts::virtual *
* { *
* 'test.user3':*
* realname= 'testuser3name',*
* pass = 'testpass',*
* gid = testgroup,*
* }*
*accounts.pp*
*
*
*define accounts::virtual ($realname,$pass,$gid,$sshkey=) *
*{ *
* user *
* { *
* $title:*
* ensure= present,*
* comment = ${realname} ${gid} User,*
* gid = $title,*
* shell = '/bin/bash',*
* require = Group[$gid],*
* home = /home/${title},*
* managehome= true,*
* password = $pass,*
* }*
* *
* group *
* { *
* $gid:*
* ensure = present,*
* }*
* *
* file *
* { *
* /home/${title}:*
* ensure= directory,*
* owner = $title,*
* group = $gid,*
* mode = 0700,*
* require = [ User[$title], Group[$gid] ],*
* }*
* *
* # If we have an SSH key present then insert it onto the user*
* if ( $sshkey != ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure = present,*
* type= ssh-rsa,*
* key = $sshkey,*
* user= $title,*
* require = User[$title],*
* name= $title,*
* }*
* }*
* *
* # If there is no key specified, make sure this value is blank *
* if ( $sshkey == ) *
* {*
* ssh_authorized_key *
* { *
* $title:*
* ensure = absent,*
* user= $title,*
* require = User[$title],*
* }*
* }*
*}*
then inside *site.pp*
*
*
*include users*
*realize (Accounts::Virtual['test.user','test.user2','test.user3'])*
*
*
If I remove test.user3 it all works fine, so this is something related to
the group being declared or what puppet thinks is declared twice because of
the way I have created a virtual class. Is there any obvious solutions to
this besides absolutely declaring each user individually?
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAohVBc8L4OAnY%3DYTHVYZ5W%3DkcUtN55ATt_d%3DZYAKad4_--PCg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Managing conflicting forge dependencies
Yes, that dependency is solved with the puppetdb module upgrade to 3.0 Unfortunately, there are other interesting modules that still depend on ripienaar, such as example42/sudo. I guess I'll just have to wait for updates. Thanks for your time. On an unrelated issue (and since I'm still starting with modules), would this list be a good place to present a new module for review? On Mon, Oct 28, 2013 at 6:42 PM, Garrett Honeycutt g...@garretthoneycutt.comwrote: On Monday, October 28, 2013 9:21:09 AM UTC+1, SAF wrote: Hi all, How do you manage different forge modules that require conflicting versions for the same module? The most common example is ripienaar/concat vs puppetlabs/concat: puppetlabs/puppetdb requires puppetlabs/postgreql 2.x, which requires ripienaar/concat puppetlabs/apache requires puppetlabs/concat Thanks. Looks like you a hit that issue while they were transitioning from ripienaar to puppetlabs. The postgresql module now correctly refers to the new puppetlabs/concat module[1]. As for managing modules that require conflicting versions for dependencies, there is not an easy solution; you have to resolve the dependencies. This usually entails upgrading something. For the specific issue you had above, I believe that would have been caught by librarian-puppet, since it does dependency checking, though it should have just worked if you used librarian-puppet-simple[2]. [1] - https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/Modulefile#L13 [2] - https://github.com/bodepd/librarian-puppet-simple Cheers, -g -- Beware of programmers who carry screwdrivers! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANK4U2o1trzeh6vQ1etOoM0FqKwEvcpEVoKFMSUSNMdFH10%2B-A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet master does not start
I've tried to start puppet master but I'm getting next error traces: # /usr/sbin/puppetmasterd start --trace /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:132:in `convert_xid' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:89:in `change_group' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:80:in `change_privileges' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:728:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:758:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/external/lock.rb:34:in `lock_exclusive' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:751:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `open' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:750:in `readwritelock' /usr/lib/ruby/1.8/sync.rb:230:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:749:in `readwritelock' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:205:in `next_serial' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:273:in `sign' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:153:in `generate_ca_certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:242:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:166:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:48:in `init_singleton_instance' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `send' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:106:in `cached_value' /usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:98:in `cached_value' /usr/lib/ruby/site_ruby/1.8/puppet/util/cacher.rb:48:in `singleton_instance' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:62:in `instance' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:154:in `setup_ssl' /usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:171:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/sbin/puppetmasterd:4 Could not prepare for execution: Invalid group: 0 Ruby version is 1.8.7 and Puppet version is 3.3.1. Could someone give me any clue of what is happenning? Thanks in advance, regards -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5c437df1-015b-497d-ab15-6f80169dff2e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet master does not start
I realize that I had installed 2.6 version of puppet instead 3.3.1. It has been solved, I update previous version to 3.3.1. I;m still having same problem with new version. I paste here all details: puppet.conf [main] # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl server=test.example.com [master] certname=test.example.com # id uid=0(root) gid=0(root) groups=0(root),503(puppet) # ls -l /etc/puppet/ total 24 -rw-r--r-- 1 root root 4133 Oct 7 18:03 auth.conf -rw-r--r-- 1 root root 1462 Oct 7 18:00 fileserver.conf drwxr-xr-x 2 root root 4096 Oct 7 18:03 manifests drwxr-xr-x 2 root root 4096 Oct 7 18:03 modules -rw-r--r-- 1 root root 453 Oct 28 22:27 puppet.conf # ls -l /var/lib/puppet/ total 52 drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 bucket drwxr-x--- 2 root root 4096 Oct 28 19:30 clientbucket drwxr-x--- 2 root root 4096 Oct 28 19:30 client_data drwxr-x--- 2 root root 4096 Oct 28 19:30 client_yaml drwxr-xr-x 2 root root 4096 Oct 28 19:03 facts drwxr-xr-x 2 root root 4096 Oct 28 19:03 lib drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 reports drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 rrd drwx-- 2 root root 4096 Oct 28 19:12 run drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 server_data drwxrwx--x 8 puppet root 4096 Oct 28 19:03 ssl drwxr-xr-t 3 root root 4096 Oct 28 19:30 state drwxr-x--- 2 puppet puppet 4096 Oct 28 19:03 yaml # /etc/init.d/puppetmaster start Starting puppetmaster: [FAILED] Message in /var/log/messages file: Oct 28 22:29:27 rhel6-64 puppet-master[5855]: Could not prepare for execution: Invalid group: 0 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/35da2a50-5062-4856-a2b6-3aafea7f7577%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet master does not start
On 29 October 2013 09:31, josec.r...@gmail.com wrote: # id uid=0(root) gid=0(root) groups=0(root),503(puppet) Why have you added the root user to the group puppet? puppetmaster normally runs using the puppet user in the puppet group. What groups is your 'puppet' user part of? Here's mine: # id puppet uid=52(puppet) gid=52(puppet) groups=52(puppet) Sean -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CADg9O%2BOhq7ZGOLrKPN4D1VoUNL354U4F82XMyxOjigg888nDRw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Help with scaling puppetdb/postgres
I reconfigured postgres based on the recommendations from pgtune and your document. I still had a lot of agent timeouts and eventually after running overnight the command queue on the puppetdb server was over 4000. Maybe I need a box with traditional RAID and a lot of spindles instead of the SSD. Or maybe I need a cluster of postgres servers (if that's possible), I don't know. The puppetdb docs said a laptop with a consumer grade SSD was enough for 5000 virtual nodes so I was optimistic this would be a simple setup. Oh well. On Thursday, October 24, 2013 1:02:55 PM UTC-4, Ken Barber wrote: pgtune is probably a good place to start: https://github.com/gregs1104/pgtune ... available as an rpm/deb on the more popular distros I believe. Also, this is probably very premature, but I have a draft doc with notes for how to tune your DB for PuppetDB: https://docs.google.com/document/d/1hpFbh2q0WmxAvwfWRlurdaEF70fLc6oZtdktsCq2UFU/edit?usp=sharing Use at your own risk, as it hasn't been completely vetted. Happy to get any feedback on this, as I plan on making this part of our endorsed documentation. Also ... there is an index that lately has been causing people problems 'idx_catalog_resources_tags_gin'. You might want to try dropping it to see if it improves performances (thanks to Erik Dalen and his colleagues for that one): DROP INDEX idx_catalog_resources_tags_gin; It is easily restored if it doesn't help ... but may take some time to build: CREATE INDEX idx_catalog_resources_tags_gin ON catalog_resources USING gin (tags COLLATE pg_catalog.default); ken. On Thu, Oct 24, 2013 at 4:55 PM, David Mesler david@gmail.comjavascript: wrote: Hello, I'm currently trying to deploy puppetdb to my environment but I'm having difficulties and am unsure on how to proceed. I have 1300+ nodes checking in at 15 minute intervals (3.7 million resources in the population). The load is spread across 6 puppet masters. I requisitioned what I thought would be a powerful enough machine for the puppetdb/postgres server. A machine with 128GB of RAM, 16 physical cpu cores, and a 500GB ssd for the database. I can point one or two of my puppet masters at puppetdb with reasonable enough performance, but anymore and commands start stacking up in the puppetdb command queue and agents start timing out. (Actually, even with just one puppet master using puppetdb I still have occasional agent timeouts.) Is one postgres server not going to cut it? Do I need to look into clustering? I'm sure some of you must run puppetdb in larger environments than this, any tips? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript:. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/32aeae93-6636-4f30-83a4-69036374b8fe%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Issues referencing a class from another module
Hi all,
I'm currently experiencing an issue where a module cannot reference a class
from another module.
Currently, I've got two modules, workstation and nfs and I'm attempting to
use a class from the nfs module inside the workstation module, like so:
Workstation module:
class acme_inc::workstation {
# ensure the local acme user exists
user { acme:
ensure = present,
uid = '1234',
gid = 'acme',
shell = '/bin/bash',
home= '/home/$user_name',
managehome = true,
}
... SNIP ...
# install and set up the nfs client
class {'nfs':
class = client,
domain = acme.example.com,
}
}
NFS Module:
class nfs ($class = 'client', $domain = '') {
# install the class specific packages
if $class == 'client' {
# install client NFS packages
package { 'nfs-common':
ensure = installed,
}
} else {
# install server NFS packages
package { 'nfs-kernel-server':
ensure = installed,
}
}
# make sure that idmapd is running
service { 'idmapd':
name = $service_name,
ensure= running,
enable= true,
subscribe = File['idmapd.conf'],
}
# generate and send the config file
file { 'idmapd.conf':
path= '/etc/idmapd.conf',
ensure = file,
require = Package['nfs-common'],
content = template(nfs/idmapd.conf.erb),
}
}
Is what I intend to do something supported by puppet? or do I have to load
the NFS module in the site manifest? Because my end goal is to create a
module for each of my clients, where each module can then load say
nginx::vhost to build that clients nginx virtual host.
That way my server entry in site.pp is just:
node 'server.example.com' {
class {'ntp':
servers = [ 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, ],
}
include client1
include client2
}
Again, is this possible in puppet, or do I have to scrap this idea and
simply include all the client stuff inside the node definition?
Any advise would be appreciated.
Regards,
Daniel Sage
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/cbdbfb44-643f-4eb4-bb73-f4db8c03c6c1%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
