Re: [Puppet Users] Help with scaling puppetdb/postgres
Also looking at the reports (Foreman, PuppetDB) might give a clue of what is changing. On Tuesday, October 29, 2013 7:32:54 PM UTC+1, Ryan Senior wrote: 1.5% catalog duplication is really low and from a PuppetDB perspective, means a lot more database I/O. I think that probably explains the problems you are seeing. A more typical duplication percentage would be something over 90%. The next step here is figuring out why the duplication percentage is so low. There's a ticket I'm working on now [1] to help in debugging these kinds of issues with catalogs, but it's not done yet. One option you have now is to query for the current catalog of a node after a few subsequent catalog updates. You can do this using curl and the catalogs API [2]. That API call will give you a JSON representation of the catalog data from PuppetDB for that node. You can then compare the JSON files and see if you maybe have a resource that is changing with each run. If you need help getting that information or want some more help troubleshooting the output, head over to #puppet on IRC [3] and one of the PuppetDB folks can help you out. 1 - https://projects.puppetlabs.com/issues/22977 2 - https://docs.puppetlabs.com/puppetdb/1.5/api/query/v3/catalogs.html 3 - http://projects.puppetlabs.com/projects/1/wiki/Irc_Channel On Tue, Oct 29, 2013 at 11:50 AM, David Mesler david@gmail.comjavascript: wrote: Resource duplication is 98.7%, catalog duplication is 1.5%. On Tuesday, October 29, 2013 9:06:37 AM UTC-4, Ken Barber wrote: Hmm. I reconfigured postgres based on the recommendations from pgtune and your document. I still had a lot of agent timeouts and eventually after running overnight the command queue on the puppetdb server was over 4000. Maybe I need a box with traditional RAID and a lot of spindles instead of the SSD. Or maybe I need a cluster of postgres servers (if that's possible), I don't know. The puppetdb docs said a laptop with a consumer grade SSD was enough for 5000 virtual nodes so I was optimistic this would be a simple setup. Oh well. So the reality is, you are effectively running 5200 nodes in comparison with the vague statement in the docs. This is because you are running every 15 minutes, whereas the statement presumes running every hour. Can we get a look at your dashboard? In particular your catalog and resource duplication rate? ken. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/46312de5-62fb-4844-9ab6-a93a01abfe24%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3fcde527-e51a-4ceb-a126-61b731a3b257%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] RPM Warning
Hello @all, I noticed that I got rpm based warnings on my EL5 boxes: Warning: Failed to match rpm line ... I know there is a ticket that adress the problem (don't know the ticket number out of my head), but as far as I know with the current rpm version from yum.puppetlabs.com this should already be fixed: $ lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch Distributor ID: Scientific Description: Scientific Linux release 5.9 (Boron) Release: 5.9 Codename: Boron $ rpm -qa | grep puppet-3 puppet-3.3.1-1.el5 $ Is the fix missing in the el5 RPMs or is this a different error? Regards Thomas -- Linux ... enjoy the ride! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAELoU1OKJDced9rDswPPNrQ8Uj0H7rw458gRvUcz1P5KEGMHZA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production
Hi, When I run puppet agent --test --environment 42A, I have the following warning : Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production. ... The puppet manifest for the environment 42A isn't applied. The puppet version is 3.3.1-1puppetlabs1 on agent and puppetmaster node puppet.conf on the agent node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [agent] server = puppet report = true* --- puppet.conf on the puppetmaster node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [production] modulepath = /etc/puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* --- If i comment the last two lines (external_nodes and node_terminus) on the puppetmaster puppet.conf node, The puppet manifest is applied correctly. Anybody has an idea ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f52ce64b-a300-488c-9734-8c0166cd5748%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Custom Windows Fact (match ipaddress)
Still no effect. Facter::Util::Resolution.exec(C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567]) Is there anything else i need to escape? On Tuesday, October 29, 2013 3:07:12 PM UTC+1, cko wrote: Hi everybody, I'm trying to write a custom fact that gets the IP Address of any given NIC if it matches a specific IP range. On Linux i use this (works fine) Facter.add(ip_foo) do setcode do Facter::Util::Resolution.exec(/sbin/ifconfig | /bin/grep '192.168.20[567].' | /bin/awk '{ print $2 }' | /bin/cut -d':' -f2) end end Now my Windows Version: Facter.add(ip_foo_windows) do confine :operatingsystem = :windows setcode do Facter::Util::Resolution.exec(C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567]) end end When i run the command C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567] on the box it works perfectly fine. It returns the value that i need. But it seems that puppet doesn't get that value into the fact. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f0fbe47f-5bc0-4fc3-bc2a-5eb8d6cad367%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs/firewall and fail2ban
Hi, Ah indeed, I misread the puppetlabs-denyhosts module. I had a look at the DenyHosts project but that seems limited to SSH alone. My fail2ban has rules that scan logs of our web servers, mail etc. -- Daniele Sluijters On Wednesday, 30 October 2013 01:39:56 UTC+1, Don Hoffman wrote: On reading your message, I think you are perhaps confusing the static Linux /etc/host.deny mechanism with the DenyHosts project. See http://denyhosts.sourceforg.net Don On Oct 29, 2013, at 5:32 PM, Donald Hoffman don.h...@gmail.comjavascript: wrote: On Oct 29, 2013, at 12:00 PM, Daniele Sluijters daniele@gmail.comjavascript: wrote: Hi, DenyHosts is not an option for me since I can't predict which hosts will be connecting from the outside. Fail2ban solves that issue by looking for odd behaviour instead of asking me to whitelist. Thanks for the suggestion though, -- Daniele Sluijters Hmm. Don’t quite follow. DenyHost works pretty much the same as fail2ban on the detection side. I.e. “looking for odd behavior. See this entry from their FAQ: http://denyhosts.sourceforge.net/faq.html#1_5 The DenyHost daemon monitors /var/log/secure for various signs of unsuccessful attempts to connect (from anywhere). Once a threshold is reached a rule for that IP address is inserted in to /etc/host.deny. Pretty much has the same detection features as Fail2ban. It is only on the filtering side where DenyHosts and Fail2ban really differ. Fail2ban sets up iptables firewall rules while DenyHosts adds entries to hosts.deny for filtering in the app (usually sshd) server daemon. Don -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d03394af-4bf0-4bc0-b250-d3d125a22ab5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Hiera vs OpenLDAP
This one perhaps? https://github.com/hunner/hiera-ldap The example is for Users, doesn'tlook difficult to adapt the search to get a list of servers. How you model the classes and class parameters in LDAP might be trickier. Maybe your LDAP structure would look something like this (which doesn't require much schema): cn=nodename,ou=nodes,dc=example,dc=com cn=classname,cn=nodename,ou=nodes,dc=example,dc=com cn=classparameter1,cn=classname,cn=nodename,ou=nodes,dc=example,dc=com value=woof On Wednesday, October 30, 2013 4:53:29 AM UTC, Steven Jonthen wrote: Hi guys, I want to use Hiera with a OpenLDAP-Backend. The OpenLDAP-Backend should contain class parameters. When a agent connects to the puppet master then hiera should extract from the OpenLDAP-Backend which roles and which class-parameters the node has. I've found any useful example in the internet, how to integrate OpenLDAP into Puppet and howto create and use the data. Can anyone help me? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1497c323-e6bb-46f8-ae26-5b785e89b6e4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production
Hi, Have you tried --environment=42A? -- Daniele Sluijters On Wednesday, 30 October 2013 09:47:13 UTC+1, AVE1810 wrote: Hi, When I run puppet agent --test --environment 42A, I have the following warning : Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production. ... The puppet manifest for the environment 42A isn't applied. The puppet version is 3.3.1-1puppetlabs1 on agent and puppetmaster node puppet.conf on the agent node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [agent] server = puppet report = true* --- puppet.conf on the puppetmaster node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [production] modulepath = /etc/puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* --- If i comment the last two lines (external_nodes and node_terminus) on the puppetmaster puppet.conf node, The puppet manifest is applied correctly. Anybody has an idea ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/879d4d5b-2aa2-4823-9208-ef85476fedee%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production
Yes, it doesn't work. I have the same error Le mercredi 30 octobre 2013 10:51:32 UTC+1, Daniele Sluijters a écrit : Hi, Have you tried --environment=42A? -- Daniele Sluijters On Wednesday, 30 October 2013 09:47:13 UTC+1, AVE1810 wrote: Hi, When I run puppet agent --test --environment 42A, I have the following warning : Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production. ... The puppet manifest for the environment 42A isn't applied. The puppet version is 3.3.1-1puppetlabs1 on agent and puppetmaster node puppet.conf on the agent node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [agent] server = puppet report = true* --- puppet.conf on the puppetmaster node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [production] modulepath = /etc/puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* --- If i comment the last two lines (external_nodes and node_terminus) on the puppetmaster puppet.conf node, The puppet manifest is applied correctly. Anybody has an idea ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7f535234-d37f-4e76-b831-abc6d41ec07c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production
Hi, I believe the following link should resolve this problem for you. https://groups.google.com/forum/#!topic/foreman-users/p5w0if2AGlo J On Wednesday, 30 October 2013 08:47:13 UTC, AVE1810 wrote: Hi, When I run puppet agent --test --environment 42A, I have the following warning : Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production. ... The puppet manifest for the environment 42A isn't applied. The puppet version is 3.3.1-1puppetlabs1 on agent and puppetmaster node puppet.conf on the agent node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [agent] server = puppet report = true* --- puppet.conf on the puppetmaster node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [production] modulepath = /etc/puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* --- If i comment the last two lines (external_nodes and node_terminus) on the puppetmaster puppet.conf node, The puppet manifest is applied correctly. Anybody has an idea ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/851581f1-d1cc-40b0-8ffd-84ea29597dd4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Hiera vs OpenLDAP
Are you using ldap as your ENC ? If so, all settings defined in the puppet ldap schema are available as global vars in your manifest. Unfortunately, class parameters are not supported (at the moment), so maybe the ldap part in the puppet code could be extended to support that. I heard more people looking for that functionality in the ldap ENC code. You could indeed write your own hiera ldap backend, but I have some doubts about the speed. Here is another example of an ldap backend : http://forge.ircam.fr/p/hiera-ldap-backend/ It is one of the things i'm also looking into, but i have to install ldap with puppet first, and that needs some more code to write, to support the dynamic ldap config in our puppet ldap module. Gts Jo On 10/30/2013 10:43 AM, Luke Bigum wrote: This one perhaps? https://github.com/hunner/hiera-ldap The example is for Users, doesn'tlook difficult to adapt the search to get a list of servers. How you model the classes and class parameters in LDAP might be trickier. Maybe your LDAP structure would look something like this (which doesn't require much schema): cn=nodename,ou=nodes,dc=example,dc=com cn=classname,cn=nodename,ou=nodes,dc=example,dc=com cn=classparameter1,cn=classname,cn=nodename,ou=nodes,dc=example,dc=com value=woof On Wednesday, October 30, 2013 4:53:29 AM UTC, Steven Jonthen wrote: Hi guys, I want to use Hiera with a OpenLDAP-Backend. The OpenLDAP-Backend should contain class parameters. When a agent connects to the puppet master then hiera should extract from the OpenLDAP-Backend which roles and which class-parameters the node has. I've found any useful example in the internet, how to integrate OpenLDAP into Puppet and howto create and use the data. Can anyone help me? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1497c323-e6bb-46f8-ae26-5b785e89b6e4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Puppet Advanced Training | https://www.open-future.be/puppet-advanced-training-12-till-14th-november Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-18-till-20th-november Zabbix Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-21-till-22nd-november Puppet Fundamentals Training | http://www.open-future.be/puppet-fundamentals-training-10-till-12th-december Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5270E3EB.1080304%40open-future.be. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Custom providers and feature confinement
Hello all, I have been searching through previous posts and documentation and I have not been able to find out what is happening with my provider... I have declared a custom provider that depends on a custom feature (in fact, in a set) that are not present at the machine but installed during the puppet run. The provider is never loaded at the same run as the feature is satisfied but on subsequents. Here is the sample of my provider and feature: *Feature* require 'puppet/util/feature' Puppet.features.add(:json_compare, :libs = [json-compare]) *Provider* Puppet::Type.type(:selenium_node).provide(:json, :parent = Puppet::Provider::Selenium_node) do desc Supports JSON as configuration method confine :feature = [ :json, :json_compare, :yajl ] [...] Whenever I execute the first puppet run the following message is thrown when the provider is to be used: Error: /Stage[main]/Selenium::Modules::Server::Config/Selenium::Modules::Server::Config::Node[auto-bct]/Selenium_node[/opt/selenium/conf/nodes/auto-bct.json]: Provider json is not functional on this host Doing some traces through the execution I have found that the code is executed only once at the Provider loading but not anymore (even though the dependency is satisfied later on). May it be due to the fact that is a gem dependency and that must be loaded at current ruby execution? There is any restriction on using confine and setting that check to be lazy? Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/91a0050d-ed78-40d9-b523-9d17e70c4ac9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production
Yes, it resolve my problem. Thank you. Best regards Le mercredi 30 octobre 2013 11:43:33 UTC+1, james.e...@fasthosts.com a écrit : Hi, I believe the following link should resolve this problem for you. https://groups.google.com/forum/#!topic/foreman-users/p5w0if2AGlo J On Wednesday, 30 October 2013 08:47:13 UTC, AVE1810 wrote: Hi, When I run puppet agent --test --environment 42A, I have the following warning : Warning: Local environment: 42A doesn't match server specified node environment production, switching agent to production. ... The puppet manifest for the environment 42A isn't applied. The puppet version is 3.3.1-1puppetlabs1 on agent and puppetmaster node puppet.conf on the agent node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [agent] server = puppet report = true* --- puppet.conf on the puppetmaster node : *[main] logdir=/var/log/puppet vardir=/var/lib/puppet ssldir=/var/lib/puppet/ssl rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates pluginsync = true [production] modulepath = /etc/puppet/environments/modules/production manifest = /etc/puppet/environments/manifests/production/site.pp [42A] modulepath = /etc/puppet/environments/modules/install/42A manifest = /etc/puppet/environments/manifests/install/site.pp [agent] server = puppet report = true [master] ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY storeconfigs = true storeconfigs_backend = puppetdb reports=log,puppetdb,foreman external_nodes = /etc/puppet/node.rb node_terminus = exec* --- If i comment the last two lines (external_nodes and node_terminus) on the puppetmaster puppet.conf node, The puppet manifest is applied correctly. Anybody has an idea ? Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a99f78b9-e597-4dd9-9294-84a3d0f2ff77%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Why does the Puppet-Agent on Windows use a batch file?
Hi Josh, After a lot of digging around, I think I have partial solution; NOTE - This is my first attempt at writing ruby so I expect there are some issues with what I've written. I only had a single host (Server 2008 R2 64bit) to test this on, but I believe the changes I've made are generic enough to work on all puppet supported MS Operating Systems, 32 or 64bit. While the CMD.EXE is not required by the Agent once running, there Service Control Manager is still monitoring that process and if it dies, it will say the service is not running, even though the orphaned the RUBY.EXE process is still running. WINDOWS SERVICE CONFIG The process for the service doesn't need the entire environment as that of puppet, in order run. The way I see it, the service needs enough information to act as a Windows Service and to spawn child processes of Puppet. The Puppet.BAT calls Environment.BAT which does all the work to setup the environment variables on a per call basis. So what I did is change the ImagePath of the pe-puppet service to call ruby directly; HKLM\System\CurrentControlSet\Services\pe-puppet\ImagePath; FROM: C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\service\daemon.bat TO: C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\sys\ruby\bin\rubyw.exe -CC:\Program Files (x86)\Puppet Labs\Puppet Enterprise\service C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\service\daemon.rb That is enough information for Ruby to run the service. Obviously the paths in these may differ depending on each host, BUT that can all be authored in the puppet MSI easily. DAEMON.RB I made some changes to daemon.rb (attached to this post); * I created a basic function for Windows EventLog logging Puppet Bug #21641. It doesn't register an application source so it's a bit of a hack and could really do with a more professional cleanup. * I fixed up the behaiour of Puppet Agent terminating once Paused Bug #22972 * A side effect of not running the daemon from a CMD.EXE was that the call to get to runinterval was failing. I suspect this is due to STDOUT not being available anymore. So I used the well worn method of pipe the output to a file and read that instead (Lines 60-79). I still need to try RUBY.EXE instead of RUBYW.EXE and see if it makes a difference. * I put the Puppet Agent run in an IF statement, which will only evaluate as true if the service is in a RUNNING or IDLE state (Lines 81-86) * I think may have found a bug in the Win32 Daemon code which was taking the service out of PAUSED and put it into a RUNNING state whenever a SERVICE_INTERROGATE event is recieved. I need to log this with the authours. (Lines 108-119). * I added in a little extra logging in the Resume and Pause events. I changed some of the wording in the main loop to reduce any confusion about Service Resuming Glenn. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f540d5d5-f21b-455f-8ce9-a561cac3ef79%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. #!/usr/bin/env ruby require 'fileutils' require 'win32/daemon' require 'win32/dir' require 'win32/process' require 'win32/eventlog' require 'windows/synchronize' require 'windows/handle' class WindowsDaemon Win32::Daemon include Windows::Synchronize include Windows::Handle include Windows::Process LOG_FILE = File.expand_path(File.join(Dir::COMMON_APPDATA, 'PuppetLabs', 'puppet', 'var', 'log', 'windows.log')) LEVELS = [:debug, :info, :notice, :err] LEVELS.each do |level| define_method(log_#{level}) do |msg| log(msg, level) end end def service_init FileUtils.mkdir_p(File.dirname(LOG_FILE)) end def service_main(*argv) args = argv.join(' ') @loglevel = LEVELS.index(argv.index('--debug') ? :debug : :notice) log_notice(Starting service: #{args}) puppetpid = -1 basedir = File.expand_path(File.join(File.dirname(__FILE__), '..')) puppet = File.join(basedir, 'bin', 'puppet.bat') raise_windows_event(Win32::EventLog::INFO,0x01,Starting Puppet Agent using Puppet: #{puppet}) while running? do return if !running? log_notice('Service is running') unless File.exists?(puppet) log_err(File not found: '#{puppet}') raise_windows_event(Win32::EventLog::ERROR,0x02,Could not find Puppet: #{puppet}) return end return if !running? log_debug(Using '#{puppet}') begin #DEBUG #runinterval = %x{ #{puppet} agent --configprint runinterval }.to_i # Stdout redirection seems to fail when using this service without a parent CMD.EXE. Using the old method of pipe to text file and read it.
Re: [Puppet Users] Upgrading a .msi package through Puppet
Thanks Rob for guiding me. The ensure = latest feature is not ready yet, because it requires an upgradeable provider. What seems to be solved is ensure = '0.0.1'. At the link you provide they made the windows provider versionable. (That requires facter version = 1.7.3-rc1) I managed to apply it to Puppet, so I can do something like: package { 'App': ensure = '0.1.1', provider= 'windows', source= 'C:\\files\\packages\\App.msi', } Which installs a specific package without uninstalling any previous version already installed... wierd :( Any hint? On Wednesday, October 23, 2013 8:18:34 PM UTC+2, Rob Reynolds wrote: Take a look at https://projects.puppetlabs.com/issues/21133. I'm not sure if there is an ensure = latest yet or not. On Wed, Oct 23, 2013 at 9:12 AM, Lorenzo Jesús Cubero lj.c...@gmail.comjavascript: wrote: Hey! I would like to be able of upgrade a windows application just copying the .msi file into a ../module/files directory, without having to modify any manifest. Something like: file { 'C:\\files\\packages\\Package.msi': ensure = present, source = 'puppet:///modules/SOME-MODULE/packages/Package.msi', } package { 'Package': ensure = installed, provider= 'windows', source= 'C:\\files\\packages\\Package.msi', } The main problem I'm facing is to tell Puppet to install the latest version, without defining the specific package. I would like to do something like version = latest. Any ideas on where to begin? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To post to this group, send email to puppet...@googlegroups.comjavascript: . Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/958adf6c-b9ce-453c-a24c-c92db2ac5ac8%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: :merge_behavior: deeper and hiera_hash
On Tuesday, October 29, 2013 9:21:05 PM UTC-5, William Leese wrote: Hi, To my surprise hashes passed to class parameters pulled from hiera with :merge_behavior: deeper, are not merged as expected, where as hiera_hash does work as expected. Or to rephrase: they behave differently, despite merge_behavior being set. Per the docs, the :merge_behavior setting affects how hashes are merged in a hash merge lookup. Not every hiera lookup is a hash merge lookup, and whether a query is of that kind does not depend on the type of the data retrieved. A standard hiera lookup, such as is performed by the ordinary hiera() function, simply returns the highest-priority datum it finds in the data hierarchy. This is what is used for automated class parameter binding. A hash merge lookup, on the other hand, is what you get from the hiera_hash() function. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/feb2ce1a-efe5-4b1d-86e2-50d96e0d3c37%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Issues referencing a class from another module
On Tuesday, October 29, 2013 5:44:07 PM UTC-5, Daniel Sage wrote: I just realised that there is a typo in my example. But the problem remains the same, if I've got the following code in acme_inc::workstation # install and set up the nfs client class {'nfs': class = client, domain = acme.example.com, } then I get the following error Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class acme_inc::workstation for puppet-agent-dev.example.com on node puppet-agent-dev.example.com The two classes are in the correct position, with acme_inc::workstation being /etc/puppet/modules/acme_inc/manifests/workstation.pp and the nfs class is in /etc/puppet/modules/nfs/manifests/init.pp It is conceivable that Puppet does not like you using 'class' as a parameter name, since it is a Puppet keyword. If so, then this might work around the problem: # install and set up the nfs client class {'nfs': 'class' = client, domain = acme.example.com, } But if that indeed is successful, then you should take it merely as confirmation of the diagnosis. You should not allow such an issue to remain in your nfs module. If you do, it will bite you again. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2596e6b3-5f6c-4a12-b2df-7cdecb092720%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: User and group issues
On Tuesday, October 29, 2013 10:31:56 AM UTC-5, box...@gmail.com wrote: I see that makes sense, would you be able to give a quick example of the required syntax? Here is a simple example. If you have more than a tiny number of users and/or groups, however, or if they change with any frequency, then you should probably externalize your data instead encoding it directly in your classes. Externalizing your data is a whole other kettle of fish, though. module path/accounts/manifests/groups.pp: class accounts::groups { @group { 'testgroup': ensure = present } @group { 'testgroup2': ensure = present } } module path/accounts/manifests/virtual.pp: # note the file name -- # NOT accounts.pp as in the orginal post define accounts::virtual ($realname,$pass,$gid,$sshkey=) { include accounts::groups realize Group[$gid] user { $title: ensure = present, gid = $gid, # ... } # Note: User autorequires Group[$gid] if it is Puppet-managed, # so there's no need to declare that explicitly. # ... } John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a67c8e99-4b47-486e-bfa1-7443db42a13a%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Version Controlling Puppet Configs with svn
To address permission issues I run a rsync server on the puppet server with a module that specifies owner and group Jenkins ci then takes checks out svn commits and rsyncs them up. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAohVBdYJTq%2Baz-PTnwPpcLRtcBFxarZQMvhmiifn9%3DcZEGX6A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] git puppet, modules manifests (oh-my)
Hey; I am a recent convert to puppet and git and have become a huge fan so the concept on keeping modules under git/vcs control is well and truly accepted. I'm not clear on how to keep the /etc/puppet/manifests in sync with the modules, however. Case in point: I have two puppet instances running, one, prod, running/maintaining a set of physical linux systems and one, dev, running on a set of KVMs on which I'm doing most of my testing. I use the master branch of the dev instance as the place to test out changes to the things that I eventually want in prod. Put another way, the prod instance pulls changes from the dev master branch. So far, pretty standard The dev instance also has a testing branch in which I can go hog wild. Doing this, though, I occasionally have to update the /etc/puppet/manifests/nodes.pp file to include additional testing modules. When I switch back to the master branch on dev, I have to re update that file manually. It seems there should be a better way to keep these in sync. I pondered putting the entire /etc/puppet directory under one repo; but that would make migrating changes to my prod instance an ugly process. Host names changed, puppet.conf file's different, etc, etc. The only thing I've thought of is creating a softlink from /etc/puppet/manifests/nodes.pp - /etc/puppet/modules/nodes.pp. I'm sure that'll work as the nodes would get switched to whatever git branch is current; but, I wanted to find out if there's a better, cleaner, more standard method. Any hints/tips/suggestions greatly appreciated. Thanks. Doug O'Leary -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fd275df7-b1f8-4c74-9e37-8ca392a5eb32%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] err: Could not retrieve catalog; skipping run
Hi, I install puppet 2.6.18, test it and it was working okay. Then I install Apache and Passenger on the Puppet server. I run on a puppet agent: puppet agent —test And I got the error: warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run In the puppet server access_log I have: GET /production/catalog/puppet.agent.domain?facts=eNqVV2… facts_format=b64_zlib_yaml HTTP/1.1 *404* 343 - - And in the error_log I have: File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production /usr/share/puppet/rack/puppetmasterd/public is empty. I just create it as part of the installation. What I'm missing? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b6b651fe-0b5f-4fca-827d-0d5b74b3b77b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet agent fails when executed via mcollective
I have configured that my puppet agents are executed twice a night. For urgent updates I have mcollective and I can run them manually (or at least I thought so). I am experiencing problems when puppet agent is executed via mcollective: mco puppet runonce -I XXX.com * [ ] 1 / 1 Finished processing 1 / 1 hosts in 3198.59 ms In puppet dashboard execution is marked as an error with the following text: *notice Caught TERM; calling stop Puppet 2013-10-30 07:28 CET* and in a syslog on puppet agent: *Oct 30 07:28:11 sc4-008 puppet-agent[23043]: Reopening log files * *Oct 30 07:28:38 sc4-008 puppet-agent[23043]: Caught TERM; calling stop* If I execute puppet agent manually everything is ok: *puppet agent --test* *Info: Retrieving plugin* *Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb* *Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb* *Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb* *Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb* *Info: Caching catalog for XX.com* *Info: Applying configuration version '69M'* *Notice: /Stage[post]/Patch_all_force/Exec[patchScanner_ALL_force]/returns: executed successfully* *Notice: Finished catalog run in 13.06 seconds* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5a80abea-4fa4-4a86-beb3-811b27ff2b95%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] git puppet, modules manifests (oh-my)
dkoleary [30.10.2013 14:55]: Hey; [..] Doing this, though, I occasionally have to update the /etc/puppet/manifests/nodes.pp file to include additional testing modules. When I switch back to the master branch on dev, I have to re update that file manually. It seems there should be a better way to keep these in sync. Hi Doug, do you want this file in the git version control or not? :-) If not, echo nodes.pp /etc/puppet/manifests/.gitignore should solve the problem, since git will ignore the file from now on If yes, I'd suggest you open a separate branch for this one file, and to merge it wherever and whenever needed. Regards, Werner -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52711664.207%40ufz.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] git puppet, modules manifests (oh-my)
Hey; Thanks for the reply. Yes; having it under git control would be optimal. I tried having a separate repo for /etc/puppet/manifests (and still have it); however, when I switch between testing and master, I still have to remember to switch on the manifests repo. I'm a UNIX admin. We're lazy by nature. I tried the soft link that I mentioned above and it seems to work. Pending any other responses, I'll keep going with that: # pwd /etc/puppet/modules # git branch * master testing # grep pm /etc/puppet/manifests/nodes.pp node 'pm.olearycomputers.com' { include base } and switching: # git checkout testing Switched to branch 'testing' # git branch master * testing # grep pm /etc/puppet/manifests/nodes.pp node 'pm.olearycomputers.com' { include base,testing } The only (minor) issue is that I'll have an extra nodes.pp file in my production instance but since the soft link won't exist in prod, it won't matter. Thanks again for the response. I appreciate it. Doug O'Leary -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/00cf4e72-c842-4fee-a42f-25a678102b6a%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Custom Windows Fact (match ipaddress)
The second issue is that findstr is a shell builtin, so you have wrap the entire command in: cmd.exe /c original command You may have to quote the original command and adjust the interior quotes accordingly. Josh On Wednesday, October 30, 2013, cko wrote: Still no effect. Facter::Util::Resolution.exec(C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567]) Is there anything else i need to escape? On Tuesday, October 29, 2013 3:07:12 PM UTC+1, cko wrote: Hi everybody, I'm trying to write a custom fact that gets the IP Address of any given NIC if it matches a specific IP range. On Linux i use this (works fine) Facter.add(ip_foo) do setcode do Facter::Util::Resolution.exec(**/sbin/ifconfig | /bin/grep '192.168.20[567].' | /bin/awk '{ print $2 }' | /bin/cut -d':' -f2) end end Now my Windows Version: Facter.add(ip_foo_windows) do confine :operatingsystem = :windows setcode do Facter::Util::Resolution.exec(**C:\Windows\System32\** WindowsPowerShell\v1.0\**powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567]) end end When i run the command C:\Windows\System32\**WindowsPowerShell\v1.0\**powershell.exe ipconfig | Select-String -pattern '192.168.20[567]' | %{$_.line.split()} | FINDSTR 192.168.20[567] on the box it works perfectly fine. It returns the value that i need. But it seems that puppet doesn't get that value into the fact. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com javascript:_e({}, 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f0fbe47f-5bc0-4fc3-bc2a-5eb8d6cad367%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umXqfg0sxcDx2mdnJsdA1PjP7sEJwOOXgcu_EiqL1BrtQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9
Hi, Is anyone else getting this: $ facter /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': cannot load such file -- facter/application (LoadError) from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require' from /usr/bin/facter:72:in `main' $ puppet /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': cannot load such file -- puppet/util/command_line (LoadError) from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require' from /usr/bin/puppet:3:in `main' Both installed from packages which were downloaded from http://downloads.puppetlabs.com/mac/ Cheers, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0f6bf066-6afd-4db5-8ab1-c6db16afc457%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Upgrading a .msi package through Puppet
I am curious if you have also looked at the other package providers that are out there - http://forge.puppetlabs.com/modules?q=windows+package I can tell you that the chocolatey provider does allow ensure = latest. Also the version on github is being improved to add source in addition to other things and will be updated sometime in the future. To answer your question about the uninstall with the windows package built-in provider, are you seeing this with all MSIs or just a specific one (perhaps that was custom built)? MSIs should upgrade themselves, unless there is an error in the MSI installer logic. Or if the logic allowed side by side installs, in which case I don't think the provider takes that into account. On Wed, Oct 30, 2013 at 7:15 AM, Lorenzo Jesús Cubero lj.cub...@gmail.comwrote: Thanks Rob for guiding me. The ensure = latest feature is not ready yet, because it requires an upgradeable provider. What seems to be solved is ensure = '0.0.1'. At the link you provide they made the windows provider versionable. (That requires facter version = 1.7.3-rc1) I managed to apply it to Puppet, so I can do something like: package { 'App': ensure = '0.1.1', provider= 'windows', source= 'C:\\files\\packages\\App.msi', } Which installs a specific package without uninstalling any previous version already installed... wierd :( Any hint? On Wednesday, October 23, 2013 8:18:34 PM UTC+2, Rob Reynolds wrote: Take a look at https://projects.**puppetlabs.com/issues/21133https://projects.puppetlabs.com/issues/21133. I'm not sure if there is an ensure = latest yet or not. On Wed, Oct 23, 2013 at 9:12 AM, Lorenzo Jesús Cubero lj.c...@gmail.comwrote: Hey! I would like to be able of upgrade a windows application just copying the .msi file into a ../module/files directory, without having to modify any manifest. Something like: file { 'C:\\files\\packages\\Package.**msi': ensure = present, source = 'puppet:///modules/SOME-** MODULE/packages/Package.msi', } package { 'Package': ensure = installed, provider= 'windows', source= 'C:\\files\\packages\\Package.**msi', } The main problem I'm facing is to tell Puppet to install the latest version, without defining the specific package. I would like to do something like version = latest. Any ideas on where to begin? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@**googlegroups.com. To post to this group, send email to puppet...@googlegroups.com. Visit this group at http://groups.google.com/**group/puppet-usershttp://groups.google.com/group/puppet-users . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/958adf6c-b9ce-453c-a24c-c92db2ac5ac8%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK6fWbudYR5zJ0vjTaL%3Dq8PvWNWJJ_34Bs6ARjnZ_HfxLQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] moving to ENC - how to get all current classes and params
I'm looking to use an external node classifier (ENC) in our environment. What's the easiest way to programmatically get currently applied classes (and class parameters) for all hosts, with the goal of dumping it into a database for later retrieval by the ENC script? Nodes are currently classified via site.pp. thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6d0da08e-9ae3-4d1e-a362-701340e51192%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] register question
Hi, When I register to master using: puppet agent --server puppetmaster --waitforcert 60 --test , it does register but also runs: puppet agent -t internally. I *only* need to register to master. is it possibie? Thanks Paras. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/aacf59f5-a1de-48c9-a87b-16c17daab716%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Pass aggregate hash to class to declare several defined types
Hi, A bit of background, I'm trying to move from node inheritance to hiera. With node inheritance I could declare defined types at several levels, for example, say for all of preproduction I'd like a yum repository *manifests/pre-prod.pp* class preprod { yumrepo { 'preprod-repo': ... } } Then add other repos in various sub classes where other specialized yumrepo(s) are declared *manifests/qa.pp* class qa inherits preprod { yumrepo { 'qa': ... } } *manifests/dev.pp* class dev inherits preprod { yumrepo {'dev': ... } } I'm having a hard time getting this to map to hiera cleanly. I'd like to have the data in the hierarchy something like this *preprod.yaml* yumrepo::name: preprod-repo ... *qa.yaml* yumrepo::name: qa-repo ... My initial thought was to use hiera_include('classes'), but that doesn't work for defined types. What folks on superuser.com have suggestedhttp://serverfault.com/questions/549720/hiera-include-equivalent-for-resource-types/549727?noredirect=1#549727is to define a wrapper class for *each* declaration of a defined type. Something like class preprod_repo { yumrepo { 'preprod-repo': ... } } class qa_repo { yumrepo { 'qa-repo': ... } } Then in the yaml *preprod.yaml* classes: - preprod_repo ... *qa.yaml* classes: - qa_repo ... I really don't want to define a class for every single type instantiation. What I'd prefer would be a single class that could capture a merged hash from all the yaml files and write out all the type declarations, but I'm having trouble with the implementation. From the yaml side, I've got what I want, something like this *preprod.yaml* classes: - yumrepo_hiera yumrepo_hiera: { 'preprod_repo' : { # attributes for preprod yum repo } } *qa.yaml* classes: - yumrepo_hiera yumrepo_hiera: { 'qa_repo' : { # attributes for qa yum repo } } Now I'm passing an aggregate data object with all the data needed to the yumrepo_hieara class. Problem is how to write out all those type declarations. Since there's no looping in RDL. I know it's deprecated, but the Ruby DSL seems to be my best bet, yet I can't get the hash from hiera passed in.., I'm getting this error when I run the agent undefined method `merge' for :yumrepo_hiera:Symbol Here's what I've got so far, bear in mind I know nothing of Ruby, but hopefully you can get the idea hostclass :yumrepo_hiera, :yumrepo_hiera do @yumrepo_hiera.each do |name, repo| yumrepo( :name, repo[:descr], # other parameters to yumrepo type... ) end end Can someone help me get off the ground with this Ruby DSL, or show me a better way in general, one where I don't have to write a class per each node declaration? thanks, -nathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/804125e1-6473-448c-954b-f2c85f249b7f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Geppetto with Subversion
I'm trying to use Geppetto 4 to develop puppet modules and check them in and out of subversion. I've got a subversion repositories setup via web dav. The Cloudsmith FAQ seems a bit vague. I've not used Eclipse much at all and am not sure how the subversion integration works. I saw a really cool video demo from the PuppetConf youtube channel using the Forge ( http://www.youtube.com/watch?v=TxeaEo2jKWQ). I'm wondering if anyone has recommendations for getting started using Geppetto with subversion? I've searched around a bit and might just be overlooking something that will answer my questions, but hopefully some one can point me in the right direction. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ecc25e3e-7cc9-4d77-aba7-321436ba8fe4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Why does the Puppet-Agent on Windows use a batch file?
* A side effect of not running the daemon from a CMD.EXE was that the call to get to runinterval was failing. I suspect this is due to STDOUT not being available anymore. So I used the well worn method of pipe the output to a file and read that instead (Lines 60-79). I still need to try RUBY.EXE instead of RUBYW.EXE and see if it makes a difference. Looks like RUBY.EXE will fix my issue as per Puppet Bug #21043. I'll update my daemon.rb and repost. https://projects.puppetlabs.com/issues/21043 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/844378c0-0e97-46d3-aefa-472fb900dc99%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Why does the Puppet-Agent on Windows use a batch file?
I also noticed there is a puppetres.dll and puppetres.mc file so I'll investigate that and use it for the EventLog stuff. https://github.com/puppetlabs/puppet/tree/master/ext/windows/eventlog -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bd3b91a5-6f4d-4d3c-b9dc-d1e2019749bc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Version Controlling Puppet Configs with svn
Thank you very much. I want to know more in your method. As result, anyway, when you do fresh checkout, the files are like 664 petec petec site.pp 664 petec petec x and petec is included in pe-puppet. Am I right? Also, I don't understand what setgid do. Does setgid affect only execution? I am not sure that modules and manifests need to be executed. You seem to manage only modules and manifests. I try to manage all the files under /etc/puppetlabs, so I wonder if your method can be applied. My current method is 1. default mv /etc/puppetlabs to [another place] 2. create symbolic link 3. git commit [another place] 4. as root, git push, pull This way, git pull does not modify permission and ownership. But, very dangerous when fresh checkout. Thank you. On Wed, Oct 30, 2013 at 1:41 PM, Pete Cornell pete.corn...@virginamerica.com wrote: Hello-- It turns out I was overly cautious about changed ownership away from root. As long as you ensure the group owner is the puppet group, you can have mixed ownership for user. My solution was to use the Setgid bit on all directories where puppet manifests are located and change the directories group ownership to the puppet group. I then place my regular user account into the puppet group and I edit puppet manifests as user, not as root. In effect, when I edit puppet manifests they will have ownership of pete:pe-puppet. When we do commits / checkouts from SVN they keep this same group ownership and function fine in Puppet runs. So the steps to make it work are: On the puppet directories, change group ownership to the puppet group, set the setgid bit and set file mode of rwx for group, e.g. as root: # chgrp -R pe-puppet /etc/puppetlabs/puppet/modules /etc/puppetlabs/puppet/manifests # chmod -R 2774 /etc/puppetlabs/puppet/modules /etc/puppetlabs/puppet/manifests Placing the setgid bit will make files keep a group ownership of pe-puppet. Then, add your regular user account to the puppet group, e.g. # usermod -G pe-puppet petec Do this for all uses who will edit puppet code and make sure that you edit puppet code and commit to Git using your regular user account, not as root. This setup has been working fine for us. I also setup 3 Puppet environments in this way (for dev, QA and prod) and propagate code between environments with SVN. — Pete On Oct 29, 2013, at 6:50 PM, Hyunil Shin anyone.can.t...@gmail.com wrote: Hello.. I have the same problem with you, except that I am using Git. Can you describe your solution in more details? As you said that /etc/puppet has mixed ownership of root and pe-puppet, how can you checkout puppet configuration from the svn with preserving permission and ownership? Thank you~ On Tuesday, May 7, 2013 2:17:33 AM UTC+9, P Cornellio wrote: That's correct, my concern is permissions/ownership changes inside /etc/puppet on the master after doing commits/check-outs, especially when new manifests are added on clients, outside of the master, then committed to the repo and updated onto the master. Our master currently has mixed ownership between both root and pe-puppet user. I will go with the approach of using the pe-puppet user on the master. On Monday, May 6, 2013 5:43:20 AM UTC-7, Bernardo Costa wrote: I suppose your concerns are about the check-outs of the svn repo on the puppet root direcctory, not about permissions and ownership inside the repo. Once you do svn co command as your user (not recommended), the new files will be created having being owned by you. It might fail if you user does not have permission tho create or modify these files inside the puppet tree source file. The best thing to do is run the svn co command as user puppet but you'll need to set its password or a sudo set of commands. Em domingo, 5 de maio de 2013 00h58min18s UTC-3, P Cornellio escreveu: Hi, I an in the process of putting my Puppet Master configs into version control using SVN. I'm concerned about file permission and ownership changes as a result of this. SVN does not store permissions. How does one safely use SVN with puppet configs? Cheers, Pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPCozZynVXNoh1c8M6%3Dc-w9zdEAtVXQOVWxJ2EdV3_a64tssDQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: :merge_behavior: deeper and hiera_hash
On Wednesday, October 30, 2013 10:08:14 PM UTC+9, jcbollinger wrote: Per the docs, the :merge_behavior setting affects how hashes are merged in a hash merge lookup. Not every hiera lookup is a hash merge lookup, and whether a query is of that kind does not depend on the type of the data retrieved. A standard hiera lookup, such as is performed by the ordinary hiera() function, simply returns the highest-priority datum it finds in the data hierarchy. This is what is used for automated class parameter binding. A hash merge lookup, on the other hand, is what you get from the hiera_hash() function. Makes sense. I think that the confusion stems from using on hiera_include's array merge lookup, seeing your class arrays being merged nicely and assuming such behaviour extends to class parameter binding. I understand the reasons maintaining priority lookup for class parameters though. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b8d4d310-e1c2-4e36-9c2e-b1ffe157a3bd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Why does the Puppet-Agent on Windows use a batch file?
On Wed, Oct 30, 2013 at 8:41 PM, Glenn Sarti glenn.sar...@gmail.com wrote: Well that was easier than I expected * daemon.rb now defaults to logging in the Event Log and optionally to the windows.log file This should resolve https://projects.puppetlabs.com/issues/21641. Can you submit a PR for this issue? * The ImagePath string now looks like; C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\sys\ruby\bin\ruby.exe -rubygems -CC:\Program Files (x86)\Puppet Labs\Puppet Enterprise\service C:\Program Files (x86)\Puppet Labs\Puppet Enterprise\service\daemon.rb I'm not sure if the -rubygems is required but it is in the daemon.bat file. I think this is necessary, at least it was in ruby 1.8, not entirely sure about 1.9. Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umBtRjJ0%3DCpqBNGvNodgY6PC3SuBvhV4x_Phei3jxTswA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Why does the Puppet-Agent on Windows use a batch file?
On Wed, Oct 30, 2013 at 6:06 PM, Glenn Sarti glenn.sar...@gmail.com wrote: * A side effect of not running the daemon from a CMD.EXE was that the call to get to runinterval was failing. I suspect this is due to STDOUT not being available anymore. So I used the well worn method of pipe the output to a file and read that instead (Lines 60-79). I still need to try RUBY.EXE instead of RUBYW.EXE and see if it makes a difference. Looks like RUBY.EXE will fix my issue as per Puppet Bug #21043. I'll update my daemon.rb and repost. https://projects.puppetlabs.com/issues/21043 Yes, sadly rubyw.exe is broken in 1.9: http://bugs.ruby-lang.org/issues/7239 . Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97u%3DGpiMRZbe2YAhM6oEKiHa-YR6%3D9XM3-EPzL59Wp5Z6fw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Upgrading a .msi package through Puppet
Hi Lorenzo, On Wed, Oct 30, 2013 at 11:54 AM, Rob Reynolds r...@puppetlabs.com wrote: I am curious if you have also looked at the other package providers that are out there - http://forge.puppetlabs.com/modules?q=windows+package I can tell you that the chocolatey provider does allow ensure = latest. Also the version on github is being improved to add source in addition to other things and will be updated sometime in the future. To answer your question about the uninstall with the windows package built-in provider, are you seeing this with all MSIs or just a specific one (perhaps that was custom built)? MSIs should upgrade themselves, unless there is an error in the MSI installer logic. Or if the logic allowed side by side installs, in which case I don't think the provider takes that into account. I agree with Rob, it sounds like the MSI is not authored correctly. Typically, each version of an MSI for a given product should have the same UpgradeCode, so that Windows recognizes that you are installing a new version of an existing product. If on the other hand, the product can co-exist with older versions, then you'll need to treat them as independent `package` resources in your manifests. Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97um0CzDe3tpn4R1qi2OZFZ6GKW%2BXs4WcbiWnY%2Bt7WQ6t6g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Version Controlling Puppet Configs with svn
No, when I do fresh checkouts the files are 664 petec pe-puppet site.pp and directories will be 774 petec pe-puppet Yes, petec is a member of pe-puppet group. Setgid, or Set Group ID, will make the directory and files created within it keep the ownership of the group you assign it instead of changing to the primary group of the user who create files in it. It’s a good way to share files among multiple users and allow them all to read/write the same files. Directories generally are always executable, but this method is not meant to make files within them executable as Puppet does not need that. More of an example for this: I want all members of group pe-puppet to be able to edit files in a directory, so I set group owner to pe-puppet: chgrp pe-puppet mydir or chown petec:pe-puppet mydir We can use chmod to set the group id bit: chmod g+s mydir or, with numeric mode: chmod 2774 mydir After this the permissions of ‘mydir’ becomes: drwxrwsr-- petec pe-puppet mydir Now the special trick about this: when I, or another user creates a file or directory under 'mydir’, it will have its group set as the group owner, ‘pe-puppet’ instead of the group of the user who creates it. So if another user, johnc would do: mkdir mydir/newdir, it would look like: drwxrwsr-- johnc pe-puppet newdir And now both johnc and petec have rw access to newdir because we are both members of ‘pe-puppet'. If johnc were to do the above without having the setgid bit, the above permissions would instead be: drwxrwsr-- johnc johnc newdir Notice also the puppet daemon is in the pe-puppet group, so this approach ensures it has unrestricted access to its files. I like this method as it’s fairly simple once you get the concept, and allows doing edits/commits/checkouts without becoming root. If you don’t have other users editing puppet files this method may not be necessary. Also, yes I do manage all the puppet directories this way, both /etc/puppetlabs/puppet and /opt/puppet/share/puppet/modules — Pete On Oct 30, 2013, at 6:47 PM, Hyunil Shin anyone.can.t...@gmail.com wrote: Thank you very much. I want to know more in your method. As result, anyway, when you do fresh checkout, the files are like 664 petec petec site.pp 664 petec petec x and petec is included in pe-puppet. Am I right? Also, I don't understand what setgid do. Does setgid affect only execution? I am not sure that modules and manifests need to be executed. You seem to manage only modules and manifests. I try to manage all the files under /etc/puppetlabs, so I wonder if your method can be applied. My current method is 1. default mv /etc/puppetlabs to [another place] 2. create symbolic link 3. git commit [another place] 4. as root, git push, pull This way, git pull does not modify permission and ownership. But, very dangerous when fresh checkout. Thank you. On Wed, Oct 30, 2013 at 1:41 PM, Pete Cornell pete.corn...@virginamerica.com wrote: Hello-- It turns out I was overly cautious about changed ownership away from root. As long as you ensure the group owner is the puppet group, you can have mixed ownership for user. My solution was to use the Setgid bit on all directories where puppet manifests are located and change the directories group ownership to the puppet group. I then place my regular user account into the puppet group and I edit puppet manifests as user, not as root. In effect, when I edit puppet manifests they will have ownership of pete:pe-puppet. When we do commits / checkouts from SVN they keep this same group ownership and function fine in Puppet runs. So the steps to make it work are: On the puppet directories, change group ownership to the puppet group, set the setgid bit and set file mode of rwx for group, e.g. as root: # chgrp -R pe-puppet /etc/puppetlabs/puppet/modules /etc/puppetlabs/puppet/manifests # chmod -R 2774 /etc/puppetlabs/puppet/modules /etc/puppetlabs/puppet/manifests Placing the setgid bit will make files keep a group ownership of pe-puppet. Then, add your regular user account to the puppet group, e.g. # usermod -G pe-puppet petec Do this for all uses who will edit puppet code and make sure that you edit puppet code and commit to Git using your regular user account, not as root. This setup has been working fine for us. I also setup 3 Puppet environments in this way (for dev, QA and prod) and propagate code between environments with SVN. — Pete On Oct 29, 2013, at 6:50 PM, Hyunil Shin anyone.can.t...@gmail.com wrote: Hello.. I have the same problem with you, except that I am using Git. Can you describe your solution in more details? As you said that /etc/puppet has mixed ownership of root and pe-puppet, how can you checkout puppet configuration from the svn with preserving permission and ownership? Thank you~ On Tuesday, May 7, 2013 2:17:33 AM UTC+9, P
Re: [Puppet Users] Re: config print seems to be broken
On Mon, Sep 23, 2013 at 9:19 AM, Dan White y...@comcast.net wrote: It still works this way: [root ~]# puppet agent --configprint ssldir /var/lib/puppet/ssl [root ~]# puppet master --configprint ssldir /var/lib/puppet-master/ssl You are better off specifying the application, e.g. master, and the --configprint option to obtain the correct answer. as opposed to: [root ~]# puppet config print ssldir /var/lib/puppet/ssl This invokes the `config` face-based application, which has issues... Josh -- Josh Cooper Developer, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97umE61%2BEEVSRjSKgn_-gtyjJKBAbJ9DTxKn8Xi6ojcB2ZQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Pass aggregate hash to class to declare several defined types
Solved it with create_resources. On Wednesday, October 30, 2013 4:58:44 PM UTC-6, Nathan Nobbe wrote: Hi, A bit of background, I'm trying to move from node inheritance to hiera. With node inheritance I could declare defined types at several levels, for example, say for all of preproduction I'd like a yum repository *manifests/pre-prod.pp* class preprod { yumrepo { 'preprod-repo': ... } } Then add other repos in various sub classes where other specialized yumrepo(s) are declared *manifests/qa.pp* class qa inherits preprod { yumrepo { 'qa': ... } } *manifests/dev.pp* class dev inherits preprod { yumrepo {'dev': ... } } I'm having a hard time getting this to map to hiera cleanly. I'd like to have the data in the hierarchy something like this *preprod.yaml* yumrepo::name: preprod-repo ... *qa.yaml* yumrepo::name: qa-repo ... My initial thought was to use hiera_include('classes'), but that doesn't work for defined types. What folks on superuser.com have suggestedhttp://serverfault.com/questions/549720/hiera-include-equivalent-for-resource-types/549727?noredirect=1#549727is to define a wrapper class for *each* declaration of a defined type. Something like class preprod_repo { yumrepo { 'preprod-repo': ... } } class qa_repo { yumrepo { 'qa-repo': ... } } Then in the yaml *preprod.yaml* classes: - preprod_repo ... *qa.yaml* classes: - qa_repo ... I really don't want to define a class for every single type instantiation. What I'd prefer would be a single class that could capture a merged hash from all the yaml files and write out all the type declarations, but I'm having trouble with the implementation. From the yaml side, I've got what I want, something like this *preprod.yaml* classes: - yumrepo_hiera yumrepo_hiera: { 'preprod_repo' : { # attributes for preprod yum repo } } *qa.yaml* classes: - yumrepo_hiera yumrepo_hiera: { 'qa_repo' : { # attributes for qa yum repo } } Now I'm passing an aggregate data object with all the data needed to the yumrepo_hieara class. Problem is how to write out all those type declarations. Since there's no looping in RDL. I know it's deprecated, but the Ruby DSL seems to be my best bet, yet I can't get the hash from hiera passed in.., I'm getting this error when I run the agent undefined method `merge' for :yumrepo_hiera:Symbol Here's what I've got so far, bear in mind I know nothing of Ruby, but hopefully you can get the idea hostclass :yumrepo_hiera, :yumrepo_hiera do @yumrepo_hiera.each do |name, repo| yumrepo( :name, repo[:descr], # other parameters to yumrepo type... ) end end Can someone help me get off the ground with this Ruby DSL, or show me a better way in general, one where I don't have to write a class per each node declaration? thanks, -nathan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a05af0fe-29e2-41e0-92b3-4e293ddd17d7%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet module install simondean/iis gives error Error: cert already in hash table
On Fri, Sep 20, 2013 at 7:36 AM, Rainer Weinhold redsa...@gmail.com wrote: i just downloaded 3.3 for windows (w7,x64) and got the same error. output : C:\Program Files (x86)\Puppet Labs\Puppet\binpuppet module install simondaen/iis --debug --trace Notice: Preparing to install into M:/.puppet/modules ... Notice: Downloading from https://forge.puppetlabs.com ... Error: cert already in hash table C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/monkey_patches.rb:250:in `add_cert' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/monkey_patches.rb:250:in `block in set_default_paths' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/root_certs.rb:24:in `block in each' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/root_certs.rb:24:in `each' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/windows/root_certs.rb:24:in `each' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/monkey_patches.rb:249:in `set_default_paths' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/forge/repository.rb:88:in `get_http_object' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/forge/repository.rb:59:in `read_response' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/forge/repository.rb:47:in `make_http_request' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/forge.rb:77:in `remote_dependency_info' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/module_tool/shared_behaviors.rb:34:in `get_remote_constraints' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/module_tool/applications/installer.rb:106:in `get_release_packages' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/module_tool/applications/installer.rb:54:in `run' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/face/module/install.rb:129:in `block (3 levels) in top (required)' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/interface/action.rb+eval[wrapper]:242:in `install' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application/face_base.rb:229:in `main' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:372:in `run_command' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:364:in `block (2 levels) in run' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:457:in `plugin_hook' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:364:in `block in run' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util.rb:511:in `exit_on_fail' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/application.rb:364:in `run' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/command_line.rb:132:in `run' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/lib/puppet/util/command_line.rb:86:in `execute' C:/Program Files (x86)/Puppet Labs/Puppet/puppet/bin/puppet:4:in `main' Error: Try 'puppet help module install' for usage On Thursday, September 19, 2013 10:08:58 PM UTC+2, Rob Reynolds wrote: Are your results of `puppet module install simondaen/iis --debug --trace` similar to what the others were getting? On Wed, Sep 18, 2013 at 1:52 PM, Samuel Huang samhu...@gmail.com wrote: Yeah I rebooted, and it still didn't work. On Monday, September 16, 2013 1:40:34 PM UTC-7, Rob Reynolds wrote: Yes, that is the one that I meant. I know you hate hearing this question, but did you reboot after you removed it (prior to module install) for full effect? On Mon, Sep 16, 2013 at 1:24 PM, Samuel Huang samhu...@gmail.comwrote: If what you mean by Machine store is the Local Computer, I just deleted it from both Machine and Current User stores and still puppet module install does not work. Here's a screenshot of it appearing in the Machine store. On Sunday, September 15, 2013 8:42:24 PM UTC-7, Rob Reynolds wrote: Can you determine if the cert is also under Machine certificate store and not just the Current User certificate store? On Fri, Sep 13, 2013 at 1:27 AM, Samuel Huang samhu...@gmail.comwrote: I deleted the cert you mentioned *(thatwte-timestamping.png)*, but I still have the same error everyone's been mentioning * (module-install-fails.png)*. Any help please? Sam On Sunday, August 18, 2013 7:59:04 PM UTC-7, Robert Redgwell wrote: For what it's worth, I had the same problem and figured out the particular cert on Windows 7 (64bit) that was causing the issue: -- -- -- [Subject] CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA [Issuer] CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA [Serial Number] 00 [Not Before] 1/01/1997