[Puppet Users] custom type skip array element on munge
Hi all, is there any way to completely ignore some array element when munging custom_type { name: groups = [gr1, gr2, gr3], } In case of any array member is not exists on system, I want to remove it from resource[:groups] But this code: newproperty(:groups, :array_matching = :all) do munge do |group| if does_not_exists(group) nil else group end end iterates on all array items and returns array with nil items. Is there way to remove items from array in munge. Thanks. -- Best regards, Vasil Mikhalenya -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPc4iSBQ4QSL60%3DnNYRw6GcEbAUft5RfdiVH-Tnqz-PJ9utQmw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetlabs/firewall and fail2ban
Have a look at pam_shield. It can protect any services that use PAM for authentication (i.e. ssh, authenticated mail, but not web). It can use either null-routing or iptables rules for blocking. If you set it to use null-routing then it doesn't interfere with puppetlabs/firewall - we are using these two modules together without problems. https://github.com/jtniehof/pam_shield Cheers, Jonathan On 30/10/13 09:36, Daniele Sluijters wrote: Hi, Ah indeed, I misread the puppetlabs-denyhosts module. I had a look at the DenyHosts project but that seems limited to SSH alone. My fail2ban has rules that scan logs of our web servers, mail etc. -- Daniele Sluijters On Wednesday, 30 October 2013 01:39:56 UTC+1, Don Hoffman wrote: On reading your message, I think you are perhaps confusing the static Linux /etc/host.deny mechanism with the DenyHosts project. See http://denyhosts.sourceforg.net http://denyhosts.sourceforg.net Don On Oct 29, 2013, at 5:32 PM, Donald Hoffman don.h...@gmail.com javascript: wrote: On Oct 29, 2013, at 12:00 PM, Daniele Sluijters daniele@gmail.com javascript: wrote: Hi, DenyHosts is not an option for me since I can't predict which hosts will be connecting from the outside. Fail2ban solves that issue by looking for odd behaviour instead of asking me to whitelist. Thanks for the suggestion though, -- Daniele Sluijters Hmm. Don’t quite follow. DenyHost works pretty much the same as fail2ban on the detection side. I.e. “looking for odd behavior. See this entry from their FAQ: http://denyhosts.sourceforge.net/faq.html#1_5 http://denyhosts.sourceforge.net/faq.html#1_5 The DenyHost daemon monitors /var/log/secure for various signs of unsuccessful attempts to connect (from anywhere). Once a threshold is reached a rule for that IP address is inserted in to /etc/host.deny. Pretty much has the same detection features as Fail2ban. It is only on the filtering side where DenyHosts and Fail2ban really differ. Fail2ban sets up iptables firewall rules while DenyHosts adds entries to hosts.deny for filtering in the app (usually sshd) server daemon. Don -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d03394af-4bf0-4bc0-b250-d3d125a22ab5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52738BAE.3060200%40bristol.ac.uk. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] What's the best practice to manage software updates using puppet ?
We use largely the same solution as Jo but with an ENC. Packages that we really don't care about are usually just ensure = present, so every machine built from a given release should have the same version (upgrades because of dependencies aside), or ensure = latest in the rare case that we've decided it's trivial or stable enough to allow automatic updates. For anything that we care about, we install using a parameterized class, that exposes a package_version parameter which we explicitly set to a version in our ENC. For testing/QA, we override that parameter on a host or group level to a newer version, and once it's validated, we change the version in the default environment. (Well actually, that's how it works in our new puppet3 infrastructure, currently being rolled out, which uses an in-house Django-based ENC. In our old puppet infrastructure that uses Puppet Dashboard, we have a *bunch* of parameters (which show up in puppet as globals) set on groups or nodes, like postgres_version or httpd_package_version). -jantman On 10/31/2013 01:40 PM, Jo Rhett wrote: There's always the alternative of using ensure = heira( 'package_version', present ) and using hiera to control the software release. If you're doing this you want osfamily in the hiera structure. I've found this much superior to either of the following two choices. On Sep 25, 2013, at 10:13 AM, phundisk alex.farh...@currensee.com mailto:alex.farh...@currensee.com wrote: For me, when I was deciding to manage updates, there were two options for me. 1. Set everything to ensure latest and only use clones of centos/redhat repos for different environments such as QA, and production. The downside of here is that you need to manage every package in puppet, you will probably miss some. And that you'll need to keep clones of the repos for each environment, which AFAIK is about 100G per environment. 2. Just use ensure = present and use another solution such as spacewalk or satellite to manage updates. That is what I choose personally. It works out pretty good so far. On Tuesday, September 24, 2013 4:31:10 PM UTC-4, François Chenais wrote: Hello, I got many classes, using the well known template ... package ensure = XXX notify = service file require = package notify = service service require = File, Package ... with ensure value XXX set to 'latest'. This implies that package could be updated when I change a value in config file even if I don't want to update it ... especially in production ... A solution can be changing all ensure value to 'present' or 'installed' but I'm not the owner of the code so I would like to know if there is a way to - deactivate the package update through a command line option ? - change the ensure value using - a command line option - a fact - a tag - ??? More generally, what's the best practice to manage software updates using puppet : - ensure = present - fix pkg repositories :/ - ??? Thanks a lot François -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com mailto:puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com mailto:puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/30F8BCC6-5975-47C2-A574-2C54B67C5E71%40netconsonance.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52739877.5050002%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9
It's the same issue as this: https://projects.puppetlabs.com/issues/18205 It seems to be fixed already but not included in the current release version. Building Puppet and Facter from source resolves this issue so I'd expect it to be fixed in near future. -- Hannes Juutilainen On 30.10.2013, at 18.50, Paul Tötterman paul.totter...@gmail.com wrote: Hi, Is anyone else getting this: $ facter /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': cannot load such file -- facter/application (LoadError) from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require' from /usr/bin/facter:72:in `main' $ puppet /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require': cannot load such file -- puppet/util/command_line (LoadError) from /System/Library/Frameworks/Ruby.framework/Versions/2.0/usr/lib/ruby/2.0.0/rubygems/core_ext/kernel_require.rb:45:in `require' from /usr/bin/puppet:3:in `main' Both installed from packages which were downloaded from http://downloads.puppetlabs.com/mac/ Cheers, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0f6bf066-6afd-4db5-8ab1-c6db16afc457%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/BD7EE654-4725-45E1-B46C-C06C600348C4%40mac.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Dynamic Environments, r10k, gitolite and Non-environment Puppet Config
Hi all, Apologies if this has been dealt with before, but I haven't managed to find an answer yet. I have a working dynamic environments setup: * A gitolite repository (on a dedicated host) with multiple branches - one for each environment. * I use r10k ro deploy the environments on the master to $confdir/environments/$::environment. This all works *really* well, but I would also like to get the rest of the puppet configuration under version control (i.e. puppet.conf, hiera.yaml etc.). It's no problem to put the files in a repo, but I'm stuck on finding a way to deploy them. I tried using puppetlabs/vcsrepo, but it refuses to deploy files to a directory that isn't a repository. So I tried blowing away $confdir, then cloning it from the repo, then running r10k to populate the environments subdirectory. This looked ok, but puppet agent runs died horribly, reporting internal server errors (Web application could not be started). I guess this may be a file permissions issue, but it definitely made me think I'm going about this the wrong way. Has anyone else with a similar setup managed to solve this problem? Is it a simple matter of moving the confdir somewhere else, or is allowing puppet to manage its own config simply a Bad Idea? Any pointers would be greatly appreciated! Thanks, Simon. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7ed22796-d5f2-4874-a9d4-b225e122072d%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Installing and using a Puppet-Module
It's a good question, but I'm not sure this is possible. If the module isn't installed before compilation, then any resource types defined by ths module will be absent and the catalog won't compile. Are you trying to use puppet to install itself? If so, then the snake may be eating its own tail. On Thursday, 24 October 2013 13:55:35 UTC+1, ytmp123 wrote: Hi guys, I need your help: I'm trying to install the puppetlabs/apt-module and using it at the same time in the same file. As that module is not installed I get this error message: Error: Puppet::Parser::AST::Resource failed with error Argument error: Invalid resource type apt::force at /etc/puppet/modules/puppet_install/manifests/install_puppet_master.pp Can anyone give me some hint? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9b58e16d-986b-44f2-99d3-1149c02e6290%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Geppetto with Subversion
Hi John, I'm also new to Geppetto (using version 3.2.0), but I've found the built-in help to be really useful for configuring version control. I'm using Git, so a little different, but all the VCS options are under Window - Preferences - Team. If you expand Team, click on SVN then click on the question mark 'help' button in the bottom left hand corner, it should pop up a sidebar with a link to SVN Preferences. Click on this and you'll get the Subversive User Guide which runs through all the options. Hope that helps! Simon. On Wednesday, 30 October 2013 23:09:45 UTC, John Zimmerman wrote: I'm trying to use Geppetto 4 to develop puppet modules and check them in and out of subversion. I've got a subversion repositories setup via web dav. The Cloudsmith FAQ seems a bit vague. I've not used Eclipse much at all and am not sure how the subversion integration works. I saw a really cool video demo from the PuppetConf youtube channel using the Forge ( http://www.youtube.com/watch?v=TxeaEo2jKWQ). I'm wondering if anyone has recommendations for getting started using Geppetto with subversion? I've searched around a bit and might just be overlooking something that will answer my questions, but hopefully some one can point me in the right direction. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/def0045c-c78f-4ae7-afd0-db36e4b0ec84%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Facts and Stored Configs
So finally playing with PuppetDB and have to say its impressive. Planning on extending it slightly to be a CMDB. With that in mind, we produce test systems for developers to test the equipment they are developing on. So these systems are rapidly deployed then torn down. A requirement has been given to me to keep a snap shot of the systems and there configuration, so identical systems can be deployed at a later date. The systems have internally developed components each individually configured. Currently config files are delivered via templates and foreman ENC. So what I was thinking is can I write a fact that would effectively store all the config files as strings. These could then be recovered at a later date if required. What would be the pitfalls of doing this, and can anyone think of a better way ? Thanks, RIchie. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4a8195d5-e5b7-4751-99e5-86601627198e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9
It's the same issue as this: https://projects.puppetlabs.com/issues/18205 Thank you for digging it up for me. Somehow google just failed me. It seems to be fixed already but not included in the current release version. Building Puppet and Facter from source resolves this issue so I'd expect it to be fixed in near future. Are you saying that no official released packages from PuppetLabs work on OS X 10.9? And the fix is to be released on Puppet 3.4.0? For which no release date is set and there seems to be at least 3.3.2 before 3.4.0 will come out. Cheers, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e86bff0a-72e1-4dc8-a1a2-6878f27b4dc3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Unable to generate certificate on Puppet Agent through Master
To add on to Dan's steps which I used as a base. For PE 2.8.3, I had to do: (AGENT) sudo rm -rf /etc/puppetlabs/puppet/ssl/* (MASTER) puppet cert clean myserver.domain.com (AGENT) sudo puppet agent -t (MASTER) puppet cert list # confirmed new request was pending (MASTER) sudo /etc/init.d/pe-httpd restart (MASTER) puppet cert list # confirm request is STILL pending (MASTER) puppet cert sign -a # sign all pending requests On Monday, June 3, 2013 3:56:19 PM UTC-4, Dan Hyatt wrote: I got mine solved...on puppet labs enterprise edition.. On each Client which is not connecting right …giving that error on puppet agent -t cd /etc/puppetlabs/puppet/ ssl rm -rf ca certs public_keys certificate_requsts private_keys # make sure all files removed from SSL dir puppet agent –t # this will run a few minutes the first time. THEN On server: puppet cert clean p11.mync.com puppet cert list cd /etc/init.d/ ./pe-httpd restart puppet cert list puppet cert sign –a # if you recognize all the servers in your cert list. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/322a3989-9e95-4ab7-a97e-c2293a93d5ea%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Group ensure value doesn't work like user ensure value
On Friday, November 1, 2013 12:50:03 AM UTC-5, Doug_F wrote: Dominic, You may be running into some circular reasoning in how you are trying to setup the group/user. The user if GID is supplied will require the group. By linking the user as a dependency of the group causes puppet to choke. http://docs.puppetlabs.com/references/latest/type.html#user Autorequires: If Puppet is managing the user’s primary group (as provided in the gid attribute), the user resource will autorequire that group. If Puppet is managing any role accounts corresponding to the user’s roles, the user resource will autorequire those role accounts. No, Dominic's issue is not about actually about ordering relationships, which in fact he demonstrates to be working correctly. Autorequirements are never generated between resource pairs that have an explicit relationship declared between them -- this allows users to override automatic requirements, which is sometimes important. I think Dominic is right that there is just an inconsistency here. If a Group's 'ensure' parameter is not specified then the group's presence on the system is apparently unmanaged, though I would expect that any other properties specified are synced when the target group is in fact present. A User, on the other hand, is ensured present if no ensure value is explicitly specified. Neither behavior is documented. I am uncertain whether the two behaviors are consistent across Puppet versions. I seem to recall that 'ensure' used to default to 'present' for a great many built-in resource types, but my memory could be faulty on that. If behavior is historically consistent, even just within Puppet 3, then it is unlikely that PL will change it before Puppet 4, if at all. The workaround seems to be pretty apparent: explicitly specify your 'ensure' values. I think that's a pretty good practice anyway. It's especially good for related resource types such as Group and User, because whether you are ensuring present or absent has additional implications on how your manifests are written. If you are ensuring the User present, then you must manage it *after* the group (possibly by relying on the autorequirement), but if you are ensuring the user absent then it is best to manage it *before* the group. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/169dda2a-7234-4c0c-8b6c-c380d7d1cdad%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: need help !!!
On Thursday, October 31, 2013 9:03:08 AM UTC-5, Rakesh K wrote: Can someone please help or let me knw if you need any info from side ? For an urgent issue you should consider seeking paid support from PuppetLabs. Volunteer forumites do not tend to respond well to demands for urgent attention. With that said, the exception you are encountering is in the should not happen category. It indicates that the Ruby interpreter in which Puppet is running has exhausted its available runtime stack space by executing too many nested function calls (possibly through infinite recursion); the meaning of too many depends in part on the size of the parameters and local variables of each function involved. If the problem is a deep, but not infinite, nest of calls then it is conceivable that you could resolve the issue (on Windows) by increasing Ruby's stack reservation via an appropriate application of the editbin program to the relevant ruby.exe. I cannot actually recommend doing this, however, and I will not provide further information because if you pursue that course then you need to understand exactly what you are doing. Research it. Supposing, though, that the problem is inherent in the manifests you are trying to apply -- perhaps an infinite recursion in a template or a custom provider, for example -- it would be reasonable to attempt to narrow down the issue to the resource(s) or class(es) that causes it. Start by switching to an empty node declaration for the target node to verify that the issue is tied to one or more classes or resources, then add classes back in in a systematic way until you can reproduce the error. Try to narrow it down to the minimum set of classes with which you can reproduce the error. Once you have it narrowed down, if you have not yet identified the issue then come back here with the class (or classes) that is causing the issue. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/44dc99d0-e913-40f3-a52b-b77a4d644dad%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: I'm to a dead end
On Thursday, October 31, 2013 4:39:15 AM UTC-5, Valentin Todorov wrote: Hi all, I am new to Puppet and now I do some test with 2 Virtual Machines running Centos 6.4 and puppet 3.3.1 And I manage to sign the client cert, but still I can not get any file updated on the client VM. If I run the client in test mode puppet agent --server=p-master.localdomain --noop --test There is no errors in the output. Info: Retrieving plugin Info: Caching catalog for p-slave.localdomain Info: Applying configuration version '138353' Notice: Finished catalog run in 0.03 seconds All logs seems clean and the only suspicious thing is in the /var/log/puppet/masterhttp.log: DEBUG Puppet::Network::HTTP::WEBrickREST is invoked. What does WEBrickREST is invoked. means and is this my problem of not updating the client. It means that something invoked Puppet's built-in REST interface. It probably reflects ordinary operation (and note that it is only a DEBUG-level message). Your symptoms appear to indicate that the client is receiving an empty catalog. Do you have reason to expect different? In particular, do not be confused about Puppet modules: installing a module on the master makes it * available* to be used to configure clients, but does not in itself *cause*it to be used. You must still tell the master what to apply to each client. The quickest way to do that is via one or more node declarations in, or imported by, your site.pp manifest: http://docs.puppetlabs.com/learning/agent_master_basic.html#node-definitions . John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1719bf49-356c-4d88-b7e7-8932619f2690%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Dynamic Environments, r10k, gitolite and Non-environment Puppet Config
Turns out there was a very simple solution to this: Create a new modules for the files, and deploy via r10k as part of the default environment. Puppet Master manage thyself... Simon. On Friday, 1 November 2013 11:51:31 UTC, Simon Young wrote: Hi all, Apologies if this has been dealt with before, but I haven't managed to find an answer yet. I have a working dynamic environments setup: * A gitolite repository (on a dedicated host) with multiple branches - one for each environment. * I use r10k ro deploy the environments on the master to $confdir/environments/$::environment. This all works *really* well, but I would also like to get the rest of the puppet configuration under version control (i.e. puppet.conf, hiera.yaml etc.). It's no problem to put the files in a repo, but I'm stuck on finding a way to deploy them. I tried using puppetlabs/vcsrepo, but it refuses to deploy files to a directory that isn't a repository. So I tried blowing away $confdir, then cloning it from the repo, then running r10k to populate the environments subdirectory. This looked ok, but puppet agent runs died horribly, reporting internal server errors (Web application could not be started). I guess this may be a file permissions issue, but it definitely made me think I'm going about this the wrong way. Has anyone else with a similar setup managed to solve this problem? Is it a simple matter of moving the confdir somewhere else, or is allowing puppet to manage its own config simply a Bad Idea? Any pointers would be greatly appreciated! Thanks, Simon. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7b1f202b-98a7-470c-8538-94d31c1d9585%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] facter-1.7.3 and puppet-3.3.1 on OS X Mavericks 10.9
I don't know anything about the release plan or schedule (perhaps someone from Puppet Labs could chime in)… Looks bad though: https://projects.puppetlabs.com/issues/21868 — Hannes On 1.11.2013, at 15.16, Paul Tötterman paul.totter...@gmail.com wrote: It's the same issue as this: https://projects.puppetlabs.com/issues/18205 Thank you for digging it up for me. Somehow google just failed me. It seems to be fixed already but not included in the current release version. Building Puppet and Facter from source resolves this issue so I'd expect it to be fixed in near future. Are you saying that no official released packages from PuppetLabs work on OS X 10.9? And the fix is to be released on Puppet 3.4.0? For which no release date is set and there seems to be at least 3.3.2 before 3.4.0 will come out. Cheers, Paul -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e86bff0a-72e1-4dc8-a1a2-6878f27b4dc3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/92235571-7103-4BA8-9F8B-642008709187%40mac.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Running Puppet with Ruby 1.9.3 on RHEL/Centos 6.4
My apologies in advance if this is a solved problem (which I hope it is), but I've been looking for answers for a while and haven't found anything substantive. Our standard OS version is moving from CentOS 5.8 to CentOS 6.4. We're simultaneously getting ready to move from puppet 2.7 to 3.x. A significant amount of effort has been undertaken in the past to build ruby 1.9 packages that install alongside system ruby as well as custom puppet packages to make use of the ruby 1.9 install. I'm hoping there's a better/simpler/easier to maintain way to do this. SCL seems promising, but it looks like custom puppet RPMs would still need to be built. I've noticed that TheForeman has a ruby193-puppet package that leverages SCL, but it seems stalled at Puppet 3.1.1. Short of moving to Puppet Enterprise, is there a prescribed or generally accepted method for running puppet with ruby 1.9.3? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/dd588e3f-5d22-4d57-9bd5-f706dd956d66%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Monitoring services
Hello, I have multiple instances of a service running on linux server. This service has status, restart, start and stop init scripts. One of the instances keeps dying for unknown reasons (probably network related). I have puppet configured to monitor the service but it doesnt consider it to be down when one of the instances dies. Is there a way to configure puppet to initiate restart when one of the instances dies? Here is my current config class myApp::service { service { myService: ensure = running, hasstatus = true, hasrestart = true, enable = true, } } Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5de0eace-4117-4ac1-8cd2-23e6efc17237%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Monitoring services
You better use another tool for this that will provision your process. There are many examples for this: http://smarden.org/runit/ http://upstart.ubuntu.com/cookbook/ http://mmonit.com/monit/ maybe more. I am currently using upstart and it is maybe one of the easiest to setup and integrates with the puppet service type -- Nikola On Fri, Nov 01, 2013 at 08:41:43AM -0700, Yasha Zislin wrote: Hello, I have multiple instances of a service running on linux server. This service has status, restart, start and stop init scripts. One of the instances keeps dying for unknown reasons (probably network related). I have puppet configured to monitor the service but it doesnt consider it to be down when one of the instances dies. Is there a way to configure puppet to initiate restart when one of the instances dies? Here is my current config class myApp::service { service { myService: ensure = running, hasstatus = true, hasrestart = true, enable = true, } } Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5de0eace-4117-4ac1-8cd2-23e6efc17237%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131101164046.GE28337%40nikolavp-desktop. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Augeas JSON example?
Greetings. I'm trying to find a few concrete examples of how to use augeas within a Puppet module, to make changes to a JSON file. I've been googling for the past hour and a half, and while I have found several pages which provide reference-type documentation, I have yet to see a single usable example. All of the augeas examples seem to demonstrate how to maintain a file for which some other lens applies, such as /etc/hosts or /etc/ssh/sshd_config. My situation: I have a system-wide JSON file which contains a series of key-value pairs, like so: { svc_host : server.domain.xyz , svc_port : 12345 , svc_user : username , svc_pass : password , versions : [ 1.0 , 1.0.1 , 1.0.2 ] , agent_installed : 1383331588 , comment : This is a gratuitous comment. } I know that JSON is probably not be the best format for the file, but it's human readable, and it saves us having to write and debug configuration file parsing routines in seven different languages on four platforms. I would like to be able to use Puppet modules to maintain the file. My first thought, of course, was to use a template, but there are several different components of the system which all store data in the one file, so different modules need to maintain different sets of keys within the file. Is anybody doing something similar, and if so, would you mind sharing the relevant bits of your manifests? Or point me to an example of a WORKING augeas resource which adds or -- John Simpson j...@voalte.com Unix System/VM Developer and Engineering Operations, Voalte +1 (941) 312-2830 x148 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8A01C2C3-83D6-4FBA-9EB3-CEE69C7D8E3D%40voalte.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Pushing LDAP data into Puppet-template
You would be better off using puppet to manage your ldap-backed dhcp server. That way data changes aren't dependent on when your puppet agent run happens. On Fri, Nov 01, 2013 at 01:17:27PM -0700, ytmp123 wrote: Hi guys, I'm trying to find a way how to push LDAP-Data into a Puppet template. My problem is: I want to install a DHCP-Server with the help of a puppet-manifest. All the data for this DHCP-Server is stored in a LDAP-Server. So I also want to put the dhcpd.conf together out of all the LDAP-Data and then I want to push this dhcpd.conf-file onto the fresh-installed DHCP-Server. How can I put together the dhcpd.conf file? Has anybody an idea? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit [1]https://groups.google.com/d/msgid/puppet-users/6ad9b33f-cc0c-46c0-9b76-7ddcf8b47044%40googlegroups.com. For more options, visit [2]https://groups.google.com/groups/opt_out. References Visible links 1. https://groups.google.com/d/msgid/puppet-users/6ad9b33f-cc0c-46c0-9b76-7ddcf8b47044%40googlegroups.com 2. https://groups.google.com/groups/opt_out -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131101204014.GA16637%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] package conflict resolution method:
Hello, list: I have two puppet modules that are unrelated to each other, but both have (unrelated) Python scripts that parse YAML. As such, both have a block like the following in their manifests for the PyYAML script dependency: package { 'PyYAML': ensure = installed, } If I try and include both modules on the same server this causes an obvious conflict as the PyYAML package is now defined in two different package{} blocks. Can the list please advise on what best practice is in this case? I'd prefer not to create a whole other module just to do a class dependency for PyYAML, but if that is best practice so be it. Please let me know if I'm overlooking any other solutions. Thanks! --Tom N. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131101160320.736bf186%40vncBox.tjnii.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] package conflict resolution method:
On Fri, Nov 1, 2013 at 2:03 PM, Tom Noonan t...@tjnii.com wrote: Can the list please advise on what best practice is in this case? Hi Tom, The puppetlabs/stdlib module includes the ensure_packages() and ensure_resource() functions. Both are intended for expressing common resources which will only be included in your catalog if they're not already in it. You can read more about it here: http://forge.puppetlabs.com/puppetlabs/stdlib -- Ryan Coleman | Modules Forge | ryanycoleman on twitter #puppet IRC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFkZv1v0R1RTJiOJdwEs845GWzFvJm5DpqWwpmKYj7HC%3DnM62w%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] package conflict resolution method:
That looks like a good solution, thanks! On Fri, 1 Nov 2013 14:11:44 -0700 Ryan Coleman r...@puppetlabs.com wrote: On Fri, Nov 1, 2013 at 2:03 PM, Tom Noonan t...@tjnii.com wrote: Can the list please advise on what best practice is in this case? Hi Tom, The puppetlabs/stdlib module includes the ensure_packages() and ensure_resource() functions. Both are intended for expressing common resources which will only be included in your catalog if they're not already in it. You can read more about it here: http://forge.puppetlabs.com/puppetlabs/stdlib -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131101161629.0fd702d0%40vncBox.tjnii.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] package conflict resolution method:
Tom, I've actually been working with similar issues lately (and am in the process of working on a virtualenv module). I have a python module that includes classes for the common dependencies (i.e. require python::pyyaml) and have been pretty happy with that pattern so far, but if you want, I believe the stdlib ensure_packages() can also do this. -jantman On 11/01/2013 05:03 PM, Tom Noonan wrote: Hello, list: I have two puppet modules that are unrelated to each other, but both have (unrelated) Python scripts that parse YAML. As such, both have a block like the following in their manifests for the PyYAML script dependency: package { 'PyYAML': ensure = installed, } If I try and include both modules on the same server this causes an obvious conflict as the PyYAML package is now defined in two different package{} blocks. Can the list please advise on what best practice is in this case? I'd prefer not to create a whole other module just to do a class dependency for PyYAML, but if that is best practice so be it. Please let me know if I'm overlooking any other solutions. Thanks! --Tom N. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52741ADE.7030504%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] python virtualenv module
Hello, community, I work for a python/Django shop (we run supposedly one of the largest Django apps out there), and we're just starting to use Puppet for handling python stuff (and hopefully application deploys, eventually). We're currently using a hacked up version of Mozilla RelEng's excellent and quite helpful python module to handle virtualenv creation and pip package installation - but the module (or at least our version of it) doesn't handle requirements files, and uses a define to pip install packages, so a given package can only be installed in one venv on a node. Is anyone aware of a better, more complete python/virtualenv module? I've seen stankevich/python on the forge, which handles requirements files but doesn't fix the issue with only being able to install a given package once per node (which, AFAIK, can be fixed with a native provider but not a defined type). If not, does anyone have interest in collaborating or contributing to a more feature-complete python/virtualenv module? If anyone's interested in collaborating, or can suggest an existing module (stankevich's? or moz releng?) to start with, I've spoken with one of the pip/virtualenv maintainers and he's interested in finding something suitable that could become the official module. Thanks for any advice, input or suggestions, Jason Antman jantman (ccing djmitche as I can't find a mozilla releng email list) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/527424AE.30902%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How to determine puppet environment when using passenger
Hello, I am trying to figure out what the best way to use puppet when I am using passenger. I noticed that if I log in as my normal user on Ubuntu 12.04, and run puppet config print it gives me the incorrect configuration than what I think I am running when I am using apache/passenger/puppet For example, it shows my confdir as being in my users homedir/.puppet instead of /etc/puppet When i log in as root, and run the command, everything looks correct. Am I just supposed to work in root all the time when I am running puppet's commands? I noticed this is also a problem when I am having a custom modulepath..if I run puppet install module as a user, it puts it in my home dir, instead of in the configured modulepath i have in my puppet.conf Please advise - Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/589c9a47-3318-46ee-94e4-85c286fec780%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Monitoring services
Jantman, The problem is that init status script does return 0 when puppet checks the service. Since I have one of the two instances of service running, init script returns 0 and that's not cool. Multiple instances just run with different parameters like interface. So when you look at ps auxf, you would see two entries. When you run init status script, it returns two PIDs. After I posted this question, I got an idea. I've tweaked my init script so when one instance dies, return value is non-zero. Or in fact it is 3 which means that service is dead. Now the problem is that puppet doesnt restart it for some reason. It states that service status has changed from stopped to running but the service restart command does not get initiated. P.S. Thanks nikolavp for response but I need to get this working with puppet. On Friday, November 1, 2013 5:17:25 PM UTC-4, Jason Antman wrote: Yasha, What distribution are you running? Is there any chance that you've specified somewhere a non-default provider for the Service type? I'm confused... this doesn't seem to be a Puppet issue to me. You include hasstatus = true... so Puppet should restart the service if your init script returns non-0. Are you sure your init script is returning non-zero to trigger the restart? How are you configuring the multiple instances? The myApp::service class that you show below can only be applied once on a given node. -jantman On 11/01/2013 11:41 AM, Yasha Zislin wrote: Hello, I have multiple instances of a service running on linux server. This service has status, restart, start and stop init scripts. One of the instances keeps dying for unknown reasons (probably network related). I have puppet configured to monitor the service but it doesnt consider it to be down when one of the instances dies. Is there a way to configure puppet to initiate restart when one of the instances dies? Here is my current config class myApp::service { service { myService: ensure = running, hasstatus = true, hasrestart = true, enable = true, } } Thanks. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5de0eace-4117-4ac1-8cd2-23e6efc17237%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cd959b13-bc2f-44c1-8cf5-30f0521cd723%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to determine puppet environment when using passenger
Derek, In most circumstances, yes, you should be running puppet commands as root (via sudo). Running via sudo seems to be the standard, and the best practice, in Linux environments. You could use some other methods if you have a... unusual... environment, but running puppet commands as a normal user will both look in the user's home directory by default, and won't be able to do most things that puppet normally does, as it will need root privileges to do things like installing packages and altering system-wide configuration files. It's been a while since I've looked, but the puppet documentation (http://docs.puppetlabs.com/puppet/) should cover this. -jantman On 11/01/2013 06:01 PM, Derek Cole wrote: Hello, I am trying to figure out what the best way to use puppet when I am using passenger. I noticed that if I log in as my normal user on Ubuntu 12.04, and run puppet config print it gives me the incorrect configuration than what I think I am running when I am using apache/passenger/puppet For example, it shows my confdir as being in my users homedir/.puppet instead of /etc/puppet When i log in as root, and run the command, everything looks correct. Am I just supposed to work in root all the time when I am running puppet's commands? I noticed this is also a problem when I am having a custom modulepath..if I run puppet install module as a user, it puts it in my home dir, instead of in the configured modulepath i have in my puppet.conf Please advise - Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/589c9a47-3318-46ee-94e4-85c286fec780%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5274625F.5060007%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] python virtualenv module
On 11/2/2013 3:31 AM, Jason Antman wrote: [snip] package installation - but the module (or at least our version of it) doesn't handle requirements files, and uses a define to pip install packages, so a given package can only be installed in one venv on a node. I have a hacked-up python virtualenv module, since I hadn't seen any when I started out. I got around the singleton define problem you've outlined by adding an optional package name parameter, which defaults to the name of the define. This way you can keep the old behaviour for simple cases: python::virtualenv::package { 'packagename': venv = 'destination env' } but in the case where you want the same package in two environments, you use a globally unique resource name and use the optional param: python::virtualenv::package { 'env-packagename': venv = 'destination env', package_name = 'packagename' } When these defines are called internally (as a side effect of installing dependencies for an app, for example), I always use the latter format. That doesn't fix the requirements.txt problem, of course. I've been looking at that too, but I don't feel that a pure puppet DSL solution is necessarily the right way to approach it. A custom ruby plugin might be a better solution. -Taj. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/527494B5.60708%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.