[Puppet Users] puppetize tool to automate puppet module development process.
Hi Community, As part of a small project I'm working on an automated script to help me develop puppet modules. The tool is called puppetize and is available as a gem and on github: https://github.com/BreinsNet/puppetize The goal is to easy puppet module development process and to help on standardize structures and best practices. At this point is just a Proof of Concept and I'm looking forward to hear back from you guys on how useful this tool can be. Any comments / suggestions and critics are more than welcome. Cheers and thanks! Juan Breinlinger Breins.net -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3523509a-5484-4759-818d-b5fc5df0deac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Ruby-Code in Puppet
You can use inline_template(%= var = your ruby code here %) Cheers On Monday, November 4, 2013 2:23:34 PM UTC, jcbollinger wrote: On Saturday, November 2, 2013 5:03:13 PM UTC-5, ytmp123 wrote: Hi guys, I've two questions: 1. How can I execute normal Ruby-Code in a Puppet-Template? See any onine docs / tutorials on ERB, though there really isn't much to it. The docs Jo pointed you to are as good as any, and they cover the details particular to Puppet's use of ERB. 2. How can I execute normal Ruby-Code in a Puppet-Manifest? Not directly, no, but it is relatively easy to create custom functions (in Ruby) that your manifests can call just like Puppet's built-ins. These are often a better vehicle for general-purpose Ruby code than are templates. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/91c0a2da-3d74-4e27-aa27-9534daa60564%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Maintenance completed successfully - Re: Redmine maintenance 11/04 7PM-8PM PST
Maintenance has been completed successfully and projects.puppetlabs.com is available once more. Matt Kirby On Nov 4, 2013, at 3:10 PM, Matt Kirby ki...@puppetlabs.com wrote: Hello, I'm writing to inform you that projects.puppetlabs.com will be undergoing maintenance this evening from 7PM to 8PM PST. There will be a short period of downtime as the application is shut down and minor additional functionality is added. I will send out follow up communication when the maintenance has been completed. Thank you, Matt Kirby - ki...@puppetlabs.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/A7EF6ABF-B424-455E-B34A-BC65F58C4A02%40puppetlabs.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] firewall pre rules not being applied
We are using the puppetlabs-firewall (https://forge.puppetlabs.com/puppetlabs/firewall) to manage our firewall rules. We were having issues with the firewall rules causing the client to lose it's connection to the pupeptmaster during it's initial run, so we followed the advise in this issue thread: https://github.com/puppetlabs/puppetlabs-firewall/issues/239#issuecomment-26443579 (you can see my comment last on that thread). However whilst the new puppet client will configure successfully it does not apply any of the pre rules at all, even on successive runs. Here is the firewall related stuff from our site.pp: class firewall-myrules { Firewall { before = Class['my-firewall-base::post'], require = Class['my-firewall-base::pre'], } class { ['my-firewall-base::pre', 'firewall', 'my-firewall-base::post']: } - resources { 'firewall': purge = true } } Any ideas why this might be happening? It's probably the last piece we need to sort in order to start using this in production. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bd9d3b37-6cad-4d7f-a612-19afe06a13a1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Firewall Issues
We are using the puppetlabs-firewall module (https://forge.puppetlabs.com/puppetlabs/firewall) and we were having the issue where by the rules would cause the client to lose connectivity on it's first run. We solved these issues using the advise found here: https://github.com/puppetlabs/puppetlabs-firewall/issues/239#issuecomment-26443579 But no we are having an issue in that our pre rules do not get applied even on successive runs of puppet. Our logic for firewall in site.pp is: class firewall-myrules { Firewall { before = Class['my-firewall-base::post'], require = Class['my-firewall-base::pre'], } class { ['my-firewall-base::pre', 'firewall', 'my-firewall-base::post']: } - resources { 'firewall': purge = true } } Any ideas what might be causing these issues? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7d308d7d-fdbe-46e4-8f93-031a7cd986e5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Security of facts (aka: who can see my facts?)
On Monday, November 4, 2013 10:36:01 AM UTC-6, tujwww wrote: puppetdb also expose facts etc. details via api calls too, you might want to check that out. take a look at hiera-gpg puppet module to store hiera variables in encrypted form, it will provide enough security on hiera/git side. I would strongly recommend securing access to PuppetDB's REST API. I think by default it is accessible only from the host machine, and that may be good enough, but check that I'm right. Certainly your master should run on a machine that is secured to only personnel authorized to have the information that it serves. I cannot recommend using hiera-gpg with Puppet 3 if you make heavy use of parameterized classes (which is typical these days). Hiera-gpg will decrypt its data file not only for each datum stored therein, but also for every hiera lookup miss (to verify that it is indeed a miss). Puppet 3 performs a hiera lookup for at least each class parameter that is not assigned in a class declaration, and that can exact an excruciating performance penalty when many of those lookups fall through to hiera-gpg. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/525bbd6f-bea0-4751-b1a1-f4a00ba98b05%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Security of facts (aka: who can see my facts?)
On Monday, November 4, 2013 6:52:51 PM UTC-6, Tom Noonan wrote: But that doesn't address the concern that you can't auto generate values and store them in Heira, as Arnaud mentioned. Is our understanding on this flawed? I see a Puppet source on http://docs.puppetlabs.com/hiera/1/data_sources.html#puppet, but that just says Coming soon. My solution thus far, for file based passwords like Bind keys and Bacula passwords, has been to generate passwords on the puppetmaster and then pull the values into templates via file reads. This relies on the filesystem security of the puppetmaster, but if that is gone you're pretty well hosed anyway. The generation script on the puppetmaster handles password aging and regeneration. Not the most graceful solution, but it works well for me. If there is a better way I'd love to hear it, however. It is relatively easy to write a custom hiera back end, in which you can use whatever code you like to lookup or generate a value for any given key (or not). You could use such a thing to integrate password generation and recall (and even encrypted storage, if desired) into hiera. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1e7cd9de-3600-4da6-8295-971fdb5d6dc0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: facter timeouts
On Monday, November 4, 2013 10:38:00 AM UTC-6, james.e...@fasthosts.com wrote: Hi, I am having some issues with facter on a couple of servers which have a large number of ip addresses. Essentially, all my puppet runs time out because facter takes in excess of 25 seconds to populate the facts. Here is the list of interfaces - pretty much each one has an IP assigned. interfaces = eth0,eth1,eth1_1,eth1_2,eth1_3,eth1_4,eth1_5,eth1_6,eth1_7,eth1_8,eth1_9,eth1_10,eth1_11,eth1_12,eth1_13,eth1_14,eth1_15,eth1_16,eth1_17,eth1_18,eth1_19,eth1_20,eth1_21,eth1_22,eth1_23,eth1_24,eth1_25, eth1_26,eth1_27,eth1_28,eth1_29,eth1_30,eth1_31,eth1_32,eth1_33,eth1_34,eth1_35,eth1_36,eth1_37,eth1_38,eth1_39,eth1_40,eth1_41,eth1_42,eth1_43,eth1_44,eth1_45,eth1_46,eth1_47,eth1_48,eth1_49,eth1_50, eth1_51,eth1_52,eth1_53,eth1_54,eth1_55,eth1_56,eth1_57,eth1_58,eth1_59,eth1_60,eth1_61,eth1_62,eth1_63,eth1_64,eth1_65,eth1_66,eth1_67,eth1_68,eth1_69,eth1_70,eth1_71,eth1_72,eth1_73,eth1_74,eth1_75, eth1_76,eth1_77,eth1_78,eth1_79,eth1_80,eth1_81,eth1_82,eth1_83,eth1_84,eth1_85,eth1_86,eth1_87,eth1_88,eth1_89,eth1_90,eth1_91,eth1_92,eth1_93,eth1_94,eth1_95,eth1_96,eth1_97,eth1_98,eth1_99,eth1_100, eth1_101,eth1_102,eth1_103,eth1_104,eth1_105,eth1_106,eth1_107,eth1_108,eth1_109,eth1_110,eth1_111,eth1_112,eth1_113,eth1_114,eth1_115,eth1_116,eth1_117,eth1_118,eth1_119,eth1_120,eth1_121,eth1_122, eth1_123,eth1_124,eth1_125,eth1_126,eth1_127,eth1_128,eth1_129,eth1_130,eth1_131,eth1_132,eth1_133,eth1_134,eth1_135,eth1_136,eth1_137,eth1_138,eth1_139,eth1_140,eth1_141,eth1_142,eth1_143,eth1_144, eth1_145,eth1_146,eth1_147,eth1_148,eth1_149,eth1_150,eth1_151,eth1_152,eth1_153,eth1_154,eth1_155,eth1_156,eth1_157,eth1_158,eth1_159,eth1_160,eth1_161,eth1_162,eth1_163,eth1_164,eth1_165,eth1_166, eth1_167,eth1_168,eth1_169,eth1_170,eth1_171,eth1_172,eth1_173,eth1_174,eth1_175,eth1_176,eth1_177,eth1_178,eth1_179,eth1_180,eth1_181,eth1_182,eth1_183,eth1_184,eth1_185,eth1_186,eth1_187,eth1_188, eth1_189,eth1_190,eth1_191,eth1_192,eth1_193,eth1_194,eth1_195,eth1_196,eth1_197,eth1_198,eth1_199,eth1_200,eth1_201,eth1_202,eth1_203,eth1_204,eth1_205,eth1_206,eth1_207,eth1_208,eth1_209,eth1_210,eth1_211, eth1_212,eth1_213,eth1_214,eth1_215,eth1_216,eth1_217,eth1_218,eth1_219,eth1_220,eth1_221,eth1_222,eth1_223,eth1_224,eth1_225,eth1_226,eth1_227,eth1_228,eth1_229,eth1_230,eth1_231,eth1_232,eth1_233,eth1_234, eth1_235,eth1_236,eth1_237,eth1_238,eth1_239,eth1_240,eth1_241,eth1_242,eth1_243,eth1_244,eth1_245,eth1_246,eth1_247,eth1_248,eth1_249,eth1_250,eth1_251,eth1_252,eth1_253,eth1_254,eth1_255,eth1_256,eth1_257, eth1_258,eth1_259,eth1_260,eth1_261,eth1_262,eth1_263,eth1_264,eth1_265,eth1_266,eth1_267,eth1_268,eth1_269,eth1_270,eth1_271,eth1_272,eth1_273,eth1_274,eth1_275,eth1_276,eth1_277,eth1_278,eth1_279,eth1_280, eth1_281,eth1_282,eth1_283,eth1_284,eth1_285,eth1_286,eth1_287,eth1_288,eth1_289,eth1_290,eth1_291,eth1_292,eth1_293,eth1_294,eth1_295,eth1_296,eth1_297,eth1_298,eth1_299,eth1_300,eth1_301,eth1_302,eth1_303, eth1_304,eth1_305,eth1_306,eth1_307,eth1_308,eth1_309,eth1_310,eth1_311,eth1_312,eth1_313,eth1_314,eth1_315,eth1_316,eth1_317,eth1_318,eth1_319,eth1_320,eth1_321,eth1_322,eth1_323,eth1_324,eth1_325,eth1_326, eth1_327,eth1_328,eth1_329,eth1_330,eth1_331,eth1_332,eth1_333,eth1_334,eth1_335,eth1_336,eth1_337,eth1_338,eth1_339,eth1_340,eth1_341,eth1_342,eth1_343,eth1_344,eth1_345,eth1_346,eth1_347,eth1_348,eth1_349, eth1_350,eth1_351,eth1_352,eth1_353,eth1_354,eth1_355,eth1_356,eth1_357,eth1_358,eth1_359,eth1_360,eth1_361,eth1_362,eth1_363,eth1_364,eth1_365,eth1_366,eth1_367,eth1_368,eth1_369,eth1_370,eth1_371,eth1_372, eth1_373,eth1_374,eth1_375,eth1_376,eth1_377,eth1_378,eth1_379,eth1_380,eth1_381,eth1_382,eth1_383,eth1_384,eth1_385,eth1_386,eth1_387,eth1_388,eth1_389,eth1_390,eth1_391,eth1_392,eth1_393,eth1_394,eth1_395, eth1_396,eth1_397,eth1_398,eth1_399,eth1_400,eth1_401,eth1_402,eth1_403,eth1_404,eth1_405,eth1_406,eth1_407,eth1_408,eth1_409,eth1_410,eth1_411,eth1_412,eth1_413,eth1_414,eth1_415,eth1_416,eth1_417,eth1_418, eth1_419,eth1_420,eth1_421,eth1_422,eth1_423,eth1_424,eth1_425,eth1_426,eth1_427,eth1_428,eth1_429,eth1_430,eth1_431,eth1_432,eth1_433,eth1_434,eth1_435,eth1_436,eth1_437,eth1_438,eth1_439,eth1_440,eth1_441, eth1_442,eth1_443,eth1_444,eth1_445,eth1_446,eth1_447,eth1_448,eth1_449,eth1_450,eth1_451,eth1_452,eth1_453,eth1_454,eth1_455,eth1_456,eth1_457,eth1_458,eth1_459,eth1_460,eth1_461,eth1_462,eth1_463,eth1_464, eth1_465,eth1_466,eth1_467,eth1_468,eth1_469,eth1_470,eth1_471,eth1_472,eth1_473,eth1_474,eth1_475,eth1_476,eth1_477,eth1_478,eth1_479,eth1_480,eth1_481,eth1_482,eth1_483,eth1_484,eth1_485,eth1_486,eth1_487, eth1_488,eth1_489,eth1_490,eth1_491,eth1_492,eth1_493,eth1_494,eth1_495,eth1_496,eth1_497,eth1_498,eth1_499,eth1_500,eth1_501,eth1_502,eth1_503,eth1_504,eth1_505,eth1_506,eth1_507,eth1_508,eth2,eth3,lo,sit0 There are just over 500 entries. I also
Re: [Puppet Users] Re: Security of facts (aka: who can see my facts?)
jcbollinger john.bollin...@stjude.org writes: It is relatively easy to write a custom hiera back end, in which you can use whatever code you like to lookup or generate a value for any given key (or not). You could use such a thing to integrate password generation and recall (and even encrypted storage, if desired) into hiera. Thanks, I had not thought about a custom Hiera back-end but that makes sense. -- A -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/y9hd2mean2v.fsf%40licencieux.ircam.fr. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] HELP!!! puppet-enterprise-3.1.0-el-6-i386 master/agent test fails
From that error message it looks like time is not in sync between all of your machines. Have you run ntpdate on them all (or is ntpd running)? On Fri, Nov 1, 2013 at 3:11 PM, ssharks2...@gmail.com wrote: I installed PE Master on one VM and Agents on two VMs pointing to master . Agent1 VM 64 bit works fine , but agent2 VM 32 bit fails with below error. Only difference is architecture. One more note both the agent nodes were accepted from Dashboard,so master has both the certificates. Any help will be greatly appreciated. puppet-enterprise-3.1.0-el-6-i386]# puppet agent --test Info: Caching certificate for Info: Caching certificate_revocation_list for ca Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=hostname Info: Retrieving plugin Error: /File[/var/opt/lib/pe-puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=] Error: /File[/var/opt/lib/pe-puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=] Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=] Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL is not yet valid for /CN=v] Thank you http://stackoverflow.com/questions/tagged/puppet -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5bfa43f6-0f51-4135-9dc9-52fa7d4ab10c%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAez%3DEL%3DLyMKZ_D%2BdTdOnddj%3D4JqM%2BZpHaKk-TdsGNKE%3Dw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Firewall module during kickstart
Adam, I haven't tried that myself but you have to keep in mind that the EL kickstart environment is not the same as a fully functional installation. A number of things are oddly broken, like there's no valid runlevel. It might be possible to use a fact to tell if iptables is working if your in a kickstart env and branch on that. You could also uses the tags feature to only apply a subset of modules in your post script. -Josh -- On 11/05/2013 09:47 AM, Adam wrote: Has anyone had success implementing the puppet firewall module during the kickstart of a RHEL6 server? I'm getting the following error: // /can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded./ Research revealed the iptables_filter is not found during kickstart: / /sbin/modprobe iptables_filter FATAL: Module iptables_filter not found./ One option i was considering was implementing a tag to essentially ignore the firewall module and all firewall resources if a kickstart tag is present, but i have no idea how to implement that. Any help would be most appreciated! - Adam -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d2f93c78-1f99-4f69-b15a-9add8178acac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5279464B.5000807%40cpan.org. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Zone-file out of LDAP
Hi guys, I want to put all the data, which is needed for my zone-files into OpenLDAP. Next I need a tool, which creates zone-files out of the information which is stored in OpenLDAP. Have you any idea how to do that? Really thanks in advance! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4276f04a-8a88-4379-86aa-851038986bb0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Dashboard running in masterless puppet
I just came across the dynamic of running Puppet in a masterless mode. Was there a tutorial that you had followed in order to configure it that way? Thanks! On Monday, November 4, 2013 12:21:14 AM UTC-5, Gonzalo wrote: Hi All, I'm running Puppet in masterless mode and trying to make Puppet dashboard play nice with it in this non-standard setup. I'd love to hear how other people are doing this. The process I have in mind is: 1) Run puppet apply from cron on each node 2) Rsync (using --remove-sent-files) the reports from each node's /var/lib/puppet/reports dir back to the puppet dashboard server 3) Run rake:import The issue I'm having is that rake:import will create a new failed task for every report that already exists in the database. It does skip them, but I don't want to be notified it's a failed task when it skips them. I was thinking of deleting old reports, but given that they get imported by the delayed task workers, it is hard to know which reports have been processed to avoid deleting a report that hasn't been imported yet. If I can find a way to stop it reporting skipped reports as failed tasks, then I should be OK. Any ideas? Anyone else running Puppet dashboard with masterless Puppet? - GS -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1ba01e3a-f206-4aca-b7ab-79e924d05d81%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] pupplet-labs/firewall module errors
I'm getting this same error, but for me it shows up from a basic puppet resource firewall; root@drawer:/etc/puppet/environments/development/modules# puppet resource firewall Error: Could not run: Invalid address from IPAddr.new: ! root@drawer:/etc/puppet/environments/development/modules# irb irb(main):001:0 require 'ipaddr' = true irb(main):002:0 IPAddr.new = #IPAddr: IPv6::::::::/::::::: My ip config; root@drawer:/etc/puppet/environments/development/modules# ip addr 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0 inet6 fe80::225:90ff:fea7:9879/64 scope link valid_lft forever preferred_lft forever 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1 inet6 fe80::225:90ff:fea7:9878/64 scope link valid_lft forever preferred_lft forever On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote: On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar ajk...@gmail.comjavascript: wrote: i see this error on the daemon.log of the agent machine Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: ! Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds if anyone has any prior experience with this, please let me know I haven't seen this before but - can you show me a full iptables from an existing client, a full ifconfig, and maybe even the result of: $ irb irb(main):002:0 require 'ipaddr' = true irb(main):003:0 IPAddr.new = #IPAddr: IPv6::::::::/::::::: That's what I get for a plain call to IPAddr.new, I'm wondering what you're getting. -- Ashley Penney ashley...@puppetlabs.com javascript: Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5e4c10a6-a405-4bb9-bbe9-0996ec0cd577%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] running puppet-dashboard on puppet server
Hello. I am trying to run puppet-dashboard on the puppet server. I am using passenger and am using SSL for the puppet-dashboard. I have this all working on a separate server, i.e. one server running puppet and one server running puppet-dashboard, which is running SSL and passenger. I keep getting a forbidden 403 you do not have permissions to / message when trying to access the puppet dashbaord: Does anyone know what this is when running puppet and puppet-dashboard on the same server? Is this anything to do with auth.conf? Thanks - Oli -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e6b1c5c4-6872-4d5c-90ec-eec8e937dcc9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Dashboard running in masterless puppet
Hi Gonzalo, I'm running Puppet in masterless mode and trying to make Puppet dashboard play nice with it in this non-standard setup. some of the tricks that are useful in this kind of scenario are encapsulated in puppet-git / ppg, which I've written, and use at Remote Learner, where it is gradually taking over an infra with 2000 VMs. http://repo.or.cz/w/puppet-git.git I'd love to hear how other people are doing this. The process I have in mind is: 1) Run puppet apply from cron on each node yep. You can use --detailed-exitcodes and do something smart about failures. At the risk of sounding like a broken record... ppg has example code... 2) Rsync (using --remove-sent-files) the reports from each node's /var/lib/puppet/reports dir back to the puppet dashboard server In my case, the chosen transport mechanism is git protocol. ppg pushes it back to a different git repo (pulls from puppet.git, pushes reports to reports.git ) . There's code in ppg to trim git history. 3) Run rake:import Instead of that, my code is using curl: http://repo.or.cz/w/puppet-git.git/blob/670a12233f563d47e32e47f09214590e26451a5a:/ppg-reports-to-dashboard#l38 this is barely tested, and we haven't put it in prod yet. It mimics what the puppet clients do. The issue I'm having is that rake:import will create a new failed task I haven't got the foggiest idea about using rake:import. Have not dug into Puppet/Dashboard/Ruby internals too deep yet. cheers, m -- martin.langh...@gmail.com - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin_Langhoff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACPiFC%2BBgrLz9P7DYh48B8_H_Zr4FqReTdVg77YijZ38fQTp-A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Dashboard running in masterless puppet
Hi Dan, there's quite a bit. Google for 'masterless puppet howto' to find a couple tutorials and discussions that are popular. Add 'git' to the search string for more quality options... The main benefits are - scalability - pull model -- see http://www.infrastructures.org/bootstrap/pushpull.shtml The main drawbacks are - loss of some dynamic configuration features -- like the configuration database, what'sitsname? - all clients see the whole configuration -- however I would be personally unwilling to rely too much on this feature of the puppet server Myself, I seeded my architecture with those tutorials, and wrote the ppg wrapper/scaffolding/infra I discussed above, which adds some good bits that Puppet lacks: - scheduled rollouts (i.e.: make this effective at 3am) - force a specific rollout to happen _now_ (using an ssh loop with an unprivileged account to touch an inotify trigger) Here's a reasonably good thread https://groups.google.com/forum/#!topic/puppet-users/7ZpAMrMb2NQ cheers, m On Tue, Nov 5, 2013 at 3:11 PM, Dan Ng dan...@gmail.com wrote: I just came across the dynamic of running Puppet in a masterless mode. Was there a tutorial that you had followed in order to configure it that way? Thanks! On Monday, November 4, 2013 12:21:14 AM UTC-5, Gonzalo wrote: Hi All, I'm running Puppet in masterless mode and trying to make Puppet dashboard play nice with it in this non-standard setup. I'd love to hear how other people are doing this. The process I have in mind is: 1) Run puppet apply from cron on each node 2) Rsync (using --remove-sent-files) the reports from each node's /var/lib/puppet/reports dir back to the puppet dashboard server 3) Run rake:import The issue I'm having is that rake:import will create a new failed task for every report that already exists in the database. It does skip them, but I don't want to be notified it's a failed task when it skips them. I was thinking of deleting old reports, but given that they get imported by the delayed task workers, it is hard to know which reports have been processed to avoid deleting a report that hasn't been imported yet. If I can find a way to stop it reporting skipped reports as failed tasks, then I should be OK. Any ideas? Anyone else running Puppet dashboard with masterless Puppet? - GS -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1ba01e3a-f206-4aca-b7ab-79e924d05d81%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- martin.langh...@gmail.com - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin_Langhoff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACPiFCLC9jSgiHwJhjae6CttpPpEVGPEXZ3i_-X4-fcajtPmqA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Firewall Issues
Hi Danny, Are you able to post the contents of the classes containing the firewall resources? Jacob On Wednesday, November 6, 2013, Danny Roberts wrote: We are using the puppetlabs-firewall module ( https://forge.puppetlabs.com/puppetlabs/firewall) and we were having the issue where by the rules would cause the client to lose connectivity on it's first run. We solved these issues using the advise found here: https://github.com/puppetlabs/puppetlabs-firewall/issues/239#issuecomment-26443579 But no we are having an issue in that our pre rules do not get applied even on successive runs of puppet. Our logic for firewall in site.pp is: class firewall-myrules { Firewall { before = Class['my-firewall-base::post'], require = Class['my-firewall-base::pre'], } class { ['my-firewall-base::pre', 'firewall', 'my-firewall-base::post']: } - resources { 'firewall': purge = true } } Any ideas what might be causing these issues? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com javascript:_e({}, 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7d308d7d-fdbe-46e4-8f93-031a7cd986e5%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOQMBgw-wgBhkrniZLEzwxa4wuZA67euMKf6pohYmiE36vt6_g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Deployed custom facts with module do not show up
When I deploy a module I wrote with couple of custom facts, those facts do not show up in factor. But when I point FACTORLIB to the directory with those factor, they work just fine. I am running a masterless puppet version 2.7.22 and factor 1.7.1 The module structure looks like so: -license ---lib -facter ---license.rb ---hardware_serial.rb -puppet Any idea what is causing this problem or at least where to start the debugging? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/58f49f57-f55c-425f-b408-1b286336ddb7%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] moving to ENC - how to get all current classes and params
I saw classes.txt, but it's just listing the classes and not the parameters that were passed to them.. On Thursday, October 31, 2013 10:52:28 AM UTC-7, Jo wrote: $statedir/classes.txt and related files? On Oct 30, 2013, at 12:21 PM, Jeff Behl jb...@logicmonitor.comjavascript: wrote: I'm looking to use an external node classifier (ENC) in our environment. What's the easiest way to programmatically get currently applied classes (and class parameters) for all hosts, with the goal of dumping it into a database for later retrieval by the ENC script? Nodes are currently classified via site.pp. thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6d0da08e-9ae3-4d1e-a362-701340e51192%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects. Author of Instant Puppet 3 Starter: http://www.netconsonance.com/instant-puppet-3-starter-book/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7aa8893c-1686-422d-bcdd-56d0a64cfeac%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Deployed custom facts with module do not show up
How are you deploying the module? Facter won't load module based facts by default, you need to use 'facter -p' to have Facter load those facts. On Tuesday, November 5, 2013, Sergey Sudakovich wrote: When I deploy a module I wrote with couple of custom facts, those facts do not show up in factor. But when I point FACTORLIB to the directory with those factor, they work just fine. I am running a masterless puppet version 2.7.22 and factor 1.7.1 The module structure looks like so: -license ---lib -facter ---license.rb ---hardware_serial.rb -puppet Any idea what is causing this problem or at least where to start the debugging? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com javascript:_e({}, 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/58f49f57-f55c-425f-b408-1b286336ddb7%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAfUsG7POPVR-z9Q%3DPgJWit0iSAk1U6K1LqzsWjZ5qQ6FA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] fix for running puppet as nonroot
Hi, For those of you running puppet as non root and are using puppet to manage itself via service, exec or want to use the moo puppet command I have found a fix and submitted a pull request to fix this problem in puppet core. This problem is only unique to non root installations. See http://projects.puppetlabs.com/issues/23053 Example usage in puppet. # Due to this bug we cannot control puppet with puppet service{puppet: ensure = “running, provider = init, hasstatus = true, hasrestart = true, path = $initd_dir, } Example usage in mcollective: mco puppet … Just thought I would share as I am sure others are running into this issue. Corey -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/EDF8B2D2-4E98-4518-94AD-DD474EC346FB%40logicminds.biz. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet Camp DC talk materials
There were a number of good talks at Puppet Camp DC, and some expressions of intent that the supporting materials would be posted. I'd very much appreciate a more official collection of materiaIs, but I have some sparse notes, so here's a mashup from that, the official schedule and some Googling: 9:30 - 10:30: Puppet Keynote - James Sweeny, Puppet Labs 10:30 - 11:15: The Mechanical Sysadmin - Matt Dugan and Joe Sircy, Shadow-Soft (personal distractions left me too stupid to make useful notes on the two first talks) 11:30 - 12:15: Puppet and Apache CloudStack - David Nalley, CloudStack (slides from a similar presentation Jan. 2013) http://www.slideshare.net/PuppetLabs/nalley 1:00 - 1:30: Pushing Puppet to the Limit - James Shubin, The Technical Blog of James https://ttboj.wordpress.com/2013/11/05/pushing-puppet-at-puppet-camp-dc-lisa-2013/ 1:30 - 2:15: Rapid Puppet Dev with Vagrant - George Beech, Stack Exchange http://brokenhaze.com/blog/2013/07/25/puppet-workflow-with-vagrant/ 2:15 - 3:00: Building Elastic Infrastructures - Pankaj Kaushal, Flipkart https://github.com/flipkart/HostDB 3:30 - 4:15: Razor: A Fresh Look at Provisioning - David Lutterkort, Puppet Labs (recording of an earlier instance of this talk) http://puppetlabs.com/presentations/razor-fresh-look-provisioning 4:15 - 5:00: Puppet Demo - Tom Linkin, Puppet Labs new features in Puppet Enterpirse GUI event presentation and command/control. To state the obvious, official slides and notes would be preferable, aside from Mr. Shubin's blog, which already has his materials from today posted. Thanks, James! It is more than possible they're posted but I don't know where to look for them. - Stephen P. Schaefer -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d08ef1a0-276d-4396-ae73-0c380028d978%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.