date:20131118


Using Puppet 3.x 

I want to tinker with the REST API, but other than basic stuff, all requests 
are denied. 
because there is no certificate between my workstation and the Puppet Master. 

How do I do this ? 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1351348393.4599002.1384782541652.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to create local puppet forge repositories

2013-11-18 Thread David Portabella

In our case, 
we need a local puppet repository for two reasons:
1- to host our own puppet modules, which should not be publicly accessible
2- to have our own local copy of all public puppet modules that we use
(so that we do not rely on you; if your servers go down, our company 
should still be able to run...)

very much as nexus for maven repository:
http://www.sonatype.org/nexus/


Regards,
David


On Monday, June 18, 2012 10:07:47 PM UTC+2, Ryan Coleman wrote:
>
> On Mon, Jun 18, 2012 at 12:01 PM, Lian Zhu > 
> wrote: 
> > Hi, was just wondering if there's a way to create a local forge 
> repositories 
> > to host our local modules? Has anyone done that? 
> > I found this post, http://projects.puppetlabs.com/issues/5033. 
> > that was one year ago. Wondering if there's a way to do it now? 
> > 
> > Thanks. 
>
> Hi, 
>
> As Pieter mentioned, we don't currently have this capability. 
>
> I'm curious about your particular needs from a local forge. Are you 
> interested in hosting your own modules on the Forge for use in the 
> Puppet Module Tool but don't want your modules to be publicly 
> accessible? Any other requirements would be useful to hear about too. 
>
> Thanks! 
>
> --Ryan 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/70eff765-ee6c-4d84-8f5c-dff3a8dc24b9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to create local puppet forge repositories

2013-11-18 Thread Martin Alfke

Having a local forge available would be great.
Some customers do not like to run un-audited code - they do most modules by 
themselves anyway.
At the moment we use a CI build chain to create OS packages for our modules.

But for dev’s a local forge would be a good opportunity for sharing modules and 
knowledge and to prevent double work.

Regards,

Martin


On 18 Nov 2013, at 14:49, David Portabella  wrote:

> In our case, 
> we need a local puppet repository for two reasons:
> 1- to host our own puppet modules, which should not be publicly accessible
> 2- to have our own local copy of all public puppet modules that we use
> (so that we do not rely on you; if your servers go down, our company 
> should still be able to run...)
> 
> very much as nexus for maven repository:
> http://www.sonatype.org/nexus/
> 
> 
> Regards,
> David
> 
> 
> On Monday, June 18, 2012 10:07:47 PM UTC+2, Ryan Coleman wrote:
> On Mon, Jun 18, 2012 at 12:01 PM, Lian Zhu  wrote: 
> > Hi, was just wondering if there's a way to create a local forge 
> > repositories 
> > to host our local modules? Has anyone done that? 
> > I found this post, http://projects.puppetlabs.com/issues/5033. 
> > that was one year ago. Wondering if there's a way to do it now? 
> > 
> > Thanks. 
> 
> Hi, 
> 
> As Pieter mentioned, we don't currently have this capability. 
> 
> I'm curious about your particular needs from a local forge. Are you 
> interested in hosting your own modules on the Forge for use in the 
> Puppet Module Tool but don't want your modules to be publicly 
> accessible? Any other requirements would be useful to hear about too. 
> 
> Thanks! 
> 
> --Ryan 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/70eff765-ee6c-4d84-8f5c-dff3a8dc24b9%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/E949AF3F-7937-4397-AC5C-1EC0C5DA1E0B%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: puppet client

On Friday, November 15, 2013 11:40:12 PM UTC-6, Stuart Cracraft wrote:
>
>
> Looks like you haven't worked in a hosting firm with strenuous security 
> yet.
>
> Having paths open to the Internet are a big no-no.
>
>

Local repos are a good choice, even for sites with fewer constraints.  I 
certainly recommend a local repo for home-built packages, but I also 
recommend maintaining local mirrors of other needed repos.  It reduces 
traffic from the local network to the Internet, and gives you a measure of 
independence. 

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/56f1dc8c-5b0f-4dce-bb28-6d7c6f672856%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: delayed effect of "puppet apply mumble.pp"

Hi,

no, there is not.

And not to come around as overly critical, but if you ponder the use of
such a functionality, chances are that you are designing a manifest that
is not well in tune with puppets strengths and weaknesses (I wouldn't
want to coin definitions of "right" and "wrong" ways, but there are
nuances).

I suggest you open a new thread and explain exactly what you expect
puppet to do and inquire for good patterns to apply.

Generally, for the case of "chaining actions based on the output of an
executed program", it is advisable to write a shell script to do all
this foot work, have puppet deploy it on the agent box and exec the
whole thing in one go.

HTH,
Felix

On 11/15/2013 08:33 PM, Stuart Cracraft wrote:
> In good shape here. Got everything up and running yesterday and today.
>  
> My current question I've posted at the main level.
>  
> I just want to get at the value (exit status and/or standard output)
> returned from
> any arbitrary Unix command puppet would run.
>  
> So the question is is there a way to get exec's output (all of it) into
> a variable
> and for the exit status.
>  
> I don't see a way to do that in the cheat sheet, various books, online
> nor with google.
>  
> Stuart

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A2422.80507%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] create_resources and file

2013-11-18 Thread erkan yanar

Doing create_resources('file',hiera_hash('input'))
works great for some hiera like
input:
  /tmp/a.txt:
owner: root
ensure: file
...

Im not able to put any template() stuff in there
input:
  /tmp/a.txt:
owner: root
ensure: file
content: template("create_re/aha.erb")

Instead of doing the template lookup. The content of the file is
'template("create_re/aha.erb")'

Any way to dynamically (hiera) define the templates?


Regards
Erkan



-- 
über den grenzen muß die freiheit wohl wolkenlos sein

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1ViPtj-0001TZ-1c%40linsenraum.de.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?

On the puppet master: 

puppet cert generate workstation.example.org 

Then I copied the following from the puppet master to my workstation: 
The public and private keys for my workstation ( workstation-publickey.pem / 
workstation-privatekey.pem ) 
The certificate for my workstation ( workstation-cert.pem ) 
The public key for the puppet master ( puppetmaster-publickey.pem ) 

On my workstation, 

curl --insecure -H 'Accept: s' 
https://puppetmaster.example.org:8140/production/certificate/ca > 
curl-ca-bundle.crt 
cat puppetmaster-publickey.pem >> curl-ca-bundle.crt 

THEN !! 

curl --cert workstation-cert.pem \ 
--key workstation-cert.pem \ 
--cacert curl-ca-bundle.crt \ 
-H "Accept: yaml" 
https://puppetmaster.example.org:8140/dev/status/devnode001.example.org 

WORKED !! 

I am going to bundle up everything up to the "-H" into an alias. 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "Dan White"  
To: "Puppet Users Mailing List"  
Sent: Monday, November 18, 2013 8:49:01 AM 
Subject: [Puppet Users] How do I generate a certificate to use the REST API ? 



Using Puppet 3.x 

I want to tinker with the REST API, but other than basic stuff, all requests 
are denied. 
because there is no certificate between my workstation and the Puppet Master. 

How do I do this ? 


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/82113611.4600328.1384785445522.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Class declaration ordering causes duplicate resource error

Hi,

no this cannot work, you're mixing two syntaxes.

In theory, this may work:
  class { "foo::bar": }
  Class["foo:baz"] -> Class["foo::bar"]

But I'm with John: class { "name": } declarations should only be used if
absolutely necessary, which it's not! Do this:

  include foo::bar
  Class["foo:baz"] -> Class["foo::bar"]

I think what you had in mind was the following. It might work in theory,
but the above version is preferable.

  class { "foo::bar": require => Class["foo::baz"] }

Again, don't do this.

HTH,
Felix


On 11/16/2013 12:50 AM, Jon McKenzie wrote:
> Anyways, would writing something like this work?
> 
> class { "foo::bar":
> Class["foo:baz"] -> Class["foo::bar"]
> }

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A26A0.1010506%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Class declaration ordering causes duplicate resource error

On Friday, November 15, 2013 5:50:16 PM UTC-6, Jon McKenzie wrote:
>
> Thanks John,
>
> Unfortunately, we're using Foreman in our shop for the ENC, so using Hiera 
> is currently not possible (AFAIK)
>
>

What does one have to do with the other?

> For some reason, I thought the "require" statement was analogous to the 
> "require" metaparameter. But looking at the documentation, clearly that's 
> not the case. Still, this seems like a bug to me. If this is a duplicate 
> declaration, shouldn't it error regardless of the ordering within the 
> manifest? 
>
>

For classes, it is not duplicate declaration generally that is the 
problem.  It is a fundamental design feature of Puppet that the same class 
may be 'include'd (or 'require'd, or, now, 'contain'ed) multiple times, and 
more generally that it is OK to include (etc.) a class that has already 
been declared.

Parameterized-style declarations are a bit of a fly in the ointment, 
however, because they do two distinct things that are only loosely related: 
(1) declare a class, and (2) bind values to the class's parameters.  It is 
the second function that causes trouble.

If Puppet could parse the whole manifest set to determine what classes were 
declared first, then go back and set class parameters, then the constraint 
you ran into could be solved.  Unfortunately, that is not possible because 
class parameter values can influence which classes are declared.  There is 
no reliable, general way to defer class parameter assignments, so 
parameters are bound to a class by the first declaration evaluated, and 
subsequent parameter list declarations (even empty ones) cannot be honored.

tl;dr: it's not a bug, it's a design shortcoming.

> Anyways, would writing something like this work?
>
> class { "foo::bar":
> Class["foo:baz"] -> Class["foo::bar"]
> }
>
>

Puppet should not object to that, provided that Class['foo::baz'] is 
declared somewhere else in the manifest set.  It should not be sensitive to 
evaluation order.  With that said, the constraint that foo::baz must be 
declared, but foo::bar does not cause it to be, constitutes a weakness that 
may bite you later.  I would suggest omitting the ordering relationship 
from foo::bar, and instead declaring the relationship in some place where 
you can know that both classes have been declared.  For example,

class foo::bam {
  include 'foo::bar'
  class {'foo::baz': }
  Class['foo::baz'] -> Class['foo::bar']
}

If indeed the relationship declaration is safe in foo::bar in the first place, 
then there must be one or more such higher-level places that would be suitable 
for declaring the relationship.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/164bd119-0fe2-4269-9ad2-628180503fd9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet: Custom functions

Hi,

you have likely enabled the pluginsync feature, which allows you to use
"Plugins in modules" to e.g. distribute custom facts to your agents.

Puppet will not distinguish custom facts and types from parser
functions. For most people, syncing parser functions to agents serves no
purpose.

I advise to regard it as just a side occurence, and to just ignore it.

HTH,
Felix

On 11/18/2013 09:49 AM, Sergey Arlashin wrote:
> Hi!
> 
> As far as I know custom functions are executed on puppet master server. But 
> each run puppet master copies all the custom functions available to 
> /var/lib/puppet/lib/puppet/parser/functions/ folder on puppet clients. Why is 
> it so? 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A2750.6050602%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?

I forgot the finishing touch: 

On the puppet master: /etc/puppet/auth,conf 

Added the lines: 
# allow workstation REST API access 
path / 
allow workstation.example.org 

and restarted the puppet master ! 

As I get familiar with the API, I would probably want to add some method 
restrictions. 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "Dan White"  
To: puppet-users@googlegroups.com 
Sent: Monday, November 18, 2013 9:37:25 AM 
Subject: Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a 
certificate to use the REST API ? 


On the puppet master: 

puppet cert generate workstation.example.org 

Then I copied the following from the puppet master to my workstation: 
The public and private keys for my workstation ( workstation-publickey.pem / 
workstation-privatekey.pem ) 
The certificate for my workstation ( workstation-cert.pem ) 
The public key for the puppet master ( puppetmaster-publickey.pem ) 

On my workstation, 

curl --insecure -H 'Accept: s' 
https://puppetmaster.example.org:8140/production/certificate/ca > 
curl-ca-bundle.crt 
cat puppetmaster-publickey.pem >> curl-ca-bundle.crt 

THEN !! 

curl --cert workstation-cert.pem \ 
--key workstation-cert.pem \ 
--cacert curl-ca-bundle.crt \ 
-H "Accept: yaml" 
https://puppetmaster.example.org:8140/dev/status/devnode001.example.org 

WORKED !! 

I am going to bundle up everything up to the "-H" into an alias. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/774872178.4600520.1384785845284.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?

Hi,

that would work.

Couldn't you instead have just (from the agent)

1. puppet agent --one-time --certname 

to upload a CSR, then on the master

2. sign the cert using puppet ca

and then have the agent download it via another puppet agent call?

Of course, you still need to scrounge the chain together from the
various certs cached by the agent, but it should all be there.

Cheers,
Felix

On 11/18/2013 03:37 PM, Dan White wrote:
> Then I copied the following from the puppet master to my workstation:
> The public and private keys for my workstation (
> workstation-publickey.pem / workstation-privatekey.pem )

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A2912.9060103%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] scope question

Hi,

On 11/18/2013 01:50 AM, Jay Christopherson wrote:
> *versions.pp:*
> define parent::versions($version) {
> }
> 
> *child.pp*:
> class parent::child {
> include parent
> 
> notify{ "${version}": }
> }
> 
> Variables and defaults declared in a local scope are only available
> in *that scope and its children*
> *
> *
> Clearly, I'm missing something here.  I would expect this to print out
> the value of "$version", that is set by calling "create_resources" in
> the parent.

in this example, parent::child is *not* in fact a child of anything.
It's just a class in module called 'parent'.

Seeing as $version is a parameter of a defined type of your's, it
doesn't make sense to reference it anywhere else. Consider this:

class test {
  parent::versions { "apache" => "2.2", ruby => "1.9.3" }
  notify { "$version": }
}

What would you expect $version to be in this context?

Cheers,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A2B29.2090800%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: delayed effect of "puppet apply mumble.pp"

On Friday, November 15, 2013 1:33:19 PM UTC-6, Stuart Cracraft wrote:
>
> In good shape here. Got everything up and running yesterday and today.
>  
> My current question I've posted at the main level.
>  
> I just want to get at the value (exit status and/or standard output) 
> returned from
> any arbitrary Unix command puppet would run.
>  
> So the question is is there a way to get exec's output (all of it) into a 
> variable
> and for the exit status.
>  
>

No.  Puppet variables are meaningful only to the puppetmaster, during the 
catalog compilation process.  By the time you are applying the catalog to 
the target node (so that an Exec's command is run), catalog compilation is 
necessarily complete.

As I said, though, you can create a custom fact that executes whatever 
command you like on the target node -- before catalog compilation -- and 
returns its output.  It would be slightly trickier, but I think still 
possible, to capture the output and exit status into separate facts (or 
even not so tricky if you were willing for Facter to run the command twice).

Alternatively, you can write a custom provider, either for an existing type 
or for a new, custom one, that captures command output and exit status in 
*Ruby* variables, and does whatever you want with them within the scope of 
applying a resource of the given type.

As Felix observed, your design concept may not be well aligned with 
Puppet's mode of operation.  Puppet wants to gather up front all the 
information needed to compute the details of the target configuration, then 
to compile the chosen configuration details into a compact representation, 
and finally to update the target node to match the configuration details.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ad852d98-6e02-4d1e-ab27-78866e0dc47f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?

There is no agent on my workstation. 
That was one of the head-scratchers 

Your suggestion looks like it would work if there was an agent. 

Thanks for responding 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "Felix Frank"  
To: puppet-users@googlegroups.com 
Sent: Monday, November 18, 2013 9:49:54 AM 
Subject: Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a 
certificate to use the REST API ? 

Hi, 

that would work. 

Couldn't you instead have just (from the agent) 

1. puppet agent --one-time --certname  

to upload a CSR, then on the master 

2. sign the cert using puppet ca 

and then have the agent download it via another puppet agent call? 

Of course, you still need to scrounge the chain together from the 
various certs cached by the agent, but it should all be there. 

Cheers, 
Felix 

On 11/18/2013 03:37 PM, Dan White wrote: 
> Then I copied the following from the puppet master to my workstation: 
> The public and private keys for my workstation ( 
> workstation-publickey.pem / workstation-privatekey.pem ) 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com. 
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528A2912.9060103%40alumni.tu-berlin.de.
 
For more options, visit https://groups.google.com/groups/opt_out. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/52236470.4601043.1384787026352.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: site.pp Does include work inside a node definition?



On Saturday, November 16, 2013 12:13:04 PM UTC-6, Puppet Muppet wrote:
>
>
> Hi, 
>
> Is it possible to use Include as I have done below, inside my node 
> statement?
>


For the record, yes, the 'include' statement can be used inside node 
definitions.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/45dcd5bf-97cf-4aa0-bcfc-60c6dc2cc93f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Puppet: Custom functions

2013-11-18 Thread Sergey Arlashin

Thank you!


On Nov 18, 2013, at 6:42 PM, Felix Frank  
wrote:

> Hi,
> 
> you have likely enabled the pluginsync feature, which allows you to use
> "Plugins in modules" to e.g. distribute custom facts to your agents.
> 
> Puppet will not distinguish custom facts and types from parser
> functions. For most people, syncing parser functions to agents serves no
> purpose.
> 
> I advise to regard it as just a side occurence, and to just ignore it.
> 
> HTH,
> Felix
> 
> On 11/18/2013 09:49 AM, Sergey Arlashin wrote:
>> Hi!
>> 
>> As far as I know custom functions are executed on puppet master server. But 
>> each run puppet master copies all the custom functions available to 
>> /var/lib/puppet/lib/puppet/parser/functions/ folder on puppet clients. Why 
>> is it so? 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/528A2750.6050602%40alumni.tu-berlin.de.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/43C06D56-9AB6-4FB6-B7E9-F0D7341AD951%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Nested parametrized defines



On Monday, November 18, 2013 3:40:46 AM UTC-6, Patricia Jung wrote:
>
> Dear John and all, 
>
> Am 15.11.2013 um 15:47 schrieb jcbollinger: 
> > 
> > On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote: 
> > 
> > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.htmldoes 
> > not suggest to me that nested parametrized defines would be forbidden 
> > 
> > 
> > You are correct.  Defined type bodies may declare resources of any type, 
> including defined types. 
> > 
> >   
> > , hence I expected the following code to work: 
> > 
> > add_to_ssh_authorized_keys.pp: 
> >  
> > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", 
> $targetuser="root", $keyowner, $keyownername, $state="present" ) { 
> > 
> > 
> > To be clear, that should appear in  path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the 
> autoloader to be able to find it. 
> Yes, this is true: it's located in 
> /etc/puppet/modules/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp 
> > 
> > 
> >   
> > it_services_admins.pp: 
> > - 
> > define a::ssh_keys::it_services_admins($user='root'){ 
> > 
> > 
> > Likewise, that should appear in  path>/a/manifests/ssh_keys/it_services_admins.pp 
> This file is located in 
> etc/puppet/modules/a/manifests/ssh_keys/it_services_admins.pp 
> > 
> > 
> >   
> > 
> > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": 
> Sorry, my fault, the line above reads 
> a::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": 
> > 
> > targetuser => "$user", 
> > keyowner => 'blah', 
> > keyownername => 'blah', 
> > }   
> > } 
> > 
> > - 
> > 
> > class file: 
> > 
> > 
> > I suppose you mean that this is the file of the module main class, 
> //manifests/init.pp 
> > 
> >   
> Not necessarily init.pp, and it's outside the a module, e.g.: 
> /etc/puppet/modules/c/manifests/nodes/saas.pp. Perhaps this is the 
> problem? 
>


Ah, ok.  I understand now.

No, it should not be a problem for instances of your defined type to be 
declared by classes from other modules or even no module at all.  Besides, 
the declaration in c::nodes::saas is not the locus of the problem.

 

> >  
>
>class c::nodes::saas{ 
>a::ssh_keys::it_services_admins{ 'b': 
>   user => 'b' 
>} 
>a::ssh_keys::it_services_admins{ 'root': 
>  user => 'root' 
>} 
>} 
>
> The error message reads: 
>
> Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at 
> /etc/puppet/modules/a/manifests/ssh_keys/:7" 
>
>
>

"Invalid resource type" for a defined type, supposing that it's not 
altogether a red herring, means that Puppet does not recognize the type as 
a native one (which it isn't), and cannot find a definition for that name.  
There are a few alternatives for why it might not find the definition, 
among them

   - The definition does not appear in the file the autoloader expects to 
   find it in.  You report, however, that it does appear in the correct file.
   - The definition is not declared with the expected name.  The definition 
   should use the correct fully-qualified name, as indeed you show it to do.  
   If there were some mixup, however -- say the file defined censhare::... 
   when it should have declared a::... -- then you would probably get an error 
   such as you report.
   - The Puppet master cannot read the file, or perhaps cannot read some 
   directory in the path to it.  Unlike the Puppet agent, the master can and 
   normally does run as an unprivileged user, often named "puppet".  If file 
   permissions, ownership, SELinux context, ACLs, or some other access control 
   mechanism prevents the Puppet master process from reading the file, then 
   you might get an error such as you describe.
   - As a special case, it is conceivable (though unlikely) that UTF-8 
   encoded file names containing characters above U+00FF might cause trouble 
   if they appear in the same directory as the definition's file.
   - The contents of the file containing the definition are not parsed 
   successfully.  I would actually expect a more localized error in this case, 
   but if for some reason none was emitted then the error you report would be 
   a likely fallback outcome.  You can test this by running "puppet parser 
   validate " on the file containing the definition.
   

If the problem is not one of the above then I'm stumped.  


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5f3f7e9d-ca6e-4575-a1fc-d20d53cb89a0%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] managing puppet module dependencies

2013-11-18 Thread David Portabella

with maven, you can tell that a project requires a list of artifacts and 
their versions.
those dependencies in turn have other dependencies.
maven takes care of managing all this.
for instance, maven can find out if two of your dependencies requires a 
conflicting version of another dependency.


is there a similar thing in puppet?


i've read about https://github.com/rodjek/librarian-puppet
but it seems that you need to define yourself the direct dependencies and 
recursive dependencies.
and you cannot query about conflicting version dependencies.
is that correct?



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/95597d95-0b8a-4173-8f02-20fcc84850f5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: scope question

On Sunday, November 17, 2013 6:50:03 PM UTC-6, jc.listmail wrote:
>
> I have a parent class, a child class, and a defined type, like so:
>
> *init.pp*:
> class parent {
>   create_resources(parent::versions, hiera('versions'))
>   ...
> }
>
> *versions.pp:*
> define parent::versions($version) {
> }
>
> *child.pp*:
> class parent::child {
> include parent
>
> notify{ "${version}": }
> }
>
> (I'm omitting the hiera definition since I don't think it relates to the 
> issue).
>
> Basically, I'm trying to figure out how to access variables from a child 
> class, that have been defined in the parent via create_resources.
>
>

You cannot by any means access parameters of declared resources from 
outside those resources, regardless of the mechanism by which those 
resources are declared.

You can, however, access *class variables* from anywhere, provided that the 
class has been declared.  Simply use the variable's fully-qualified name, 
such as $parent::version.

> According to the documentation I read, I think this can be done:
>
> Variables and defaults declared in a local scope are only available in *that 
> scope and its children*
>
>

That statement appears to come from this doc: 
http://docs.puppetlabs.com/puppet/3/reference/lang_scope.html.  I suggest 
you read the whole thing, but the bottom line for this case is that the 
only child scopes of class body local scopes are the bodies of other 
classes that inherit from it.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/009772b9-cf5c-4564-b8ad-1e5c881af60c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] managing puppet module dependencies

2013-11-18 Thread Ryan Coleman

On Mon, Nov 18, 2013 at 8:39 AM, David Portabella <
david.portabe...@gmail.com> wrote:

> with maven, you can tell that a project requires a list of artifacts and
> their versions.
> those dependencies in turn have other dependencies.
> maven takes care of managing all this.
> for instance, maven can find out if two of your dependencies requires a
> conflicting version of another dependency.
>

Hi David,

With the Puppet Forge, module authors are expected to express dependencies
on other modules via their module metadata. The logistics for this are
documented here:
http://docs.puppetlabs.com/puppet/latest/reference/modules_publishing.html#dependencies-in-the-modulefile

>
>
> is there a similar thing in puppet?
>
>
> i've read about https://github.com/rodjek/librarian-puppet
> but it seems that you need to define yourself the direct dependencies and
> recursive dependencies.
> and you cannot query about conflicting version dependencies.
> is that correct?
>

Tools like the built-in Puppet Module Tool and librarian-puppet use that
dependency metadata during installation to ensure that you have everything
you need to use the module. The module tool will do its best to prevent
conflicts during install and will show you what conflicts currently exist
in your modulepath when you run `puppet module list`. It does not provide
the ability to determine version conflicts before installing.

-- 
Ryan Coleman | Modules & Forge | ryanycoleman on twitter & #puppet IRC

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAFkZv1uuvj5JnW6cZERtjFGJvoSqC-kJVcmbuPj%3DqccechJHZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Is it possible to evaluate a string as a parameter name?

2013-11-18 Thread smalderma

Hi,
  I'm looking to combine a couple of fact names with the value of a class 
parameter to create and lookup the resulting fact's value.  Is that 
possible?  For example, my class will take the parameter "my_default_nic" 
from beyond.  So I know that as long as $my_default_nic exists on the 
client, then so will facts like macaddress_, netmask_, and 
ipaddress_.  So I'm looking for a way to formulate those fact names 
and evaluate the result...

Is this at all possible?  Thanks for your thoughts!

$my_default_nic = 'eth1'
> $ip_method = 'static'
> $my_ip = ???###  <-  should end up looking 
> like the value of $::ipaddress_eth1 with out hardcoding eth1
> $my_netmask = ? ###  <- 
>
> case $ip_method {
>   'static': {
> network::static { $my_default_nic:
>   ensure  => up,
>   ipaddress => $my_ip,
>   netmask  => $my_netmask,
>  }
>   }
>   /(?i:dhcp|dynamic)': {
> network::dynamic { $my_default_nic: 
>   ensure => up,
> }
>   }
>   default: {
> network::dynamic { $my_default_nic:
>   ensure => down,
>}
> }
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: file resource calling a 'define'd exec syntax?

On Sunday, November 17, 2013 2:33:54 PM UTC-6, dkoleary wrote:
>
> Hi;
>
> This one should be easy; but, so far, it's eluding me.
>
> I would like to configure ssh to use a different directory for authorized 
> keys files.  I have the file resource which that works on its own.  I want 
> the file resource to call the exec to set the selinux type on the directory 
> when needed.
>

That is not the Puppet way.

You seem to be approaching Puppet as if it were a script engine.  It is 
not.  One resource does not call another; in fact no resource, not even one 
of defined type, is "called" by anything.  Your manifests simply describe 
the target state you want Puppet to enforce.  Where one aspect of the 
target state depends on another, your manifests may also direct the agent 
to synchronize some resources before others.  Whatever the state you 
describe, however, Puppet figures out most of the details of what to do on 
its own.

Moreover, I suspect you are confusing Puppet defined types with macros.  
Puppet DSL does not have a macro facility.  The "define" keyword introduces 
a user-defined *resource type*, with substantially the same usage rules as 
any of the built-in resource types.

>  Here's what I have:
>

[...]

>
> file {  $ssh::params::ssh_rootkeys:
> ensure   => present,
> owner=> root,
> group=> sys,
> mode => '0750',
> source   => 'puppet:///modules/ssh/authorized_keys.root',
> sshdir_selinux { },
>

Right there  is the syntax error Puppet is complaining about.  A 
resource declaration's parameter list may contain only parameters.  Even if 
you could declare another resource there, your syntax is incorrect for 
that, too, because it is missing a resource title.

As Neil suggested, do look into the SELinux support built directly into the 
File type.  Puppet splits the context information across several parameters 
(selrole, etc.), and it will probably be much easier and more consistent to 
use those than to set up an Exec to modify the context after the fact.  It 
will likely be a lot faster, too, when the file already exists with the 
correct context.

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3811c406-3693-40e2-8030-4f816bdf37ba%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Is it possible to evaluate a string as a parameter name?



On Monday, November 18, 2013 10:50:44 AM UTC-6, smalderma wrote:
>
> Hi,
>   I'm looking to combine a couple of fact names with the value of a class 
> parameter to create and lookup the resulting fact's value.  Is that 
> possible?  For example, my class will take the parameter "my_default_nic" 
> from beyond.  So I know that as long as $my_default_nic exists on the 
> client, then so will facts like macaddress_, netmask_, and 
> ipaddress_.  So I'm looking for a way to formulate those fact names 
> and evaluate the result...
>
> Is this at all possible?  Thanks for your thoughts!
>


Something along these lines ought to do the trick:

$my_interface = 'eth1'
$my_ip = inline_template("<%= 
scope.lookupvar('::ipaddress_${my_interface}') %>")


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2a44bf90-9c37-4dcf-b905-959e0147954b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Enterprise support for Puppet

2013-11-18 Thread harshit

Anyone ?



On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote:
>
> Wondering if all of you guys are getting the enterprise support.
> Also, if PuppetLabs the only company providing this kind of support or do 
> you have anyone else giving the support
>
> Thanks
>
> Harshit
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/be741546-ff9d-4e2e-9b55-4514f708d62b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Is it possible to evaluate a string as a parameter name?

Here is what I did along the same lines: 

I made a custom fact that makes a fact of all user home directories: 


modules/users/lib/facter/user_home.rb 
require 'etc' 

Etc.passwd { |user| 

Facter.add("home_#{user.name}") do 
setcode do 
user.dir 
end 
end 

} 


Then, in a dot-pp file, I did this: 



$home_fact = "home_${user_name}" 
$homedir = inline_template("<%= scope.lookupvar('::${home_fact}') %>") 


Going with this, you should be able to pass in your NIC label and then : 



$my_ip_setup = "ipaddress_${my_default_nic}" 
$my_ip = inline_template("<%= scope.lookupvar('::${ my_ip_setup }') %>") 


Hope this works for you. Let us all know, please. 


“Sometimes I think the surest sign that intelligent life exists elsewhere in 
the universe is that none of it has tried to contact us.” 
Bill Waterson (Calvin & Hobbes) 

- Original Message -
From: "smalderma"  
To: puppet-users@googlegroups.com 
Sent: Monday, November 18, 2013 11:50:44 AM 
Subject: [Puppet Users] Is it possible to evaluate a string as a parameter 
name? 


Hi, 
I'm looking to combine a couple of fact names with the value of a class 
parameter to create and lookup the resulting fact's value. Is that possible? 
For example, my class will take the parameter "my_default_nic" from beyond. So 
I know that as long as $my_default_nic exists on the client, then so will facts 
like macaddress_, netmask_, and ipaddress_. So I'm looking for a 
way to formulate those fact names and evaluate the result... 

Is this at all possible? Thanks for your thoughts! 



$my_default_nic = 'eth1' 
$ip_method = 'static' 
$my_ip = ??? ### <- should end up looking like the value of 
$::ipaddress_eth1 with out hardcoding eth1 
$my_netmask = ? ### <-  

case $ip_method { 
'static': { 
network::static { $my_default_nic: 
ensure => up, 
ipaddress => $my_ip, 
netmask => $my_netmask, 
} 
} 
/(?i:dhcp|dynamic)': { 
network::dynamic { $my_default_nic: 
ensure => up, 
} 
} 
default: { 
network::dynamic { $my_default_nic: 
ensure => down, 
} 
} 




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group. 
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com. 
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com
 . 
For more options, visit https://groups.google.com/groups/opt_out . 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546661769.4605406.1384797032378.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Is it possible to evaluate a string as a parameter name?

2013-11-18 Thread smalderma

Thanks guys!  That was simpler than I thought.  I had not had an reason to 
dive into an inline template before, so it was a feature that I've read 
about, but not leveraged.

I ended up applying John's method of using an inline template for the ip, 
mac, and netmask.  The inline template seems to do the trick!

On Monday, November 18, 2013 12:50:32 PM UTC-5, Ygor wrote:
>
> Here is what I did along the same lines:
>
> I made a custom fact that makes a fact of all user home directories:
>
> modules/users/lib/facter/user_home.rb 
> require 'etc'
>
> Etc.passwd { |user|
>
> Facter.add("home_#{user.name}") do
> setcode do
> user.dir
> end
> end
>
> }
>
> Then, in a dot-pp file, I did this:
>
> $home_fact = "home_${user_name}"
> $homedir = inline_template("<%= scope.lookupvar('::${home_fact}') %>")
>
> Going with this, you should be able to pass in your NIC label and then :
>
> $my_ip_setup = "ipaddress_${my_default_nic}"
> $my_ip = inline_template("<%= scope.lookupvar('::${my_ip_setup}') %>")
>
> Hope this works for you.  Let us all know, please.
>
> “Sometimes I think the surest sign that intelligent life exists elsewhere 
> in the universe is that none of it has tried to contact us.”
> Bill Waterson (Calvin & Hobbes)
>
> --
> *From: *"smalderma" >
> *To: *puppet...@googlegroups.com 
> *Sent: *Monday, November 18, 2013 11:50:44 AM
> *Subject: *[Puppet Users] Is it possible to evaluate a string as a 
> parameter name?
>
> Hi,
>   I'm looking to combine a couple of fact names with the value of a class 
> parameter to create and lookup the resulting fact's value.  Is that 
> possible?  For example, my class will take the parameter "my_default_nic" 
> from beyond.  So I know that as long as $my_default_nic exists on the 
> client, then so will facts like macaddress_, netmask_, and 
> ipaddress_.  So I'm looking for a way to formulate those fact names 
> and evaluate the result...
>
> Is this at all possible?  Thanks for your thoughts!
>
> $my_default_nic = 'eth1'
>> $ip_method = 'static'
>> $my_ip = ???###  <-  should end up 
>> looking like the value of $::ipaddress_eth1 with out hardcoding eth1
>> $my_netmask = ? ###  <- 
>>
>> case $ip_method {
>>   'static': {
>> network::static { $my_default_nic:
>>   ensure  => up,
>>   ipaddress => $my_ip,
>>   netmask  => $my_netmask,
>>  }
>>   }
>>   /(?i:dhcp|dynamic)': {
>> network::dynamic { $my_default_nic: 
>>   ensure => up,
>> }
>>   }
>>   default: {
>> network::dynamic { $my_default_nic:
>>   ensure => down,
>>}
>> }
>>
>  -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ed82b03a-659c-48b5-a6b0-d92f093b100c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] group type

Hi.
 
Created:
 
class mumble {
  :
  random stuff
  :
}
 
class mumble:grouper inherits mumble {
  group { "somegroup":
 name => 'somegroup',
 members => 'user1,user2,user3',
 ensure => present,
 gid => 123,
  }
}
 
After a time, mumble:grouper ran, before I added
user2, and user3 and /etc/group shows:
 
  somegroup:x:500:
 
but it doesn't show what it should show which is:
 
  somegroup:x:500:user1,user2,user3
 
I verified that user1/2/3 all exist in /etc/passwd.
 
My question is, why isn't Puppet making the right memberships?
 
Do I misunderstand member?
 
Stuart
 
 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Enterprise support for Puppet

 
Harshit,
 
Seems like it would be very ripe for an external consultancy business, 
frankly.
 
Stuart

On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote:

> Wondering if all of you guys are getting the enterprise support.
> Also, if PuppetLabs the only company providing this kind of support or do 
> you have anyone else giving the support
>
> Thanks
>
> Harshit
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e5ee6dd2-bf4d-432f-9b9d-b973602105b1%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] dashboard

 
Hi,
 
I spent a lot of time with Puppet Enterprise and like it. Lately, I've been
doing Open Source Puppet.
 
The question has come up: does OSP have any kind of web-facing 
methodology for applying one or more patterns against swaths of instances?
 
Do tell me we don't have to roll our own with cli going to a web front-end
we have to design.
 
Stuart
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00e76a1b-9b18-4fb8-bc06-da6095f71cb9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

2013-11-18 Thread Matthaus Owens

Stuart,
In the type reference, the members property states that it requires
the 'manages members' feature
(http://docs.puppetlabs.com/references/latest/type.html#group-provider-features),
which is available in the aix, directory service, pw and windows_adsi
providers, but not the ldap or groupadd providers. Which provider is
being used for your group resource?

On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft  wrote:
> Hi.
>
> Created:
>
> class mumble {
>   :
>   random stuff
>   :
> }
>
> class mumble:grouper inherits mumble {
>   group { "somegroup":
>  name => 'somegroup',
>  members => 'user1,user2,user3',
>  ensure => present,
>  gid => 123,
>   }
> }
>
> After a time, mumble:grouper ran, before I added
> user2, and user3 and /etc/group shows:
>
>   somegroup:x:500:
>
> but it doesn't show what it should show which is:
>
>   somegroup:x:500:user1,user2,user3
>
> I verified that user1/2/3 all exist in /etc/passwd.
>
> My question is, why isn't Puppet making the right memberships?
>
> Do I misunderstand member?
>
> Stuart
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.



-- 
Matthaus Owens
Release Manager, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACD%3DwAf5W8fsY%2BSzGQA7GH0dgsnjGdiP7Pk1H%2BySTBO%2BJWHJqA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

 
Just local password file and group files mostly. But some ldap.

On Monday, November 18, 2013 11:34:50 AM UTC-8, Matthaus Litteken wrote:

> Stuart, 
> In the type reference, the members property states that it requires 
> the 'manages members' feature 
> (
> http://docs.puppetlabs.com/references/latest/type.html#group-provider-features),
>  
>
> which is available in the aix, directory service, pw and windows_adsi 
> providers, but not the ldap or groupadd providers. Which provider is 
> being used for your group resource? 
>
> On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft 
> > 
> wrote: 
> > Hi. 
> > 
> > Created: 
> > 
> > class mumble { 
> >   : 
> >   random stuff 
> >   : 
> > } 
> > 
> > class mumble:grouper inherits mumble { 
> >   group { "somegroup": 
> >  name => 'somegroup', 
> >  members => 'user1,user2,user3', 
> >  ensure => present, 
> >  gid => 123, 
> >   } 
> > } 
> > 
> > After a time, mumble:grouper ran, before I added 
> > user2, and user3 and /etc/group shows: 
> > 
> >   somegroup:x:500: 
> > 
> > but it doesn't show what it should show which is: 
> > 
> >   somegroup:x:500:user1,user2,user3 
> > 
> > I verified that user1/2/3 all exist in /etc/passwd. 
> > 
> > My question is, why isn't Puppet making the right memberships? 
> > 
> > Do I misunderstand member? 
> > 
> > Stuart 
> > 
> > 
> > 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "Puppet Users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to puppet-users...@googlegroups.com . 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com.
>  
>
> > For more options, visit https://groups.google.com/groups/opt_out. 
>
>
>
> -- 
> Matthaus Owens 
> Release Manager, Puppet Labs 
>
> Join us at PuppetConf 2014, September 23-24 in San Francisco 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c5535875-e7a5-47cf-8113-96b2ee6e1334%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

2013-11-18 Thread Matthaus Owens

Stuart,
Unfortunately, that doesn't tell us which provider is being used. A
run with --debug should show which providers are being used.

In a test run using the debug flag on a centos 6 box using the group
resource you provided, I got output which included:
'Debug: /Group[somegroup]: Provider groupadd does not support features
manages_members; not managing attribute members'.

If you post the result of running:

puppet apply --debug --exec "group { "somegroup":
 name => 'somegroup',
 members => 'user1,user2,user3',
 ensure => present,
 gid => 123,
  }"

that would help determine which group provider is being used and why
member management isn't being applied.

On Mon, Nov 18, 2013 at 11:37 AM, Stuart Cracraft  wrote:
>
> Just local password file and group files mostly. But some ldap.
>
> On Monday, November 18, 2013 11:34:50 AM UTC-8, Matthaus Litteken wrote:
>>
>> Stuart,
>> In the type reference, the members property states that it requires
>> the 'manages members' feature
>>
>> (http://docs.puppetlabs.com/references/latest/type.html#group-provider-features),
>> which is available in the aix, directory service, pw and windows_adsi
>> providers, but not the ldap or groupadd providers. Which provider is
>> being used for your group resource?
>>
>> On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft 
>> wrote:
>> > Hi.
>> >
>> > Created:
>> >
>> > class mumble {
>> >   :
>> >   random stuff
>> >   :
>> > }
>> >
>> > class mumble:grouper inherits mumble {
>> >   group { "somegroup":
>> >  name => 'somegroup',
>> >  members => 'user1,user2,user3',
>> >  ensure => present,
>> >  gid => 123,
>> >   }
>> > }
>> >
>> > After a time, mumble:grouper ran, before I added
>> > user2, and user3 and /etc/group shows:
>> >
>> >   somegroup:x:500:
>> >
>> > but it doesn't show what it should show which is:
>> >
>> >   somegroup:x:500:user1,user2,user3
>> >
>> > I verified that user1/2/3 all exist in /etc/passwd.
>> >
>> > My question is, why isn't Puppet making the right memberships?
>> >
>> > Do I misunderstand member?
>> >
>> > Stuart
>> >
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Puppet Users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to puppet-users...@googlegroups.com.
>> > To view this discussion on the web visit
>> >
>> > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com.
>> > For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>> --
>> Matthaus Owens
>> Release Manager, Puppet Labs
>>
>> Join us at PuppetConf 2014, September 23-24 in San Francisco
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c5535875-e7a5-47cf-8113-96b2ee6e1334%40googlegroups.com.
>
> For more options, visit https://groups.google.com/groups/opt_out.



-- 
Matthaus Owens
Release Manager, Puppet Labs

Join us at PuppetConf 2014, September 23-24 in San Francisco

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACD%3DwAeyoL6Hpfc%3DoJTC9m9%3DEE_DhDaafRCyoQ8HBBP9rDW62w%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Can't find a supported method of using storeconfigs on AWS

2013-11-18 Thread Deepak Giridharagopal


On Oct 18, 2013, at 7:30 AM, Daniel Friesen  wrote:

> I can't seem to find a sane way of running storeconfigs on the new AWS server 
> environment I'm working on.
> 
> SQLite is not an option. It becomes unusable far too quickly.
> Using a mysql adapter doesn't seem to work properly.
> I quickly run into bug #9290 again and again. Which after 2 years STILL 
> hasn't been fixed.
> The top of this seems to imply that these ActiveRecord storeconfigs adapters 
> are being deprecated.
> The recommendation seems to be to use PuppetDB however from the looks of it, 
> I can't even use PuppetDB.
> I'm not going to use the embedded DB and fall right back into the trap with 
> SQLite again.
> PuppetDB only appears to support PostgreSQL and does not support MySQL.
> I already have a MySQL database in AWS' RDS I would like to use. And RDS does 
> not support PostgreSQL.

This thread is a month old, but I thought I'd mention that Amazon now supports 
PostgreSQL for RDS, and a number of folks have already started using it for 
PuppetDB:

http://aws.amazon.com/rds/postgresql/


> And I am NOT going to go right back to going and installing a separate 
> database server on the local node. That kind of thing has given me problem 
> after problem.
> Please tell me I'm missing something and there's a way I can get this to work 
> in this AWS environment. Cause otherwise the idea of puppet running any type 
> of server at all – rather than simply working as a local filesystem `puppet 
> apply` – looks so unreliable (as I've also had some issues with the 
> puppetmaster) that I should just dump every bit of server/client software 
> puppetlabs has and write my own custom way of distributing configs and data.
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To post to this group, send email to puppet-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/puppet-users.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/E2F0D574-949C-42AB-9B7D-B35299BE3164%40puppetlabs.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Enterprise support for Puppet

2013-11-18 Thread harshit

Stuart,
Yeah, looks like a good biz opportunity for sure.
Thanks
Deepak


On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote:
>
>  
> Harshit,
>  
> Seems like it would be very ripe for an external consultancy business, 
> frankly.
>  
> Stuart
>
> On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote:
>
>> Wondering if all of you guys are getting the enterprise support.
>> Also, if PuppetLabs the only company providing this kind of support or do 
>> you have anyone else giving the support
>>
>> Thanks
>>
>> Harshit
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Help with configuring Puppet Proxies using Apache

2013-11-18 Thread kschafer2598

Hi All,

I have an environment with multiple network environments separated by 
firewalls. I would like to proxy Puppet traffic from these network 
environments to a central Puppet master server. 

I've had a great experience with Puppet overall, though it has been rather 
trying to find documentation on the subject of proxying puppet traffic. 

Can anyone point me in the right direction for how to approach this? I'm 
assuming I would do this with Apache but I'm open to other methods as well. 

Any help is appreciated.

Regards,

Karl

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/eae488a2-e7f7-4d60-935f-7c0fbd182050%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Problem with Passenger

2013-11-18 Thread Marcelo Frota

Hi.

I am running puppet with puppet version 3.3.2-1, apache 2.2.22-1ubuntu1.4
and passenger module 2.2.11debian-2.

I having problem with passenger module, i create the config file
/usr/share/puppet/rack/puppetmasterd/config.ru but
the process master the puppet is not running .

For what seems apache is not recognizing the file config.ru

Example in other machine running puppet version 2.6 i have the result in ps
-aux :

puppet 16874 *** * *S18:24 0:00 master

My config.ru :

ARGV << "--debug"
ARGV << "--rack"

# Rack applications typically don't start as root. Set --confdir and
--vardir
# to prevent reading configuration from ~puppet/.puppet/puppet.conf and
writing
# to ~puppet/.puppet
ARGV << "--trace"
ARGV << "--vardir" << "/var/lib/puppet"
ARGV << "--config" << "/etc/puppet/puppet.conf"

require 'puppet/util/command_line'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Util::CommandLine.new.execute
#run Puppet::Application[:master].run

Permissions:

-rwxr-xr-x 1 puppet puppet 1618 Nov 18 17:31
/usr/share/puppet/rack/puppetmasterd/config.ru

Someone help me?

Regards,

Marcelo Frota

--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/74651585-ad76-4e3b-bc91-3624f658b792%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

Here it is:
 

[root@ca-sna-pm01 manifests]# puppet apply --debug --exec "  group { "bb":

name => 'bb',

ensure => present,

gid => 500,

members => 'bb,mtg',

}

"

> > > > > > 

[0;36mDebug: Puppet::Type::Group::ProviderLdap: true value when expecting 
false[0m

[0;36mDebug: Puppet::Type::Group::ProviderDirectoryservice: file 
/usr/bin/dscl does not exist[0m

[0;36mDebug: Puppet::Type::Group::ProviderPw: file pw does not exist[0m

[0;36mDebug: /Group[bb]: Provider groupadd does not support features 
manages_members; not managing attribute members[0m

[0;36mDebug: /Group[bb]: Provider groupadd does not support features 
libuser; not managing attribute forcelocal[0m

[0;36mDebug: Creating default schedules[0m

[0;36mDebug: Using settings: adding file resource 'vardir': 
'File[/var/lib/puppet]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet"}'[0m

[0;36mDebug: Using settings: adding file resource 'client_datadir': 
'File[/var/lib/puppet/client_data]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :mode=>"750", :loglevel=>:debug, 
:path=>"/var/lib/puppet/client_data"}'[0m

 

[0;36mDebug: Puppet::Type::User::ProviderLdap: true value when expecting 
false[0m

[0;36mDebug: Puppet::Type::User::ProviderDirectoryservice: file 
/usr/bin/dsimport does not exist[0m

[0;36mDebug: Puppet::Type::User::ProviderPw: file pw does not exist[0m

[0;36mDebug: Puppet::Type::User::ProviderUser_role_add: file roledel does 
not exist[0m

[0;36mDebug: /User[puppet]: Provider useradd does not support features 
libuser; not managing attribute forcelocal[0m

[0;36mDebug: Using settings: adding file resource 'hostpubkey': 
'File[/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow,
 
:ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", 
:loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem"}'[0m

[0;36mDebug: Using settings: adding file resource 'rundir': 
'File[/var/run/puppet]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :mode=>"755", :loglevel=>:debug, 
:path=>"/var/run/puppet"}'[0m

[0;36mDebug: Using settings: adding file resource 'libdir': 
'File[/var/lib/puppet/lib]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet/lib"}'[0m

[0;36mDebug: Using settings: adding file resource 'publickeydir': 
'File[/var/lib/puppet/ssl/public_keys]{:links=>:follow, 
:ensure=>:directory, :backup=>false, :owner=>"puppet", :loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/public_keys"}'[0m

[0;36mDebug: Using settings: adding file resource 'privatedir': 
'File[/var/lib/puppet/ssl/private]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :owner=>"puppet", :mode=>"750", :loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/private"}'[0m

[0;36mDebug: /Group[puppet]: Provider groupadd does not support features 
libuser; not managing attribute forcelocal[0m

[0;36mDebug: Using settings: adding file resource 'logdir': 
'File[/var/log/puppet]{:links=>:follow, :group=>"puppet", 
:ensure=>:directory, :backup=>false, :owner=>"puppet", :mode=>"750", 
:loglevel=>:debug, :path=>"/var/log/puppet"}'[0m

[0;36mDebug: Using settings: adding file resource 'statefile': 
'File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file, 
:backup=>false, :mode=>"660", :loglevel=>:debug, 
:path=>"/var/lib/puppet/state/state.yaml"}'[0m

[0;36mDebug: Using settings: adding file resource 'hostcert': 
'File[/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow,
 
:ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", 
:loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem"}'[0m

[0;36mDebug: Using settings: adding file resource 'clientbucketdir': 
'File[/var/lib/puppet/clientbucket]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :mode=>"750", :loglevel=>:debug, 
:path=>"/var/lib/puppet/clientbucket"}'[0m

[0;36mDebug: Using settings: adding file resource 'localcacert': 
'File[/var/lib/puppet/ssl/certs/ca.pem]{:links=>:follow, :ensure=>:file, 
:backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/certs/ca.pem"}'[0m

[0;36mDebug: Using settings: adding file resource 'hostcrl': 
'File[/var/lib/puppet/ssl/crl.pem]{:links=>:follow, :ensure=>:file, 
:backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/crl.pem"}'[0m

[0;36mDebug: Using settings: adding file resource 'lastrunfile': 
'File[/var/lib/puppet/state/last_run_summary.yaml]{:links=>:follow, 
:ensure=>:file, :backup=>false, :mode=>"644", :loglevel=>:debug, 
:path=>"/var/lib/puppet/state/last_run_summary.yaml"}'[0m

[0;36mDebug: Using settings: adding file resource 'certdir': 
'File[/var/lib/puppet/ssl/certs]{:links=>:follow, :ensure=>:directory, 
:backup=>false, :owner=>"puppet", :loglevel=>:debug, 
:path=>"/var/lib/puppet/ssl/certs"}'[0m

Re: [Puppet Users] group type

2013-11-18 Thread Matthaus Owens

Stuart,
Your run also has "[0;36mDebug: /Group[bb]: Provider groupadd does not
support features manages_members; not managing attribute members",
which indicates the groupadd provider is being used. The groupadd
provider does not support the members property. If your end goal is to
have those users be members of the group, using the groups property of
the user resource will do what you want
(http://docs.puppetlabs.com/references/latest/type.html#user-attribute-groups)

Something like:
  group { "somegroup":
 name   => 'somegroup',
 ensure => present,
 gid  => 123,
  }

  user { ["user1","user2","user3"]:
groups => "somegroup",
ensure => present,
require => Group["somegroup"],
  }

Would probably work (and worked for me in a local test run).

On Mon, Nov 18, 2013 at 1:07 PM, Stuart Cracraft  wrote:
> Here it is:
>
>
> [root@ca-sna-pm01 manifests]# puppet apply --debug --exec "  group { "bb":
>
> name => 'bb',
>
> ensure => present,
>
> gid => 500,
>
> members => 'bb,mtg',
>
> }
>
> "
>
>> > > > > >
>
> [0;36mDebug: Puppet::Type::Group::ProviderLdap: true value when expecting
> false[0m
>
> [0;36mDebug: Puppet::Type::Group::ProviderDirectoryservice: file
> /usr/bin/dscl does not exist[0m
>
> [0;36mDebug: Puppet::Type::Group::ProviderPw: file pw does not exist[0m
>
> [0;36mDebug: /Group[bb]: Provider groupadd does not support features
> manages_members; not managing attribute members[0m
>
> [0;36mDebug: /Group[bb]: Provider groupadd does not support features
> libuser; not managing attribute forcelocal[0m
>
> [0;36mDebug: Creating default schedules[0m
>
> [0;36mDebug: Using settings: adding file resource 'vardir':
> 'File[/var/lib/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false,
> :loglevel=>:debug, :path=>"/var/lib/puppet"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'client_datadir':
> 'File[/var/lib/puppet/client_data]{:links=>:follow, :ensure=>:directory,
> :backup=>false, :mode=>"750", :loglevel=>:debug,
> :path=>"/var/lib/puppet/client_data"}'[0m
>
>
>
> [0;36mDebug: Puppet::Type::User::ProviderLdap: true value when expecting
> false[0m
>
> [0;36mDebug: Puppet::Type::User::ProviderDirectoryservice: file
> /usr/bin/dsimport does not exist[0m
>
> [0;36mDebug: Puppet::Type::User::ProviderPw: file pw does not exist[0m
>
> [0;36mDebug: Puppet::Type::User::ProviderUser_role_add: file roledel does
> not exist[0m
>
> [0;36mDebug: /User[puppet]: Provider useradd does not support features
> libuser; not managing attribute forcelocal[0m
>
> [0;36mDebug: Using settings: adding file resource 'hostpubkey':
> 'File[/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow,
> :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644",
> :loglevel=>:debug,
> :path=>"/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'rundir':
> 'File[/var/run/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false,
> :mode=>"755", :loglevel=>:debug, :path=>"/var/run/puppet"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'libdir':
> 'File[/var/lib/puppet/lib]{:links=>:follow, :ensure=>:directory,
> :backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet/lib"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'publickeydir':
> 'File[/var/lib/puppet/ssl/public_keys]{:links=>:follow, :ensure=>:directory,
> :backup=>false, :owner=>"puppet", :loglevel=>:debug,
> :path=>"/var/lib/puppet/ssl/public_keys"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'privatedir':
> 'File[/var/lib/puppet/ssl/private]{:links=>:follow, :ensure=>:directory,
> :backup=>false, :owner=>"puppet", :mode=>"750", :loglevel=>:debug,
> :path=>"/var/lib/puppet/ssl/private"}'[0m
>
> [0;36mDebug: /Group[puppet]: Provider groupadd does not support features
> libuser; not managing attribute forcelocal[0m
>
> [0;36mDebug: Using settings: adding file resource 'logdir':
> 'File[/var/log/puppet]{:links=>:follow, :group=>"puppet",
> :ensure=>:directory, :backup=>false, :owner=>"puppet", :mode=>"750",
> :loglevel=>:debug, :path=>"/var/log/puppet"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'statefile':
> 'File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file,
> :backup=>false, :mode=>"660", :loglevel=>:debug,
> :path=>"/var/lib/puppet/state/state.yaml"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'hostcert':
> 'File[/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow,
> :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644",
> :loglevel=>:debug,
> :path=>"/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem"}'[0m
>
> [0;36mDebug: Using settings: adding file resource 'clientbucketdir':
> 'File[/var/lib/puppet/clientbucket]{:links=>:follow, :ensure=>:directory,
> :backup=>false, :mode=>"750", :loglevel=>:debug,
> :path=>"/var/lib/puppet/clientbucket"}'[0m
>
> [0;36mDebug: Us

[Puppet Users] Re: Help with configuring Puppet Proxies using Apache

2013-11-18 Thread Felipe Salum

This is how I do it here

https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/templates/etc/apache2/sites-available/puppetmaster_balancer.erb
https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/files/etc/apache2/sites-available/puppetmaster_ca
https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/files/etc/apache2/sites-available/puppetmaster_worker

Felipe

On Monday, November 18, 2013 12:38:41 PM UTC-8, kschafer2598 wrote:
>
> Hi All,
>
> I have an environment with multiple network environments separated by 
> firewalls. I would like to proxy Puppet traffic from these network 
> environments to a central Puppet master server. 
>
> I've had a great experience with Puppet overall, though it has been rather 
> trying to find documentation on the subject of proxying puppet traffic. 
>
> Can anyone point me in the right direction for how to approach this? I'm 
> assuming I would do this with Apache but I'm open to other methods as well. 
>
> Any help is appreciated.
>
> Regards,
>
> Karl
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3c29abf0-7934-4450-8d4c-def27eec7e9c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Enterprise support for Puppet

We've been using the open source Puppet for a while but we're going to
switch over to PE.

>From what I understand, their top level of support is pretty extensive,
like they will actually look at manifests and tell you why your code isn't
working (so I've heard). We had them out for a professional services
engagement to help with our setup of the open source version too.

Given the choice between them and a third party for support, I'd definitely
choose them. From my experience their employees are very skilled, and they
also have the advantage of having the actual programmers there in their
office.

I went there for a few days to do their Puppet Fundamentals training and it
was very impressive. They have a great team.


Rich

On Monday, November 18, 2013, harshit wrote:

> Stuart,
> Yeah, looks like a good biz opportunity for sure.
> Thanks
> Deepak
>
>
> On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote:
>>
>>
>> Harshit,
>>
>> Seems like it would be very ripe for an external consultancy business,
>> frankly.
>>
>> Stuart
>>
>> On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote:
>>
>>> Wondering if all of you guys are getting the enterprise support.
>>> Also, if PuppetLabs the only company providing this kind of support or
>>> do you have anyone else giving the support
>>>
>>> Thanks
>>>
>>> Harshit
>>>
>>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com  'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPGcbtCZ5O_NaGAAnTJ3jzR4zfbHpL%3DAFwsPYxBRaQNYKj1QLg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Enterprise support for Puppet

I'm going to PF tomorrow in LA.

Anyone else from these forums going?

On Monday, November 18, 2013 3:43:47 PM UTC-8, Rich Burroughs wrote:

> We've been using the open source Puppet for a while but we're going to 
> switch over to PE.
>
> From what I understand, their top level of support is pretty extensive, 
> like they will actually look at manifests and tell you why your code isn't 
> working (so I've heard). We had them out for a professional services 
> engagement to help with our setup of the open source version too.
>
> Given the choice between them and a third party for support, I'd 
> definitely choose them. From my experience their employees are very 
> skilled, and they also have the advantage of having the actual programmers 
> there in their office.
>
> I went there for a few days to do their Puppet Fundamentals training and 
> it was very impressive. They have a great team.
>
>
> Rich
>
> On Monday, November 18, 2013, harshit wrote:
>
>> Stuart,
>> Yeah, looks like a good biz opportunity for sure.
>> Thanks
>> Deepak
>>
>>
>> On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote:
>>>
>>>  
>>> Harshit,
>>>  
>>> Seems like it would be very ripe for an external consultancy business, 
>>> frankly.
>>>  
>>> Stuart
>>>
>>> On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote:
>>>
 Wondering if all of you guys are getting the enterprise support.
 Also, if PuppetLabs the only company providing this kind of support or 
 do you have anyone else giving the support

 Thanks

 Harshit

  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a87c1992-4ed4-4eba-8b62-31b27347a25e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

I bet members needs to be an array when you specify more than one value.

http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays




On Monday, November 18, 2013, Stuart Cracraft wrote:

> Hi.
>
> Created:
>
> class mumble {
>   :
>   random stuff
>   :
> }
>
> class mumble:grouper inherits mumble {
>   group { "somegroup":
>  name => 'somegroup',
>  members => 'user1,user2,user3',
>  ensure => present,
>  gid => 123,
>   }
> }
>
> After a time, mumble:grouper ran, before I added
> user2, and user3 and /etc/group shows:
>
>   somegroup:x:500:
>
> but it doesn't show what it should show which is:
>
>   somegroup:x:500:user1,user2,user3
>
> I verified that user1/2/3 all exist in /etc/passwd.
>
> My question is, why isn't Puppet making the right memberships?
>
> Do I misunderstand member?
>
> Stuart
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com  'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPGcbtAeK86jXCC-B7wCQsFatyYyGcVK8-9YhQrZZfGLMAb-7A%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

Oops my mail client hadn't loaded the replies, it looks like Matthaus has
it. But yeah you do also need to use arrays when there are multiple values.


Rich

On Monday, November 18, 2013, Rich Burroughs wrote:

> I bet members needs to be an array when you specify more than one value.
>
> http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays
>
>
>
>
> On Monday, November 18, 2013, Stuart Cracraft wrote:
>
>> Hi.
>>
>> Created:
>>
>> class mumble {
>>   :
>>   random stuff
>>   :
>> }
>>
>> class mumble:grouper inherits mumble {
>>   group { "somegroup":
>>  name => 'somegroup',
>>  members => 'user1,user2,user3',
>>  ensure => present,
>>  gid => 123,
>>   }
>> }
>>
>> After a time, mumble:grouper ran, before I added
>> user2, and user3 and /etc/group shows:
>>
>>   somegroup:x:500:
>>
>> but it doesn't show what it should show which is:
>>
>>   somegroup:x:500:user1,user2,user3
>>
>> I verified that user1/2/3 all exist in /etc/passwd.
>>
>> My question is, why isn't Puppet making the right memberships?
>>
>> Do I misunderstand member?
>>
>> Stuart
>>
>>
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPGcbtDVm6BqgVW02XYJFa69rOhDHm0Qpe3zjopunYUL%2BWY28g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

Is there a way to assign the uids in the user {["user1", "user2"]:  } 
expression?


On Monday, November 18, 2013 3:47:10 PM UTC-8, Rich Burroughs wrote:

> I bet members needs to be an array when you specify more than one value.
>
> http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays
>
>
>
>
> On Monday, November 18, 2013, Stuart Cracraft wrote:
>
>> Hi.
>>  
>> Created:
>>  
>> class mumble {
>>   :
>>   random stuff
>>   :
>> }
>>  
>> class mumble:grouper inherits mumble {
>>   group { "somegroup":
>>  name => 'somegroup',
>>  members => 'user1,user2,user3',
>>  ensure => present,
>>  gid => 123,
>>   }
>> }
>>  
>> After a time, mumble:grouper ran, before I added
>> user2, and user3 and /etc/group shows:
>>  
>>   somegroup:x:500:
>>  
>> but it doesn't show what it should show which is:
>>  
>>   somegroup:x:500:user1,user2,user3
>>  
>> I verified that user1/2/3 all exist in /etc/passwd.
>>  
>> My question is, why isn't Puppet making the right memberships?
>>  
>> Do I misunderstand member?
>>  
>> Stuart
>>  
>>  
>>  
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6b1c2004-54bd-4ea1-bd5b-513a94447caf%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] ports, protocols, and directionality

Hi,

For Open Source Puppet to be permitted on my network, I
need to know which ports, which protocols, and which direction
for the firewall.

Assume two nodes: the puppet master and the puppet agent.

Please advise and, preferably point me at a URL at Puppet Labs.

All I could find was this:

  
http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node

Stuart


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ports, protocols, and directionality

2013-11-18 Thread Matthew Nicholson

Its right there on the page you linked to:

"
Open Firewall Ports On Server and Agent Node

In order for the puppet master server to centrally manage agent nodes, you
may need to open port 8140 for incoming tcp connections on the puppet
master. Consult your firewall documentation for more details.

"

so, port 8140/tcp, its http(s), and thats agent to master.





On Mon, Nov 18, 2013 at 7:45 PM, Stuart Cracraft wrote:

> Hi,
>
> For Open Source Puppet to be permitted on my network, I
> need to know which ports, which protocols, and which direction
> for the firewall.
>
> Assume two nodes: the puppet master and the puppet agent.
>
> Please advise and, preferably point me at a URL at Puppet Labs.
>
> All I could find was this:
>
>
> http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node
>
> Stuart
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Matthew Nicholson

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkZj2sU6kkAHNQJ46LLgButrs-Hb2w06KtjNedugTS3hGA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] aws ec2 windows node_aws bootstrap

2013-11-18 Thread Marc Lucke


I have PE with 10 licenses free & no support contract (yet - just playing).

"Notice: Waiting for SSH response..." tells me what I knew anyway: 
puppet node_aws bootstrap won't work with Windows machines - or am i 
doing something wrong.  Can anyone confirm my thoughts?


I've googled it & it seems many have gone down the bodging a solution 
track, for example one guy found that an ec2 windows instance will run a 
vb script that can be used to go get the puppet agent and install it.  
That same vbscript could probably tell puppet where it's master is & 
kick off the certificate signing process too.


I know I could create an ami but I was looking to automate a little deeper.

Anyone doing same?

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/528ACD48.6080105%40marcsnet.com.
For more options, visit https://groups.google.com/groups/opt_out.
<>

[Puppet Users] Weird situation - exec fails but Puppet 2.7 exits 2

2013-11-18 Thread Amos Shapira

Hello,

We are a long time Puppet 2.7 shop (installing latest Puppet 2.7 gems on 
deployments. In this particular build it picked up Puppet 2.7.23) and just 
discovered the following:

Executing a psql command like:

build   12-Nov-2013 04:30:16debug: 
/Stage[main]/Buildeng_postgres::Service/Service[postgresql]: The container 
Class[Buildeng_postgres::Service] will propagate my refresh event
build   12-Nov-2013 04:30:16debug: Class[Buildeng_postgres::Service]: 
The container Stage[main] will propagate my refresh event
build   12-Nov-2013 04:30:16debug: Exec[create postgres 
user](provider=posix): Executing 'psql -U postgres -c "ALTER USER postgres 
WITH PASSWORD 'password';"'
build   12-Nov-2013 04:30:16debug: Executing 'psql -U postgres -c 
"ALTER USER postgres WITH PASSWORD 'password';"'
build   12-Nov-2013 04:30:16notice: 
/Stage[main]/Buildeng_postgres::Post_service/Buildeng_postgres::Create_user[postgres]/Exec[create
 
postgres user]/returns: psql: FATAL:  the database system is starting up
build   12-Nov-2013 04:30:16err: 
/Stage[main]/Buildeng_postgres::Post_service/Buildeng_postgres::Create_user[postgres]/Exec[create
 
postgres user]: Failed to call refresh: psql -U postgres -c "ALTER USER 
postgres WITH PASSWORD 'password';" returned 2 instead of one of [0] at 
/home/ubuntu/puppet-cfg/buildeng-modules/buildeng_postgres/manifests/create_user.pp:10

The resource which creates this log is:

define buildeng_postgres::create_user ($password=undef) {

  require buildeng_postgres::service

  exec { 'create postgres user':
subscribe   => Service['postgresql'],
user=> $buildeng_postgres::params::user,
command => "psql -U ${buildeng_postgres::params::postgres_user} -c 
\"ALTER USER ${buildeng_postgres::params::postgres_user} WITH PASSWORD 
'${buildeng_postgres::params::postgres_password}';\"",
refreshonly => true,
  }

}

Puppet registers the failure as an error ("2" is not an expected exit code 
of this Exec resource) but still exits with exit status "2" (with 
--detailed-exitcode).
I know why psql failed but that's besides the point - Puppet should have 
failed but it didn't.

Any idea why?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3968d231-7a42-45cc-88e0-61bf55e96b4f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] ports, protocols, and directionality

There are more ports, no?

> On Nov 18, 2013, at 5:31 PM, Matthew Nicholson 
>  wrote:
> 
> Its right there on the page you linked to: 
> 
> "
> Open Firewall Ports On Server and Agent Node
> In order for the puppet master server to centrally manage agent nodes, you 
> may need to open port 8140 for incoming tcp connections on the puppet master. 
> Consult your firewall documentation for more details.
> 
> "
> 
> so, port 8140/tcp, its http(s), and thats agent to master.
> 
> 
> 
> 
> 
> 
> 
>> On Mon, Nov 18, 2013 at 7:45 PM, Stuart Cracraft  
>> wrote:
>> Hi,
>> 
>> For Open Source Puppet to be permitted on my network, I
>> need to know which ports, which protocols, and which direction
>> for the firewall.
>> 
>> Assume two nodes: the puppet master and the puppet agent.
>> 
>> Please advise and, preferably point me at a URL at Puppet Labs.
>> 
>> All I could find was this:
>> 
>>   
>> http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node
>> 
>> Stuart
>> 
>> 
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 
> 
> -- 
> Matthew Nicholson
> -- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "Puppet Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/puppet-users/c6bl5sZsSc8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkZj2sU6kkAHNQJ46LLgButrs-Hb2w06KtjNedugTS3hGA%40mail.gmail.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9CCD1366-A3AB-406E-A35A-E73E9F31452F%40me.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type

If you really mean assign, no. UIDs are managed through the user resource
type:

http://docs.puppetlabs.com/references/latest/type.html#user


Rich

On Monday, November 18, 2013, Stuart Cracraft wrote:

> Is there a way to assign the uids in the user {["user1", "user2"]:  }
> expression?
>
>
> On Monday, November 18, 2013 3:47:10 PM UTC-8, Rich Burroughs wrote:
>
>> I bet members needs to be an array when you specify more than one value.
>>
>> http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays
>>
>>
>>
>>
>> On Monday, November 18, 2013, Stuart Cracraft wrote:
>>
>>> Hi.
>>>
>>> Created:
>>>
>>> class mumble {
>>>   :
>>>   random stuff
>>>   :
>>> }
>>>
>>> class mumble:grouper inherits mumble {
>>>   group { "somegroup":
>>>  name => 'somegroup',
>>>  members => 'user1,user2,user3',
>>>  ensure => present,
>>>  gid => 123,
>>>   }
>>> }
>>>
>>> After a time, mumble:grouper ran, before I added
>>> user2, and user3 and /etc/group shows:
>>>
>>>   somegroup:x:500:
>>>
>>> but it doesn't show what it should show which is:
>>>
>>>   somegroup:x:500:user1,user2,user3
>>>
>>> I verified that user1/2/3 all exist in /etc/passwd.
>>>
>>> My question is, why isn't Puppet making the right memberships?
>>>
>>> Do I misunderstand member?
>>>
>>> Stuart
>>>
>>>
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%
>>> 40googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com  'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/6b1c2004-54bd-4ea1-bd5b-513a94447caf%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPGcbtCADPaop9QazQd3YGbZK%2BtX72OktuHKoyVt4OrbWf-KLg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] group type