[Puppet Users] Puppet: Custom functions
Hi! As far as I know custom functions are executed on puppet master server. But each run puppet master copies all the custom functions available to /var/lib/puppet/lib/puppet/parser/functions/ folder on puppet clients. Why is it so? -- Best regards, Sergey Arlashin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/BB5FEC9D-B18E-43F2-87CB-021D821738CB%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Nested parametrized defines
Dear John and all, Am 15.11.2013 um 15:47 schrieb jcbollinger : > > On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote: > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.html does > not suggest to me that nested parametrized defines would be forbidden > > > You are correct. Defined type bodies may declare resources of any type, > including defined types. > > > , hence I expected the following code to work: > > add_to_ssh_authorized_keys.pp: > > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", > $targetuser="root", $keyowner, $keyownername, $state="present" ) { > > > To be clear, that should appear in path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the > autoloader to be able to find it. Yes, this is true: it's located in /etc/puppet/modules/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp > > > > it_services_admins.pp: > - > define a::ssh_keys::it_services_admins($user='root'){ > > > Likewise, that should appear in path>/a/manifests/ssh_keys/it_services_admins.pp This file is located in etc/puppet/modules/a/manifests/ssh_keys/it_services_admins.pp > > > > > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": Sorry, my fault, the line above reads a::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > > targetuser => "$user", > keyowner => 'blah', > keyownername => 'blah', > } > } > > - > > class file: > > > I suppose you mean that this is the file of the module main class, path>//manifests/init.pp > > Not necessarily init.pp, and it's outside the a module, e.g.: /etc/puppet/modules/c/manifests/nodes/saas.pp. Perhaps this is the problem? > class c::nodes::saas{ a::ssh_keys::it_services_admins{ 'b': user => 'b' } a::ssh_keys::it_services_admins{ 'root': user => 'root' } } The error message reads: Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at /etc/puppet/modules/a/manifests/ssh_keys/:7" > > Have you attempted to obfuscate the manifest fragments you presented? Sorry -- my intention was to strip the problem down mentally, and I admit to have failed… Thanks for helping anyway! Patricia -- Patricia Jung Senior Software and Support Engineer censhare AG Paul-Gerhardt-Allee 50, 81245 Muenchen, Germany Fon +49 89 568236-311 Fax +49 89 568236-501 http://www.censhare.com http://blog.censhare.com Vorstand: Walter Bauer, Robert Motzke, Dieter Reichert Aufsichtsratsvorsitzender: Matthias Zimmermann Handelsregister: Amtsgericht Muenchen HRB 140617 USt-ID: DE219222021 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7703E42A-DEBC-4C89-8853-2103151F5F23%40censhare.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet agent does not start in Solaris zone
Hi Rich, the package installs CSWruby18 VERSION: 1.8.7p334,REV=2011.03.24 and that is supported. Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ebcd980b-a6d0-4988-96e9-c04282931e6a%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] NFS Mount: Still the error Could not evaluate: Field 'device' is required
Hi there! I have still a problem in using the pupppet mount-module. Master 3.3.2 on Ubuntu 12.04 LTS 64 bit. Agent with problem: SLES 10 SP2 64 Bit with Agent 2.7.21 The mount should be created by the following: * file { '/opt/Logfiles':ensure => directory,notify => Mount ['/opt/Logfiles'],} mount { "/opt/Logfiles":name=> "/opt/Logfiles",ensure => "present",atboot => "true", blockdevice => "-",device => "logserver1:/LOG1/Logfiles", fstype => "nfs",options => "defaults",require => File ['/opt/Logfiles'], }* On the client the following error is shown: *puppet agent --verbose --onetime --no-daemonizeinfo: Retrieving plugininfo: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rbinfo: Loading facts in /var/lib/puppet/lib/facter/pe_version.rbinfo: Loading facts in /var/lib/puppet/lib/facter/root_home.rbinfo: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rbinfo: Caching catalog for XXX.locinfo: Applying configuration version '1384768567'notice: /Stage[main]//Node[XXX.loc]/Mount[/opt/Logfiles]/ensure: defined 'ensure' as 'defined'info: FileBucket got a duplicate file {md5}842588410211eba6cce2b68cecec5cf4err: /Stage[main]//Node[XXX.loc]/Mount[/opt/Logfiles]: Could not evaluate: Field 'device' is requirednotice: Finished catalog run in 0.06 seconds* I thought that bug should be removed, see here: https://github.com/puppetlabs/puppet/commit/67e1ff6 The strange is, that a SLES 11 has no problem with this with an 2.6 agent... Kind regards, Daniel -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/173c9b38-7a5c-4fb6-a32b-2e068cd2c1e1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Puppet Enterprise Console not accessing the modules
I have the same issue. Got a coonection error in the UI and same message in the logs. I totally rebuilt the puppet server and some how the error went away. But some errors came. Mainly look at the certificate part is working well. On Monday, 18 November 2013 09:39:07 UTC+5:30, Rafael Abdalla wrote: > > Hi Community, > > I have installed Puppet Enterprise 3.1 recently and I could not get > Puppet Console working properly yet with the modules that I have installed. > I checked the module path and it is correct. The reports are working. > > The below error message is consistently being displayed on the > production.log file for the puppet dashboard. > >*Connecting to database specified by database.yml* > * Problem loading console auth middleware: cannot load such file -- > console_auth_middleware* > * Problem with loading console: cannot load such file -- > console_middleware* > * Problem with loading console auth: cannot load such file -- > console_auth_app_middleware* > * Problem with loading event inspector: cannot load such file -- > event_inspector_middleware* > * Problem with loading live management: cannot load such file -- > live_management* > > Have anyone had similar problem with puppet console before ? > > Thanks. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/39d89a9a-ae5e-4c34-a574-6543f29390c3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Can puppetdb use an SSL cert signed by CA that differs from the puppetmasters?
On Mon, Nov 18, 2013 at 2:57 AM, Ken Barber wrote: > > Following up: http://projects.puppetlabs.com/issues/23180 > > So someone else was discussing this on IRC, was it you? I'm just > asking because I was trying to remember if there was another user > trying to do a similar thing. > > No, that wasn't me. > > Thanks again. I think I spent enough time to figure out how I can hack > this > > in the short term, though would love to see this accepted! I'm happy to > > provide the hack diff that we'll use, though I am positive that you'd not > > want to just merge that. This is probably my second time writing any > Ruby > > code :) > > My local git branches are full of hacky patches, that upon scrutiny > aren't the 'final solution' ... lol :-). But workarounds are _always_ > welcome, so at least users aren't completely road-blocked when they > find the bug :-). So please, add whatever you find to the ticket, it > helps. > Yeah, I was able to patch out the code that writes stuff to puppetdb (the Command class), but got stuck trying to fix the other classes that extent Indirector::Rest. I must be misunderstanding inheritance in Ruby, since I overrode the network() method but am still getting a cert validation error. -- And I attempted to add a bunch of logging which I don't see, so obviously I'm doing something wrong :) If I can get a full working hack, I'd be happy to post a diff. Thanks again - Hans -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAUa_rz-u49eUaTzYmb1vws9wY3t%2BuQL62kEDyummLEpnqQ_zw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] agent hangs at: Caching certificate_revocation_list for ca
Dear all, I just upgraded the OS of my PuppetMaster from Debian Squeeze to Wheezy (on AWS/EC2) and since then all the clients hangs at: Info: Caching certificate_revocation_list for ca and then eventually fails with Timeout error. I think, it did work until I rebooted the Master. In addition, I did "puppet cert clean" on the master for that particular node and removed the ssl directory from the agent (so that it asks for a new certificate) and ran puppet agent -tv and it fails with these: Info: Creating a new SSL key for ip-10-0-8-43.eu-west-1.compute.internal > Info: Caching certificate for ca > Info: Creating a new SSL certificate request for > ip-10-0-8-43.eu-west-1.compute.internal > Info: Certificate Request fingerprint (SHA256): > 32:0E:84:F3:EA:8D:49:48:43:85:08:55:64:6D:F8:D5:A1:E7:73:4F:82:70:7B:0B:B1:7F:E5:A4:F4:35:7A:ED > Info: Caching certificate for ip-10-0-8-43.eu-west-1.compute.internal > Info: Caching certificate_revocation_list for ca > Error: Failed to apply catalog: Timeout::Error > Any idea what am I missing? This thing is stopping me form upgrading the OS on the PuppetMaster for long. JFI, using Puppet v3.3.2, if that important. Amy help is greatly appreciated. Cheers, Santanu -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2d0f7570-a6d6-424e-ba89-6ff561d5a89c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Run 'puppet facts' in ENC
The "right" way would probably be to query PuppetDB if you're using it. If you're not using it, the `puppet facts` face (at least in terms of querying by node) seems to just be a CLI for the Inventory Service REST API, which is documented at http://docs.puppetlabs.com/guides/inventory_service.html - so you should just query that directly. -jantman On 11/17/2013 09:19 PM, Alexander Luetjen wrote: Hi, In an ENC I try to run 'puppet facts find ' to retrieve more information about a node. However, the execution of 'puppet facts' fails with the following error message: Error: could not initialize global default settings: couldn't find HOME environment -- expanding `~/.puppet' What's correct way to access facts about a node in an ENC? Thanks, Alex -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e98ad6d8-4824-497a-8595-29d497c3cd1b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A140C.8010102%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How do I generate a certificate to use the REST API ?
Using Puppet 3.x I want to tinker with the REST API, but other than basic stuff, all requests are denied. because there is no certificate between my workstation and the Puppet Master. How do I do this ? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1351348393.4599002.1384782541652.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to create local puppet forge repositories
In our case, we need a local puppet repository for two reasons: 1- to host our own puppet modules, which should not be publicly accessible 2- to have our own local copy of all public puppet modules that we use (so that we do not rely on you; if your servers go down, our company should still be able to run...) very much as nexus for maven repository: http://www.sonatype.org/nexus/ Regards, David On Monday, June 18, 2012 10:07:47 PM UTC+2, Ryan Coleman wrote: > > On Mon, Jun 18, 2012 at 12:01 PM, Lian Zhu > > wrote: > > Hi, was just wondering if there's a way to create a local forge > repositories > > to host our local modules? Has anyone done that? > > I found this post, http://projects.puppetlabs.com/issues/5033. > > that was one year ago. Wondering if there's a way to do it now? > > > > Thanks. > > Hi, > > As Pieter mentioned, we don't currently have this capability. > > I'm curious about your particular needs from a local forge. Are you > interested in hosting your own modules on the Forge for use in the > Puppet Module Tool but don't want your modules to be publicly > accessible? Any other requirements would be useful to hear about too. > > Thanks! > > --Ryan > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/70eff765-ee6c-4d84-8f5c-dff3a8dc24b9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to create local puppet forge repositories
Having a local forge available would be great. Some customers do not like to run un-audited code - they do most modules by themselves anyway. At the moment we use a CI build chain to create OS packages for our modules. But for dev’s a local forge would be a good opportunity for sharing modules and knowledge and to prevent double work. Regards, Martin On 18 Nov 2013, at 14:49, David Portabella wrote: > In our case, > we need a local puppet repository for two reasons: > 1- to host our own puppet modules, which should not be publicly accessible > 2- to have our own local copy of all public puppet modules that we use > (so that we do not rely on you; if your servers go down, our company > should still be able to run...) > > very much as nexus for maven repository: > http://www.sonatype.org/nexus/ > > > Regards, > David > > > On Monday, June 18, 2012 10:07:47 PM UTC+2, Ryan Coleman wrote: > On Mon, Jun 18, 2012 at 12:01 PM, Lian Zhu wrote: > > Hi, was just wondering if there's a way to create a local forge > > repositories > > to host our local modules? Has anyone done that? > > I found this post, http://projects.puppetlabs.com/issues/5033. > > that was one year ago. Wondering if there's a way to do it now? > > > > Thanks. > > Hi, > > As Pieter mentioned, we don't currently have this capability. > > I'm curious about your particular needs from a local forge. Are you > interested in hosting your own modules on the Forge for use in the > Puppet Module Tool but don't want your modules to be publicly > accessible? Any other requirements would be useful to hear about too. > > Thanks! > > --Ryan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/70eff765-ee6c-4d84-8f5c-dff3a8dc24b9%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/E949AF3F-7937-4397-AC5C-1EC0C5DA1E0B%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppet client
On Friday, November 15, 2013 11:40:12 PM UTC-6, Stuart Cracraft wrote: > > > Looks like you haven't worked in a hosting firm with strenuous security > yet. > > Having paths open to the Internet are a big no-no. > > Local repos are a good choice, even for sites with fewer constraints. I certainly recommend a local repo for home-built packages, but I also recommend maintaining local mirrors of other needed repos. It reduces traffic from the local network to the Internet, and gives you a measure of independence. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56f1dc8c-5b0f-4dce-bb28-6d7c6f672856%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: delayed effect of "puppet apply mumble.pp"
Hi, no, there is not. And not to come around as overly critical, but if you ponder the use of such a functionality, chances are that you are designing a manifest that is not well in tune with puppets strengths and weaknesses (I wouldn't want to coin definitions of "right" and "wrong" ways, but there are nuances). I suggest you open a new thread and explain exactly what you expect puppet to do and inquire for good patterns to apply. Generally, for the case of "chaining actions based on the output of an executed program", it is advisable to write a shell script to do all this foot work, have puppet deploy it on the agent box and exec the whole thing in one go. HTH, Felix On 11/15/2013 08:33 PM, Stuart Cracraft wrote: > In good shape here. Got everything up and running yesterday and today. > > My current question I've posted at the main level. > > I just want to get at the value (exit status and/or standard output) > returned from > any arbitrary Unix command puppet would run. > > So the question is is there a way to get exec's output (all of it) into > a variable > and for the exit status. > > I don't see a way to do that in the cheat sheet, various books, online > nor with google. > > Stuart -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A2422.80507%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] create_resources and file
Doing create_resources('file',hiera_hash('input')) works great for some hiera like input: /tmp/a.txt: owner: root ensure: file ... Im not able to put any template() stuff in there input: /tmp/a.txt: owner: root ensure: file content: template("create_re/aha.erb") Instead of doing the template lookup. The content of the file is 'template("create_re/aha.erb")' Any way to dynamically (hiera) define the templates? Regards Erkan -- über den grenzen muß die freiheit wohl wolkenlos sein -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1ViPtj-0001TZ-1c%40linsenraum.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?
On the puppet master: puppet cert generate workstation.example.org Then I copied the following from the puppet master to my workstation: The public and private keys for my workstation ( workstation-publickey.pem / workstation-privatekey.pem ) The certificate for my workstation ( workstation-cert.pem ) The public key for the puppet master ( puppetmaster-publickey.pem ) On my workstation, curl --insecure -H 'Accept: s' https://puppetmaster.example.org:8140/production/certificate/ca > curl-ca-bundle.crt cat puppetmaster-publickey.pem >> curl-ca-bundle.crt THEN !! curl --cert workstation-cert.pem \ --key workstation-cert.pem \ --cacert curl-ca-bundle.crt \ -H "Accept: yaml" https://puppetmaster.example.org:8140/dev/status/devnode001.example.org WORKED !! I am going to bundle up everything up to the "-H" into an alias. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "Dan White" To: "Puppet Users Mailing List" Sent: Monday, November 18, 2013 8:49:01 AM Subject: [Puppet Users] How do I generate a certificate to use the REST API ? Using Puppet 3.x I want to tinker with the REST API, but other than basic stuff, all requests are denied. because there is no certificate between my workstation and the Puppet Master. How do I do this ? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/82113611.4600328.1384785445522.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Class declaration ordering causes duplicate resource error
Hi, no this cannot work, you're mixing two syntaxes. In theory, this may work: class { "foo::bar": } Class["foo:baz"] -> Class["foo::bar"] But I'm with John: class { "name": } declarations should only be used if absolutely necessary, which it's not! Do this: include foo::bar Class["foo:baz"] -> Class["foo::bar"] I think what you had in mind was the following. It might work in theory, but the above version is preferable. class { "foo::bar": require => Class["foo::baz"] } Again, don't do this. HTH, Felix On 11/16/2013 12:50 AM, Jon McKenzie wrote: > Anyways, would writing something like this work? > > class { "foo::bar": > Class["foo:baz"] -> Class["foo::bar"] > } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A26A0.1010506%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Class declaration ordering causes duplicate resource error
On Friday, November 15, 2013 5:50:16 PM UTC-6, Jon McKenzie wrote: > > Thanks John, > > Unfortunately, we're using Foreman in our shop for the ENC, so using Hiera > is currently not possible (AFAIK) > > What does one have to do with the other? > For some reason, I thought the "require" statement was analogous to the > "require" metaparameter. But looking at the documentation, clearly that's > not the case. Still, this seems like a bug to me. If this is a duplicate > declaration, shouldn't it error regardless of the ordering within the > manifest? > > For classes, it is not duplicate declaration generally that is the problem. It is a fundamental design feature of Puppet that the same class may be 'include'd (or 'require'd, or, now, 'contain'ed) multiple times, and more generally that it is OK to include (etc.) a class that has already been declared. Parameterized-style declarations are a bit of a fly in the ointment, however, because they do two distinct things that are only loosely related: (1) declare a class, and (2) bind values to the class's parameters. It is the second function that causes trouble. If Puppet could parse the whole manifest set to determine what classes were declared first, then go back and set class parameters, then the constraint you ran into could be solved. Unfortunately, that is not possible because class parameter values can influence which classes are declared. There is no reliable, general way to defer class parameter assignments, so parameters are bound to a class by the first declaration evaluated, and subsequent parameter list declarations (even empty ones) cannot be honored. tl;dr: it's not a bug, it's a design shortcoming. > Anyways, would writing something like this work? > > class { "foo::bar": > Class["foo:baz"] -> Class["foo::bar"] > } > > Puppet should not object to that, provided that Class['foo::baz'] is declared somewhere else in the manifest set. It should not be sensitive to evaluation order. With that said, the constraint that foo::baz must be declared, but foo::bar does not cause it to be, constitutes a weakness that may bite you later. I would suggest omitting the ordering relationship from foo::bar, and instead declaring the relationship in some place where you can know that both classes have been declared. For example, class foo::bam { include 'foo::bar' class {'foo::baz': } Class['foo::baz'] -> Class['foo::bar'] } If indeed the relationship declaration is safe in foo::bar in the first place, then there must be one or more such higher-level places that would be suitable for declaring the relationship. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/164bd119-0fe2-4269-9ad2-628180503fd9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet: Custom functions
Hi, you have likely enabled the pluginsync feature, which allows you to use "Plugins in modules" to e.g. distribute custom facts to your agents. Puppet will not distinguish custom facts and types from parser functions. For most people, syncing parser functions to agents serves no purpose. I advise to regard it as just a side occurence, and to just ignore it. HTH, Felix On 11/18/2013 09:49 AM, Sergey Arlashin wrote: > Hi! > > As far as I know custom functions are executed on puppet master server. But > each run puppet master copies all the custom functions available to > /var/lib/puppet/lib/puppet/parser/functions/ folder on puppet clients. Why is > it so? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A2750.6050602%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?
I forgot the finishing touch: On the puppet master: /etc/puppet/auth,conf Added the lines: # allow workstation REST API access path / allow workstation.example.org and restarted the puppet master ! As I get familiar with the API, I would probably want to add some method restrictions. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "Dan White" To: puppet-users@googlegroups.com Sent: Monday, November 18, 2013 9:37:25 AM Subject: Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ? On the puppet master: puppet cert generate workstation.example.org Then I copied the following from the puppet master to my workstation: The public and private keys for my workstation ( workstation-publickey.pem / workstation-privatekey.pem ) The certificate for my workstation ( workstation-cert.pem ) The public key for the puppet master ( puppetmaster-publickey.pem ) On my workstation, curl --insecure -H 'Accept: s' https://puppetmaster.example.org:8140/production/certificate/ca > curl-ca-bundle.crt cat puppetmaster-publickey.pem >> curl-ca-bundle.crt THEN !! curl --cert workstation-cert.pem \ --key workstation-cert.pem \ --cacert curl-ca-bundle.crt \ -H "Accept: yaml" https://puppetmaster.example.org:8140/dev/status/devnode001.example.org WORKED !! I am going to bundle up everything up to the "-H" into an alias. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/774872178.4600520.1384785845284.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?
Hi, that would work. Couldn't you instead have just (from the agent) 1. puppet agent --one-time --certname to upload a CSR, then on the master 2. sign the cert using puppet ca and then have the agent download it via another puppet agent call? Of course, you still need to scrounge the chain together from the various certs cached by the agent, but it should all be there. Cheers, Felix On 11/18/2013 03:37 PM, Dan White wrote: > Then I copied the following from the puppet master to my workstation: > The public and private keys for my workstation ( > workstation-publickey.pem / workstation-privatekey.pem ) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A2912.9060103%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] scope question
Hi, On 11/18/2013 01:50 AM, Jay Christopherson wrote: > *versions.pp:* > define parent::versions($version) { > } > > *child.pp*: > class parent::child { > include parent > > notify{ "${version}": } > } > > Variables and defaults declared in a local scope are only available > in *that scope and its children* > * > * > Clearly, I'm missing something here. I would expect this to print out > the value of "$version", that is set by calling "create_resources" in > the parent. in this example, parent::child is *not* in fact a child of anything. It's just a class in module called 'parent'. Seeing as $version is a parameter of a defined type of your's, it doesn't make sense to reference it anywhere else. Consider this: class test { parent::versions { "apache" => "2.2", ruby => "1.9.3" } notify { "$version": } } What would you expect $version to be in this context? Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A2B29.2090800%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: delayed effect of "puppet apply mumble.pp"
On Friday, November 15, 2013 1:33:19 PM UTC-6, Stuart Cracraft wrote: > > In good shape here. Got everything up and running yesterday and today. > > My current question I've posted at the main level. > > I just want to get at the value (exit status and/or standard output) > returned from > any arbitrary Unix command puppet would run. > > So the question is is there a way to get exec's output (all of it) into a > variable > and for the exit status. > > No. Puppet variables are meaningful only to the puppetmaster, during the catalog compilation process. By the time you are applying the catalog to the target node (so that an Exec's command is run), catalog compilation is necessarily complete. As I said, though, you can create a custom fact that executes whatever command you like on the target node -- before catalog compilation -- and returns its output. It would be slightly trickier, but I think still possible, to capture the output and exit status into separate facts (or even not so tricky if you were willing for Facter to run the command twice). Alternatively, you can write a custom provider, either for an existing type or for a new, custom one, that captures command output and exit status in *Ruby* variables, and does whatever you want with them within the scope of applying a resource of the given type. As Felix observed, your design concept may not be well aligned with Puppet's mode of operation. Puppet wants to gather up front all the information needed to compute the details of the target configuration, then to compile the chosen configuration details into a compact representation, and finally to update the target node to match the configuration details. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ad852d98-6e02-4d1e-ab27-78866e0dc47f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ?
There is no agent on my workstation. That was one of the head-scratchers Your suggestion looks like it would work if there was an agent. Thanks for responding “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "Felix Frank" To: puppet-users@googlegroups.com Sent: Monday, November 18, 2013 9:49:54 AM Subject: Re: [Puppet Users] (ANSWERED IT MYSELF!) How do I generate a certificate to use the REST API ? Hi, that would work. Couldn't you instead have just (from the agent) 1. puppet agent --one-time --certname to upload a CSR, then on the master 2. sign the cert using puppet ca and then have the agent download it via another puppet agent call? Of course, you still need to scrounge the chain together from the various certs cached by the agent, but it should all be there. Cheers, Felix On 11/18/2013 03:37 PM, Dan White wrote: > Then I copied the following from the puppet master to my workstation: > The public and private keys for my workstation ( > workstation-publickey.pem / workstation-privatekey.pem ) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528A2912.9060103%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52236470.4601043.1384787026352.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: site.pp Does include work inside a node definition?
On Saturday, November 16, 2013 12:13:04 PM UTC-6, Puppet Muppet wrote: > > > Hi, > > Is it possible to use Include as I have done below, inside my node > statement? > For the record, yes, the 'include' statement can be used inside node definitions. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/45dcd5bf-97cf-4aa0-bcfc-60c6dc2cc93f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet: Custom functions
Thank you! On Nov 18, 2013, at 6:42 PM, Felix Frank wrote: > Hi, > > you have likely enabled the pluginsync feature, which allows you to use > "Plugins in modules" to e.g. distribute custom facts to your agents. > > Puppet will not distinguish custom facts and types from parser > functions. For most people, syncing parser functions to agents serves no > purpose. > > I advise to regard it as just a side occurence, and to just ignore it. > > HTH, > Felix > > On 11/18/2013 09:49 AM, Sergey Arlashin wrote: >> Hi! >> >> As far as I know custom functions are executed on puppet master server. But >> each run puppet master copies all the custom functions available to >> /var/lib/puppet/lib/puppet/parser/functions/ folder on puppet clients. Why >> is it so? > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/528A2750.6050602%40alumni.tu-berlin.de. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/43C06D56-9AB6-4FB6-B7E9-F0D7341AD951%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Nested parametrized defines
On Monday, November 18, 2013 3:40:46 AM UTC-6, Patricia Jung wrote: > > Dear John and all, > > Am 15.11.2013 um 15:47 schrieb jcbollinger: > > > > On Thursday, November 14, 2013 5:32:50 AM UTC-6, Patricia Jung wrote: > > > > http://docs.puppetlabs.com/puppet/3/reference/lang_defined_types.htmldoes > > not suggest to me that nested parametrized defines would be forbidden > > > > > > You are correct. Defined type bodies may declare resources of any type, > including defined types. > > > > > > , hence I expected the following code to work: > > > > add_to_ssh_authorized_keys.pp: > > > > define a::ssh_keys::add_to_ssh_authorized_keys($homebasedir="/home", > $targetuser="root", $keyowner, $keyownername, $state="present" ) { > > > > > > To be clear, that should appear in path>/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp in order for the > autoloader to be able to find it. > Yes, this is true: it's located in > /etc/puppet/modules/a/manifests/ssh_keys/add_to_ssh_authorized_keys.pp > > > > > > > > it_services_admins.pp: > > - > > define a::ssh_keys::it_services_admins($user='root'){ > > > > > > Likewise, that should appear in path>/a/manifests/ssh_keys/it_services_admins.pp > This file is located in > etc/puppet/modules/a/manifests/ssh_keys/it_services_admins.pp > > > > > > > > > > censhare::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > Sorry, my fault, the line above reads > a::ssh_keys::add_to_ssh_authorized_keys{ "$user-blah": > > > > targetuser => "$user", > > keyowner => 'blah', > > keyownername => 'blah', > > } > > } > > > > - > > > > class file: > > > > > > I suppose you mean that this is the file of the module main class, > //manifests/init.pp > > > > > Not necessarily init.pp, and it's outside the a module, e.g.: > /etc/puppet/modules/c/manifests/nodes/saas.pp. Perhaps this is the > problem? > Ah, ok. I understand now. No, it should not be a problem for instances of your defined type to be declared by classes from other modules or even no module at all. Besides, the declaration in c::nodes::saas is not the locus of the problem. > > > >class c::nodes::saas{ >a::ssh_keys::it_services_admins{ 'b': > user => 'b' >} >a::ssh_keys::it_services_admins{ 'root': > user => 'root' >} >} > > The error message reads: > > Invalid resource type a::ssh_keys::add_to_ssh_authorized_keys at > /etc/puppet/modules/a/manifests/ssh_keys/:7" > > > "Invalid resource type" for a defined type, supposing that it's not altogether a red herring, means that Puppet does not recognize the type as a native one (which it isn't), and cannot find a definition for that name. There are a few alternatives for why it might not find the definition, among them - The definition does not appear in the file the autoloader expects to find it in. You report, however, that it does appear in the correct file. - The definition is not declared with the expected name. The definition should use the correct fully-qualified name, as indeed you show it to do. If there were some mixup, however -- say the file defined censhare::... when it should have declared a::... -- then you would probably get an error such as you report. - The Puppet master cannot read the file, or perhaps cannot read some directory in the path to it. Unlike the Puppet agent, the master can and normally does run as an unprivileged user, often named "puppet". If file permissions, ownership, SELinux context, ACLs, or some other access control mechanism prevents the Puppet master process from reading the file, then you might get an error such as you describe. - As a special case, it is conceivable (though unlikely) that UTF-8 encoded file names containing characters above U+00FF might cause trouble if they appear in the same directory as the definition's file. - The contents of the file containing the definition are not parsed successfully. I would actually expect a more localized error in this case, but if for some reason none was emitted then the error you report would be a likely fallback outcome. You can test this by running "puppet parser validate " on the file containing the definition. If the problem is not one of the above then I'm stumped. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5f3f7e9d-ca6e-4575-a1fc-d20d53cb89a0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] managing puppet module dependencies
with maven, you can tell that a project requires a list of artifacts and their versions. those dependencies in turn have other dependencies. maven takes care of managing all this. for instance, maven can find out if two of your dependencies requires a conflicting version of another dependency. is there a similar thing in puppet? i've read about https://github.com/rodjek/librarian-puppet but it seems that you need to define yourself the direct dependencies and recursive dependencies. and you cannot query about conflicting version dependencies. is that correct? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/95597d95-0b8a-4173-8f02-20fcc84850f5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: scope question
On Sunday, November 17, 2013 6:50:03 PM UTC-6, jc.listmail wrote: > > I have a parent class, a child class, and a defined type, like so: > > *init.pp*: > class parent { > create_resources(parent::versions, hiera('versions')) > ... > } > > *versions.pp:* > define parent::versions($version) { > } > > *child.pp*: > class parent::child { > include parent > > notify{ "${version}": } > } > > (I'm omitting the hiera definition since I don't think it relates to the > issue). > > Basically, I'm trying to figure out how to access variables from a child > class, that have been defined in the parent via create_resources. > > You cannot by any means access parameters of declared resources from outside those resources, regardless of the mechanism by which those resources are declared. You can, however, access *class variables* from anywhere, provided that the class has been declared. Simply use the variable's fully-qualified name, such as $parent::version. > According to the documentation I read, I think this can be done: > > Variables and defaults declared in a local scope are only available in *that > scope and its children* > > That statement appears to come from this doc: http://docs.puppetlabs.com/puppet/3/reference/lang_scope.html. I suggest you read the whole thing, but the bottom line for this case is that the only child scopes of class body local scopes are the bodies of other classes that inherit from it. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/009772b9-cf5c-4564-b8ad-1e5c881af60c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] managing puppet module dependencies
On Mon, Nov 18, 2013 at 8:39 AM, David Portabella < david.portabe...@gmail.com> wrote: > with maven, you can tell that a project requires a list of artifacts and > their versions. > those dependencies in turn have other dependencies. > maven takes care of managing all this. > for instance, maven can find out if two of your dependencies requires a > conflicting version of another dependency. > Hi David, With the Puppet Forge, module authors are expected to express dependencies on other modules via their module metadata. The logistics for this are documented here: http://docs.puppetlabs.com/puppet/latest/reference/modules_publishing.html#dependencies-in-the-modulefile > > > is there a similar thing in puppet? > > > i've read about https://github.com/rodjek/librarian-puppet > but it seems that you need to define yourself the direct dependencies and > recursive dependencies. > and you cannot query about conflicting version dependencies. > is that correct? > Tools like the built-in Puppet Module Tool and librarian-puppet use that dependency metadata during installation to ensure that you have everything you need to use the module. The module tool will do its best to prevent conflicts during install and will show you what conflicts currently exist in your modulepath when you run `puppet module list`. It does not provide the ability to determine version conflicts before installing. -- Ryan Coleman | Modules & Forge | ryanycoleman on twitter & #puppet IRC -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFkZv1uuvj5JnW6cZERtjFGJvoSqC-kJVcmbuPj%3DqccechJHZQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Is it possible to evaluate a string as a parameter name?
Hi, I'm looking to combine a couple of fact names with the value of a class parameter to create and lookup the resulting fact's value. Is that possible? For example, my class will take the parameter "my_default_nic" from beyond. So I know that as long as $my_default_nic exists on the client, then so will facts like macaddress_, netmask_, and ipaddress_. So I'm looking for a way to formulate those fact names and evaluate the result... Is this at all possible? Thanks for your thoughts! $my_default_nic = 'eth1' > $ip_method = 'static' > $my_ip = ???### <- should end up looking > like the value of $::ipaddress_eth1 with out hardcoding eth1 > $my_netmask = ? ### <- > > case $ip_method { > 'static': { > network::static { $my_default_nic: > ensure => up, > ipaddress => $my_ip, > netmask => $my_netmask, > } > } > /(?i:dhcp|dynamic)': { > network::dynamic { $my_default_nic: > ensure => up, > } > } > default: { > network::dynamic { $my_default_nic: > ensure => down, >} > } > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: file resource calling a 'define'd exec syntax?
On Sunday, November 17, 2013 2:33:54 PM UTC-6, dkoleary wrote: > > Hi; > > This one should be easy; but, so far, it's eluding me. > > I would like to configure ssh to use a different directory for authorized > keys files. I have the file resource which that works on its own. I want > the file resource to call the exec to set the selinux type on the directory > when needed. > That is not the Puppet way. You seem to be approaching Puppet as if it were a script engine. It is not. One resource does not call another; in fact no resource, not even one of defined type, is "called" by anything. Your manifests simply describe the target state you want Puppet to enforce. Where one aspect of the target state depends on another, your manifests may also direct the agent to synchronize some resources before others. Whatever the state you describe, however, Puppet figures out most of the details of what to do on its own. Moreover, I suspect you are confusing Puppet defined types with macros. Puppet DSL does not have a macro facility. The "define" keyword introduces a user-defined *resource type*, with substantially the same usage rules as any of the built-in resource types. > Here's what I have: > [...] > > file { $ssh::params::ssh_rootkeys: > ensure => present, > owner=> root, > group=> sys, > mode => '0750', > source => 'puppet:///modules/ssh/authorized_keys.root', > sshdir_selinux { }, > Right there is the syntax error Puppet is complaining about. A resource declaration's parameter list may contain only parameters. Even if you could declare another resource there, your syntax is incorrect for that, too, because it is missing a resource title. As Neil suggested, do look into the SELinux support built directly into the File type. Puppet splits the context information across several parameters (selrole, etc.), and it will probably be much easier and more consistent to use those than to set up an Exec to modify the context after the fact. It will likely be a lot faster, too, when the file already exists with the correct context. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3811c406-3693-40e2-8030-4f816bdf37ba%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Is it possible to evaluate a string as a parameter name?
On Monday, November 18, 2013 10:50:44 AM UTC-6, smalderma wrote: > > Hi, > I'm looking to combine a couple of fact names with the value of a class > parameter to create and lookup the resulting fact's value. Is that > possible? For example, my class will take the parameter "my_default_nic" > from beyond. So I know that as long as $my_default_nic exists on the > client, then so will facts like macaddress_, netmask_, and > ipaddress_. So I'm looking for a way to formulate those fact names > and evaluate the result... > > Is this at all possible? Thanks for your thoughts! > Something along these lines ought to do the trick: $my_interface = 'eth1' $my_ip = inline_template("<%= scope.lookupvar('::ipaddress_${my_interface}') %>") John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2a44bf90-9c37-4dcf-b905-959e0147954b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Enterprise support for Puppet
Anyone ? On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote: > > Wondering if all of you guys are getting the enterprise support. > Also, if PuppetLabs the only company providing this kind of support or do > you have anyone else giving the support > > Thanks > > Harshit > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/be741546-ff9d-4e2e-9b55-4514f708d62b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to evaluate a string as a parameter name?
Here is what I did along the same lines: I made a custom fact that makes a fact of all user home directories: modules/users/lib/facter/user_home.rb require 'etc' Etc.passwd { |user| Facter.add("home_#{user.name}") do setcode do user.dir end end } Then, in a dot-pp file, I did this: $home_fact = "home_${user_name}" $homedir = inline_template("<%= scope.lookupvar('::${home_fact}') %>") Going with this, you should be able to pass in your NIC label and then : $my_ip_setup = "ipaddress_${my_default_nic}" $my_ip = inline_template("<%= scope.lookupvar('::${ my_ip_setup }') %>") Hope this works for you. Let us all know, please. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "smalderma" To: puppet-users@googlegroups.com Sent: Monday, November 18, 2013 11:50:44 AM Subject: [Puppet Users] Is it possible to evaluate a string as a parameter name? Hi, I'm looking to combine a couple of fact names with the value of a class parameter to create and lookup the resulting fact's value. Is that possible? For example, my class will take the parameter "my_default_nic" from beyond. So I know that as long as $my_default_nic exists on the client, then so will facts like macaddress_, netmask_, and ipaddress_. So I'm looking for a way to formulate those fact names and evaluate the result... Is this at all possible? Thanks for your thoughts! $my_default_nic = 'eth1' $ip_method = 'static' $my_ip = ??? ### <- should end up looking like the value of $::ipaddress_eth1 with out hardcoding eth1 $my_netmask = ? ### <- case $ip_method { 'static': { network::static { $my_default_nic: ensure => up, ipaddress => $my_ip, netmask => $my_netmask, } } /(?i:dhcp|dynamic)': { network::dynamic { $my_default_nic: ensure => up, } } default: { network::dynamic { $my_default_nic: ensure => down, } } -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/546661769.4605406.1384797032378.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Is it possible to evaluate a string as a parameter name?
Thanks guys! That was simpler than I thought. I had not had an reason to dive into an inline template before, so it was a feature that I've read about, but not leveraged. I ended up applying John's method of using an inline template for the ip, mac, and netmask. The inline template seems to do the trick! On Monday, November 18, 2013 12:50:32 PM UTC-5, Ygor wrote: > > Here is what I did along the same lines: > > I made a custom fact that makes a fact of all user home directories: > > modules/users/lib/facter/user_home.rb > require 'etc' > > Etc.passwd { |user| > > Facter.add("home_#{user.name}") do > setcode do > user.dir > end > end > > } > > Then, in a dot-pp file, I did this: > > $home_fact = "home_${user_name}" > $homedir = inline_template("<%= scope.lookupvar('::${home_fact}') %>") > > Going with this, you should be able to pass in your NIC label and then : > > $my_ip_setup = "ipaddress_${my_default_nic}" > $my_ip = inline_template("<%= scope.lookupvar('::${my_ip_setup}') %>") > > Hope this works for you. Let us all know, please. > > “Sometimes I think the surest sign that intelligent life exists elsewhere > in the universe is that none of it has tried to contact us.” > Bill Waterson (Calvin & Hobbes) > > -- > *From: *"smalderma" > > *To: *puppet...@googlegroups.com > *Sent: *Monday, November 18, 2013 11:50:44 AM > *Subject: *[Puppet Users] Is it possible to evaluate a string as a > parameter name? > > Hi, > I'm looking to combine a couple of fact names with the value of a class > parameter to create and lookup the resulting fact's value. Is that > possible? For example, my class will take the parameter "my_default_nic" > from beyond. So I know that as long as $my_default_nic exists on the > client, then so will facts like macaddress_, netmask_, and > ipaddress_. So I'm looking for a way to formulate those fact names > and evaluate the result... > > Is this at all possible? Thanks for your thoughts! > > $my_default_nic = 'eth1' >> $ip_method = 'static' >> $my_ip = ???### <- should end up >> looking like the value of $::ipaddress_eth1 with out hardcoding eth1 >> $my_netmask = ? ### <- >> >> case $ip_method { >> 'static': { >> network::static { $my_default_nic: >> ensure => up, >> ipaddress => $my_ip, >> netmask => $my_netmask, >> } >> } >> /(?i:dhcp|dynamic)': { >> network::dynamic { $my_default_nic: >> ensure => up, >> } >> } >> default: { >> network::dynamic { $my_default_nic: >> ensure => down, >>} >> } >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users...@googlegroups.com . > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/fc39aa90-27f9-44dc-b478-3a288ff2%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ed82b03a-659c-48b5-a6b0-d92f093b100c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] group type
Hi. Created: class mumble { : random stuff : } class mumble:grouper inherits mumble { group { "somegroup": name => 'somegroup', members => 'user1,user2,user3', ensure => present, gid => 123, } } After a time, mumble:grouper ran, before I added user2, and user3 and /etc/group shows: somegroup:x:500: but it doesn't show what it should show which is: somegroup:x:500:user1,user2,user3 I verified that user1/2/3 all exist in /etc/passwd. My question is, why isn't Puppet making the right memberships? Do I misunderstand member? Stuart -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Enterprise support for Puppet
Harshit, Seems like it would be very ripe for an external consultancy business, frankly. Stuart On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote: > Wondering if all of you guys are getting the enterprise support. > Also, if PuppetLabs the only company providing this kind of support or do > you have anyone else giving the support > > Thanks > > Harshit > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e5ee6dd2-bf4d-432f-9b9d-b973602105b1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] dashboard
Hi, I spent a lot of time with Puppet Enterprise and like it. Lately, I've been doing Open Source Puppet. The question has come up: does OSP have any kind of web-facing methodology for applying one or more patterns against swaths of instances? Do tell me we don't have to roll our own with cli going to a web front-end we have to design. Stuart -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/00e76a1b-9b18-4fb8-bc06-da6095f71cb9%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Stuart, In the type reference, the members property states that it requires the 'manages members' feature (http://docs.puppetlabs.com/references/latest/type.html#group-provider-features), which is available in the aix, directory service, pw and windows_adsi providers, but not the ldap or groupadd providers. Which provider is being used for your group resource? On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft wrote: > Hi. > > Created: > > class mumble { > : > random stuff > : > } > > class mumble:grouper inherits mumble { > group { "somegroup": > name => 'somegroup', > members => 'user1,user2,user3', > ensure => present, > gid => 123, > } > } > > After a time, mumble:grouper ran, before I added > user2, and user3 and /etc/group shows: > > somegroup:x:500: > > but it doesn't show what it should show which is: > > somegroup:x:500:user1,user2,user3 > > I verified that user1/2/3 all exist in /etc/passwd. > > My question is, why isn't Puppet making the right memberships? > > Do I misunderstand member? > > Stuart > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAf5W8fsY%2BSzGQA7GH0dgsnjGdiP7Pk1H%2BySTBO%2BJWHJqA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Just local password file and group files mostly. But some ldap. On Monday, November 18, 2013 11:34:50 AM UTC-8, Matthaus Litteken wrote: > Stuart, > In the type reference, the members property states that it requires > the 'manages members' feature > ( > http://docs.puppetlabs.com/references/latest/type.html#group-provider-features), > > > which is available in the aix, directory service, pw and windows_adsi > providers, but not the ldap or groupadd providers. Which provider is > being used for your group resource? > > On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft > > > wrote: > > Hi. > > > > Created: > > > > class mumble { > > : > > random stuff > > : > > } > > > > class mumble:grouper inherits mumble { > > group { "somegroup": > > name => 'somegroup', > > members => 'user1,user2,user3', > > ensure => present, > > gid => 123, > > } > > } > > > > After a time, mumble:grouper ran, before I added > > user2, and user3 and /etc/group shows: > > > > somegroup:x:500: > > > > but it doesn't show what it should show which is: > > > > somegroup:x:500:user1,user2,user3 > > > > I verified that user1/2/3 all exist in /etc/passwd. > > > > My question is, why isn't Puppet making the right memberships? > > > > Do I misunderstand member? > > > > Stuart > > > > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to puppet-users...@googlegroups.com . > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com. > > > > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > Matthaus Owens > Release Manager, Puppet Labs > > Join us at PuppetConf 2014, September 23-24 in San Francisco > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c5535875-e7a5-47cf-8113-96b2ee6e1334%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Stuart, Unfortunately, that doesn't tell us which provider is being used. A run with --debug should show which providers are being used. In a test run using the debug flag on a centos 6 box using the group resource you provided, I got output which included: 'Debug: /Group[somegroup]: Provider groupadd does not support features manages_members; not managing attribute members'. If you post the result of running: puppet apply --debug --exec "group { "somegroup": name => 'somegroup', members => 'user1,user2,user3', ensure => present, gid => 123, }" that would help determine which group provider is being used and why member management isn't being applied. On Mon, Nov 18, 2013 at 11:37 AM, Stuart Cracraft wrote: > > Just local password file and group files mostly. But some ldap. > > On Monday, November 18, 2013 11:34:50 AM UTC-8, Matthaus Litteken wrote: >> >> Stuart, >> In the type reference, the members property states that it requires >> the 'manages members' feature >> >> (http://docs.puppetlabs.com/references/latest/type.html#group-provider-features), >> which is available in the aix, directory service, pw and windows_adsi >> providers, but not the ldap or groupadd providers. Which provider is >> being used for your group resource? >> >> On Mon, Nov 18, 2013 at 11:15 AM, Stuart Cracraft >> wrote: >> > Hi. >> > >> > Created: >> > >> > class mumble { >> > : >> > random stuff >> > : >> > } >> > >> > class mumble:grouper inherits mumble { >> > group { "somegroup": >> > name => 'somegroup', >> > members => 'user1,user2,user3', >> > ensure => present, >> > gid => 123, >> > } >> > } >> > >> > After a time, mumble:grouper ran, before I added >> > user2, and user3 and /etc/group shows: >> > >> > somegroup:x:500: >> > >> > but it doesn't show what it should show which is: >> > >> > somegroup:x:500:user1,user2,user3 >> > >> > I verified that user1/2/3 all exist in /etc/passwd. >> > >> > My question is, why isn't Puppet making the right memberships? >> > >> > Do I misunderstand member? >> > >> > Stuart >> > >> > >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Puppet Users" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to puppet-users...@googlegroups.com. >> > To view this discussion on the web visit >> > >> > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> >> >> -- >> Matthaus Owens >> Release Manager, Puppet Labs >> >> Join us at PuppetConf 2014, September 23-24 in San Francisco > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/c5535875-e7a5-47cf-8113-96b2ee6e1334%40googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. -- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACD%3DwAeyoL6Hpfc%3DoJTC9m9%3DEE_DhDaafRCyoQ8HBBP9rDW62w%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Can't find a supported method of using storeconfigs on AWS
On Oct 18, 2013, at 7:30 AM, Daniel Friesen wrote: > I can't seem to find a sane way of running storeconfigs on the new AWS server > environment I'm working on. > > SQLite is not an option. It becomes unusable far too quickly. > Using a mysql adapter doesn't seem to work properly. > I quickly run into bug #9290 again and again. Which after 2 years STILL > hasn't been fixed. > The top of this seems to imply that these ActiveRecord storeconfigs adapters > are being deprecated. > The recommendation seems to be to use PuppetDB however from the looks of it, > I can't even use PuppetDB. > I'm not going to use the embedded DB and fall right back into the trap with > SQLite again. > PuppetDB only appears to support PostgreSQL and does not support MySQL. > I already have a MySQL database in AWS' RDS I would like to use. And RDS does > not support PostgreSQL. This thread is a month old, but I thought I'd mention that Amazon now supports PostgreSQL for RDS, and a number of folks have already started using it for PuppetDB: http://aws.amazon.com/rds/postgresql/ > And I am NOT going to go right back to going and installing a separate > database server on the local node. That kind of thing has given me problem > after problem. > Please tell me I'm missing something and there's a way I can get this to work > in this AWS environment. Cause otherwise the idea of puppet running any type > of server at all – rather than simply working as a local filesystem `puppet > apply` – looks so unreliable (as I've also had some issues with the > puppetmaster) that I should just dump every bit of server/client software > puppetlabs has and write my own custom way of distributing configs and data. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/E2F0D574-949C-42AB-9B7D-B35299BE3164%40puppetlabs.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Enterprise support for Puppet
Stuart, Yeah, looks like a good biz opportunity for sure. Thanks Deepak On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote: > > > Harshit, > > Seems like it would be very ripe for an external consultancy business, > frankly. > > Stuart > > On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote: > >> Wondering if all of you guys are getting the enterprise support. >> Also, if PuppetLabs the only company providing this kind of support or do >> you have anyone else giving the support >> >> Thanks >> >> Harshit >> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Help with configuring Puppet Proxies using Apache
Hi All, I have an environment with multiple network environments separated by firewalls. I would like to proxy Puppet traffic from these network environments to a central Puppet master server. I've had a great experience with Puppet overall, though it has been rather trying to find documentation on the subject of proxying puppet traffic. Can anyone point me in the right direction for how to approach this? I'm assuming I would do this with Apache but I'm open to other methods as well. Any help is appreciated. Regards, Karl -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eae488a2-e7f7-4d60-935f-7c0fbd182050%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Problem with Passenger
Hi. I am running puppet with puppet version 3.3.2-1, apache 2.2.22-1ubuntu1.4 and passenger module 2.2.11debian-2. I having problem with passenger module, i create the config file /usr/share/puppet/rack/puppetmasterd/config.ru but the process master the puppet is not running . For what seems apache is not recognizing the file config.ru Example in other machine running puppet version 2.6 i have the result in ps -aux : puppet 16874 *** * *S18:24 0:00 master My config.ru : ARGV << "--debug" ARGV << "--rack" # Rack applications typically don't start as root. Set --confdir and --vardir # to prevent reading configuration from ~puppet/.puppet/puppet.conf and writing # to ~puppet/.puppet ARGV << "--trace" ARGV << "--vardir" << "/var/lib/puppet" ARGV << "--config" << "/etc/puppet/puppet.conf" require 'puppet/util/command_line' # we're usually running inside a Rack::Builder.new {} block, # therefore we need to call run *here*. run Puppet::Util::CommandLine.new.execute #run Puppet::Application[:master].run Permissions: -rwxr-xr-x 1 puppet puppet 1618 Nov 18 17:31 /usr/share/puppet/rack/puppetmasterd/config.ru Someone help me? Regards, Marcelo Frota -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/74651585-ad76-4e3b-bc91-3624f658b792%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Here it is: [root@ca-sna-pm01 manifests]# puppet apply --debug --exec " group { "bb": name => 'bb', ensure => present, gid => 500, members => 'bb,mtg', } " > > > > > > [0;36mDebug: Puppet::Type::Group::ProviderLdap: true value when expecting false[0m [0;36mDebug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist[0m [0;36mDebug: Puppet::Type::Group::ProviderPw: file pw does not exist[0m [0;36mDebug: /Group[bb]: Provider groupadd does not support features manages_members; not managing attribute members[0m [0;36mDebug: /Group[bb]: Provider groupadd does not support features libuser; not managing attribute forcelocal[0m [0;36mDebug: Creating default schedules[0m [0;36mDebug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet"}'[0m [0;36mDebug: Using settings: adding file resource 'client_datadir': 'File[/var/lib/puppet/client_data]{:links=>:follow, :ensure=>:directory, :backup=>false, :mode=>"750", :loglevel=>:debug, :path=>"/var/lib/puppet/client_data"}'[0m [0;36mDebug: Puppet::Type::User::ProviderLdap: true value when expecting false[0m [0;36mDebug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport does not exist[0m [0;36mDebug: Puppet::Type::User::ProviderPw: file pw does not exist[0m [0;36mDebug: Puppet::Type::User::ProviderUser_role_add: file roledel does not exist[0m [0;36mDebug: /User[puppet]: Provider useradd does not support features libuser; not managing attribute forcelocal[0m [0;36mDebug: Using settings: adding file resource 'hostpubkey': 'File[/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem"}'[0m [0;36mDebug: Using settings: adding file resource 'rundir': 'File[/var/run/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false, :mode=>"755", :loglevel=>:debug, :path=>"/var/run/puppet"}'[0m [0;36mDebug: Using settings: adding file resource 'libdir': 'File[/var/lib/puppet/lib]{:links=>:follow, :ensure=>:directory, :backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet/lib"}'[0m [0;36mDebug: Using settings: adding file resource 'publickeydir': 'File[/var/lib/puppet/ssl/public_keys]{:links=>:follow, :ensure=>:directory, :backup=>false, :owner=>"puppet", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/public_keys"}'[0m [0;36mDebug: Using settings: adding file resource 'privatedir': 'File[/var/lib/puppet/ssl/private]{:links=>:follow, :ensure=>:directory, :backup=>false, :owner=>"puppet", :mode=>"750", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/private"}'[0m [0;36mDebug: /Group[puppet]: Provider groupadd does not support features libuser; not managing attribute forcelocal[0m [0;36mDebug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:links=>:follow, :group=>"puppet", :ensure=>:directory, :backup=>false, :owner=>"puppet", :mode=>"750", :loglevel=>:debug, :path=>"/var/log/puppet"}'[0m [0;36mDebug: Using settings: adding file resource 'statefile': 'File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file, :backup=>false, :mode=>"660", :loglevel=>:debug, :path=>"/var/lib/puppet/state/state.yaml"}'[0m [0;36mDebug: Using settings: adding file resource 'hostcert': 'File[/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem"}'[0m [0;36mDebug: Using settings: adding file resource 'clientbucketdir': 'File[/var/lib/puppet/clientbucket]{:links=>:follow, :ensure=>:directory, :backup=>false, :mode=>"750", :loglevel=>:debug, :path=>"/var/lib/puppet/clientbucket"}'[0m [0;36mDebug: Using settings: adding file resource 'localcacert': 'File[/var/lib/puppet/ssl/certs/ca.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/certs/ca.pem"}'[0m [0;36mDebug: Using settings: adding file resource 'hostcrl': 'File[/var/lib/puppet/ssl/crl.pem]{:links=>:follow, :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/crl.pem"}'[0m [0;36mDebug: Using settings: adding file resource 'lastrunfile': 'File[/var/lib/puppet/state/last_run_summary.yaml]{:links=>:follow, :ensure=>:file, :backup=>false, :mode=>"644", :loglevel=>:debug, :path=>"/var/lib/puppet/state/last_run_summary.yaml"}'[0m [0;36mDebug: Using settings: adding file resource 'certdir': 'File[/var/lib/puppet/ssl/certs]{:links=>:follow, :ensure=>:directory, :backup=>false, :owner=>"puppet", :loglevel=>:debug, :path=>"/var/lib/puppet/ssl/certs"}'[0m
Re: [Puppet Users] group type
Stuart, Your run also has "[0;36mDebug: /Group[bb]: Provider groupadd does not support features manages_members; not managing attribute members", which indicates the groupadd provider is being used. The groupadd provider does not support the members property. If your end goal is to have those users be members of the group, using the groups property of the user resource will do what you want (http://docs.puppetlabs.com/references/latest/type.html#user-attribute-groups) Something like: group { "somegroup": name => 'somegroup', ensure => present, gid => 123, } user { ["user1","user2","user3"]: groups => "somegroup", ensure => present, require => Group["somegroup"], } Would probably work (and worked for me in a local test run). On Mon, Nov 18, 2013 at 1:07 PM, Stuart Cracraft wrote: > Here it is: > > > [root@ca-sna-pm01 manifests]# puppet apply --debug --exec " group { "bb": > > name => 'bb', > > ensure => present, > > gid => 500, > > members => 'bb,mtg', > > } > > " > >> > > > > > > > [0;36mDebug: Puppet::Type::Group::ProviderLdap: true value when expecting > false[0m > > [0;36mDebug: Puppet::Type::Group::ProviderDirectoryservice: file > /usr/bin/dscl does not exist[0m > > [0;36mDebug: Puppet::Type::Group::ProviderPw: file pw does not exist[0m > > [0;36mDebug: /Group[bb]: Provider groupadd does not support features > manages_members; not managing attribute members[0m > > [0;36mDebug: /Group[bb]: Provider groupadd does not support features > libuser; not managing attribute forcelocal[0m > > [0;36mDebug: Creating default schedules[0m > > [0;36mDebug: Using settings: adding file resource 'vardir': > 'File[/var/lib/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false, > :loglevel=>:debug, :path=>"/var/lib/puppet"}'[0m > > [0;36mDebug: Using settings: adding file resource 'client_datadir': > 'File[/var/lib/puppet/client_data]{:links=>:follow, :ensure=>:directory, > :backup=>false, :mode=>"750", :loglevel=>:debug, > :path=>"/var/lib/puppet/client_data"}'[0m > > > > [0;36mDebug: Puppet::Type::User::ProviderLdap: true value when expecting > false[0m > > [0;36mDebug: Puppet::Type::User::ProviderDirectoryservice: file > /usr/bin/dsimport does not exist[0m > > [0;36mDebug: Puppet::Type::User::ProviderPw: file pw does not exist[0m > > [0;36mDebug: Puppet::Type::User::ProviderUser_role_add: file roledel does > not exist[0m > > [0;36mDebug: /User[puppet]: Provider useradd does not support features > libuser; not managing attribute forcelocal[0m > > [0;36mDebug: Using settings: adding file resource 'hostpubkey': > 'File[/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow, > :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", > :loglevel=>:debug, > :path=>"/var/lib/puppet/ssl/public_keys/ca-sna-pm01.mercurytechnology.com.pem"}'[0m > > [0;36mDebug: Using settings: adding file resource 'rundir': > 'File[/var/run/puppet]{:links=>:follow, :ensure=>:directory, :backup=>false, > :mode=>"755", :loglevel=>:debug, :path=>"/var/run/puppet"}'[0m > > [0;36mDebug: Using settings: adding file resource 'libdir': > 'File[/var/lib/puppet/lib]{:links=>:follow, :ensure=>:directory, > :backup=>false, :loglevel=>:debug, :path=>"/var/lib/puppet/lib"}'[0m > > [0;36mDebug: Using settings: adding file resource 'publickeydir': > 'File[/var/lib/puppet/ssl/public_keys]{:links=>:follow, :ensure=>:directory, > :backup=>false, :owner=>"puppet", :loglevel=>:debug, > :path=>"/var/lib/puppet/ssl/public_keys"}'[0m > > [0;36mDebug: Using settings: adding file resource 'privatedir': > 'File[/var/lib/puppet/ssl/private]{:links=>:follow, :ensure=>:directory, > :backup=>false, :owner=>"puppet", :mode=>"750", :loglevel=>:debug, > :path=>"/var/lib/puppet/ssl/private"}'[0m > > [0;36mDebug: /Group[puppet]: Provider groupadd does not support features > libuser; not managing attribute forcelocal[0m > > [0;36mDebug: Using settings: adding file resource 'logdir': > 'File[/var/log/puppet]{:links=>:follow, :group=>"puppet", > :ensure=>:directory, :backup=>false, :owner=>"puppet", :mode=>"750", > :loglevel=>:debug, :path=>"/var/log/puppet"}'[0m > > [0;36mDebug: Using settings: adding file resource 'statefile': > 'File[/var/lib/puppet/state/state.yaml]{:links=>:follow, :ensure=>:file, > :backup=>false, :mode=>"660", :loglevel=>:debug, > :path=>"/var/lib/puppet/state/state.yaml"}'[0m > > [0;36mDebug: Using settings: adding file resource 'hostcert': > 'File[/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem]{:links=>:follow, > :ensure=>:file, :backup=>false, :owner=>"puppet", :mode=>"644", > :loglevel=>:debug, > :path=>"/var/lib/puppet/ssl/certs/ca-sna-pm01.mercurytechnology.com.pem"}'[0m > > [0;36mDebug: Using settings: adding file resource 'clientbucketdir': > 'File[/var/lib/puppet/clientbucket]{:links=>:follow, :ensure=>:directory, > :backup=>false, :mode=>"750", :loglevel=>:debug, > :path=>"/var/lib/puppet/clientbucket"}'[0m > > [0;36mDebug: Us
[Puppet Users] Re: Help with configuring Puppet Proxies using Apache
This is how I do it here https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/templates/etc/apache2/sites-available/puppetmaster_balancer.erb https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/files/etc/apache2/sites-available/puppetmaster_ca https://github.com/fsalum/vagrant-puppet/blob/master/puppetmaster/files/etc/apache2/sites-available/puppetmaster_worker Felipe On Monday, November 18, 2013 12:38:41 PM UTC-8, kschafer2598 wrote: > > Hi All, > > I have an environment with multiple network environments separated by > firewalls. I would like to proxy Puppet traffic from these network > environments to a central Puppet master server. > > I've had a great experience with Puppet overall, though it has been rather > trying to find documentation on the subject of proxying puppet traffic. > > Can anyone point me in the right direction for how to approach this? I'm > assuming I would do this with Apache but I'm open to other methods as well. > > Any help is appreciated. > > Regards, > > Karl > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3c29abf0-7934-4450-8d4c-def27eec7e9c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Enterprise support for Puppet
We've been using the open source Puppet for a while but we're going to switch over to PE. >From what I understand, their top level of support is pretty extensive, like they will actually look at manifests and tell you why your code isn't working (so I've heard). We had them out for a professional services engagement to help with our setup of the open source version too. Given the choice between them and a third party for support, I'd definitely choose them. From my experience their employees are very skilled, and they also have the advantage of having the actual programmers there in their office. I went there for a few days to do their Puppet Fundamentals training and it was very impressive. They have a great team. Rich On Monday, November 18, 2013, harshit wrote: > Stuart, > Yeah, looks like a good biz opportunity for sure. > Thanks > Deepak > > > On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote: >> >> >> Harshit, >> >> Seems like it would be very ripe for an external consultancy business, >> frankly. >> >> Stuart >> >> On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote: >> >>> Wondering if all of you guys are getting the enterprise support. >>> Also, if PuppetLabs the only company providing this kind of support or >>> do you have anyone else giving the support >>> >>> Thanks >>> >>> Harshit >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtCZ5O_NaGAAnTJ3jzR4zfbHpL%3DAFwsPYxBRaQNYKj1QLg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Enterprise support for Puppet
I'm going to PF tomorrow in LA. Anyone else from these forums going? On Monday, November 18, 2013 3:43:47 PM UTC-8, Rich Burroughs wrote: > We've been using the open source Puppet for a while but we're going to > switch over to PE. > > From what I understand, their top level of support is pretty extensive, > like they will actually look at manifests and tell you why your code isn't > working (so I've heard). We had them out for a professional services > engagement to help with our setup of the open source version too. > > Given the choice between them and a third party for support, I'd > definitely choose them. From my experience their employees are very > skilled, and they also have the advantage of having the actual programmers > there in their office. > > I went there for a few days to do their Puppet Fundamentals training and > it was very impressive. They have a great team. > > > Rich > > On Monday, November 18, 2013, harshit wrote: > >> Stuart, >> Yeah, looks like a good biz opportunity for sure. >> Thanks >> Deepak >> >> >> On Monday, November 18, 2013 11:16:35 AM UTC-8, Stuart Cracraft wrote: >>> >>> >>> Harshit, >>> >>> Seems like it would be very ripe for an external consultancy business, >>> frankly. >>> >>> Stuart >>> >>> On Thursday, November 14, 2013 8:54:44 AM UTC-8, harshit wrote: >>> Wondering if all of you guys are getting the enterprise support. Also, if PuppetLabs the only company providing this kind of support or do you have anyone else giving the support Thanks Harshit -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/66685bc8-60ad-4480-8265-10903be5a34b%40googlegroups.com >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a87c1992-4ed4-4eba-8b62-31b27347a25e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
I bet members needs to be an array when you specify more than one value. http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays On Monday, November 18, 2013, Stuart Cracraft wrote: > Hi. > > Created: > > class mumble { > : > random stuff > : > } > > class mumble:grouper inherits mumble { > group { "somegroup": > name => 'somegroup', > members => 'user1,user2,user3', > ensure => present, > gid => 123, > } > } > > After a time, mumble:grouper ran, before I added > user2, and user3 and /etc/group shows: > > somegroup:x:500: > > but it doesn't show what it should show which is: > > somegroup:x:500:user1,user2,user3 > > I verified that user1/2/3 all exist in /etc/passwd. > > My question is, why isn't Puppet making the right memberships? > > Do I misunderstand member? > > Stuart > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtAeK86jXCC-B7wCQsFatyYyGcVK8-9YhQrZZfGLMAb-7A%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Oops my mail client hadn't loaded the replies, it looks like Matthaus has it. But yeah you do also need to use arrays when there are multiple values. Rich On Monday, November 18, 2013, Rich Burroughs wrote: > I bet members needs to be an array when you specify more than one value. > > http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays > > > > > On Monday, November 18, 2013, Stuart Cracraft wrote: > >> Hi. >> >> Created: >> >> class mumble { >> : >> random stuff >> : >> } >> >> class mumble:grouper inherits mumble { >> group { "somegroup": >> name => 'somegroup', >> members => 'user1,user2,user3', >> ensure => present, >> gid => 123, >> } >> } >> >> After a time, mumble:grouper ran, before I added >> user2, and user3 and /etc/group shows: >> >> somegroup:x:500: >> >> but it doesn't show what it should show which is: >> >> somegroup:x:500:user1,user2,user3 >> >> I verified that user1/2/3 all exist in /etc/passwd. >> >> My question is, why isn't Puppet making the right memberships? >> >> Do I misunderstand member? >> >> Stuart >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtDVm6BqgVW02XYJFa69rOhDHm0Qpe3zjopunYUL%2BWY28g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Is there a way to assign the uids in the user {["user1", "user2"]: } expression? On Monday, November 18, 2013 3:47:10 PM UTC-8, Rich Burroughs wrote: > I bet members needs to be an array when you specify more than one value. > > http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays > > > > > On Monday, November 18, 2013, Stuart Cracraft wrote: > >> Hi. >> >> Created: >> >> class mumble { >> : >> random stuff >> : >> } >> >> class mumble:grouper inherits mumble { >> group { "somegroup": >> name => 'somegroup', >> members => 'user1,user2,user3', >> ensure => present, >> gid => 123, >> } >> } >> >> After a time, mumble:grouper ran, before I added >> user2, and user3 and /etc/group shows: >> >> somegroup:x:500: >> >> but it doesn't show what it should show which is: >> >> somegroup:x:500:user1,user2,user3 >> >> I verified that user1/2/3 all exist in /etc/passwd. >> >> My question is, why isn't Puppet making the right memberships? >> >> Do I misunderstand member? >> >> Stuart >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6b1c2004-54bd-4ea1-bd5b-513a94447caf%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] ports, protocols, and directionality
Hi, For Open Source Puppet to be permitted on my network, I need to know which ports, which protocols, and which direction for the firewall. Assume two nodes: the puppet master and the puppet agent. Please advise and, preferably point me at a URL at Puppet Labs. All I could find was this: http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node Stuart -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ports, protocols, and directionality
Its right there on the page you linked to: " Open Firewall Ports On Server and Agent Node In order for the puppet master server to centrally manage agent nodes, you may need to open port 8140 for incoming tcp connections on the puppet master. Consult your firewall documentation for more details. " so, port 8140/tcp, its http(s), and thats agent to master. On Mon, Nov 18, 2013 at 7:45 PM, Stuart Cracraft wrote: > Hi, > > For Open Source Puppet to be permitted on my network, I > need to know which ports, which protocols, and which direction > for the firewall. > > Assume two nodes: the puppet master and the puppet agent. > > Please advise and, preferably point me at a URL at Puppet Labs. > > All I could find was this: > > > http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node > > Stuart > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- Matthew Nicholson -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkZj2sU6kkAHNQJ46LLgButrs-Hb2w06KtjNedugTS3hGA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] aws ec2 windows node_aws bootstrap
I have PE with 10 licenses free & no support contract (yet - just playing). "Notice: Waiting for SSH response..." tells me what I knew anyway: puppet node_aws bootstrap won't work with Windows machines - or am i doing something wrong. Can anyone confirm my thoughts? I've googled it & it seems many have gone down the bodging a solution track, for example one guy found that an ec2 windows instance will run a vb script that can be used to go get the puppet agent and install it. That same vbscript could probably tell puppet where it's master is & kick off the certificate signing process too. I know I could create an ami but I was looking to automate a little deeper. Anyone doing same? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/528ACD48.6080105%40marcsnet.com. For more options, visit https://groups.google.com/groups/opt_out. <>
[Puppet Users] Weird situation - exec fails but Puppet 2.7 exits 2
Hello, We are a long time Puppet 2.7 shop (installing latest Puppet 2.7 gems on deployments. In this particular build it picked up Puppet 2.7.23) and just discovered the following: Executing a psql command like: build 12-Nov-2013 04:30:16debug: /Stage[main]/Buildeng_postgres::Service/Service[postgresql]: The container Class[Buildeng_postgres::Service] will propagate my refresh event build 12-Nov-2013 04:30:16debug: Class[Buildeng_postgres::Service]: The container Stage[main] will propagate my refresh event build 12-Nov-2013 04:30:16debug: Exec[create postgres user](provider=posix): Executing 'psql -U postgres -c "ALTER USER postgres WITH PASSWORD 'password';"' build 12-Nov-2013 04:30:16debug: Executing 'psql -U postgres -c "ALTER USER postgres WITH PASSWORD 'password';"' build 12-Nov-2013 04:30:16notice: /Stage[main]/Buildeng_postgres::Post_service/Buildeng_postgres::Create_user[postgres]/Exec[create postgres user]/returns: psql: FATAL: the database system is starting up build 12-Nov-2013 04:30:16err: /Stage[main]/Buildeng_postgres::Post_service/Buildeng_postgres::Create_user[postgres]/Exec[create postgres user]: Failed to call refresh: psql -U postgres -c "ALTER USER postgres WITH PASSWORD 'password';" returned 2 instead of one of [0] at /home/ubuntu/puppet-cfg/buildeng-modules/buildeng_postgres/manifests/create_user.pp:10 The resource which creates this log is: define buildeng_postgres::create_user ($password=undef) { require buildeng_postgres::service exec { 'create postgres user': subscribe => Service['postgresql'], user=> $buildeng_postgres::params::user, command => "psql -U ${buildeng_postgres::params::postgres_user} -c \"ALTER USER ${buildeng_postgres::params::postgres_user} WITH PASSWORD '${buildeng_postgres::params::postgres_password}';\"", refreshonly => true, } } Puppet registers the failure as an error ("2" is not an expected exit code of this Exec resource) but still exits with exit status "2" (with --detailed-exitcode). I know why psql failed but that's besides the point - Puppet should have failed but it didn't. Any idea why? Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3968d231-7a42-45cc-88e0-61bf55e96b4f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] ports, protocols, and directionality
There are more ports, no? > On Nov 18, 2013, at 5:31 PM, Matthew Nicholson > wrote: > > Its right there on the page you linked to: > > " > Open Firewall Ports On Server and Agent Node > In order for the puppet master server to centrally manage agent nodes, you > may need to open port 8140 for incoming tcp connections on the puppet master. > Consult your firewall documentation for more details. > > " > > so, port 8140/tcp, its http(s), and thats agent to master. > > > > > > > >> On Mon, Nov 18, 2013 at 7:45 PM, Stuart Cracraft >> wrote: >> Hi, >> >> For Open Source Puppet to be permitted on my network, I >> need to know which ports, which protocols, and which direction >> for the firewall. >> >> Assume two nodes: the puppet master and the puppet agent. >> >> Please advise and, preferably point me at a URL at Puppet Labs. >> >> All I could find was this: >> >> >> http://docs.puppetlabs.com/guides/setting_up.html#open-firewall-ports-on-server-and-agent-node >> >> Stuart >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/626baa41-0975-4437-a128-3e538b48cc5b%40googlegroups.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > Matthew Nicholson > -- > You received this message because you are subscribed to a topic in the Google > Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/c6bl5sZsSc8/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CA%2BnEbkZj2sU6kkAHNQJ46LLgButrs-Hb2w06KtjNedugTS3hGA%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9CCD1366-A3AB-406E-A35A-E73E9F31452F%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
If you really mean assign, no. UIDs are managed through the user resource type: http://docs.puppetlabs.com/references/latest/type.html#user Rich On Monday, November 18, 2013, Stuart Cracraft wrote: > Is there a way to assign the uids in the user {["user1", "user2"]: } > expression? > > > On Monday, November 18, 2013 3:47:10 PM UTC-8, Rich Burroughs wrote: > >> I bet members needs to be an array when you specify more than one value. >> >> http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays >> >> >> >> >> On Monday, November 18, 2013, Stuart Cracraft wrote: >> >>> Hi. >>> >>> Created: >>> >>> class mumble { >>> : >>> random stuff >>> : >>> } >>> >>> class mumble:grouper inherits mumble { >>> group { "somegroup": >>> name => 'somegroup', >>> members => 'user1,user2,user3', >>> ensure => present, >>> gid => 123, >>> } >>> } >>> >>> After a time, mumble:grouper ran, before I added >>> user2, and user3 and /etc/group shows: >>> >>> somegroup:x:500: >>> >>> but it doesn't show what it should show which is: >>> >>> somegroup:x:500:user1,user2,user3 >>> >>> I verified that user1/2/3 all exist in /etc/passwd. >>> >>> My question is, why isn't Puppet making the right memberships? >>> >>> Do I misunderstand member? >>> >>> Stuart >>> >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to puppet-users+unsubscr...@googlegroups.com. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e% >>> 40googlegroups.com. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com 'cvml', 'puppet-users%2bunsubscr...@googlegroups.com');>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/6b1c2004-54bd-4ea1-bd5b-513a94447caf%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtCADPaop9QazQd3YGbZK%2BtX72OktuHKoyVt4OrbWf-KLg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] group type
Thanks. On Nov 18, 2013, at 8:41 PM, Rich Burroughs wrote: > If you really mean assign, no. UIDs are managed through the user resource > type: > > http://docs.puppetlabs.com/references/latest/type.html#user > > > Rich > > On Monday, November 18, 2013, Stuart Cracraft wrote: > Is there a way to assign the uids in the user {["user1", "user2"]: } > expression? > > > On Monday, November 18, 2013 3:47:10 PM UTC-8, Rich Burroughs wrote: > I bet members needs to be an array when you specify more than one value. > > http://docs.puppetlabs.com/puppet/3/reference/lang_datatypes.html#arrays > > > > > On Monday, November 18, 2013, Stuart Cracraft wrote: > Hi. > > Created: > > class mumble { > : > random stuff > : > } > > class mumble:grouper inherits mumble { > group { "somegroup": > name => 'somegroup', > members => 'user1,user2,user3', > ensure => present, > gid => 123, > } > } > > After a time, mumble:grouper ran, before I added > user2, and user3 and /etc/group shows: > > somegroup:x:500: > > but it doesn't show what it should show which is: > > somegroup:x:500:user1,user2,user3 > > I verified that user1/2/3 all exist in /etc/passwd. > > My question is, why isn't Puppet making the right memberships? > > Do I misunderstand member? > > Stuart > > > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/8585e0e1-5063-47c7-bb8b-5b086df1df1e%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/6b1c2004-54bd-4ea1-bd5b-513a94447caf%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > You received this message because you are subscribed to a topic in the Google > Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/39Qwntp2yrs/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAPGcbtCADPaop9QazQd3YGbZK%2BtX72OktuHKoyVt4OrbWf-KLg%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/37234FFE-4656-4BDA-9DF3-2E2369D31543%40me.com. For more options, visit https://groups.google.com/groups/opt_out.