Re: [Puppet Users] puppetlabs-firewall scope
Hello,
sorry I'm not sure because I'm now used to do a iptables -F just in case
before applying puppet on a new node for the first time.
This is now in my standard provisioning procedure.
After that my fw rules are handled with puppet and I don't have any more
problems.
I think I use some very basic settings :
https://github.com/lofic/puppet-myfirewall/blob/master/manifests/init.pp
And I've simplified it :
https://github.com/lofic/puppet-myfirewall/commit/a291413745fc73ac2d7a1c7e824ed9cb6fecbfa7
But may be you can give another try to the above conf with the exec on
iptables -F
Let me know if it works for you.
Louis Coilliot
2013/11/30
> Hi Louis,
>
> Did you ever find a workaround for this problem? I'm experiencing the same
> thing, where the existing rules are not all purged at once so it causes the
> other resources to time out. This can last for up to 10 minutes so it can
> cause some problems.
>
> Jeff
>
>
> On Sunday, December 9, 2012 7:22:58 AM UTC+11, Lofic wrote:
>
>> Thanks a lot. Indeed, in that way it leaves my untargeted nodes alone.
>> And I feel it's cleaner than putting things in the site.pp.
>>
>> However I still have one little problem : at first application on some fw
>> rules on a node with puppet, the purge of preexisting rules is slow,
>> blocking the network temporarily.
>>
>> Hopefully it comes back after a while.
>>
>> I don't have this annoyance if I 'iptables -F' first.
>>
>> See an example below.
>>
>> I can work with that but if you have a workaround you're welcome.
>>
>> Louis Coilliot
>>
>> Info: Applying configuration version '1354997226'
>> /Firewall[ fe701ab7ca74bd49f13b9f0ab39f3254]/ensure: removed
>> /Firewall[ a627067f779aaa7406fa9062efa4550e]/ensure: removed
>> /Firewall[ 49bcd611c61bdd18b235cea46ef04fae]/ensure: removed
>> Error: /File[nagios.vim]: Could not evaluate: Connection timed out -
>> connect(2) Could not retrieve file metadata for
>> puppet:///modules/nagios/nagios.vim:
>> Connection timed out - connect(2)
>> Error: /File[nagiosvim-install.sh]: Could not evaluate: Connection timed
>> out - connect(2) Could not retrieve file metadata for
>> puppet:///modules/nagios/nagiosvim-install.sh: Connection timed out -
>> connect(2)
>> Error: /File[/etc/vimrc]: Could not evaluate: Connection timed out -
>> connect(2) Could not retrieve file metadata for
>> puppet:///modules/vim/vimrc: Connection timed out - connect(2)
>> /Firewall[ b205c9394b2980936dac53f8b62e38e7]/ensure: removed
>> /Firewall[000 accept all icmp]/ensure: created
>> Info: /Firewall[000 accept all icmp]: Scheduling refresh of
>> Exec[persist-firewall]
>> /Firewall[ d53829245128968bfa101d5214694702]/ensure: removed
>> /Firewall[001 accept all to lo interface]/ensure: created
>> Info: /Firewall[001 accept all to lo interface]: Scheduling refresh of
>> Exec[persist-firewall]
>> /Firewall[002 accept related established rules]/ensure: created
>> Info: /Firewall[002 accept related established rules]: Scheduling refresh
>> of Exec[persist-firewall]
>> /Firewall[003 accept SSH]/ensure: created
>> Info: /Firewall[003 accept SSH]: Scheduling refresh of
>> Exec[persist-firewall]
>> /Firewall[999 drop all on INPUT eventually]/ensure: created
>> Info: /Firewall[999 drop all on INPUT eventually]: Scheduling refresh of
>> Exec[persist-firewall]
>> /Firewall[999 drop all on FORWARD eventually]/ensure: created
>> Info: /Firewall[999 drop all on FORWARD eventually]: Scheduling refresh
>> of Exec[persist-firewall]
>> /Stage[main]/Firewall/Exec[persist-firewall]: Triggered 'refresh' from 6
>> events
>> Finished catalog run in 196.45 seconds
>>
>>
>> Le 07/12/2012 20:34, Shawn Foley a écrit :
>>
>> I created a firewall module. In firewall/manifests/init.pp i have the
>> following.
>>
>> class firewall {
>>
>>## Always persist firewall rules
>> exec { 'persist-firewall':
>> command => '/sbin/iptables-save > /etc/sysconfig/iptables',
>> refreshonly => true,
>> }
>>
>>## These defaults ensure that the persistence command is executed
>> after
>> ## every change to the firewall, and that pre & post classes are run in
>> the
>> ## right order to avoid potentially locking you out of your box during
>> the
>> ## first puppet run.
>> Firewall {
>> notify => Exec['persist-firewall'],
>> before => Class['firewall::post'],
>> require => Class['firewall::pre'],
>> }
>> Firewallchain {
>> notify => Exec['persist-firewall'],
>> }
>>
>>## Purge unmanaged firewall resources
>> ##
>> ## This will clear any existing rules, and make sure that only rules
>> ## defined in puppet exist on the machine
>> resources { 'firewall': purge => true }
>>
>>## include the pre and post modules
>> include firewall::pre
>> include firewall::post
>> }
>>
>> Then you just "include firewall"
>>
>>
>> Shawn Foley
>> 425.281.0182
>>
>>
>> On Tue, Dec 4, 2012 at 12:36 PM, Louis Coilliot wrote:
>>
>>> Hello,
>>>
>>> I can't figure out how I can use the mo
Re: [Puppet Users] Puppet agent does not start in Solaris zone
Dear all, I found the problem. The package needs to be installed in the global zone. It does not work if you install it only in the local zone. Best regards Andreas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b8931f77-4e03-45d8-8b5b-6f3dfef1df40%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Providing hiera with module data
I only need to know how to use different "hiera.yaml" files for different modules. How can I achieve that`? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8a201141-788e-467d-8fe1-44085293da36%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Nsclient install
HI Josh
It seems the display name was wrong.
service { 'nsclient':
name=> 'NSClientpp',
ensure => running,
enable => true,
require => Package['nsclient'],
}
That now works.
Thanks for the help.
On Sunday, December 1, 2013 9:37:58 PM UTC, Josh Cooper wrote:
>
>
>
> On Sunday, December 1, 2013, Jeffrey Smith wrote:
>
>> Hi Felix,
>>
>> The DisplayName from the registry key
>> HKEYY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSClientpp\DisplayName is
>> "NSClient++ (x64)" in binary it is
>>
>> A hexdump of whats in my puppet manifest on linux gives
>>
>> 534e 6c43 6569 746e 2b2b 2820 3678 2934
>> 000a
>>
>> while what regedit says its storing is
>>
>> 4e 00 53 00 43 00 6c 00
>> 69 00 65 00 6e 00 74 00
>> 2b 00 2b 00 20 00 28 00
>> 78 00 36 00 34 00 29 00
>> 00 00
>>
>> Is it possible its a windows utf16 to utf8 on Linux issue?
>>
>> On Friday, November 29, 2013 1:01:25 PM UTC, Felix.Frank wrote:
>>>
>>> Kaustubh's remarks may still have merit, though. Perhaps there is a
>>> subtle typo (think trailing space or similar). Have you copy-pasted the
>>> name from an authoritative source?
>>>
>>> Regards,
>>> Felix
>>>
>>> On 11/29/2013 01:41 PM, Jeffrey Smith wrote:
>>> >
>>> > The service name is "NSClient++ (x64)" and its listed there its just
>>> not
>>> > starting it as its saying it cant find it.
>>> >
>>> > On Friday, November 29, 2013 12:13:29 PM UTC, kaustubh chaudhari
>>> wrote:
>>> >
>>> > from what i have seen, this means you are not using the correct
>>> > service name.
>>> >
>>> > Install NS Client on a windows box manually, go to run ->
>>> > services.msc -> Look for NS service in the properties of that you
>>> > will see the service Name, Use this service name if your code!
>>> >
>>> > Hope this help!
>>> >
>>> > -Kaustubh
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/8a6ba694-1308-4276-aea0-bab2ac00a8cc%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
> You'll want to use the short name of the service not the display name:
> http://docs.puppetlabs.com/references/latest/type.html#service-attribute-name
>
> The easiest way to find out what name puppet uses is to run 'puppet
> resource service' when the service is installed and see what comes back.
>
> Josh
>
>
> --
> Josh Cooper
> Developer, Puppet Labs
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/610eac43-4227-4bda-926d-ceb8393a6453%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Problem with PuppetDB and OpenSSL (solved)
So this seems to be a regression in openssl-1.0.1e-15.el6.x86_64. The reason why this works for JDK 7, is because we've had issues with the ECC based ciphers in the past, and had to pin JDK 7 to non-ECC ciphers. However we had the anticipation that this might be something that would come back, so we provided a configuration option to override this. Alas, the solution without downgrading openssl or upgrading to JDK 7 is to add the following line to your jetty.ini: cipher-suites = TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5 ... and then restart your puppetdb instance. We're looking into a permanent solution now. Of course, upgrade to JDK 7 is a good idea regardless, so I would recommend that first. In the very near future we are looking to deprecate JDK 6 anyway, so better to move now rather then later. ken. On Thu, Nov 28, 2013 at 4:04 PM, Ken Barber wrote: > Okay, so this problem seems prolific now. Would you mind raising a > redmine ticket on this? > > http://projects.puppetlabs.com/projects/puppetdb > > > On Thu, Nov 28, 2013 at 3:59 PM, Matthias Saou wrote: >> On Wed, 27 Nov 2013 09:48:52 -0700 >> Deepak Giridharagopal wrote: >> >>> On Nov 27, 2013, at 9:11 AM, Jonathan Gazeley >>> wrote: >>> >>> > Hmm, well I removed java-1.6.0-openjdk and installed >>> > java-1.7.0-openjdk. Reinstalled puppetdb, which pulled >>> > java-1.6.0-openjdk back in again, so the two javas were installed >>> > simultaneously. Restarted puppetdb and puppetmaster and everything >>> > works again I have no idea what was wrong. >>> >>> Hmm, pulling in an older version jdk despite the presence of a newer >>> one smells like a bug to me...can you file one against PuppetDB? >>> >>> We're touching that code right now, as we're actually in the process >>> of deprecating use of JDK 1.6 with PuppetDB. So the upgrade situation >>> you describe is something we should try and test. >> >> FWIW, I just did a "yum update" on a RHEL 6 puppet master, which got >> all updates from RHEL 6.5, and I started seeing failed puppet runs with >> the exact same symptoms. >> >> This is initially with puppet 3.3.2 and puppetdb 1.4.0. >> >> Restarting the services didn't help. Rebooting the server to make sure >> all new system libs were used didn't help either. >> Updating to puppetdb 1.5.2 and running /usr/sbin/puppetdb-ssl-setup -f >> didn't help (still the exact same message). >> >> But this fixed it : >> >> yum install java-1.7.0-openjdk.x86_64 >> service puppetdb restart >> >> Previously, I had only java-1.6.0-openjdk installed, and it had been >> updated. I'm guessing the update broke something related to SSL. After >> installing 1.7.0, alternatives automatically updated all java related >> paths to make 1.7.0 the default, and puppetdb seems to work fine with >> it. >> >> So if you're running PuppetDB on RHEL (or any clone), then make sure >> you have the right version of Java available for it. >> >> Matthias >> >> -- >> Matthias Saou ██ ██ >> ██ ██ >> Web: http://matthias.saou.eu/ ██ >> Mail/XMPP: matth...@saou.eu ██ >>██ >> GPG: 4096R/E755CC63██ ██ ██ >> 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██ >> 21A9 7A51 7B82 E755 CC63 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/20131128165900.4b11f270%40r2d2.marmotte.net. >> For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNTn73JxZduB662QrFCVSdugGCfhkb2kcm-Gu_Tp4y5yKSA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet open source and vmware template
Thanks Neil, Ur answer did make my concepts clear!!! Thanks again!! -Kaustubh On Friday, November 29, 2013 8:59:59 AM UTC-5, Neil - Puppet List wrote: > > When you deploy a vm from the template give it a host name. Then first > puppet run will make a new cert. Set puppet master to autosign and you are > in business > Neil > On 29 Nov 2013 12:09, "kaustubh chaudhari" > > wrote: > >> Hi All, >> >> Fairly new to puppet! >> >> I wanted to include puppet agent in a vmware template, Of course this can >> be done, but i have a question. >> >> what about the certificates ? all the vms created with that template will >> have the same certificate. How to fix that? >> i am sure there is a solution but i dont know how, can someone put some >> light/redirect me to the documentation! >> >> Thanks! >> Kaustubh >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com . >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/23cbb03a-1964-4ef5-be6f-e6181b613d4d%40googlegroups.com >> . >> For more options, visit https://groups.google.com/groups/opt_out. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0ae25c03-c6b3-460b-a236-7b6baf2be66b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Dynamic hiera.yaml
You have to "turn it on" >From >https://github.com/puppetlabs/armatures/blob/master/arm-9.data_in_modules/index.md > (Examples) NOTE: In order to activate the "data-in-modules" and "Hiera-2" it is required to: • Use one of these settings (in puppet's config or made from the command line). Neither is on by default in Puppet 3.3.x • --binder • --parser future “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "Steven Jonthen" To: puppet-users@googlegroups.com Sent: Sunday, December 1, 2013 10:28:52 PM Subject: [Puppet Users] Dynamic hiera.yaml Hi, I want Puppet to take each module's own "hiera.yaml"-file, which is in the module-directory. That works if I use "puppet agent --apply --binder --hiera_config=/path/to/module_hiera.yaml -e 'include classxy'" but Puppet doesn't find the parameters if I use "puppet agent --test" How can I fix this? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/86562c09-cd8c-4e72-8a6e-94b5e2fea275%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/292779775.4810119.1385989399860.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet open source and vmware template
Please keep in mind that autosign is a very dangerous setting security-wise. Make sure you are aware of all implications. Secure your master. Check to see if there is a more robust solution for you. Regards, Felix On 12/02/2013 01:35 PM, kaustubh chaudhari wrote: > Thanks Neil, > > Ur answer did make my concepts clear!!! > > Thanks again!! > > -Kaustubh > > On Friday, November 29, 2013 8:59:59 AM UTC-5, Neil - Puppet List wrote: > > When you deploy a vm from the template give it a host name. Then > first puppet run will make a new cert. Set puppet master to autosign > and you are in business > Neil > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/529C8769.3020907%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Providing hiera with module data
What have you tried ? Links to all the available documentation have already been provided. I have not tried using "Data In Modules", so I cannot do more than make educated guesses and intelligent suggestions based on the available information. Have you tried directly contacting the people that wrote this feature ? Unless someone steps up and admits that they know how this works, I cannot think of anything else to suggest other than to keep re-reading the documentation provided and experiment on a test system. Other folks suggested running your puppetmaster in debug mode ( --debug --no-daemonize ) to see the hiera lookups. This is an excellent suggestion. Good luck. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin & Hobbes) - Original Message - From: "Steven Jonthen" To: puppet-users@googlegroups.com Sent: Monday, December 2, 2013 5:33:39 AM Subject: [Puppet Users] Re: Providing hiera with module data I only need to know how to use different "hiera.yaml" files for different modules. How can I achieve that`? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8a201141-788e-467d-8fe1-44085293da36%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/403555265.4810330.1385990195517.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Multiple server roles using hiera and facts
On Sun, 1 Dec 2013 20:58:34 -0800 (PST)
Shiva Narayanaswamy wrote:
> I want to implement a scenario where I can mix and match multiple
> roles on any managed node. The particular roles played by a node are
> available as facts (role1=webserver, role2=appserver etc )In
> development all the roles will be played by one host, and in
> production a server might play only one role.
>
> I was hoping there will be some way I can implement this in hiera.
> Any clues or pointers would be much appreciated.
I've already had to do something similar, and did it the following way :
* A single "role=" fact/variable.
* Conditionals such as "if "" in $role { ..."
It's not the prettiest way, but since facts can't be arrays, it's the
best I could think of. My role names are all 3 letter long and unique,
meaning that no role name contains another (role "app" and "app1"
would cause "app" to be found in "app1).
In hiera (or from a fact) I just need to have a role string :
role: 'role1,role2,role3'
Depending on your environment, it might also make sense to go for
completely separate variables for each role, such as:
webserver: true
appserver: true
With matching facts which exist or don't exist.
HTH,
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██
Mail/XMPP: matth...@saou.eu ██
██
GPG: 4096R/E755CC63██ ██ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/20131202142520.300f2ca4%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
Thanks, I test it today and now both work. On Thursday, November 28, 2013 10:42:54 AM UTC+2, Felix.Frank wrote: > > Hi, > > actually, I believe both puppetmaster and dashboard use passenger. > > The idea behind apache's virtual hosts is that you can have independent > sets of configuration applied to different ports, or different IP > addresses available on the same server. > > What you need to do is adding *both* blocks to your apache > config. > > What platform is this? On Debian-likes, those go in > /etc/apache2/sites-available (with symlinks in sites-enabled/), for > RedHat-ish systems the structure in /etc/apache2 is slightly different, > but it should be easy to find. > > HTH, > Felix > > On 11/27/2013 10:51 AM, shlo@gmail.com wrote: > > How can I merge between the 2 virtual host to make Passenger work with > > Dashboard? > > Any help is welcome. > > Thanks. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0f53662e-5727-4057-8e08-43fe73a2ac79%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet open source and vmware template
Hey Felix, Yep, i understand! autosign is not good for my infrastructure! Thanks for sharing!! -Kaustubh With Warm Regards Kaustubh.A.Chaudhari (M)-09373102619 On Mon, Dec 2, 2013 at 8:13 AM, Felix Frank wrote: > Please keep in mind that autosign is a very dangerous setting > security-wise. Make sure you are aware of all implications. Secure your > master. Check to see if there is a more robust solution for you. > > Regards, > Felix > > On 12/02/2013 01:35 PM, kaustubh chaudhari wrote: > > Thanks Neil, > > > > Ur answer did make my concepts clear!!! > > > > Thanks again!! > > > > -Kaustubh > > > > On Friday, November 29, 2013 8:59:59 AM UTC-5, Neil - Puppet List wrote: > > > > When you deploy a vm from the template give it a host name. Then > > first puppet run will make a new cert. Set puppet master to autosign > > and you are in business > > Neil > > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/Y0xw-ivFxUU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/529C8769.3020907%40alumni.tu-berlin.de > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAGceKKq2yYaVEBk7V%3DRW%3DtjbOY4VwRL%2BmaPPBWAjYAxUjdMwmg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
I continue with the instruction of configure Dashboard. First, I dont see a list of nodes I have, Do I need to add them manually to Dashboard or it should came up automatically? I tried to set "Importing exiting reports" : I dont have /var/puppet/lib/reports, how can I know where my report exist so I can run the command 'rake RAILS_ENV=production reports:migrate' successfully? I also tried to set 'Live report aggregation'. As a result I have no reports in Dashboard. How can I see the reports? Any help welcome. On Monday, December 2, 2013 3:26:58 PM UTC+2, shlo@gmail.com wrote: > > Thanks, I test it today and now both work. > > > > On Thursday, November 28, 2013 10:42:54 AM UTC+2, Felix.Frank wrote: >> >> Hi, >> >> actually, I believe both puppetmaster and dashboard use passenger. >> >> The idea behind apache's virtual hosts is that you can have independent >> sets of configuration applied to different ports, or different IP >> addresses available on the same server. >> >> What you need to do is adding *both* blocks to your apache >> config. >> >> What platform is this? On Debian-likes, those go in >> /etc/apache2/sites-available (with symlinks in sites-enabled/), for >> RedHat-ish systems the structure in /etc/apache2 is slightly different, >> but it should be easy to find. >> >> HTH, >> Felix >> >> On 11/27/2013 10:51 AM, shlo@gmail.com wrote: >> > How can I merge between the 2 virtual host to make Passenger work with >> > Dashboard? >> > Any help is welcome. >> > Thanks. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ac3f902a-c79a-4193-95f0-20b66af77bf7%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
what are you [master] setting in puppet.conf what is the 'report = ' configured for ? -Kaustubh On Monday, December 2, 2013 9:46:49 AM UTC-5, shlo@gmail.com wrote: > > I continue with the instruction of configure Dashboard. > First, I dont see a list of nodes I have, Do I need to add them manually > to Dashboard or it should came up automatically? > > I tried to set "Importing exiting reports" : > I dont have /var/puppet/lib/reports, how can I know where my report exist > so I can run the command > 'rake RAILS_ENV=production reports:migrate' successfully? > > I also tried to set 'Live report aggregation'. > > As a result I have no reports in Dashboard. How can I see the reports? > Any help welcome. > > On Monday, December 2, 2013 3:26:58 PM UTC+2, shlo@gmail.com wrote: >> >> Thanks, I test it today and now both work. >> >> >> >> On Thursday, November 28, 2013 10:42:54 AM UTC+2, Felix.Frank wrote: >>> >>> Hi, >>> >>> actually, I believe both puppetmaster and dashboard use passenger. >>> >>> The idea behind apache's virtual hosts is that you can have independent >>> sets of configuration applied to different ports, or different IP >>> addresses available on the same server. >>> >>> What you need to do is adding *both* blocks to your apache >>> config. >>> >>> What platform is this? On Debian-likes, those go in >>> /etc/apache2/sites-available (with symlinks in sites-enabled/), for >>> RedHat-ish systems the structure in /etc/apache2 is slightly different, >>> but it should be easy to find. >>> >>> HTH, >>> Felix >>> >>> On 11/27/2013 10:51 AM, shlo@gmail.com wrote: >>> > How can I merge between the 2 virtual host to make Passenger work >>> with >>> > Dashboard? >>> > Any help is welcome. >>> > Thanks. >>> >> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4c27d3be-9cd7-4226-bd59-282fbf9e2005%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Class parameter flexibility with ENC, hiera or both
Dear puppetteers,
I am having a philosophical question about parametrized classes.
When building modules, one wants to be as flexible as possible, to try
to target as many puppet flavors as possible. This is our target:
- Foreman users, using foreman as an ENC with smart variables (or
potentially any other ENC, but I would say this is the most widespread one).
- Pure Puppet's site.pp users with Hiera as the only data binding.
But let's say that within mymodule there is a define mymodule::mydefine
that uses variable values from mymodule, let's say mymodule::parameter1.
I need to include mymodule to be able to use it, right? This is the example:
class mymodule (param1 = 'default_value') {
}
define mymodule::mydefine () {
include mymodule ## just to make sure it was parsed before
case (mymodule::param1) {blabla}
}
If you only use Hiera as a data backend, you're good: if you need to
override parameter1, you do it in the hierarchy, and the include does
not disturb you. But if you want to target also an ENC, you are screwed:
classes:
mymodule:
param1: 'value'
ENC's way to pass class parameters (if I am not mistaken) is the classic
"class {mymodule: param1 => 'value'}", and when the define does the
include without parameters, an error would come for mixing parametrized
and not parametrized inclusions.
The problem really comes because I need a variable from another class
(in the same module, though)... but:
- Is it possible to force the parsing order so that I don't need to use
the include inside the define?
- Or is it possible to have the ENC push parameters the "Hiera" way
instead of the "Classic" way, so that both includes are equivalent?
Thanks a lot,
Pablo Fernandez
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/529CC5E7.8010800%40cscs.ch.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: validate hiera database against a schema
On Friday, November 29, 2013 2:58:19 AM UTC-6, David Portabella wrote:
>
> is there a way to validate a hiera database against a schema?
>
Not that I know of, no. Did you have a particular schema language in mind?
> the validation could be done as a whole (but that might not make sense, as
> the effective hierarchy depends on the context),
> or better, when calling hiera('myvar') from puppet (for instance).
>
>
Then it sounds like you are asking more about validating individual data
items. Puppet still doesn't have general-purpose schema validation for
such things, but you can write context-specific validation in DSL or as one
or more custom functions.
> or maybe, this could be a new function (in puppet-stdlibs)
> *validate_against_schema($myvar,
> $schema).*
>
> does this feature make sense?
>
Not without a particular schema language attached to it. And maybe not
with one. It is not immediately evident to me that describing the expected
form of the data in some schema language and then using that to validate
would be in any way better than writing appropriate validation code in
either Puppet DSL (for use in a Puppet manifest) or Ruby (for a custom
function). You have to write custom code any way you do it, so what is the
advantage of adding another language to the mix?
> is it planned?
>
>
I suspect not.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/d1007049-a101-4863-ad04-cf51a99b2a50%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Passing an entire directory from the puppet master.
On Thursday, November 28, 2013 5:09:09 AM UTC-6, Waqar Khan wrote:
>
> Can someone help, im trying to send an entire directory with its contents
> to the puppet agent. Here is the init.pp file:
>
>
> class testing {
>
> file { "C:/test/":
>
>
> ensure => directory,
> owner => 'Administrator',
> group => 'Administrators',
> mode => '0755',
> }
>
>
>
> file { "C:/test/testscript":
>
>
> ensure => directory,
> owner => 'Administrator',
> group => 'Administrators',
> mode => '0755',
> source => "puppet:///modules/testing/files",
> recurse => true,
>
>
> }
> }
>
>
> When running the agent on the puppet it gives this error:
>
> error: /stage[main]Testing/File/[testscript]: Could not evalate: Could not
> retrieve information from environment production source
> puppet:///modules/testing/files at
> /etc/puppet/modules/testing/manifests/init.pp:17
> I can serve single files but not a directory.
>
>
Your DSL looks ok to me on first glance. I think the error message is
telling you that /testing/files/files (doubled "/files"
intentional) does not exist on your master, or is not readable by the
master. Do you perhaps mean to use
source => 'puppet:///modules/testing/testscript'
, which would try to sync a directory /testing/files/testscript
from your master to your clients? With
recurse => true
, as you specify, the directory's contents should be synced as well. The
name of the source directory on the master does not need to match the name
of the target directory on the client, but you do need to give it.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/6a1b34bd-a4b1-43f6-992e-bd9851f504bf%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: validate hiera database against a schema
On Mon, Dec 2, 2013 at 9:44 AM, jcbollinger wrote: > > > On Friday, November 29, 2013 2:58:19 AM UTC-6, David Portabella wrote: >> >> is there a way to validate a hiera database against a schema? >> > > > Not that I know of, no. Did you have a particular schema language in mind? > Ken Barber done some work a while back with Kwalify, which could be suitable for this purpose: https://github.com/puppetlabs/puppetlabs-kwalify Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACqVBqBzLkVghKJTAg8f-5n-%2ByWoh%2B7%2BGN%2B5bAdTuAA8oNXJSg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Multiple server roles using hiera and facts
i have heard of people using json in fact values to express arrays.
On Monday, December 2, 2013 8:25:20 AM UTC-5, Matthias Saou wrote:
>
> On Sun, 1 Dec 2013 20:58:34 -0800 (PST)
> Shiva Narayanaswamy > wrote:
>
> > I want to implement a scenario where I can mix and match multiple
> > roles on any managed node. The particular roles played by a node are
> > available as facts (role1=webserver, role2=appserver etc )In
> > development all the roles will be played by one host, and in
> > production a server might play only one role.
> >
> > I was hoping there will be some way I can implement this in hiera.
> > Any clues or pointers would be much appreciated.
>
> I've already had to do something similar, and did it the following way :
>
> * A single "role=" fact/variable.
> * Conditionals such as "if "" in $role { ..."
>
> It's not the prettiest way, but since facts can't be arrays, it's the
> best I could think of. My role names are all 3 letter long and unique,
> meaning that no role name contains another (role "app" and "app1"
> would cause "app" to be found in "app1).
>
> In hiera (or from a fact) I just need to have a role string :
>
> role: 'role1,role2,role3'
>
> Depending on your environment, it might also make sense to go for
> completely separate variables for each role, such as:
>
> webserver: true
> appserver: true
>
> With matching facts which exist or don't exist.
>
> HTH,
> Matthias
>
> --
> Matthias Saou ██ ██
> ██ ██
> Web: http://matthias.saou.eu/ ██
> Mail/XMPP: matt...@saou.eu ██
>██
> GPG: 4096R/E755CC63██ ██ ██
> 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
> 21A9 7A51 7B82 E755 CC63
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4b2f9b22-7386-4da7-bb57-07f55e375cd9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] matching all current "ipaddress_ethX" facts
On Friday, November 29, 2013 5:46:11 AM UTC-6, cko wrote:
>
> Thanks, i think i got something here:
>
> Facter.add("ip_prodlan") do
>confine :kernel => "Linux"
>setcode do
> Facter::Util::Resolution.exec("/sbin/ifconfig | /bin/grep
> '20.20.\\|30.31.\\|200.30.80.\\|120.' | /bin/awk '{ print $2 }' | /bin/cut
> -d':' -f2 | /usr/bin/head -n1")
>end
> end
>
>
I really think that's a sub-optimal approach. Facter is already providing
all the facts you need for this job. You ought to be analyzing those
instead of creating a new one. Here's an outline:
1. Obtain a list of all defined network interfaces for the target node
by splitting the value of the $::interfaces fact around commas.
2. For each interface name test the value of the
$::ipaddress_ fact against the subnet mask(s) of interest.
3. Take appropriate action and/or return a result.
That should ultimately be done in a custom function, but as I said, it
could be prototyped via an inline template.
> I'm currently using the custom fact to print the production LAN ip address
> in /etc/motd .
> It usually returns the correct value. But in some cases the "puppet agent
> -t" command changes the file in a *different* way than "service puppet
> restart" does. Any idea?
>
>
If performing a catalog run via "puppet agent -t" exhibits inconsistent
behavior then I have trouble believing that forcing one via "service puppet
restart" is always consistent. Do note, by the way, that the latter is a
rather rough way to force a catalog run -- if the agent is running in
daemon mode then you can trigger an immediate catalog run by sending it
SIGUSR1.
Perhaps your interfaces are going up and down. If the key interface
happens to be down when Facter runs then its IP address probably will not
be reported by ifconfig, so you might not see any of the subnets you're
looking for.
> Another question:
>
> I want my custom fact to do something like this:
> if the "Resolution.exec" returns 0 (nothing) then ip_prodlan should use
> the value of the fact "$ipaddress".
> Is it possible to do something like this?
>
>
Probably, but don't. Perform this sort of test and data selection in your
manifests, not in Facter.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b3166eb0-3fc2-4688-ac78-ad5ff5dd6c4e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers
Hello, I am a new user. My pupet is running on CentOS and I am facing the same issue on my windows 2012 box. Can you please tell me where I should be running this? on the puppetmaster server or agent? I didnt make the changes to the windows.rb file but I still face the same issue. [root@puppet-server-new ~]# find / -name windows.rb /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v3/windows.rb /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v2/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/file/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/service/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/exec/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/package/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/facter/util/ip/windows.rb /opt/puppet/share/puppet/modules/reboot/lib/puppet/provider/reboot/windows.rb /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v3/windows.rb /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v2/windows.rb /opt/puppet/share/vendor/ruby/1.9.1/gems/sass-3.2.9/vendor/listen/lib/listen/adapters/windows.rb /root/facter-1.7.3/lib/facter/util/ip/windows.rb /var/opt/lib/pe-puppet/lib/puppet/provider/reboot/windows.rb /var/opt/lib/pe-puppet/lib/facter/windows.rb /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb I see a bunch of windows.rb files. I made the changes to the below one on puppetmaster box. [root@puppet-server-new ~]# vi /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb Still the same issue on Windows 2012 Hyper-V box running MSCS C:\Users\administrator.A1000>puppet agent -t Info: Retrieving plugin Error: Could not retrieve local facts: undefined method `gsub' for nil:NilClass Error: Failed to apply catalog: Could not retrieve local facts: undefined method `gsub' for nil:NilClass On Friday, October 4, 2013 12:17:38 AM UTC+5:30, Rob Reynolds wrote: > > This verifies for us that this is a gating issue. > > Would you feel comfortable helping us verify that we've fixed this issue > for you? > > > https://github.com/ferventcoder/facter/blob/874a5a96ac5fa778c50f1e93424850022b1756cf/lib/facter/util/ip/windows.rb#L46-L47 > > > > > On Thu, Oct 3, 2013 at 1:42 PM, Christian Koep > > wrote: > >> Yes, thats all i got from *facter --trace --debug* >> >> >> On Thu, Oct 3, 2013 at 8:41 PM, Rob Reynolds >> >> > wrote: >> >>> Was this the entire log (minus anything you feel sensitive)? >>> >>> >>> On Thu, Oct 3, 2013 at 1:15 PM, cko >wrote: >>> https://gist.github.com/anonymous/6814400 On Thursday, October 3, 2013 5:23:05 PM UTC+2, Rob Reynolds wrote: > You should be able to run > > facter --trace --debug > > > On Wed, Oct 2, 2013 at 5:18 PM, cko wrote: > >> Hi Ethan, >> >> what's the exact command that i would have to use? >> >> >> On Wednesday, October 2, 2013 11:35:29 PM UTC+2, Ethan Brown wrote: >> >>> Christian - >>> >>> I'm doing the final verification of our fix, and was hoping that I >>> could get the output from Facter run by itself? >>> >>> >>> >>> On Fri, Sep 20, 2013 at 1:36 PM, Rob Reynolds >>> wrote: >>> I would say with all of this in mind we move forward with a fix where we look to see that the network adapter itself is also enabled. This is laid out in the ticket that I noted earlier. On Fri, Sep 20, 2013 at 7:44 AM, Rich Siegel wrote: > Exchange DAG is essentially a cluster and the adapter in question > the dag ip. > > My guess is the logic for adapters should be modded for when > netconnectionid is not null. > > In general don't try to mess with hidden adapters on dags unless > you understand ramifications. > > -- > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to puppet-users...@googlegroups.com. > To post to this group, send email to puppet...@googlegroups.com. > > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > -- Rob Reynolds Developer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails fr
Re: [Puppet Users] Multiple server roles using hiera and facts
I think I kind of get what you are saying, and I was going to do some ugly
if loops in my modules, but that was the second option. I was wondering if
there is a more elegant solution.
Thanks for taking the time to answer.
On Tuesday, December 3, 2013 12:25:20 AM UTC+11, Matthias Saou wrote:
>
> On Sun, 1 Dec 2013 20:58:34 -0800 (PST)
> Shiva Narayanaswamy > wrote:
>
> > I want to implement a scenario where I can mix and match multiple
> > roles on any managed node. The particular roles played by a node are
> > available as facts (role1=webserver, role2=appserver etc )In
> > development all the roles will be played by one host, and in
> > production a server might play only one role.
> >
> > I was hoping there will be some way I can implement this in hiera.
> > Any clues or pointers would be much appreciated.
>
> I've already had to do something similar, and did it the following way :
>
> * A single "role=" fact/variable.
> * Conditionals such as "if "" in $role { ..."
>
> It's not the prettiest way, but since facts can't be arrays, it's the
> best I could think of. My role names are all 3 letter long and unique,
> meaning that no role name contains another (role "app" and "app1"
> would cause "app" to be found in "app1).
>
> In hiera (or from a fact) I just need to have a role string :
>
> role: 'role1,role2,role3'
>
> Depending on your environment, it might also make sense to go for
> completely separate variables for each role, such as:
>
> webserver: true
> appserver: true
>
> With matching facts which exist or don't exist.
>
> HTH,
> Matthias
>
> --
> Matthias Saou ██ ██
> ██ ██
> Web: http://matthias.saou.eu/ ██
> Mail/XMPP: matt...@saou.eu ██
>██
> GPG: 4096R/E755CC63██ ██ ██
> 8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
> 21A9 7A51 7B82 E755 CC63
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/fb9bc483-c774-4c71-8d31-0fddfbf490de%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] cli-driven list-file-based ad-hoc runs
Currently, I have
/etc/puppet/puppet.conf
on my nodes with
[main]
:
noop = true
[agent]
:
And puppet is running as:
/usr/bin/ruby /usr/bin/puppet agent --verbose
On the Puppet Master:
/etc/puppet/manifests/nodes.pp
node 'basenode' {
include baseclass
}
:
node 'somepattern' inherits basenode {
class { 'abc::def':
randomvariables => "random values"
}
}
However, I am finding it inconvenient for running all assigned classes
on the node
or some subset of the nodes or some subset of classes and nodes, etc., and
only
when I specify they should be run (not 7x24x365, etc.):
What I want is, from the master do something like
some-magical-puppet-command some-list-file
which based on the one-host-per-line some-list-file simply makes it happen
on the remote nodes, running the classes then and only then with the normal
YAML logging and /var/log/messages.
Anyone implemented non-GUI, CLI-based run-from-listfile within Open Source
Puppet?
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f18a560d-e34a-4027-9eca-8770a4423f66%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers
On Mon, Dec 2, 2013 at 12:31 PM, Arvind P R wrote: > Hello, > > I am a new user. > My pupet is running on CentOS and I am facing the same issue on my windows > 2012 box. > Can you please tell me where I should be running this? > > on the puppetmaster server or agent? > > I didnt make the changes to the windows.rb file but I still face the same > issue. > > [root@puppet-server-new ~]# find / -name windows.rb > > /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v3/windows.rb > > /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v2/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/file/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/service/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/exec/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/package/windows.rb > /opt/puppet/lib/ruby/site_ruby/1.9.1/facter/util/ip/windows.rb > > /opt/puppet/share/puppet/modules/reboot/lib/puppet/provider/reboot/windows.rb > /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb > > /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v3/windows.rb > > /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v2/windows.rb > > /opt/puppet/share/vendor/ruby/1.9.1/gems/sass-3.2.9/vendor/listen/lib/listen/adapters/windows.rb > /root/facter-1.7.3/lib/facter/util/ip/windows.rb > /var/opt/lib/pe-puppet/lib/puppet/provider/reboot/windows.rb > /var/opt/lib/pe-puppet/lib/facter/windows.rb > /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb > > I see a bunch of windows.rb files. > > I made the changes to the below one on puppetmaster box. > [root@puppet-server-new ~]# vi > /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb > > > Still the same issue on Windows 2012 Hyper-V box running MSCS > C:\Users\administrator.A1000>puppet agent -t > Info: Retrieving plugin > Error: Could not retrieve local facts: undefined method `gsub' for > nil:NilClass > Error: Failed to apply catalog: Could not retrieve local facts: undefined > method > `gsub' for nil:NilClass > Can you run facter --trace --debug as well and report what you are seeing? > > > On Friday, October 4, 2013 12:17:38 AM UTC+5:30, Rob Reynolds wrote: > >> This verifies for us that this is a gating issue. >> >> Would you feel comfortable helping us verify that we've fixed this issue >> for you? >> >> https://github.com/ferventcoder/facter/blob/ >> 874a5a96ac5fa778c50f1e93424850022b1756cf/lib/facter/util/ip/ >> windows.rb#L46-L47 >> >> >> >> >> On Thu, Oct 3, 2013 at 1:42 PM, Christian Koep wrote: >> >>> Yes, thats all i got from *facter --trace --debug* >>> >>> >>> On Thu, Oct 3, 2013 at 8:41 PM, Rob Reynolds wrote: >>> Was this the entire log (minus anything you feel sensitive)? On Thu, Oct 3, 2013 at 1:15 PM, cko wrote: > https://gist.github.com/anonymous/6814400 > > > On Thursday, October 3, 2013 5:23:05 PM UTC+2, Rob Reynolds wrote: > >> You should be able to run >> >> facter --trace --debug >> >> >> On Wed, Oct 2, 2013 at 5:18 PM, cko wrote: >> >>> Hi Ethan, >>> >>> what's the exact command that i would have to use? >>> >>> >>> On Wednesday, October 2, 2013 11:35:29 PM UTC+2, Ethan Brown wrote: >>> Christian - I'm doing the final verification of our fix, and was hoping that I could get the output from Facter run by itself? On Fri, Sep 20, 2013 at 1:36 PM, Rob Reynolds wrote: > I would say with all of this in mind we move forward with a fix > where we look to see that the network adapter itself is also enabled. > This > is laid out in the ticket that I noted earlier. > > > On Fri, Sep 20, 2013 at 7:44 AM, Rich Siegel wrote: > >> Exchange DAG is essentially a cluster and the adapter in >> question the dag ip. >> >> My guess is the logic for adapters should be modded for when >> netconnectionid is not null. >> >> In general don't try to mess with hidden adapters on dags unless >> you understand ramifications. >> >> -- >> You received this message because you are subscribed to the >> Google Groups "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to puppet-users...@googlegroups.com. >> To post to this group, send email to puppet...@googlegroups.com. >> >> Visit this group at http://groups.google.com/group/puppet-users. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Rob Reynolds > Developer, Puppet Lab
Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers
Thanks for your prompt answer. I ran this on the windows (Hyper-V) node which is running MSCS cluster. Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved. C:\Users\administrator.A1000>facter --trace --debug ←[0;32mNot an EC2 host←[0m C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/facter/util/ip.r b:39:in `alphafy': undefined method `gsub' for nil:NilClass (NoMethodError) from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/interfaces.rb:35:in `block (2 levels) in ' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/interfaces.rb:34:in `each' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/interfaces.rb:34:in `block in ' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/interfaces.rb:29:in `each' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/interfaces.rb:29:in `' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:95:in `load' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:95:in `load_file' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:46:in `block (2 levels) in load_all' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:41:in `each' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:41:in `block in load_all' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:38:in `each' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/loader.rb:38:in `load_all' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/util/collection.rb:114:in `load_all' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter.rb:118:in `block (2 levels) in singletonclass' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/lib/fac ter/application.rb:45:in `run' from C:/Program Files (x86)/Puppet Labs/Puppet Enterprise/facter/bin/fac ter:16:in `' Thanks, Arvind On Tuesday, December 3, 2013 1:17:29 AM UTC+5:30, Rob Reynolds wrote: > > > > > On Mon, Dec 2, 2013 at 12:31 PM, Arvind P R > > wrote: > >> Hello, >> >> I am a new user. >> My pupet is running on CentOS and I am facing the same issue on my >> windows 2012 box. >> Can you please tell me where I should be running this? >> >> on the puppetmaster server or agent? >> >> I didnt make the changes to the windows.rb file but I still face the same >> issue. >> >> [root@puppet-server-new ~]# find / -name windows.rb >> >> /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v3/windows.rb >> >> /opt/puppet/libexec/mcollective/mcollective/util/puppet_agent_mgr/v2/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/file/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/service/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/exec/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/package/windows.rb >> /opt/puppet/lib/ruby/site_ruby/1.9.1/facter/util/ip/windows.rb >> >> /opt/puppet/share/puppet/modules/reboot/lib/puppet/provider/reboot/windows.rb >> /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb >> >> /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v3/windows.rb >> >> /opt/puppet/share/puppet/modules/pe_mcollective/files/plugins/util/puppet_agent_mgr/v2/windows.rb >> >> /opt/puppet/share/vendor/ruby/1.9.1/gems/sass-3.2.9/vendor/listen/lib/listen/adapters/windows.rb >> /root/facter-1.7.3/lib/facter/util/ip/windows.rb >> /var/opt/lib/pe-puppet/lib/puppet/provider/reboot/windows.rb >> /var/opt/lib/pe-puppet/lib/facter/windows.rb >> /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb >> >> I see a bunch of windows.rb files. >> >> I made the changes to the below one on puppetmaster box. >> [root@puppet-server-new ~]# vi >> /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb >> >> >> Still the same issue on Windows 2012 Hyper-V box running MSCS >> C:\Users\administrator.A1000>puppet agent -t >> Info: Retrieving plugin >> Error: Could not retrieve local facts: undefined method `gsub' for >> nil:NilClass >> Error: Failed to apply catalog: Could not retrieve local facts: undefined >> method >> `gsub' for nil:NilClass >> > > Can you run facter --trace --debug as well and report what you are seeing? > > >> >> >> On Friday, October 4, 2013 12:17:38 AM UTC+5:30, Rob Reynolds wrote: >> >>> This verifies for us that this is a gating issue. >>> >>> Would you feel comfortable helping us verify that we've fixed this issue >>> for you? >>
Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers
This change would need to get applied to the node (the agent box). Apologies I missed where you said you made the change to the puppet master and not the node. Most likely that will be at C:\Program Files (x86)\Puppet Labs\Puppet\facter\lib\facter\util\ip\windows.rb (your path may be slightly different). On Mon, Dec 2, 2013 at 1:51 PM, Arvind P R wrote: > Thanks for your prompt answer. > > I ran this on the windows (Hyper-V) node which is running MSCS cluster. > Microsoft Windows [Version 6.3.9600] > (c) 2013 Microsoft Corporation. All rights reserved. > > C:\Users\administrator.A1000>facter --trace --debug > ←[0;32mNot an EC2 host←[0m > C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/facter/util/ip.r > b:39:in `alphafy': undefined method `gsub' for nil:NilClass (NoMethodError) > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/interfaces.rb:35:in `block (2 levels) in ' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/interfaces.rb:34:in `each' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/interfaces.rb:34:in `block in ' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/interfaces.rb:29:in `each' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/interfaces.rb:29:in `' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:95:in `load' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:95:in `load_file' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:46:in `block (2 levels) in load_all' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:41:in `each' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:41:in `block in load_all' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:38:in `each' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/loader.rb:38:in `load_all' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/util/collection.rb:114:in `load_all' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter.rb:118:in `block (2 levels) in singletonclass' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/lib/fac > ter/application.rb:45:in `run' > from C:/Program Files (x86)/Puppet Labs/Puppet > Enterprise/facter/bin/fac > ter:16:in `' > > > Thanks, > Arvind > > On Tuesday, December 3, 2013 1:17:29 AM UTC+5:30, Rob Reynolds wrote: >> >> >> >> >> On Mon, Dec 2, 2013 at 12:31 PM, Arvind P R wrote: >> >>> Hello, >>> >>> I am a new user. >>> My pupet is running on CentOS and I am facing the same issue on my >>> windows 2012 box. >>> Can you please tell me where I should be running this? >>> >>> on the puppetmaster server or agent? >>> >>> I didnt make the changes to the windows.rb file but I still face the >>> same issue. >>> >>> [root@puppet-server-new ~]# find / -name windows.rb >>> /opt/puppet/libexec/mcollective/mcollective/util/ >>> puppet_agent_mgr/v3/windows.rb >>> /opt/puppet/libexec/mcollective/mcollective/util/ >>> puppet_agent_mgr/v2/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/file/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/service/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/exec/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/package/windows.rb >>> /opt/puppet/lib/ruby/site_ruby/1.9.1/facter/util/ip/windows.rb >>> /opt/puppet/share/puppet/modules/reboot/lib/puppet/ >>> provider/reboot/windows.rb >>> /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb >>> /opt/puppet/share/puppet/modules/pe_mcollective/files/ >>> plugins/util/puppet_agent_mgr/v3/windows.rb >>> /opt/puppet/share/puppet/modules/pe_mcollective/files/ >>> plugins/util/puppet_agent_mgr/v2/windows.rb >>> /opt/puppet/share/vendor/ruby/1.9.1/gems/sass-3.2.9/vendor/ >>> listen/lib/listen/adapters/windows.rb >>> /root/facter-1.7.3/lib/facter/util/ip/windows.rb >>> /var/opt/lib/pe-puppet/lib/puppet/provider/reboot/windows.rb >>> /var/opt/lib/pe-puppet/lib/facter/windows.rb >>> /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb >>> >>> I see a bunch of windows.rb files. >>> >>> I made the changes to the below one on puppetmaster box. >>> [root@puppet-server-new ~]# vi /usr/lib/ruby/site_ruby/1.8/ >>> facter/util/ip/windows.rb >>> >>> >>> Still the same issue on Windows 2012 Hyper-V box running MSCS >>> C:\Users\administrator.A1000>puppet agent -t >>> Info: Retrieving plugin >>
[Puppet Users] Tracking Bug #21869, Subject is: Error: Could not request certificate:stack level too deep", does not explain the workaround clearly.
I'm setting up Puppet with externally supported x.509 certificates from a single CA and I'm encountering this error. The workaround states to copy the CA's public key from the master to node, however this situation is the node agent on the actual puppet master server. The CA or issuer of the both the master and agent certificates is present and available and I have copied into the ca.pem file as stated. In this configuration the Master Puppet server is not functioning as a traditional self-signed CA. I have followed the directions for configuring this setup in the puppet.conf and other configuration files for apache/passenger/rack. I have tested both the puppet master and agent node x.509 certificates to access the apache/passenger configured site using FF and curl with no errors over port 1840. The bug report does not give enough details about the work around to be sure how this resolve this problem. The fix has been extended into a later product version as well. Other Platform details: Linux 2.6.18-371.1.2.el5 Apache 2.4.4 Passenger 4.0.19 Openssl 0.9.8e Puppet 3.3.1 rc1 So looking for suggestions on how to overcome this configuration and product support problem. raf. -- This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error please contact the sender. Although this email and any attachments are believed to be free of any virus or other defects which might affect any computer or IT system into which they are received, no responsibility is accepted for any loss or damage arising in any way from the receipt or use thereof. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5a57052f-2f6c-4bd5-a9a7-12daba9c0588%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Purging of ssh_authorized_keys
On 11/22/2013 03:28 PM, jcbollinger wrote:
> ssh_authorized_key { 'example':
> target => '/non/standard/location'
> key => '...',
> type => 'rsa',
> ensure => 'present',
> }
>
> resources { 'purge_authorized_keys':
> name => 'ssh_authorized_key',
> purge => true
> }
>
> Suppose further that some time after those resources have been applied
> to my nodes, I remove the declaration of Ssh_authorized_key['example'].
> When my nodes next sync, shouldn't I expect
> Ssh_authorized_key['example'] to be purged? It was previously under
> management, and now it's not, so how is it logical that it escapes the
> purge?
Yes, that is indeed unfortunate.
I feel that this is actually a problem with the target parameter,
though. Below, you suggest to tie the key purging to user resources.
That is a great idea, and usually, the target file for a key is obtained
from the owning user only.
Therefor, it may be sensible to build a purging mechanism and add a
warning to the documentation for the target parameter, that it will
interfere with purging.
> In essence, manage SSH keys for users which Puppet has defined. This
> fits cleanly within the Puppet model and doesn't cause unexpected
> behavior. This is a perfectly reasonable target and would solve most
> complaints. People who want all users to have their SSH keys purged
> would put all users in their manifests :D
Oh I'm sure someone will eventually pipe up and notice that the key they
authorized for the rsync user (who is "somehow" already present on all
their boxen) won't get purged...but agreed, we can't catch all edge
cases here. You make a good case for a compromise.
> If it is sufficient to restrict this behavior to users under management,
> then perhaps it makes sense to hang the functionality on the User
> resource type. That would make User serve as exactly the sort of
> 'container' that I suggested over in puppet-dev for establishing the
> scope of the purge. Example:
This is elegant and sounds like it could be implemented without much hassle.
It's a little counter-intuitive though that the user type should have
parameters that control key removal, but no means for adding such keys.
I pondered wether it should be possible to manage a single "special" key
for each user via the user resource itself. But that would add much
unnecessary complexity to the user type, and code duplication.
> user {
> 'alice':
> ensure => 'present',
> purge_ssh_keys => true;
Hmm, hmm. Generally I like it.
It sort of feels like this should actually be a property, because it may
cause the agent to take action. But then, there would only be one state,
ssh_keys => purged, and other states like ssh_keys => present wouldn't
make any sense.
And I guess most users don't know or care about the distinction anyway ;-)
> # And maybe even
> 'bob':
> ensure => 'present',
> home => $bob_home,
> purge_ssh_keys => [
> "$bob_home/.ssh/authorized_keys",
> "$bob_home/extra_authorized_keys"
> ]
> }
Ah, good workaround for the original problem. How about even
user { 'charly':
ensure => present,
purge_ssh_keys => true,
ssh_key_files => [
"~/.ssh/authorized_keys",
"~/.ssh-intern/authorized_keys",
]
}
I.e., only accept true/false for "purge_ssh_keys", add a parameter
"ssh_key_files" (which is utterly useless when not purging) and allow a
glob character (~) that the agent will expand to the user's home directory.
But then, the additional parameter may lead users to believe that this
will choose a target implicitly:
user { 'daisy':
ensure => present,
ssh_key_files => [ "~/.openssh/authorized_keys" ],
}
ssh_authorized_key {
'daisy@gate":
ensure => present,
user => "daisy",
key => "...",
}
So John's initial suggestion may be safer.
Kind regards,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/529D09C2.2080007%40Alumni.TU-Berlin.de.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: noop = true and what for test?
Hi Stuart, I'm not sure what your use case is for running the agent as a daemon in noop mode? I can't think of a situation at least in my workplace when I'd want to do that. You know that you can run the agent once in noop mode from the command line? You can do that without changing any configs really easily: puppet agent -t --noop We do that a lot where I work when we're testing code. The agent just runs once and will report on what it would have done, but won't make any changes. A lot of times when we test that we're doing it on a different git branch, and we use "--environment=" to run against that other branch. I'm not sure if this is helpful, maybe you already know about it :) Rich On Tue, Nov 26, 2013 at 5:07 PM, Stuart Cracraft wrote: > What I had to do (confirm or deny at-will please) is: > > uncomment the node in /etc/puppet/manifests/nodes.pp > > on the puppet master > > and > > on the daemon have > > noop = true > > in the main section of the puppet.conf > > and run the agent simply as /usr/bin/ruby /usr/bin/puppet agent --verbose > > Now the yaml's get generated, have the message indicating what would be > changed > but don't change it at all. > > And we get "Would have triggered 'refresh' from N events in the > /var/log/messages on > the node. > > The only betterment to the above would be that /var/log/message over on > the puppet master. > > Desirable and controllable > > Stuart > > > On Tuesday, November 26, 2013 4:30:14 PM UTC-8, Stuart Cracraft wrote: > >> Hi, >> >> When I put >> >> noop = true >> >> in /etc/puppet/puppet.conf >> >> on the node in question, I observe no changes. Great. Good >> >> But also, I see because of >> >> report = true >> >> absolutely zero information in the yaml regarding what would have >> been changed. >> >> Is there an equivalent to the above for "test = true" or must I alter >> the rc file to include --test ? >> >> Thanks ahead Puppet wizards!!! >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3b0f53bf-7d5d-4094-8a26-fe975a1e6f17%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtCN5ovzMjx2ii0CVaFdzsr2_y%2BVD4JQ%3D3jPiMQF0pnH1Q%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] best way to distribute puppet manifests
I think it depends a bit on your situation. If you're the only one editing the code, you might find using a version control system too much overhead. I would probably still want to do it even in that case, but not everyone would. If you're making changes infrequently, a backup of the files might be enough for your comfort level. If there are multiple people editing the code, I think it's a no brainer to use some kind of version control, whether it's git or another option. It's great to be able to look at commits and know who changed what, when, and why. One nice thing about git specifically is that branching is really inexpensive. We use topic branches a lot where I work and then test against them using "--environment =" when we run the agent. Rich On Sun, Dec 1, 2013 at 9:20 AM, Philippe Conway wrote: > Hi Everyone, > > I am currently trying to learn puppet through this book called Puppet 3 > Beginners Guide by John Arundel and it talks about distributing puppet > manifests using git. As I'm going through it, it looks a little pieced > together and complex. > > I was wondering what was the best way? Using the puppet-master or through > git? Just wondering what everyone else does to distribute their manifests? > > Any advice would be appreciated. Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/3cf047fa-9e8e-46dd-9105-6ee9e2150e9e%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPGcbtCbWcGPk6U8%3DURhECx6g55JYQ4hMWy2uJFbp8gJ-nmL2Q%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] testing and exported (nagios) resources
Hello, I have 3 puppet stacks (master, puppetdb, enc) - dev, test/qa and prod. Dev is used for initial development and testing of code (including puppet), which is then promoted to test and then prod. I'd like to start using the nagios types to configure monitoring, via exported resources (yes I'm aware of the issues with the builtins, but they'll have to do for now). I only have one Nagios server, and I'd like to reliably monitor at least some stuff on the dev and test puppet nodes. So... setting up all 3 puppet stacks to export resources that are realized somehow on the Nagios server isn't a possibility, as bad manifests/modules could affect the monitoring of one of the dev or test hosts. What's the safe way to "freeze" exported resources, or prevent them from being changed? The best that I can come up with so far is to have the nagios server connected to the production puppetmaster, and when I want to update the (exported resource) monitoring configuration for one of the dev or test nodes, have to do a one-time run on each node in question against the prod puppet master. Any other thoughts or theories? Thanks, Jason Antman -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/529D363C.4030202%40jasonantman.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] matching all current "ipaddress_ethX" facts
the has_ip_network function that's part of puppet-stdlib may help, it
matches all interfaces against a network address and return a boolean if a
match is found.
https://github.com/puppetlabs/puppetlabs-stdlib#has_ip_network
On 3 December 2013 04:18, jcbollinger wrote:
>
>
> On Friday, November 29, 2013 5:46:11 AM UTC-6, cko wrote:
>>
>> Thanks, i think i got something here:
>>
>> Facter.add("ip_prodlan") do
>>confine :kernel => "Linux"
>>setcode do
>> Facter::Util::Resolution.exec("/sbin/ifconfig | /bin/grep
>> '20.20.\\|30.31.\\|200.30.80.\\|120.' | /bin/awk '{ print $2 }' |
>> /bin/cut -d':' -f2 | /usr/bin/head -n1")
>>end
>> end
>>
>>
>
> I really think that's a sub-optimal approach. Facter is already providing
> all the facts you need for this job. You ought to be analyzing those
> instead of creating a new one. Here's an outline:
>
>1. Obtain a list of all defined network interfaces for the target node
>by splitting the value of the $::interfaces fact around commas.
>2. For each interface name test the value of the
>$::ipaddress_ fact against the subnet mask(s) of interest.
>3. Take appropriate action and/or return a result.
>
> That should ultimately be done in a custom function, but as I said, it
> could be prototyped via an inline template.
>
>
>
>> I'm currently using the custom fact to print the production LAN ip
>> address in /etc/motd .
>> It usually returns the correct value. But in some cases the "puppet agent
>> -t" command changes the file in a *different* way than "service puppet
>> restart" does. Any idea?
>>
>>
>
> If performing a catalog run via "puppet agent -t" exhibits inconsistent
> behavior then I have trouble believing that forcing one via "service puppet
> restart" is always consistent. Do note, by the way, that the latter is a
> rather rough way to force a catalog run -- if the agent is running in
> daemon mode then you can trigger an immediate catalog run by sending it
> SIGUSR1.
>
> Perhaps your interfaces are going up and down. If the key interface
> happens to be down when Facter runs then its IP address probably will not
> be reported by ifconfig, so you might not see any of the subnets you're
> looking for.
>
>
>
>> Another question:
>>
>> I want my custom fact to do something like this:
>> if the "Resolution.exec" returns 0 (nothing) then ip_prodlan should use
>> the value of the fact "$ipaddress".
>> Is it possible to do something like this?
>>
>>
>
> Probably, but don't. Perform this sort of test and data selection in your
> manifests, not in Facter.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/b3166eb0-3fc2-4688-ac78-ad5ff5dd6c4e%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOQMBgyaALZT6FSpq2OCqgsqRTnv4eDvZryg0JEYWrgX2Nf_wg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: external facts cause puppet apply to take inordinately longer to run
Any ideas anyone? [vagrant@fisheye-10-0-2-15 ~]$ facter --version 1.7.3 [vagrant@fisheye-10-0-2-15 ~]$ puppet --version 3.3.2 On Thursday, November 28, 2013 12:17:44 AM UTC-5, Glenn Poston wrote: > > My external fact script takes 5s to run. > > With external fact... > puppet takes 2.5m to run > facter takes 33s to run > > Without external fact... > puppet takes 27s to run > facter takes 0.68s > > Bottom line... there's no significant change in facter runtime when > parsing the external fact, but the puppet runtime quadruples. > > From watching the logs in real time I can see that the extra time is taken > before puppet outputs its first response line (compilation time). Also > note that the compilation time that puppet reports is ~2s even though (when > watching the output realtime) it takes 2 minutes for that line to return > when puppet is parsing the external fact script. > > Note: This script generates 36 custom facts > > Should I submit a bug for this? > > #Time of external fact script > [root@fisheye-10-0-2-15 manifests]# time > /etc/facter/facts.d/service_discovery.sh > environment=test > ... > service_discovery_script=ran > > real 0m5.478s > user 0m0.053s > sys 0m0.111s > > # Time of puppet run with external fact > [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' > FACTER_role='fisheye' puppet apply --modulepath > '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.ppNotice: Compiled > catalog for fisheye-10-0-2-15.inin.com in environment production in 2.22 > seconds > Notice: Finished catalog run in 30.76 seconds > > real 2m25.856s > user 0m5.124s > sys 0m3.830s > > #Time of facter with external fact > [root@fisheye-10-0-2-15 manifests]# time facter > analyticsapisegmentindexconsusmerwaittimeseconds => 1 > architecture => x86_64 > ... > uptime_hours => 0 > uptime_seconds => 2529 > > real 0m33.587s > user 0m0.658s > sys 0m0.849s > > #Removing external fact script > [root@fisheye-10-0-2-15 manifests]# rm > /etc/facter/facts.d/service_discovery.sh > rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y > [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ > > #Time of puppet run without external fact script > [root@fisheye-10-0-2-15 manifests]# time FACTER_environment='vagrant' > FACTER_role='fisheye' puppet apply --modulepath > '/etc/puppet/modules:/tmp/vagrant-puppet/modules-0' site.pp > Notice: Compiled catalog for fisheye-10-0-2-15.inin.com in environment > production in 2.06 seconds > Notice: > /Stage[main]/System::Facts/Facter::Fact[service_discovery]/File[/etc/facter/facts.d/service_discovery.sh]/ensure: > > created > Notice: Finished catalog run in 23.22 seconds > > real 0m27.550s > user 0m4.408s > sys 0m2.292s > > # Removing script again (cuz puppet run put it back) > [root@fisheye-10-0-2-15 manifests]# rm > /etc/facter/facts.d/service_discovery.sh > rm: remove regular file `/etc/facter/facts.d/service_discovery.sh'? y > [root@fisheye-10-0-2-15 manifests]# ls /etc/facter/facts.d/ > > #Time of facter run without external script > [root@fisheye-10-0-2-15 manifests]# time facter > architecture => x86_64 > augeasversion => 0.9.0 > ... > virtual => virtualbox > > real 0m0.687s > user 0m0.324s > sys 0m0.287s > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/76d164e0-5826-4b2e-89b7-bbd00f12c6e2%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: [windows server 2008 r2] puppet errors in 3.3.0 on exchange database servers
That worked. Thank you :) On Tuesday, December 3, 2013 1:57:52 AM UTC+5:30, Rob Reynolds wrote: > > This change would need to get applied to the node (the agent box). > Apologies I missed where you said you made the change to the puppet master > and not the node. > > Most likely that will be at C:\Program Files (x86)\Puppet > Labs\Puppet\facter\lib\facter\util\ip\windows.rb (your path may be slightly > different). > > > On Mon, Dec 2, 2013 at 1:51 PM, Arvind P R > > wrote: > >> Thanks for your prompt answer. >> >> I ran this on the windows (Hyper-V) node which is running MSCS cluster. >> Microsoft Windows [Version 6.3.9600] >> (c) 2013 Microsoft Corporation. All rights reserved. >> >> C:\Users\administrator.A1000>facter --trace --debug >> ←[0;32mNot an EC2 host←[0m >> C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/facter/util/ip.r >> b:39:in `alphafy': undefined method `gsub' for nil:NilClass >> (NoMethodError) >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/interfaces.rb:35:in `block (2 levels) in ' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/interfaces.rb:34:in `each' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/interfaces.rb:34:in `block in ' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/interfaces.rb:29:in `each' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/interfaces.rb:29:in `' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:95:in `load' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:95:in `load_file' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:46:in `block (2 levels) in load_all' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:41:in `each' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:41:in `block in load_all' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:38:in `each' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/loader.rb:38:in `load_all' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/util/collection.rb:114:in `load_all' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter.rb:118:in `block (2 levels) in singletonclass' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/lib/fac >> ter/application.rb:45:in `run' >> from C:/Program Files (x86)/Puppet Labs/Puppet >> Enterprise/facter/bin/fac >> ter:16:in `' >> >> >> Thanks, >> Arvind >> >> On Tuesday, December 3, 2013 1:17:29 AM UTC+5:30, Rob Reynolds wrote: >>> >>> >>> >>> >>> On Mon, Dec 2, 2013 at 12:31 PM, Arvind P R wrote: >>> Hello, I am a new user. My pupet is running on CentOS and I am facing the same issue on my windows 2012 box. Can you please tell me where I should be running this? on the puppetmaster server or agent? I didnt make the changes to the windows.rb file but I still face the same issue. [root@puppet-server-new ~]# find / -name windows.rb /opt/puppet/libexec/mcollective/mcollective/util/ puppet_agent_mgr/v3/windows.rb /opt/puppet/libexec/mcollective/mcollective/util/ puppet_agent_mgr/v2/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/file/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/service/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/exec/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/provider/package/windows.rb /opt/puppet/lib/ruby/site_ruby/1.9.1/facter/util/ip/windows.rb /opt/puppet/share/puppet/modules/reboot/lib/puppet/ provider/reboot/windows.rb /opt/puppet/share/puppet/modules/pe_common/lib/facter/windows.rb /opt/puppet/share/puppet/modules/pe_mcollective/files/ plugins/util/puppet_agent_mgr/v3/windows.rb /opt/puppet/share/puppet/modules/pe_mcollective/files/ plugins/util/puppet_agent_mgr/v2/windows.rb /opt/puppet/share/vendor/ruby/1.9.1/gems/sass-3.2.9/vendor/ listen/lib/listen/adapters/windows.rb /root/facter-1.7.3/lib/facter/util/ip/windows.rb /var/opt/lib/pe-puppet/lib/puppet/provider/reboot/windows.rb /var/opt/lib/pe-puppet/lib/facter/windows.rb /usr/lib/ruby/site_ruby/1.8/facter/util/ip/windows.rb I see a bunch of windows.rb files. I made the changes to the below one on puppet
[Puppet Users] Local group member management module posted to the forge.
Puppet Users, This is just a note that I've published a module to the forge that allows for the management of local group membership on Linux systems. No modifications are needed for your calls to the native group type, you simply need to add an array of members as per the type documentation. http://forge.puppetlabs.com/onyxpoint/gpasswd/0.1.0 Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUXyobqZpkku-EOJfXWTEM8HwM-YOGvQ_SmmLrS7SOMOw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
under [master] tag I have: reports = store, http reporturl = http://puppetsrv:80/reports On Monday, December 2, 2013 7:18:40 PM UTC+2, kaustubh chaudhari wrote: > > what are you [master] setting in puppet.conf what is the 'report = ' > configured for ? > > -Kaustubh > > On Monday, December 2, 2013 9:46:49 AM UTC-5, shlo@gmail.com wrote: >> >> I continue with the instruction of configure Dashboard. >> First, I dont see a list of nodes I have, Do I need to add them manually >> to Dashboard or it should came up automatically? >> >> I tried to set "Importing exiting reports" : >> I dont have /var/puppet/lib/reports, how can I know where my report exist >> so I can run the command >> 'rake RAILS_ENV=production reports:migrate' successfully? >> >> I also tried to set 'Live report aggregation'. >> >> As a result I have no reports in Dashboard. How can I see the reports? >> Any help welcome. >> >> On Monday, December 2, 2013 3:26:58 PM UTC+2, shlo@gmail.com wrote: >>> >>> Thanks, I test it today and now both work. >>> >>> >>> >>> On Thursday, November 28, 2013 10:42:54 AM UTC+2, Felix.Frank wrote: Hi, actually, I believe both puppetmaster and dashboard use passenger. The idea behind apache's virtual hosts is that you can have independent sets of configuration applied to different ports, or different IP addresses available on the same server. What you need to do is adding *both* blocks to your apache config. What platform is this? On Debian-likes, those go in /etc/apache2/sites-available (with symlinks in sites-enabled/), for RedHat-ish systems the structure in /etc/apache2 is slightly different, but it should be easy to find. HTH, Felix On 11/27/2013 10:51 AM, shlo@gmail.com wrote: > How can I merge between the 2 virtual host to make Passenger work with > Dashboard? > Any help is welcome. > Thanks. >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/71bea937-afba-411b-b91e-473453289bab%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Agent does not connect to master after installing Dashboard
I guess its http//pupetsrv/reports/uploads == http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#using-dashboard-for-reports == Also if you are using http, you dont need to specify port 80, one more thing, have you configured all your agent to report ? report = true -Kaustubh On Tuesday, December 3, 2013 1:16:25 AM UTC-5, shlo@gmail.com wrote: > > under [master] tag I have: > reports = store, http > reporturl = http://puppetsrv:80/reports > > On Monday, December 2, 2013 7:18:40 PM UTC+2, kaustubh chaudhari wrote: >> >> what are you [master] setting in puppet.conf what is the 'report = ' >> configured for ? >> >> -Kaustubh >> >> On Monday, December 2, 2013 9:46:49 AM UTC-5, shlo@gmail.com wrote: >>> >>> I continue with the instruction of configure Dashboard. >>> First, I dont see a list of nodes I have, Do I need to add them manually >>> to Dashboard or it should came up automatically? >>> >>> I tried to set "Importing exiting reports" : >>> I dont have /var/puppet/lib/reports, how can I know where my report >>> exist so I can run the command >>> 'rake RAILS_ENV=production reports:migrate' successfully? >>> >>> I also tried to set 'Live report aggregation'. >>> >>> As a result I have no reports in Dashboard. How can I see the reports? >>> Any help welcome. >>> >>> On Monday, December 2, 2013 3:26:58 PM UTC+2, shlo@gmail.com wrote: Thanks, I test it today and now both work. On Thursday, November 28, 2013 10:42:54 AM UTC+2, Felix.Frank wrote: > > Hi, > > actually, I believe both puppetmaster and dashboard use passenger. > > The idea behind apache's virtual hosts is that you can have > independent > sets of configuration applied to different ports, or different IP > addresses available on the same server. > > What you need to do is adding *both* blocks to your > apache > config. > > What platform is this? On Debian-likes, those go in > /etc/apache2/sites-available (with symlinks in sites-enabled/), for > RedHat-ish systems the structure in /etc/apache2 is slightly > different, > but it should be easy to find. > > HTH, > Felix > > On 11/27/2013 10:51 AM, shlo@gmail.com wrote: > > How can I merge between the 2 virtual host to make Passenger work > with > > Dashboard? > > Any help is welcome. > > Thanks. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ed1266b5-86f9-4eb1-afc0-8cb7fe34dcda%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
