Re: [Puppet Users] using puppet device
Hi, On 11-12-2013 10:51:08, Dan Bode wrote: Hi all, I had a bit of time to research the existing device code to see if I can use it for an integration with two specific use cases: 1. discovery/inventory - access hardware inventory and store it somewhere where it can be retrieved. So far, device supports this use case. - specify a list of device endpoints in device.conf - run puppet device to get their facts to serve as inventory (although puppet device looks like it gets facts and requests catalogs, I will probably call the facts method directly to just get the facts) - have the front end query these facts from PuppetDB 2. management - manage the process of bringing up a cluster from scratch This is the use case where puppet device is problematic. In this use case, an external system needs to specify how a collection of resources should be configured. The types of these resources are heterogeneous, for example: - Server - Storage - Network - add Port - create server These hardware configuration rules (and their dependencies) map pretty cleanly to the Puppet DSL and the Resource/Graph model. Where a manifests represents multiple devices and multiple endpoints. I had the following issues with puppet device for this use case: 1. It iterates through the endpoints and configures them one at a time This is probably the biggest barrier. I need to keep track of a collection of resources that target multiple endpoints and apply them in a certain order. Looking at the device code it seems to just iterate through the endpoints in device.conf and configure them one at a time. I currently use a simple solution to work around this problem where i create the device.conf through an external process on the fly and specify my devices and there dependencys in a yaml file, run them in order and just check the exit code. it looks something like this: --- defaults: scheme: sshios port: 22 userinfo: foo:bar query: crypt=true cmd: /usr/bin/puppet device --verbose --environment=network --detailed-exit-codes --deviceconfig={{DEVCFG}} || [ $? -eq 2 ] devices: dc1: sw-dc1-01.foo.bar: deps: - * sw-dc1-02.foo.bar: sw-dc1-03.foo.bar: deps: - sw-dc1-02.foo.bar str-dc1-01.foo.bar: scheme: netapp deps: - sw-dc1-01.foo.bar I spent some time thinking about the current device command and how I might use it to configure workflows across multiple endpoints. - on the puppet master, keep a queue (or list) for each endpoint that needs to be configured - have an external process (the dispatcher) that keeps track of the configuration that needs to be applied (along with their endpoints) and stores the resources that represent that configuration into the correct queue for it's endpoint. - have an ENC that checks the certname of a device when it checks in, maps it to a queue, and clears all entries for a queue (for it to apply) - If the dispatcher keeps track of all of the resources that it put onto which queue, it can track the report for those devices to know when it's entire job is completed. The above explanation is the best way I could think of to use the existing device, but it is cumbersome enough that it warrants not using the device model. 2. it does not allow for the specification of dependencies between multiple device endpoints. It only allows for certain endpoints to be processed in a certain order. This is pretty much the same as #1, but worth mentioning separately. 3. It invents its own command line for doing things (it does not cleanly operate with puppet resource, puppet apply, puppet agent with represents a major loss of functionality) 4. Management of device.conf The existence of device.conf creates its own management issues. You need to assign a single node to a single device, you have to manage the process for getting the credentials to that device, you have to figure out how many devices/which devices go to which nodes as you scale out to a large number of device endpoints. *Solution:* The transport model (as created by Nan Liu) seems to get around the issues mentioned above and would allow a pretty clean integration path. For folks not familiar with the transport model. It uses regular types and providers that accept a parameter called transport that can be used to indicate that it should be applied against some remote endpoint. For example: Transport { 'ssh': url = some_url password = 'some_password' } port { transport = Transport[ssh] } This will work perfectly for my use case. Can you point me to a thread where this was discussed ? I can only see an advantage of the purposed model for certain situations / device types but not for the traditional use case. Thanks, Markus -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Hi, please be aware that puppetagent.yourdomain is a contrived example. Try node puppetagent.weizmann.ac.il or just node puppetagent. HTH, Felix On 12/12/2013 07:35 AM, shlo.af...@gmail.com wrote: I tried it and now I get: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'puppetagent.weizmann.ac.il, puppetagent.weizmann.ac, puppetagent.weizmann, puppetagent' on node puppetagent.weizmann.ac.il ... node puppetagent.yourdomain { include sendmail } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97A05.3080708%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Can't seem to get modulepath attribute recognized by puppetmasterd
Yes. The agent does default to environment=production if not specified otherwise. Your [production] should match your [main] wrt. modulepath etc. HTH, Felix On 12/11/2013 09:59 PM, John Pyeatt wrote: Could it be because my puppet.conf has a [production], [test] and [development] environment with a modulepath= for each one? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97A8E.2000308%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Hi, When I write the name of the agent explicitly : node puppetagent.yourdomain { include sendmail } it's work. I get the mention error when I try to use the facter and use $hostname in my manifest file node.pp Thanks a lot. On Thursday, December 12, 2013 10:55:33 AM UTC+2, Felix.Frank wrote: Hi, please be aware that puppetagent.yourdomain is a contrived example. Try node puppetagent.weizmann.ac.il or just node puppetagent. HTH, Felix On 12/12/2013 07:35 AM, shlo@gmail.com javascript: wrote: I tried it and now I get: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'puppetagent.weizmann.ac.il, puppetagent.weizmann.ac, puppetagent.weizmann, puppetagent' on node puppetagent.weizmann.ac.il ... node puppetagent.yourdomain { include sendmail } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/faba0522-69bf-438d-ac69-22e80be059b1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Pattern question for providers
On 12/09/2013 06:12 PM, Jeff Bachtel wrote: When creating a provider that uses a command not in PATH, what is the best-practice pattern for case'ing out different potential locations? As an example, the puppetlabs rabbitmq pupmod has a rabbitmqplugins provider that falls down on CentOS using the rabbitmq upstream package due to rabbitmq-plugins being in /usr/lib/rabbitmq/bin As an initial thought, would it be feasible to alter the PATH for the whole agent process, right from the provider code? As an aside (I don't know how often Puppet devs read this list), could the Puppet::Util::which method perhaps be extended to add a non-user PATH-like variable to the path search string? Something like PUPPET_PROVIDER_PATH, if it exists, being concatenated before PATH. I could then configure the system environment on weird hosts to provide that variable for puppet without mucking with user/system PATH. Right, you may want to repost this question to the puppet-dev group. Regards, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97DEC.5060309%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
This is getting confusing. Please share what your nodes.pp looks like now and what error that yields. Thanks, Felix On 12/12/2013 10:09 AM, shlo.af...@gmail.com wrote: I get the mention error when I try to use the facter and use $hostname in my manifest file node.pp -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97E4E.2030307%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Need help in addressing this error - ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
Hi , I am new to this puppet. I am implementing a network where my cisco switch will contact the puppet server for getting the configuration. I tried installing open source puppet and was successful in pushing down the configurations. I wanted then to try the same exercise with puppet enterprise 3.1. I installed puppet enterprise in a different server and changed my puppet agent (switch) to reflect this new server as the puppet master. I have autosign.conf created under /etc/puppet-labs/puppet/ with the entry *.domain_name.com. I have site.pp and other files specific for cisco device as I had in previous exercise(open source puppet). When I initiaite the puppet master using the command puppet master -d --no-daemonize I see the following error in /var/log/pe-puppet/masterhttp.log, I did a websearch and tried all the options available, but still the error pops out continuously. Not sure if am missing anything. Could anyone please help me in addressing the below issue. Appreciate your inputs on the same. [2013-12-12 08:55:39] INFO WEBrick 1.3.1 [2013-12-12 08:55:39] INFO ruby 1.9.3 (2013-06-27) [x86_64-linux] [2013-12-12 08:55:39] DEBUG TCPServer.new(0.0.0.0, 8140) [2013-12-12 08:55:39] INFO Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Puppet CA generated on savbu-razor-server.cisco.com at 2013-12-10 05:05:10 -0800 Validity Not Before: Dec 11 16:55:39 2013 GMT Not After : Dec 11 16:55:39 2018 GMT Subject: CN=10.193.174.38 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:c2:a9:e2:8b:17:21:ca:65:65:9b:d2:76:0c:06: d9:aa:4c:6c:df:55:45:7a:34:5a:a6:ab:af:7a:cc: 5d:a7:23:3e:66:61:9d:70:cf:4b:2c:d0:7f:dd:3a: a6:95:ee:83:39:5d:ee:1b:f1:1c:29:71:68:dc:37: c5:e7:c9:d0:cc:05:22:2c:c7:a9:18:10:ff:2b:1f: 76:43:96:64:44:9d:79:9d:8b:81:2d:da:d7:5b:25: 10:cc:4c:c3:93:7e:83:08:19:41:fe:93:a7:c0:8f: 60:bc:aa:f9:5d:3d:f1:95:8e:73:38:ac:64:71:46: 67:88:83:34:a2:9e:a1:6e:4b:27:ce:94:27:82:b4: c9:0c:fc:a7:4f:93:d5:20:f6:4a:14:68:87:d8:8e: 8c:1b:5c:47:06:e2:b6:f4:37:d2:60:f7:e3:d7:bf: e0:21:b2:a7:10:1b:92:1b:4f:ef:cc:f1:dc:f8:57: 29:81:09:06:b1:00:aa:e5:76:23:12:6f:10:b3:63: 8a:8c:2b:08:46:10:66:e5:4a:3a:ab:b4:b9:4c:67: 5f:9e:01:46:45:dd:19:bf:c1:ad:1a:c3:19:3a:a5: 0d:28:96:41:9b:67:16:7e:98:92:ec:46:86:ee:e1: 07:87:62:56:32:7f:05:f6:89:c6:b1:e4:85:7e:52: 10:4e:b6:fd:11:e3:74:dd:4e:48:90:11:9a:aa:95: 59:92:9a:88:a5:99:45:00:82:68:c7:93:fb:5f:13: 04:1d:75:87:4d:f7:97:62:08:ce:5d:19:ee:6f:71: d2:cf:f9:46:4e:a2:8e:3b:a7:00:55:2c:e2:0e:ee: 56:d7:62:8f:9b:d8:20:6f:f7:e4:8c:f9:69:6c:d5: b5:9f:53:68:ed:d8:85:0a:1f:4d:41:36:2b:9c:a3: 81:b0:77:78:8e:6e:47:c2:6e:00:ca:4d:f9:32:1e: 0f:98:8a:14:0d:f7:dd:ed:55:06:ae:62:3d:73:0c: 35:23:be:a2:9a:69:84:2e:e5:5b:9c:ca:8f:f7:02: b9:1b:1a:e2:66:47:e2:7c:55:21:42:78:0e:dd:7e: 1a:cd:ad:6e:e1:f5:cc:42:b4:fd:cb:23:73:cf:58: 8d:ad:5a:b3:f1:f0:eb:fd:98:96:c0:54:c8:1a:64: 8a:a3:a1:e2:67:ca:dc:76:4a:cb:7b:e5:55:54:31: c1:6c:7b:03:16:cb:b1:d6:dd:10:1e:c8:e8:34:d1: 22:b8:33:95:72:6c:48:75:65:35:e8:6f:17:66:7b: 34:10:d8:b8:2b:8c:ef:70:68:b3:62:b3:62:ac:30: 21:74:49:c6:c1:34:9c:ac:be:e8:da:04:79:e9:d7: 60:44:a7 Exponent: 65537 (0x10001) X509v3 extensions: Netscape Comment: Puppet Ruby/OpenSSL Internal Certificate X509v3 Subject Alternative Name: DNS:10.193.174.38, DNS:puppet, DNS:puppet.cisco.com, DNS:savbu-razor-server.cisco.com X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: critical TLS Web Server Authentication, TLS Web Client Authentication X509v3 Basic Constraints: critical CA:FALSE X509v3 Subject Key Identifier: 5B:08:3C:EA:AE:04:4E:A5:DF:FB:8A:77:73:F8:04:31:76:DD:F1:E4 Signature Algorithm: sha256WithRSAEncryption d0:94:b2:9d:8f:06:db:2c:57:92:a8:d6:2c:e8:26:bd:7e:38: ac:ea:79:38:13:f4:02:0b:23:5b:1d:44:8d:75:a8:87:69:57: 03:83:cf:1c:a9:1b:9c:60:78:80:74:56:68:3d:9d:11:14:7d:
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Hi, 1. When I have in node.pp: case $hostname { 'puppetagent': {include sendmail} } I got the error: *Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il/, * *puppetagent.weizmann.ac http://puppetagent.weizmann.ac/, puppetagent.weizmann, puppetagent' on node puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il/* 2. When I have: node puppetagent.weizmann.ac.il { include sendmail } *it's work okay.* 3. I also don't have the 'Inventory' section in Dashboard and I have only the error: *Could not retrieve facts from inventory service: 403 Forbidden* under the 'Inventory' title. Thank you for your promptly answer. On Thursday, December 12, 2013 11:13:50 AM UTC+2, Felix.Frank wrote: This is getting confusing. Please share what your nodes.pp looks like now and what error that yields. Thanks, Felix On 12/12/2013 10:09 AM, shlo@gmail.com javascript: wrote: I get the mention error when I try to use the facter and use $hostname in my manifest file node.pp -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d39eed6d-a1b6-40d7-ac76-30040c992090%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Ah, OK, you lack a default node. The puppet master expects to find some node, a simple workaround could be 'node default {}' anywhere in site.pp or node.pp. But, as Jeff pointed out - don't do that, there is no reason to prefer the silly-ish case pattern in this context. As gor the 403 error wrt. the inventory service - that may be an auth.conf issue. Does the dashboard keep an error log or log of any sort? Try looking in its rack home. You may get a clue what the specific request is that is getting blocked. HTH, Felix On 12/12/2013 10:33 AM, shlo.af...@gmail.com wrote: 1. When I have in node.pp: case $hostname { 'puppetagent': {include sendmail} } I got the error: /Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il/, / /puppetagent.weizmann.ac http://puppetagent.weizmann.ac/, puppetagent.weizmann, puppetagent' on node puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il// -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A9878C.1090104%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Hi, I add 'node default {}'. Now I don't get any errors but it don't execute the case $hostname { 'puppetagent': {include sendmail} } Puppet don't use the value in $hostname. I understood that it's not recommended way to use $hostname as variable, but it should work. Am I right? About the Dashboard, I use Puppet with Passenger. In /etc/httpd/logs/error_logs I have a lot of (I think each time Dashboard refreshed) warning: [ 2013-12-12 12:34:30.0426 24489/7f1dac713700 Pool2/Implementation.cpp:1291 ]: [App 29486 stderr] warning: peer certificate won't be verified in this SSL session [ 2013-12-12 12:34:30.0427 24489/7f1dac713700 Pool2/Implementation.cpp:1280 ]: [App 29486 stderr] I don't know how to find the ruby logs. *Thanks a lot.* On Thursday, December 12, 2013 11:53:16 AM UTC+2, Felix.Frank wrote: Ah, OK, you lack a default node. The puppet master expects to find some node, a simple workaround could be 'node default {}' anywhere in site.pp or node.pp. But, as Jeff pointed out - don't do that, there is no reason to prefer the silly-ish case pattern in this context. As gor the 403 error wrt. the inventory service - that may be an auth.conf issue. Does the dashboard keep an error log or log of any sort? Try looking in its rack home. You may get a clue what the specific request is that is getting blocked. HTH, Felix On 12/12/2013 10:33 AM, shlo@gmail.com javascript: wrote: 1. When I have in node.pp: case $hostname { 'puppetagent': {include sendmail} } I got the error: /Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find default node or by name with 'puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il/, / /puppetagent.weizmann.ac http://puppetagent.weizmann.ac/, puppetagent.weizmann, puppetagent' on node puppetagent.weizmann.ac.il http://puppetagent.weizmann.ac.il// -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2c698472-acef-49ac-9f7c-7ea4099aa566%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
On 12/12/2013 11:42 AM, shlo.af...@gmail.com wrote: case $hostname { 'puppetagent': {include sendmail} } Puppet don't use the value in $hostname. Is this in the top scope, i.e. not inside a class {}, node {} or define {} block? About the Dashboard, I use Puppet with Passenger. In /etc/httpd/logs/error_logs I have a lot of (I think each time Dashboard refreshed) warning: [ 2013-12-12 12:34:30.0426 24489/7f1dac713700 Pool2/Implementation.cpp:1291 ]: [App 29486 stderr] warning: peer certificate won't be verified in this SSL session This looks weird. Implementation.cpp? Is dashboard written in C++, or am I misreading this? This may not be related to your issues at all. How and where did you install dashboard? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A993DD.1080207%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
In the end of the file I add : node default { } Thanks again On Thursday, December 12, 2013 12:45:49 PM UTC+2, Felix.Frank wrote: On 12/12/2013 11:42 AM, shlo@gmail.com javascript: wrote: case $hostname { 'puppetagent': {include sendmail} } Puppet don't use the value in $hostname. Is this in the top scope, i.e. not inside a class {}, node {} or define {} block? About the Dashboard, I use Puppet with Passenger. In /etc/httpd/logs/error_logs I have a lot of (I think each time Dashboard refreshed) warning: [ 2013-12-12 12:34:30.0426 24489/7f1dac713700 Pool2/Implementation.cpp:1291 ]: [App 29486 stderr] warning: peer certificate won't be verified in this SSL session This looks weird. Implementation.cpp? Is dashboard written in C++, or am I misreading this? This may not be related to your issues at all. How and where did you install dashboard? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cb28cbd1-8b57-4ec3-8335-b7ef20d4fd37%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Cannot see Inventory in Dashboard failed to use facer variable in manifest
Sorry I had a spelling mistake in the hostname. Now the manifest file work okay with the $hostname variable. I left with the problem with Dashboard that don't give me the 'Inventory' details. Sorry Thanks again for the promptly answers. On Thursday, December 12, 2013 1:59:52 PM UTC+2, shlo@gmail.com wrote: In the end of the file I add : node default { } Thanks again On Thursday, December 12, 2013 12:45:49 PM UTC+2, Felix.Frank wrote: On 12/12/2013 11:42 AM, shlo@gmail.com wrote: case $hostname { 'puppetagent': {include sendmail} } Puppet don't use the value in $hostname. Is this in the top scope, i.e. not inside a class {}, node {} or define {} block? About the Dashboard, I use Puppet with Passenger. In /etc/httpd/logs/error_logs I have a lot of (I think each time Dashboard refreshed) warning: [ 2013-12-12 12:34:30.0426 24489/7f1dac713700 Pool2/Implementation.cpp:1291 ]: [App 29486 stderr] warning: peer certificate won't be verified in this SSL session This looks weird. Implementation.cpp? Is dashboard written in C++, or am I misreading this? This may not be related to your issues at all. How and where did you install dashboard? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9b74c4de-3354-4abd-a3d9-904901860ef4%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: using multiple facter values with hiera
On Wednesday, December 11, 2013 11:03:33 PM UTC-6, William Leese wrote: Facter was designed before hiera. It serves a larger purpose than just usage as hiera hierarchy conditionals. I get that. Do I understand correctly that your custom fact which spits out a list of server types returns more than 1 item in a comma separated list like the filesystems example you provided? Exactly. I used the filesystems example for simplicity (you can try it without setting up a custom fact), and because it has exactly the same behavior as my target fact. Looking at the nature of this custom fact would it not be better if it provided a single 'server type'? If this is impossible, you could split the fact into X facts and (servertype1,servertype2 and servertype3) which could then be used nicely in hiera. To make this work in hiera I'd need a hierarchy like: - groups/%{servertype1} - groups/%{servertype2} - groups/%{servertype3} It's clunky, but the more I think about it, the more I think that's the only way to do this. I just realized that hiera doesn't have any way to iterate over the list handed to it from facter. So if my servertype fact is equal to git,ntp,ldap (for example), then I can't expect hiera to do a lookup with the fact servertype set to git, then another lookup with the fact servertype set to ntp, etc. I think it's reasonable to *want* this behavior, but it's not what it does (for now, at least). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/408ffd33-88c2-424c-b80d-4c462fd5185b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: storeconfigs errors and other beginner questions
On Wednesday, December 11, 2013 2:31:06 PM UTC-6, Pierre-Andre Malbrough wrote: Hey guys, Im new to puppet and running into challenges getting a puppet module installed. so I've installed a module (puppet-ossechttps://github.com/nzin/puppet-ossec), and I want to install it on my host. I attempted a puppet apply test/init.pp the init.pp has: include puppet-ossec::server on a single line in the file. There is a server.pp file in the manifests directory of the module. I get a storedconfigs error: You cannot collect exported resources without storeconfigs being set; the collection will be ignored on line 153 in file /usr/share/puppet/configuration/current/modules/puppet-ossec/manifests/server.pp More distubingly it says: Error: Could not find class puppet-ossec::server I tried using ossec::server as well and that doesnt work. What am I missing? You are missing at least two things: 1. The intended module name is just ossec. The puppet- prefix should be removed from the module directory when you install it. That's more or less conventional with puppet modules, except that the prefix normally indicates the source of the module (i.e. something like nzin-), not the target (puppet-). 2. Although the module's documentation says nothing about it, the module depends on storeconfigs to be configured in Puppet. Thus, to install the module, you unpack it and move its top-level directory into your module path, renaming it to plain ossec in the process. That should resolve the Could not find class errors. For it to be usable to you, however, you will also need to configure storeconfigs. That will enable nodes to provide information about themselves to other nodes, which the module apparently relies on them to do. Furthermore, given the module's use of storeconfigs, I think applying any of its classes via puppet apply is questionable. I haven't studied the module enough to reliably evaluate it, but it appears to be designed with Puppet master/agent mode in mind. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2575f39f-540e-4f35-b167-e3ae44dd5f8f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] pupplet-labs/firewall module errors
I'm getting the same error. Any progress on this? Thanks, Tomas On Tuesday, 5 November 2013 21:42:26 UTC+1, James Loosli wrote: I'm getting this same error, but for me it shows up from a basic puppet resource firewall; root@drawer:/etc/puppet/environments/development/modules# puppet resource firewall Error: Could not run: Invalid address from IPAddr.new: ! root@drawer:/etc/puppet/environments/development/modules# irb irb(main):001:0 require 'ipaddr' = true irb(main):002:0 IPAddr.new = #IPAddr: IPv6::::::::/::::::: My ip config; root@drawer:/etc/puppet/environments/development/modules# ip addr 1: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:a7:98:79 brd ff:ff:ff:ff:ff:ff inet 208.115.208.242/29 brd 208.115.208.247 scope global eth0 inet6 fe80::225:90ff:fea7:9879/64 scope link valid_lft forever preferred_lft forever 3: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:a7:98:78 brd ff:ff:ff:ff:ff:ff inet 10.4.16.194/30 brd 10.4.16.195 scope global eth1 inet6 fe80::225:90ff:fea7:9878/64 scope link valid_lft forever preferred_lft forever On Thursday, August 29, 2013 5:34:34 AM UTC-7, Ashley Penney wrote: On Thu, Aug 29, 2013 at 12:57 AM, Amol Kedar ajk...@gmail.com wrote: i see this error on the daemon.log of the agent machine Aug 28 17:11:07 dev2-db puppet-agent[5154]: (/Stage[main]//Node[dev2-db]/Resources[firewall]) Failed to generate additional resources using 'generate': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: !Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[000 accept all icmp]) Could not evaluate: Invalid address from IPAddr.new: ! Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[001 accept all to lo interface]) Skipping because of failed dependencies Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[002 accept related established rules]) Skipping because of failed dependencies Aug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Dependency Firewall[000 accept all icmp] has failures: trueAug 28 17:11:08 dev2-db puppet-agent[5154]: (/Firewall[999 drop all]) Skipping because of failed dependenciesAug 28 17:11:08 dev2-db puppet-agent[5154]: Finished catalog run in 1.19 seconds if anyone has any prior experience with this, please let me know I haven't seen this before but - can you show me a full iptables from an existing client, a full ifconfig, and maybe even the result of: $ irb irb(main):002:0 require 'ipaddr' = true irb(main):003:0 IPAddr.new = #IPAddr: IPv6::::::::/::::::: That's what I get for a plain call to IPAddr.new, I'm wondering what you're getting. -- Ashley Penney ashley...@puppetlabs.com Module Engineer *Join us at PuppetConf 2014, September 23-24 in San Francisco* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e1fa4f9d-cbae-45c3-8c84-2481169a0422%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] puppet nagios module integration
Hi all, I am pretty much confused regarding nagios integration with puppet, I have some question: 1) Do we need to install nagios separately. 2) Can we manage nagios through puppet UI. Some instructions to proper integration of nagios with puppet will be helpful. Thanks in advance, Esshan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e5f76a47-638e-4caf-9e5d-cd2595028147%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Need help in addressing this error - ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
On Thursday, December 12, 2013 3:14:09 AM UTC-6, Dhanarajan Ponnurangam wrote: Hi , I am new to this puppet. I am implementing a network where my cisco switch will contact the puppet server for getting the configuration. I tried installing open source puppet and was successful in pushing down the configurations. I wanted then to try the same exercise with puppet enterprise 3.1. I installed puppet enterprise in a different server and changed my puppet agent (switch) to reflect this new server as the puppet master. I have autosign.conf created under /etc/puppet-labs/puppet/ with the entry *.domain_name.com. I have site.pp and other files specific for cisco device as I had in previous exercise(open source puppet). When I initiaite the puppet master using the command puppet master -d --no-daemonize I see the following error in /var/log/pe-puppet/masterhttp.log, The agent created a certificate when it first ran, and requested that the original master -- which by default serves as CA -- to sign it. When you point that agent at a different master that, like the first, serves as its own CA, the agent continues to use its existing certificate. The new master does not recognize the original one as a trusted CA, however, so it rejects the agent's certificate. If necessary, it is possible to configure your masters to use a central CA instead of each serving as its own. If something like that is not done, however, then you need to clean out agents' certificates when you transfer them between masters. To do so, simply delete the client's entire puppet SSL directory, typically located at /var/lib/puppet/ssl. (But not on your master!) You will typically then also want to revoke the client's certificate and delete it from the original master (puppet cert clean certname for Puppet OS), though it's not strictly necessary to do so. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1ce004ab-b30d-421a-bb9a-ab674b55f6bc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] recursive descent
On Wednesday, December 11, 2013 4:38:02 PM UTC-6, Stuart Cracraft wrote: http://christian.hofstaedtler.name/blog/2008/11/puppet-managing-directories-recursively.html Yes. Do you still have a question here, or does that blog post answer the question sufficiently for you? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fd378100-96aa-4fa6-8caf-54919a0f40e1%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet-dev] Re: [Puppet Users] using puppet device
On Thu, Dec 12, 2013 at 1:46 AM, Nan Liu nan@gmail.com wrote: On Wed, Dec 11, 2013 at 8:51 AM, Dan Bode bod...@gmail.com wrote: I had a bit of time to research the existing device code to see if I can use it for an integration with two specific use cases: I'm not sure what issues are still actively worked on, and I'm keeping an eye on the redmine migration to see what gets ported over. I've had onsite discussion with PL developers, and I would love to get more feedback and roadmap for devices v.s. transport. For now, I'm staying with transport resources. Comments below. 1. discovery/inventory - access hardware inventory and store it somewhere where it can be retrieved. So far, device supports this use case. - specify a list of device endpoints in device.conf - run puppet device to get their facts to serve as inventory (although puppet device looks like it gets facts and requests catalogs, I will probably call the facts method directly to just get the facts) - have the front end query these facts from PuppetDB puppet device facts are not really invoked via facter, and have some gotchas (such as symbol keys). They are tucked away in lib/puppet/util/network_devices/device_name/facts.rb. However since facter is not available for puppet device, the only win for device is inventory in puppetdb. The missing functionality can be implemented as a resource for transport solution which exports facts via puppet face. I can't think of a case where I need facts from a device to make a configuration decisions. Perhaps I'm just not far enough into it :) 2. management - manage the process of bringing up a cluster from scratch This is the use case where puppet device is problematic. In this use case, an external system needs to specify how a collection of resources should be configured. The types of these resources are heterogeneous, for example: - Server - Storage - Network - add Port - create server These hardware configuration rules (and their dependencies) map pretty cleanly to the Puppet DSL and the Resource/Graph model. Where a manifests represents multiple devices and multiple endpoints. This is one of the main reason I'm using transport since it expresses cross node dependency using the existing DSL. I had the following issues with puppet device for this use case: 1. It iterates through the endpoints and configures them one at a time This is probably the biggest barrier. I need to keep track of a collection of resources that target multiple endpoints and apply them in a certain order. Looking at the device code it seems to just iterate through the endpoints in device.conf and configure them one at a time. I spent some time thinking about the current device command and how I might use it to configure workflows across multiple endpoints. - on the puppet master, keep a queue (or list) for each endpoint that needs to be configured - have an external process (the dispatcher) that keeps track of the configuration that needs to be applied (along with their endpoints) and stores the resources that represent that configuration into the correct queue for it's endpoint. - have an ENC that checks the certname of a device when it checks in, maps it to a queue, and clears all entries for a queue (for it to apply) - If the dispatcher keeps track of all of the resources that it put onto which queue, it can track the report for those devices to know when it's entire job is completed. The above explanation is the best way I could think of to use the existing device, but it is cumbersome enough that it warrants not using the device model. 2. it does not allow for the specification of dependencies between multiple device endpoints. It only allows for certain endpoints to be processed in a certain order. This is pretty much the same as #1, but worth mentioning separately. 3. It invents its own command line for doing things (it does not cleanly operate with puppet resource, puppet apply, puppet agent with represents a major loss of functionality) 4. Management of device.conf The existence of device.conf creates its own management issues. You need to assign a single node to a single device, you have to manage the process for getting the credentials to that device, you have to figure out how many devices/which devices go to which nodes as you scale out to a large number of device endpoints. *Solution:* The transport model (as created by Nan Liu) seems to get around the issues mentioned above and would allow a pretty clean integration path. For folks not familiar with the transport model. It uses regular types and providers that accept a parameter called transport that can be used to indicate that it should be applied against some remote endpoint. For example: Transport { 'ssh': url = some_url password = 'some_password' } port { transport = Transport[ssh] } This will work perfectly for my use case. *The
Re: [Puppet Users] using puppet device
On Thu, Dec 12, 2013 at 2:08 AM, Markus Burger markus.bur...@uni-ak.ac.atwrote: Hi, On 11-12-2013 10:51:08, Dan Bode wrote: Hi all, I had a bit of time to research the existing device code to see if I can use it for an integration with two specific use cases: 1. discovery/inventory - access hardware inventory and store it somewhere where it can be retrieved. So far, device supports this use case. - specify a list of device endpoints in device.conf - run puppet device to get their facts to serve as inventory (although puppet device looks like it gets facts and requests catalogs, I will probably call the facts method directly to just get the facts) - have the front end query these facts from PuppetDB 2. management - manage the process of bringing up a cluster from scratch This is the use case where puppet device is problematic. In this use case, an external system needs to specify how a collection of resources should be configured. The types of these resources are heterogeneous, for example: - Server - Storage - Network - add Port - create server These hardware configuration rules (and their dependencies) map pretty cleanly to the Puppet DSL and the Resource/Graph model. Where a manifests represents multiple devices and multiple endpoints. I had the following issues with puppet device for this use case: 1. It iterates through the endpoints and configures them one at a time This is probably the biggest barrier. I need to keep track of a collection of resources that target multiple endpoints and apply them in a certain order. Looking at the device code it seems to just iterate through the endpoints in device.conf and configure them one at a time. I currently use a simple solution to work around this problem where i create the device.conf through an external process on the fly and specify my devices and there dependencys in a yaml file, run them in order and just check the exit code. it looks something like this: --- defaults: scheme: sshios port: 22 userinfo: foo:bar query: crypt=true cmd: /usr/bin/puppet device --verbose --environment=network --detailed-exit-codes --deviceconfig={{DEVCFG}} || [ $? -eq 2 ] devices: dc1: sw-dc1-01.foo.bar: deps: - * sw-dc1-02.foo.bar: sw-dc1-03.foo.bar: deps: - sw-dc1-02.foo.bar str-dc1-01.foo.bar: scheme: netapp deps: - sw-dc1-01.foo.bar Just to clarify, this is letting you specify the order in which resources are configured on your devices? This looks like it only allows you to specify order between types of things (and not between resources). It also looks like you are still grouping resources based on how a certain maps to a device? (so in this example, if you had a workflow that needed to configure 10 resources against 10 endpoints, this would involve updating the 10 node definitions in your site manifest?) I spent some time thinking about the current device command and how I might use it to configure workflows across multiple endpoints. - on the puppet master, keep a queue (or list) for each endpoint that needs to be configured - have an external process (the dispatcher) that keeps track of the configuration that needs to be applied (along with their endpoints) and stores the resources that represent that configuration into the correct queue for it's endpoint. - have an ENC that checks the certname of a device when it checks in, maps it to a queue, and clears all entries for a queue (for it to apply) - If the dispatcher keeps track of all of the resources that it put onto which queue, it can track the report for those devices to know when it's entire job is completed. The above explanation is the best way I could think of to use the existing device, but it is cumbersome enough that it warrants not using the device model. 2. it does not allow for the specification of dependencies between multiple device endpoints. It only allows for certain endpoints to be processed in a certain order. This is pretty much the same as #1, but worth mentioning separately. 3. It invents its own command line for doing things (it does not cleanly operate with puppet resource, puppet apply, puppet agent with represents a major loss of functionality) 4. Management of device.conf The existence of device.conf creates its own management issues. You need to assign a single node to a single device, you have to manage the process for getting the credentials to that device, you have to figure out how many devices/which devices go to which nodes as you scale out to a large number of device endpoints. *Solution:* The transport model (as created by Nan Liu) seems to get around the issues mentioned above and would allow a pretty clean integration path. For folks not familiar with the transport model. It uses
[Puppet Users] Puppet and MCollective
Hi, I am writing scripts for deployment of our software and I am also using MCollective on linux. I hope to use MCollective in order to reduce the requirement of opening a putty session to each VM and running the puppet agent manually the first time (when its registers/ creates keys etc). The problem I see with this is that I need to log in to each machine and install/configure mcollective (server.cfg client.cfg), so for this reason I do not save myself very much effort by using mcollective. I am using vms so I can add mcollective to the vm template, but I wont know the name of mcollective/activemq machine nor would I know the name of the machine at that point. How do you guys deploy mcollective? It seems abit like a chicken/egg scenario! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d1e0fc41-6558-4abf-bcc3-1a19e418d6f5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Unpleasant puppetlabs experience
On Sat, Dec 07, 2013 at 10:11:24AM +1300, xav wrote: On Fri, 2013-12-06 at 11:31 -0500, Jerald Sheets wrote: Please note that the exact same documentation is expected to be used for either and people spending crap-tons of money are expected to put up with the same issues. This is not a licensed/open source argument. This is a do a better job of documentation argument. I shouldn't have to go hunt down other admins in my town to learn things with/from because none of us can make sense of the documentation...or its wrong... or it ignores systems or development best practices, or whatever your particular gripe may be. Puppet is the best there is, but it (and its docs) can be better. This feels like it's a very negative discussion and I wanted to highlight my own experiences with Puppetlabs. Puppetlabs make their money in part from their excellent additions to the open source version (which makes deployment a bunch easier), but also from paid support engagements - if someone wants to pay them to update the docs for the open source parts, they will. If not then we either wait for them to get the time to do so, or we submit a pull request. We're not talking about a company the size of Google here, Puppetlabs doesn't have large bunches of cash to throw around, and my overall experience of the Puppet documentation has been excellent. The particular page in the bug report was extremely helpful when I started out with Puppet. I'd be keen to see more examples and helpful tutorials, but that's not core product documentation - the actual reference documentation on the puppetlabs site is bang up to date, complete, and way beyond the level of documentation available for many other products that sell for big money. And even better, if that's not enough the source is very readable and well commented. There are several areas in the documentation where gaps exist, and I commend Puppetlabs for highlighting these and over time filling them in. The product is still in active development and over time just gets better and better. Exactly my thoughts on the subject. Basically if you don't like the documentation you can research the problem(in this case custom providers) and then just populate the missing gaps in the documentation. This is how most of the open source projects out there improve their documentation. If for some reason your pull request is REJECTED then this is a different topic and is one I will be mad about(if at all possible) The fact is that the puppet project has one of the best documentations I have seen out there. Maybe it's just me but I find my around REALLY FAST these days. -- Nikola -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1386364284.6023.33.camel%40debian.my.home. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20131212170232.GD17003%40nikolavp-desktop. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet-dev] Re: [Puppet Users] using puppet device
On Thu, Dec 12, 2013 at 7:21 AM, Dan Bode bod...@gmail.com wrote: On Thu, Dec 12, 2013 at 1:46 AM, Nan Liu nan@gmail.com wrote: On Wed, Dec 11, 2013 at 8:51 AM, Dan Bode bod...@gmail.com wrote: I had a bit of time to research the existing device code to see if I can use it for an integration with two specific use cases: I'm not sure what issues are still actively worked on, and I'm keeping an eye on the redmine migration to see what gets ported over. I've had onsite discussion with PL developers, and I would love to get more feedback and roadmap for devices v.s. transport. For now, I'm staying with transport resources. Comments below. 1. discovery/inventory - access hardware inventory and store it somewhere where it can be retrieved. So far, device supports this use case. - specify a list of device endpoints in device.conf - run puppet device to get their facts to serve as inventory (although puppet device looks like it gets facts and requests catalogs, I will probably call the facts method directly to just get the facts) - have the front end query these facts from PuppetDB puppet device facts are not really invoked via facter, and have some gotchas (such as symbol keys). They are tucked away in lib/puppet/util/network_devices/device_name/facts.rb. However since facter is not available for puppet device, the only win for device is inventory in puppetdb. The missing functionality can be implemented as a resource for transport solution which exports facts via puppet face. I can't think of a case where I need facts from a device to make a configuration decisions. Perhaps I'm just not far enough into it :) In theory you should be able to detect the device version and use the appropriate provider. In practice, the one place I could use this functionality required different versions of rubygem to even connect to the device. 2. management - manage the process of bringing up a cluster from scratch This is the use case where puppet device is problematic. In this use case, an external system needs to specify how a collection of resources should be configured. The types of these resources are heterogeneous, for example: - Server - Storage - Network - add Port - create server These hardware configuration rules (and their dependencies) map pretty cleanly to the Puppet DSL and the Resource/Graph model. Where a manifests represents multiple devices and multiple endpoints. This is one of the main reason I'm using transport since it expresses cross node dependency using the existing DSL. I had the following issues with puppet device for this use case: 1. It iterates through the endpoints and configures them one at a time This is probably the biggest barrier. I need to keep track of a collection of resources that target multiple endpoints and apply them in a certain order. Looking at the device code it seems to just iterate through the endpoints in device.conf and configure them one at a time. I spent some time thinking about the current device command and how I might use it to configure workflows across multiple endpoints. - on the puppet master, keep a queue (or list) for each endpoint that needs to be configured - have an external process (the dispatcher) that keeps track of the configuration that needs to be applied (along with their endpoints) and stores the resources that represent that configuration into the correct queue for it's endpoint. - have an ENC that checks the certname of a device when it checks in, maps it to a queue, and clears all entries for a queue (for it to apply) - If the dispatcher keeps track of all of the resources that it put onto which queue, it can track the report for those devices to know when it's entire job is completed. The above explanation is the best way I could think of to use the existing device, but it is cumbersome enough that it warrants not using the device model. 2. it does not allow for the specification of dependencies between multiple device endpoints. It only allows for certain endpoints to be processed in a certain order. This is pretty much the same as #1, but worth mentioning separately. 3. It invents its own command line for doing things (it does not cleanly operate with puppet resource, puppet apply, puppet agent with represents a major loss of functionality) 4. Management of device.conf The existence of device.conf creates its own management issues. You need to assign a single node to a single device, you have to manage the process for getting the credentials to that device, you have to figure out how many devices/which devices go to which nodes as you scale out to a large number of device endpoints. *Solution:* The transport model (as created by Nan Liu) seems to get around the issues mentioned above and would allow a pretty clean integration path. For folks not familiar with the transport model. It uses regular types and providers that accept a
Re: [Puppet Users] using puppet device
On Thu, Dec 12, 2013 at 12:08 AM, Markus Burger markus.bur...@uni-ak.ac.atwrote: Hi, On 11-12-2013 10:51:08, Dan Bode wrote: Hi all, I had a bit of time to research the existing device code to see if I can use it for an integration with two specific use cases: 1. discovery/inventory - access hardware inventory and store it somewhere where it can be retrieved. So far, device supports this use case. - specify a list of device endpoints in device.conf - run puppet device to get their facts to serve as inventory (although puppet device looks like it gets facts and requests catalogs, I will probably call the facts method directly to just get the facts) - have the front end query these facts from PuppetDB 2. management - manage the process of bringing up a cluster from scratch This is the use case where puppet device is problematic. In this use case, an external system needs to specify how a collection of resources should be configured. The types of these resources are heterogeneous, for example: - Server - Storage - Network - add Port - create server These hardware configuration rules (and their dependencies) map pretty cleanly to the Puppet DSL and the Resource/Graph model. Where a manifests represents multiple devices and multiple endpoints. I had the following issues with puppet device for this use case: 1. It iterates through the endpoints and configures them one at a time This is probably the biggest barrier. I need to keep track of a collection of resources that target multiple endpoints and apply them in a certain order. Looking at the device code it seems to just iterate through the endpoints in device.conf and configure them one at a time. I currently use a simple solution to work around this problem where i create the device.conf through an external process on the fly and specify my devices and there dependencys in a yaml file, run them in order and just check the exit code. it looks something like this: --- defaults: scheme: sshios port: 22 userinfo: foo:bar query: crypt=true cmd: /usr/bin/puppet device --verbose --environment=network --detailed-exit-codes --deviceconfig={{DEVCFG}} || [ $? -eq 2 ] devices: dc1: sw-dc1-01.foo.bar: deps: - * sw-dc1-02.foo.bar: sw-dc1-03.foo.bar: deps: - sw-dc1-02.foo.bar str-dc1-01.foo.bar: scheme: netapp deps: - sw-dc1-01.foo.bar I spent some time thinking about the current device command and how I might use it to configure workflows across multiple endpoints. - on the puppet master, keep a queue (or list) for each endpoint that needs to be configured - have an external process (the dispatcher) that keeps track of the configuration that needs to be applied (along with their endpoints) and stores the resources that represent that configuration into the correct queue for it's endpoint. - have an ENC that checks the certname of a device when it checks in, maps it to a queue, and clears all entries for a queue (for it to apply) - If the dispatcher keeps track of all of the resources that it put onto which queue, it can track the report for those devices to know when it's entire job is completed. The above explanation is the best way I could think of to use the existing device, but it is cumbersome enough that it warrants not using the device model. 2. it does not allow for the specification of dependencies between multiple device endpoints. It only allows for certain endpoints to be processed in a certain order. This is pretty much the same as #1, but worth mentioning separately. 3. It invents its own command line for doing things (it does not cleanly operate with puppet resource, puppet apply, puppet agent with represents a major loss of functionality) 4. Management of device.conf The existence of device.conf creates its own management issues. You need to assign a single node to a single device, you have to manage the process for getting the credentials to that device, you have to figure out how many devices/which devices go to which nodes as you scale out to a large number of device endpoints. *Solution:* The transport model (as created by Nan Liu) seems to get around the issues mentioned above and would allow a pretty clean integration path. For folks not familiar with the transport model. It uses regular types and providers that accept a parameter called transport that can be used to indicate that it should be applied against some remote endpoint. For example: Transport { 'ssh': url = some_url password = 'some_password' } port { transport = Transport[ssh] } This will work perfectly for my use case. Can you point me to a thread where this was discussed ? I can only see an advantage of the purposed model for certain situations / device
Re: [Puppet Users] Can't seem to get modulepath attribute recognized by puppetmasterd
OK, Here is something I found with this problem When I run /etc/init.d/puppetmaster start in node/environment.rb validate_dirs is being passed /etc/puppet/modules:/usr/share/puppet/modules which isn't what I have in /etc/puppet/puppet.conf modulepath=. BUT! if I just do a *touch /etc/puppet/puppet.con*fthen puppetmaster calls reparse_config_files and it does in fact read my /etc/puppet/puppet.conf modulepath= correctly Like I said in the original thread, I don't know the ruby language. But I suspect that there is some type of calling sequence issue going on. On Thu, Dec 12, 2013 at 2:57 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Yes. The agent does default to environment=production if not specified otherwise. Your [production] should match your [main] wrt. modulepath etc. HTH, Felix On 12/11/2013 09:59 PM, John Pyeatt wrote: Could it be because my puppet.conf has a [production], [test] and [development] environment with a modulepath= for each one? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97A8E.2000308%40alumni.tu-berlin.de . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLkPc7J_ofHZU0o1psP8QOiZFwe7ggcOg3B9%3Dk3Xbs_8Ww%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet and MCollective
I install puppet agent on provision (kickstart, VM template, whatever) and do a puppet agent -t -w 1 (we don't autosign) at the end of the provision script. MCollective in our environment is handled as part of the puppet manifest, so after the agent run the host should be registered in mco. Jeff On 12/12/2013 11:54 AM, ro001 wrote: Hi, I am writing scripts for deployment of our software and I am also using MCollective on linux. I hope to use MCollective in order to reduce the requirement of opening a putty session to each VM and running the puppet agent manually the first time (when its registers/ creates keys etc). The problem I see with this is that I need to log in to each machine and install/configure mcollective (server.cfg client.cfg), so for this reason I do not save myself very much effort by using mcollective. I am using vms so I can add mcollective to the vm template, but I wont know the name of mcollective/activemq machine nor would I know the name of the machine at that point. How do you guys deploy mcollective? It seems abit like a chicken/egg scenario! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d1e0fc41-6558-4abf-bcc3-1a19e418d6f5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A9F65B.203%40bericotechnologies.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] recursive descent
Sure does John. Thanks for your interest! Do we know when the Puppet 3.0 book is coming out? It's showing as a very, very long delay at Amazon... On Thursday, December 12, 2013 7:17:17 AM UTC-8, jcbollinger wrote: On Wednesday, December 11, 2013 4:38:02 PM UTC-6, Stuart Cracraft wrote: http://christian.hofstaedtler.name/blog/2008/11/puppet-managing-directories-recursively.html Yes. Do you still have a question here, or does that blog post answer the question sufficiently for you? John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2bf056f0-cf06-482f-becc-86465530bf3e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] How best to distribute yaml file for custom fact?
I have a yaml file I'd like to distribute to my systems, and it contains some identifiers which help determine where that system is (this _can_ be determined from the IP address, but it's so much nicer to use a custom fact -- we're basically assigning names to our various subnets and storing those in these yaml files where we can use them in manifests and templates). The problem is that we are using them in templates. So when I try to distribute the file, the template fails to parse, and the whole puppet run just aborts. If it were just an error, I could deal with it. But this seems to be a show-stopper. I see that 3.4.0 will have a way to distribute these files as part of pluginsync, but I need this sooner than that (and since I'm in production, I'm hesitant to jump to a .0 release in any case). Any bright ideas? Bret -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/15f7ab89-3e32-4226-a360-fc53d9f3be89%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Can't seem to get modulepath attribute recognized by puppetmasterd
Felix, could that above behavior be linked to http://projects.puppetlabs.com/issues/23349 ? That is, could there be a hook/ordering issue? Sprang to mind, anyway. Probably cargo cult. Jeff On Thu, Dec 12, 2013 at 12:36 PM, John Pyeatt john.pye...@singlewire.comwrote: OK, Here is something I found with this problem When I run /etc/init.d/puppetmaster start in node/environment.rb validate_dirs is being passed /etc/puppet/modules:/usr/share/puppet/modules which isn't what I have in /etc/puppet/puppet.conf modulepath=. BUT! if I just do a *touch /etc/puppet/puppet.con*fthen puppetmaster calls reparse_config_files and it does in fact read my /etc/puppet/puppet.conf modulepath= correctly Like I said in the original thread, I don't know the ruby language. But I suspect that there is some type of calling sequence issue going on. On Thu, Dec 12, 2013 at 2:57 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Yes. The agent does default to environment=production if not specified otherwise. Your [production] should match your [main] wrt. modulepath etc. HTH, Felix On 12/11/2013 09:59 PM, John Pyeatt wrote: Could it be because my puppet.conf has a [production], [test] and [development] environment with a modulepath= for each one? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A97A8E.2000308%40alumni.tu-berlin.de . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTLkPc7J_ofHZU0o1psP8QOiZFwe7ggcOg3B9%3Dk3Xbs_8Ww%40mail.gmail.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAHahqg1dwEwx1fRtu3z8p7bv2KG7BfXezmdGjy9vjEaN7Dkrug%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Stdlib and Defined Types
All, Does anyone know of a way to add a file-centric backtrace to the validate functions in the Stdlib? If you use a validator in a defined type, you end up not having any idea what actually threw the error. Though much has moved to parameterized classes, there are still times when defines are useful and it would be nice to know what calling class/define/stack was blowing up. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoU3zKniWFs0BGgW7rwfcJbUzXXFQTyyn4ygkMax72WbGA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] examples of puppet yaml output
Greetings Puppeteers!!! Where can I get a very large set of puppet yaml output? I want to run my new yamlyzer program over it as a test. I don't want to run it against anything small. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5d812e4d-2dea-4a3a-ade6-2d61b36f3dc0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] examples of puppet yaml output
/var/lib/puppet/reportsbr /on a puppet master. br /br /Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.br /Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1816672046.12346.1386882350097.JavaMail.root%40sz0126a.westchester.pa.mail.comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] examples of puppet yaml output
Well, obviously, but... What if you do not have a lot of data or want more yaml's for testing against? Will anyone give me all their yaml's? I'd like thousands and thousands to test against. On Thursday, December 12, 2013 1:05:50 PM UTC-8, Ygor wrote: /var/lib/puppet/reports on a puppet master. Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us. Bill Waterson (Calvin Hobbes) - Original Message - From: smcra...@gmail.com javascript: To: puppet...@googlegroups.com javascript: Sent:Thu Dec 12 08:47:42 UTC 2013 Subject: [Puppet Users] examples of puppet yaml output Greetings Puppeteers!!! Where can I get a very large set of puppet yaml output? I want to run my new yamlyzer program over it as a test. I don't want to run it against anything small. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5d812e4d-2dea-4a3a-ade6-2d61b36f3dc0%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/61101e77-2249-42cd-8127-3d0cb9b583a2%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] yamlyzer
Hi everybody, Is there a command-line program which parses: puppetmasters*:/var/lib/puppet/reports/*/*.yaml into simple a simple (though lengthy) report perhaps with column/field/etc. selection based on a straightforward method. Holler if you know of any. I know this was queried by me on this list recently and all sorts of stuff was posted. If I don't get it here, I'll need to go over to puppet-developers and ask there. Surely, someone has written something they're proud of and will share it forward. Stuart -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/97ac73f0-f64a-4a09-b571-da222b3bdb1a%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] parsing puppet YAML
Where did this go? On Friday, May 21, 2010 9:44:33 PM UTC-7, Luke Baker wrote: Hey there, I’ve playing with parsing some of the yaml data that puppet creates. Has anyone had luck doing this with python or the like? It seems that in every yaml file, there is a comment at the top of the file like this.. --- !ruby/object:Puppet::Node Which doesn’t make may yaml parsers happy.. where am I going wrong? --Luke Baker -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.comjavascript: . To unsubscribe from this group, send email to puppet-users...@googlegroups.com javascript:. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e23870ec-93e1-4057-a616-977da955ec73%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Hiera 1.3.1-rc1 Now Available
**Release Candidate** Hiera 1.3.1-rc1 --- *Pre-release*: Hiera 1.3.1 is not yet released. - RC1: December 12, 2013. Hiera 1.3.0 Downloads -- Source: https://downloads.puppetlabs.com/hiera/hiera-1.3.1-rc1.tar.gz Available in native package format in the pre-release repositories at: http://yum.puppetlabs.com and http://apt.puppetlabs.com For information on how to enable the Puppet Labs pre-release repos, see: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#enabling-the-prerelease-repos Gems are available via rubygems at https://rubygems.org/downloads/hiera-1.3.1.rc1.gem or by using `gem install --pre hiera` Mac packages are available at https://downloads.puppetlabs.com/mac/hiera-1.3.1-rc1.dmg Please report feedback via the Puppet Labs tickets site, using an affected hiera version of 1.3.1-rc1: https://tickets.puppetlabs.com/browse/HI Hiera 1.3.0 release notes --- Hiera 1.3.1 is a bug fix release in the 1.3 series. It fixes one bug: HI-65 https://tickets.puppetlabs.com/browse/HI-65: Empty YAML files can raise an exception (backported to stable as HI-71https://tickets.puppetlabs.com/browse/HI-71 ) Hiera 1.3.0 Contributors -- Adrien Thebo, Andrew Parker, Daniel De Marco, Justin Stoller, Melissa Stone Hiera 1.3.0 Changelog Adrien Thebo (1): d9f4961 (maint) Add test coverage for unexpected YAML values Andrew Parker (1): 7b75d0a (Maint) Restore soloris-11.cfg Daniel De Marco (1): 24f2ee6 (#23273) ignore empty YAML files Justin Stoller (3): 9248fa4 use pooling api abca841 use configurable gem source 2aa5bfb Use the same kind of gem source switching as Puppet Melissa Stone (2): 498416e (maint) Add fedora 20 to mock list 6243d44 (packaging) Update VERSION to 1.3.1-rc1 -- Melissa Stone Release Engineer, Puppet Labs Join us at PuppetConf 2014, September 23-24 in San Francisco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAHEe_krKmO6oR8Qe9kjrdDsfFdSrVgWfaRuz_u9oAvT%3Df8YVkQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
On Dec 12, 2013, at 6:20 PM, Stuart Cracraft smcracr...@gmail.com wrote: Hi everybody, Is there a command-line program which parses: puppetmasters*:/var/lib/puppet/reports/*/*.yaml into simple a simple (though lengthy) report perhaps with column/field/etc. selection based on a straightforward method. Holler if you know of any. I know this was queried by me on this list recently and all sorts of stuff was posted. If I don't get it here, I'll need to go over to puppet-developers and ask there. Surely, someone has written something they're proud of and will share it forward. Stuart On Nov 26, 2013, at 2:27 PM, Dan White y...@comcast.net wrote: Reference: http://docs.puppetlabs.com/puppet/3/reference/format_report.html Start with this: #!/usr/bin/ruby require 'puppet' if defined?(ARGV) filename = ARGV.first if defined?(filename) report = YAML.load_file(filename) print Report for : puts report.host print Started : puts report.time print Log count: puts report.logs.size print Metrics count: puts report.metrics.size print Resource Status count: puts report.resource_statuses.size print Status: puts report.status report.logs.each do |logg| puts LOG - if logg.file print File: puts logg.file end if logg.line print Line: puts logg.line end print Level: puts logg.level print Message: puts logg.message print Source: puts logg.source print Tags: puts logg.tags.join( ) print Time: puts logg.time end report.resource_statuses.keys.each do |kk| if report.resource_statuses[#{kk}].change_count 0 puts RESOURCE STATUS puts #{kk} report.resource_statuses[#{kk}].events.each do |line| print property: puts line.property print message: puts line.message print name: puts line.name print status: puts line.status print when: puts line.time end end end puts - end end -- Good luck. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Stuart Cracraft smcracr...@me.com To: puppet-users@googlegroups.com Sent: Tuesday, November 26, 2013 2:10:53 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Who will share a report generator for the yaml reports generated by puppet so that we do not have to reinvent wheel after wheel after wheel!! On Nov 26, 2013, at 11:08 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - From: Stuart Cracraft smcracr...@gmail.com To: puppet-users@googlegroups.com Sent: Tuesday, November 26, 2013 7:02:42 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output What we want is not more complexity, but more simplicity! I could go into puppet config print reportdir and then to its /var/lib/puppet/reports then to the host directories of interest and grep out message. But that seems a very sorry state of affairs. Puppetmasters speak UP! you do not need to grep out anything, as I showed you there is a ruby API for accessing this data. If you use PuppetDB it will also be able to store this information and it has APIs for extracting these logs in a structured manner. API access is about as much as you can hope for I think. Your alternatives are to write a logger plugin for Puppet that outputs JSON, I've done this and it was not clear sailing. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F5C8FE40-A9A0-4A8C-84B6-4BFDDD937ADD%40comcast.net.
Re: [Puppet Users] yamlyzer
Do you personally use something more comprehensive with all fields enabled? On Dec 12, 2013, at 4:59 PM, Dan White y...@comcast.net wrote: On Dec 12, 2013, at 6:20 PM, Stuart Cracraft smcracr...@gmail.com wrote: Hi everybody, Is there a command-line program which parses: puppetmasters*:/var/lib/puppet/reports/*/*.yaml into simple a simple (though lengthy) report perhaps with column/field/etc. selection based on a straightforward method. Holler if you know of any. I know this was queried by me on this list recently and all sorts of stuff was posted. If I don't get it here, I'll need to go over to puppet-developers and ask there. Surely, someone has written something they're proud of and will share it forward. Stuart On Nov 26, 2013, at 2:27 PM, Dan White y...@comcast.net wrote: Reference: http://docs.puppetlabs.com/puppet/3/reference/format_report.html Start with this: #!/usr/bin/ruby require 'puppet' if defined?(ARGV) filename = ARGV.first if defined?(filename) report = YAML.load_file(filename) print Report for : puts report.host print Started : puts report.time print Log count: puts report.logs.size print Metrics count: puts report.metrics.size print Resource Status count: puts report.resource_statuses.size print Status: puts report.status report.logs.each do |logg| puts LOG - if logg.file print File: puts logg.file end if logg.line print Line: puts logg.line end print Level: puts logg.level print Message: puts logg.message print Source: puts logg.source print Tags: puts logg.tags.join( ) print Time: puts logg.time end report.resource_statuses.keys.each do |kk| if report.resource_statuses[#{kk}].change_count 0 puts RESOURCE STATUS puts #{kk} report.resource_statuses[#{kk}].events.each do |line| print property: puts line.property print message: puts line.message print name: puts line.name print status: puts line.status print when: puts line.time end end end puts - end end -- Good luck. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) - Original Message - From: Stuart Cracraft smcracr...@me.com To: puppet-users@googlegroups.com Sent: Tuesday, November 26, 2013 2:10:53 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output Who will share a report generator for the yaml reports generated by puppet so that we do not have to reinvent wheel after wheel after wheel!! On Nov 26, 2013, at 11:08 AM, R.I.Pienaar r...@devco.net wrote: - Original Message - From: Stuart Cracraft smcracr...@gmail.com To: puppet-users@googlegroups.com Sent: Tuesday, November 26, 2013 7:02:42 PM Subject: Re: [Puppet Users] get a *structured* version of the puppet agent output What we want is not more complexity, but more simplicity! I could go into puppet config print reportdir and then to its /var/lib/puppet/reports then to the host directories of interest and grep out message. But that seems a very sorry state of affairs. Puppetmasters speak UP! you do not need to grep out anything, as I showed you there is a ruby API for accessing this data. If you use PuppetDB it will also be able to store this information and it has APIs for extracting these logs in a structured manner. API access is about as much as you can hope for I think. Your alternatives are to write a logger plugin for Puppet that outputs JSON, I've done this and it was not clear sailing. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/GxeE-URziu8/unsubscribe. To unsubscribe from this group and all its
Re: [Puppet Users] parsing puppet YAML
Continue down the thread: http://www.mail-archive.com/puppet-users@googlegroups.com/msg11545.html and then this should help http://www.skorks.com/2010/04/serializing-and-deserializing-objects-with-ruby/ Puppet::Node is a data structure like Puppet::Transaction::Report and Puppet::Util::Log as described here: http://docs.puppetlabs.com/puppet/3/reference/format_report.html On Dec 12, 2013, at 7:04 PM, Stuart Cracraft smcracr...@gmail.com wrote: Where did this go? On Friday, May 21, 2010 9:44:33 PM UTC-7, Luke Baker wrote: Hey there, I’ve playing with parsing some of the yaml data that puppet creates. Has anyone had luck doing this with python or the like? It seems that in every yaml file, there is a comment at the top of the file like this.. --- !ruby/object:Puppet::Node Which doesn’t make may yaml parsers happy.. where am I going wrong? --Luke Baker -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet...@googlegroups.com. To unsubscribe from this group, send email to puppet-users...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e23870ec-93e1-4057-a616-977da955ec73%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/B5FC96FF-0FB6-4453-A21B-645DE1F65016%40comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
No. I whipped that sample up in about 10 minutes. It provides a starting point for you to develop what you want. On Dec 12, 2013, at 8:09 PM, Stuart Cracraft smcracr...@me.com wrote: Do you personally use something more comprehensive with all fields enabled? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0D6FF77B-2D05-43A4-B42B-C1268179D221%40comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
Great. Okay - anyone additionally, how would you extend Dan's script to dump the entirety of a Puppet YAML to a plain text report. I know, I know. It sounds boring, painful even but the rationale is to know exactly what the YAML says even though it is voluminous. The reason? Our Security Group would like to have complete visibility to logs in simple formats they can parse and understand and socialize it to the C-suite with. Also, it can be used to analyze Puppet's proposed operations in noop mode prior to an eventual turnup in full 7x24x365 mode for selected subsets of our cloud. On Dec 12, 2013, at 8:03 PM, Dan White y...@comcast.net wrote: No. I whipped that sample up in about 10 minutes. It provides a starting point for you to develop what you want. On Dec 12, 2013, at 8:09 PM, Stuart Cracraft smcracr...@me.com wrote: Do you personally use something more comprehensive with all fields enabled? “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/GxeE-URziu8/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0D6FF77B-2D05-43A4-B42B-C1268179D221%40comcast.net. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3EFA4955-6A98-4246-BC72-E805A9830713%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
On 13 December 2013 15:07, Stuart Cracraft smcracr...@me.com wrote: Our Security Group would like to have complete visibility to logs in simple formats they can parse and understand and socialize it to the C-suite with. Also, it can be used to analyze Puppet's proposed operations in noop mode prior to an eventual turnup in full 7x24x365 mode for selected subsets of our cloud. Are you using puppet dashboard? You can get the same information in CSV format from http://localhost:3000/nodes.csv. It has the same information as the yaml reports, but in easier (familiar) to manage CSV format, and always up to date when you suck it from the dashboard. Here's a line of an out of sync resource: hostname,pending,736,34,0,702,File,/etc/sudoers,0.483092,/modules/sudoers/manifests/init.pp,22,2013-12-11 23:16 UTC,0,1,false,false You don't get everything (like a diff on the file),and it is a good idea to omit in sync resources (!~ /,0,0,[a-z]*,false/) And why hasn't someone written exactly what you want? Because probably no-one has the exact requirements of your organisation. So, at some stage you're going to have to do some custom work. Or even better, engage puppet labs to do what you want, and ensure it gets rolled back into the product for the community. That's where the totting up the # resources and states and the CSV dump of the dashboard came from... John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAJLFxVfb8A9TwsEng%2B2VK_eFarRa7a%3DkRMMGYu9hu%2BTvmBUGw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
Extending the script depends on what yaml files you plan to parse and what serialized objects are contained therein. http://www.skorks.com/2010/04/serializing-and-deserializing-objects-with-ruby/ On Dec 12, 2013, at 11:07 PM, Stuart Cracraft smcracr...@me.com wrote: Great. Okay - anyone additionally, how would you extend Dan's script to dump the entirety of a Puppet YAML to a plain text report. I know, I know. It sounds boring, painful even but the rationale is to know exactly what the YAML says even though it is voluminous. The reason? Our Security Group would like to have complete visibility to logs in simple formats they can parse and understand and socialize it to the C-suite with. Also, it can be used to analyze Puppet's proposed operations in noop mode prior to an eventual turnup in full 7x24x365 mode for selected subsets of our cloud. On Dec 12, 2013, at 8:03 PM, Dan White y...@comcast.net wrote: No. I whipped that sample up in about 10 minutes. It provides a starting point for you to develop what you want. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/A5133F3F-CAAC-45D3-BD84-8D8CA5A174DF%40comcast.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
Thank-you Dan. Stuart On Dec 12, 2013, at 8:42 PM, Dan White y...@comcast.net wrote: Extending the script depends on what yaml files you plan to parse and what serialized objects are contained therein. http://www.skorks.com/2010/04/serializing-and-deserializing-objects-with-ruby/ On Dec 12, 2013, at 11:07 PM, Stuart Cracraft smcracr...@me.com wrote: Great. Okay - anyone additionally, how would you extend Dan's script to dump the entirety of a Puppet YAML to a plain text report. I know, I know. It sounds boring, painful even but the rationale is to know exactly what the YAML says even though it is voluminous. The reason? Our Security Group would like to have complete visibility to logs in simple formats they can parse and understand and socialize it to the C-suite with. Also, it can be used to analyze Puppet's proposed operations in noop mode prior to an eventual turnup in full 7x24x365 mode for selected subsets of our cloud. On Dec 12, 2013, at 8:03 PM, Dan White y...@comcast.net wrote: No. I whipped that sample up in about 10 minutes. It provides a starting point for you to develop what you want. “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” Bill Waterson (Calvin Hobbes) -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/GxeE-URziu8/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/A5133F3F-CAAC-45D3-BD84-8D8CA5A174DF%40comcast.net. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F9F7B799-A94D-437C-9069-CFA1B65C8035%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] yamlyzer
John, I will look into this tomorrow. It sounds like the solution. Thanks very much. Stuart On Dec 12, 2013, at 8:32 PM, John Warburton jwarbur...@gmail.com wrote: On 13 December 2013 15:07, Stuart Cracraft smcracr...@me.com wrote: Our Security Group would like to have complete visibility to logs in simple formats they can parse and understand and socialize it to the C-suite with. Also, it can be used to analyze Puppet's proposed operations in noop mode prior to an eventual turnup in full 7x24x365 mode for selected subsets of our cloud. Are you using puppet dashboard? You can get the same information in CSV format from http://localhost:3000/nodes.csv. It has the same information as the yaml reports, but in easier (familiar) to manage CSV format, and always up to date when you suck it from the dashboard. Here's a line of an out of sync resource: hostname,pending,736,34,0,702,File,/etc/sudoers,0.483092,/modules/sudoers/manifests/init.pp,22,2013-12-11 23:16 UTC,0,1,false,false You don't get everything (like a diff on the file),and it is a good idea to omit in sync resources (!~ /,0,0,[a-z]*,false/) And why hasn't someone written exactly what you want? Because probably no-one has the exact requirements of your organisation. So, at some stage you're going to have to do some custom work. Or even better, engage puppet labs to do what you want, and ensure it gets rolled back into the product for the community. That's where the totting up the # resources and states and the CSV dump of the dashboard came from... John -- You received this message because you are subscribed to a topic in the Google Groups Puppet Users group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/puppet-users/GxeE-URziu8/unsubscribe. To unsubscribe from this group and all its topics, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAJLFxVfb8A9TwsEng%2B2VK_eFarRa7a%3DkRMMGYu9hu%2BTvmBUGw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/F1E84CBD-E759-46DD-8C6A-2051409C81A9%40me.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Windows - MSI that shows up in Windows Features instead of Add/Remove Programs
I'm trying to deploy IE11 through puppet. I've created a custom MSI using the IE Administration Kit that supports silent installs. The problem is, IE is built into Windows, so rather than showing up in the installed programs list, it winds up in Windows Features. I figured this would cause a problem, if I attempted to install it as a package since Puppet is checking the list of installed programs to see whether or not it needs to install the package. As I expected, Puppet attempts to install the MSI everytime it's executed. Is there any way to get it to check windows features in addition to installed programs? In lieu of that, does anyone have any suggestions? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f1150eac-4100-4c6f-96b8-58531e53c84c%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Stdlib and Defined Types
On Friday, December 13, 2013 5:30:26 AM UTC+9, Trevor Vaughan wrote: Does anyone know of a way to add a file-centric backtrace to the validate functions in the Stdlib? If you use a validator in a defined type, you end up not having any idea what actually threw the error. Annoying indeed - had this issue quite often as well. What you want is to change this in your checkout of stdlib (modules/stdlib): For spec/unit/puppet/parser/functions/validate_*_spec.rb Change all: expect { scope.compiler.compile }.to raise_error(Puppet::ParseError to: expect { scope.compiler.compile }.to raise_error(Puppet::Error -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6fec71ff-df7c-4f66-a2a5-21be0e68d587%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Noop some classes/ressources
I would like to set to noop some classes (not all) for some server groups. (For example, we can have 2 types of modules, IT and Middleware, IT must be in no-noop and Middleware must be in noop) So you would like to sometimes apply a nodes assigned classes and sometimes not? That sounds like a strange usecase. If it's just a case of 'sometimes' as in some actually puppetruns, you could use something like cronjobbed 'puppet agent --test --tags=all,the,classes,I,do,want,to,apply'. If on the other hand your puppet environment is set up to apply classes to nodes that shouldn't be applied, you would be advised to look into how to only assign the necessary classes to the server group requiring them, rather than creating a parameter to every class to turn them on and off at will. Things like a custom fact that parses IP's or hostnames, returns a server group string and then using that as part of hiera.yaml and doing your classes assignment might be an idea. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/46ffe52f-7bff-41ff-8ac4-34ef84c0b12e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.