Re: [Puppet Users] What is the recommended puppet server directory layout?
This is the same directory layout most of us would use if you no setup environments. If you want to implement roles/profiles, they are not anything else that classes defined in modules. For instance /etc/puppet/modules/role/manifests would have the manifest for roles definition and /etc/puppet/modules/profile/manifests the profiles one. In /etc/puppet/manifests/site.pp normally you would have nothing if you use a ENC, and the nodes definition if not ( probable by importing others pp files with the node definitions) Regards, El 07/02/2014 18:29, "T" escribió: > I am just setting up a new puppet server and wanted to find out what the > best practise directory structure is? Ive had a look around on different > forums and on the puppet site and what strikes me is that everyone seems to > lay it out in a different way. Isnt there a recommended way and directory > structure? > > So far I have: > > puppet >+ manifests > + site.pp >+ modules > > Im just a little stuck after this :) > > So I think I want to separate this down to server roles such as > "webserver", which has a service such as "httpd" or "nginx" > > Whats the best method to lay all of this out as its driving me nuts that > there doesnt seem to be a preferred method to do this, or maybe I have just > missed it in all of the other information :( > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/c19c80a1-4363-453f-8fc3-e3fb8efb7247%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3dc20bmhtBW7Tju%2BSWuPYCFskR%2BguFGiqL0atee%2BZBRFaQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] File resource fails on Windows 7 x64 (other resources with different file works)
I'm a Unix guy, and perhaps this is a silly question but... Does C:/ProgramData/puppetfiles/ directory exists? Regards El 07/02/2014 17:31, "jmp242" escribió: > I'm really lost as to why this is failing. > > file{ 'openvpn.exe': > path => 'C:/ProgramData/puppetfiles/openvpn.exe', > source => "puppet:///modules/openvpn/openvpn.exe", > owner => 'SYSTEM', > group => 'Administrators', > mode => 0770, > provider => windows, > ensure => present, > } > > gives me this error: > > ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, > C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system > cannot find the file specified. > > > change from absent to file failed: > ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, > C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system > cannot find the file specified. > > > I have no idea why. I'm using Puppet agent 3.4.2. A very similar resource: > > file { 'fusion.exe': > path => 'C:/ProgramData/puppetfiles/fusion.exe', > source => "puppet:///modules/fusionagent/fusion.exe", > owner => 'SYSTEM', > group => 'Administrators', > mode => 0770, > provider => windows, > ensure => present, > } > > works... > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/8a72f9a1-1402-4e2d-80fb-703a5133e50e%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3deq%3Dj2V30ZuAeqT7%2Bx9fAiVsBG5LV1BPqfTUhO73JJgRQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] File resource fails on Windows 7 x64 (other resources with different file works)
First question - what version of puppet? Second question - can you run puppet apply (or agent) with --trace --debug --verbose and post the relevant results? We have some recent fixes related to this. On Thu, Feb 6, 2014 at 3:27 PM, jmp242 wrote: > I'm really lost as to why this is failing. > > file{ 'openvpn.exe': > path => 'C:/ProgramData/puppetfiles/openvpn.exe', > source => "puppet:///modules/openvpn/openvpn.exe", > owner => 'SYSTEM', > group => 'Administrators', > mode => 0770, > provider => windows, > ensure => present, > } > > gives me this error: > > ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, > C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system > cannot find the file specified. > > > change from absent to file failed: > ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, > C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system > cannot find the file specified. > > > I have no idea why. I'm using Puppet agent 3.4.2. A very similar resource: > > file { 'fusion.exe': > path => 'C:/ProgramData/puppetfiles/fusion.exe', > source => "puppet:///modules/fusionagent/fusion.exe", > owner => 'SYSTEM', > group => 'Administrators', > mode => 0770, > provider => windows, > ensure => present, > } > > works... > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/8a72f9a1-1402-4e2d-80fb-703a5133e50e%40googlegroups.com > . > For more options, visit https://groups.google.com/groups/opt_out. > -- Rob Reynolds Developer, Puppet Labs *Join us at PuppetConf 2014, September 23-24 in San Francisco - * http://bit.ly/pupconf14 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK5yZoaMNh4Zn%2BBs%3DKL6jM%2BMi3-P4q1msvgJH_7xx_e24w%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] What is the recommended puppet server directory layout?
I am just setting up a new puppet server and wanted to find out what the best practise directory structure is? Ive had a look around on different forums and on the puppet site and what strikes me is that everyone seems to lay it out in a different way. Isnt there a recommended way and directory structure? So far I have: puppet + manifests + site.pp + modules Im just a little stuck after this :) So I think I want to separate this down to server roles such as "webserver", which has a service such as "httpd" or "nginx" Whats the best method to lay all of this out as its driving me nuts that there doesnt seem to be a preferred method to do this, or maybe I have just missed it in all of the other information :( -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c19c80a1-4363-453f-8fc3-e3fb8efb7247%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] File resource fails on Windows 7 x64 (other resources with different file works)
I'm really lost as to why this is failing. file{ 'openvpn.exe': path => 'C:/ProgramData/puppetfiles/openvpn.exe', source => "puppet:///modules/openvpn/openvpn.exe", owner => 'SYSTEM', group => 'Administrators', mode => 0770, provider => windows, ensure => present, } gives me this error: ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system cannot find the file specified. change from absent to file failed: ReplaceFile(C:/ProgramData/puppetfiles/openvpn.exe, C:/ProgramData/puppetfiles/openvpn.exe20140206-5012-wvhezn): The system cannot find the file specified. I have no idea why. I'm using Puppet agent 3.4.2. A very similar resource: file { 'fusion.exe': path => 'C:/ProgramData/puppetfiles/fusion.exe', source => "puppet:///modules/fusionagent/fusion.exe", owner => 'SYSTEM', group => 'Administrators', mode => 0770, provider => windows, ensure => present, } works... -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8a72f9a1-1402-4e2d-80fb-703a5133e50e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Does eyaml CLI have options to specify the private/public key paths?
And now I see why I hadn't found --help helpful. In 2.0.0 eyaml --help does not give a dump of options. You have to run eyaml --help to see a list of options for that command. Don't know if that's good or bad. IMO it would be nice to see more information in top level help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b6210c57-cd0f-429e-8880-f9e8982a224b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Autorequire based on resource property???
Felix Thanks for the pointers there... As discussed on #puppet-dev, I've managed to get it working with the following code: https://gist.github.com/fatmcgav/8864343 However it does raise the question of "Is this the most optimal method to handle this scenario?" As it means iterating the entire catalog for each resource that wants to auto-require another resource. In a practical application, I could see 6+ resources of different types that might want to autorequire the domain resource. Is there a more efficient method to pull out specific resource types from the catalogue? Or is the overhead from this operation likely to be soo small as not to worry? Cross posting to Puppet-dev mailing list for comment aswell. Cheers Gavin On Friday, 7 February 2014 12:50:58 UTC, Felix.Frank wrote: > > Hi, > > I suppose that should be possible, although the autorequire block will > be a lot more complex than those you're using right now (obviously, > since those are almost trivial - in a good way :-) > > You can filter the list of all resources in the catalog for interesting > things to autorequire. This general pattern might get you going > (untested though) > > autorequire(...) do > self.catalog.resources.select { |res| > # pseudo-code: resource is of desired type > # and has desired properties/parameters > }.collect { |res| > res[:name] > } > end > > Not even sure if :name is the correct key, but I hope this brings the > idea across. > > HTH, > Felix > > On 02/07/2014 12:51 PM, Gavin Williams wrote: > > In other-words, if I want the /application/ resource type to > > auto-require the appropriate /domain/ resource type, the only > > information I have to relate is based on the '/portbase/' param[3][4]. > > > > Is this technically possible? Or am I barking up the wrong tree??? > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1bd120b9-3ff8-410d-8309-8261b225665d%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: how to add an evironment variable to puppet agent execution?
I think custom facts would be fine for the case of JAVA_HOME of the OP. However, feeding data to the resource will not work for the self.instances method unfortunately. Custom facts won't work either, as facts are only determined prior to the catalog compilation. At that point, the installation path is not yet available (I'm installing Tomcat through a package manager so I don't have control over the installation paths). I ended up getting the desired path within the custom provider as follows: > ps_line = `ps -eaf | grep tomcat7` > installation_path = /catalina.base=([\S]+)/.match(ps_line)[1] > This works just fine! Anyway, thanks a lot for the quick responses, cheers Op donderdag 6 februari 2014 23:53:18 UTC+1 schreef jcbollinger: > > > > On Thursday, February 6, 2014 9:14:12 AM UTC-6, Felix.Frank wrote: >> >> I see, well - this kind of problem is best tackled using custom facts I >> think. >> >> > ... coupled with feeding the data to your resource via a parameter or > property, as appropriate. > > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f8a5a82d-0f37-4381-9295-0e02ce700acb%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Finally found workaround for problem with German windows clients
Hi Josh, > This assumes Time.new.zone returns a string encoded with the Windows-1250 > code page. You are probably better off omitting the source encoding, since > ruby should already know what it is: > >Time.new.zone.encode("UTF-8") Thanks for this information! While facter 2 isn't out, could you include that patch in the MSI please? That would save us from patching ALL the systems manually. Thanks and have a nice weekend, Andy. -- Happiness is not a destination. It is a method of life. -- Burton Hills -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140207150420.GA26621%40spiegl.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Ruby errors
On Thursday, February 6, 2014 12:54:58 PM UTC-6, Jason Hatman wrote: > > One of my clients wasn't checking in with puppet so I decided to reinstall > facter and puppet on that client. I did so and now when I try to run > puppet agent it crashes with a lot of ruby errors. This is mavericks so I > have the contents of /usr/lib/ruby/site_ruby/1.8 symlinked into > /usr/lib/ruby/site_ruby/2.0.0. The symlink commands are included as part > of my install package, so those commands re-executed as well during the > reinstall. Facter will still run, but Puppet agent will not. All was > working until I reinstalled puppet/facter. Below is a summary of the error > message. I've attached the crashlog. > > /Library/Ruby/Site/2.0.0/facter/util/resolution.rb:172: [BUG] Segmentation > fault > > ruby 2.0.0p247 (2013-06-27 revision 41674) [universal.x86_64-darwin13] > A segmentation fault indicates either a serious flaw in your Ruby implementation, a serious flaw in Puppet, or, most likely, a mismatch between the library for which a binary component of Puppet was built and the one actually present on the system. In view of the last, I find it very suspicious that you are symlinking components apparently intended for Ruby 1.8 into the site library of a Ruby 2.0 installation. Also, if you are in fact running Puppet under Ruby 2.0 then you must use Puppet 3.2 or later. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bf690c85-785b-4dbe-949d-d50adbd2e04f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Error Message: Could not set present on ensure: Function not implemented
Hello John, Thank you for the suggestions. You were correct it was related to the 'ensure' property. I discovered the actual cause of the problem to be fuse and symlink weirdness present in the latest version of Proxmox cluster. It appears that Puppet first creates a temp file and then moves it to this Proxmox-managed, fuse location. This move failed because of permission problems. This problem did not exist in the previous version of Proxmox when configured as a cluster. My debug approach was to manually reproduce Puppet's behavior, but first I had to realize that Puppet creates a file in /tmp and then moves it to the desired location. Creating the file inside the fuse-symlinked directory worked normally. The workaround was to puppet-manage the files in a regular directory and then use an 'exec' resource to copy (not move) the file to its final location. The new define includes a 'proxmox_workaround' flag to handle this special case. I updated the wiki page to show this workaround: http://jaroker.org/technical_notes/issues/software/puppet/start Regards, Jon --- Jon Jaroker http://jaroker.com On Thu, Jan 30, 2014 at 9:13 AM, jcbollinger wrote: > > > On Wednesday, January 29, 2014 2:00:28 PM UTC-6, Jon Jaroker wrote: > >> Hello, >> >> Would anyone know what the error message "Could not set present on >> ensure: Function not implemented" means. It is appearing in Puppet 2.7.13 >> on a File resource type. The --debug flag does not give any hints. >> [...] >> >> Any suggestions on how to troubleshoot this? >> >> > > That's certainly an unhelpful message. I suspect it really means "an > unanticipated error occurred while trying to sync the target file's > 'ensure' property". Since you are ensuring "present", Puppet would only be > trying to do something with the ensure property if [it thought that] the > file does not yet exist. > > Some things to look at: > >1. Unless you want to accommodate the possibility that the target file >is a symlink, I would ensure 'file' rather than 'present'. That is >unlikely to resolve the problem, however. >2. Check whether the File's target directory exists. >3. Check whether the File's target directory is readable and writable >to the Puppet agent. Check that every directory in the path to it is >readable. Even with the agent running as a privileged user such as root, >there are still ways that it might be denied access (e.g. SELinux, root >squashing [for network filesystems]). > > > John > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/L_sLXfw3mJw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/882a1699-d99c-43b8-af80-e3c0da5616b5%40googlegroups.com > . > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAPRiO6SwYhMwbz2AEwiFe1GQFaYbDE7gk81Xhj4SZnL7%3DMJ3%3DQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Reg : SSL Certificate
Hi, are you quite certain you moved those .pem files to the correct location? Apparently, the agent won't pick them up. Look at the config very carefully, and find out where the new key has been generated. The agent should not just overwrite the key you had imported. HTH, Felix On 01/28/2014 03:36 PM, krishna bhaskara rao wrote: > I have generated SSL certificate in puppet master with domain "test.com" > and then moved to below files to puppet agent SSL directory. > certs/test.com.pem, > private_keys/test.com.pem, > public_keys/test.com.pem and certs/ca.pem. > > Then I am trying to issue *puppet agent -t --debug* in agent, getting an > error. > Info: *Creating a new SSL key for test.com* > Info: Caching certificate for ca > Info: Caching certificate for test.com > Error: Could not request certificate: The certificate > retrieved from the master does not match the agent's private key. > > Please suggest me How to resolve this issue, Shall I need to disable > regeneration of key, if yes how to disable. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52F4EA82.4050607%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: non existing classes cause puppet 2.7 client to error out
On Thursday, February 6, 2014 2:17:00 PM UTC-6, Kyle Flavin wrote: > > I put this up on the Puppet Ask forum as well. Hopefully the duplication > isn't a big deal, I've been struggling to come up with a good solution to > this. > > I'm attempting to migrate a puppet environment from Puppet 2.6 to Puppet > 2.7. My plan for doing this is to install a new Puppet 2.7 master, point > the 2.6 clients to this new master, and then later update the 2.6 clients > over a period of time. > > However, I'm running into an issue due to the way our external node > classifier works. The node classifier returns a number of classes for each > host. These classes may or may not be defined in puppet manifests. In > 2.6, puppet just ignored any classes that were not recognized. > Really? I never knew that. What a nasty bug. > In 2.7, the client errors out and fails to pull down any of its > configuration, even from classes that are defined. From reading the forums > and bug reports, it appears that this new behavior is by design. My > question then is, is there any way to revert to the previous behavior? > Not to my knowledge. The behavior you are trying to get is buggy and inconsistent. The master will not provide a partial catalog when catalog compilation fails, in part because it has no way to know whether *any* of it is right. For instance, some part of the catalog that failed compilation could have been intended to override another part that was successfully compiled. > > It is not possible at this time to change the way our ENC works. My > workaround will be to identify all undefined classes, and define them as > empty classes in a puppet manifest. This is not ideal because new > undefined classes can be introduced by our ENC as we deploy new machines. > So it would be an ongoing maintenance process. > I feel badly for you that you are stuck in a poor situation. I can only suggest that you come up with a way to automate the dummy class generation you propose. Perhaps the ENC could even be made to do that itself. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/87a60333-1291-430e-bfb7-41bce2c38e0e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetmaster + hearbeat + mon
Thnx, Felix I'll try today On 7 February 2014 02:40, Felix Frank wrote: > Hi, > > good thinking, but the CA certificate is not used when accepting SSL > connections (or it shouldn't be, as far as I'm concerned). > > You can determine the certificate that is presented using > > openssl s_client -connect puppetserver.ops.ss:8445 (assuming that is > your masterport). > > You may need to share the server cert among your masters, not only the > CA cert. > > HTH, > Felix > > On 01/27/2014 06:59 PM, Vassiliy Vins wrote: > > #openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem on > > secondary puppetmaster > > gives CN=Puppet CA:puppetserver.ops.ss > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Puppet Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/puppet-users/WpkKz80Jxn4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/52F4AA08.8010503%40alumni.tu-berlin.de > . > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAO%2BK8YxOfSX6q1Vm4uUQCzd3CckoPt_QrDzkv%3D0YNFDbtzeuGQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Autorequire based on resource property???
Hi, I suppose that should be possible, although the autorequire block will be a lot more complex than those you're using right now (obviously, since those are almost trivial - in a good way :-) You can filter the list of all resources in the catalog for interesting things to autorequire. This general pattern might get you going (untested though) autorequire(...) do self.catalog.resources.select { |res| # pseudo-code: resource is of desired type # and has desired properties/parameters }.collect { |res| res[:name] } end Not even sure if :name is the correct key, but I hope this brings the idea across. HTH, Felix On 02/07/2014 12:51 PM, Gavin Williams wrote: > In other-words, if I want the /application/ resource type to > auto-require the appropriate /domain/ resource type, the only > information I have to relate is based on the '/portbase/' param[3][4]. > > Is this technically possible? Or am I barking up the wrong tree??? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52F4D6B2.1010400%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] PuppetDB replication
John, I would generally recommend Hot Standby with Streaming Replication for PostgreSQL replication. The documentation for such is here: http://www.postgresql.org/docs/9.3/static/high-availability.html Some people have also had success using Sloney, although I feel this is somewhat trickier to setup. The general difference between the two is that Streaming Replication is achieved by WAL log shipping, whereas Sloney uses statement replication. PuppetDB allows you to provide a secondary read database for queries as well: http://docs.puppetlabs.com/puppetdb/1.6/configure.html#read-database-settings this can be pointed at your hot standby node to spread the load a little. The pe_postgresql module that ships with PE does not have the capability to setup such clustering for you yet, but most of the facilities are there for modifying configuration, permissions and such that it is possible to do it. The hard part is really how to manage the initialization steps before the replication can start. ken. On Thu, Feb 6, 2014 at 10:23 PM, John Guthrie wrote: > I wasn't able to find much on this by searching, so I thought I would ask > here, has anyone had any kind of experience with any kind of replication of > PuppetDB. In particular, experience with the PE version of PuppetDB would be > great to hear about. I have set up PE puppet with the components master, DB, > and console on separate machines. I was thinking that getting some kind of > replication for the DB might be a good idea. > > Any comments? > > Thanks. > > John Guthrie > jguth...@book.com > This electronic mail message contains information that (a) is or > may be CONFIDENTIAL, PROPRIETARY IN NATURE, OR OTHERWISE > PROTECTED > BY LAW FROM DISCLOSURE, and (b) is intended only for the use of > the addressee(s) named herein. If you are not an intended > recipient, please contact the sender immediately and take the > steps necessary to delete the message completely from your > computer system. > > Not Intended as a Substitute for a Writing: Notwithstanding the > Uniform Electronic Transaction Act or any other law of similar > effect, absent an express statement to the contrary, this e-mail > message, its contents, and any attachments hereto are not > intended > to represent an offer or acceptance to enter into a contract and > are not otherwise intended to bind this sender, > barnesandnoble.com > llc, barnesandnoble.com inc. or any other person or entity. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/12D01FC3B93AC74DB3A731E93798FCB488A39616%40BNJEXCHMB01.bnweb.user.bn. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAE4bNTkHej4t0m_prK5vCq--iLzv0qh7AysNsbJ-9T9R4u1J7g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Autorequire based on resource property???
Morning all I'm trying to work out if it's possible to add auto-require logic to some of my Glassfish module[1] types. >From what I've read about *autorequire*, the standard usage is to match to a resource title, as used here[2]. However the challenge I'm hitting is that I don't know the title of the resource I need to auto-require in some of my types. However I do know the resource type, and a property of that type. In other-words, if I want the *application* resource type to auto-require the appropriate *domain* resource type, the only information I have to relate is based on the '*portbase*' param[3][4]. Is this technically possible? Or am I barking up the wrong tree??? Cheers Gavin [1] https://github.com/fatmcgav/puppet-glassfish/ [2] https://github.com/fatmcgav/puppet-glassfish/blob/master/lib/puppet/type/domain.rb#L91-L99 [3] https://github.com/fatmcgav/puppet-glassfish/blob/master/lib/puppet/type/domain.rb#L17-L35 [4] https://github.com/fatmcgav/puppet-glassfish/blob/master/lib/puppet/type/application.rb#L31-L49 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3bb26039-7323-4229-9ede-bccfeb56667f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Exec script from puppet file server
Hi, I need to use an exec resource to execute a shell script, and I'd like to keep the script on the puppet master. Is there a way to make the exec resource execute the script directly from puppet's built-in file server? It doesn't seem to accept the puppet:/// URI type. Otherwise I will need to copy it locally on the client and execute it from there (and maybe delete it afterwards). Thanks. Marco -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d3e5cf2f-6e94-42dc-9a72-8b854c3a20f0%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Code coverage for puppet resources
On 07 Feb 2014, at 11:54, Gareth Rushgrove wrote: > On 7 February 2014 02:51, gh wrote: >> On 1/26/14 7:50 AM, Gareth Rushgrove wrote: >>> For anyone else who likes writing tests for their puppet manifests, >>> I've just added basic code coverage to rspec-puppet: >>> >>> A blog post here about how to use it: >>> >>> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/ >>> >>> I'd be interested in any feedback on how to improve or add to this. >>> >>> Cheers >>> >>> Gareth >>> >> >> Gareth, >> >> Great blog post. I tried this on a module with 100% coverage and notice >> that it reports back 50% coverage. After some poking around, found that >> it is checking code in spec/fixtures/, the stdlib module actually. There >> seems to be an open issue[1] regarding the inability to exclude things. >> Curious if you found a work around for testing your code and not the >> modules pulled in from .fixtures.yml. >> > > Currently the rspec-puppet coverage stuff does check coverage across > all resources, including those from dependent modules. For example > this module depends on the puppetlabs/apt module - > https://travis-ci.org/garethr/garethr-nginx/jobs/18133670#L113 > > I purposefully didn't add too much configuration to the first pass of > the code, but it would be simple to add some options to ignore > specific modules (I think). I thought I'd wait to see if anyone found > it useful first. > > Gareth Great add-on for rspec-puppet. I really missed that functionality. Adding exclude options would be great. Many thanks, Martin > >> [1] - https://github.com/lemurheavy/coveralls-public/issues/184 >> >> BR, >> -g >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/52F44A2E.3070903%40garretthoneycutt.com. >> For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > Gareth Rushgrove > @garethr > > devopsweekly.com > morethanseven.net > garethrushgrove.com > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAFi_6y%2B-pZuGexUYciyXDkENL4EQQSJqTBHzaB5NfW9eujt%3D3g%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5885FE07-2C29-4908-9BFD-354642C330A0%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Creating new eyaml entries when private key is not available
Our plan for eyaml is that operations owns and protects the private key. So developers only have access to the public key and after creating new encrypted values cannot decrypt them. Unless I'm missing something, developers won't be able to use 'eyaml edit' because it requires the private key. As far as I can tell, the workflow in developer space is... > eyaml -s [string you want encrypted] Then paste the ENC[] text into the .eyaml file and save it back to the git repo. That's a reasonably tight workflow, I'm just wondering if I missed a better one. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cc11484e-2def-40ad-9dd4-4b8c2ac528e2%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Code coverage for puppet resources
On 7 February 2014 02:51, gh wrote: > On 1/26/14 7:50 AM, Gareth Rushgrove wrote: >> For anyone else who likes writing tests for their puppet manifests, >> I've just added basic code coverage to rspec-puppet: >> >> A blog post here about how to use it: >> >> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/ >> >> I'd be interested in any feedback on how to improve or add to this. >> >> Cheers >> >> Gareth >> > > Gareth, > > Great blog post. I tried this on a module with 100% coverage and notice > that it reports back 50% coverage. After some poking around, found that > it is checking code in spec/fixtures/, the stdlib module actually. There > seems to be an open issue[1] regarding the inability to exclude things. > Curious if you found a work around for testing your code and not the > modules pulled in from .fixtures.yml. > Currently the rspec-puppet coverage stuff does check coverage across all resources, including those from dependent modules. For example this module depends on the puppetlabs/apt module - https://travis-ci.org/garethr/garethr-nginx/jobs/18133670#L113 I purposefully didn't add too much configuration to the first pass of the code, but it would be simple to add some options to ignore specific modules (I think). I thought I'd wait to see if anyone found it useful first. Gareth > [1] - https://github.com/lemurheavy/coveralls-public/issues/184 > > BR, > -g > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/52F44A2E.3070903%40garretthoneycutt.com. > For more options, visit https://groups.google.com/groups/opt_out. -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAFi_6y%2B-pZuGexUYciyXDkENL4EQQSJqTBHzaB5NfW9eujt%3D3g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Does eyaml CLI have options to specify the private/public key paths?
Thanks James. --help should have been blindingly obvious but it slipped my flu infested mind. Cheers! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/abdd7e9f-9b88-47ae-889c-89f0f95ad2ca%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Code coverage for puppet resources
Gareth/Garret Not sure if it helps, but I've managed to exclude stuff from Coveralls by using simplecov filters... E.g.: https://github.com/fatmcgav/puppet-glassfish/commit/5f7d40c2257f469a297edd04a7dbac068306b82b Gav On Friday, 7 February 2014 02:51:26 UTC, Garrett Honeycutt wrote: > > On 1/26/14 7:50 AM, Gareth Rushgrove wrote: > > For anyone else who likes writing tests for their puppet manifests, > > I've just added basic code coverage to rspec-puppet: > > > > A blog post here about how to use it: > > > > > http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/ > > > > I'd be interested in any feedback on how to improve or add to this. > > > > Cheers > > > > Gareth > > > > Gareth, > > Great blog post. I tried this on a module with 100% coverage and notice > that it reports back 50% coverage. After some poking around, found that > it is checking code in spec/fixtures/, the stdlib module actually. There > seems to be an open issue[1] regarding the inability to exclude things. > Curious if you found a work around for testing your code and not the > modules pulled in from .fixtures.yml. > > [1] - https://github.com/lemurheavy/coveralls-public/issues/184 > > BR, > -g > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f1b6bfb4-32c0-4cf8-a58a-b6871db72211%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppet via apache / passenger
hey guys, got it solved! turns out there was nothing wrong with the way it was configured. Just that the disk had become full. So I cleared some space and it started working. [root@puppet:/etc/puppet] #puppet agent --test Info: Loading facts in /etc/puppet/modules/epel/lib/facter/os_maj_version.rb Info: Caching catalog for puppet.mydomain.com Info: Applying configuration version '1391766506' Notice: /Stage[main]/Puppet::Master/Service[puppetmaster]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Puppet::Master/Service[puppetmaster]: Unscheduling refresh on Service[puppetmaster] Notice: /Stage[main]/Puppet::Service/Service[puppet]/ensure: ensure changed 'stopped' to 'running' Info: /Stage[main]/Puppet::Service/Service[puppet]: Unscheduling refresh on Service[puppet] Notice: Finished catalog run in 8.73 seconds Thanks, Tim On Fri, Feb 7, 2014 at 4:30 AM, Tim Dunphy wrote: > Hey all, > > I made a little progress. Turns out that my directory structure under the > 'rack' directory may have been contributing to some of the problems I had > been facing. > > Originally I had > > [root@puppet:/etc/puppet] #tree rack/ > rack/ > ├── tmp > ├── public > └── puppetmasterd >└── config.ru > > > But then I changed it to the following: > > [root@puppet:/etc/puppet] #tree rack/ > rack/ > └── puppetmasterd > ├── config.ru > ├── public > └── tmp > └── restart.txt > > All owned by puppet:puppet. > > Then I restarted apache and now the error I get is the following: > > [root@puppet:/etc/puppet] #puppet agent --test > Warning: Unable to fetch my node definition, but the agent run will > continue: > Warning: Error 400 on SERVER: cannot generate tempfile > `/var/lib/puppet/yaml/node/puppet.jokefire.com.yaml20140207-22853-vkj608-9' > Info: Loading facts in > /etc/puppet/modules/epel/lib/facter/os_maj_version.rb > Error: Could not retrieve catalog from remote server: Error 400 on SERVER: > cannot generate tempfile > `/var/lib/puppet/yaml/facts/puppet.jokefire.com.yaml20140207-22853-lv2ym0-9' > > Warning: Not using cache on failed catalog > Error: Could not retrieve catalog; skipping run > > > Which from the output I would think would be incorrect ownership of the > /var/lib/puppet/yaml/node and the /var/lib/puppet/yaml/facts directories. > > But those directories both have puppet:puppet ownership: > > [root@puppet:/etc/puppet] #ls -l /var/lib/puppet | grep yaml | grep -v > client > drwxr-x--- 5 puppet puppet 4096 Feb 6 23:35 yaml > > [root@puppet:/etc/puppet] #ls -l /var/lib/puppet/yaml/ | grep node > drwxr-xr-x 2 puppet puppet 4096 Feb 7 04:06 node > > > So I could use some help on how to resolve this error. > > Enclosing debug output for further reference in case that will help. > > Thanks > Tim > > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0ekN7Z_-hQms1-BoytLdQtq8Y2bFOm1DnFgBL-uGefiWKQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppetmaster + hearbeat + mon
Hi, good thinking, but the CA certificate is not used when accepting SSL connections (or it shouldn't be, as far as I'm concerned). You can determine the certificate that is presented using openssl s_client -connect puppetserver.ops.ss:8445 (assuming that is your masterport). You may need to share the server cert among your masters, not only the CA cert. HTH, Felix On 01/27/2014 06:59 PM, Vassiliy Vins wrote: > #openss x509 -text -noout -in /var/lib/puppet/ssl/certs/ca.pem on > secondary puppetmaster > gives CN=Puppet CA:puppetserver.ops.ss -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52F4AA08.8010503%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: puppet via apache / passenger
Hey all, I made a little progress. Turns out that my directory structure under the 'rack' directory may have been contributing to some of the problems I had been facing. Originally I had [root@puppet:/etc/puppet] #tree rack/ rack/ ├── tmp ├── public └── puppetmasterd └── config.ru But then I changed it to the following: [root@puppet:/etc/puppet] #tree rack/ rack/ └── puppetmasterd ├── config.ru ├── public └── tmp └── restart.txt All owned by puppet:puppet. Then I restarted apache and now the error I get is the following: [root@puppet:/etc/puppet] #puppet agent --test Warning: Unable to fetch my node definition, but the agent run will continue: Warning: Error 400 on SERVER: cannot generate tempfile `/var/lib/puppet/yaml/node/puppet.jokefire.com.yaml20140207-22853-vkj608-9' Info: Loading facts in /etc/puppet/modules/epel/lib/facter/os_maj_version.rb Error: Could not retrieve catalog from remote server: Error 400 on SERVER: cannot generate tempfile `/var/lib/puppet/yaml/facts/puppet.jokefire.com.yaml20140207-22853-lv2ym0-9' Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run Which from the output I would think would be incorrect ownership of the /var/lib/puppet/yaml/node and the /var/lib/puppet/yaml/facts directories. But those directories both have puppet:puppet ownership: [root@puppet:/etc/puppet] #ls -l /var/lib/puppet | grep yaml | grep -v client drwxr-x--- 5 puppet puppet 4096 Feb 6 23:35 yaml [root@puppet:/etc/puppet] #ls -l /var/lib/puppet/yaml/ | grep node drwxr-xr-x 2 puppet puppet 4096 Feb 7 04:06 node So I could use some help on how to resolve this error. Enclosing debug output for further reference in case that will help. Thanks Tim -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOZy0enyEcvpVqNWOvtmUaOUwQT9nNNMb0qwpfpJU%2B%3DkstYDxA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out. puppet_run.dbg Description: Binary data
[Puppet Users] Re: Does eyaml CLI have options to specify the private/public key paths?
On Thursday, 6 February 2014 21:37:55 UTC, Larry Fast wrote: The default value for the private key path in the eyaml CLI is ./keys/private_key.pkcs7.pem. Is there an CLI option to override the default? yep :) $ eyaml --help Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties Usage: eyaml [options] eyaml -i file.eyaml # edit a file eyaml -e -s some-string # encrypt a string eyaml -e -p # encrypt a password eyaml -e -f file.txt # encrypt a file cat file.txt | eyaml -e # encrypt a file on a pipe Options: --createkeys, -c: Create public and private keys for use encrypting properties --decrypt, -d: Decrypt something --encrypt, -e: Encrypt something --edit, -i : Decrypt, Edit, and Reencrypt --eyaml, -y : Source input is an eyaml file --password, -p: Source input is a password entered on the terminal --string, -s : Source input is a string provided as an argument --file, -f : Source input is a file --stdin: Source input is taken from stdin --encrypt-method, -n : Override default encryption and decryption method (default is PKCS7) (default: pkcs7) --output, -o : Output format of final result (examples, block, string) (default: examples) --label, -l : Apply a label to the encrypted result --debug: Be more verbose --quiet: Be less verbose * --pkcs7-public-key, -k : Public key directory (default: ./keys/public_key.pkcs7.pem)* * --pkcs7-private-key, -r : Private key directory (default: ./keys/private_key.pkcs7.pem)* --version, -v: Print version and exit --help, -h: Show this message -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4a78c0a5-d8b2-4487-987e-a7d60b38b072%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] hiera suggestion
Hi, bumping an older thread, because that just caught my eye. On 01/21/2014 11:39 PM, Pete Brown wrote: > I would suggest putting defaults in your modules so you don't need to > set so many variables. I started actively avoiding that, actually, for the reason that hiera values may see use in different parts of a module, e.g. in the manifests and one or more templates. Adding a default to each of those hiera() calls adds potential for inconsistencies, especially when a default changes at one point. Therefor, the hiera values that are expected by modules get mandatory defaults from the bottom of my hierarchy. Any feedback is welcome though. Thanks, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52F49E1A.9070006%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.