Re: [Puppet Users] Mcollective client installation

[Johan De Wit]

With PE, mco commands needs to be run as peadmin user, so,  su - peadmin 
should do the trick.




On 02/18/2014 12:17 AM, Jeremy T. Bouse wrote:
Last time I installed PE and looked at the Mcollective install it 
wasn't using SSL but rather PSK only.


On 02/17/2014 02:48 PM, José Luis Ledesma wrote:


I don't know how puppet enterprise works with mco, but in the open 
source version you have to create a certificate for the user you are 
going to call mco and sign in with the middleware certificate.


El 17/02/2014 18:50, "Deep" > escribió:


Hi Jose,

Thanks for your quick response and explaining me in details. I
tried mco ping command but getting below error.

error 2014/02/17 16:23:00: activemq.rb:131:in
`on_ssl_connectfail' SSL session creation with
stomp+ssl://mcollective@gsldev23:61613 failed: nested asn1 error

I am using below ssl configuration in client.cfg

plugin.activemq.pool.1.ssl.ca
 =
/etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem
plugin.activemq.pool.1.ssl.cert =
/etc/puppetlabs/mcollective/ssl/mcollective-private.pem
plugin.activemq.pool.1.ssl.key =
/etc/puppetlabs/mcollective/ssl/mcollective-cert.pem


securityprovider = ssl

# SSL plugin settings:
plugin.ssl_server_public =
/etc/puppetlabs/mcollective/ssl/mcollective-public.pem
plugin.ssl_client_private =
/etc/puppetlabs/mcollective/ssl/mcollective-private.pem
plugin.ssl_client_public =
/etc/puppetlabs/mcollective/ssl/mcollective-public.pem

Can you tell me if this is wrong?


On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma
wrote:

Hi,

Mcollective has 3 roles:
- the server installed in every puppet client
- the middleware installed in puppet master
- the client installed anywhere, puppet master is a good place

The client is just the utilities to call commands, it attacks
the middleware, authenticate with certificates, and it is the
middle ware who spread the command to every mcollective
server. It doesnt have an agent running.

Just try 'mco ping' from the server/user that is the mco
client to check if it works.

Regards,

El 17/02/2014 18:14

Ik heb RFC-140183 aangemaakt in OT, en zal donderdag in ext

, "Deep"  escribió:

Hi All,

I have installed puppet enterprise which comes with
Mcollective. I have installed Puppet Master on node 1 and
puppet agent on node 2 and node 3. while installing , it
asked me if I want to install Mcollective. I wanted to
have Mcollective client on my Puppet Master. and
Mcollective servers on node 2 and node 3.

But when I checked, there was no client.cfg file created
at /etc/puppetlabs/mcollective/. And Mcollective was
started using server.cfg

How can I use Mcollective client on puppet Master?

I have created client.cfg but still Mcollective needs
server.cfg to start. Can anybody suggest me on this
please? I am new to Mcollective and trying to learn it
and implement it.

Regards,
Deep



--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53029870.9030503%40UnderGrid.net.

For more options, visit https://groups.google.com/groups/opt_out.



--
Johan De Wit

Open Source Consultant

Red Hat Certified Engineer (805008667232363)
Puppet Certified Professional 2013 (PCP006)
_
 
Open-Future Phone +32 (0)2/255 70 70

Zavelstraat 72  Fax   +32 (0)2/255 70 71
3071 KORTENBERG Mobile+32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_
 



Next Events:
Zabbix Certified Training | 
http://www.open-future.be/zabbix-certified-training-10-till-12th-march
Zabbix for Large Environments Training | 
http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march
Puppet Intruction Course | 
http://www.open-future.be/puppet-introduction-course-14th-april
Puppet Advanced Training | 
http://www.open-future.be/puppet-advanced-training-15-till-17th-april
Subscribe to our newsletter | http://eepurl.com/BUG8H

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion o

Re: [Puppet Users] Re: continued deployment

[Peter Romfeld]

Thanks for your answer! I read this book yesterday :)
Right now I am adding logstash to my puppet config. Next I need to figure
out the most fitting automated testing.

It will be for a ejabberd/erlang plugin.

Cheers,
Peter


On Mon, Feb 17, 2014 at 8:01 PM, JuanBrein  wrote:

> Have you read Continuous Delivery from Jez Humble?
>
> Is a great starting point covering main aspects. Look in youtube as well,
> there are plenty of videos from people implementing continuous delivery.
>
> Technology wise it is so wide that is difficult to find a single recipe.
> If you detail a bit more about your stack I could give you some hints.
>
> Now you mentioned continuous deployment and that as far as I understand is
> kind of a new area. If you are new to it you should first aim for
> continuous Delivery and then think on Continuous Deployment.
>
> Juan
>
>
> On Sunday, February 16, 2014 12:06:16 PM UTC, Peter Romfeld wrote:
>>
>> Hi,
>>
>> I got most of our infrastructure managed with puppet now. Now i want to
>> learn about continued app deplyment with puppet..
>>
>> So far my noob knowledge is I would use:
>> manage directory recursive -> notify exec command
>>
>> You have some some links or catchwords(google) for me to do this the
>> proper way?
>>
>> Thanks,
>> Peter
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/8e72e7e0-c207-4628-bfaf-ba2008443f38%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKiz-NdLCBaY_V%2BR8B1C0EhUyDBSURX3%3DrKctiUcR7bwOzv4RQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Mcollective client installation

[Jeremy T. Bouse]

Last time I installed PE and looked at the Mcollective install it wasn't
using SSL but rather PSK only.

On 02/17/2014 02:48 PM, José Luis Ledesma wrote:
>
> I don't know how puppet enterprise works with mco, but in the open
> source version you have to create a certificate for the user you are
> going to call mco and sign in with the middleware certificate.
>
> El 17/02/2014 18:50, "Deep"  > escribió:
>
> Hi Jose,
>
> Thanks for your quick response and explaining me in details. I
> tried mco ping command but getting below error.
>
> error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail'
> SSL session creation with stomp+ssl://mcollective@gsldev23:61613
> failed: nested asn1 error
>
> I am using below ssl configuration in client.cfg
>
> plugin.activemq.pool.1.ssl.ca
>  =
> /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem
> plugin.activemq.pool.1.ssl.cert =
> /etc/puppetlabs/mcollective/ssl/mcollective-private.pem
> plugin.activemq.pool.1.ssl.key =
> /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem
>
>
> securityprovider = ssl
>
> # SSL plugin settings:
> plugin.ssl_server_public =
> /etc/puppetlabs/mcollective/ssl/mcollective-public.pem
> plugin.ssl_client_private =
> /etc/puppetlabs/mcollective/ssl/mcollective-private.pem
> plugin.ssl_client_public =
> /etc/puppetlabs/mcollective/ssl/mcollective-public.pem
>
> Can you tell me if this is wrong? 
>
>
> On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote:
>
> Hi,
>
> Mcollective has 3 roles:
> - the server installed in every puppet client
> - the middleware installed in puppet master
> - the client installed anywhere, puppet master is a good place
>
> The client is just the utilities to call commands, it attacks
> the middleware, authenticate with certificates, and it is the
> middle ware who spread the command to every mcollective
> server. It doesnt have an agent running.
>
> Just try 'mco ping' from the server/user that is the mco
> client to check if it works.
>
> Regards,
>
> El 17/02/2014 18:14, "Deep"  escribió:
>
> Hi All,
>
> I have installed puppet enterprise which comes with
> Mcollective. I have installed Puppet Master on node 1 and
> puppet agent on node 2 and node 3. while installing , it
> asked me if I want to install Mcollective. I wanted to
> have Mcollective client on my Puppet Master. and
> Mcollective servers on node 2 and node 3.
>
> But when I checked, there was no client.cfg file created
> at /etc/puppetlabs/mcollective/. And Mcollective was
> started using server.cfg
>
> How can I use Mcollective client on puppet Master?
>
> I have created client.cfg but still Mcollective needs
> server.cfg to start. Can anybody suggest me on this
> please? I am new to Mcollective and trying to learn it and
> implement it.
>
> Regards,
> Deep
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53029870.9030503%40UnderGrid.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to group systems using Puppet and hiera?

[Ramin K]

On 2/17/2014 1:05 PM, Alex Scoble wrote:

Hi All,

We are currently transitioning from using the Puppet Enterprise (PE) ENC
to using hiera. Howevver, one piece of functionality that we lack with
hiera is the ability to group systems together based on function. We can
only currently group the systems based on available facts and are
currently using environment, osfamily and domain in our hierarchy,
however it would be extremely useful to also have a "group" or "role"
category in our hiera hierarchy.

As I see it we have a few options and hopefully, people here can add
better options that they are using.

The first is to use groups within the PE ENC which can apparently be
used as a variable within the hiera hierarchy. This would be an easy
solution, but not a very scalable one as putting systems into groups
using the PE console is very slow and I haven't seen a documented way to
manipulate the PE console data using a command line tool.

Second is to create a custom fact named group, but this requires that
each system has a yaml file dropped in the correct place and I don't see
a good way to automate creation of these files using PE, which would
make it scalable. One way to do it would be to create a hiera yaml for
each system with group parameter set, but the whole point of this
exercise is to avoid creating hiera yamls for each system in our
environment. I don't see having 1000+ hiera yamls as very scalable or
manageable.

Third, of course, is to just manage this with individual hiera yamls for
each system where classes required for that system's functions, but
can't be defined higher up in the hierarchy, would be called out, but as
I said before, this option isn't very scalable or manageable.

If you are using Puppet and hiera, how are you managing groups of
systems (web servers, Nessus servers, mail servers, etc.)?

Thanks,
Alex


	We add a role fact as part of the provisioning process when Puppet 
kicks off for the first time. The equivalent of doing the following from 
the command line.


FACTER_role=$role puppet agent --server $server --environment $env

::role is written to a file which in future runs populates ::role which 
closes the loop.


Ramin

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/530295F9.9080200%40badapple.net.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] How to group systems using Puppet and hiera?

[Atom Powers]

My environment is pretty small, so far, so I can get away with having
host specific yaml files. I wrote an ENC that reads the host yaml
files for role/group information because I plan to eventually move
that data into a CMDB of some kind.

At $previous_job I used LDAP as the CMDB and an ENC script to pull the
host role data out of the directory service.

Basically, any database or application you use to store role
information and can be accessed via a script from the puppetmaster
should work for you. The hard part is finding one that you like.

On Mon, Feb 17, 2014 at 1:05 PM, Alex Scoble  wrote:
> Hi All,
>
> We are currently transitioning from using the Puppet Enterprise (PE) ENC to
> using hiera. Howevver, one piece of functionality that we lack with hiera is
> the ability to group systems together based on function. We can only
> currently group the systems based on available facts and are currently using
> environment, osfamily and domain in our hierarchy, however it would be
> extremely useful to also have a "group" or "role" category in our hiera
> hierarchy.
>
> As I see it we have a few options and hopefully, people here can add better
> options that they are using.
>
> The first is to use groups within the PE ENC which can apparently be used as
> a variable within the hiera hierarchy. This would be an easy solution, but
> not a very scalable one as putting systems into groups using the PE console
> is very slow and I haven't seen a documented way to manipulate the PE
> console data using a command line tool.
>
> Second is to create a custom fact named group, but this requires that each
> system has a yaml file dropped in the correct place and I don't see a good
> way to automate creation of these files using PE, which would make it
> scalable. One way to do it would be to create a hiera yaml for each system
> with group parameter set, but the whole point of this exercise is to avoid
> creating hiera yamls for each system in our environment. I don't see having
> 1000+ hiera yamls as very scalable or manageable.
>
> Third, of course, is to just manage this with individual hiera yamls for
> each system where classes required for that system's functions, but can't be
> defined higher up in the hierarchy, would be called out, but as I said
> before, this option isn't very scalable or manageable.
>
> If you are using Puppet and hiera, how are you managing groups of systems
> (web servers, Nessus servers, mail servers, etc.)?
>
> Thanks,
>
> Alex
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/234ab5f3-bb1e-43a8-b365-bd110e5052da%40googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.



-- 
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOkOuiMdjEGxadE2sS_PBmYJpc%3DWLfq_K%3D4pgs19zXX-Lg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] How to group systems using Puppet and hiera?

[Alex Scoble]

Hi All,

We are currently transitioning from using the Puppet Enterprise (PE) ENC to 
using hiera. Howevver, one piece of functionality that we lack with hiera 
is the ability to group systems together based on function. We can only 
currently group the systems based on available facts and are currently 
using environment, osfamily and domain in our hierarchy, however it would 
be extremely useful to also have a "group" or "role" category in our hiera 
hierarchy.

As I see it we have a few options and hopefully, people here can add better 
options that they are using.

The first is to use groups within the PE ENC which can apparently be used 
as a variable within the hiera hierarchy. This would be an easy solution, 
but not a very scalable one as putting systems into groups using the PE 
console is very slow and I haven't seen a documented way to manipulate the 
PE console data using a command line tool.

Second is to create a custom fact named group, but this requires that each 
system has a yaml file dropped in the correct place and I don't see a good 
way to automate creation of these files using PE, which would make it 
scalable. One way to do it would be to create a hiera yaml for each system 
with group parameter set, but the whole point of this exercise is to avoid 
creating hiera yamls for each system in our environment. I don't see having 
1000+ hiera yamls as very scalable or manageable.

Third, of course, is to just manage this with individual hiera yamls for 
each system where classes required for that system's functions, but can't 
be defined higher up in the hierarchy, would be called out, but as I said 
before, this option isn't very scalable or manageable.

If you are using Puppet and hiera, how are you managing groups of systems 
(web servers, Nessus servers, mail servers, etc.)?

Thanks,

Alex

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/234ab5f3-bb1e-43a8-b365-bd110e5052da%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: moving from previous manual install to puppet/chocolatey

[Jay Benner]

I tried them in chocolatey.ps1, but that just seemed to break chocolatey.

On Monday, February 17, 2014 11:11:25 AM UTC-8, Jay Benner wrote:
>
> If I am going to use the workarounds mentioned in the bug article you 
> referenced, should I put that code into chocolateyinstall.ps1?
>
> On Friday, February 14, 2014 1:57:12 PM UTC-8, Rob Reynolds wrote:
>>
>> It looks to be a possible bug in the chocolatey provider that happens 
>> when we try to capture both error and regular logging when an error has 
>> occurred. Keep a watch on the issue itself for updates.
>>
>> In the meantime if you are using SYSTEM for the puppet agent, I would 
>> switch to something with network access and see if chocolatey works inside 
>> of puppet.
>>
>>
>> On Fri, Feb 14, 2014 at 3:33 PM, Jay Benner  wrote:
>>
>>> Some improvement.  I'll attach another chocolateyinstall log below.  It 
>>> still didn't install the agent, but it also didn't add an entry to /lib, so 
>>> I'm guessing it will keep trying.  Looks like the same error downloading 
>>> the file.
>>>
>>> http://pastebin.com/BFd90qkb
>>>
>>>
>>>
>>> On Friday, February 14, 2014 10:55:51 AM UTC-8, Rob Reynolds wrote:
>>>
 Let's have you upgrade chocolatey to 0.9.8.23 and see if the issue 
 still happens. The paste bin shows 0.9.8.20.


 On Fri, Feb 14, 2014 at 12:53 PM, Rob Reynolds wrote:

> You are running into an issue we have seen but have not been able to 
> reproduce effectively - https://github.com/chocolatey/
> puppet-chocolatey/issues/18
>  
>
> On Fri, Feb 14, 2014 at 12:47 PM, Jay Benner wrote:
>
>> The following is a copy of my log:
>> http://pastebin.com/wz5peZbG
>> Looks like the download failed.  Perhaps a problem with puppet not 
>> being able to access my personal temp folder?
>>
>>
>> On Friday, February 14, 2014 9:58:53 AM UTC-8, Rob Reynolds wrote:
>>
>>> I looks like it does install the package, but may be running into 
>>> something else when it is running. In C:\chocolatey\chocolateyInstall 
>>> there are some log files, what does the log file say about the 
>>> installation?
>>>
>>>
>>> On Thu, Feb 13, 2014 at 2:10 PM, Jay Benner wrote:
>>>
  I had deleted the entry in /lib.


 On Wednesday, February 12, 2014 2:37:49 PM UTC-8, Jay Benner wrote:

> I have a bunch of windows servers with NewRelic installed on them 
> and I want to start managing those installs with Puppet.  Seemed like 
> the 
> thing to do would be to have chocolatey uninstall what is there and 
> reinstall within the framework of chocolatey so that I get 
> addressable 
> version information and the like.  I created the following chocolatey 
> package and it works fine when run from the command line using cinst: 
> any 
> existing version is removed and the new version, managed by 
> chocolatey, 
> gets put in its place.  However, when I run it from Puppet, it does 
> the 
> uninstall ok, but the install never happens, even though chocolatey 
> seems 
> to think that the package is installed.  
>
>
> stop-service "LiveVault Backup Service"
> $app = Get-WmiObject -Class Win32_Product | Where-Object { 
> $_.Name -match "New Relic Server Monitor" 
> }
>
> $app.Uninstall()
> $licensekey = "XX"
>
> $packageName = 'NewRelic_ServerMonitor'
> $installerType = 'MSI' 
> $url = 'http://download.newrelic.com/windows_server_monitor/
> release/NewRelicServerMonitor_x86_2.0.0.198.msi'
> $url64 = 'http://download.newrelic.com/windows_server_monito
> r/release/NewRelicServerMonitor_x64_2.0.0.198.msi' 
> $validExitCodes = @(0) 
> $silentArgs = "/L*v install_Agent.log /qn NR_LICENSE_KEY=`"
> $licensekey`"" 
> Install-ChocolateyPackage "$packageName" "$installerType" "$
> silentArgs" "$url" "$url64"  -validExitCodes $validExitCodes
>
> start-service "LiveVault Backup Service"
> Start-service "New Relic Server Monitor"
>
  -- 
 You received this message because you are subscribed to the Google 
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, 
 send an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/22e5472b-f50d
 -4d93-aadc-69ebaa2c9f74%40googlegroups.com.

 For more options, visit https://groups.google.com/groups/opt_out.

>>>
>>>
>>>
>>> -- 
>>> Rob Reynolds
>>> Developer, Puppet Labs
>>>
>>> *Join us at PuppetConf 2014, September 23-24 in San Francisco - *
>>>

Re: [Puppet Users] Use the same resource in two dependent classes

[Trevor Vaughan]

Can you just have Class B 'include' class A and then have the appropriate
resources in Class B notify/require what you need from Class A?

If not, then you might need a Class C that provides the glue code using the
relationship operators (->, ~>, etc...).

Trevor


On Mon, Feb 17, 2014 at 6:41 AM,  wrote:

> Hi,
> I have this situation:
>
> Class A: contains a File resource, and a Service resource which requires
> the File resource (the service needs to be restarted when the file changes).
>
> Class B: will be applied only on a subset of machines where class A is
> applied, and it requires class A - resources belonging to class B must be
> applied only after resources from class A have been applied. Class B also
> contains some File resources, and after they are applied also the _same_
> service from class A needs to be restarted.
>
> How do you deal with this situation?
>
> I cannot declare the same Service resource again in class B.
> And I cannot declare the Service in class A as dependent from the File in
> class B.
>
> Thanks for any suggestions.
> Marco
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/28c5d6ac-3bbe-490d-b174-d321d0bf7fc7%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaug...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANs%2BFoWYtHnx7CXbZ7P9wx5W%3DigB9peKveyW77jG4MyQkq3ZGg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Mcollective client installation

[José Luis Ledesma]

I don't know how puppet enterprise works with mco, but in the open source
version you have to create a certificate for the user you are going to call
mco and sign in with the middleware certificate.
El 17/02/2014 18:50, "Deep"  escribió:

> Hi Jose,
>
> Thanks for your quick response and explaining me in details. I tried mco
> ping command but getting below error.
>
> error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL
> session creation with stomp+ssl://mcollective@gsldev23:61613 failed:
> nested asn1 error
>
> I am using below ssl configuration in client.cfg
>
> plugin.activemq.pool.1.ssl.ca =
> /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem
> plugin.activemq.pool.1.ssl.cert =
> /etc/puppetlabs/mcollective/ssl/mcollective-private.pem
> plugin.activemq.pool.1.ssl.key =
> /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem
>
>
> securityprovider = ssl
>
> # SSL plugin settings:
> plugin.ssl_server_public =
> /etc/puppetlabs/mcollective/ssl/mcollective-public.pem
> plugin.ssl_client_private =
> /etc/puppetlabs/mcollective/ssl/mcollective-private.pem
> plugin.ssl_client_public =
> /etc/puppetlabs/mcollective/ssl/mcollective-public.pem
>
> Can you tell me if this is wrong?
>
>
> On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote:
>>
>> Hi,
>>
>> Mcollective has 3 roles:
>> - the server installed in every puppet client
>> - the middleware installed in puppet master
>> - the client installed anywhere, puppet master is a good place
>>
>> The client is just the utilities to call commands, it attacks the
>> middleware, authenticate with certificates, and it is the middle ware who
>> spread the command to every mcollective server. It doesnt have an agent
>> running.
>>
>> Just try 'mco ping' from the server/user that is the mco client to check
>> if it works.
>>
>> Regards,
>> El 17/02/2014 18:14, "Deep"  escribió:
>>
>>> Hi All,
>>>
>>> I have installed puppet enterprise which comes with Mcollective. I have
>>> installed Puppet Master on node 1 and puppet agent on node 2 and node 3.
>>> while installing , it asked me if I want to install Mcollective. I wanted
>>> to have Mcollective client on my Puppet Master. and Mcollective servers on
>>> node 2 and node 3.
>>>
>>> But when I checked, there was no client.cfg file created at
>>> /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg
>>>
>>> How can I use Mcollective client on puppet Master?
>>>
>>> I have created client.cfg but still Mcollective needs server.cfg to
>>> start. Can anybody suggest me on this please? I am new to Mcollective and
>>> trying to learn it and implement it.
>>>
>>> Regards,
>>> Deep
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%
>>> 40googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/d02964e3-b236-489c-9710-f406fea7a114%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3dcOXCAWtG13pyD-%3D8qg-X4aR%3DUvD166D4BZhw5XLXOxfw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Use the same resource in two dependent classes

[Larry Fast]

Declaring the Service as a Virtual Resource might help but I'm not sure how 
you inject B's dependencies.
http://docs.puppetlabs.com/guides/virtual_resources.html   It might just 
require a Notify inside B.

On Monday, February 17, 2014 3:41:14 AM UTC-8, zerozer...@gmail.com wrote:
>
> Hi,
> I have this situation:
>
> Class A: contains a File resource, and a Service resource which requires 
> the File resource (the service needs to be restarted when the file changes).
>
> Class B: will be applied only on a subset of machines where class A is 
> applied, and it requires class A - resources belonging to class B must be 
> applied only after resources from class A have been applied. Class B also 
> contains some File resources, and after they are applied also the _same_ 
> service from class A needs to be restarted.
>
> How do you deal with this situation?
>
> I cannot declare the same Service resource again in class B.
> And I cannot declare the Service in class A as dependent from the File in 
> class B.
>
> Thanks for any suggestions.
> Marco
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fddce6db-0b96-49e6-a9b1-7545e8b2fca3%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: moving from previous manual install to puppet/chocolatey

[Jay Benner]

If I am going to use the workarounds mentioned in the bug article you 
referenced, should I put that code into chocolateyinstall.ps1?

On Friday, February 14, 2014 1:57:12 PM UTC-8, Rob Reynolds wrote:
>
> It looks to be a possible bug in the chocolatey provider that happens when 
> we try to capture both error and regular logging when an error has 
> occurred. Keep a watch on the issue itself for updates.
>
> In the meantime if you are using SYSTEM for the puppet agent, I would 
> switch to something with network access and see if chocolatey works inside 
> of puppet.
>
>
> On Fri, Feb 14, 2014 at 3:33 PM, Jay Benner 
> > wrote:
>
>> Some improvement.  I'll attach another chocolateyinstall log below.  It 
>> still didn't install the agent, but it also didn't add an entry to /lib, so 
>> I'm guessing it will keep trying.  Looks like the same error downloading 
>> the file.
>>
>> http://pastebin.com/BFd90qkb
>>
>>
>>
>> On Friday, February 14, 2014 10:55:51 AM UTC-8, Rob Reynolds wrote:
>>
>>> Let's have you upgrade chocolatey to 0.9.8.23 and see if the issue still 
>>> happens. The paste bin shows 0.9.8.20.
>>>
>>>
>>> On Fri, Feb 14, 2014 at 12:53 PM, Rob Reynolds wrote:
>>>
 You are running into an issue we have seen but have not been able to 
 reproduce effectively - https://github.com/chocolatey/
 puppet-chocolatey/issues/18
  

 On Fri, Feb 14, 2014 at 12:47 PM, Jay Benner  wrote:

> The following is a copy of my log:
> http://pastebin.com/wz5peZbG
> Looks like the download failed.  Perhaps a problem with puppet not 
> being able to access my personal temp folder?
>
>
> On Friday, February 14, 2014 9:58:53 AM UTC-8, Rob Reynolds wrote:
>
>> I looks like it does install the package, but may be running into 
>> something else when it is running. In C:\chocolatey\chocolateyInstall 
>> there are some log files, what does the log file say about the 
>> installation?
>>
>>
>> On Thu, Feb 13, 2014 at 2:10 PM, Jay Benner wrote:
>>
>>>  I had deleted the entry in /lib.
>>>
>>>
>>> On Wednesday, February 12, 2014 2:37:49 PM UTC-8, Jay Benner wrote:
>>>
 I have a bunch of windows servers with NewRelic installed on them 
 and I want to start managing those installs with Puppet.  Seemed like 
 the 
 thing to do would be to have chocolatey uninstall what is there and 
 reinstall within the framework of chocolatey so that I get addressable 
 version information and the like.  I created the following chocolatey 
 package and it works fine when run from the command line using cinst: 
 any 
 existing version is removed and the new version, managed by 
 chocolatey, 
 gets put in its place.  However, when I run it from Puppet, it does 
 the 
 uninstall ok, but the install never happens, even though chocolatey 
 seems 
 to think that the package is installed.  


 stop-service "LiveVault Backup Service"
 $app = Get-WmiObject -Class Win32_Product | Where-Object { 
 $_.Name -match "New Relic Server Monitor" 
 }

 $app.Uninstall()
 $licensekey = "XX"

 $packageName = 'NewRelic_ServerMonitor'
 $installerType = 'MSI' 
 $url = 'http://download.newrelic.com/windows_server_monitor/
 release/NewRelicServerMonitor_x86_2.0.0.198.msi'
 $url64 = 'http://download.newrelic.com/windows_server_monito
 r/release/NewRelicServerMonitor_x64_2.0.0.198.msi' 
 $validExitCodes = @(0) 
 $silentArgs = "/L*v install_Agent.log /qn NR_LICENSE_KEY=`"
 $licensekey`"" 
 Install-ChocolateyPackage "$packageName" "$installerType" "$
 silentArgs" "$url" "$url64"  -validExitCodes $validExitCodes

 start-service "LiveVault Backup Service"
 Start-service "New Relic Server Monitor"

>>>  -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, 
>>> send an email to puppet-users...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/puppet-users/22e5472b-f50d
>>> -4d93-aadc-69ebaa2c9f74%40googlegroups.com.
>>>
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>
>>
>> -- 
>> Rob Reynolds
>> Developer, Puppet Labs
>>
>> *Join us at PuppetConf 2014, September 23-24 in San Francisco - *
>> http://bit.ly/pupconf14
>>  
>  -- 
> You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to puppet-users...@goo

Re: [Puppet Users] Mcollective client installation

[Deep]

Hi Jose,

Thanks for your quick response and explaining me in details. I tried mco 
ping command but getting below error.

error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL 
session creation with stomp+ssl://mcollective@gsldev23:61613 failed: nested 
asn1 error

I am using below ssl configuration in client.cfg

plugin.activemq.pool.1.ssl.ca = 
/etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem
plugin.activemq.pool.1.ssl.cert = 
/etc/puppetlabs/mcollective/ssl/mcollective-private.pem
plugin.activemq.pool.1.ssl.key = 
/etc/puppetlabs/mcollective/ssl/mcollective-cert.pem


securityprovider = ssl

# SSL plugin settings:
plugin.ssl_server_public = 
/etc/puppetlabs/mcollective/ssl/mcollective-public.pem
plugin.ssl_client_private = 
/etc/puppetlabs/mcollective/ssl/mcollective-private.pem
plugin.ssl_client_public = 
/etc/puppetlabs/mcollective/ssl/mcollective-public.pem

Can you tell me if this is wrong? 


On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote:
>
> Hi,
>
> Mcollective has 3 roles:
> - the server installed in every puppet client
> - the middleware installed in puppet master
> - the client installed anywhere, puppet master is a good place
>
> The client is just the utilities to call commands, it attacks the 
> middleware, authenticate with certificates, and it is the middle ware who 
> spread the command to every mcollective server. It doesnt have an agent 
> running.
>
> Just try 'mco ping' from the server/user that is the mco client to check 
> if it works.
>
> Regards,
> El 17/02/2014 18:14, "Deep" > escribió:
>
>> Hi All,
>>
>> I have installed puppet enterprise which comes with Mcollective. I have 
>> installed Puppet Master on node 1 and puppet agent on node 2 and node 3. 
>> while installing , it asked me if I want to install Mcollective. I wanted 
>> to have Mcollective client on my Puppet Master. and Mcollective servers on 
>> node 2 and node 3.
>>
>> But when I checked, there was no client.cfg file created at 
>> /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg
>>
>> How can I use Mcollective client on puppet Master?
>>
>> I have created client.cfg but still Mcollective needs server.cfg to 
>> start. Can anybody suggest me on this please? I am new to Mcollective and 
>> trying to learn it and implement it.
>>
>> Regards,
>> Deep
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d02964e3-b236-489c-9710-f406fea7a114%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Mcollective client installation

[José Luis Ledesma]

Hi,

Mcollective has 3 roles:
- the server installed in every puppet client
- the middleware installed in puppet master
- the client installed anywhere, puppet master is a good place

The client is just the utilities to call commands, it attacks the
middleware, authenticate with certificates, and it is the middle ware who
spread the command to every mcollective server. It doesnt have an agent
running.

Just try 'mco ping' from the server/user that is the mco client to check if
it works.

Regards,
El 17/02/2014 18:14, "Deep"  escribió:

> Hi All,
>
> I have installed puppet enterprise which comes with Mcollective. I have
> installed Puppet Master on node 1 and puppet agent on node 2 and node 3.
> while installing , it asked me if I want to install Mcollective. I wanted
> to have Mcollective client on my Puppet Master. and Mcollective servers on
> node 2 and node 3.
>
> But when I checked, there was no client.cfg file created at
> /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg
>
> How can I use Mcollective client on puppet Master?
>
> I have created client.cfg but still Mcollective needs server.cfg to start.
> Can anybody suggest me on this please? I am new to Mcollective and trying
> to learn it and implement it.
>
> Regards,
> Deep
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3ddWUNfxR4p1NKOGmkc2BuhPhjgs8LZ0J-7bh0P__unPLA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: how to require a md5sum before installing?

[Rafael Cristaldo]

Em sexta-feira, 14 de fevereiro de 2014 13h38min03s UTC-2, Andy Spiegl 
escreveu:
>
> Hi, 
>
> I've got several modules which grab installer files from a network 
> share.  The share is readonly and as well protected as possibly. 
> But still, I have a bad feeling about it and would like to introduce 
> an extra layer of security.  Like checking the md5sum of the file 
> before running the installer. 
>
> I thought about have a require line similar to 
>  require  => md5['cdfb294489a14305ca729cc13fe10d52'], 
>
> Any ideas? 
>
> Thanks, 
>  Andy. 
>
> -- 
>  It is no coincidence that in no known language 
>  does the phrase 'As pretty as an Airport' appear. 
>(Douglas Adams) 
>

Hi Andy!

I know a module that download packages (tar.gz) for example, and make MD5 
check on it!.
Maybe you may download it and analyse the manifests to understand how to do 
MD5 on your modules!

 http://forge.puppetlabs.com/gini/archive

I have used it! with my módules, create my packages and the MD5 of 
them..and it works!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cf1ac3b4-f844-4b3c-a765-6310acc80a9f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Using external facts in puppet manifests

[Deep]

Hi John,

thanks a lot for your response. I am able to see the external fact value 
now. 

On Monday, February 17, 2014 2:33:40 PM UTC, jcbollinger wrote:
>
>
>
> On Friday, February 14, 2014 10:42:30 AM UTC-6, Deep wrote:
>>
>> Hi,
>>
>> I have created few external facts by putting an yaml file in 
>> /etc/puppetlabs/facter/facts.d folder on agent and they are available in 
>> puppetdb and in my erb templates.
>>
>> But I am not able to use them in puppet manifests.I am getting undef 
>> value.
>>
>> Is there anyway to use them?
>>
>>
>
> If the facts are being interpolated into your templates then they are also 
> available in your manifests.  If you present an example manifest wherein 
> the fact value does not seem to be read correctly, then we may be able to 
> help.  At a first guess, though, I'd rate the chances near unity that 
> either the manifest is reading the fact value correctly, or that its name 
> is misspelled.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b10f0b44-5101-4cc6-bb49-571809433840%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Mcollective client installation

[Deep]

Hi All,

I have installed puppet enterprise which comes with Mcollective. I have 
installed Puppet Master on node 1 and puppet agent on node 2 and node 3. 
while installing , it asked me if I want to install Mcollective. I wanted 
to have Mcollective client on my Puppet Master. and Mcollective servers on 
node 2 and node 3.

But when I checked, there was no client.cfg file created at 
/etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg

How can I use Mcollective client on puppet Master?

I have created client.cfg but still Mcollective needs server.cfg to start. 
Can anybody suggest me on this please? I am new to Mcollective and trying 
to learn it and implement it.

Regards,
Deep

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] puppet kick

[Matt Zagrabelny]

On Mon, Feb 17, 2014 at 11:00 AM, kavya reddy  wrote:
> Hi all,
> I just started working with puppet.i want a simple push mechanism from
> puppet master on to agent.i tried using "puppet kick" though its running and
> displaying message "successfully exited" the changes are not being reflected
> on agent.
> I got to know puppet kick got deprecated in version 3.0 and later.
> Iam using 2.7 version
> can anyone tell me whats wrong.
> Thanks in advance :)

Hi Kavya,

Are your nodes listening?

node$ cat /etc/puppet/puppet.conf
[...]
[agent]
listen  = true
[...]

Firewall allowing that port?

node# lsof -i -n -P | grep 8139
puppet 2582 root5u  IPv47214  0t0  TCP *:8139 (LISTEN)

node# iptables -L -v -n | grep 8139
2   120 ACCEPT tcp  --  *  *   10.1.1.1   0.0.0.0/0
tcp dpt:8139

-mz

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOLfK3Uzkrxwoqxh1C0pB8Pc0yt2oSEUZ3c9UpC7HQi9jxr%2B9g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] puppet kick

[kavya reddy]

Hi all,
I just started working with puppet.i want a simple push mechanism from 
puppet master on to agent.i tried using "puppet kick" though its running 
and displaying message "successfully exited" the changes are not being 
reflected on agent.
I got to know puppet kick got deprecated in version 3.0 and later.
Iam using 2.7 version
can anyone tell me whats wrong.
Thanks in advance :)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/154b0b29-da9f-455b-ac73-a7a6d539672f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Augeas with puppet 3.4.2

[Dominic Cleal]

The fix that Marcelo pointed out isn't relevant here, it's to fix a
false positive log message.  The log message is actually correct in this
instance, no need to update augeas.rb.

The Augeas library is unable to parse something on line 51 of your
/etc/group file.  From the debug: augeas/files/etc/group/error/line = 51

Look to see what's there and maybe you can edit the file to workaround
the problem.  If the file is still valid, then please file a bug either
with your distribution or upstream
(https://github.com/hercules-team/augeas/issues).

-- 
Dominic Cleal
Red Hat Engineering

On 13/02/14 20:54, Ryan Anderson wrote:
> Cool. Does this mean I need to update augeas.rb from github.com
>  or wait for it to make it into a future release?
> What should I do to fix it now?
> 
> In case it helps, here are the problem bits from the debug output:
> ^[[0;32mInfo: Applying configuration version '1392322307'^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Opening
> augeas with root /, lens path , flags 32^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Augeas
> version 1.0.0 is installed^[[0m
> ^[[1;31mWarning: Augeas[myuser_in_logingroup](provider=augeas): Loading
> failed for one or more files, see debug for /augeas//error output^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error = parse_failed^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error/pos = 670^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error/line = 51^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error/char = 0^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error/lens =
> /usr/share/augeas/lenses/dist/group.aug:44.17-.40:^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
> /augeas/files/etc/group/error/message = Iterated lens matched less than
> it should^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Will
> attempt to save and only run if files changed^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): sending
> command 'set' with params ["/files/etc/group/mygroup/user[last()+1]",
> "myuser"]^[[0m
> ^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Closed the
> augeas connection^[[0m
> ^[[1;31mError:
> /Stage[main]/Group_management/Augeas[myuser_in_logingroup]: Could not
> evaluate: Save failed with return code false, see debug
> /usr/lib/ruby/site_ruby/1.8/puppet/util/errors.rb:97:in `fail'
> /usr/lib/ruby/site_ruby/1.8/puppet/provider/augeas/augeas.rb:388:in
> `need_to_run?'
> /usr/lib/ruby/site_ruby/1.8/puppet/type/augeas.rb:175:in `retrieve'
> 
> On Thursday, February 13, 2014 1:18:27 PM UTC-6, Marcelo Frota wrote:
> 
> Hi, 
> 
> I had the same problem,  the solution of the problem is in : 
> 
> 
> https://github.com/puppetlabs/puppet/commit/644fc99193dd5e2beed3facbccb949caf8d6501f
> 
> ,
>  
> 
> Best  regards, 
> Marcelo Frota
> 
> 
> 2014-02-13 14:23 GMT-02:00 Rob Reynolds  >:
> 
> 
> 
> 
> On Thu, Feb 13, 2014 at 9:54 AM, Ryan Anderson
> > wrote:
> 
> I have some augeas code that works flawlessly with puppet
> 2.6.17, but when running the identical code on 3.4.2, I get
> an error.
> 
> The code:
>augeas { 'myuser_in_logingroup':
>   context => '/files/etc/group',
>   changes => [ "set ${hostname}/user[last()+1]
> myuser", ],
>   onlyif  => "match ${hostname}/*[.='myuser'] size
> == 0",
>   require => Group['local_login_group'],
> }
> 
> The error from running 'puppet agent -tv':
> Warning: Augeas[myuser_in_logingroup](provider=augeas):
> Loading failed for one or more files, see debug for
> /augeas//error output
> Error:
> /Stage[main]/Group_management/Augeas[myuser_in_logingroup]:
> Could not evaluate: Save failed with return code false, see
> debug
> 
> I'm having a difficult time finding/understanding clues from
> debug output. Any ideas?
> 
> 
> Ryan, would you mind running 'puppet agent --trace --verbose
> --debug' and posting the output here?
> 
>  
> 
> 
> -- 
> You received this message because you are subscribed to the
> Google Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails
> from it, send an email to puppet-users...@googlegroups.com
> .
> To view this discussion on the web visit
>  

[Puppet Users] Re: classe uses two defines but second is ignored

[jcbollinger]

On Monday, February 17, 2014 4:13:38 AM UTC-6, Andreas Dvorak wrote:
>
> Hi John,
>
> thank you for your reply. You have found an other issue.
> But my main problem is that the second call of "replace" is ignored.
>
>

As I said at the end, I don't think the second 'replace' resource is being 
ignored at all.  At any rate, you have presented no evidence of it, and I 
have no reason to believe that the manifest you presented would be subject 
to such an issue.  I already described one way that you could test whether 
the resource is in fact ignored.

On the other hand, the real problem I described will result in Puppet 
deciding under some circumstances that the Exec resource inside one of your 
baader::replace resources is already in sync.  Depending on the logging 
level with which you are running the agent, that might result in nothing 
related to the resource being emitted to the log / standard out, which in 
turn could lead you to think that the resource was being ignored.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8c10ec17-c747-411f-8582-885f7c26363e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Custom policy executable

[George Brown]

So After re-reading the docs 
http://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html#policy-executable-api

I've made the following modification which works.

 #!/bin/bash
 
HOST=$1
CUSTOM_ATTR=$(openssl req -noout -text -in 
"/var/lib/puppet/ssl/ca/requests/$HOST.pem" | grep "challengePassword" | 
awk -F ":" '{print$2}')
 
if [[ "$CUSTOM_ATTR" == "foo" ]]
then
  exit 0
else
  exit 1
fi

I'd still be interested to see what others are doing with policy based auto 
signing though.

On Monday, February 17, 2014 3:20:50 PM UTC+1, George Brown wrote:
>
> Hi,
>
> I'm trying to create an autosign policy which checks for a custom 
> attribute in the CSR but I'm having some issue with the master not signing 
> the request.
>
> My client has the following in /etc/puppet/csr_attributes.yaml
>
> custom_attributes:
>   1.2.840.113549.1.9.7: foo
>
>
> My policy is a simple bash script, in this case checking for foo
>
> #!/bin/bash
>  
> CUSTOM_ATTR=$(echo "$(cat)" | grep "challengePassword" | awk -F ":" 
> '{print$2}')
>  
> if [[ "$CUSTOM_ATTR" == "foo" ]]
> then
>exit 0
> else
>exit 1
> fi
> 
> I had tested with the following, I'm guessing the issue is with my script 
> not reading in the CSR from puppet? If anyone has any examples of policies 
> they have created I would love to see them (this seems to be lacking in the 
> puppet documentation).
>
> sudo openssl req -noout -text -in  
> /var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo 
> $? 
> 0
>
> Many thanks,
> George
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fdff0a68-c613-47ac-9910-002b15b34598%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Tags and dependencies

[jcbollinger]

On Friday, February 14, 2014 9:18:21 AM UTC-6, zerozer...@gmail.com wrote:
>
> On Friday, February 14, 2014 3:55:29 PM UTC+1, Felix.Frank wrote:
>
> On 02/14/2014 03:52 PM, zerozer...@gmail.com wrote: 
>> >   File <| (tag == "myname::myclass") and (tag == "post_exec") |> 
>>
>> While this looks sane, this syntax is not yet supported. Your collectors 
>> must use trivial expressions of the form "a == b".
>
>
> Sorry, what do you mean? I'm using two trivial expressions AFAICT.
> Or are you referring to the "and"ing of two search expressions?
>


Yes, I believe the combination of two simple expressions into a complex one 
via the "and" operator is what Felix was referring to.  Despite the docs, 
it might be worthwhile to play around a bit to test the outlines of the 
problem:

   - Does it really work at all (for your version of the master)?  The docs 
   are fairly reliable, but if you happen not to be on the latest Puppet then 
   they might not apply.  Also, Puppet occasionally suffers regressions (which 
   typically are fixed pretty quickly once PL is made aware of them).
   - Is the failure related specifically to the 'tag' property, which is a 
   bit special?
   - Is the failure related to having two conditions on the same resource 
   parameter?
   
Or we could return to my original remark that what you're doing is a bit 
questionable.  Whether your code really ought to work notwithstanding, your 
manifest set would be more robust if you wrapped all the managed resources 
related to each piece of software into its own class or defined-type 
instance.  If you have a lot of services and your declarations are 
consistent in form, then using a common defined type and one instance per 
(user, file, service) triple would make your manifests even cleaner, and 
allow you to be more precise with relationships, too.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/30155aff-d546-4256-9635-f84a7c1e3359%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet Actions in Parallel?

[Deepak Giridharagopal]

On Sat, Feb 15, 2014 at 9:00 AM, Trevor Vaughan wrote:

> Wow, that's quite some dead thread resurrection!
>
> I remember this being discussed in the past and part of the issue is that
> so many parts of what Puppet is doing are I/O bound so I'm not really sure
> what the parallelism would gain you outside of destroying your I/O channels.
>
> That said, I think it would be nice to have supported for those that do
> have systems that can take advantage of it. We may even see that a -j2
> would give just enough balance between I/O destruction and system
> acceleration.
>

There was a recent, pretty in-depth discussion in puppet-dev about a
related concept: batched application of resources:

https://groups.google.com/forum/#!msg/puppet-dev/X7RgakTGnbk/19RgHTMuLZUJ


>
> Trevor
>
>
>
>
>
>
> On Fri, Feb 14, 2014 at 11:52 PM, Andrew Pennebaker <
> andrew.penneba...@gmail.com> wrote:
>
>> This is a fantastic idea! Any progress on this?
>>
>>
>> On Sunday, March 4, 2012 10:53:23 PM UTC-5, Jon Forrest wrote:
>>>
>>> As many learning Puppet for the first time, the fact that the
>>> order of actions is undefined unless specific metaparameters
>>> like 'require' are used. Fine.
>>>
>>> This got me to thinking. The GNU make program has the "-j"
>>> option, which allows make to start more than one action
>>> in parallel if the actions are at the same dependency level.
>>> I've used this option on a 48-core machine to great benefit.
>>>
>>> So, why can't there be a similar option in the puppet agent?
>>> I can easily imagine how this could substantially reduce the
>>> length of time for a puppet run.
>>>
>>> (The make "-j" option allows an optional numeric value, which, if
>>> given, is the maximum number of actions that can be run
>>> in parallel. If no numeric is given, then there's no limit
>>> to the number of parallel actions).
>>>
>>> I did a quick review of the Puppet manual but I didn't see
>>> anything like this. Am I missing something? Is this a good
>>> idea?
>>>
>>> Cordially,
>>> Jon Forrest
>>>
>>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/b836c960-09bc-48f5-8b5f-407d42233b10%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>
>
> --
> Trevor Vaughan
> Vice President, Onyx Point, Inc
> (410) 541-6699
> tvaug...@onyxpoint.com
>
> -- This account not approved for unencrypted proprietary information --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CANs%2BFoV5iSNbuS%2BnxEzmU7mhQXzGtwf5p4-e4M3P1K_b_P_Fbw%40mail.gmail.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOjOXY2Rv1i9s5fDtXf-w9o0%3DHtYzkbMkGc-1E0uSVGcZBFj_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Using external facts in puppet manifests

[jcbollinger]

On Friday, February 14, 2014 10:42:30 AM UTC-6, Deep wrote:
>
> Hi,
>
> I have created few external facts by putting an yaml file in 
> /etc/puppetlabs/facter/facts.d folder on agent and they are available in 
> puppetdb and in my erb templates.
>
> But I am not able to use them in puppet manifests.I am getting undef value.
>
> Is there anyway to use them?
>
>

If the facts are being interpolated into your templates then they are also 
available in your manifests.  If you present an example manifest wherein 
the fact value does not seem to be read correctly, then we may be able to 
help.  At a first guess, though, I'd rate the chances near unity that 
either the manifest is reading the fact value correctly, or that its name 
is misspelled.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/924f75c2-7ae7-4585-ada1-52536ec6ff07%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Puppet Actions in Parallel?

[jcbollinger]

On Sunday, February 16, 2014 10:43:53 AM UTC-6, Trevor Vaughan wrote:
>
>
> [...] this may not happen but it would still be nice to have.
>
>
>

Well, I think the question that killed this thread the first time boils 
down to "would it really?".  The speculation at the time was that parallel 
execution would produce disappointing wall-time gains, based on the 
assertion that the catalog application process is largely I/O bound.  There 
were also some assertions that Ruby doesn't do shared-memory parallelism 
very well.  Nobody reported any actual analysis of any of that, though.

Whatever benefit there might be needs to be weighed against the costs, 
which include not just the direct costs of developing the feature, but also 
the ongoing costs of added code complexity and increased maintenance burden.

Were I PL, I would be very hesitant to devote resources to such a 
speculative project as I think this would be.  Were I a user interested in 
such a feature and having time available, I might consider having a go the 
project myself.  Working code trumps predictive analysis every time.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6bb31477-57ef-4035-9c0c-ffc0b6d757d5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Custom policy executable

[George Brown]

Hi,

I'm trying to create an autosign policy which checks for a custom attribute 
in the CSR but I'm having some issue with the master not signing the 
request.

My client has the following in /etc/puppet/csr_attributes.yaml

custom_attributes:
  1.2.840.113549.1.9.7: foo


My policy is a simple bash script, in this case checking for foo

#!/bin/bash
 
CUSTOM_ATTR=$(echo "$(cat)" | grep "challengePassword" | awk -F ":" 
'{print$2}')
 
if [[ "$CUSTOM_ATTR" == "foo" ]]
then
   exit 0
else
   exit 1
fi

I had tested with the following, I'm guessing the issue is with my script 
not reading in the CSR from puppet? If anyone has any examples of policies 
they have created I would love to see them (this seems to be lacking in the 
puppet documentation).

sudo openssl req -noout -text -in  
/var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo 
$? 
0

Many thanks,
George

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/30d1d249-b648-4eb2-be32-1578f6118705%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: continued deployment

[JuanBrein]

Have you read Continuous Delivery from Jez Humble? 

Is a great starting point covering main aspects. Look in youtube as well, 
there are plenty of videos from people implementing continuous delivery.

Technology wise it is so wide that is difficult to find a single recipe. If 
you detail a bit more about your stack I could give you some hints.

Now you mentioned continuous deployment and that as far as I understand is 
kind of a new area. If you are new to it you should first aim for 
continuous Delivery and then think on Continuous Deployment.

Juan

On Sunday, February 16, 2014 12:06:16 PM UTC, Peter Romfeld wrote:
>
> Hi,
>
> I got most of our infrastructure managed with puppet now. Now i want to 
> learn about continued app deplyment with puppet..
>
> So far my noob knowledge is I would use:
> manage directory recursive -> notify exec command
>
> You have some some links or catchwords(google) for me to do this the 
> proper way?
>
> Thanks,
> Peter
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8e72e7e0-c207-4628-bfaf-ba2008443f38%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Use the same resource in two dependent classes

[zerozerounouno]

Hi,
I have this situation:

Class A: contains a File resource, and a Service resource which requires 
the File resource (the service needs to be restarted when the file changes).

Class B: will be applied only on a subset of machines where class A is 
applied, and it requires class A - resources belonging to class B must be 
applied only after resources from class A have been applied. Class B also 
contains some File resources, and after they are applied also the _same_ 
service from class A needs to be restarted.

How do you deal with this situation?

I cannot declare the same Service resource again in class B.
And I cannot declare the Service in class A as dependent from the File in 
class B.

Thanks for any suggestions.
Marco

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/28c5d6ac-3bbe-490d-b174-d321d0bf7fc7%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: how to require a md5sum before installing?

[Andy Spiegl]

> My solution to that, has been to use a packaging system.
Thanks, that's a good solution!

For my windows clients I need something different, though. :-(
Apparently there is no solution yet.  How would I go about writing a
plugin myself?  Unfortunately I'm still too new to puppet...

Thanks,
 Andy.

-- 
 Did you know: Women blink nearly twice as much as men.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140217105204.GA8215%40spiegl.de.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: classe uses two defines but second is ignored

[Andreas Dvorak]

Hi John,

thank you for your reply. You have found an other issue.
But my main problem is that the second call of "replace" is ignored.
I still do not understand the reason.

Best regards,
Andreas

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/81a0b91a-d450-4ea3-96db-cb99b8dfd57e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.