[Puppet Users] Re: classe uses two defines but second is ignored
Hi John, thank you for your reply. You have found an other issue. But my main problem is that the second call of replace is ignored. I still do not understand the reason. Best regards, Andreas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/81a0b91a-d450-4ea3-96db-cb99b8dfd57e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: how to require a md5sum before installing?
My solution to that, has been to use a packaging system. Thanks, that's a good solution! For my windows clients I need something different, though. :-( Apparently there is no solution yet. How would I go about writing a plugin myself? Unfortunately I'm still too new to puppet... Thanks, Andy. -- Did you know: Women blink nearly twice as much as men. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140217105204.GA8215%40spiegl.de. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Use the same resource in two dependent classes
Hi, I have this situation: Class A: contains a File resource, and a Service resource which requires the File resource (the service needs to be restarted when the file changes). Class B: will be applied only on a subset of machines where class A is applied, and it requires class A - resources belonging to class B must be applied only after resources from class A have been applied. Class B also contains some File resources, and after they are applied also the _same_ service from class A needs to be restarted. How do you deal with this situation? I cannot declare the same Service resource again in class B. And I cannot declare the Service in class A as dependent from the File in class B. Thanks for any suggestions. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/28c5d6ac-3bbe-490d-b174-d321d0bf7fc7%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: continued deployment
Have you read Continuous Delivery from Jez Humble? Is a great starting point covering main aspects. Look in youtube as well, there are plenty of videos from people implementing continuous delivery. Technology wise it is so wide that is difficult to find a single recipe. If you detail a bit more about your stack I could give you some hints. Now you mentioned continuous deployment and that as far as I understand is kind of a new area. If you are new to it you should first aim for continuous Delivery and then think on Continuous Deployment. Juan On Sunday, February 16, 2014 12:06:16 PM UTC, Peter Romfeld wrote: Hi, I got most of our infrastructure managed with puppet now. Now i want to learn about continued app deplyment with puppet.. So far my noob knowledge is I would use: manage directory recursive - notify exec command You have some some links or catchwords(google) for me to do this the proper way? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8e72e7e0-c207-4628-bfaf-ba2008443f38%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Actions in Parallel?
On Sunday, February 16, 2014 10:43:53 AM UTC-6, Trevor Vaughan wrote: [...] this may not happen but it would still be nice to have. Well, I think the question that killed this thread the first time boils down to would it really?. The speculation at the time was that parallel execution would produce disappointing wall-time gains, based on the assertion that the catalog application process is largely I/O bound. There were also some assertions that Ruby doesn't do shared-memory parallelism very well. Nobody reported any actual analysis of any of that, though. Whatever benefit there might be needs to be weighed against the costs, which include not just the direct costs of developing the feature, but also the ongoing costs of added code complexity and increased maintenance burden. Were I PL, I would be very hesitant to devote resources to such a speculative project as I think this would be. Were I a user interested in such a feature and having time available, I might consider having a go the project myself. Working code trumps predictive analysis every time. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6bb31477-57ef-4035-9c0c-ffc0b6d757d5%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Custom policy executable
Hi,
I'm trying to create an autosign policy which checks for a custom attribute
in the CSR but I'm having some issue with the master not signing the
request.
My client has the following in /etc/puppet/csr_attributes.yaml
custom_attributes:
1.2.840.113549.1.9.7: foo
My policy is a simple bash script, in this case checking for foo
#!/bin/bash
CUSTOM_ATTR=$(echo $(cat) | grep challengePassword | awk -F :
'{print$2}')
if [[ $CUSTOM_ATTR == foo ]]
then
exit 0
else
exit 1
fi
I had tested with the following, I'm guessing the issue is with my script
not reading in the CSR from puppet? If anyone has any examples of policies
they have created I would love to see them (this seems to be lacking in the
puppet documentation).
sudo openssl req -noout -text -in
/var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo
$?
0
Many thanks,
George
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/30d1d249-b648-4eb2-be32-1578f6118705%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Using external facts in puppet manifests
On Friday, February 14, 2014 10:42:30 AM UTC-6, Deep wrote: Hi, I have created few external facts by putting an yaml file in /etc/puppetlabs/facter/facts.d folder on agent and they are available in puppetdb and in my erb templates. But I am not able to use them in puppet manifests.I am getting undef value. Is there anyway to use them? If the facts are being interpolated into your templates then they are also available in your manifests. If you present an example manifest wherein the fact value does not seem to be read correctly, then we may be able to help. At a first guess, though, I'd rate the chances near unity that either the manifest is reading the fact value correctly, or that its name is misspelled. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/924f75c2-7ae7-4585-ada1-52536ec6ff07%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Puppet Actions in Parallel?
On Sat, Feb 15, 2014 at 9:00 AM, Trevor Vaughan tvaug...@onyxpoint.comwrote: Wow, that's quite some dead thread resurrection! I remember this being discussed in the past and part of the issue is that so many parts of what Puppet is doing are I/O bound so I'm not really sure what the parallelism would gain you outside of destroying your I/O channels. That said, I think it would be nice to have supported for those that do have systems that can take advantage of it. We may even see that a -j2 would give just enough balance between I/O destruction and system acceleration. There was a recent, pretty in-depth discussion in puppet-dev about a related concept: batched application of resources: https://groups.google.com/forum/#!msg/puppet-dev/X7RgakTGnbk/19RgHTMuLZUJ Trevor On Fri, Feb 14, 2014 at 11:52 PM, Andrew Pennebaker andrew.penneba...@gmail.com wrote: This is a fantastic idea! Any progress on this? On Sunday, March 4, 2012 10:53:23 PM UTC-5, Jon Forrest wrote: As many learning Puppet for the first time, the fact that the order of actions is undefined unless specific metaparameters like 'require' are used. Fine. This got me to thinking. The GNU make program has the -j option, which allows make to start more than one action in parallel if the actions are at the same dependency level. I've used this option on a 48-core machine to great benefit. So, why can't there be a similar option in the puppet agent? I can easily imagine how this could substantially reduce the length of time for a puppet run. (The make -j option allows an optional numeric value, which, if given, is the maximum number of actions that can be run in parallel. If no numeric is given, then there's no limit to the number of parallel actions). I did a quick review of the Puppet manual but I didn't see anything like this. Am I missing something? Is this a good idea? Cordially, Jon Forrest -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b836c960-09bc-48f5-8b5f-407d42233b10%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoV5iSNbuS%2BnxEzmU7mhQXzGtwf5p4-e4M3P1K_b_P_Fbw%40mail.gmail.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOjOXY2Rv1i9s5fDtXf-w9o0%3DHtYzkbMkGc-1E0uSVGcZBFj_Q%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Tags and dependencies
On Friday, February 14, 2014 9:18:21 AM UTC-6, zerozer...@gmail.com wrote: On Friday, February 14, 2014 3:55:29 PM UTC+1, Felix.Frank wrote: On 02/14/2014 03:52 PM, zerozer...@gmail.com wrote: File | (tag == myname::myclass) and (tag == post_exec) | While this looks sane, this syntax is not yet supported. Your collectors must use trivial expressions of the form a == b. Sorry, what do you mean? I'm using two trivial expressions AFAICT. Or are you referring to the anding of two search expressions? Yes, I believe the combination of two simple expressions into a complex one via the and operator is what Felix was referring to. Despite the docs, it might be worthwhile to play around a bit to test the outlines of the problem: - Does it really work at all (for your version of the master)? The docs are fairly reliable, but if you happen not to be on the latest Puppet then they might not apply. Also, Puppet occasionally suffers regressions (which typically are fixed pretty quickly once PL is made aware of them). - Is the failure related specifically to the 'tag' property, which is a bit special? - Is the failure related to having two conditions on the same resource parameter? Or we could return to my original remark that what you're doing is a bit questionable. Whether your code really ought to work notwithstanding, your manifest set would be more robust if you wrapped all the managed resources related to each piece of software into its own class or defined-type instance. If you have a lot of services and your declarations are consistent in form, then using a common defined type and one instance per (user, file, service) triple would make your manifests even cleaner, and allow you to be more precise with relationships, too. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/30155aff-d546-4256-9635-f84a7c1e3359%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Custom policy executable
So After re-reading the docs
http://docs.puppetlabs.com/puppet/latest/reference/ssl_autosign.html#policy-executable-api
I've made the following modification which works.
#!/bin/bash
HOST=$1
CUSTOM_ATTR=$(openssl req -noout -text -in
/var/lib/puppet/ssl/ca/requests/$HOST.pem | grep challengePassword |
awk -F : '{print$2}')
if [[ $CUSTOM_ATTR == foo ]]
then
exit 0
else
exit 1
fi
I'd still be interested to see what others are doing with policy based auto
signing though.
On Monday, February 17, 2014 3:20:50 PM UTC+1, George Brown wrote:
Hi,
I'm trying to create an autosign policy which checks for a custom
attribute in the CSR but I'm having some issue with the master not signing
the request.
My client has the following in /etc/puppet/csr_attributes.yaml
custom_attributes:
1.2.840.113549.1.9.7: foo
My policy is a simple bash script, in this case checking for foo
#!/bin/bash
CUSTOM_ATTR=$(echo $(cat) | grep challengePassword | awk -F :
'{print$2}')
if [[ $CUSTOM_ATTR == foo ]]
then
exit 0
else
exit 1
fi
I had tested with the following, I'm guessing the issue is with my script
not reading in the CSR from puppet? If anyone has any examples of policies
they have created I would love to see them (this seems to be lacking in the
puppet documentation).
sudo openssl req -noout -text -in
/var/lib/puppet/ssl/ca/requests/mynode.pem | /etc/puppet/autosign.sh; echo
$?
0
Many thanks,
George
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/fdff0a68-c613-47ac-9910-002b15b34598%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: classe uses two defines but second is ignored
On Monday, February 17, 2014 4:13:38 AM UTC-6, Andreas Dvorak wrote: Hi John, thank you for your reply. You have found an other issue. But my main problem is that the second call of replace is ignored. As I said at the end, I don't think the second 'replace' resource is being ignored at all. At any rate, you have presented no evidence of it, and I have no reason to believe that the manifest you presented would be subject to such an issue. I already described one way that you could test whether the resource is in fact ignored. On the other hand, the real problem I described will result in Puppet deciding under some circumstances that the Exec resource inside one of your baader::replace resources is already in sync. Depending on the logging level with which you are running the agent, that might result in nothing related to the resource being emitted to the log / standard out, which in turn could lead you to think that the resource was being ignored. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8c10ec17-c747-411f-8582-885f7c26363e%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Augeas with puppet 3.4.2
The fix that Marcelo pointed out isn't relevant here, it's to fix a
false positive log message. The log message is actually correct in this
instance, no need to update augeas.rb.
The Augeas library is unable to parse something on line 51 of your
/etc/group file. From the debug: augeas/files/etc/group/error/line = 51
Look to see what's there and maybe you can edit the file to workaround
the problem. If the file is still valid, then please file a bug either
with your distribution or upstream
(https://github.com/hercules-team/augeas/issues).
--
Dominic Cleal
Red Hat Engineering
On 13/02/14 20:54, Ryan Anderson wrote:
Cool. Does this mean I need to update augeas.rb from github.com
http://github.com/ or wait for it to make it into a future release?
What should I do to fix it now?
In case it helps, here are the problem bits from the debug output:
^[[0;32mInfo: Applying configuration version '1392322307'^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Opening
augeas with root /, lens path , flags 32^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Augeas
version 1.0.0 is installed^[[0m
^[[1;31mWarning: Augeas[myuser_in_logingroup](provider=augeas): Loading
failed for one or more files, see debug for /augeas//error output^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error = parse_failed^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error/pos = 670^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error/line = 51^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error/char = 0^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error/lens =
/usr/share/augeas/lenses/dist/group.aug:44.17-.40:^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas):
/augeas/files/etc/group/error/message = Iterated lens matched less than
it should^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Will
attempt to save and only run if files changed^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): sending
command 'set' with params [/files/etc/group/mygroup/user[last()+1],
myuser]^[[0m
^[[0;36mDebug: Augeas[myuser_in_logingroup](provider=augeas): Closed the
augeas connection^[[0m
^[[1;31mError:
/Stage[main]/Group_management/Augeas[myuser_in_logingroup]: Could not
evaluate: Save failed with return code false, see debug
/usr/lib/ruby/site_ruby/1.8/puppet/util/errors.rb:97:in `fail'
/usr/lib/ruby/site_ruby/1.8/puppet/provider/augeas/augeas.rb:388:in
`need_to_run?'
/usr/lib/ruby/site_ruby/1.8/puppet/type/augeas.rb:175:in `retrieve'
On Thursday, February 13, 2014 1:18:27 PM UTC-6, Marcelo Frota wrote:
Hi,
I had the same problem, the solution of the problem is in :
https://github.com/puppetlabs/puppet/commit/644fc99193dd5e2beed3facbccb949caf8d6501f
https://github.com/puppetlabs/puppet/commit/644fc99193dd5e2beed3facbccb949caf8d6501f,
Best regards,
Marcelo Frota
2014-02-13 14:23 GMT-02:00 Rob Reynolds r...@puppetlabs.com
javascript::
On Thu, Feb 13, 2014 at 9:54 AM, Ryan Anderson
ryan.c@gmail.com javascript: wrote:
I have some augeas code that works flawlessly with puppet
2.6.17, but when running the identical code on 3.4.2, I get
an error.
The code:
augeas { 'myuser_in_logingroup':
context = '/files/etc/group',
changes = [ set ${hostname}/user[last()+1]
myuser, ],
onlyif = match ${hostname}/*[.='myuser'] size
== 0,
require = Group['local_login_group'],
}
The error from running 'puppet agent -tv':
Warning: Augeas[myuser_in_logingroup](provider=augeas):
Loading failed for one or more files, see debug for
/augeas//error output
Error:
/Stage[main]/Group_management/Augeas[myuser_in_logingroup]:
Could not evaluate: Save failed with return code false, see
debug
I'm having a difficult time finding/understanding clues from
debug output. Any ideas?
Ryan, would you mind running 'puppet agent --trace --verbose
--debug' and posting the output here?
--
You received this message because you are subscribed to the
Google Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails
from it, send an email to puppet-users...@googlegroups.com
javascript:.
To view this discussion on the web visit
[Puppet Users] puppet kick
Hi all, I just started working with puppet.i want a simple push mechanism from puppet master on to agent.i tried using puppet kick though its running and displaying message successfully exited the changes are not being reflected on agent. I got to know puppet kick got deprecated in version 3.0 and later. Iam using 2.7 version can anyone tell me whats wrong. Thanks in advance :) -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/154b0b29-da9f-455b-ac73-a7a6d539672f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] puppet kick
On Mon, Feb 17, 2014 at 11:00 AM, kavya reddy kethikavy...@gmail.com wrote: Hi all, I just started working with puppet.i want a simple push mechanism from puppet master on to agent.i tried using puppet kick though its running and displaying message successfully exited the changes are not being reflected on agent. I got to know puppet kick got deprecated in version 3.0 and later. Iam using 2.7 version can anyone tell me whats wrong. Thanks in advance :) Hi Kavya, Are your nodes listening? node$ cat /etc/puppet/puppet.conf [...] [agent] listen = true [...] Firewall allowing that port? node# lsof -i -n -P | grep 8139 puppet 2582 root5u IPv47214 0t0 TCP *:8139 (LISTEN) node# iptables -L -v -n | grep 8139 2 120 ACCEPT tcp -- * * 10.1.1.1 0.0.0.0/0 tcp dpt:8139 -mz -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3Uzkrxwoqxh1C0pB8Pc0yt2oSEUZ3c9UpC7HQi9jxr%2B9g%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Mcollective client installation
Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: Using external facts in puppet manifests
Hi John, thanks a lot for your response. I am able to see the external fact value now. On Monday, February 17, 2014 2:33:40 PM UTC, jcbollinger wrote: On Friday, February 14, 2014 10:42:30 AM UTC-6, Deep wrote: Hi, I have created few external facts by putting an yaml file in /etc/puppetlabs/facter/facts.d folder on agent and they are available in puppetdb and in my erb templates. But I am not able to use them in puppet manifests.I am getting undef value. Is there anyway to use them? If the facts are being interpolated into your templates then they are also available in your manifests. If you present an example manifest wherein the fact value does not seem to be read correctly, then we may be able to help. At a first guess, though, I'd rate the chances near unity that either the manifest is reading the fact value correctly, or that its name is misspelled. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b10f0b44-5101-4cc6-bb49-571809433840%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Mcollective client installation
Hi, Mcollective has 3 roles: - the server installed in every puppet client - the middleware installed in puppet master - the client installed anywhere, puppet master is a good place The client is just the utilities to call commands, it attacks the middleware, authenticate with certificates, and it is the middle ware who spread the command to every mcollective server. It doesnt have an agent running. Just try 'mco ping' from the server/user that is the mco client to check if it works. Regards, El 17/02/2014 18:14, Deep skitdeep...@gmail.com escribió: Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3ddWUNfxR4p1NKOGmkc2BuhPhjgs8LZ0J-7bh0P__unPLA%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: how to require a md5sum before installing?
Em sexta-feira, 14 de fevereiro de 2014 13h38min03s UTC-2, Andy Spiegl escreveu: Hi, I've got several modules which grab installer files from a network share. The share is readonly and as well protected as possibly. But still, I have a bad feeling about it and would like to introduce an extra layer of security. Like checking the md5sum of the file before running the installer. I thought about have a require line similar to require = md5['cdfb294489a14305ca729cc13fe10d52'], Any ideas? Thanks, Andy. -- It is no coincidence that in no known language does the phrase 'As pretty as an Airport' appear. (Douglas Adams) Hi Andy! I know a module that download packages (tar.gz) for example, and make MD5 check on it!. Maybe you may download it and analyse the manifests to understand how to do MD5 on your modules! http://forge.puppetlabs.com/gini/archive I have used it! with my módules, create my packages and the MD5 of them..and it works! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/cf1ac3b4-f844-4b3c-a765-6310acc80a9f%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Mcollective client installation
Hi Jose, Thanks for your quick response and explaining me in details. I tried mco ping command but getting below error. error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@gsldev23:61613 failed: nested asn1 error I am using below ssl configuration in client.cfg plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem securityprovider = ssl # SSL plugin settings: plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem plugin.ssl_client_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.ssl_client_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem Can you tell me if this is wrong? On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote: Hi, Mcollective has 3 roles: - the server installed in every puppet client - the middleware installed in puppet master - the client installed anywhere, puppet master is a good place The client is just the utilities to call commands, it attacks the middleware, authenticate with certificates, and it is the middle ware who spread the command to every mcollective server. It doesnt have an agent running. Just try 'mco ping' from the server/user that is the mco client to check if it works. Regards, El 17/02/2014 18:14, Deep skitd...@gmail.com javascript: escribió: Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d02964e3-b236-489c-9710-f406fea7a114%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: moving from previous manual install to puppet/chocolatey
If I am going to use the workarounds mentioned in the bug article you
referenced, should I put that code into chocolateyinstall.ps1?
On Friday, February 14, 2014 1:57:12 PM UTC-8, Rob Reynolds wrote:
It looks to be a possible bug in the chocolatey provider that happens when
we try to capture both error and regular logging when an error has
occurred. Keep a watch on the issue itself for updates.
In the meantime if you are using SYSTEM for the puppet agent, I would
switch to something with network access and see if chocolatey works inside
of puppet.
On Fri, Feb 14, 2014 at 3:33 PM, Jay Benner long...@gmail.comjavascript:
wrote:
Some improvement. I'll attach another chocolateyinstall log below. It
still didn't install the agent, but it also didn't add an entry to /lib, so
I'm guessing it will keep trying. Looks like the same error downloading
the file.
http://pastebin.com/BFd90qkb
On Friday, February 14, 2014 10:55:51 AM UTC-8, Rob Reynolds wrote:
Let's have you upgrade chocolatey to 0.9.8.23 and see if the issue still
happens. The paste bin shows 0.9.8.20.
On Fri, Feb 14, 2014 at 12:53 PM, Rob Reynolds r...@puppetlabs.comwrote:
You are running into an issue we have seen but have not been able to
reproduce effectively - https://github.com/chocolatey/
puppet-chocolatey/issues/18
On Fri, Feb 14, 2014 at 12:47 PM, Jay Benner long...@gmail.com wrote:
The following is a copy of my log:
http://pastebin.com/wz5peZbG
Looks like the download failed. Perhaps a problem with puppet not
being able to access my personal temp folder?
On Friday, February 14, 2014 9:58:53 AM UTC-8, Rob Reynolds wrote:
I looks like it does install the package, but may be running into
something else when it is running. In C:\chocolatey\chocolateyInstall
there are some log files, what does the log file say about the
installation?
On Thu, Feb 13, 2014 at 2:10 PM, Jay Benner long...@gmail.comwrote:
I had deleted the entry in /lib.
On Wednesday, February 12, 2014 2:37:49 PM UTC-8, Jay Benner wrote:
I have a bunch of windows servers with NewRelic installed on them
and I want to start managing those installs with Puppet. Seemed like
the
thing to do would be to have chocolatey uninstall what is there and
reinstall within the framework of chocolatey so that I get addressable
version information and the like. I created the following chocolatey
package and it works fine when run from the command line using cinst:
any
existing version is removed and the new version, managed by
chocolatey,
gets put in its place. However, when I run it from Puppet, it does
the
uninstall ok, but the install never happens, even though chocolatey
seems
to think that the package is installed.
stop-service LiveVault Backup Service
$app = Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match New Relic Server Monitor
}
$app.Uninstall()
$licensekey = XX
$packageName = 'NewRelic_ServerMonitor'
$installerType = 'MSI'
$url = 'http://download.newrelic.com/windows_server_monitor/
release/NewRelicServerMonitor_x86_2.0.0.198.msi'
$url64 = 'http://download.newrelic.com/windows_server_monito
r/release/NewRelicServerMonitor_x64_2.0.0.198.msi'
$validExitCodes = @(0)
$silentArgs = /L*v install_Agent.log /qn NR_LICENSE_KEY=`
$licensekey`
Install-ChocolateyPackage $packageName $installerType $
silentArgs $url $url64 -validExitCodes $validExitCodes
start-service LiveVault Backup Service
Start-service New Relic Server Monitor
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/22e5472b-f50d
-4d93-aadc-69ebaa2c9f74%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
http://bit.ly/pupconf14
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/puppet-users/34cf3a92-716b-4ef2-84d9-1da968ded783%
40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
http://bit.ly/pupconf14
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
http://bit.ly/pupconf14
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To
[Puppet Users] Re: Use the same resource in two dependent classes
Declaring the Service as a Virtual Resource might help but I'm not sure how you inject B's dependencies. http://docs.puppetlabs.com/guides/virtual_resources.html It might just require a Notify inside B. On Monday, February 17, 2014 3:41:14 AM UTC-8, zerozer...@gmail.com wrote: Hi, I have this situation: Class A: contains a File resource, and a Service resource which requires the File resource (the service needs to be restarted when the file changes). Class B: will be applied only on a subset of machines where class A is applied, and it requires class A - resources belonging to class B must be applied only after resources from class A have been applied. Class B also contains some File resources, and after they are applied also the _same_ service from class A needs to be restarted. How do you deal with this situation? I cannot declare the same Service resource again in class B. And I cannot declare the Service in class A as dependent from the File in class B. Thanks for any suggestions. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/fddce6db-0b96-49e6-a9b1-7545e8b2fca3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Mcollective client installation
I don't know how puppet enterprise works with mco, but in the open source version you have to create a certificate for the user you are going to call mco and sign in with the middleware certificate. El 17/02/2014 18:50, Deep skitdeep...@gmail.com escribió: Hi Jose, Thanks for your quick response and explaining me in details. I tried mco ping command but getting below error. error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@gsldev23:61613 failed: nested asn1 error I am using below ssl configuration in client.cfg plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem securityprovider = ssl # SSL plugin settings: plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem plugin.ssl_client_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.ssl_client_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem Can you tell me if this is wrong? On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote: Hi, Mcollective has 3 roles: - the server installed in every puppet client - the middleware installed in puppet master - the client installed anywhere, puppet master is a good place The client is just the utilities to call commands, it attacks the middleware, authenticate with certificates, and it is the middle ware who spread the command to every mcollective server. It doesnt have an agent running. Just try 'mco ping' from the server/user that is the mco client to check if it works. Regards, El 17/02/2014 18:14, Deep skitd...@gmail.com escribió: Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/puppet-users/eb01e6ad-ecb1-4dc9-acb5-ca6768af6173% 40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d02964e3-b236-489c-9710-f406fea7a114%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3dcOXCAWtG13pyD-%3D8qg-X4aR%3DUvD166D4BZhw5XLXOxfw%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Use the same resource in two dependent classes
Can you just have Class B 'include' class A and then have the appropriate resources in Class B notify/require what you need from Class A? If not, then you might need a Class C that provides the glue code using the relationship operators (-, ~, etc...). Trevor On Mon, Feb 17, 2014 at 6:41 AM, zerozerouno...@gmail.com wrote: Hi, I have this situation: Class A: contains a File resource, and a Service resource which requires the File resource (the service needs to be restarted when the file changes). Class B: will be applied only on a subset of machines where class A is applied, and it requires class A - resources belonging to class B must be applied only after resources from class A have been applied. Class B also contains some File resources, and after they are applied also the _same_ service from class A needs to be restarted. How do you deal with this situation? I cannot declare the same Service resource again in class B. And I cannot declare the Service in class A as dependent from the File in class B. Thanks for any suggestions. Marco -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/28c5d6ac-3bbe-490d-b174-d321d0bf7fc7%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANs%2BFoWYtHnx7CXbZ7P9wx5W%3DigB9peKveyW77jG4MyQkq3ZGg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: moving from previous manual install to puppet/chocolatey
I tried them in chocolatey.ps1, but that just seemed to break chocolatey.
On Monday, February 17, 2014 11:11:25 AM UTC-8, Jay Benner wrote:
If I am going to use the workarounds mentioned in the bug article you
referenced, should I put that code into chocolateyinstall.ps1?
On Friday, February 14, 2014 1:57:12 PM UTC-8, Rob Reynolds wrote:
It looks to be a possible bug in the chocolatey provider that happens
when we try to capture both error and regular logging when an error has
occurred. Keep a watch on the issue itself for updates.
In the meantime if you are using SYSTEM for the puppet agent, I would
switch to something with network access and see if chocolatey works inside
of puppet.
On Fri, Feb 14, 2014 at 3:33 PM, Jay Benner long...@gmail.com wrote:
Some improvement. I'll attach another chocolateyinstall log below. It
still didn't install the agent, but it also didn't add an entry to /lib, so
I'm guessing it will keep trying. Looks like the same error downloading
the file.
http://pastebin.com/BFd90qkb
On Friday, February 14, 2014 10:55:51 AM UTC-8, Rob Reynolds wrote:
Let's have you upgrade chocolatey to 0.9.8.23 and see if the issue
still happens. The paste bin shows 0.9.8.20.
On Fri, Feb 14, 2014 at 12:53 PM, Rob Reynolds r...@puppetlabs.comwrote:
You are running into an issue we have seen but have not been able to
reproduce effectively - https://github.com/chocolatey/
puppet-chocolatey/issues/18
On Fri, Feb 14, 2014 at 12:47 PM, Jay Benner long...@gmail.comwrote:
The following is a copy of my log:
http://pastebin.com/wz5peZbG
Looks like the download failed. Perhaps a problem with puppet not
being able to access my personal temp folder?
On Friday, February 14, 2014 9:58:53 AM UTC-8, Rob Reynolds wrote:
I looks like it does install the package, but may be running into
something else when it is running. In C:\chocolatey\chocolateyInstall
there are some log files, what does the log file say about the
installation?
On Thu, Feb 13, 2014 at 2:10 PM, Jay Benner long...@gmail.comwrote:
I had deleted the entry in /lib.
On Wednesday, February 12, 2014 2:37:49 PM UTC-8, Jay Benner wrote:
I have a bunch of windows servers with NewRelic installed on them
and I want to start managing those installs with Puppet. Seemed like
the
thing to do would be to have chocolatey uninstall what is there and
reinstall within the framework of chocolatey so that I get
addressable
version information and the like. I created the following chocolatey
package and it works fine when run from the command line using cinst:
any
existing version is removed and the new version, managed by
chocolatey,
gets put in its place. However, when I run it from Puppet, it does
the
uninstall ok, but the install never happens, even though chocolatey
seems
to think that the package is installed.
stop-service LiveVault Backup Service
$app = Get-WmiObject -Class Win32_Product | Where-Object {
$_.Name -match New Relic Server Monitor
}
$app.Uninstall()
$licensekey = XX
$packageName = 'NewRelic_ServerMonitor'
$installerType = 'MSI'
$url = 'http://download.newrelic.com/windows_server_monitor/
release/NewRelicServerMonitor_x86_2.0.0.198.msi'
$url64 = 'http://download.newrelic.com/windows_server_monito
r/release/NewRelicServerMonitor_x64_2.0.0.198.msi'
$validExitCodes = @(0)
$silentArgs = /L*v install_Agent.log /qn NR_LICENSE_KEY=`
$licensekey`
Install-ChocolateyPackage $packageName $installerType $
silentArgs $url $url64 -validExitCodes $validExitCodes
start-service LiveVault Backup Service
Start-service New Relic Server Monitor
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/22e5472b-f50d
-4d93-aadc-69ebaa2c9f74%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
http://bit.ly/pupconf14
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it,
send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/puppet-users/34cf3a92-716b-4ef2-84d9-1da968ded783%
40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
http://bit.ly/pupconf14
--
Rob Reynolds
Developer, Puppet Labs
*Join us at PuppetConf 2014, September 23-24 in San Francisco - *
[Puppet Users] How to group systems using Puppet and hiera?
Hi All, We are currently transitioning from using the Puppet Enterprise (PE) ENC to using hiera. Howevver, one piece of functionality that we lack with hiera is the ability to group systems together based on function. We can only currently group the systems based on available facts and are currently using environment, osfamily and domain in our hierarchy, however it would be extremely useful to also have a group or role category in our hiera hierarchy. As I see it we have a few options and hopefully, people here can add better options that they are using. The first is to use groups within the PE ENC which can apparently be used as a variable within the hiera hierarchy. This would be an easy solution, but not a very scalable one as putting systems into groups using the PE console is very slow and I haven't seen a documented way to manipulate the PE console data using a command line tool. Second is to create a custom fact named group, but this requires that each system has a yaml file dropped in the correct place and I don't see a good way to automate creation of these files using PE, which would make it scalable. One way to do it would be to create a hiera yaml for each system with group parameter set, but the whole point of this exercise is to avoid creating hiera yamls for each system in our environment. I don't see having 1000+ hiera yamls as very scalable or manageable. Third, of course, is to just manage this with individual hiera yamls for each system where classes required for that system's functions, but can't be defined higher up in the hierarchy, would be called out, but as I said before, this option isn't very scalable or manageable. If you are using Puppet and hiera, how are you managing groups of systems (web servers, Nessus servers, mail servers, etc.)? Thanks, Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/234ab5f3-bb1e-43a8-b365-bd110e5052da%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to group systems using Puppet and hiera?
My environment is pretty small, so far, so I can get away with having host specific yaml files. I wrote an ENC that reads the host yaml files for role/group information because I plan to eventually move that data into a CMDB of some kind. At $previous_job I used LDAP as the CMDB and an ENC script to pull the host role data out of the directory service. Basically, any database or application you use to store role information and can be accessed via a script from the puppetmaster should work for you. The hard part is finding one that you like. On Mon, Feb 17, 2014 at 1:05 PM, Alex Scoble bloggingit...@gmail.com wrote: Hi All, We are currently transitioning from using the Puppet Enterprise (PE) ENC to using hiera. Howevver, one piece of functionality that we lack with hiera is the ability to group systems together based on function. We can only currently group the systems based on available facts and are currently using environment, osfamily and domain in our hierarchy, however it would be extremely useful to also have a group or role category in our hiera hierarchy. As I see it we have a few options and hopefully, people here can add better options that they are using. The first is to use groups within the PE ENC which can apparently be used as a variable within the hiera hierarchy. This would be an easy solution, but not a very scalable one as putting systems into groups using the PE console is very slow and I haven't seen a documented way to manipulate the PE console data using a command line tool. Second is to create a custom fact named group, but this requires that each system has a yaml file dropped in the correct place and I don't see a good way to automate creation of these files using PE, which would make it scalable. One way to do it would be to create a hiera yaml for each system with group parameter set, but the whole point of this exercise is to avoid creating hiera yamls for each system in our environment. I don't see having 1000+ hiera yamls as very scalable or manageable. Third, of course, is to just manage this with individual hiera yamls for each system where classes required for that system's functions, but can't be defined higher up in the hierarchy, would be called out, but as I said before, this option isn't very scalable or manageable. If you are using Puppet and hiera, how are you managing groups of systems (web servers, Nessus servers, mail servers, etc.)? Thanks, Alex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/234ab5f3-bb1e-43a8-b365-bd110e5052da%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOkOuiMdjEGxadE2sS_PBmYJpc%3DWLfq_K%3D4pgs19zXX-Lg%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] How to group systems using Puppet and hiera?
On 2/17/2014 1:05 PM, Alex Scoble wrote: Hi All, We are currently transitioning from using the Puppet Enterprise (PE) ENC to using hiera. Howevver, one piece of functionality that we lack with hiera is the ability to group systems together based on function. We can only currently group the systems based on available facts and are currently using environment, osfamily and domain in our hierarchy, however it would be extremely useful to also have a group or role category in our hiera hierarchy. As I see it we have a few options and hopefully, people here can add better options that they are using. The first is to use groups within the PE ENC which can apparently be used as a variable within the hiera hierarchy. This would be an easy solution, but not a very scalable one as putting systems into groups using the PE console is very slow and I haven't seen a documented way to manipulate the PE console data using a command line tool. Second is to create a custom fact named group, but this requires that each system has a yaml file dropped in the correct place and I don't see a good way to automate creation of these files using PE, which would make it scalable. One way to do it would be to create a hiera yaml for each system with group parameter set, but the whole point of this exercise is to avoid creating hiera yamls for each system in our environment. I don't see having 1000+ hiera yamls as very scalable or manageable. Third, of course, is to just manage this with individual hiera yamls for each system where classes required for that system's functions, but can't be defined higher up in the hierarchy, would be called out, but as I said before, this option isn't very scalable or manageable. If you are using Puppet and hiera, how are you managing groups of systems (web servers, Nessus servers, mail servers, etc.)? Thanks, Alex We add a role fact as part of the provisioning process when Puppet kicks off for the first time. The equivalent of doing the following from the command line. FACTER_role=$role puppet agent --server $server --environment $env ::role is written to a file which in future runs populates ::role which closes the loop. Ramin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/530295F9.9080200%40badapple.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Mcollective client installation
Last time I installed PE and looked at the Mcollective install it wasn't using SSL but rather PSK only. On 02/17/2014 02:48 PM, José Luis Ledesma wrote: I don't know how puppet enterprise works with mco, but in the open source version you have to create a certificate for the user you are going to call mco and sign in with the middleware certificate. El 17/02/2014 18:50, Deep skitdeep...@gmail.com mailto:skitdeep...@gmail.com escribió: Hi Jose, Thanks for your quick response and explaining me in details. I tried mco ping command but getting below error. error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@gsldev23:61613 failed: nested asn1 error I am using below ssl configuration in client.cfg plugin.activemq.pool.1.ssl.ca http://plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem securityprovider = ssl # SSL plugin settings: plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem plugin.ssl_client_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.ssl_client_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem Can you tell me if this is wrong? On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote: Hi, Mcollective has 3 roles: - the server installed in every puppet client - the middleware installed in puppet master - the client installed anywhere, puppet master is a good place The client is just the utilities to call commands, it attacks the middleware, authenticate with certificates, and it is the middle ware who spread the command to every mcollective server. It doesnt have an agent running. Just try 'mco ping' from the server/user that is the mco client to check if it works. Regards, El 17/02/2014 18:14, Deep skitd...@gmail.com escribió: Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53029870.9030503%40UnderGrid.net. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: continued deployment
Thanks for your answer! I read this book yesterday :) Right now I am adding logstash to my puppet config. Next I need to figure out the most fitting automated testing. It will be for a ejabberd/erlang plugin. Cheers, Peter On Mon, Feb 17, 2014 at 8:01 PM, JuanBrein juan.br...@gmail.com wrote: Have you read Continuous Delivery from Jez Humble? Is a great starting point covering main aspects. Look in youtube as well, there are plenty of videos from people implementing continuous delivery. Technology wise it is so wide that is difficult to find a single recipe. If you detail a bit more about your stack I could give you some hints. Now you mentioned continuous deployment and that as far as I understand is kind of a new area. If you are new to it you should first aim for continuous Delivery and then think on Continuous Deployment. Juan On Sunday, February 16, 2014 12:06:16 PM UTC, Peter Romfeld wrote: Hi, I got most of our infrastructure managed with puppet now. Now i want to learn about continued app deplyment with puppet.. So far my noob knowledge is I would use: manage directory recursive - notify exec command You have some some links or catchwords(google) for me to do this the proper way? Thanks, Peter -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/8e72e7e0-c207-4628-bfaf-ba2008443f38%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAKiz-NdLCBaY_V%2BR8B1C0EhUyDBSURX3%3DrKctiUcR7bwOzv4RQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Mcollective client installation
With PE, mco commands needs to be run as peadmin user, so, su - peadmin should do the trick. On 02/18/2014 12:17 AM, Jeremy T. Bouse wrote: Last time I installed PE and looked at the Mcollective install it wasn't using SSL but rather PSK only. On 02/17/2014 02:48 PM, José Luis Ledesma wrote: I don't know how puppet enterprise works with mco, but in the open source version you have to create a certificate for the user you are going to call mco and sign in with the middleware certificate. El 17/02/2014 18:50, Deep skitdeep...@gmail.com mailto:skitdeep...@gmail.com escribió: Hi Jose, Thanks for your quick response and explaining me in details. I tried mco ping command but getting below error. error 2014/02/17 16:23:00: activemq.rb:131:in `on_ssl_connectfail' SSL session creation with stomp+ssl://mcollective@gsldev23:61613 failed: nested asn1 error I am using below ssl configuration in client.cfg plugin.activemq.pool.1.ssl.ca http://plugin.activemq.pool.1.ssl.ca = /etc/puppetlabs/mcollective/ssl/mcollective-cacert.pem plugin.activemq.pool.1.ssl.cert = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.activemq.pool.1.ssl.key = /etc/puppetlabs/mcollective/ssl/mcollective-cert.pem securityprovider = ssl # SSL plugin settings: plugin.ssl_server_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem plugin.ssl_client_private = /etc/puppetlabs/mcollective/ssl/mcollective-private.pem plugin.ssl_client_public = /etc/puppetlabs/mcollective/ssl/mcollective-public.pem Can you tell me if this is wrong? On Monday, February 17, 2014 5:30:52 PM UTC, Jose Luis Ledesma wrote: Hi, Mcollective has 3 roles: - the server installed in every puppet client - the middleware installed in puppet master - the client installed anywhere, puppet master is a good place The client is just the utilities to call commands, it attacks the middleware, authenticate with certificates, and it is the middle ware who spread the command to every mcollective server. It doesnt have an agent running. Just try 'mco ping' from the server/user that is the mco client to check if it works. Regards, El 17/02/2014 18:14 Ik heb RFC-140183 aangemaakt in OT, en zal donderdag in ext , Deep skitd...@gmail.com escribió: Hi All, I have installed puppet enterprise which comes with Mcollective. I have installed Puppet Master on node 1 and puppet agent on node 2 and node 3. while installing , it asked me if I want to install Mcollective. I wanted to have Mcollective client on my Puppet Master. and Mcollective servers on node 2 and node 3. But when I checked, there was no client.cfg file created at /etc/puppetlabs/mcollective/. And Mcollective was started using server.cfg How can I use Mcollective client on puppet Master? I have created client.cfg but still Mcollective needs server.cfg to start. Can anybody suggest me on this please? I am new to Mcollective and trying to learn it and implement it. Regards, Deep -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53029870.9030503%40UnderGrid.net. For more options, visit https://groups.google.com/groups/opt_out. -- Johan De Wit Open Source Consultant Red Hat Certified Engineer (805008667232363) Puppet Certified Professional 2013 (PCP006) _ Open-Future Phone +32 (0)2/255 70 70 Zavelstraat 72 Fax +32 (0)2/255 70 71 3071 KORTENBERG Mobile+32 (0)474/42 40 73 BELGIUM http://www.open-future.be _ Next Events: Zabbix Certified Training | http://www.open-future.be/zabbix-certified-training-10-till-12th-march Zabbix for Large Environments Training | http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march Puppet Intruction Course | http://www.open-future.be/puppet-introduction-course-14th-april Puppet Advanced Training | http://www.open-future.be/puppet-advanced-training-15-till-17th-april Subscribe to our newsletter | http://eepurl.com/BUG8H -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to
