[Puppet Users] return codes from puppet command

[Mikael Lindqvist]

Hi,

Where are the return codes from the puppet command documented?

I have seen 0, 2 and 6 and by the look of it they all seem to signal 
success, but it would be nice to see a list of them.

Thanks!

// Mikael

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/13097d50-fbcc-4ba6-9e09-ca19913a34c0%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Good resources for writing rspec tests for puppet code changes?

[Martin Alfke]

Hi,

On 19 Feb 2014, at 07:44, Johan De Wit  wrote:

> On 02/19/2014 02:03 AM, HPUX_PUPPET wrote:
>> 
>> Just a bit more explanation...
>> 
>> When I was looking for references I was only finding puppet-lint and 
>> rspec-puppet for testing manifests, but not finding anything for writing the 
>> spec files to test module functionality or modifications to existing modules 
>> such as the HPUX user management.
>> 
>> 
> There is not that much documentation available.
> 
> I did a talk on cfgmgmtcamp.eu about TDD and puppet.  Yoiu can find a little 
> blog at the BPUG website : puppet-be.github.io. (there are some references in 
> the slides)
> 
> I look mostly at the puppet code for examples for writing rspec files.  Some 
> interesting links I also have to look at :
> 
> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/
> http://hajee.github.io/2014/01/18/testing-your-system-installation-with-rspec
> 
> https://github.com/ghoneycutt/puppet-module-nfs/blob/v1.6.2/spec/classes/init_spec.rb#L58-186
> 
Maybe you want to attend Extending Puppet using Ruby classes 
(https://puppetlabs.com/services/training/extending-puppet)

Besides this I also did a small module with spec examples 
(https://github.com/tuxmea/tuxmea-stdmodule)

hth,

Martin


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/259F6EBC-480E-460B-9070-47682B78A344%40gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Why is the environment setting limited to alphanumeric characters only?

[Matthew Burgess]

Hi,

Our infrastructure design has the environment that a server lives in
embedded in its FQDN:

hostname.seccomp-environment.local

Where seccomp is the 'security compartment' (i.e. the kind of data it
houses) and env is the environment name.

I set my puppet.conf up so that 'environment = sc-env1' and got the
following error back from the master:

Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
The environment must be purely alphanumeric, not 'sc-env1'

I can kind of understand there being some limitations around allowed
characters (e.g. $, #, %), but I'd have thought that a hyphen would be a)
pretty safe and b) quite a common use case.  Reading the fine manual (
http://docs.puppetlabs.com/guides/environment.html#naming-environments)
that actually mentions that underscores are allowed too; It's a shame the
error message doesn't allude to that (see PUP-1395).  So, for the time
being I'll translate our hyphens to underscores to workaround the
limitation.

Does anyone know why this restriction exists, and if there are any plans to
relax the restrictions?

Kind Regards,

Matt.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKUTv3JneenHvUE7EKj%3DmHRNioGNa5cwrrOfJg0n%3D1Ps4oOVCw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Hiera seems to be using stale data

[Jonathan Gazeley]

Hi chaps,

I'm using Hiera in a light way to store a few global values for my 
servers, including the site-wide SMTP relay etc. Yesterday I changed one 
of the values to reflect my organisation's new SMTP server, but the 
change hasn't been applied to my nodes. I'm using camptocamp/postfix to 
configure the Postfix MTA on all my nodes


common.yaml:
---
uob_mail_relay: new-smtp.bris.ac.uk


init.pp:
class site_postfix {
  # Configure basic Postfix with minimal options
  class { 'postfix':
myorigin=> 'bris.ac.uk',
relayhost   => hiera('uob_mail_relay'),
root_mail_recipient => hiera('admin_email'),
inet_interfaces => 'localhost',
  }
  ...
  ...
  ...
}


After having changed the value in common.yaml, the Postfix config was 
not changed on any of my nodes. I stopped and restarted the puppetmaster 
and double-checked that the right manifests are being applied to my 
nodes. Running hiera on the command line returns the new value for 
'uob_mail_relay' so I have no idea why it hasn't picked up inside 
puppet. Nothing bad is shown in the logs on the master or the node. Can 
anyone make a suggestion?


Thanks,
Jonathan

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53048CFD.5070404%40bristol.ac.uk.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Server Groups - How to ?

[kaustubh chaudhari]

Hi All,

In Dashboard: 

I wish to group Windows server and Linux server in Windows server group and 
Linux server group respectively.

Is there a way to do that for more that 3000 servers ? adding individual 
will be tedious job.

Can some one help me here?

Kind Regards,
Kaustubh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1ec8d238-7cd6-4054-908f-30cfa14107c7%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Error: undefined method `gsub' for nil:NilClass

[Fiddyspence]

That was my fault - I pushed a change without actually running the tests 
and got everything I deserved as a result.

Apologies for the bug, but it's fixed now.

On Friday, 31 January 2014 18:44:07 UTC, Juan Pablo Daniel Borgna wrote:
>
> Hi guys, can you give me a hint on this?
>
> Thanks!
>
> Debug: Executing '/sbin/sysctl -n net.ipv4.ip_local_port_range'
> Error: undefined method `gsub' for nil:NilClass
> Error: 
> /Stage[main]/Spotflux_pweb::Sysctl/Sysctl[net.ipv4.ip_local_port_range]/value:
>  
> change from  to 5000 65000 failed: undefined method `gsub' for nil:NilClass
> # /sbin/sysctl -n net.ipv4.ip_local_port_range
> 1024 65535
>
> Debug: Executing '/sbin/sysctl -n net.core.rmem_max'
> Error: undefined method `gsub' for nil:NilClass
> Error: /Stage[main]/Spotflux_pweb::Sysctl/Sysctl[net.core.rmem_max]/value: 
> change from  to 8388608 failed: undefined method `gsub' for nil:NilClass
> # /sbin/sysctl -n net.core.rmem_max
> 16777216
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/81c2928f-fc13-4e2a-8b50-25ad025f223e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Puppet and best way to append a new user to sshd_config AllowUsers with augeas

[Remi Ferrand]

Hi,

I'm just starting to play with puppet and augeas and I've managed to add a 
new user to the AllowUsers list of *sshd_config*.

I'm doing it this way:

$user='testuser'

augeas {'test':
context => '/files/etc/ssh/sshd_config',
changes => [
"defnode 001 etc/ssh/sshd_config/AllowUsers/001 $user",
],
onlyif  => "match etc/ssh/sshd_config/AllowUsers/*[.='${user}'] 
size == 0"
}

Because this is one of my first real use case of puppet and augeas, I'm 
just wondering what's the best way to achieve the same goal and add a user 
to AllowUsers.
How would you, folks, do that ? Am I using the right augeas directives ?

Thanks for your replies.

Cheers

Rémi Ferrand

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d9f9ea50-95e0-4a2f-a3bf-adb41de65ef2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] return codes from puppet command

[Andrey Kozichev]

puppet help agent

* --detailed-exitcodes:

  Provide transaction information via exit codes. If this is enabled, an
exit

  code of '2' means there were changes, an exit code of '4' means there were

  failures during the transaction, and an exit code of '6' means there were
both

  changes and failures.




On 19 February 2014 09:28, Mikael Lindqvist  wrote:

> Hi,
>
> Where are the return codes from the puppet command documented?
>
> I have seen 0, 2 and 6 and by the look of it they all seem to signal
> success, but it would be nice to see a list of them.
>
> Thanks!
>
> // Mikael
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/13097d50-fbcc-4ba6-9e09-ca19913a34c0%40googlegroups.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CACzr%3DFfx63DUObLDMknDeGOuMiKk9xY9-52MjQRYJFNqcYO%3D3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Why is the environment setting limited to alphanumeric characters only?

[Jason Antman]

Matt,

I don't remember the technical details on why it exists, but it does. 
No, there aren't any plans to relax it that I'm aware of...


Yeah, we use git branches as environments, and we essentially do 
's/[^A-Za-z0-9_]/_/g' on the branch names to get environment names.


-Jason

On 02/19/2014 05:52 AM, Matthew Burgess wrote:

Hi,

Our infrastructure design has the environment that a server lives in 
embedded in its FQDN:


hostname.seccomp-environment.local

Where seccomp is the 'security compartment' (i.e. the kind of data it 
houses) and env is the environment name.


I set my puppet.conf up so that 'environment = sc-env1' and got the 
following error back from the master:


Error: Could not retrieve catalog from remote server: Error 400 on 
SERVER: The environment must be purely alphanumeric, not 'sc-env1'


I can kind of understand there being some limitations around allowed 
characters (e.g. $, #, %), but I'd have thought that a hyphen would be 
a) pretty safe and b) quite a common use case.  Reading the fine 
manual 
(http://docs.puppetlabs.com/guides/environment.html#naming-environments) 
that actually mentions that underscores are allowed too; It's a shame 
the error message doesn't allude to that (see PUP-1395).  So, for the 
time being I'll translate our hyphens to underscores to workaround the 
limitation.


Does anyone know why this restriction exists, and if there are any 
plans to relax the restrictions?


Kind Regards,

Matt.
--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKUTv3JneenHvUE7EKj%3DmHRNioGNa5cwrrOfJg0n%3D1Ps4oOVCw%40mail.gmail.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5304B4B4.1070503%40jasonantman.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Good resources for writing rspec tests for puppet code changes?

[Jim Perry]

Thanks for the links, I will take a look at them.

I would love to get some training on it, but the company won't spring for
it. So it looks like I am hacking it out with everyone's help and Google.


On Wed, Feb 19, 2014 at 4:44 AM, Martin Alfke  wrote:

> Hi,
>
> On 19 Feb 2014, at 07:44, Johan De Wit  wrote:
>
> > On 02/19/2014 02:03 AM, HPUX_PUPPET wrote:
> >>
> >> Just a bit more explanation...
> >>
> >> When I was looking for references I was only finding puppet-lint and
> rspec-puppet for testing manifests, but not finding anything for writing
> the spec files to test module functionality or modifications to existing
> modules such as the HPUX user management.
> >>
> >>
> > There is not that much documentation available.
> >
> > I did a talk on cfgmgmtcamp.eu about TDD and puppet.  Yoiu can find a
> little blog at the BPUG website : puppet-be.github.io. (there are some
> references in the slides)
> >
> > I look mostly at the puppet code for examples for writing rspec files.
>  Some interesting links I also have to look at :
> >
> >
> http://www.morethanseven.net/2014/01/25/code-coverage-for-puppet-modules/
> >
> http://hajee.github.io/2014/01/18/testing-your-system-installation-with-rspec
> >
> >
> https://github.com/ghoneycutt/puppet-module-nfs/blob/v1.6.2/spec/classes/init_spec.rb#L58-186
> >
> Maybe you want to attend Extending Puppet using Ruby classes (
> https://puppetlabs.com/services/training/extending-puppet)
>
> Besides this I also did a small module with spec examples (
> https://github.com/tuxmea/tuxmea-stdmodule)
>
> hth,
>
> Martin
>
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Puppet Users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/puppet-users/187mS-NiiyE/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/259F6EBC-480E-460B-9070-47682B78A344%40gmail.com
> .
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAO0AM%3Dr3Jo1X%3DqG1n5z5z0iMqJgaUHT-UedeD6jX8%3DBAT8sepQ%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Good resources for writing rspec tests for puppet code changes?

[HPUX_PUPPET]

Thanks Johan and Martin.  I looked at the links you sent, but this is what 
I have already found and it really did not provide any new insights.  

The main problem I am having is that what I put in rspec code should be 
working but just does not. I have even hard-coded in a true or false 
return, but the spec script just does not respond.  

If anyone happens to have a good rspec language / syntax reference that 
would be greatly helpful.  The "The RSpec Book" gives some good examples, 
but not a language reference.   

Also I cannot seem to get any of the debug code from the net to work with 
puppet and rspec together to get some useful output to find the error. Does 
anyone have a good link to that information?  

I am just a lowly sys admin given the task to hack Puppet to get it to work 
correctly on HPUX for user management. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9adb7d74-abc1-4041-be4e-d5d48030491d%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Good resources for writing rspec tests for puppet code changes?

[Johan De Wit]

On 02/19/2014 03:22 PM, HPUX_PUPPET wrote:
Thanks Johan and Martin.  I looked at the links you sent, but this is 
what I have already found and it really did not provide any new insights.


The main problem I am having is that what I put in rspec code should 
be working but just does not. I have even hard-coded in a true or 
false return, but the spec script just does not respond.


If anyone happens to have a good rspec language / syntax reference 
that would be greatly helpful.  The "The RSpec Book" gives some good 
examples, but not a language reference.


Also I cannot seem to get any of the debug code from the net to work 
with puppet and rspec together to get some useful output to find the 
error. Does anyone have a good link to that information?


I am just a lowly sys admin given the task to hack Puppet to get it to 
work correctly on HPUX for user management.
Don't have any experience/access to hpux,  but you can always show us 
the code and the rspec files.

So we can have at least a look at it :)

And multiple eyes see more then two :)



Next Events:
Zabbix Certified Training | 
http://www.open-future.be/zabbix-certified-training-10-till-12th-march
Zabbix for Large Environments Training | 
http://www.open-future.be/zabbix-large-environments-training-13-till-14th-march
Puppet Intruction Course | 
http://www.open-future.be/puppet-introduction-course-14th-april
Puppet Advanced Training | 
http://www.open-future.be/puppet-advanced-training-15-till-17th-april
Subscribe to our newsletter | http://eepurl.com/BUG8H

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5304BFA7.6060702%40open-future.be.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Hiera seems to be using stale data

[jcbollinger]

On Wednesday, February 19, 2014 4:52:45 AM UTC-6, Jonathan Gazeley wrote:
>
> Hi chaps, 
>
> I'm using Hiera in a light way to store a few global values for my 
> servers, including the site-wide SMTP relay etc. Yesterday I changed one 
> of the values to reflect my organisation's new SMTP server, but the 
> change hasn't been applied to my nodes. I'm using camptocamp/postfix to 
> configure the Postfix MTA on all my nodes 
>
> common.yaml: 
> --- 
> uob_mail_relay: new-smtp.bris.ac.uk 
>
>
> init.pp: 
> class site_postfix { 
># Configure basic Postfix with minimal options 
>class { 'postfix': 
>  myorigin=> 'bris.ac.uk', 
>  relayhost   => hiera('uob_mail_relay'), 
>  root_mail_recipient => hiera('admin_email'), 
>  inet_interfaces => 'localhost', 
>} 
>... 
>... 
>... 
> } 
>
>
> After having changed the value in common.yaml, the Postfix config was 
> not changed on any of my nodes. I stopped and restarted the puppetmaster 
> and double-checked that the right manifests are being applied to my 
> nodes. Running hiera on the command line returns the new value for 
> 'uob_mail_relay' so I have no idea why it hasn't picked up inside 
> puppet. Nothing bad is shown in the logs on the master or the node. Can 
> anyone make a suggestion? 
>
>

Strange.  The problem must fall into one of these categories:

   - The master is not obtaining the updated value from hiera
   - The master is not including the hiera value in the compiled catalog
   - The agents are not running
   - The agents are applying stale catalogs that do not contain the change
   - Despite the catalogs specifying an updated relayhost, the agents are 
   not applying the change
   - You are mistaken about the change not being applied
   - The change is being reverted, either by some other puppet resource or 
   by an external actor.
   
Supposing that we can discount the last alternative, I suggest driving at 
this first from the agent side:

   1. Run the agent from the command line with the --test and --debug 
   options, and capture the output for analysis.
   2. Verify that the agent reports successfully obtaining a catalog from 
   the master.  If so,
   3. find in the output the report of the specific File resources you 
   expect to be modified -- confirm that the reports are in fact there, and 
   that they are reported either already in sync or successfully 
   synchronized.  Do similarly for any Service or other resources that you 
   would expect to need to be touched.  If all that looks good then
   4. check the output for any other resource that might be touching the 
   same files.  Also,
   5. check whether the files are in fact as expected.  If not, then
   6. look at the catalog.  Find the relevant resource(s) in it and check 
   whether their properties are as expected.
   
Having done that, you should have a pretty good handle on the nature of the 
problem -- whether it is bad (or no) agent behavior or bad catalogs, and if 
the latter, the nature of the catalog fault.  If you still need help at 
that point then come back with your findings.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/17421528-7733-443b-add9-cc54e3c01f40%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Combining stages with hiera

[jcbollinger]

On Tuesday, February 18, 2014 3:34:46 PM UTC-6, Jordan Wright wrote:
>
> I have some Windows systems that I need to configure a user's profile. The 
> user has to be logged into for the profile to be created. I came up with 
> the solution below but it seems kinda hacky.
>


Indeed.

 

> I assume there is a better way to get the same effect without having a 
> class inside a class?
>


It is perfectly normal for one class to *declare* another.  It is poor form 
these days, and never necessary, to nest one class *definition* inside 
another.  The best way to avoid the latter is to put your classes in a 
module and lay it out in the normal way.  See 
http://docs.puppetlabs.com/puppet/3/reference/modules_fundamentals.html, 
especially the "Module Layout" section.  Puppet will then automagically 
find the class definition corresponding to each class declaration.

 

> Is there a way to set a stage on a class when using hiera? 
>


Sure.  The 'stage' parameter takes an ordinary string value, which hiera 
can provide.  You can either use automatic data binding, or explicit hiera 
calls.  The latter might look like this:

class { 'autologon::autologon-internal':
  stage => hiera('autologon::autologon-internal::stage'),
  ...
}
 
I don't think that really gains you anything, though.  Why would it be 
helpful -- or even advisable -- to set the run stage via hiera data?

Also, what do you need a run stage for, anyway?  Do you intend to put more 
classes in it later?  For just the one class, you could achieve effect 
without stages:

class autologon ($username, $password) {
class {'autologon::autologon-internal':
username => $username,
password => $password,
}
reboot { 'user-creation':
subscribe => Class['autologon::autologon-internal']
}

...
}



> I am using Windows 7 x64, Puppet Open Source 3.4.2, and Hiera 1.3.1
>
>

And I suppose you are running masterless, via 'puppet apply'.  What you 
have now makes some sense for such a context, but not so much for a 
master/agent setup.

 

> autologon.pp manifest
>
> class autologon ($username, $password) {
> stage { 'user-creation':
> before => Stage['main'],
> }
> class {'autologon-internal':
> stage => user-creation,
> username => $username,
> password => $password,
> }
> reboot { 'user-creation':
> subscribe => Stage['user-creation']
> }
> 
> class autologon-internal ($username, $password) {
> user { $username:
> ensure => present,
> groups => 'Users',
> membership => inclusive,
> password => $password,
> }
> registry_value { "HKLM\\software\\microsoft\\windows 
> nt\\currentversion\\winlogon\\defaultusername":
> ensure => present,
> type   => string,
> data   => $username,
> }
> registry_value { "HKLM\\software\\microsoft\\windows 
> nt\\currentversion\\winlogon\\defaultdomainname":
> ensure => present,
> type   => string,
> data   => $hostname,
> }
> registry_value { "HKLM\\software\\microsoft\\windows 
> nt\\currentversion\\winlogon\\defaultpassword":
> ensure => present,
> type   => string,
> data   => $password,
> }
> registry_value { "HKLM\\software\\microsoft\\windows 
> nt\\currentversion\\winlogon\\autoadminlogon":
> ensure => present,
> type   => string,
> data   => '1',
> }
> }
> }
>
> hiera yaml file
>
> ---
> classes:
>   - autologon
>
> autologon::username: "myusername"
> autologon::password: "mypassword"
>
>

I have serious concerns about this general strategy, though some of them 
may be mitigated by the context in which you plan to use it.  First, 
autologon is mildly evil in and of itself.  If you nevertheless intend to 
leave these systems set up with autologon enabled then ok, but if that 
would be an issue then you are playing with fire.  If you insist on playing 
with fire then your approach is incomplete: it needs a way to detect 
whether autologon is needed, a way to proactively disable it when unneeded, 
and a way to force the erstwhile autologon user to be logged out once his 
profile is configured.

Furthermore, if either now or in the future you will need to configure 
multiple profiles on the same machine, then your general approach is 
inadequate.  You can only configure one autologon user at a time, so you 
need some way to detect which among your multiple profiles need to be 
created, and to set each in turn for autologon.  It is probably doable, but 
eww.  And then, too, Puppet will need to reboot the machine once for each 
missing profile.  And you had better make sure that Puppet will never do 
this when the machine is in use.  And no, scheduling is not in general an 
adequate solution to that issue.

If you are running Puppet as a daemon, and yo

[Puppet Users] Re: how to require a md5sum before installing?

[Andy Spiegl]

Hi Rafael,

>  http://forge.puppetlabs.com/gini/archive
Thanks, I'll try that!  Sounds promising.
Now I only have to find a way to securely get md5sum.exe onto the
machines, uhm...

Thanks!
 Andy.


-- 
 Every generation laughs at the old fashions
 but religiously follows the new.  (Henry David Thoreau, US philosopher)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140219173219.GF32149%40spiegl.de.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Re: Good resources for writing rspec tests for puppet code changes?

[HPUX_PUPPET]

On Wednesday, February 19, 2014 9:28:55 AM UTC-5, Johan De Wit wrote:
>
> Don't have any experience/access to hpux,  but you can always show us 
> the code and the rspec files. 
> So we can have at least a look at it :) 
>
> And multiple eyes see more then two :) 
>
>  
Thanks.  I think I tracked the problem down to the source tree where I was 
working.  It seems I am missing some config flag or ENV variable to tell 
rspec to test relative the to directory where I am working and it was not 
getting the correct hpux_user.rb file, instead defaulting to the one 
installed on the box.  Now if I could just find out where to tell rspec to 
use a specific source tree, it would probably be much better :)

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/13515003-7312-49d4-bb2d-0e09a5541f6f%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Puppet and best way to append a new user to sshd_config AllowUsers with augeas

[Stefan Heijmans]

Hi,
 
You could also use the augeasproviders module [1] from the forge.
Checkout the sshd_config_provider examples here [2].
 
Stefan
 
[1] http://forge.puppetlabs.com/domcleal/augeasproviders
[2] 
http://augeasproviders.com/documentation/examples.html#sshd_config_provider

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b4b09474-8e90-45bc-ba4d-b41b1a502173%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] connecting puppet master and agent

[krishna chaitanya kurnala]

HI 

I am new to Puppet and having a tough time understanding the process of how 
Authentication works in puppet. I am trying to connect puppet 3.4 master 
and agent on a centos 6 machine. we use host files, rather than dns.
This could be a simple question, but, I want to learn to Concepts. I made 
sure puppet is running on both master and agent. Here is my configuration:

On Master:

in puppet.conf

[master]
   certname = host.company.com
   vardir = /var/lib/puppet

in /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 
localhost4.localdomain4 puppet
::1 localhost localhost.localdomain localhost6 
localhost6.localdomain6
10.16.7.22 host.company.com puppetmaster puppet

On Agent:

in puppet.conf 

[main]
server = host.company.com

in /etc/hosts
10.16.7.22 host.company.com puppetmaster puppet

I still cant get them to authorize each other.
I am getting different errors:

On Agent:
sudo puppet agent --server=host.company.com --test

Error: Could not request certificate: Connection refused - connect(2)
Exiting; failed to retrieve certificate and waitforcert is disabled

If I change the certname to a fancy name, it gets even funnier, because, 
the agent looks for a host with than fancy name as there is no DNS. Please 
give some info on how to get that working too.

Can Someone please guide me.


Thanks
Krishna


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e90fb96a-97d2-4fb0-960b-da8307e6b5b2%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] Hash iteration order in a template not consistent

[Andre Nathan]

Hello

Sorry to ressurect this old thread, but I've just found this issue 
upgrading from Puppet 2.7.x to Puppet 3. It's true that ruby 1.8 hash order 
cannot be relied on, but it should always be the same, right? I mean, one 
doesn't know which order the hash contents will be iterated on, but 
whatever order ruby chooses should never change.

We had this working with no issues in 2.7.x and ruby 1.8, but now on Puppet 
3 we're getting random reorderings. I suspect there's a problem in Puppet 
in this case.

Best,
Andre

On Wednesday, March 28, 2012 9:39:45 AM UTC-3, R.I. Pienaar wrote:
>
> - Original Message -
> > From: "Martijn Grendelman" >
>
> 
>
> > 
> http://serverfault.com/questions/368784/puppet-and-templates-how-to-loop-sequently-and-not-randomly
> > 
> > which suggests to do something like
> > 
> > <% aliases.sort_by {|key, value| key}.each_pair do |key, val| -%>
> > <% end -%>
> > 
> > Will it work? Is that a proper solution?
>
> ruby hashes are not stored in predictable order so this will happen, the 
> proposed
> solution should work.
>
> But as always the best is just to test it and see how it goes, it wont 
> bite :)
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/068cf600-4f30-41d9-8249-30e6cec096fd%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Puppet Users] return codes from puppet command

[Erik Dalén]

-- test/-t turns on the detailed exit codes option


On 19 February 2014 08:33, Andrey Kozichev  wrote:

> puppet help agent
>
> * --detailed-exitcodes:
>
>   Provide transaction information via exit codes. If this is enabled, an
> exit
>
>   code of '2' means there were changes, an exit code of '4' means there
> were
>
>   failures during the transaction, and an exit code of '6' means there
> were both
>
>   changes and failures.
>
>
>
>
> On 19 February 2014 09:28, Mikael Lindqvist  wrote:
>
>> Hi,
>>
>> Where are the return codes from the puppet command documented?
>>
>> I have seen 0, 2 and 6 and by the look of it they all seem to signal
>> success, but it would be nice to see a list of them.
>>
>> Thanks!
>>
>> // Mikael
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/13097d50-fbcc-4ba6-9e09-ca19913a34c0%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CACzr%3DFfx63DUObLDMknDeGOuMiKk9xY9-52MjQRYJFNqcYO%3D3Q%40mail.gmail.com
> .
>
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Erik Dalén

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAAzDLeu9eTy2HmPSsoE853Zrd0etoeXFvPysMpkAqEa_c78Rw%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Re: Combining stages with hiera

[Jordan Wright]

I guess I should explain my situation a bit. The intent of this system is 
to configure kisok type systems. Each machine will be logged into a local 
limited user account that is running an application that the public will 
use. At this time I have no need and don't ever plan to have two local 
accounts on the machines. They are connected to the domain so any 
maintenance will be done via domain credentials. 

On Wednesday, February 19, 2014 10:39:01 AM UTC-5, jcbollinger wrote:
>
>
>
> On Tuesday, February 18, 2014 3:34:46 PM UTC-6, Jordan Wright wrote:
>>
>> I have some Windows systems that I need to configure a user's profile. 
>> The user has to be logged into for the profile to be created. I came up 
>> with the solution below but it seems kinda hacky.
>>
>
>
> Indeed.
>
>  
>
>> I assume there is a better way to get the same effect without having a 
>> class inside a class?
>>
>
>
> It is perfectly normal for one class to *declare* another.  It is poor 
> form these days, and never necessary, to nest one class *definition*inside 
> another.  The best way to avoid the latter is to put your classes in 
> a module and lay it out in the normal way.  See 
> http://docs.puppetlabs.com/puppet/3/reference/modules_fundamentals.html, 
> especially the "Module Layout" section.  Puppet will then automagically 
> find the class definition corresponding to each class declaration.
>
>  
>

That is true. I didn't think about moving it into its own file. That would 
make it nicer.
 

> Is there a way to set a stage on a class when using hiera? 
>>
>
>
> Sure.  The 'stage' parameter takes an ordinary string value, which hiera 
> can provide.  You can either use automatic data binding, or explicit hiera 
> calls.  The latter might look like this:
>
> class { 'autologon::autologon-internal':
>   stage => hiera('autologon::autologon-internal::stage'),
>   ...
> }
>  
> I don't think that really gains you anything, though.  Why would it be 
> helpful -- or even advisable -- to set the run stage via hiera data? 
>

I was more thinking about a way to not have a wrapper class. But after 
thinking about it for a day, having a wrapper class isn't as ugly as I 
initially thought.
 

> Also, what do you need a run stage for, anyway?  Do you intend to put more 
> classes in it later?  For just the one class, you could achieve effect 
> without stages:
>
> class autologon ($username, $password) {
> class {'autologon::autologon-internal':
> username => $username,
> password => $password,
> }
> reboot { 'user-creation':
> subscribe => Class['autologon::autologon-internal']
> }
>
> ...
> }
>
>  
>

I have many other classes, I just didn't hit this issue sooner because I 
was testing on a machine with the user already created. Many of the others 
touch the registry of the user, hence why the profile has to exist. After 
solving this issue I ran into another one where I had to put conditionals 
around all the registry resources anyway since the path is invalid if the 
current user isn't logged in. This is caused by another hack of using HKU 
and the SID (
https://ask.puppetlabs.com/question/4425/access-the-registry-of-the-current-user-in-windows/).
 
If the puppetlabs/registry module implements support for HKU (
https://tickets.puppetlabs.com/browse/MODULES-422) then I won't need that 
work around. I could leave the conditionals and remove the stages but I 
sorta like the stages since it makes it very clear that the user has to be 
created first.
 

>
>> I am using Windows 7 x64, Puppet Open Source 3.4.2, and Hiera 1.3.1
>>
>>
>
> And I suppose you are running masterless, via 'puppet apply'.  What you 
> have now makes some sense for such a context, but not so much for a 
> master/agent setup.
>
>  
>

I am actually running a client/server setup.
 

> autologon.pp manifest
>>
>> class autologon ($username, $password) {
>> stage { 'user-creation':
>> before => Stage['main'],
>> }
>> class {'autologon-internal':
>> stage => user-creation,
>> username => $username,
>> password => $password,
>> }
>> reboot { 'user-creation':
>> subscribe => Stage['user-creation']
>> }
>> 
>> class autologon-internal ($username, $password) {
>> user { $username:
>> ensure => present,
>> groups => 'Users',
>> membership => inclusive,
>> password => $password,
>> }
>> registry_value { "HKLM\\software\\microsoft\\windows 
>> nt\\currentversion\\winlogon\\defaultusername":
>> ensure => present,
>> type   => string,
>> data   => $username,
>> }
>> registry_value { "HKLM\\software\\microsoft\\windows 
>> nt\\currentversion\\winlogon\\defaultdomainname":
>> ensure => present,
>> type   => string,
>> data   => $hostname,
>> }
>> registry_value { "HKLM\\software\\microsoft\\wind

[Puppet Users] Announce: Puppet 3.4.3 Now Available

[Melissa Stone]

3.4.3 is a bug fix release in the Puppet 3.4 series.

   - Final: February 19, 2014.


Bug Fixes
--

PUP-1473: User resource fails on UTF-8
comment

Puppet's user resource now supports UTF-8 characters for the comment
attribute, rather than just ASCII.

PUP-736: Encoding mis-matches cause package prefetching to
fail

Previously, puppet could fail to process a package resource if it referred
to an RPM whose description contained non-ASCII characters. Puppet now
handles these resources correctly.

PUP-1524: Duplicate events since
3.4.0

Since Puppet 3.4.0, failed resources would sometimes be logged twice. These
duplicate events were particularly problematic for PuppetDB, since they
could cause the whole transaction to be rolled back. This release fixes the
issue.

PUP-1485: test agent/fallback_to_cached_catalog.rb assumes no master is
running by default 

The acceptance test for falling back to a cached catalog would still run
with a puppet master, even though the functionality assumed that the puppet
master was unavailable. The test now guarantees that the master will be
unreachable by specifying a bogus server.

PUP-1322: Puppet REST API always fails if there's at least one broken
manifest 

Previously, REST API calls to /production/resource_types/*?kind=class
would fail completely if there was a syntax error in one or more manifests
in the module path. This release changes that behavior so that the call
will succeed and list all parseable classes.

PUP-1529: Usability regression caused by
PUP-1322

Fixes a regression caused by the fix for PUP-1322: syntax errors reached
while loading an include would be squelched, which would eventually result
in a misleading "class not found" error.

PUP-751: Performance regression due to excessive file
watching

This performance regression was also linked to PUP-1322: excessive file
watching was causing a significant slowdown during catalog compilation.
This release addresses the performance hit and improves benchmarking by
adding tasks to measure the loading of defined types.

PUP-1729: Remove Debian Sid from build
targets

Acceptance testing on Debian Sid (unstable) was failing regularly due to
factors outside of our control, like broken packages in the distribution's
own repositories. Acceptance tests are still being run against the Debian
"testing" release.

*Windows-Specific Fixes*

PUP-1211: Puppet Resource Package
fails

On Windows, the puppet resource package command would fail immediately if
at least one of the installed packages had non-ASCII characters in its
display name. Puppet will now use the correct string encoding on Windows,
which fixes this bug.

PUP-1389: Windows File resources generating 0 byte files when title
has "-"

This bug prevented puppet from properly managing the content of file
resources with "-" in their titles on Windows. This release fixes the bug.

PUP-1411: Windows agents experience intermittent SSL_connect failures in
acceptance testing 

Acceptance tests would intermittently fail on Windows due to a bug
involving OpenSSL and WEBrick that would cause the connection to time out
after 6.2 seconds. This release improves the OpenSSL initialization process
and extends the timeout interval to 10 seconds, which fixes the bug.


Puppet 3.4.3 Downloads
--
Source: https://downloads.puppetlabs.com/puppet/puppet-3.4.3.tar.gz

Available in native package format in the Puppet Labs yum and apt
repositories:
http://yum.puppetlabs.com and http://apt.puppetlabs.com

Gems are available via rubygems at
https://rubygems.org/downloads/puppet-3.4.3.gem
  or by using `gem install puppet`

Mac packages are available at
https://downloads.puppetlabs.com/mac/puppet-3.4.3.dmg

Windows packages are available at
https://downloads.puppetlabs.com/windows/puppet-3.4.3.msi

Please report feedback via the Puppet Labs tickets site, using an
affected puppet version of 3.4.3:
https://tickets.puppetlabs.com/browse/PUP


Puppet 3.4.3 Contributors
--
Adrien Thebo, Andrew Parker, Branan Purvine-Riley, Derek Yarnell, Henrik
Lindberg, Jeff McCune, Josh Cooper, Josh Partlow, Kylo Ginsberg, Melissa
Stone, Nick Fagerlund, Peter Huene, Rob Reynolds, Ryan McKern, fhrbek


Puppet 3.4.3 Changelog
--
Adrien Thebo (2):
  aeffcfb (maint) Pass Facter.search arrays instead of strings
  5ea1d04 (maint) Don't c

[Puppet Users] Action required: ruby-shadow package broken, update required

[Ryan McKern]

*Bottom line on top*
Due to a incompatible change found after release, if you installed version 
2.3.2 of the ruby-shadow package from yum.puppetlabs.com then you need to 
upgrade your yum cache and downgrade to version 1:2.2.0 of ruby-shadow.

*What happened?*
As part of our on-going effort to provide Puppet packages for Red Hat 
Enterprise Linux 7 when it's released, on February 18th Puppet Labs 
upgraded ruby-shadow in the Puppet Labs Enterprise Linux `dependencies` 
repo to version 2.3.2 (for EL5, EL6, and the pending EL7). Initial smoke 
tests indicated that this was a backwards compatible upgrade but upon 
deeper testing, incompatible changes in the upstream codebase were 
discovered. Unfortunately the incompatible version was available in the 
Puppet Labs `dependencies` repo for approximately 24 hours. The 2.3.2 
package has been removed from all platforms and architectures and replaced 
with 2.2.0, and repository metadata has been updated.

*What does that mean?*
If you've already installed version 2.3.2 of ruby-shadow then Puppet's 
`user` resources are broken. We've built and tested ruby-shadow 2.2.0, 
which is the last version released before the incompatible change. We've 
added an epoch to this release, so going forward this will always trump the 
incompatible 2.3.2 package. You must clean any stale Puppet Labs yum caches 
to remove the outdated entry from the yum metadata on your system.

*How do I fix it?*
>From the terminal, you'll need to run the following:

  ~ $ sudo yum clean all
  ~ $ sudo yum makecache
  ~ $ sudo yum update ruby-shadow

*Afterword*
We do our best to ensure the software we ship to our dependency 
repositories is both up-to-date and fully compatible with our projects. 
Unfortunately, in this case we did not get it right. We hope this mixup has 
not caused a great inconvenience. Please don't hesitate to reach out to us 
with any questions you might have about this. 

Puppet Labs Release Engineering

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/64c91992-2a6f-473c-afb4-ed7ee36c6181%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet Users] Setting validproperties fields in provider modules

[HPUX_PUPPET]

I am still working to the HPUX provider to handle password expirations and 
I have gotten the max and min password age values extracted from the OS, 
but for the life of me I cannot seem to get them to assign to the 
:password_max_age and :password_min_age fields in the Ruby code.

I know from looking at other modules that I can get the values from doing a 
loop on @resource.class.validproperties and set the value by doing value = 
@resource.should().  

I am still learning Ruby and I thought I had it down enough to handle 
assigning to this variable yet I am still missing something here.  

Can anyone provide me some guidance as to why I just cannot get this to 
assign and propagate back up the super class?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7de99e75-86b8-4f3b-825f-420450fda4e7%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.