Re: [Puppet Users] Condition on class existence on agent
On Thursday, February 27, 2014 5:16:43 PM UTC+1, nikolavp wrote: More can be found in http://docs.puppetlabs.com/puppet/latest/reference/lang_classes.html#inheritance look at the Overriding Resource Attributes section. Although I don't like inheritance as you describe it if roleB is a secure web server and roleA is a web server I would go for it. Indeed, I was playing around with inheritance in the meantime and it solved my problem. Even though at first I didn't read that Puppet 3 does not support parameters in the base class and this confused me quite a bit ;). Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4c581bfb-d1db-4a30-a94e-3bd6ce02ef56%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Puppet module template mentioned at contributor summit
The main difference between Gareth's current params.pp and the 'defaults.pp' model I was suggesting is that in the Gareth's pattern the params class is inherited by the base class, and all the component subclasses reference the variables explicitly in the scope of base::params eg: service { $%= metadata.name %::params::service_name: Since the params class is not parameterized there is no way to easily override this data using hiera/data mapping. By making the base class parameterized, with it's defaults being set in 'defaults.pp' (defaults is a more sensible name than params for this example) and having your component subclass reference $::baseclass::var you can override data on class declaration or in hiera using data mapping. It's not that different, but allows for more flexibility and tighter hiera integration Craig On Wed, Feb 26, 2014 at 2:43 PM, Alessandro Franceschi a...@lab42.it wrote: Craig, Not sure to have understood the difference between a defaults.pp pattern and a params.pp pattern, given that I suppose that if there were parameters in the main module class of Gareth's example they would inherit values in params.pp exactly as the defaults example you've written. Can be elaborate or link examples of this defaults.pp pattern? To the list of public modules skeletons let me add this one, that follows stdmod naming conventions: https://github.com/stdmod/puppet-skeleton-standard and this alternative with Rip's data in module approach: https://github.com/stdmod/puppet-skeleton-standard/tree/hiera Al On Wednesday, February 26, 2014 10:37:59 AM UTC+1, Craig Dunn wrote: This is cool, though I realise that it's a (self confessed) opinionated module design, the only thing that really stands out for me is that it follows a rather old, and limited, 'params.pp' pattern. There is no place for Hiera in this model without hard coding hiera lookup functions in the classes. Personally I think a 'defaults.pp' pattern is more sensible in todays Puppet. Eg: class base ( $parameter = $base::defaults::$parameter ) inherits base::defaults { ... } class base::defaults { $parameter = $logic ? { 'foo' = 'bar' } } Your classes can then look up values as $base::parameter. This allows the module to default (rather than dictate) attributes based on whatever logic you want to implement but allows the implementer to override the values either at the resource declaration or using Hiera data mapping for base::parameter. Regards Craig On Wed, Feb 5, 2014 at 5:38 PM, Gareth Rushgrove gar...@morethanseven.net wrote: This came up in discussion a couple of times at the Puppet contributor summit at Config Management Camp in Gent over the last couple of days so I thought I'd write up. A while ago I put together a pretty complete/opinionated skeleton for puppet modules. Especially if you're not too familiar with ruby or the ruby ecosystem, or just getting started with testing it should be a useful starting point. https://github.com/garethr/puppet-module-skeleton I've added a bunch more features (including a Guardfile, resource coverage and support for Beaker integration tests) and got round to writing up a blog post about what and why: http://www.morethanseven.net/2014/02/05/a-template-for-puppet-modules/ Hopefully it's useful to a few people. Any features or issues let me know. Gareth -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/puppet-users/CAFi_6y%2BiRQPPKk8yTLBMiHCNOsLdNFYeaPO 8oTCCcuaASj6SaQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out. -- *Enviatics *| Automation and configuration management http://www.enviatics.com | @Enviatics Puppet Training http://www.enviatics.com/training/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/feaadcb3-cc99-45c3-825d-57ba26dc4dc0%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- *Enviatics *| Automation and configuration management http://www.enviatics.com | @Enviatics Puppet Training http://www.enviatics.com/training/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit
Re: [Puppet Users] Puppet module template mentioned at contributor summit
Ok, I think we are talking about the same thing, then: https://github.com/stdmod/puppet-skeleton-standard/blob/develop/manifests/init.pp.erb should follow what you described as defaults.pp patterns , just it uses a class named params and not default. On Friday, February 28, 2014 11:20:57 AM UTC+1, Craig Dunn wrote: The main difference between Gareth's current params.pp and the 'defaults.pp' model I was suggesting is that in the Gareth's pattern the params class is inherited by the base class, and all the component subclasses reference the variables explicitly in the scope of base::params eg: service { $%= metadata.name %::params::service_name: Since the params class is not parameterized there is no way to easily override this data using hiera/data mapping. By making the base class parameterized, with it's defaults being set in 'defaults.pp' (defaults is a more sensible name than params for this example) and having your component subclass reference $::baseclass::var you can override data on class declaration or in hiera using data mapping. It's not that different, but allows for more flexibility and tighter hiera integration Craig On Wed, Feb 26, 2014 at 2:43 PM, Alessandro Franceschi a...@lab42.itjavascript: wrote: Craig, Not sure to have understood the difference between a defaults.pp pattern and a params.pp pattern, given that I suppose that if there were parameters in the main module class of Gareth's example they would inherit values in params.pp exactly as the defaults example you've written. Can be elaborate or link examples of this defaults.pp pattern? To the list of public modules skeletons let me add this one, that follows stdmod naming conventions: https://github.com/stdmod/puppet-skeleton-standard and this alternative with Rip's data in module approach: https://github.com/stdmod/puppet-skeleton-standard/tree/hiera Al On Wednesday, February 26, 2014 10:37:59 AM UTC+1, Craig Dunn wrote: This is cool, though I realise that it's a (self confessed) opinionated module design, the only thing that really stands out for me is that it follows a rather old, and limited, 'params.pp' pattern. There is no place for Hiera in this model without hard coding hiera lookup functions in the classes. Personally I think a 'defaults.pp' pattern is more sensible in todays Puppet. Eg: class base ( $parameter = $base::defaults::$parameter ) inherits base::defaults { ... } class base::defaults { $parameter = $logic ? { 'foo' = 'bar' } } Your classes can then look up values as $base::parameter. This allows the module to default (rather than dictate) attributes based on whatever logic you want to implement but allows the implementer to override the values either at the resource declaration or using Hiera data mapping for base::parameter. Regards Craig On Wed, Feb 5, 2014 at 5:38 PM, Gareth Rushgrove gar...@morethanseven.net wrote: This came up in discussion a couple of times at the Puppet contributor summit at Config Management Camp in Gent over the last couple of days so I thought I'd write up. A while ago I put together a pretty complete/opinionated skeleton for puppet modules. Especially if you're not too familiar with ruby or the ruby ecosystem, or just getting started with testing it should be a useful starting point. https://github.com/garethr/puppet-module-skeleton I've added a bunch more features (including a Guardfile, resource coverage and support for Beaker integration tests) and got round to writing up a blog post about what and why: http://www.morethanseven.net/2014/02/05/a-template-for-puppet-modules/ Hopefully it's useful to a few people. Any features or issues let me know. Gareth -- Gareth Rushgrove @garethr devopsweekly.com morethanseven.net garethrushgrove.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/puppet-users/CAFi_6y%2BiRQPPKk8yTLBMiHCNOsLdNFYeaPO 8oTCCcuaASj6SaQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out. -- *Enviatics *| Automation and configuration management http://www.enviatics.com | @Enviatics Puppet Training http://www.enviatics.com/training/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/feaadcb3-cc99-45c3-825d-57ba26dc4dc0%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- *Enviatics *|
[Puppet Users] Windows Package Install file permissions
Hi, I have the following class for installing check_mk on windows machines: class windows_check_mk { require windows_common package{ 'Check_MKAgent 1.2.4': ensure = installed, source = 'c:\\my folder\\installers\\check-mk-agent.exe', install_options = ['/S', '/D=C:\myfolder\check_mk'], } } The windows_common take cares of creating the folder c:\my folder\ and fetching several subfolders there - including subfolder installers. This class successfully installs check_mk agent inside C:\myfolder\check_mk but none of the files inside can be exec by any user, if I change install_options to ['/S', '/D=C:\\check_mk'], this does not happen and all exes can be executed. Why does this happens? Is there a way to workaround it? I am using puppet 3.4.3 either on master and on the clients. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/86c664eb-4eae-4098-98e6-eeb1a4c272fe%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] No resources and catalog information with puppetdb
Hello It is still broken. I set soft_write_failure=false I upgraded puppet on the nodes, so now the puppet master and nodes are in version 3.4.3 This is the result of the puppetdb ssl-setup : [root@el6 lofic]# puppetdb ssl-setup PEM files in /etc/puppetdb/ssl already exists, checking integrity. Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct. [root@el6 lofic]# puppetdb ssl-setup -f PEM files in /etc/puppetdb/ssl already exists, checking integrity. Overwriting existing PEM files due to -f flag Copying files: /var/lib/puppet/ssl/certs/ca.pem, /var/lib/puppet/ssl/private_keys/el6.labolinux.fr.pem and /var/lib/puppet/ssl/certs/el6.labolinux.fr.pem to /etc/puppetdb/ssl Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct. I restarted the puppetdb The catalogs are still absent. When I launch the master in debug +trace mode, I see : Debug: Failed to load library 'msgpack' for feature 'msgpack' Debug: file_metadata supports formats: pson b64_zlib_yaml yaml raw /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. Warning: ActiveRecord-based storeconfigs and inventory are deprecated. See http://links.puppetlabs.com/activerecord-deprecation (at /usr/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:334:in `new') Debug: Using settings: adding file resource 'dblocation': 'File[/var/lib/puppet/state/clientconfigs.sqlite3]{:path=/var/lib/puppet/state/clientconfigs.sqlite3, :mode=660, :owner=puppet, :group=puppet, :ensure=:file, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Using settings: adding file resource 'railslog': 'File[/var/log/puppet/rails.log]{:path=/var/log/puppet/rails.log, :mode=600, :owner=puppet, :group=puppet, :ensure=:file, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Finishing transaction 23034320 Info: Connecting to sqlite3 database: /var/lib/puppet/state/clientconfigs.sqlite3 Debug: Configuring PuppetDB terminuses with config file /etc/puppet/puppetdb.conf The name resolution seems fine for the master, the puppetd and the nodes [root@el6 conf.d]# host beaker.labolinux.fr beaker.labolinux.fr has address 192.168.0.10 [root@el6 conf.d]# host 192.168.0.10 10.0.168.192.in-addr.arpa domain name pointer beaker.labolinux.fr. [root@el6 conf.d]# host el6.labolinux.fr el6.labolinux.fr has address 192.168.0.16 [root@el6 conf.d]# host 192.168.0.16 16.0.168.192.in-addr.arpa domain name pointer el6.labolinux.fr. [root@el6 conf.d]# host el6d.labolinux.fr el6d.labolinux.fr has address 192.168.0.63 [root@el6 conf.d]# host 192.168.0.63 63.0.168.192.in-addr.arpa domain name pointer el6d.labolinux.fr. I still have the SSL problem : # puppet node status el6.labolinux.fr --verbose --debug --trace Debug: Configuring PuppetDB terminuses with config file /etc/puppet/puppetdb.conf Debug: Failed to load library 'selinux' for feature 'selinux' Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:path=/etc/puppet, :ensure=:directory, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Puppet::Type::User::ProviderPw: file pw does not exist Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/uuidgen does not exist Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing Debug: /User[puppet]: Provider useradd does not support features libuser; not managing attribute forcelocal Debug: Puppet::Type::Group::ProviderPw: file pw does not exist Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing Debug: /Group[puppet]: Provider groupadd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'vardir': 'File[/var/lib/puppet]{:path=/var/lib/puppet, :owner=puppet, :group=puppet, :ensure=:directory, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Using settings: adding file resource 'logdir': 'File[/var/log/puppet]{:path=/var/log/puppet, :mode=750, :owner=puppet, :group=puppet, :ensure=:directory, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Using settings: adding file resource 'statedir':
[Puppet Users] Re: ensure user and group created
This was a known problem with earlier puppet releases where adding local users would fail if they existed in a network name service (LDAP, NIS, etc), so more recent 3.x puppet versions of the user resource have a 'forcelocal' option. Use this, and it will work. On Wednesday, February 26, 2014 4:17:05 PM UTC-6, bluethundr wrote: Hey all, I've created a puppet module to control LDAP in my environment. The ldap packages on both the centos and ubuntu hosts seem to require a user and group called 'ldap' (respectively). in my ldap::install class I have the following defined: user { ldap: ensure = present, } group { ldap: ensure = present, } But on each puppet run after the user and group is created the following error occurs: err: /Stage[main]/Ldap::Install/User[ldap]/ensure: change from absent to present failed: Could not create user ldap: Execution of '/usr/sbin/usera dd -M ldap' returned 9: useradd: group ldap exists - if you want to add this user to that group, use -g. Is there any way to achieve being able to create this user and group and avoid the error on each run thereafter? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/80becae8-c0bb-4287-98f7-c7984037f050%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: puppet agent on HP unix os
While I have not tried to get get puppet working on HP-UX, I have gotten it to work on a number of other very old platforms by using ruby gems. If you can get a working puppet-supported version of ruby on HP-UX, you are most of the way there. Hopefully, you can get the ruby from a source that already compiled and packaged it, otherwise you'll have to compile ruby on your own, which isn't too bad if you have gnu tools from http://hpux.connect.org.uk. Once you have ruby with gems support, the steps are basically: * gem install --version version you want, or leave out for the latest puppet * This will install 'puppet' and 'facter' within the case bin directory ruby is in * Create /etc/puppet and /var/lib/puppet directories * Add a working /etc/puppet/puppet.conf * Run it as usual by hand: /your/path/bin/puppet agent -t * Create a puppet init script and place into /sbin/init.d, with links to it inwhatever HP-UX uses The benefit of this approach is you get the latest 'n greatest puppet version, and you can even use the package resource's gem provider (may need to sym-link /your/path/bin/gem to /usr/bin/gem') to update the gem in the future if you so desire to keep all puppet versions the same. On Thursday, February 27, 2014 11:07:36 AM UTC-6, Rick Copley wrote: Hi has anyone done any more work on puppet for HP-UX 11.31? Or can someone point me to where I can download the opensource version of puppet agent code so I can try to compile myself? On Friday, December 27, 2013 5:20:09 AM UTC-5, Ankit Mittal wrote: Dear All, Please help me if puppet agent installation is possible on hp unix os or not. If it is possible please tell how to installed it Thanks and Regrads Ankit Mittal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/30d12538-fcb2-412c-a026-abd93556b170%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet agent hogging CPU/RAM
Hi, So the subject might be a bit generic, but couldn't really come up with anything better. Anyway, on to the point: having a problem with two servers in my environment, where when running the puppet agent, it hogs all memory and CPU; the weird thing is though that this only happens on to those two specific servers, which manifest varies quite a bit. To make it a bit easier to describe this issue, I'll call these servers server 1 and server 2. Server 1 runs puppet agent 3.4.2, while server 2 runs puppet agent 3.3.2. Both are running Debian 6 x86_64. When running the agent in debug mode (puppet agent --test --debug --trace), it looks like the issue appears at: Debug: Prefetching apt resources for package Debug: Executing '/usr/bin/dpkg-query-W--showformat'${Status} ${Package} ${Version} :DESC: ${Description}\n:DESC:\n'' What happens when this comes up in the log is that server 1 stands there until it runs out of ram and starts killing processes (i.e. standard OOM behaviour) while server 2 takes about half a minute to complete (with the puppet agent hogging quite a bit of ram and 100% CPU), but then actually completes properly. A detail regarding the execution time is that the execution time reported to Puppet Dashboard when this happens isn't even near the time it actually takes to run the command (for example, for server 2, it is reporting times somewhere around 10-15 sec). So, anyone have any idea what might be causing this? Have anyone seen this previously? (I was able to find quite a lot of posts regarding the puppet agent eating a lot of resources, although I couldn't find anything which seemed related to this specific issue) Regards, Aron Lander -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/36cdd97b-c3df-4466-aff4-9bd828519751%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] No resources and catalog information with puppetdb
Aah, the old null cert chain error. I haven't been able to fix this yet and every time I try this over a mailing list I never get to a conclusion ... I suggest jumping onto Freenode IRC and pinging me - my IRC nick is ken_barber and I usually live in #puppet, I'll be happy to help you there. ken. On Fri, Feb 28, 2014 at 1:30 PM, Louis Coilliot louis.coill...@think.fr wrote: Hello It is still broken. I set soft_write_failure=false I upgraded puppet on the nodes, so now the puppet master and nodes are in version 3.4.3 This is the result of the puppetdb ssl-setup : [root@el6 lofic]# puppetdb ssl-setup PEM files in /etc/puppetdb/ssl already exists, checking integrity. Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct. [root@el6 lofic]# puppetdb ssl-setup -f PEM files in /etc/puppetdb/ssl already exists, checking integrity. Overwriting existing PEM files due to -f flag Copying files: /var/lib/puppet/ssl/certs/ca.pem, /var/lib/puppet/ssl/private_keys/el6.labolinux.fr.pem and /var/lib/puppet/ssl/certs/el6.labolinux.fr.pem to /etc/puppetdb/ssl Setting ssl-host in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-port in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-key in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-cert in /etc/puppetdb/conf.d/jetty.ini already correct. Setting ssl-ca-cert in /etc/puppetdb/conf.d/jetty.ini already correct. I restarted the puppetdb The catalogs are still absent. When I launch the master in debug +trace mode, I see : Debug: Failed to load library 'msgpack' for feature 'msgpack' Debug: file_metadata supports formats: pson b64_zlib_yaml yaml raw /usr/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use String#encode instead. Warning: ActiveRecord-based storeconfigs and inventory are deprecated. See http://links.puppetlabs.com/activerecord-deprecation (at /usr/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:334:in `new') Debug: Using settings: adding file resource 'dblocation': 'File[/var/lib/puppet/state/clientconfigs.sqlite3]{:path=/var/lib/puppet/state/clientconfigs.sqlite3, :mode=660, :owner=puppet, :group=puppet, :ensure=:file, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Using settings: adding file resource 'railslog': 'File[/var/log/puppet/rails.log]{:path=/var/log/puppet/rails.log, :mode=600, :owner=puppet, :group=puppet, :ensure=:file, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Finishing transaction 23034320 Info: Connecting to sqlite3 database: /var/lib/puppet/state/clientconfigs.sqlite3 Debug: Configuring PuppetDB terminuses with config file /etc/puppet/puppetdb.conf The name resolution seems fine for the master, the puppetd and the nodes [root@el6 conf.d]# host beaker.labolinux.fr beaker.labolinux.fr has address 192.168.0.10 [root@el6 conf.d]# host 192.168.0.10 10.0.168.192.in-addr.arpa domain name pointer beaker.labolinux.fr. [root@el6 conf.d]# host el6.labolinux.fr el6.labolinux.fr has address 192.168.0.16 [root@el6 conf.d]# host 192.168.0.16 16.0.168.192.in-addr.arpa domain name pointer el6.labolinux.fr. [root@el6 conf.d]# host el6d.labolinux.fr el6d.labolinux.fr has address 192.168.0.63 [root@el6 conf.d]# host 192.168.0.63 63.0.168.192.in-addr.arpa domain name pointer el6d.labolinux.fr. I still have the SSL problem : # puppet node status el6.labolinux.fr --verbose --debug --trace Debug: Configuring PuppetDB terminuses with config file /etc/puppet/puppetdb.conf Debug: Failed to load library 'selinux' for feature 'selinux' Debug: Using settings: adding file resource 'confdir': 'File[/etc/puppet]{:path=/etc/puppet, :ensure=:directory, :loglevel=:debug, :links=:follow, :backup=false}' Debug: Puppet::Type::User::ProviderPw: file pw does not exist Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/uuidgen does not exist Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::User::ProviderLdap: feature ldap is missing Debug: /User[puppet]: Provider useradd does not support features libuser; not managing attribute forcelocal Debug: Puppet::Type::Group::ProviderPw: file pw does not exist Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does not exist Debug: Failed to load library 'ldap' for feature 'ldap' Debug: Puppet::Type::Group::ProviderLdap: feature ldap is missing Debug: /Group[puppet]: Provider groupadd does not support features libuser; not managing attribute forcelocal Debug: Using settings: adding file resource 'vardir':
Re: [Puppet Users] Windows Package Install file permissions
Hi Armindo, On Fri, Feb 28, 2014 at 5:23 AM, Armindo Silva deathon2l...@gmail.comwrote: Hi, I have the following class for installing check_mk on windows machines: class windows_check_mk { require windows_common package{ 'Check_MKAgent 1.2.4': ensure = installed, source = 'c:\\my folder\\installers\\check-mk-agent.exe', Per the puppet language docs, a double backslash in a single quoted string is supposed to be a literal backslash[1]. But puppet actually interprets that as a double backslash due to a long standing bug[2]. You'll want to use single backslashes, or switch to double quotes. install_options = ['/S', '/D=C:\myfolder\check_mk'], I was going to point you to our windows package documentation[3], but I see that it too needs updating. If you want to specify key/value pairs, then you will want to do: ['/S', { '/D' = 'C:\myfolder\check_mk' }] Note puppet will automatically quote the path if it contains spaces. } } The windows_common take cares of creating the folder c:\my folder\ and fetching several subfolders there - including subfolder installers. This class successfully installs check_mk agent inside C:\myfolder\check_mk but none of the files inside can be exec by any user, if I change install_options to ['/S', '/D=C:\\check_mk'], this does not happen and all exes can be executed. Why does this happens? Is there a way to workaround it? I am using puppet 3.4.3 either on master and on the clients. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/86c664eb-4eae-4098-98e6-eeb1a4c272fe%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. Josh [1] http://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#single-quoted-strings [2] https://projects.puppetlabs.com/issues/16246 [3] http://docs.puppetlabs.com/windows/writing.html#packagepackage -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2014, September 23-24 in San Francisco* -* http://bit.ly/pupconf14 http://bit.ly/pupconf14* Register now and save $350! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97unYT%3Djfsjc%2ByjbvnoKKE%3DNZz8c8_pC8%3D_OHqFY%2Bp-ME%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Windows Package Install file permissions
Hi Josh, Thank you for your reply, but this is not a problem with either the backslashes (btw, I am using doubles because of the example here: http://docs.puppetlabs.com/windows/writing.html#packagepackage), neither with the *install_options* array - both versions install the check_mk exe successfully. When I have install_options = ['/S', '/D=C:\myfolder\check_mk'], check_mk is successfully installed but the files inside *C:\myfolder\check_mk *(check_mk installation dir) although readable I can not exec them; When I have install_options = ['/S', '/D=C:\check_mk'], check_mk is also successfully installed and I can exec the files inside *C:\check_mk *(check_mk installation dir). I think I found the problem, this puppet installation was updated from 3.3.2, where it was still acceptable to set permissions on Windows files, I just added if $osfamily == 'windows' { File { source_permissions = ignore } } to my sites.pp, then deleted *C:\myfolder\* and re-ran puppet agent, now the file permissions are as supposed - I had already tried to delete this folder, but without ignoring the source_permissions windows wide, and although the exec files that were fetched from the master could be ran the ones created by the check_mk installer were not. On Friday, February 28, 2014 2:51:21 PM UTC, Josh Cooper wrote: Hi Armindo, On Fri, Feb 28, 2014 at 5:23 AM, Armindo Silva deatho...@gmail.comjavascript: wrote: Hi, I have the following class for installing check_mk on windows machines: class windows_check_mk { require windows_common package{ 'Check_MKAgent 1.2.4': ensure = installed, source = 'c:\\my folder\\installers\\check-mk-agent.exe', Per the puppet language docs, a double backslash in a single quoted string is supposed to be a literal backslash[1]. But puppet actually interprets that as a double backslash due to a long standing bug[2]. You'll want to use single backslashes, or switch to double quotes. install_options = ['/S', '/D=C:\myfolder\check_mk'], I was going to point you to our windows package documentation[3], but I see that it too needs updating. If you want to specify key/value pairs, then you will want to do: ['/S', { '/D' = 'C:\myfolder\check_mk' }] Note puppet will automatically quote the path if it contains spaces. } } The windows_common take cares of creating the folder c:\my folder\ and fetching several subfolders there - including subfolder installers. This class successfully installs check_mk agent inside C:\myfolder\check_mk but none of the files inside can be exec by any user, if I change install_options to ['/S', '/D=C:\\check_mk'], this does not happen and all exes can be executed. Why does this happens? Is there a way to workaround it? I am using puppet 3.4.3 either on master and on the clients. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/86c664eb-4eae-4098-98e6-eeb1a4c272fe%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. Josh [1] http://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#single-quoted-strings [2] https://projects.puppetlabs.com/issues/16246 [3] http://docs.puppetlabs.com/windows/writing.html#packagepackage -- Josh Cooper Developer, Puppet Labs *Join us at PuppetConf 2014, September 23-24 in San Francisco* -* http://bit.ly/pupconf14 http://bit.ly/pupconf14* Register now and save $350! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/390f678f-21de-470c-a779-2b7687d780e6%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] controlling argument passed to ENC script for AWS
I think I have this resolved. the certname was in fact the solution. I had a permissions problem that looked like things weren't working correctly. Once I got that straightened out the value passed into my ENC script (vpc-id plus hostname) worked fine. Thanks On Thu, Feb 27, 2014 at 4:19 PM, Patrick Kelso patr...@teamkelso.orgwrote: On Fri, Feb 28, 2014 at 8:57 AM, John Pyeatt john.pye...@singlewire.com wrote: I am trying to use one puppetmaster to support multiple AWS VPCs. In other words, I am trying to have one puppetmaster support multiple independent networks. The problem with this is that it is possible for machines on two different VPCs to have the same hostname/ipaddress. I use an ENC script on the puppetmaster to classify what types of classes to load to an agent machine based on the hostname that is passed to the ENC script. But the hostname isn't enough information because as I mentioned above, two different agents might have the same hostname but live in different VPCs. Is there any way to customize the identifier that is passed from the agent to the enc script on the puppetmaster? Ideally, I would like to pass the vpc-id and the hostname. That would guarantee uniqueness. I looked at the puppet inventory service a bit, but I don't think that would solve my problem either. John, Have you had a look at using the Amazon AMI metadata? Set a customer tag for the VPC env and use it with Puppet. This is what I've used to solve a similar issue. http://stackoverflow.com/a/19785580 Regards, Patrick Kelso -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANf9H4YLNVvJ0iDVKVSMojPpUQGQ5cJoFXq87%3DJ%3DP3JnrvFNgQ%40mail.gmail.com . For more options, visit https://groups.google.com/groups/opt_out. -- John Pyeatt Singlewire Software, LLC www.singlewire.com -- 608.661.1184 john.pye...@singlewire.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAEisTL%3DTEx7CF4iAzeUYVa-yfwJ1z-YxkUKJyRR5FA7RNquAkQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Puppet Dashboard behind HTTPS
Hi, Can Puppet Master send the reports to Puppet Dashboard via HTTPS? My Puppet Dashboard is protected with a certificate signed by another CA and this seems to break the sending of reports because Puppet doesn't have the necessary certificate to connect securely and I can't seem to make it work. Thank you, Henrique Rodrigues -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/25e293bd-41b0-4eda-b65b-bb0d82caeff3%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Re: vagrant and reusing certs after destroy box
On Thursday, February 27, 2014 12:17:51 PM UTC-8, Johan De Wit wrote: Hi, The situation ; Whenever I bring up a vagrant box, I do a puppet run against my puppet master to configure some common things I need. And I want to avoid the remove/new request and sign cycle after a vagrant destroy. This can be done using following vagrant config : vm_config.vm.provision :puppet_server do |puppet_server| puppet_server.client_cert_path= box_certs/rspecfc20/cert_rspecfc20.koewacht.net.pem puppet_server.client_private_key_path = box_certs/rspecfc20/priv_rspecfc20.koewacht.net.pem puppet_server.puppet_node = rspecfc20.koewacht.net puppet_server.puppet_server = puppet.koewacht.net end but it does not work, I get a Error: Could not request certificate: stack level too deep so, i stumbled against https://projects.puppetlabs.com/issues/21869 This bug seemed to be solved in 3.4.x, but I'm running 3.4.3 But I think, when I want to reuse my certs on my clean vagrant box, CA public key of the server should also be provided with both the generated cert/private key of the node. Even if i stumbled against this bug, which did give the solution of my problem, I think puppetmasters CA public key should always be provided. I added in my fork of the vagrant code this extra config option, and now I my puppet run against my master, reusing my certs works : puppet_server.server_ca_public_key= box_certs/ca.pem But is this the way to do this, or a bug ? Grts Johan Hi Johan, It looks like the fix for #21869 was supposed to go out in 3.4.0 but got stuck on our master branch --- this means the fix won't show up until 3.5.0. Your strategy of copying the CA pubkey and agent keypair to each node should work. -Charlie -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4185b79c-0dfc-4d42-932d-0a9b7c67e275%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] CFPropertyList usage
My experience is puppet doesnt like upper case in classes, autoloader hates them, so rename the module directory to lowercase. Regards, El 28/02/2014 16:33, Jason Hatman jason.hat...@gmail.com escribió: I've been looking all over for usage examples for CFPropertyList. I'm trying to make a test manifest to create a simple plist and it keeps saying that it can't find class CFPropertyList. I downloaded the zip from https://github.com/ckruse/CFPropertyList/ and unzipped it into /etc/puppet/modules/CFPropertyList. What am I doing wrong? Here's my example: class osx_management::testplist { require 'CFPropertyList' cfpropertylist { 'clientidentifier': ensure = present, path = '/Library/Preferences/ManagedInstallsTest.plist', key = 'ClientIdentifier', value = '$::sp_serial_number', } cfpropertylist { 'installapplesoftwareupdates': ensure = present, path = '/Library/Preferences/ManagedInstallsTest.plist', key = 'InstallAppleSoftwareUpdates', value = true, } cfpropertylist { 'softwarerepourl': ensure = present, path = '/Library/Preferences/ManagedInstallsTest.plist', key = 'SoftwareRepoURL', value = 'http://munkiserver1.orchard.fruit.com/munki_repo', } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/02e54492-61eb-4b3d-9f08-d33b48601fb0%40googlegroups.com . For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAF_B3dcmNp7Y2G1SUMh-7H8fBZd2CtCJb-0vD8EkcPYDM9BkhQ%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] CFPropertyList usage
Thanks for the suggestion. I tried making it all lowercase, but I'm getting the same results. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eab1685a-107f-4fe5-800e-465517b7b252%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Announce: Facter 2.0.1-rc1 Now Available
Facter 2.0.1-rc1 --- ** Pre-release ** - RC1: February 28, 2014. Facter 2.0.1-rc1 Downloads -- Source: https://downloads.puppetlabs.com/facter/facter-2.0.1-rc1.tar.gz Available in native package format in the pre-release repositories at: http://yum.puppetlabs.com and http://apt.puppetlabs.com For information on how to enable the Puppet Labs pre-release repos, see: http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#enabling-the-prerelease-repos Gems are available via rubygems at https://rubygems.org/downloads/facter-2.0.1.rc1.gem or by using `gem install --pre facter` Mac packages are available at https://downloads.puppetlabs.com/mac/facter-2.0.1-rc1.dmg Please report feedback via the Puppet Labs tickets site, using an affected facter version of 2.0.1-rc1: https://tickets.puppetlabs.com/browse/FACT Facter 2.0.1-rc1 release notes --- Release Candidate: Facter 2.0.1 is not yet released. It entered RC 1 on February 28, 2014. Facter 2.0.1 is the first release in the Facter 2 series. (See the note below about Facter 2.0.0.) *Features* FACT-134: Perform basic sanity checks on Facter outputhttps://tickets.puppetlabs.com/browse/FACT-134 Facter now does sanity checking on the output of facts. Facter previously assumed that all facts would be of type String but did not enforce this; Facter now validates that facts are one of (Integer, Float, TrueClass, FalseClass, NilClass, String, Array, Hash). FACT-237: Allow fact resolutions to be built up piece-wisehttps://tickets.puppetlabs.com/browse/FACT-237 FACT-239: Expose different resolution types in DSLhttps://tickets.puppetlabs.com/browse/FACT-239 Introduces aggregate resolutions for facts. Aggregate resolutions allow facts to be extended at runtime and provide a simplified way of building up complex fact values. FACT-341: Windows operatingsystemrelease supporthttps://tickets.puppetlabs.com/browse/FACT-341 On Windows, the operatingsystemrelease fact now returns XP,2003, 2003 R2, Vista, 2008, 7, 2008 R2,8, or 2012, depending on the version reportedy by WMI. *Improvements* FACT-94: Unvendor CFPropertyListhttps://tickets.puppetlabs.com/browse/FACT-94 Removes vendored code for CFPropertyList in favor of treating it as a separate dependency and managing it with Rubygems. FACT-163: Fact loading logic is overly complicatedhttps://tickets.puppetlabs.com/browse/FACT-163 In Facter 1.x the fact search path would be recursively loaded, but only when using Facter via the command line. In Facter 2.0 only fact files at the top level of the search path will be loaded, which matches the behavior when loading facts with Puppet. FACT-266: Backport Facter::Util::Confine improvements to Facter 2https://tickets.puppetlabs.com/browse/FACT-266 Adds several improvements to Facter::Util::Confine, including the ability to confine a fact to a block. FACT-321: Remove deprecated code for 2.0https://tickets.puppetlabs.com/browse/FACT-321 Code that had previously been marked deprecated has now been removed. FACT-322: Remove special casing of the empty stringhttps://tickets.puppetlabs.com/browse/FACT-322 Previous versions of Facter would interpret an empty string (and only an empty string) as nil. Now that facts can return more than just strings (i.e., they can directly return nil), empty strings no longer have this special case. FACT-186: Build Windows-specific gemhttps://tickets.puppetlabs.com/browse/FACT-186 Adds Windows-specific gem dependencies for Facter 2. FACT-194: Merge external facts support to Facter 2https://tickets.puppetlabs.com/browse/FACT-194 Adds pluginsync support for external facts to Facter 2. FACT-207: Remove deprecated ldapnamehttps://tickets.puppetlabs.com/browse/FACT-207 Removes all instances of ldapname, completing its deprecation. FACT-272: Update Facter man page for 2.0https://tickets.puppetlabs.com/browse/FACT-272 The man page for Facter 2 now includes the new command line options. *Bug Fixes* FACT-202: Fix undefined path in macaddress.rbhttps://tickets.puppetlabs.com/browse/FACT-202 One of the possible resolutions for the macaddress fact would incorrectly return nil. This release fixes the bug. *Facter 2.0.0* For historical reasons, Facter 2.0.0 was never released. Facter 2.0.1 is the first release in the Facter 2 series. In May 2012, several release candidates were published for a Facter 2.0.0 release, using code that had diverged from the 1.6 series. After testing it, the Puppet community and developers decided that this code wasn't yet usable and the release was cancelled, in favor of continuing work that became the Facter 1.7 series. Since the 2.0.0rc1 tag in the Facter repo was already occupied by that cancelled release, and since issuing a RC5 out of nowhere might have been confusing, we decided to go directly to 2.0.1 instead. Facter 2.0.1-rc1 Contributors