[Puppet Users] Re: Concat function not found after switching to dynamic environments

[Chuck]

Modules that provide plugins / functions  need to exist in all environments 
(preferably the same version, other issues can occur if they are not) if 
you want everything to work correctly with the current state of puppet.  In 
this case your puppet master is most likely looking for concat / stdlib in 
the production environment that it is part of and not finding the function 
when trying to compile the catalog.  This is really the biggest drawback of 
the current environment system in puppet.  




On Friday, March 14, 2014 7:31:20 AM UTC-5, Agustin Horischnik wrote:
>
> I just switched to using environments more or less as described in 
> http://puppetlabs.com/blog/git-workflow-and-puppet-environments and now 
> puppet agent --test on a previously working node fails with...
>
> Info: Retrieving plugin
> Info: Loading facts in /var/lib/puppet/lib/facter/pip_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/python_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/virtualenv_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_latest_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_stable_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb
> Info: Loading facts in 
> /var/lib/puppet/lib/facter/nodejs_installed_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Unknown function concat at 
> /etc/puppet/environments/testing/modules/gi/manifests/inst.pp:104 on node 
> france-4.kimsufi.com
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> My puppet.conf in the master looks like this:
>
> ...
> [main]
> logdir   = /home/log/puppet #changed var to home
> vardir   = /var/lib/puppet
> ssldir   = /var/lib/puppet/ssl
> rundir   = /var/run/puppet
> factpath = $vardir/lib/facter
> templatedir  = $confdir/templates
> hiera_config = $confdir/hiera.yaml
>
> [master]
> environment  = production
> manifest = $confdir/environments/$environment/manifests/site.pp
> manifestdir  = $confdir/environments/$environment/manifests
> modulepath   = $confdir/environments/$environment/modules
> tamplatedir  = $confdir/environments/$environment/templates
> ...
>
> Both master and agent puppet version is 3.4.3.
> stdlib is installed in /etc/puppet/environments/testing/modules/stdlib
>
> Any ideas what could I be doing wrong?
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ae15cc74-01ca-4936-8133-aa3f95ab8740%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Concat function not found after switching to dynamic environments

[José Luis Ledesma]

Mmm not sure, but hace you tried to move the environment=production to the
agent section?

Regards,
El 14/03/2014 15:18, "Agustin Horischnik"  escribió:

> I just switched to using environments more or less as described in
> http://puppetlabs.com/blog/git-workflow-and-puppet-environments and now
> puppet agent --test on a previously working node fails with...
>
> Info: Retrieving plugin
> Info: Loading facts in /var/lib/puppet/lib/facter/pip_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/python_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/virtualenv_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_latest_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_stable_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb
> Info: Loading facts in
> /var/lib/puppet/lib/facter/nodejs_installed_version.rb
> Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
> Unknown function concat at
> /etc/puppet/environments/testing/modules/gi/manifests/inst.pp:104 on node
> france-4.kimsufi.com
> Warning: Not using cache on failed catalog
> Error: Could not retrieve catalog; skipping run
>
> My puppet.conf in the master looks like this:
>
> ...
> [main]
> logdir   = /home/log/puppet #changed var to home
> vardir   = /var/lib/puppet
> ssldir   = /var/lib/puppet/ssl
> rundir   = /var/run/puppet
> factpath = $vardir/lib/facter
> templatedir  = $confdir/templates
> hiera_config = $confdir/hiera.yaml
>
> [master]
> environment  = production
> manifest = $confdir/environments/$environment/manifests/site.pp
> manifestdir  = $confdir/environments/$environment/manifests
> modulepath   = $confdir/environments/$environment/modules
> tamplatedir  = $confdir/environments/$environment/templates
> ...
>
> Both master and agent puppet version is 3.4.3.
> stdlib is installed in /etc/puppet/environments/testing/modules/stdlib
>
> Any ideas what could I be doing wrong?
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/c24fa1d3-c999-481e-932a-72ef069496dd%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3deeTHd2m_MV4S%2BjHTue1PR9%3DScJ6N7MLv3KxSxvtCbtOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Ideas to allow users only on certain servers

[Philippe Conway]

Thanks Danielle. I have never thought or heard about virtual users. I'll 
check out the links you provided. Thanks!

On Friday, March 14, 2014 2:24:33 AM UTC-7, Daniele Sluijters wrote:
>
> Use virtual users.
>
> Instead of declaring your users as 'real', add a @ in front of them. Now 
> they are virtual so they aren't automatically created by Puppet, you need 
> to explicitly realise them, for example based on a tag or group they're a 
> member in.
>
> You can do it along the lines of:
> Users <| tag == 'dev' }> on a development machine and Users <||> if you 
> want them all.
>
> See:
> http://docs.puppetlabs.com/puppet/latest/reference/lang_virtual.html
> http://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html
> http://docs.puppetlabs.com/guides/virtual_resources.html
> http://blog.scottlowe.org/2012/11/25/using-puppet-for-account-management/
>
> On Thursday, 13 March 2014 22:52:39 UTC+1, Philippe Conway wrote:
>>
>> So at my organization, we have different departments that should only 
>> have access to certain servers.
>>
>> For example:
>>
>> Dev Team: Dev Servers
>> Tech Support: Production Server
>> Admins: All servers
>>
>> How Puppet manages our users now, is once you add the user to the user 
>> manifest, it adds them too *all *the servers. 
>>
>> I've tried adding an if/else statement as sort of mentioned here:
>>
>> https://groups.google.com/forum/#!topic/puppet-users/EA1LKmaFFJ4
>>
>> But I learned that wasn't best practice.
>>
>> I've also tried putting users in different classes such as:
>>
>> users::dev
>> users::ts
>> users::admins
>>
>> However that gets a little redundant...Is there another way to do this 
>> through Puppet? Or am I better off using something like Active Directory to 
>> authenticate and manage groups?
>>
>> Any advice is much appreciated. Thanks!
>>
>> - Philippe
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2023a60e-2a02-492b-8c61-9ba9421c406c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Ideas to allow users only on certain servers

[Philippe Conway]

Thanks Daren. LDAP authentication is definitely a possibility in our 
future. 

On Thursday, March 13, 2014 5:22:38 PM UTC-7, Darin Perusich wrote:
>
> Use LDAP so you have a single source for users and limit access w/groups 
> and ssh allowgroups. Check out OpenDJ if you need a powerful and easy to 
> setup LDAP server. 
> On Mar 13, 2014 5:52 PM, "Philippe Conway" 
> > 
> wrote:
>
>> So at my organization, we have different departments that should only 
>> have access to certain servers.
>>
>> For example:
>>
>> Dev Team: Dev Servers
>> Tech Support: Production Server
>> Admins: All servers
>>
>> How Puppet manages our users now, is once you add the user to the user 
>> manifest, it adds them too *all *the servers. 
>>
>> I've tried adding an if/else statement as sort of mentioned here:
>>
>> https://groups.google.com/forum/#!topic/puppet-users/EA1LKmaFFJ4
>>
>> But I learned that wasn't best practice.
>>
>> I've also tried putting users in different classes such as:
>>
>> users::dev
>> users::ts
>> users::admins
>>
>> However that gets a little redundant...Is there another way to do this 
>> through Puppet? Or am I better off using something like Active Directory to 
>> authenticate and manage groups?
>>
>> Any advice is much appreciated. Thanks!
>>
>> - Philippe
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/cafd5282-53c2-4d21-a833-6384bbe396c6%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/97e38148-e03a-4345-825d-1de147941cd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to delete all files in a dir except for 2?

[Jasmine Lognnes]

Thanks a lot =)


On Friday, March 14, 2014 5:23:13 PM UTC+1, Christopher Wood wrote:
>
> Try something like: 
>
> file { '/commands': 
>   ensure => directory, 
>   recurse => true, 
>   purge => true, 
> } 
>
> That will nuke any file not managed by puppet. 
>
> Be careful of interactions with stuff like yumrepo, of course. 
>
> On Fri, Mar 14, 2014 at 08:55:17AM -0700, Jasmine Lognnes wrote: 
> >Hello =) 
> >Is it possible to have puppet delete all files in /commands except 
> for c66 
> >and c90 ? 
> >There are ~100 files in /commands, so I would rather not do a ensure 
> => 
> >purge for each of them =) 
> >Are there a good way to achieve this? 
> >Kind regards 
> >Jasmine 
> > 
> >-- 
> >You received this message because you are subscribed to the Google 
> Groups 
> >"Puppet Users" group. 
> >To unsubscribe from this group and stop receiving emails from it, 
> send an 
> >email to [1]puppet-users...@googlegroups.com . 
> >To view this discussion on the web visit 
> >[2]
> https://groups.google.com/d/msgid/puppet-users/a17e999e-b9c9-4ed0-99a6-73e8fb9f2374%40googlegroups.com.
>  
>
> >For more options, visit [3]https://groups.google.com/d/optout. 
> > 
> > References 
> > 
> >Visible links 
> >1. mailto:puppet-users+unsubscr...@googlegroups.com  
> >2. 
> https://groups.google.com/d/msgid/puppet-users/a17e999e-b9c9-4ed0-99a6-73e8fb9f2374%40googlegroups.com?utm_medium=email&utm_source=footer
>  
> >3. https://groups.google.com/d/optout 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4e02f833-b6ff-438b-adc8-060d733f7347%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to delete all files in a dir except for 2?

[Christopher Wood]

Try something like:

file { '/commands':
  ensure => directory,
  recurse => true,
  purge => true,
}

That will nuke any file not managed by puppet.

Be careful of interactions with stuff like yumrepo, of course.

On Fri, Mar 14, 2014 at 08:55:17AM -0700, Jasmine Lognnes wrote:
>Hello =)
>Is it possible to have puppet delete all files in /commands except for c66
>and c90 ?
>There are ~100 files in /commands, so I would rather not do a ensure =>
>purge for each of them =)
>Are there a good way to achieve this?
>Kind regards
>Jasmine
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to [1]puppet-users+unsubscr...@googlegroups.com.
>To view this discussion on the web visit
>
> [2]https://groups.google.com/d/msgid/puppet-users/a17e999e-b9c9-4ed0-99a6-73e8fb9f2374%40googlegroups.com.
>For more options, visit [3]https://groups.google.com/d/optout.
> 
> References
> 
>Visible links
>1. mailto:puppet-users+unsubscr...@googlegroups.com
>2. 
> https://groups.google.com/d/msgid/puppet-users/a17e999e-b9c9-4ed0-99a6-73e8fb9f2374%40googlegroups.com?utm_medium=email&utm_source=footer
>3. https://groups.google.com/d/optout

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140314162313.GA13562%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to delete all files in a dir except for 2?

[Jasmine Lognnes]

Hello =)

Is it possible to have puppet delete all files in /commands except for c66 
and c90 ?

There are ~100 files in /commands, so I would rather not do a ensure => 
purge for each of them =)

Are there a good way to achieve this?

Kind regards
Jasmine


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a17e999e-b9c9-4ed0-99a6-73e8fb9f2374%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LaunchDaemon on Mac OSX 10.9 Mavericks

[Merlin Hartley]

Thanks Joe, but your plist gives me exactly the same error...

I am testing this on a brand new from the box iMac with Mavericks with the 
latest Puppet/Hiera/Facter packages downloaded from 
https://downloads.puppetlabs.com/mac/

Incidentally /usr/lib/ruby/site_ruby is actually a symbolic link to 
/Library/Ruby/Site anyway (though I hadn't previously tried with 2.0.0) :
$ ls -al /usr/lib/ruby/site_ruby
lrwxr-xr-x  1 root  wheel  44 31 Oct 21:26 /usr/lib/ruby/site_ruby -> 
../../../../../../../../../Library/Ruby/Site

This feels like we just eliminated the LaunchDaemon as the culprit... do 
you make any other changes to file permissions or anything other that just 
installing those packages?

Thanks again!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0b68c635-f57d-4728-b743-a7b0b637fa20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet dashboard group and class

[Stefan Heijmans]

this one?
http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html#using-dashboard-for-node-classification
 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/309dec2c-7ec9-4713-abe5-d89c58326d45%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] LaunchDaemon on Mac OSX 10.9 Mavericks

[Joe Garfoot]

Hi Merlin,

It¹s working here. This is what we're using with Mavericks and Puppet
3.4.3. 

http://pastebin.com/i9A82gYr

I installed puppet using the installer packages from Puppet Labs rather
than via a gem if that makes a difference.

Thanks

Joe






On 14/03/2014 13:21, "Merlin Hartley"  wrote:

>We have been successfully using Puppet v2 for a few years now managing
>Mac OSX machines, with a LaunchDaemon file (com.reductivelabs.puppet
>http://1drv.ms/1kqcNW0)
>This needed to be changed when Puppet v3 came along and so we merely
>changed the 'Label' - which worked fine with v3.3 on OSX 10.8.5...
>
>For Mavericks (OSX 10.9) we need to use Puppet 3.4.3 (with Facter 1.7.5)
>and this LaunchDaemon file does not work - so following information
>gained from this forum, and the
>
>launchd manpage 
>nPages/man5/launchd.plist.5.html>, I changed the RubyLib Path to where it
>now gets installed and modified a few other keys: (com.puppetlabs.puppet
>http://1drv.ms/1kqdzSU)
>
>Unfortunately this still does not work.
>
>I can manually run puppet on Mavericks from the commandline using 'sudo
>puppet agent --test' and it functions perfectly. But the LaunchDaemon
>just refuses to work; it gives the following error:
>
>Error: Could not create resources for managing Puppet's files and
>directories in sections [:main, :agent, :ssl]: undefined method `each'
>for nil:NilClass
>Error: Could not prepare for execution: Could not create resources for
>managing Puppet's files and directories in sections [:main, :agent,
>:ssl]: undefined method `each' for nil:NilClass
>undefined method `each' for nil:NilClass
>
>The only reference I can find to this kind of error was apparently fixed
>in 3.0.2 (password hashing problem?)...
>
>Has anyone got a LaunchDaemon working on Mavericks? Any pointers for what
>I might need to do to make it work?
>
>Many thanks!
>
>-- 
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to
>puppet-users+unsubscr...@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/puppet-users/c927a550-f16b-4896-b243-c11
>88f1790fb%40googlegroups.com
>188f1790fb%40googlegroups.com?utm_medium=email&utm_source=footer>.
>For more options, visit https://groups.google.com/d/optout.
>


--  
Joe Garfoot.
Infrastructure Management Team.
Wellcome Trust Sanger Institute,
Hinxton, Cambridge, CB10 1SA
Telephone: 01223 492315 






-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CF48BB34.3984A%25jg9%40sanger.ac.uk.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Concat function not found after switching to dynamic environments

[Agustin Horischnik]

I just switched to using environments more or less as described 
in http://puppetlabs.com/blog/git-workflow-and-puppet-environments and now 
puppet agent --test on a previously working node fails with...

Info: Retrieving plugin
Info: Loading facts in /var/lib/puppet/lib/facter/pip_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/last_run.rb
Info: Loading facts in /var/lib/puppet/lib/facter/python_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
Info: Loading facts in /var/lib/puppet/lib/facter/virtualenv_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_latest_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/nodejs_stable_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
Info: Loading facts in /var/lib/puppet/lib/facter/puppi_projects.rb
Info: Loading facts in 
/var/lib/puppet/lib/facter/nodejs_installed_version.rb
Info: Loading facts in /var/lib/puppet/lib/facter/concat_basedir.rb
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Unknown function concat at 
/etc/puppet/environments/testing/modules/gi/manifests/inst.pp:104 on node 
france-4.kimsufi.com
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

My puppet.conf in the master looks like this:

...
[main]
logdir   = /home/log/puppet #changed var to home
vardir   = /var/lib/puppet
ssldir   = /var/lib/puppet/ssl
rundir   = /var/run/puppet
factpath = $vardir/lib/facter
templatedir  = $confdir/templates
hiera_config = $confdir/hiera.yaml

[master]
environment  = production
manifest = $confdir/environments/$environment/manifests/site.pp
manifestdir  = $confdir/environments/$environment/manifests
modulepath   = $confdir/environments/$environment/modules
tamplatedir  = $confdir/environments/$environment/templates
...

Both master and agent puppet version is 3.4.3.
stdlib is installed in /etc/puppet/environments/testing/modules/stdlib

Any ideas what could I be doing wrong?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c24fa1d3-c999-481e-932a-72ef069496dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Ubuntu puppet agent execution permissions

[Vladimir Nikolic]

Hello,

is it normal behaviour for puppet agent to allow execution of subcommands 
to all (non-privileged) users?
For example, all users on local system can disable puppet agent with 
command:
puppet agent --disable

Regards,
Vladimir

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/401ca27f-cde7-4eb5-a58d-9d301a1af92e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Trouble getting puppet config from client to master (Certificate verify failed).

[Esen Sagynov]

This advice has worked for me nicely. Here is how to do this in Puppet 
3.1.x:

1. First, stop puppet master on master node:

sudo puppet resource service puppetmaster ensure=stopped enable=false

2. Then remove all certificates on master node.

sudo rm -rf /var/lib/puppet/ssl

3. Now remove all certificates on the agent node:

rm -rf ~/.puppet/ssl

4. Start the puppet master:

sudo puppet resource service puppetmaster ensure=running enable=true

5. Request the certificates from agent node:

puppet agent --test --waitforcert=2m --noop

Done!

On Sunday, June 9, 2013 2:20:21 AM UTC+9, badgerious wrote:
>
>
> Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server 
>> certificate B: certificate verify failed: [certificate revoked for /CN=
>> masterdns.peoplebrowsr.com] 
>>
>
> It looks like your puppetmaster's cert has been revoked (not the 
> client's). I think it may be necessary to blow away your master's ssl stuff 
> and regenerate (which also means regenerating certs for every client). You 
> can do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the 
> master), and restarting the master (I tried this with a 3.2.1 master). 
> Someone wiser might have a smarter solution to this...
>
> Eric
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/08d33c3c-fe24-41bf-9f10-c92f77b73d74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to use puppet on ubuntu 13.10?

[Peng Yu]

Hi,

Also my question is related with ubuntu 13.10. But I think that it
should be easy to answer by any expert on puppet. So I ask here.

I'm following https://help.ubuntu.com/13.10/serverguide/puppet.html
until the following lines. On my client, I don't find
/etc/default/puppet.

"Now everything is configured on the Puppet server, it is time to
configure the client.

First, configure the Puppet agent daemon to start. Edit
/etc/default/puppet, changing START to yes:"

Also, I get the following message when I run the following command
from client (as directed by the manual).

pengy@boron:~$ sudo puppet agent --test
Exiting; no certificate found and waitforcert is disabled

Could anybody help me understand what is the correct flow to use puppet? Thanks.

-- 
Regards,
Peng

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CABrM6wnbZdLm3pQDAqmNOozscCykkf2mVVU77zx_-uSDEcSeDw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LaunchDaemon on Mac OSX 10.9 Mavericks

[Merlin Hartley]

Sorry, those links are rubbish:
com.reductivelabs.puppet.plist: http://pastebin.com/hBrwkGv0
com.puppetlabs.puppet.plist: http://pastebin.com/X6ZBE7L5

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/83f34703-b8a2-45eb-8e8e-d15845b90a23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] LaunchDaemon on Mac OSX 10.9 Mavericks

[Merlin Hartley]

We have been successfully using Puppet v2 for a few years now managing Mac 
OSX machines, with a LaunchDaemon file (com.reductivelabs.puppet 
http://1drv.ms/1kqcNW0)
This needed to be changed when Puppet v3 came along and so we merely 
changed the 'Label' - which worked fine with v3.3 on OSX 10.8.5...

For Mavericks (OSX 10.9) we need to use Puppet 3.4.3 (with Facter 1.7.5) 
and this LaunchDaemon file does not work - so following information gained 
from this forum, and the launchd 
manpage,
 
I changed the RubyLib Path to where it now gets installed and modified a 
few other keys: (com.puppetlabs.puppet http://1drv.ms/1kqdzSU)

Unfortunately this still does not work.

I can manually run puppet on Mavericks from the commandline using 'sudo 
puppet agent --test' and it functions perfectly. But the LaunchDaemon just 
refuses to work; it gives the following error:

Error: Could not create resources for managing Puppet's files and 
directories in sections [:main, :agent, :ssl]: undefined method `each' for 
nil:NilClass
Error: Could not prepare for execution: Could not create resources for 
managing Puppet's files and directories in sections [:main, :agent, :ssl]: 
undefined method `each' for nil:NilClass
undefined method `each' for nil:NilClass

The only reference I can find to this kind of error was apparently fixed in 
3.0.2 (password hashing problem?)...

Has anyone got a LaunchDaemon working on Mavericks? Any pointers for what I 
might need to do to make it work?

Many thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c927a550-f16b-4896-b243-c1188f1790fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Memory sizing (or leak) in master. [Tkt: 115440]

[Chris Ritson]

Am I being too optimistic? Running a centos 6.5 virtual machine as puppet 
master, on version 3.4.3, I am frequently running out of memory. The virtual 
machine only has 0.75Gig of allocated memory. It holds 225 certificates, but 
only about 130 of these agent machines are regularly active. Mostly they run 
the puppet agent from cron once an hour at a random time or with a random splay 
from within puppet if the start time is not already randomised.

How much memory would be normal for a setup of this size, and how is it likely 
to scale as we add more client agents?

Chris Ritson (Computing Officer and School Safety Officer)

Room 707, Claremont Tower,EMAIL: chris.rit...@ncl.ac.uk
School of Computing Science,  PHONE: +44 191 20 88 175
Newcastle University, FAX  : +44 191 20 88 232
Newcastle upon Tyne, UK NE1 7RU.  WEB  : http://www.cs.ncl.ac.uk/


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/D00BBDAB7ECC63469B186F002CC7DBC80ABD5483%40EXMBCT01.campus.ncl.ac.uk.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] What are puppetd and puppetca?

[Peter Bukowinski]

The video must be fairly old. Those commands are deprecated. Instead of 
'puppetd', it's now 'puppet agent'. Instead of 'puppetca', it's now 'puppet 
cert'.

-- Peter 

> On Mar 14, 2014, at 1:04 AM, pengyu...@gmail.com wrote:
> 
> Hi,
> 
> The following video mentioned puppetd and puppetca (it is on ubuntu 12.04). 
> But I don't find these commands on ubuntu 13.10 (the one I'm trying puppet 
> on). Does anybody know what these commands become? Thanks.
> 
> https://www.youtube.com/watch?v=l86W-WKzhBo
> 
> Regards,
> Peng 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/e0b9e0a4-8537-4a11-9b54-78c56ba307ce%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/998F8710-BC64-4162-9D77-26D6C78729F2%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to debug catalog transfer?

[Andy Spiegl]

Hi!

I've got a problem with Windows clients:

When running "puppet agent -t" manually everything works.
 (as "administrator" in a "run as administrator" shell)

But a run from the puppet-service throws
 "Error 400 on SERVER: Could not inte rn from pson: "\x84" on US-ASCII"

and puppet uses the cached catalog as fallback.
Any idea how I can find the cause for this difference?

Thanks!
 Andy.


-- 
 Many people easily confuse innovation with the latest
 influenza epidemia from Redmond.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140314105101.GA3099%40spiegl.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Using different version of ruby

[Andrea Cappelli]

Hi,
I'm using Puppet on Ubuntu (lucid and precise) with packages from 
apt.puppetlabs.com


I was wondering if it's possible and how to run puppet with a different 
ruby version from the one shipped with my distro


My /usr/bin/puppet on precise contains

#!/usr/bin/ruby1.8

require 'puppet/util/command_line'
Puppet::Util::CommandLine.new.execute

so the ruby environment is fixed at the origin

Anyone uses ruby 1.9.3 (for example 1.9.3-p327, I know p0 is broken for 
puppet), maybe through rbenv or rvm?


Thank you

--
Andrea Cappelli

--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5322D62F.1090302%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Ideas to allow users only on certain servers

[Daniele Sluijters]

Use virtual users.

Instead of declaring your users as 'real', add a @ in front of them. Now 
they are virtual so they aren't automatically created by Puppet, you need 
to explicitly realise them, for example based on a tag or group they're a 
member in.

You can do it along the lines of:
Users <| tag == 'dev' }> on a development machine and Users <||> if you 
want them all.

See:
http://docs.puppetlabs.com/puppet/latest/reference/lang_virtual.html
http://docs.puppetlabs.com/puppet/latest/reference/lang_collectors.html
http://docs.puppetlabs.com/guides/virtual_resources.html
http://blog.scottlowe.org/2012/11/25/using-puppet-for-account-management/

On Thursday, 13 March 2014 22:52:39 UTC+1, Philippe Conway wrote:
>
> So at my organization, we have different departments that should only have 
> access to certain servers.
>
> For example:
>
> Dev Team: Dev Servers
> Tech Support: Production Server
> Admins: All servers
>
> How Puppet manages our users now, is once you add the user to the user 
> manifest, it adds them too *all *the servers. 
>
> I've tried adding an if/else statement as sort of mentioned here:
>
> https://groups.google.com/forum/#!topic/puppet-users/EA1LKmaFFJ4
>
> But I learned that wasn't best practice.
>
> I've also tried putting users in different classes such as:
>
> users::dev
> users::ts
> users::admins
>
> However that gets a little redundant...Is there another way to do this 
> through Puppet? Or am I better off using something like Active Directory to 
> authenticate and manage groups?
>
> Any advice is much appreciated. Thanks!
>
> - Philippe
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1d17af54-978b-445f-a97e-a24530608c7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.