Re: [Puppet Users] Chocolatey Powerhshell not working with 32 bit puppet agent
This is probably an issue with the provider. Would you file a ticket at https://github.com/chocolatey/puppet-chocolatey/issues and we can track it from there? On Mon, May 12, 2014 at 1:35 AM, Gobin Sougrakpam gobinsougrak...@gmail.com wrote: I have updated chocolateyinstall.ps1 in my chocolatey package to perform some steps at the time of installation. It works fine when I run it on a 64 bit command prompt. But, when i run it from puppet its not working. I'm pretty sure its got to do with the puppet agent running on 32 bit. The modules that I'm using in the chocolateyinstall.ps1 are not available on the 32 bit command. Just wondering if anyone faced similar issues? Would I end up creating separate packages for 32 bit and 64 bit ? Cheers, Gobin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6ce5e7ea-bc7b-4f51-aa1f-1441ac9313dd%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/6ce5e7ea-bc7b-4f51-aa1f-1441ac9313dd%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- Rob Reynolds Developer, Puppet Labs *Join us at **PuppetConf 2014 http://puppetconf.com**, September 23-24 in San Francisco* *Register by May 30th to take advantage of the Early Adopter discount http://links.puppetlabs.com/puppetconf-early-adopter **--**save $349!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMJiBK5SQxPSUqicSeEz6ZKjryepLMr217AiPgLhWx-Q98ZHyw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Problem with deploying Hiera hashes in order
On 05/06/2014 06:04 PM, Marcin wrote:
I use exec of course – sample of this is below:
exec { something _${name}:
command = $some_command_here,
require = something [$order],
creates = some entry here
}
but what do I need to put in Hiera file, on the FIRST hash – where the
question marks are in my example?
Hi,
use an empty string and build this slightly differently:
exec { something _${name}:
command = $some_command_here,
creates = some entry here
}
if something[$order] {
Exec[something_${name}] { require = something [$order] }
}
But I've got to add - this design feels very hacky. Are you sure you
want to do things this way? It will be horrible to maintain.
If you can explain the whole problem you are solving, someone may have a
suggestion on how to design the solution in a more straight-forward fashion.
Regards,
Felix
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53733548.1020705%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet kick not working from foreman UI alone
From foreman server also puppet kick working. curl -d 'nodes=puppetagent' https://puppetmaster:8443/puppet/run --insecure but in foreman UI only puppet kick not working. Please advise me. Regards, Suresh On Wednesday, 14 May 2014 14:38:50 UTC+5:30, Suresh P wrote: Hi, puppet kick is working fine from my puppet master. Triggering hostname Getting status status is success hostname finished with exit code 0 Finished But getting following error in foreman UI. Some or all hosts execution failed, Please check log files for more information In /etc/foreman-proxy/settings.yml i have changed :log_level: DEBUG/INFO but there is no log detected when i run puppet kick from puppetmaster/foreman. Please help me. Regards, Suresh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/252fc30c-706e-492f-a09c-c6f64f5abea2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] File_line match
Hi,
I'm trying to replace line inside a file with file_line.
file_line { 'password policy change':
ensure = present,
path= '/tmp/test',
match = 'password.*requisite.*cracklib\.so.*',
line = 'passwordrequisite
pam_cracklib.so retry=3 minlen=8 difok=5 dcredit=-1 lcredit=-1 ucredit=-1
ocredit=-1'
}
but it keeping failing
Error: Failed to apply catalog: Validation of File_line[password policy
change] failed: When providing a 'match' parameter, the value must be a
regex that matches against the value of your 'line' parameter at
/etc/puppet/environments/common/pci/manifests/init.pp:20
Please advice.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ad28d01f-fabc-4fc1-aa80-795bb1579a4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Vagrant, puppet, augeas path expression problem
Hi!
I'm trying to update /etc/ssh/sshd_config on a Vagrant vm using the puppet
provider. When I do:
ins PermitRootLogin after /files/etc/ssh/sshd_config/#comment[. =
'PermitRootLogin yes']
in augtool, it works fine.
But nothing I try in my puppet rules works. I've tried a few variants,
including:
augeas {'sshd_ins_root_login':
incl = '/etc/ssh/sshd_config',
lens = 'Sshd.lns',
changes = [
ins PermitRootLogin after #comment[.='PermitRootLogin yes']
]
}
augeas {'sshd_ins_root_login':
context = '/files/etc/ssh/sshd_config',
changes = [
ins PermitRootLogin after #comment[.='PermitRootLogin yes']
]
}
and
augeas {'sshd_ins_root_login':
changes = [
ins PermitRootLogin after
/files/etc/ssh/sshd_config/#comment[.='PermitRootLogin yes']
]
}
I've also tried a path like: /files/etc/ssh/sshd_config/#comment[. =~
regexp('PermitRootLogin.*')]
No matter what I do, I get this when I run vagrant provision:
Debug: Augeas[sshd_ins_root_login](provider=augeas): Will attempt to save
and only run if files changed
Debug: Augeas[sshd_ins_root_login](provider=augeas): sending command 'ins'
with params [PermitRootLogin, after,
/files/etc/ssh/sshd_config/#comment[.='PermitRootLogin yes']]
Debug: Augeas[sshd_ins_root_login](provider=augeas): Put failed on one or
more files, output from /augeas//error:
Debug: Augeas[sshd_ins_root_login](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error/path = /files/etc/ssh/sshd_config
Debug: Augeas[sshd_ins_root_login](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error/lens =
/usr/share/augeas/lenses/dist/sshd.aug:123.12-125.36:
Debug: Augeas[sshd_ins_root_login](provider=augeas):
/augeas/files/etc/ssh/sshd_config/error/message = Failed to match
({ /#comment/ = /[^\001-\004\t\n ][^\001-\004\n]*[^\001-\004\t\n
]|[^\001-\0
04\t\n ]/ } | { } | { /AcceptEnv/ } | { /AllowGroups/ } | { /AllowUsers/ }
| { /
DenyGroups/ } | { /Subsystem/ } | { /DenyUsers/ } | { /MACs/ } | {
/AcceptEn((v[
0-9A-Za-z]|[0-9A-Za-uw-z])[0-9A-Za-z]*|)|AcceptE([0-9A-Za-mo-z][0-9A-Za-z]*|)|Ac
cept([0-9A-DF-Za-z][0-9A-Za-z]*|)|Accep([0-9A-Za-su-z][0-9A-Za-z]*|)|Acce([0-9A-
Za-oq-z][0-9A-Za-z]*|)|Acc([0-9A-Za-df-z][0-9A-Za-z]*|)|Allow(Group((s[0-9A-Za-z
]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|Grou([0-9A-Za-oq-z][0-9A-Za-z]*|)|Gro([0-9A-Za-t
v-z][0-9A-Za-z]*|)|Gr([0-9A-Za-np-z][0-9A-Za-z]*|)|User((s[0-9A-Za-z]|[0-9A-Za-r
t-z])[0-9A-Za-z]*|)|Use([0-9A-Za-qs-z][0-9A-Za-z]*|)|Us([0-9A-Za-df-z][0-9A-Za-z
]*|)|U([0-9A-Za-rt-z][0-9A-Za-z]*|)|G([0-9A-Za-qs-z][0-9A-Za-z]*|)|[0-9A-FH-TV-Z
a-z][0-9A-Za-z]*|)|Allo([0-9A-Za-vx-z][0-9A-Za-z]*|)|All([0-9A-Za-np-z][0-9A-Za-
z]*|)|Al([0-9A-Za-km-z][0-9A-Za-z]*|)|Ac([0-9A-Zabd-z][0-9A-Za-z]*|)|DenyGroup((
s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|DenyGrou([0-9A-Za-oq-z][0-9A-Za-z]*|)
|DenyGro([0-9A-Za-tv-z][0-9A-Za-z]*|)|DenyGr([0-9A-Za-np-z][0-9A-Za-z]*|)|DenyUs
er((s[0-9A-Za-z]|[0-9A-Za-rt-z])[0-9A-Za-z]*|)|DenyUse([0-9A-Za-qs-z][0-9A-Za-z]
*|)|DenyUs([0-9A-Za-df-z][0-9A-Za-z]*|)|DenyU([0-9A-Za-rt-z][0-9A-Za-z]*|)|DenyG
([0-9A-Za-qs-z][0-9A-Za-z]*|)|Deny([0-9A-FH-TV-Za-z][0-9A-Za-z]*|)|Den([0-9A-Za-
xz][0-9A-Za-z]*|)|De([0-9A-Za-mo-z][0-9A-Za-z]*|)|MAC((s[0-9A-Za-z]|[0-9A-Za-rt-
z])[0-9A-Za-z]*|)|Matc((h[0-9A-Za-z]|[0-9A-Za-gi-z])[0-9A-Za-z]*|)|Mat([0-9A-Zab
d-z][0-9A-Za-z]*|)|Ma([0-9A-Za-su-z][0-9A-Za-z]*|)|MA([0-9ABD-Za-z][0-9A-Za-z]*|
)|Subsyste((m[0-9A-Za-z]|[0-9A-Za-ln-z])[0-9A-Za-z]*|)|Subsyst([0-9A-Za-df-z][0-
9A-Za-z]*|)|Subsys([0-9A-Za-su-z][0-9A-Za-z]*|)|Subsy([0-9A-Za-rt-z][0-9A-Za-z]*
|)|Subs([0-9A-Za-xz][0-9A-Za-z]*|)|Sub([0-9A-Za-rt-z][0-9A-Za-z]*|)|Su([0-9A-Zac
-z][0-9A-Za-z]*|)|(S[0-9A-Za-tv-z]|M[0-9B-Zb-z]|D[0-9A-Za-df-z]|A[0-9A-Zabd-km-z
]|[0-9BCE-LN-RT-Za-z][0-9A-Za-z])[0-9A-Za-z]*|S|M|D|A|[0-9BCE-LN-RT-Za-z]/
= /[^
\001-\004\t\n ]+([\t ]+[^\001-\004\t\n ]+)*/ })*{ /Match/ }*
with tree
{ #comment = $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm
Exp $
} { } { #comment = This is the sshd server system-wide configuration
file.
See } { #comment = sshd_config(5) for more information. } { } {
#comment
= This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin } { } {
#co
mment = The strategy used for options in the default sshd_config shipped
with
} { #comment = OpenSSH is to specify options with their default value
where
}
...snip... { #comment = PermitRootLogin yes } { PermitRootLogin } {
#comme
nt = StrictModes yes }
...snip...
{ #comment = AllowTcpForwarding no } { #comment = For
ceCommand cvs server }
I'm currently running:
rpm -q puppet
puppet-3.2.1-1.el6.noarch
rpm -q augeas
augeas-0.9.0-4.el6.x86_64
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
[Puppet Users] Multiple PuppetMasters, one PuppetDB
Hi, I'd like to ask for advice on certificate trust in a scenario with multiple puppet masters. I'm in a position where I have roughly 50 environments, each with their own puppetmaster, running their own CAs. I also have another environment from where I provide some centralised services, such as an MCollective broker, a central Logstash/Elasticsearch instance, etc., and that's got its own puppetmaster as well. I have installed PuppetDB in this environment, and its cert is signed by this central puppetmaster's CA. Now I'm in a position where my environments don't trust the PuppetDB's cert because they have no knowledge of the CA that signed it. Is there a way to make them communicate? I reckon making the individual puppetmasters trust the central CA would do it, but how would I go around to do that? Thanks, Cassiano Leal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9F2FD551-D61D-423D-A3C4-2B19095DF2EA%40gamesys.co.uk. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: restarting apache as a service using mcollective
Hi Ankit, I'm not sure what the problem is. Mcollective has a 'service' plugin that is able to do exactly what you need. https://github.com/puppetlabs/mcollective-service-agent#readme On Wednesday, May 14, 2014 3:02:00 AM UTC+2, Ankit Mittal wrote: Dear All, I have mcollective agent running on multiple web server on which apache is installed. I want to stop and start apache using mcollective like we run puppet agent on nodes using mcollective. Thanks Ankit Mittal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/33e9c640-9b4b-40af-858f-f81c3b17cb93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Chocolatey Powerhshell not working with 32 bit puppet agent
Logged the issue(https://github.com/chocolatey/puppet-chocolatey/issues/25). Thanks. On Wednesday, May 14, 2014 3:15:15 PM UTC+8, Rob Reynolds wrote: This is probably an issue with the provider. Would you file a ticket at https://github.com/chocolatey/puppet-chocolatey/issues and we can track it from there? On Mon, May 12, 2014 at 1:35 AM, Gobin Sougrakpam gobinso...@gmail.comjavascript: wrote: I have updated chocolateyinstall.ps1 in my chocolatey package to perform some steps at the time of installation. It works fine when I run it on a 64 bit command prompt. But, when i run it from puppet its not working. I'm pretty sure its got to do with the puppet agent running on 32 bit. The modules that I'm using in the chocolateyinstall.ps1 are not available on the 32 bit command. Just wondering if anyone faced similar issues? Would I end up creating separate packages for 32 bit and 64 bit ? Cheers, Gobin -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6ce5e7ea-bc7b-4f51-aa1f-1441ac9313dd%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/6ce5e7ea-bc7b-4f51-aa1f-1441ac9313dd%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- Rob Reynolds Developer, Puppet Labs *Join us at **PuppetConf 2014 http://puppetconf.com**, September 23-24 in San Francisco* *Register by May 30th to take advantage of the Early Adopter discount http://links.puppetlabs.com/puppetconf-early-adopter **—**save $349!* -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b8fc5715-3200-4f15-8ce0-8989eea7c25f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Exported resources
On Tuesday, May 13, 2014 10:16:16 PM UTC-5, Toky wrote:
Hello all,
I have the following code I use to populate /etc/hosts :
# This module will gather hostnames and IPs in order to populate hosts
files
class hosts {
host { 'localhost.localdomain':
ensure= present,
ip= '127.0.0.1',
host_aliases = [ 'localhost' ],
}
@@host { $fqdn:
ensure= present,
ip= $ipaddress_eth0,
host_aliases = [ $hostname, $tag_name ],
}
# Here we ensure we are capturing all exported nodes
Host | |
}
I would like to send the exported resources to another file too
(/usr/local/etc/ec2-hosts)
How can I get the exported resources above (hostname and ip) in to such
file?
That doesn't make any sense. I mean, I understand what you are trying to
accomplish, but Host resources simply don't fit into it. You are thinking
of Hosts as if they represented a line of text with a certain structure,
but that's altogether the wrong view.
A Host resource represents a hostname-to-net-address mapping known by the
target node. The target either knows this mapping or doesn't; it doesn't
make sense to ask for the target to know it in two places. Moreover, the
local manifestation of knowing a Host mapping is not part of the mapping
itself. On many types of systems it will manifest as an entry in
/etc/hosts, but there are other alternatives (the docs call out OS X
systems as ones where the manifestation is different).
A sym-link from /etc/hosts will not work for what I need.
You need a separate set of resources to manage your other file. Have a
look at the Concat module -- it may get you where you need to go.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ae11d5f7-b248-446d-b9d1-ff79135e0711%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] File_line match
I tested this and the match is working OK. What I got from what you posted
is the following:
Error: Failed to apply catalog: Validation of File_line[password policy
change] failed: When providing a 'match' parameter, the value must be a
regex that matches against the value of your 'line' parameter at
/etc/puppet/modules/test_module/manifests/init.pp:14
Wrapped exception:
When providing a 'match' parameter, the value must be a regex that matches
against the value of your 'line' parameter
Once I took the line break out of the line = you posted, the change
worked fine.
line = 'passwordrequisitepam_cracklib.so retry=3
minlen=8 difok=5 dcredit=-1 lcredit=-1 ucredit=-1 ocredit=-1'
Kent
On Wed, May 14, 2014 at 1:34 AM, eliran shlomo eliranshl...@gmail.comwrote:
Hi,
I'm trying to replace line inside a file with file_line.
file_line { 'password policy change':
ensure = present,
path= '/tmp/test',
match = 'password.*requisite.*cracklib\.so.*',
line = 'passwordrequisite
pam_cracklib.so retry=3 minlen=8 difok=5 dcredit=-1 lcredit=-1
ucredit=-1 ocredit=-1'
}
but it keeping failing
Error: Failed to apply catalog: Validation of File_line[password policy
change] failed: When providing a 'match' parameter, the value must be a
regex that matches against the value of your 'line' parameter at
/etc/puppet/environments/common/pci/manifests/init.pp:20
Please advice.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/ad28d01f-fabc-4fc1-aa80-795bb1579a4e%40googlegroups.comhttps://groups.google.com/d/msgid/puppet-users/ad28d01f-fabc-4fc1-aa80-795bb1579a4e%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
Kent Brede
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CA%2BnSE3_a1KM4KTtAjR3Wj6xHV9og_7nQtnyizUv2MvvmSNpDKQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Problem with deploying Hiera hashes in order
On Wednesday, May 14, 2014 4:20:08 AM UTC-5, Felix.Frank wrote:
On 05/06/2014 06:04 PM, Marcin wrote:
I use exec of course – sample of this is below:
exec { something _${name}:
command = $some_command_here,
require = something [$order],
creates = some entry here
}
but what do I need to put in Hiera file, on the FIRST hash – where the
question marks are in my example?
Hi,
use an empty string and build this slightly differently:
exec { something _${name}:
command = $some_command_here,
creates = some entry here
}
if something[$order] {
Exec[something_${name}] { require = something [$order] }
}
Or if you want to put it all in one resource block,
exec { something _${name}:
command = $some_command_here,
creates = some entry here,
require = $something[$order] ? {
'' = undef,
default = Exec[something_${something[$order]}]
}
}
That better satisfies my distaste for overrides. In fact, if I didn't want
to use a selector as above then I would use a chain expression instead of a
resource override:
(alternative:)
if something[$order] {
Exec[something_${something[$order]}] - Exec[something_${name}]
}
But I've got to add - this design feels very hacky. Are you sure you
want to do things this way? It will be horrible to maintain.
+1
If you can explain the whole problem you are solving, someone may have a
suggestion on how to design the solution in a more straight-forward
fashion.
We're all ears.
John
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/b627465f-c0a9-45c3-bb72-446363c39972%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: File_line match
Hi, how about using augeasprovider to manage PAM? http://augeasproviders.com/documentation/examples.html#pam-provider Stefan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e2aa4759-4ab7-4556-b99b-8789c82cecb2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Multiple PuppetMasters, one PuppetDB
(inline) On Wed, May 14, 2014 at 09:15:49AM +, Cassiano Leal wrote: Hi, I'd like to ask for advice on certificate trust in a scenario with multiple puppet masters. I'm in a position where I have roughly 50 environments, each with their own puppetmaster, running their own CAs. In your position I would probably bite the bullet and pick one puppetmaster to be the CA. Then I would have 49 non-CA puppetmasters and one CA puppetmaster, each being able to serve one of my 50 puppet environments: http://docs.puppetlabs.com/puppet/latest/reference/environments.html http://docs.puppetlabs.com/puppet/latest/reference/environments_classic.html (I'm a bit nonplussed that you're still sane after running 50 separate environments.) I also have another environment from where I provide some centralised services, such as an MCollective broker, a central Logstash/Elasticsearch instance, etc., and that's got its own puppetmaster as well. I have installed PuppetDB in this environment, and its cert is signed by this central puppetmaster's CA. Now I'm in a position where my environments don't trust the PuppetDB's cert because they have no knowledge of the CA that signed it. Is there a way to make them communicate? I reckon making the individual puppetmasters trust the central CA would do it, but how would I go around to do that? I don't know of another way than turning 49 of your puppetmasters into non-CA puppetmasters and re-keying everything based on the new CA, sorry. I can wonder if puppet would use more than one CA certificate in the CA cert file, but then you'd have a massive pile of work keeping that distributed and updated even if it did. Better to go with one CA. Where I am only one puppetmaster has the following set to true: http://docs.puppetlabs.com/references/latest/configuration.html#ca Everything else has this set, as well as server: http://docs.puppetlabs.com/references/latest/configuration.html#caserver That way no matter what (geographically dispersed) puppetmaster an agent is pointed towards, it will still take CA services from a single puppetmaster. (If that puppetmaster breaks we'll restore the CA files from backup and promote another puppetmaster to be the CA.) You will have to re-key everything, but they're all puppetized hosts so this will be relatively easy. Thanks, Cassiano Leal -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/9F2FD551-D61D-423D-A3C4-2B19095DF2EA%40gamesys.co.uk. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20140514141823.GA29005%40iniquitous.heresiarch.ca. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] puppet agent on esx host
Hi, Can we install puppet agent on ESX host. 1. I am provisioning the hosts with PXE and Kickstart in the post install, i wish to install puppet agent and mange the host with the same. Like hardning, network config etc. 2. Use vmware/vcenter module to manage the new host, add it to the appropriated datacenter, configure network. etc Is this possible? Any pointer? -Kaustubh -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d3ccc9bd-ecd9-4beb-8a4f-0b35c2aedc25%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Pupprt testing - continueous integration
Hello, when developping puppet modules i'm: - providing a test.pp for each puppet class that serves a defined parameters set to the class - using git to checkout the complete environment (git clone ssh://puppetmaster:/etc/puppet/environments/development/modules) into my home on a testserver - applying the test class : sudo puppet apply --*basemodulepath*=/home/me/modules modules/mymodule/tests/init.pp - see what is going on - push changes back to git and create a revision - checkout that revision to the integration environment on the puppet master and later on to the production environment - using foreman in production instead of hardcoded parameters This works for me but since basemodulepath is deprecated i wonder if this is the way to go and how this is done by users thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f1f026f2-e80a-4117-adba-f85ca3fb993d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet agent on esx host
kaustubh chaudhari wrote: Can we install puppet agent on ESX host. Not aware of a way to install puppet agent. 1. I am provisioning the hosts with PXE and Kickstart in the post install, i wish to install puppet agent and mange the host with the same. Like hardning, network config etc. All ESX customizations are either done via API, or over ssh (ssh file_line in vmware_lib). 2. Use vmware/vcenter module to manage the new host, add it to the appropriated datacenter, configure network. etc The vcenter module requires a proxy host to communicate to vCenter/ESX. Puppet is installed on the proxy host and not vcenter appliance or ESX. HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/5373900D.3080306%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] RabbitMQ module release plan
Hi all, I'm hoping somebody can tell me if a new release of the Rabbit MQ plugin is imminent, or if not, how stable/tested the latest on github is? There's at least one fix I'd like to get hold of but I don't want to take any undue risks with our live puppet install. Thanks, Steve Boissiere -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/50184036-a839-4081-9a92-34d638144d80%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] puppet agent on esx host
On Wednesday, May 14, 2014 11:47:25 AM UTC-4, Nan Liu wrote: kaustubh chaudhari wrote: Can we install puppet agent on ESX host. Not aware of a way to install puppet agent. 1. I am provisioning the hosts with PXE and Kickstart in the post install, i wish to install puppet agent and mange the host with the same. Like hardning, network config etc. All ESX customizations are either done via API, or over ssh (ssh file_line in vmware_lib). 2. Use vmware/vcenter module to manage the new host, add it to the appropriated datacenter, configure network. etc The vcenter module requires a proxy host to communicate to vCenter/ESX. Puppet is installed on the proxy host and not vcenter appliance or ESX. Proxy host! I was not aware of it. Can you please share some documentation on this. Also can this be done on opensource puppet ? HTH, Nan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/975d2e4c-9d58-451e-a357-bdafc0dd0f26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] RabbitMQ module release plan
On 14.05.2014 11:54, Stephen Boissiere wrote: Hi all, I'm hoping somebody can tell me if a new release of the Rabbit MQ plugin is imminent, or if not, how stable/tested the latest on github is? There's at least one fix I'd like to get hold of but I don't want to take any undue risks with our live puppet install. Thanks, Steve Boissiere What fix exactly are you speaking of? I currently have version 3.1.0 deployed from the forge and haven't ran into any major issues with its functionality. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ae0c1bd0023a5afc2b11f846f1663309%40undergrid.net. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] RabbitMQ module release plan
On 05/14/2014 06:01 PM, Jeremy T. Bouse wrote: What fix exactly are you speaking of? I currently have version 3.1.0 deployed from the forge and haven't ran into any major issues with its functionality. +1 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/537396A2.104%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Serious performance issues with Puppet 3.5.x when using Directory Environments
Running in webrick, for the exact same node, we saw 458 seconds to compile
using directory environments vs 4.5 seconds using the old file-based
environments.
On Thursday, April 17, 2014 5:23:24 AM UTC-4, Antoine Cotten wrote:
Dear Puppet Users community, I would like to report an issue I experience
since the first release of Puppet 3.5, and possibly get some input from
people who face the same problem (if any).
I run a Puppet environment in which all 48 nodes run CentOS 6.5. I have
been using config file-based environments so far without any trouble. When
Puppet 3.5.0 was officially released I decided to give give it a try, along
with the new Directory Environments feature. I disabled my old-style
environment config while making sure my directory tree was correctly set,
as described in the Directory Environments documentation
pagehttp://docs.puppetlabs.com/puppet/latest/reference/environments.html
.
The problem shows up immediately after I restart httpd: Passenger starts
spawning more and more processes which all consume 25% of my machine CPU,
reaching a load average of 10+ in less than a minute as soon as the first
node requests a catalog. This makes the master unusable, it takes between
200 and 300sec to compile any catalog.
What I have tried:
1. Switching back from Passenger to WEBrick: same performance issue
2. Disabling the puppet service on all nodes, and triggering *one*single
manual Puppet run on a random node: same
performance issue
3. Disabling my external node classifier (Foreman): same performance
issue
4. Upgrading to Puppet 3.5.1: same performance issue
5. Switching back to config-based environments and re-enabling all
nodes: no issue, my master behaves normally and the load-average
remains under 0.25 constantly
As you might have noticed, this is definitely not a sizing issue. My
master has 2GB of RAM and 2 allocated vCPU, but the Puppet master rack
process starts consuming all resources as soon as I re-enable Directory
Environments.
When I want to use Directory Environments, the only thing I do is
commenting the [development] and [production] sections in my puppet.conf
file, and adding this to the [main] section: environmentpath =
$confdir/environments
Let me describe my configuration:
*-puppet.conf--*
[main]
logdir = /var/log/puppet.
rundir = /var/run/puppet
ssldir = $vardir/ssl
privatekeydir = $ssldir/private_keys { group = service }
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
autosign = $confdir/autosign.conf { mode = 664 }
[master]
autosign = $confdir/autosign.conf { mode = 664 }
reports= foreman
external_nodes = /etc/puppet/node.rb
node_terminus = exec
ca = true
ssldir = /var/lib/puppet/ssl
storeconfigs = true
storeconfigs_backend = puppetdb
[development]
modulepath =
/etc/puppet/environments/development/modules:/usr/share/puppet/modules
manifest = /etc/puppet/environments/development/manifests/site.pp
config_version =
[production]
modulepath =
/etc/puppet/environments/production/modules:/usr/share/puppet/modules
manifest = /etc/puppet/environments/production/manifests/site.pp
config_version =
*--*
*--directory tree--*/etc/puppet/environments/
|-- development
| |-- manifests
| | `-- site.pp
| `-- modules
| |-- activemq
| |-- apache
| |-- apt
| |-- concat
| |-- datacat
| |-- environment
| |-- epel
| |-- erlang
| |-- firewall
| |-- java
| |-- java_ks
| |-- mcollective
| |-- postfix
| |-- profiles
| |-- rabbitmq
| |-- repos
| |-- stdlib
| `-- tomcat
`-- production
|-- manifests
| `-- site.pp
`-- modules
|-- activemq
|-- apache
|-- apt
|-- concat
|-- datacat
|-- environment
|-- epel
|-- erlang
|-- firewall
|-- inifile
|-- java
|-- java_ks
|-- mcollective
|-- mysql
|-- ntp
|-- postfix
|-- postgresql
|-- profiles
|-- puppetdb
|-- rabbitmq
|-- repos
|-- stdlib
|-- tomcat
`-- vsftpd
*--*
Can anybody reproduce this it on any platform? Thank you in advance for
your help!
Toni
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
Re: [Puppet Users] Serious performance issues with Puppet 3.5.x when using Directory Environments
On May 14, 2014, at 12:28 PM, Kirk Steffensen k...@steffensenfamily.com wrote: Running in webrick, for the exact same node, we saw 458 seconds to compile using directory environments vs 4.5 seconds using the old file-based environments. Kirk, did you try this in 3.6.0-RC1? Later in this thread Antoine reported his slowdown was fixed and I'm wondering if you see the same thing. Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0 puppet platform // coffee // techno // bicycles -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/15B76EC9-E9FC-454E-84DC-504B8965108D%40puppetlabs.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Craig Dunn's Roles/Profiles/Components Conflicts
Hi all, We use the roles/profiles/components model originally suggested by Craig Dunn fairly heavily. In our case: - The role is a business name, like Application X App Server - The profile is the technical name, like Base Components or Webserver - The components are either wrapper classes around modules or modules themselves, like PHP or Apache. For the most part, this works well. We can have, for example: - MyFace Application Server - Base Components - SSSD - Sudo - NTP - PHP Webserver - PHP - Apache - PHP-FPM - Memcache However, we're running into trouble how to handle the situation where you're running a box with multiple functions... for example, WordPress and Drupal. In that case, how do you handle configuration conflicts? On the surface, it seems like we would create a more generic profile like PHP Webserver (like I did in the above example). If I do this, however, I lose the ability to define profile specific variables such as firewall rules, cron jobs, etc. Any thoughts on this? Best, Matt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c1157f75-5a08-4e13-8739-abef8bd23cf4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[Puppet Users] Re: Delete a clients certificate with curl no longer working?
On Tuesday, May 6, 2014 1:31:48 PM UTC+2, Thomas wrote:
When deploying openvz images, we use a init-script to delete puppets ssl
directory and then run a curl that deletes the certificate from the puppet
server:
curl -k -X DELETE -H Accept: pson
https://puppet.example.com:8140/production/certificate_status/client.examle.com
.
After upgrading to puppet 3.5.1 this stopped working, I have read that I
need to revoke the certificate first and that works:
curl -k -X PUT -H Content-Type: text/pson --data
'{desired_state:revoked}'
https://puppet.example.com:8140/production/certificate_status/client.example.com
I have verified that the certificate gets revoked on the server:
[root@puppet ~]# puppet cert list client.example.com
- client.example.com (SHA256)
A9:FD:2D:C3:E4:7C:84:12:9C:D0:B2:4C:F2:81:AB:A0:BE:9C:A4:40:A7:8E:4A:6A:D8:E0:A4:D7:10:A9:4B:E2
(certificate revoked)
After this, the documentation says that I should run the DELETE command
described above but that fails (using | sed for readability):
curl -k -X DELETE -H Accept: pson
https://puppet.example.com:8140/production/certificate_status/client.example.comhttps://puppet.example.com:8140/production/certificate_status/work-reduce203.trioptima.com|
sed 's/,/\n/g'
{issue_kind:RUNTIME_ERROR
message:Server Error: undefined method `each' for nil:NilClass
stacktrace:[/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb:72:in
`process'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:63:in
`process'
/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler/none.rb:6:in `profile'
/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:43:in `profile'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/handler.rb:61:in
`process'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick/rest.rb:31:in
`service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in `service'
/usr/lib/ruby/1.8/webrick/httpserver.rb:65:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:36:in `listen'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `call'
/usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread'
/usr/lib/ruby/1.8/webrick/server.rb:95:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `each'
/usr/lib/ruby/1.8/webrick/server.rb:92:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:23:in `start'
/usr/lib/ruby/1.8/webrick/server.rb:82:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:30:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in
`initialize'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `new'
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:29:in `listen'
/usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:27:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/daemon.rb:139:in `start'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:284:in
`start_webrick_master'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:200:in `main'
/usr/lib/ruby/site_ruby/1.8/puppet/application/master.rb:160:in
`run_command'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:479:in `plugin_hook'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util.rb:479:in `exit_on_fail'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:372:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/context.rb:51:in `override'
/usr/lib/ruby/site_ruby/1.8/puppet.rb:233:in `override'
/usr/lib/ruby/site_ruby/1.8/puppet/application.rb:362:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:137:in `run'
/usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:91:in `execute'
/usr/bin/puppet:4]}
Running the puppet master in debug:
[root@puppet ~]# puppet master --no-daemonize --debug --verbose
[...]
Notice: Starting Puppet master version 3.5.1
[...]
Debug: Routes Registered:
Debug: Route /^\/v2\.0/
Debug: Route /.*/
Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path (/production/certificate_status/
client.example.com)
Debug: Evaluating match for Route /.*/
Error: Server Error: undefined method `each' for nil:NilClass
Any hints?
Adding DELETE in, as suggested by Paul Beltrani in issue
PUP-2516https://tickets.puppetlabs.com/browse/PUP-2516,
/usr/lib/ruby/site_ruby/1.8/puppet/network/http/route.rb (CentOS 6) solved
the issue for me.
@@ -16,7 +16,8 @@
:HEAD = [MethodNotAllowedHandler],
:OPTIONS = [MethodNotAllowedHandler],
:POST = [MethodNotAllowedHandler],- :PUT =
[MethodNotAllowedHandler]+ :PUT = [MethodNotAllowedHandler],+
:DELETE = [MethodNotAllowedHandler]
}
@chained = []
end
Now I can delete the certificate on the puppet master from the client using
curl:
[root@client ~]# curl -k -X DELETE -H Accept: pson
