date:20140618

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread shlo . afgin

*Thanks for the details response.*

On Tuesday, June 17, 2014 10:28:01 PM UTC+3, jcbollinger wrote:

Probably. Hooking up an ENC is not very hard.

If the ENC is not running when a catalog request comes in then most likely
the ENC it is not properly configured. Supposing that you are running in
agent / master mode, the ENC needs to be set up on the master. There, the
'node_terminus' configuration parameter must be set to exec and the
'external_nodes' configuration parameter must be set to the absolute
pathname of the ENC script.

Furthermore, the script must be accessible and executable by the master,
which typically does not run as a privileged user. Not only the script,
but also all directories in the path to it must be readable and
executable/traversable by the master. File permissions and other access
controls may come into play here.

Also, once it is properly configured, you need to restart the master in
order for the new configuration to be noticed.

All done already as you describe.

It is highly unlikely that the master is running the ENC successfully, the
output is what you say, and yet it is ignored.

Is there any way to debug it?

I would start by looking at the master's log. If you're not already
running the master with --debug output turned on, then I would do that,
too, to make the log more informative. Likewise, look at the agent's log.
In particular, make sure the agent successfully retrieved a fresh catalog
from the master -- it will complain if it cannot do so, but it may then
proceed to use a cached catalog.

I will try that.

John

Thanks a lot!

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/491960a1-8081-4835-a18f-c546bc88e988%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Open puppet port(s) to the internet

2014-06-18 Thread Spencer Krum

It uses port 8140 and ssl. It is client cert authenticated. So, barring
something like heartbleed, you're about as good as logging in to any
website that uses ssl.
On Jun 17, 2014 10:19 AM, jmp242 jp10...@gmail.com wrote:

I probably don't really understand much about how puppet connects to the
clients, but is there a big security risk about opening it up to the
internet so laptops can get their configuration... If it's safe enough
for any value of safe, what ports does it use?

Thanks,

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f85a67b5-96f2-4ffe-a655-5df3ea018ec0%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/f85a67b5-96f2-4ffe-a655-5df3ea018ec0%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CADt6FWM%2BCS7xde-C9ZGwzDrXaKQ%2BVEUY7oJd_4izte0p0-K1aA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Large files over puppet

2014-06-18 Thread Félix Barbeira

Thanks John, your opinion is really helpful :)

El martes, 17 de junio de 2014 15:30:53 UTC+2, jcbollinger escribió:

On Tuesday, June 17, 2014 3:45:57 AM UTC-5, Félix Barbeira wrote:

I always heard that serve large files over puppet is a bad practice.
But...I guess it depends of what you consider a large file. Everyone agree
that serve for example a 25MB file over puppet it's definitely not
recommended.

It is generally useful in such cases to understand *why* a thing is
considered poor practice. Otherwise it's very hard to reason about
questions such as the one you are posing.

The general advice to avoid serving large files via the Puppet master's
built-in file server is based on Puppet's default behavior of using MD5
checksums to determine whether the target file's content is already in
sync. Checksumming the source and target files is comparatively expensive,
and the master must do it for each catalog request for each client for each
File resource in its catalog (that uses the default checksum method).

My question is wether a text file of ~7000 lines and ~700KB would be
acceptable. Do you think this file rebase puppet recommended size limits
for file and it's big enough to use the advices of the following thread??

https://ask.puppetlabs.com/question/627/serving-large-files-formally-code-artifacts-best-practices/

https://www.google.com/url?q=https%3A%2F%2Fask.puppetlabs.com%2Fquestion%2F627%2Fserving-large-files-formally-code-artifacts-best-practices%2Fsa=Dsntz=1usg=AFQjCNEX6OGIKtjD9bPDQi_xRBYq9BN6LA

There is no one-size-fits-all answer. If your master can support the
combined load, and if the load on your clients (from checksumming on their
side) is acceptable, then you are basically ok. Beware, however, of the
load creeping up as you add more Files, and mind that your master's client
capacity is affected by how much work it must perform for each client.

Note, too, that there are multiple possible approaches. If the file(s)
you want to serve is static and doesn't change too frequently then
packaging it up and managing it via a Package is a good solution, and I
would certainly consider that for a 700kB file. Especially so if it's part
of a collection that you can package up together. On the other hand, you
can also reduce the computational load by switching to a lighter-weight
checksum method
http://docs.puppetlabs.com/references/3.4.stable/type.html#file-attribute-checksum,

at the expense of a greater risk of Puppet mistaking whether the File is
already in sync. Or if you put it on a network file server accessible to
your clients, then 'source'ing it from there works, and spares the master
from checksumming.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c0f34e4d-771c-41fb-b520-8db1a90e8896%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] PuppetDB connection issue - Failed to connect!!

2014-06-18 Thread Rakesh Kathpal

Santanu,. can you please try and update your jetti.ini as follows

[jetty]
host = 0.0.0.0
port = 8080
*ssl-host = 0.0.0.0*
ssl-port = 8081
ssl-key = /etc/puppetdb/ssl/private.pem
ssl-cert = /etc/puppetdb/ssl/public.pem
ssl-ca-cert = /etc/puppetdb/ssl/ca.pem

Restart puppetdb and verify...

On Wed, Jun 18, 2014 at 5:03 AM, Sans r.santanu@gmail.com wrote:

The puppetdb log is attached in the previous post.

And, here is the curl output:

root@puppet:~# curl '
http://puppet.internal:8080/v2/metrics/mbean/java.lang:type=Memory'
{
ObjectPendingFinalizationCount : 0,
HeapMemoryUsage : {
committed : 86220800,
init : 8052480,
max : 194641920,
used : 41882456
},
NonHeapMemoryUsage : {
committed : 63504384,
init : 24313856,
max : 224395264,
used : 63257288
},
Verbose : false,
ObjectName : java.lang:type=Memory

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/36c1d8af-e7bb-4d95-960f-f00db7dc460e%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/36c1d8af-e7bb-4d95-960f-f00db7dc460e%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAEJrXMUf75zSg1w7PUS3Zb0ufx1WnZtxvcO6W%2Bjdhdbj_7-%3DyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to get logs in to the same termianl in agent side

2014-06-18 Thread Malintha Adikari

Hi,

I am executing a shell script in the puppet agent side. If I execute the 
same shell script in my local machine it will print several log messages to 
terminal. But when I execute it in the puppet agent it does not print any 
log into the agent terminal. How can I print the logs of the shell script 
when I run it using puppet ? I am using following command to execute the 
shell script.

exec { strating:
user   = 'root',
environment = 'JAVA_HOME=/home/malintha/jdk1.6.0',
path= $command_path,
command= /pathToShellScript/myScript.sh,
   * logoutput = true,*
timeout = 3600,
require = Exec['another goal'],
  }

Regards,
Malintha Adikari

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dc3a5a66-8f3d-4efc-b1ab-e0f262efa746%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.6.2 [ Security and Bug fix Release ]

2014-06-18 Thread Stefan Heijmans

Hi Josh,

On Tuesday, June 17, 2014 6:35:19 PM UTC+2, Joshua Partlow wrote:

 Is that the issue you are seeing?

Sorry for the confustion but I had the deprecation warning from the package 
type; allow_virtual parameter.
Fixed it yesterday, had disable_warnings in the wrong location.
 
Stefan
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/be75fc74-a03f-422f-88b5-dfc5f248f1d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread shlo . afgin

Hi,

I still can make the ENC work on my puppet server.

General:
Puppet server: 3.3.1 Puppet agent: 2.7.25
The server run Passenger on Apache, so the puppetmaster run from apache and
not by himself.

I have in /etc/puppet/puppet.conf :
[master]
mode_terminus = exec
external_nodes = /usr/bin/env
PUPPET_DASHBOARD_URL=http://user:pass@localhost:3000
/usr/share/puppet-dashboard/bin/external_node

script details:
The file external_node contain perl, all the directories and
the external_node itself have the permission 755.

I did:
* When I run the perl script locally (as a regular script from the
command line – not with puppet) on the puppet server it run okay and give
the YAML output I sent in my previous emails.
* looking for errors in messages log and apache log – nothing
look suspicious. But the warning:
- [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
- YAML in network requests is deprecated and will be removed in a
future version.
* Also tried to make syntax error in my perl script external_node – got
no error in the logs.

What make me think maybe:
* puppet it not running external_node script at all.
* ENC have problems when it Passenger Apache?

Thanks for all the people who answer me.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4c5248b8-35c3-4013-8556-1fd7626682f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Connection timed out - connect(2) when using puppet module

2014-06-18 Thread jcbollinger

On Wednesday, June 18, 2014 12:14:21 AM UTC-5, Torsten Kleiber wrote:

Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger:

You mean you have set these in your puppet.conf or in your environment?
If the former then which one (file system path) and which section? Are you
running as root or as an unprivileged user?

I run at the moment with root and have set it via export before the call.
After setting it now in puppet.conf, the error changes similar to curl
without -k:
puppet module install rtyler/jenkins --debug
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Debug: HTTP GET
https://forgeapi.puppetlabs.com/v3/releases?module=rtyler-jenkins
https://www.google.com/url?q=https%3A%2F%2Fforgeapi.puppetlabs.com%2Fv3%2Freleases%3Fmodule%3Drtyler-jenkinssa=Dsntz=1usg=AFQjCNHu-FqhQGWQIIlMLS_p0AJTBVu6Qw
Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com
Unable to verify the SSL certificate
The certificate may not be signed by a valid CA
The CA bundle included with OpenSSL may not be valid or up to date

Well you don't really want to trust unverified certificates, certainly not
in an automated way. It sounds like you may need to update your trusted
certificate store with one or more new CA certificates. On a RedHat-family
Linux, that probably means updating package ca-certificates.

For what it's worth, neither Firefox on Windows nor curl (without -k) on
CentOS 6.5 complain to me about untrusted SSL certificates when I access
that forge URL, and I haven't made any special accommodation for it.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Open puppet port(s) to the internet

2014-06-18 Thread jcbollinger



On Tuesday, June 17, 2014 12:19:08 PM UTC-5, jmp242 wrote:

 I probably don't really understand much about how puppet connects to the 
 clients, but is there a big security risk about opening it up to the 
 internet so laptops can get their configuration... If it's safe enough 
 for any value of safe, what ports does it use?

 Thanks,



In normal operation, Puppet  (the master) *doesn't* connect to clients -- 
the clients connect to it (on port 8140), thereby establishing a two-way 
communication channel.

Client-side firewalls need to allow outgoing traffic to that port, and 
accept incoming traffic belonging to an established connection to that 
port.  Those permissions can be narrowed to specific destination networks 
or machines, if needed.  For its part, the master needs to accept 
connections on port 8140 from all client machines; that can be narrowed to 
traffic originating on specific networks, if you wish.

Each end of the conversation between agent and master authenticates to the 
other via SSL certificate.  Spencer understated the security there: on the 
web, most SSL connections are authenticated only on one end, so Puppet's 
communications are even better secured.

With that said, if you want laptops in the field to be able to retrieve 
their configuration, then you have the alternative of requiring them to 
establish a VPN connection to your internal network in order to do so 
(especially if users will want / need to use VPN anyway), or of just 
letting them go without syncing until they return home.  The Puppet service 
itself is pretty well secured, but allowing connections from anywhere on 
the internet increases your exposure to network-level attacks.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e0d19ab8-de5e-4205-b774-b37b1b595643%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Sergey Arlashin

Hi,
I have a weird dependency cycle issue. This is just a test module which I 
created while trying to solve this issue:

modules/testmod/manifests/init.pp:

class testmod {
   package { 'nginx': ensure  = installed }
   service { 'nginx':
ensure  = running,
enable  = true,
require = Package['nginx']
   }
}

class testmod::nginxtest {
  file { '/tmp/nginx.test':
ensure = present,
notify = Service['nginx'];
  }
}

manifests/test-node.pp:

node 'test-node.site' {
  class { 'testmod': }
  class { 'testmod::nginxtest':
require = Class['testmod']
  }
}

When I apply this on node test-node.site I get:

Error: Could not apply complete catalog: Found 1 dependency cycle:
== test-node: (File[/tmp/nginx.test] = Service[nginx] = Class[Testmod] = 
Class[Testmod::Nginxtest] = File[/tmp/nginx.test])
== test-node: Try the '--graph' option and opening the resulting '.dot' file 
in OmniGraffle or GraphViz

Could you please help me figure out why this is happening ? It seems there is 
nothing in test mod whih requires testmod::nginxtest .

Thanks in advance. 

--
Best regards,
Sergey Arlashin

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/BA65EC71-6CB1-4448-99F0-D25680533960%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Historical reporting, BI from puppetdb?

2014-06-18 Thread Ryan Anderson

I mentioned Pentaho (albeit spelled incorrectly) as an example, as I saw it
mentioned a number of times online due to its open source community variant
and full feature set. Thanks for the links, it appears that slurping data
into Pentaho via puppetdb's REST API or otherwise is quite possible if
enough time is put into it.

I'm still wondering if anyone is doing the type of BI I'm talking about
today against puppetdb? If so, with what tools? I'm willing to try out a
couple solutions, but if there are others doing this successfully, I'd
rather not reinvent the wheel.

Thanks,
RCA

On Wednesday, June 18, 2014 12:10:48 AM UTC-5, Ken Barber wrote:

And others:

http://wiki.pentaho.com/display/EAI/JSON+Input
http://wiki.pentaho.com/display/EAI/HTTP+Client

Perhaps, you could combine the JSON input perhaps on the contents of a
'puppetdb export' tarball if you wanted to analyze the data from a
previous backup :-).

ken.

On Tue, Jun 17, 2014 at 10:01 PM, Ken Barber k...@puppetlabs.com
javascript: wrote:
Ryan,

What about something like this?

http://wiki.pentaho.com/display/EAI/Rest+Client

This page seems to mix in general actions with integration steps, but
there are more integration types available here:

http://wiki.pentaho.com/display/EAI/Pentaho+Data+Integration+Steps

ken.

On Tue, Jun 17, 2014 at 9:53 PM, Ken Barber k...@puppetlabs.com
javascript: wrote:
Sorry, do you mean Pentaho?

On Tue, Jun 17, 2014 at 9:53 PM, Ken Barber k...@puppetlabs.com
javascript: wrote:
Thanks, good to know. While the REST API would be the method to get
at the
data, my issue is that I'm not capable of writing a web app + data
repository that can generate web-based reports, etc. I've actually
gotten
into the habit of running one-off queries using the API with curl to
get
YAML-formatted reports, which in part got me wanting more.

Question, this BI tool Pentah, what formats/apis is it able to ingest
beyond SQL? Are there any ETL capabilities built into this tool?

Would something like CSV work?

ken.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/f7735e83-a9f3-444b-bac0-f3db5a8a147f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Felix Frank

Hi,

On 06/18/2014 03:51 PM, Sergey Arlashin wrote:
 Could you please help me figure out why this is happening ? It seems there is 
 nothing in test mod whih requires testmod::nginxtest .

actually yes, there is.

  file { '/tmp/nginx.test':
ensure = present,
notify = Service['nginx'];
  }

The 'notify' implicitly puts File['/tmp/nginx.test'] *before*
Service['nginx'].

The

  class { 'testmod::nginxtest':
require = Class['testmod']
  }

ends up doing the opposite - wanting the Service['nginx'] before
File['/tmp/nginx.test'].

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53A19A45.30903%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread RichTea

On 18 June 2014 14:10, shlo.af...@gmail.com wrote:

Hi,

I still can make the ENC work on my puppet server.

General:
Puppet server: 3.3.1 Puppet agent: 2.7.25
The server run Passenger on Apache, so the puppetmaster run from apache
and not by himself.

I have in /etc/puppet/puppet.conf :
[master]
mode_terminus = exec

external_nodes =

/usr/bin/env

PUPPET_DASHBOARD_URL=http://user:pass@localhost:3000

/usr/share/puppet-dashboard/bin/external_node

Once again why do you have all that in your external_nodes

?
eg what is /usr/bin/env doing, what is PUPPET_DASHBOARD_URL=http://

user:pass@localhost:3000 doing for you?

Why not just external_nodes = /usr/share/puppet-dashboard/

bin/external_node

Is your external_nodes script executable by puppet?

Did you add the node: certname bit to your YAML output as suggested?

Ritchie

script details:
The file external_node contain perl, all the directories and
the external_node itself have the permission 755.

What make me think maybe:
* puppet it not running external_node script at all.
* ENC have problems when it Passenger Apache?

Thanks for all the people who answer me.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4c5248b8-35c3-4013-8556-1fd7626682f0%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/4c5248b8-35c3-4013-8556-1fd7626682f0%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAFWLKddv75ovMwp4wLm-%2Biyog2puEYM0BtEwWW82_Om3ap1VsA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] PuppetDB connection issue - Failed to connect!!

2014-06-18 Thread Sans

Thanks Rakesh! 
But, as you probably can guess, that didn't change a thing; still getting 
the same error. I'm not sure if PuppetDB look in the DNS record (as opposed 
to hosts file), in that case it never gonna work. Best!!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9c9cc6c3-1059-4b67-abd8-29f8d77e8527%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Sergey Arlashin

Hm, ok.
But when I use 'subscribe' instead of 'notify' 

class testmod {
   package { 'nginx': ensure  = installed }
   service { 'nginx':
ensure= running,
enable= true,
require   = Package['nginx'],
subscribe = File['/tmp/nginx.test']
   }
}
class testmod::nginxtest {
  file { '/tmp/nginx.test':
ensure = present
  }
}

I get

== test-node: Error: Could not apply complete catalog: Found 1 dependency 
cycle:
== test-node: (File[/tmp/nginx.test] = Service[nginx] = Class[Testmod] = 
Class[Testmod::Nginxtest] = File[/tmp/nginx.test])
== test-node: Try the '--graph' option and opening the resulting '.dot' file 
in OmniGraffle or GraphViz

I do need to have 2 separate modules. I need the class 'testmode' to run before 
class 'test mod::nginxtest'. And I need to restart service 'nginx' when I 
change '/tmp/nginx.test'.

So then the question is - how to do this properly? Do I need to create 
something like exec { 'nginx restart': ... } ? 


On Jun 18, 2014, at 5:55 PM, Felix Frank felix.fr...@alumni.tu-berlin.de 
wrote:

 Hi,
 
 On 06/18/2014 03:51 PM, Sergey Arlashin wrote:
 Could you please help me figure out why this is happening ? It seems there 
 is nothing in test mod whih requires testmod::nginxtest .
 
 actually yes, there is.
 
  file { '/tmp/nginx.test':
ensure = present,
notify = Service['nginx'];
  }
 
 The 'notify' implicitly puts File['/tmp/nginx.test'] *before*
 Service['nginx'].
 
 The
 
  class { 'testmod::nginxtest':
require = Class['testmod']
  }
 
 ends up doing the opposite - wanting the Service['nginx'] before
 File['/tmp/nginx.test'].
 
 HTH,
 Felix
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/53A19A45.30903%40alumni.tu-berlin.de.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9548D943-73FE-41B1-984C-1EDC8FAD40D3%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How to get logs in to the same termianl in agent side

2014-06-18 Thread Sans

I think, you cannot: The manifest is first compiled on Puppet Master and 
then the catalog (complied manifests) is sent to the agent, where that 
command actually runs. You can try this instead to see if you get any thing 
better

command= '/pathToShellScript/myScript.sh 21',

 logoutput  = true,


Best!

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3c611f20-e087-42ef-8edd-e8d20d0acc82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Open puppet port(s) to the internet

2014-06-18 Thread Neil - Puppet List

Running puppet on port 443 might be a good move if you expect your laptops
to be using cafe hotel airport style wifi

sslh might be a suitable tool to proxy for puppet I've not tried it though.

Regards

Neil
On 18 Jun 2014 14:30, jcbollinger john.bollin...@stjude.org wrote:

On Tuesday, June 17, 2014 12:19:08 PM UTC-5, jmp242 wrote:

Thanks,

In normal operation, Puppet (the master) *doesn't* connect to clients --
the clients connect to it (on port 8140), thereby establishing a two-way
communication channel.

Client-side firewalls need to allow outgoing traffic to that port, and
accept incoming traffic belonging to an established connection to that
port. Those permissions can be narrowed to specific destination networks
or machines, if needed. For its part, the master needs to accept
connections on port 8140 from all client machines; that can be narrowed to
traffic originating on specific networks, if you wish.

Each end of the conversation between agent and master authenticates to the
other via SSL certificate. Spencer understated the security there: on the
web, most SSL connections are authenticated only on one end, so Puppet's
communications are even better secured.

With that said, if you want laptops in the field to be able to retrieve
their configuration, then you have the alternative of requiring them to
establish a VPN connection to your internal network in order to do so
(especially if users will want / need to use VPN anyway), or of just
letting them go without syncing until they return home. The Puppet service
itself is pretty well secured, but allowing connections from anywhere on
the internet increases your exposure to network-level attacks.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e0d19ab8-de5e-4205-b774-b37b1b595643%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/e0d19ab8-de5e-4205-b774-b37b1b595643%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAohVBfNtx6igp__7Koivb18r_onQ0A0BUZeMpVyeTct1%2B-s8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How to get logs in to the same termianl in agent side

2014-06-18 Thread Sans

Another thing, JFYI: I think somewhere you said you are new the Puppet, so 
get into the habit to follow the style-guide before it's too late, 
especially for the quote: you are mixing up the double and single quotes. 
Look at here: http://docs.puppetlabs.com/guides/style_guide.html

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bf6c50dc-942c-4cf8-9af5-7d6110336da3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Backports for puppet with Ubuntu 14.04

2014-06-18 Thread Eric Speake

I am not able to update my current puppet master at this exact time and I 
need to see if I can backport puppet 3.1.1 to ubuntu 14.04.  I have looked 
at the backports but I am not finding any puppet backports at all for 14.04.


Thank you,
Eric

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b2062161-c2c5-4627-9a00-47bc70a97752%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Christopher Wood

Also see these for interesting ideas:

http://www.craigdunn.org/2012/05/239/
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-1/
http://garylarizza.com/blog/2014/02/17/puppet-workflow-part-2/


In your place, this is how I would arrange what you want, because I often cram 
configs together (huzzah legacy systems):

class testmod::packages {
  package { 'nginx': }
}

class testmod::services {
  service { 'nginx':
ensure= running,
enable= true,
  }
}

class testmod::nginxtest {
  file { '/tmp/nginx.test': }
}

# you might also look into contain over include?
class testmod {
  include ::testmod::packages
  include ::testmod::services
  Class['::testmod::packages'] ~ Class['::testmod::services']
}

# this shows how a generic testmod is all normal-ish...
class profile::testmod {
  include ::testmod
}

# ...but a testmod nginx tester is a bit special
# obviously you could move includes/chaining around
class profile::testmodnginx {
  include ::testmod::packages
  include ::testmod::services
  include ::testmod::nginxtest
  Class['::testmod::packages'] ~ Class['::testmod::services']
  Class['::testmod::packages'] - Class['::testmod::nginxtest']
  Class['::testmod::nginxtest'] ~ Class['::testmod::services']
}


Or you could do it in a parameterized fashion:

class testmod ( $nginxtest = false ) {

  package { 'nginx': }

  # from stdlib, see puppet forge
  if str2bool($nginxtest) {
file { '/tmp/nginx.test':
  ensure  = present,
  require = Package['nginx'],
  notify  = Service['nginx'],
}
  }

  service { 'nginx':
ensure = running,
enable = true,
  }

}

Then in hiera:

testmod::nginxtest: true

And somewhere else:

include testmod

Or the declarative way, having a higher chance of hurting you later:

class { 'testmod':
  nginxtest = true,
}


Or you could do it any way you wanted, really.

(Cue zillions of different posts about the right way to do this.)


On Wed, Jun 18, 2014 at 06:22:00PM +0400, Sergey Arlashin wrote:
 Hm, ok.
 But when I use 'subscribe' instead of 'notify' 
 
 class testmod {
package { 'nginx': ensure  = installed }
service { 'nginx':
 ensure= running,
 enable= true,
 require   = Package['nginx'],
 subscribe = File['/tmp/nginx.test']
}
 }
 class testmod::nginxtest {
   file { '/tmp/nginx.test':
 ensure = present
   }
 }
 
 I get
 
 == test-node: Error: Could not apply complete catalog: Found 1 dependency 
 cycle:
 == test-node: (File[/tmp/nginx.test] = Service[nginx] = Class[Testmod] = 
 Class[Testmod::Nginxtest] = File[/tmp/nginx.test])
 == test-node: Try the '--graph' option and opening the resulting '.dot' file 
 in OmniGraffle or GraphViz
 
 I do need to have 2 separate modules. I need the class 'testmode' to run 
 before class 'test mod::nginxtest'. And I need to restart service 'nginx' 
 when I change '/tmp/nginx.test'.
 
 So then the question is - how to do this properly? Do I need to create 
 something like exec { 'nginx restart': ... } ? 
 
 
 On Jun 18, 2014, at 5:55 PM, Felix Frank felix.fr...@alumni.tu-berlin.de 
 wrote:
 
  Hi,
  
  On 06/18/2014 03:51 PM, Sergey Arlashin wrote:
  Could you please help me figure out why this is happening ? It seems there 
  is nothing in test mod whih requires testmod::nginxtest .
  
  actually yes, there is.
  
   file { '/tmp/nginx.test':
 ensure = present,
 notify = Service['nginx'];
   }
  
  The 'notify' implicitly puts File['/tmp/nginx.test'] *before*
  Service['nginx'].
  
  The
  
   class { 'testmod::nginxtest':
 require = Class['testmod']
   }
  
  ends up doing the opposite - wanting the Service['nginx'] before
  File['/tmp/nginx.test'].
  
  HTH,
  Felix
  
  -- 
  You received this message because you are subscribed to the Google Groups 
  Puppet Users group.
  To unsubscribe from this group and stop receiving emails from it, send an 
  email to puppet-users+unsubscr...@googlegroups.com.
  To view this discussion on the web visit 
  https://groups.google.com/d/msgid/puppet-users/53A19A45.30903%40alumni.tu-berlin.de.
  For more options, visit https://groups.google.com/d/optout.
 
 -- 
 You received this message because you are subscribed to the Google Groups 
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/puppet-users/9548D943-73FE-41B1-984C-1EDC8FAD40D3%40gmail.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140618150053.GA27009%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Felix Frank

Wow, Christopher gave an exhaustive answer :-)

I'll try and Keep It Simple.

On 06/18/2014 04:22 PM, Sergey Arlashin wrote:
 I do need to have 2 separate modules. I need the class 'testmode' to run 
 before class 'test mod::nginxtest'. And I need to restart service 'nginx' 
 when I change '/tmp/nginx.test'.

Yes, you face the same issue, seeing as you just brought it in a
different notation. The same relationships are established.

 So then the question is - how to do this properly? Do I need to create 
 something like exec { 'nginx restart': ... } ? 

This is actually not possible.

If Puppet should refresh the service upon change of the config file, it
*must* evaluate the file resource before the service resource.

You need to disentangle your relationships and come up with an order in
which you want your resources applied, e.g.

Package - File - Service

This may indeed mean that you cannot require a whole class. But as
Christopher has advised, you mileage may increase if you structure the
classes more distinctly.

HTH,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53A1AA93.9000708%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread shlo . afgin

I tried also just /usr/share/puppet-dashboard/bin/external_node it act the
same way.
I add node:, I hope I did it in the right way because I did not find it in
the document - also not work.
If I'm not adding any 'node: ', It should work for all the nodes the same.
Am I right? or it must appear in the output?

Also I have another warning that I did not mention in my previous email,
which I consider as warning:
Gem::Specification#installation_path called from
/usr/share/puppet-dashboard/config/../vendor/rails/railties/lib/rails/vendor_gem_source_index.rb:93.
NOTE: Gem::Specification#installation_path is deprecated, use base_dir. It
will be removed on or after 2011-10-01.
I tried to solve this warning in the past - with no success.

Thank you.

On Wednesday, June 18, 2014 5:10:43 PM UTC+3, RichT wrote:

On 18 June 2014 14:10, shlo@gmail.com javascript: wrote:

Hi,

I still can make the ENC work on my puppet server.

General:
Puppet server: 3.3.1 Puppet agent: 2.7.25
The server run Passenger on Apache, so the puppetmaster run from apache
and not by himself.

I have in /etc/puppet/puppet.conf :
[master]
mode_terminus = exec

external_nodes =

/usr/bin/env

PUPPET_DASHBOARD_URL=http://user:pass@localhost:3000

/usr/share/puppet-dashboard/bin/external_node

Once again why do you have all that in your external_nodes

?
eg what is /usr/bin/env doing, what is PUPPET_DASHBOARD_URL=http://

user:pass@localhost:3000 doing for you?

Why not just external_nodes = /usr/share/puppet-dashboard/

bin/external_node

Is your external_nodes script executable by puppet?

Did you add the node: certname bit to your YAML output as suggested?

Ritchie

script details:
The file external_node contain perl, all the directories and
the external_node itself have the permission 755.

What make me think maybe:
* puppet it not running external_node script at all.
* ENC have problems when it Passenger Apache?

Thanks for all the people who answer me.

https://groups.google.com/d/msgid/puppet-users/4c5248b8-35c3-4013-8556-1fd7626682f0%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/52cb308a-6843-41a3-b700-cdaa3efc82a1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet: Dependency cycle

2014-06-18 Thread Sergey Arlashin

Christopher, Felix, I got the idea. Thank you very much!

--
Best regards,
Sergey Arlashin

On Jun 18, 2014, at 7:04 PM, Felix Frank felix.fr...@alumni.tu-berlin.de
wrote:

Wow, Christopher gave an exhaustive answer :-)

I'll try and Keep It Simple.

On 06/18/2014 04:22 PM, Sergey Arlashin wrote:
I do need to have 2 separate modules. I need the class 'testmode' to run
before class 'test mod::nginxtest'. And I need to restart service 'nginx'
when I change '/tmp/nginx.test'.

Yes, you face the same issue, seeing as you just brought it in a
different notation. The same relationships are established.

So then the question is - how to do this properly? Do I need to create
something like exec { 'nginx restart': ... } ?

This is actually not possible.

If Puppet should refresh the service upon change of the config file, it
*must* evaluate the file resource before the service resource.

You need to disentangle your relationships and come up with an order in
which you want your resources applied, e.g.

Package - File - Service

This may indeed mean that you cannot require a whole class. But as
Christopher has advised, you mileage may increase if you structure the
classes more distinctly.

HTH,
Felix

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/D08BD01A-A46E-42B4-9E0C-F0852C611D84%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] New content of file is not sent to filebucket

2014-06-18 Thread Sébastien Lavoie

Hello everyone,

I am using Puppet dashboard and I properly configured it to show bucketed 
files:


Changed (1)
File[puppetlabs.list] (/etc/puppet/modules/apt/manifests/source.pp:35)
PropertyMessagecontentcontent changed 
'{md5}9495858ce6c5ed7d5bdb098f13709ae2' to 
'{md5}f572dd8d58abbc84a3fe28ebc3fcbd34'


When I click on the first md5, I get a popup with the old file. However, 
the md5 of the file is a 404.I configured my puppet.conf to 
add archive_files = true in the [agent] section.I added this to my 
manifest.pp:filebucket { main:
server = 'whatever',
path   = false,
}File {
backup = main,
}But still… Any idea ?Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/13bfeda5-a86f-4508-9ccd-fe09c8026501%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] How to get logs in to the same termianl in agent side

2014-06-18 Thread Erik Dalén

you will need to run the puppet agent with --verbose (or --test which
implied verbose) to actually display the output in the terminal.

On 18 June 2014 12:23, Malintha Adikari malin...@wso2.com wrote:

Hi,

I am executing a shell script in the puppet agent side. If I execute the
same shell script in my local machine it will print several log messages to
terminal. But when I execute it in the puppet agent it does not print any
log into the agent terminal. How can I print the logs of the shell script
when I run it using puppet ? I am using following command to execute the
shell script.

exec { strating:
user = 'root',
environment = 'JAVA_HOME=/home/malintha/jdk1.6.0',
path= $command_path,
command= /pathToShellScript/myScript.sh,
* logoutput = true,*
timeout = 3600,
require = Exec['another goal'],
}

Regards,
Malintha Adikari

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/dc3a5a66-8f3d-4efc-b1ab-e0f262efa746%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/dc3a5a66-8f3d-4efc-b1ab-e0f262efa746%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Erik Dalén

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAAzDLeQgOt4T4Wqy4U-rtcVquimBC50%2BFFPd%3DxjrzzNikNW1Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread jcbollinger

On Wednesday, June 18, 2014 8:10:38 AM UTC-5, shlo@gmail.com wrote:

Hi,

I still can make the ENC work on my puppet server.

General:
Puppet server: 3.3.1 Puppet agent: 2.7.25

That's a potential problem, but not likely the one you're currently
fighting. The master provides as much compatibility with older agents as
it can, but that's so much older an agent (in version number terms) that
you're pushing the envelope. Moreover, even the master is a little old --
current is 3.6.2.

The server run Passenger on Apache, so the puppetmaster run from apache
and not by himself.

I have in /etc/puppet/puppet.conf :
[master]
mode_terminus = exec
external_nodes = /usr/bin/env
PUPPET_DASHBOARD_URL=http://user:pass@localhost:3000
/usr/share/puppet-dashboard/bin/external_node

Per the docs, the 'external_nodes' property should be the full path to the
ENC executable. Note well: path to the executable not command line.
Puppet will run that executable -- probably directly, not via a shell --
passing it the node's certname as the only argument.

script details:
The file external_node contain perl, all the directories and
the external_node itself have the permission 755.

What make me think maybe:
* puppet it not running external_node script at all.

That seems a reasonable conclusion.

* ENC have problems when it Passenger Apache?

No. But perhaps either

1. Puppet is not using the config file you think it's using, or
2. you have not properly restarted the master to get it to read its
updated configuration.

Under Passenger, the config file Puppet uses is affected by your
config.ru. In particular, therein you need to be sure to set the
appropriate --confdir and --vardir. The default config.ru shipped with
Puppet should be correct for a default Puppet installation, but if you
installed in a different location or rolled your own config.ru then perhaps
the problem is there. It's worth having a look in any case.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/4179a29e-5478-4196-a561-c9096ac90b1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppetlabs support for squeeze

2014-06-18 Thread Melissa Stone

Hi Erik,

Yes, we will keep the Squeeze repos up at apt.puppetlabs.com. Once Squeeze
is announced EOL, we will begin the process of removing support, but we
will be sure to let users know before that happens.

On Mon, Jun 16, 2014 at 7:20 AM, Erik Dalén erik.gustav.da...@gmail.com
wrote:

Debian has announced a long term support for debian squeeze:
https://www.debian.org/News/2014/20140616

I'm wondering if this will mean that Squeeze will stick around at
apt.puppetlabs.com for the same period?

--
Erik Dalén

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAAAzDLe303b91ZY7dpL1BOpgT-g_nKA9Oa_YgpRbHLsjNpFQqQ%40mail.gmail.com
https://groups.google.com/d/msgid/puppet-users/CAAAzDLe303b91ZY7dpL1BOpgT-g_nKA9Oa_YgpRbHLsjNpFQqQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Melissa Stone
Release Engineer, Puppet Labs

*Join us at PuppetConf 2014 http://www.puppetconf.com/, September
20-24 in San Francisco*
*Register by June 5th to take advantage of the Early Adopter discount
http://links.puppetlabs.com/puppetconf-early-adopter **—**save $349!*

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAHEe_kpyeeDfZsCdBCPykHTg%3Dho3154p5Ra53Zyv0_-zG7hYcQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Backports for puppet with Ubuntu 14.04

2014-06-18 Thread Eric Speake

Or my other thought, can I ensure the kernel version through puppet?  That 
would solve some issue as well.

Eric

On Wednesday, June 18, 2014 9:56:56 AM UTC-5, Eric Speake wrote:

 I am not able to update my current puppet master at this exact time and I 
 need to see if I can backport puppet 3.1.1 to ubuntu 14.04.  I have looked 
 at the backports but I am not finding any puppet backports at all for 14.04.


 Thank you,
 Eric


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/81d0b089-b29a-43fc-91c5-1295e3dc093f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Backports for puppet with Ubuntu 14.04

2014-06-18 Thread Spencer Krum

You can run 'apt-cache policy puppet' on your trusty nodes. If you have the
puppetlabs apt repo enabled you should see many old versions available.

As a last resort, you could install from ruby gems.

As for kernel versioning, if you can express that in a package name you can
do it in puppet. Of course kernels are a bit wonky, so you would probably
need to enforce a reboot to make sure your change is live on the system.
I'm not aware of a good way for puppet to manage rolling reboots through a
set of systems, that sounds more like an orchestration task.

On Wed, Jun 18, 2014 at 11:31 AM, Eric Speake espeak...@gmail.com wrote:

Or my other thought, can I ensure the kernel version through puppet? That
would solve some issue as well.

Eric

On Wednesday, June 18, 2014 9:56:56 AM UTC-5, Eric Speake wrote:

I am not able to update my current puppet master at this exact time and I
need to see if I can backport puppet 3.1.1 to ubuntu 14.04. I have looked
at the backports but I am not finding any puppet backports at all for 14.04.

Thank you,
Eric

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/81d0b089-b29a-43fc-91c5-1295e3dc093f%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/81d0b089-b29a-43fc-91c5-1295e3dc093f%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Spencer Krum
(619)-980-7820

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CADt6FWNkh6z4FOZC%3DxE-YcF31gmD5EccmH8%2BpEJydrFy9pm1jw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Connection timed out - connect(2) when using puppet module

2014-06-18 Thread Josh Cooper

On Wed, Jun 18, 2014 at 6:11 AM, jcbollinger john.bollin...@stjude.org
wrote:

On Wednesday, June 18, 2014 12:14:21 AM UTC-5, Torsten Kleiber wrote:

Am Dienstag, 17. Juni 2014 15:03:20 UTC+2 schrieb jcbollinger:

You mean you have set these in your puppet.conf or in your environment?
If the former then which one (file system path) and which section? Are you
running as root or as an unprivileged user?

I run at the moment with root and have set it via export before the call.
After setting it now in puppet.conf, the error changes similar to curl
without -k:
puppet module install rtyler/jenkins --debug
Notice: Preparing to install into /etc/puppet/modules ...
Notice: Downloading from https://forgeapi.puppetlabs.com ...
Debug: HTTP GET https://forgeapi.puppetlabs.
com/v3/releases?module=rtyler-jenkins
https://www.google.com/url?q=https%3A%2F%2Fforgeapi.puppetlabs.com%2Fv3%2Freleases%3Fmodule%3Drtyler-jenkinssa=Dsntz=1usg=AFQjCNHu-FqhQGWQIIlMLS_p0AJTBVu6Qw
Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com
Unable to verify the SSL certificate
The certificate may not be signed by a valid CA
The CA bundle included with OpenSSL may not be valid or up to date

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/caf39dff-7544-4b4b-81de-d0dada0ae9d2%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

FYI, after the heartbleed incident we obtained new SSL certificates for all
SSL related services, including forgeapi.puppetlabs.com. The new
certificate was issued by UserTrustNetwork, and caused problems for the
module tool on Windows, because the UserTrustNetwork root is not trusted.
See https://tickets.puppetlabs.com/browse/PUP-2365 for more info.

We recently switched back to a GeoTrust Global CA issued certificate, and
that may explain why the module tool fails to authenticate the forgeapi for
you.

Josh

--
Josh Cooper
Developer, Puppet Labs

*Join us at PuppetConf 2014 http://www.puppetconf.com/, September
20-24 in San Francisco*
*Register by July 31st to take advantage of the Early Bird discount
https://puppetconf2014.eventbrite.com/?discount=EarlyBird **—**save $249!*

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CA%2Bu97u%3DqDiHaiT48pQ8TGS6%2BvLChC-%2Bdkds7g8KM4s_SWW9nxA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Setting file level ACL

2014-06-18 Thread Dennis Miller

Is this still not natively available within Puppet?

On Wednesday, September 28, 2011 8:23:52 AM UTC-5, jcbollinger wrote:

On Sep 27, 6:23 pm, Corey Osman co...@logicminds.biz wrote:
How do I go about using puppet to set an ACL on a file. I did not see
ACL support under the file type.

Has anybody done this before without using exec?

Example:

# Set ACL on directory
setfacl -R -d -m mask:007 /directory

The command you present as an example can have no Puppet equivalent
other than an Exec, because the state change it directs depends on the
current state of the resources it affects. Or looking at it from the
opposite direction, Puppet has no way to determine whether the
affected resources are already in the target state. That is not the
way Puppet works, except Exec.

If Puppet did support managing file ACLs then it would do so via the
File resource type. If you check that type you will find 'owner',
'group', and 'mode' properties, along with several pertinent to
SELinux; these are what you have to work with. There is also the
'recurse' property for extending the scope of a directory declaration
to all its contents, recursively, but it is likely to cause you
trouble if the files affected that way are many or collectively large.

It is conceivable that File could be extended to allow you to specify
an ACL, but manifests would need to specify the full ACL that was
desired, for application via 'setfacl --set' (NOT 'setfacl --
modify' ). It would be tricky to get this right because of the
overlap between such a property and File's other properties, but it in
principle it could be done.

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/863505b1-51d7-41fb-8c4c-d383406f45f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Backports for puppet with Ubuntu 14.04

2014-06-18 Thread Eric Speake

Spencer,

Thanks for the info. I can get the kernel versions from my facter
information, I do think it will be easier to upgrade those my self.

Thanks,
Again.
On Wednesday, June 18, 2014 2:06:16 PM UTC-5, Spencer Krum wrote:

You can run 'apt-cache policy puppet' on your trusty nodes. If you have
the puppetlabs apt repo enabled you should see many old versions available.

As a last resort, you could install from ruby gems.

As for kernel versioning, if you can express that in a package name you
can do it in puppet. Of course kernels are a bit wonky, so you would
probably need to enforce a reboot to make sure your change is live on the
system. I'm not aware of a good way for puppet to manage rolling reboots
through a set of systems, that sounds more like an orchestration task.

On Wed, Jun 18, 2014 at 11:31 AM, Eric Speake espe...@gmail.com
javascript: wrote:

Or my other thought, can I ensure the kernel version through puppet?
That would solve some issue as well.

Eric

On Wednesday, June 18, 2014 9:56:56 AM UTC-5, Eric Speake wrote:

I am not able to update my current puppet master at this exact time and
I need to see if I can backport puppet 3.1.1 to ubuntu 14.04. I have
looked at the backports but I am not finding any puppet backports at all
for 14.04.

Thank you,
Eric

https://groups.google.com/d/msgid/puppet-users/81d0b089-b29a-43fc-91c5-1295e3dc093f%40googlegroups.com?utm_medium=emailutm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Spencer Krum
(619)-980-7820

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/0ff89d3a-1da3-46e5-8681-adf011640fea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Setting file level ACL

2014-06-18 Thread Trevor Vaughan

Hi John,

Not at this time. It was added to the Windows support so hopefully Linux
isn't far behind!

Thanks,

Trevor

On Wed, Jun 18, 2014 at 4:44 PM, Dennis Miller miller.den...@gmail.com
wrote:

Is this still not natively available within Puppet?

On Wednesday, September 28, 2011 8:23:52 AM UTC-5, jcbollinger wrote:

On Sep 27, 6:23 pm, Corey Osman co...@logicminds.biz wrote:
How do I go about using puppet to set an ACL on a file. I did not see
ACL support under the file type.

Has anybody done this before without using exec?

Example:

# Set ACL on directory
setfacl -R -d -m mask:007 /directory

John

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/863505b1-51d7-41fb-8c4c-d383406f45f7%40googlegroups.com
https://groups.google.com/d/msgid/puppet-users/863505b1-51d7-41fb-8c4c-d383406f45f7%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaug...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CANs%2BFoUvFGhYsJFSEG0PhMds5t0UOp79RqnWZnoEcJp1EDgj8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

2014-06-18 Thread Matthew Burgess

On 18 Jun 2014 14:10, shlo.af...@gmail.com wrote:


 Hi,

 I still can make the ENC work on my puppet server.

 General:
 Puppet server: 3.3.1 Puppet agent: 2.7.25
 The server run Passenger on Apache, so the puppetmaster run from apache
and not by himself.

 I have in /etc/puppet/puppet.conf :
 [master]
 mode_terminus = exec

??? That should be node_terminus not mode_terminus.

Matt

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKUTv3%2BZm%2BZ1ZCdUMEpeoUyGRbOgxXbf4sZwJhUjSpN9%3DOH-7w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

Re: [Puppet Users] Open puppet port(s) to the internet

[Puppet Users] Re: Large files over puppet

Re: [Puppet Users] PuppetDB connection issue - Failed to connect!!

[Puppet Users] How to get logs in to the same termianl in agent side

[Puppet Users] Re: [Puppet-dev] Re: Announce: Puppet 3.6.2 [ Security and Bug fix Release ]

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

[Puppet Users] Re: Connection timed out - connect(2) when using puppet module

[Puppet Users] Re: Open puppet port(s) to the internet

[Puppet Users] Puppet: Dependency cycle

Re: [Puppet Users] Historical reporting, BI from puppetdb?

Re: [Puppet Users] Puppet: Dependency cycle

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

Re: [Puppet Users] PuppetDB connection issue - Failed to connect!!

Re: [Puppet Users] Puppet: Dependency cycle

[Puppet Users] Re: How to get logs in to the same termianl in agent side

Re: [Puppet Users] Re: Open puppet port(s) to the internet

[Puppet Users] Re: How to get logs in to the same termianl in agent side

[Puppet Users] Backports for puppet with Ubuntu 14.04

Re: [Puppet Users] Puppet: Dependency cycle

Re: [Puppet Users] Puppet: Dependency cycle

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

Re: [Puppet Users] Puppet: Dependency cycle

[Puppet Users] New content of file is not sent to filebucket

Re: [Puppet Users] How to get logs in to the same termianl in agent side

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

Re: [Puppet Users] Puppetlabs support for squeeze

[Puppet Users] Re: Backports for puppet with Ubuntu 14.04

Re: [Puppet Users] Re: Backports for puppet with Ubuntu 14.04

Re: [Puppet Users] Re: Connection timed out - connect(2) when using puppet module

[Puppet Users] Re: Setting file level ACL

Re: [Puppet Users] Re: Backports for puppet with Ubuntu 14.04

Re: [Puppet Users] Re: Setting file level ACL

Re: [Puppet Users] Re: Moving from manifest files to ENC script - not working...

34 matches

Site Navigation

Mail list logo

Footer information