[Puppet Users] puppet + passenger + separate CA

[brijesh]

Hi 

I hope someone can help me here. I am having problem setting up latest 
puppet with passenger. I have set up puppet master on two servers one with 
ca authority and one with serving classes. It works fine as far as the 
Cerificate signing goes i.e i can see the certificate request comes to CA 
server and once i sign it it tries to fetch the catalogue from another 
puppet server but i get the following error running $puppet agent -t on 
client.

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
undefined method `[]' for nil:NilClass on node

I have tried all the wiki pages and everything but had no luck. Can someone 
please help me. Following are the config files.

[root@puppet1 ~]# less /etc/httpd/conf.d/puppet.conf

 LoadModule passenger_module 
/usr/lib/ruby/gems/1.8/gems/passenger-4.0.45/buildout/apache2/mod_passenger.so

   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.45
   PassengerRuby /usr/bin/ruby
 

Listen 8140

SSLEngine On
SSLProxyEngine On
 ProxyPassMatch ^/([^/]+/certificate.*)$ 
http://puppetca.ashs.internal:8140/$1
SSLProtocol All -SSLv2
SSLCipherSuite  HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile  
/var/lib/puppet/ssl/certs/puppet1.ashs.internal.pem
SSLCertificateKeyFile   
/var/lib/puppet/ssl/private_keys/puppet1.ashs.internal.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile/var/lib/puppet/ssl/certs/ca.pem
#SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
#SSLCARevocationCheckchain
SSLVerifyClient optional
SSLVerifyDepth  1
SSLOptions  +StdEnvVars +ExportCertData

# Apache 2.4 introduces the SSLCARevocationCheck directive and sets it 
to none
# which effectively disables CRL checking. If you are using Apache 2.4+ 
you must
# specify 'SSLCARevocationCheck chain' to actually use the CRL.

# These request headers are used to pass the client certificate
# authentication information on to the puppet master process
RequestHeader unset X-Forwarded-For 
   RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

DocumentRoot /usr/share/puppet/rack/puppetmasterd/public


  Options None
  AllowOverride None
  # Apply the right behavior depending on Apache version.
  
Order allow,deny
Allow from all
  
   = 2.4>
 Require all granted
   



and here is the puppet.conf

[main]
vardir = /var/lib/puppet
logdir = /var/log/puppet
rundir = $vardir/run
ssldir = $vardir/ssl
ca = false
ca_server = mysql0.ashs.internal
ca_name = mysql0.ashs.internal
pluginsync = true
modulepath = /var/lib/puppet
node_terminus = exec
external_nodes = /usr/local/bin/node_classifier
reports= foreman, log  

[agent]

classfile = $vardir/classes.txt

One interesting thing i have noticed is that removing 
/etc/puppet/puppet.conf or making changes to that file has no effect. it 
gives same error message. 

Thanks in advance.

Brijesh

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/75e932d9-171c-4dd1-9b0f-26c50a55fd30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Issue with Role-Profile implementation

[Varun Utagikar]

Adding to my below post , I would like to inform that I upgraded the kernel 
to CentOS 6.5 X86_64

[root@puppet ~]# uname -a
Linux puppet.xoriant.in 2.6.32-431.20.3.el6.x86_64 #1 SMP Thu Jun 19 
21:14:45 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Issue still persists

On Wednesday, 9 July 2014 14:29:40 UTC+5:30, Varun Utagikar wrote:
>
> Hello
>
> I am trying to implement role-profile structure . I have referred below 
> mentioned docs/links :
>
>
> https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
> https://projects.puppetlabs.com/issues/16667
>
> I have hit a brick wall. I am trying to pull a file on an agent from a 
> master where I have defined a sample role and profile structure. I have 
> tested using Puppet 3.6.2 , Puppet 3.6.1 and the free enterprise version of 
> Puppet. I am getting the same error :
>
> 
> Error: /Stage[main]/Siler/File[/tmp/a]: Could not evaluate: Could not 
> retrieve file metadata for puppet:///puppet/modules/siler/a: Error 400 on 
> SERVER: Not authorized to call find on 
> /file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> :source_permissions=>"ignore"}
> Wrapped exception:
> Error 400 on SERVER: Not authorized to call find on 
> /file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> :source_permissions=>"ignore"}
> 
>
> 
> Debug: Evaluating match for Route /^\/v2\.0/
> Debug: Did not match path 
> ("/production/file_metadata/puppet/modules/siler/a")
> Debug: Evaluating match for Route /.*/
> Error: Not authorized to call find on 
> /file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> :source_permissions=>"ignore"}
> Debug: Routes Registered:
> Debug: Route /^\/v2\.0/
> 
>
> My puppet dir. hierarchy :
>
> puppet/
> ├── auth.conf
> ├── environments
> │   └── example_env
> │   ├── manifests
> │   ├── modules
> │   └── README.environment
> ├── fileserver.conf
> ├── manifests
> │   ├── nodes
> │   │   └── pu.pp
> │   └── site.pp
> ├── modules
> │   ├── profile
> │   │   └── manifests
> │   │   └── init.pp
> │   ├── role
> │   │   └── manifests
> │   │   └── init.pp
> │   ├── siler
> │   │   ├── file
> │   │   │   ├── a
> │   │   │   ├── b
> │   │   │   ├── c
> │   │   │   ├── d
> │   │   │   └── e
> │   │   └── manifests
> │   │   └── init.pp
> │   └── xyz
> │   ├── files
> │   │   └── xyz
> │   └── manifests
> │   └── init.pp
> └── puppet.conf
>
> I am attaching my sample manifest files. 
> I am using CentOS 6.3 x86_64 on both master and agent.
> # uname -a
> Linux puppet.example.in 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 
> UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
> # cat /etc/redhat-release
> CentOS release 6.3 (Final)
>
> I am using /etc/hosts file for name resolution.
>
> I tried in vain all the troubleshooting steps that i could find . I am not 
> sure whether its just a simple configuration issue or a bug. I am unable to 
> troubleshoot further due to non availability of documentation on 
> role-profile definitions.I request you to help me in sorting this out.
>
> Varun A Utagikar
> p.s. - Sorry for the long mail.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/be721f80-98bb-44f0-a9ff-ee904a90b6cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: how to change root password for all nodes

[John Warburton]

On 10 July 2014 01:53, mahesh vijapure  wrote:

> Please tell me any puppet module that can automatically resets the root
> password when they are >60 days old, and stores the new password in a
> central encrypted location
> Thanks in advance for all your valuable inputs.
>
I want to update root password for all vms registered with Puppet. Please
>> someone assist me here.
>>
>
> You are describing a product something like
http://www.cyberark.com/product-detail/enterprise-password-vault

There may be open source alternatives that achieve the same, but it is not
directly (or solely) a puppet solvable problem

John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAAJLFxVZSgtBM10OMSsqaGaokJxwqvog99PSH5iHNkd5gA8uAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with Role-Profile implementation

[Varun Utagikar]

Hey Daniel

I was performing several changes to trouble shoot the issue , some where i 
must have renamed the dir to file , here's my o/p after reverting to the 
mentioned 'files' change :

/etc/puppet/
├── auth.conf
├── environments
│   └── example_env
│   ├── manifests
│   ├── modules
│   └── README.environment
├── fileserver.conf
├── manifests
│   ├── nodes
│   │   └── pu.pp
│   └── site.pp
├── modules
│   ├── profile
│   │   └── manifests
│   │   └── init.pp
│   ├── role
│   │   └── manifests
│   │   └── init.pp
│   ├── siler
│   │   ├── files
│   │   │   ├── a
│   │   │   ├── b
│   │   │   ├── c
│   │   │   ├── d
│   │   │   └── e
│   │   └── manifests
│   │   └── init.pp
│   └── xyz
│   ├── files
│   │   └── xyz
│   └── manifests
│   └── init.pp
└── puppet.conf


Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path 
("/production/file_metadata/puppet/modules/siler/a")
Debug: Evaluating match for Route /.*/
Error: Not authorized to call find on /file_metadata/puppet/modules/siler/a 
with {:links=>"follow", :source_permissions=>"ignore"}
Debug: Routes Registered:



Debug: file_metadata supports formats: pson yaml b64_zlib_yaml raw
Error: /Stage[main]/Siler/File[/tmp/a]: Could not evaluate: Could not 
retrieve file metadata for puppet:///puppet/modules/siler/a: Error 400 on 
SERVER: Not authorized to call find on 
/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
:source_permissions=>"ignore"}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on 
/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
:source_permissions=>"ignore"}
Debug: Finishing transaction 69946493782000


Issue still persists.

On Wednesday, 9 July 2014 19:15:22 UTC+5:30, leinad wrote:
>
> Varun, 
>
> the files directory under siler should be named files, not file. 
>
> Daniel. 
>
> * Varun Utagikar > [07/09/2014 08:30]: 
> >Hello 
> >I am trying to implement role-profile structure . I have referred 
> below 
> >mentioned docs/links : 
> >
> https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
>  
> >https://projects.puppetlabs.com/issues/16667 
> >I have hit a brick wall. I am trying to pull a file on an agent from 
> a 
> >master where I have defined a sample role and profile structure. I 
> have 
> >tested using Puppet 3.6.2 , Puppet 3.6.1 and the free enterprise 
> version 
> >of Puppet. I am getting the same error : 
> > 
> >Error: /Stage[main]/Siler/File[/tmp/a]: Could not evaluate: Could not 
> >retrieve file metadata for puppet:///puppet/modules/siler/a: Error 
> 400 on 
> >SERVER: Not authorized to call find on 
> >/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> >:source_permissions=>"ignore"} 
> >Wrapped exception: 
> >Error 400 on SERVER: Not authorized to call find on 
> >/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> >:source_permissions=>"ignore"} 
> > 
> > 
> >Debug: Evaluating match for Route /^\/v2\.0/ 
> >Debug: Did not match path 
> >("/production/file_metadata/puppet/modules/siler/a") 
> >Debug: Evaluating match for Route /.*/ 
> >Error: Not authorized to call find on 
> >/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
> >:source_permissions=>"ignore"} 
> >Debug: Routes Registered: 
> >Debug: Route /^\/v2\.0/ 
> > 
> >My puppet dir. hierarchy : 
> >puppet/ 
> >├── auth.conf 
> >├── environments 
> >│   └── example_env 
> >│   ├── manifests 
> >│   ├── modules 
> >│   └── README.environment 
> >├── fileserver.conf 
> >├── manifests 
> >│   ├── nodes 
> >│   │   └── pu.pp 
> >│   └── site.pp 
> >├── modules 
> >│   ├── profile 
> >│   │   └── manifests 
> >│   │   └── init.pp 
> >│   ├── role 
> >│   │   └── manifests 
> >│   │   └── init.pp 
> >│   ├── siler 
> >│   │   ├── file 
> >│   │   │   ├── a 
> >│   │   │   ├── b 
> >│   │   │   ├── c 
> >│   │   │   ├── d 
> >│   │   │   └── e 
> >│   │   └── manifests 
> >│   │   └── init.pp 
> >│   └── xyz 
> >│   ├── files 
> >│   │   └── xyz 
> >│   └── manifests 
> >│   └── init.pp 
> >└── puppet.conf 
> >I am attaching my sample manifest files.  
> >I am using CentOS 6.3 x86_64 on both master and agent. 
> ># uname -a 
> >Linux puppet.example.in 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 
> 12:19:21 
> >UTC 2012 x86_64 x86_64 x86_64 GNU/Linux 
> ># cat /etc/redhat-release 
> >CentOS release 6.3 (Final) 
> >I am using /etc/hosts file for name resolution. 
> >I tried in vain all the troubleshooting steps that i could find . I 
> am not 
> >sure whether its just a simple configuration issue or a bug. I am 
> unable 
> >to troubleshoot further

Re: [Puppet Users] Editing fstab with Augeas

[Pete Brown]

On 10 July 2014 09:18, Kim Scarborough  wrote:
>>> My Augeas approach works, I'm just having the one problem where I can't
>>> get
>>
>> > it to apply to more than one mount line per run.
>>
>> It might work but it is probably better to manage the whole mount with
>> puppet.
>>
> I have hundreds of servers, many with several NFS mounts, and neither the
> source or the mountpoint is consistent anywhere. It would be faster for me
> to hand-edit every server's fstab than to enter them all into puppet.

Sounds like a job for a class with variables backed with hiera.
Infinitely more configurable and less prone to the potential errors
you might introduce from hand editing each fstab.

> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/1bc07614-3a9a-4650-b3ce-d531a8caba3c%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJ8DPF77ixMAm8BFe%2BLHcgcraj6iRYWJzgNE8sO1s5TZY7UvDQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Implicit conversion of string to integer error with ec2_userdata

[mhoey]

Here is the function. Some identifying characters were removed but I think 
overall it's fine. The library file (ops/vault) has a lot of proprietary 
stuff in it and let me just say it works perfectly fine so I really don't 
think that's the problem. The call in the puppet manifest looks like 
this: $monitoring_snmp_user = vault("global_snmp_user")

require 'ops/vault'
require 'json'

module Puppet::Parser::Functions
  newfunction(:vault, :type => :rvalue) do |args|
auth = nil
value = nil
nv = nil
tmp_json = lookupvar("ec2_userdata")
user_data = JSON.parse(tmp_json)
domain = user_data["tier_public_domain"]
begin
  if args[0]
nv = Vault.new(:tier_public_domain => domain)
tmp = nv.get(args[0])
if tmp.to_s != ""
  value = tmp
end
  end
rescue Exception => e
  value = ""
end
return value
  end
end







On Thursday, May 29, 2014 7:05:07 AM UTC-7, jcbollinger wrote:
>
>
>
> On Tuesday, May 27, 2014 2:26:51 PM UTC-5, mhoey wrote:
>>
>> I recently installed a puppet 3.4.3 puppetmaster. I am working on a 
>> project to convert all of our manifests over from 2.7 to 3.4.3. While 
>> trying to run a master/agent setup on the puppetmaster itself, I am getting 
>> the following error:
>>
>> "Error: Could not retrieve catalog from remote server: Error 400 on 
>> SERVER: no implicit conversion of String into Integer."
>>
>> The line in question is a  call to a custom function. The problem seems 
>> to go back to the "ec2_userdata" facter fact. If I alter the line 
>> "userdata.split" to just "userdata" in 
>> /usr/lib/ruby/vendor_ruby/facter/ec2.rb everything starts to work. What's 
>> interesting is that when I alter my function to not even use this variable 
>> (for debug purposes) it still throws the error. This leads me to believe 
>> that this fact is getting loaded no matter what and ultimately causing the 
>> problem.
>>
>>
>
> The custom function is probably the issue.  Puppet 2 accepts sloppier 
> custom function definitions; somewhere in the Puppet 3 series puppet 
> started enforcing the rules more rigorously (as I understand it, the rules 
> themselves did not change).
>
> Anyway, we really need to see some code to confirm that diagnosis or offer 
> a different one.  The custom function (at least its first few lines), the 
> section of the manifest where it is invoked, and the argument values being 
> passed should be sufficient.
>
>  
>
>> I saw in the Facter 2.0.1 documentation that arrays are now accepted but 
>> puppet does not have them turned on by default. I set stringify_facts to 
>> false in both main and master sections of puppet.conf but the problem still 
>> persists.
>>
>>
>
> I'm sure that's not your issue.  Facter's default behavior is the 
> traditional one, so if your code worked Puppet 2 / Facter 1 then it should 
> not be necessary to enable the new structured facts support to make it work 
> in Puppet 3 / Facter 2.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3f9e6637-dfac-4ed8-a5c1-639951e38801%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Editing fstab with Augeas

[Kim Scarborough]

>> My Augeas approach works, I'm just having the one problem where I can't 
get 

> > it to apply to more than one mount line per run. 
>
> It might work but it is probably better to manage the whole mount with 
> puppet. 
>
> I have hundreds of servers, many with several NFS mounts, and neither the 
source or the mountpoint is consistent anywhere. It would be faster for me 
to hand-edit every server's fstab than to enter them all into puppet.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1bc07614-3a9a-4650-b3ce-d531a8caba3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Editing fstab with Augeas

[Pete Brown]

On 10 July 2014 04:55, Kim Scarborough  wrote:
>
>> No, you cannot do that via Mount resources.  Instead, the idiomatic
>> approach here would be to put each mount for each server under individual
>> Puppet management.  If you wished, you could also use the Resources resource
>> to purge Mounts that Puppet is not otherwise managing, so that you could be
>> sure that there were no fstab entries without 'nosuid'.  (Note, however,
>> that a privileged user can mount filesystems that are not listed in fstab,
>> with whatever options they choose.)
>
>
> My Augeas approach works, I'm just having the one problem where I can't get
> it to apply to more than one mount line per run.

It might work but it is probably better to manage the whole mount with puppet.


> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/cc43ac0c-64f5-409a-abf6-0d50bba2a79d%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJ8DPF6N4_tnU2Kmr9Nmj7sbtTpUqfGP%3Djvb4ksR33Z2uQMdXA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Editing fstab with Augeas

[Kim Scarborough]

> No, you cannot do that via Mount resources.  Instead, the idiomatic 
> approach here would be to put each mount for each server under individual 
> Puppet management.  If you wished, you could also use the Resources 
> resource to purge Mounts that Puppet is not otherwise managing, so that you 
> could be sure that there were no fstab entries without 'nosuid'.  (Note, 
> however, that a privileged user can mount filesystems that are not listed 
> in fstab, with whatever options they choose.)
>

My Augeas approach works, I'm just having the one problem where I can't get 
it to apply to more than one mount line per run. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cc43ac0c-64f5-409a-abf6-0d50bba2a79d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Hiera command and check classes for the nodes

[mike]

Hello,
I have Puppet and Hiera for in my configuration and i have the next 
question:  when i define some node use the particular class declared inside 
"fqdn/node.example.com.yaml" and after check with hiera command the classes 
for this node and list only the class declared inside 
 "node.example.com.yaml" but not list classes from common class 
(common.yaml) but this node executes this classes without problem when 
running puppet agent.

For example:

Node node1.example.com.yaml
[.]
[root@puppet hieradata]# cat fqdn/node1.example.com.yaml 
---
classes: 
- ssh
ssh::port: '22'
ssh::permit_root_login: 'no'
[.]

Common YAML
[.]
[root@puppet hieradata]# cat common.yaml 
---
classes:
- ntp
ntp::restrict   : true
ntp::autoupdate : true
ntp::enable   : true
ntp::servers  : ["ntp1.example.com", "ntp2.example.com"]
[.]

Check class with hiera command (list only ssh class but not ntp class)

[.]
[root@puppet hieradata]# hiera classes ::fqdn=node1.example.com
["ssh"]
[.]

My hiera value

[.]
[root@puppet puppet]# cat hiera.yaml 
---
:backends:
  - yaml
:yaml:
  :datadir: /etc/puppet/hieradata
:hierarchy:
  - "fqdn/%{::fqdn}"
  - common
[.]


Thanks.




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/682ee641-b192-4d91-80d2-b87d8e30ea02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet uses catalog of node B for node A

[jcbollinger]

On Wednesday, July 9, 2014 3:08:58 AM UTC-5, Helmut Rickel wrote:
>
> Hello,
>
> I installed puppet 2.6.17, 3.4.3 and finally 3.6.2 on SLES 11 SP1 or SLES 
> 11 SP3 and always ran in this problem: Puppet is using the wrong catalog on 
> some nodes.
>
> I can run „puppet agent –t“ many times on node A without problems. When I 
> run „puppet agent –t“ on node B and afterwards on node A, puppet uses the 
> catalog of node B for both, node B and node A!
> My final tests where done with these packages on the only master with SLES 
> 11 SP3: 
>
> facter-2.0.0-11.1.x86_64.rpm
> puppet-3.6.2-2.2.x86_64.rpm
> puppet-server-3.6.2-2.2.x86_64.rpm
> ruby-1.8.7.p357-3.7.x86_64.rpm
> ruby-devel-1.8.7.p357-4.1.x86_64.rpm
> rubygem-hiera-1.2.1-21.3.x86_64.rpm
> rubygem-json_pure-1_6-1.6.7-1.19.x86_64.rpm
> rubygem-ruby-shadow-2.2.0-11.4.x86_64.rpm
> rubygems-1.8.15-27.9.x86_64.rpm
>
> Actually, the first 10 characters of the fqdn's are identical. Can this 
> cause the problem?
>
> The clients (SLES 11 SP1) use the same packages. I used „node“ definitions 
> as well as hiera to assign my classes to the nodes. No configurations 
> concerning environments are done.
>
> Thanks in advance for any help on this!
>

How are you determining that node A is getting node B's catalog?  There's a 
subtle but important difference between getting a complete catalog compiled 
for a different node and getting a catalog compiled for the requesting 
node, but unexpectedly influenced by prior compilation of a different 
node's catalog (e.g. including a resource intended only for a different 
node).  You can distinguish by making the agent report on the details 
presented to the master, for instance by putting this at top scope in your 
site.pp:

notify { 'Node ID':
  message => "My certificate identifies me as '${trusted['certname']}'; I 
identify myself as '${::clientcert}', or alternatively as '${::hostname}'"
}


Considering the range of Puppet versions affected, and the fact that this 
is not an issue I recognize, I am inclined to suspect a problem with your 
manifests.

In particular, I am inclined to guess that one or more of your manifests, 
other than site.pp or manifests 'imported' into it, has some top-scope 
declarations that are neither class nor type definitions.  Files do not 
serve as a scope boundary in Puppet, so such declarations apply in 
principle to all nodes.  They are only *seen* if the master has reason to 
parse the files containing them, however, which it may not have for some 
nodes.  Once such declarations *are* seen, however, the master may cache 
them, and apply them to other nodes (as is appropriate).

Example:

modules/site/manifests/alice.pp:

class site::alice {
  @user { 'alice': ensure => 'present' }
}

include 'restaurant'


The 'include' statement appearing at top scope there is a major problem.  
It may be the author's intent that only nodes that have class 'site::alice' 
get class 'restaurant' as well, but the declaration is at top scope, so 
what it actually says that every node should get 'restaurant'.  Those that 
declare 'site::alice' certainly will get it, but others may or may not get 
it, depending on timing details, cache settings, and the phase of the moon.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b5606930-6490-4b32-9916-49ae69213b7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] how to change root password for all nodes

[Garrett Honeycutt]

On 7/9/14, 11:21 AM, mahesh vijapure wrote:
> I want to update root password for all vms registered with Puppet.
> Please someone assist me here.
> 

Hi Mahesh,

You can use my common[1] module. It is safe to include as it takes no
action unless enabled in Hiera. You can leverage Hiera to set the root
password the same for all systems, unique per system, by environment,
location, etc.


[1] - https://github.com/ghoneycutt/puppet-module-common

Best regards,
-g

-- 
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53BD821C.5030001%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Puppet-Dashboard All Nodes "Unresponsive", Background Tasks

[Ramin K]

	It looks like you did this command 'alter table report_logs column 
message mediumtext;' rather than varchar(65536). mediumtext is what it 
should be changed to. Both BLOB and TEXT are 64kb while MEDIUMTEXT is 16MB.


Ramin

On 7/9/2014 4:48 AM, Ximena Cardinali wrote:

Hello,

I had to apply also this other Solution:

mysql> describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | blob | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql> ALTER TABLE report_logs MODIFY message VARCHAR(65536);
Query OK, 46574 rows affected, 2 warnings (0.97 sec)
Records: 46574  Duplicates: 0  Warnings: 2

mysql> describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | mediumtext   | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql>

For now, everything is working as expected. We will see in a few days,
or after puppetdb Upgrade.

X.

On Monday, 16 June 2014 16:55:25 UTC+2, Ximena Cardinali wrote:

Hello There,

I've been struggling the last days with this issue. The situation is
happening since I've upgrade Puppet to 3.6.0.

_- Problem:_
On Puppet-Dashboard all Hosts are shown as *Unresponsive* and
thousand of tasks are queued as *Failed*.

_- Environment:_
OS: Debian Wheezy
Puppet-Dashboard: 1.2.23
Puppet: 3.6.0
Facter: 2.0.1
Hiera: 1.3.2

_- Applied Solutions:_

* Solution 1:
cd /usr/share/puppet-dashboard/
- Stop dashboard workers
rm -v spool/*
rake jobs:clear RAILS_ENV=production
- Start dashboard workers.

Good solution, but temporary, because the problem after a few days
comes back.

* Solution 2:
I've also did the following update to the DB:
mysql> ALTER TABLE delayed_job_failures MODIFY details BLOB;
Which also did not work.

Does anyone have any idea of what can be happening there?

--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/da0290f9-5120-4040-b1f4-227878317ebc%40googlegroups.com
.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53BD7AF3.3050005%40badapple.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: how to change root password for all nodes

[Doug Forster]

Mahesh,

While your setup may vary I cannot think of an easy way to accomplish all
your goals.
Goals:
 1 Change when 60 days old
 2 Each server gets a unique
 3 Passwords are encrypted en escrow

Something we do is setup a user definition with a shared root password hash
stored in hiera. We then rotate the password in hiera which gets pushed to
all servers. This accomplishes goal 1 and possibly 2 if you create hashes
for each server and stick them in hiera. This is also not an automated
process as password hashes need to be generated and placed into hiera.

Something else you may want to do is generate some random password in a
script save it to a gpg encrypted file. You could then use an ssh_key and
copy it to some storage server. I might do this with some exec.

exec {'change_roots_password':
  unless => 'command to see if roots password is old enough',
  command   => 'command or script to change roots password to something
random and save encrypted form of random data',
  notify => Exec['send_roots_password'],
#  require => File['some_script_to_change_root_password'],
}
exec {'send_roots_password':
  refreshonly => true,
  command   => 'command to copy encrypted file to central server using an
ssh_key.',
}

references to get you started:
http://docs.puppetlabs.com/references/latest/type.html#exec
http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey
http://docs.puppetlabs.com/references/latest/type.html#file

Hope this helps,
Doug


On Wed, Jul 9, 2014 at 9:53 AM, mahesh vijapure 
wrote:

> Please tell me any puppet module that can automatically resets the root
> password when they are >60 days old, and stores the new password in a
> central encrypted location
> Thanks in advance for all your valuable inputs.
>
> On Wednesday, July 9, 2014 8:51:30 PM UTC+5:30, mahesh vijapure wrote:
>
>> I want to update root password for all vms registered with Puppet. Please
>> someone assist me here.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/21396634-c470-4cbf-bd76-19cd8657e672%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOwhAcoxCPc4KGQw6672Y2yTh4Gnpbhtz-6NhUJc%3D-XUhx3r7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how to change root password for all nodes

[mahesh vijapure]

Please tell me any puppet module that can automatically resets the root 
password when they are >60 days old, and stores the new password in a 
central encrypted location
Thanks in advance for all your valuable inputs.

On Wednesday, July 9, 2014 8:51:30 PM UTC+5:30, mahesh vijapure wrote:
>
> I want to update root password for all vms registered with Puppet. Please 
> someone assist me here.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b44586c9-fd39-4cf3-a738-4cceb4396518%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how to change root password for all nodes

[mahesh vijapure]

Please tell me any puppet module that can automatically resets the root 
password when they are >60 days old, and stores the new password in a 
central encrypted location
Thanks in advance for all your valuable inputs.

On Wednesday, July 9, 2014 8:51:30 PM UTC+5:30, mahesh vijapure wrote:
>
> I want to update root password for all vms registered with Puppet. Please 
> someone assist me here.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/21396634-c470-4cbf-bd76-19cd8657e672%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] how to change root password for all nodes

[mahesh vijapure]

I want to update root password for all vms registered with Puppet. Please 
someone assist me here.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/77b0655a-fbbc-4a6d-80a4-404b0b94ebe6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Issue with Role-Profile implementation

[Daniel De Marco]

Varun,

the files directory under siler should be named files, not file.

Daniel.

* Varun Utagikar  [07/09/2014 08:30]:
>Hello
>I am trying to implement role-profile structure . I have referred below
>mentioned docs/links :
>
> https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
>https://projects.puppetlabs.com/issues/16667
>I have hit a brick wall. I am trying to pull a file on an agent from a
>master where I have defined a sample role and profile structure. I have
>tested using Puppet 3.6.2 , Puppet 3.6.1 and the free enterprise version
>of Puppet. I am getting the same error :
>
>Error: /Stage[main]/Siler/File[/tmp/a]: Could not evaluate: Could not
>retrieve file metadata for puppet:///puppet/modules/siler/a: Error 400 on
>SERVER: Not authorized to call find on
>/file_metadata/puppet/modules/siler/a with {:links=>"follow",
>:source_permissions=>"ignore"}
>Wrapped exception:
>Error 400 on SERVER: Not authorized to call find on
>/file_metadata/puppet/modules/siler/a with {:links=>"follow",
>:source_permissions=>"ignore"}
>
>
>Debug: Evaluating match for Route /^\/v2\.0/
>Debug: Did not match path
>("/production/file_metadata/puppet/modules/siler/a")
>Debug: Evaluating match for Route /.*/
>Error: Not authorized to call find on
>/file_metadata/puppet/modules/siler/a with {:links=>"follow",
>:source_permissions=>"ignore"}
>Debug: Routes Registered:
>Debug: Route /^\/v2\.0/
>
>My puppet dir. hierarchy :
>puppet/
>├── auth.conf
>├── environments
>│   └── example_env
>│       ├── manifests
>│       ├── modules
>│       └── README.environment
>├── fileserver.conf
>├── manifests
>│   ├── nodes
>│   │   └── pu.pp
>│   └── site.pp
>├── modules
>│   ├── profile
>│   │   └── manifests
>│   │       └── init.pp
>│   ├── role
>│   │   └── manifests
>│   │       └── init.pp
>│   ├── siler
>│   │   ├── file
>│   │   │   ├── a
>│   │   │   ├── b
>│   │   │   ├── c
>│   │   │   ├── d
>│   │   │   └── e
>│   │   └── manifests
>│   │       └── init.pp
>│   └── xyz
>│       ├── files
>│       │   └── xyz
>│       └── manifests
>│           └── init.pp
>└── puppet.conf
>I am attaching my sample manifest files. 
>I am using CentOS 6.3 x86_64 on both master and agent.
># uname -a
>Linux puppet.example.in 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21
>UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
># cat /etc/redhat-release
>CentOS release 6.3 (Final)
>I am using /etc/hosts file for name resolution.
>I tried in vain all the troubleshooting steps that i could find . I am not
>sure whether its just a simple configuration issue or a bug. I am unable
>to troubleshoot further due to non availability of documentation on
>role-profile definitions.I request you to help me in sorting this out.
>Varun A Utagikar
>p.s. - Sorry for the long mail.
>
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to [1]puppet-users+unsubscr...@googlegroups.com.
>To view this discussion on the web visit
>
> [2]https://groups.google.com/d/msgid/puppet-users/acba6f33-34da-420b-a638-9837ca0d16d4%40googlegroups.com.
>For more options, visit [3]https://groups.google.com/d/optout.
>
> References
>
>Visible links
>1. mailto:puppet-users+unsubscr...@googlegroups.com
>2. 
> https://groups.google.com/d/msgid/puppet-users/acba6f33-34da-420b-a638-9837ca0d16d4%40googlegroups.com?utm_medium=email&utm_source=footer
>3. https://groups.google.com/d/optout

> -rw-r--r-- puppet/puppet20 2014-07-07 05:35 etc/puppet/manifests/site.pp
> -rw-r--r-- puppet/puppet   124 2014-07-08 08:23 
> etc/puppet/manifests/nodes/pu.pp
> -rw-r--r-- root/root42 2014-07-08 08:23 
> etc/puppet/modules/profile/manifests/init.pp
> -rw-r--r-- root/root41 2014-07-08 08:22 
> etc/puppet/modules/role/manifests/init.pp
> -rwxrwxrwx root/root   152 2014-07-08 08:42 
> etc/puppet/modules/siler/manifests/init.pp

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20140709123855.GA26279%40yakko.bartol.udel.edu.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Editing fstab with Augeas

[jcbollinger]

On Tuesday, July 8, 2014 10:22:41 AM UTC-5, Kim Scarborough wrote:
>
> Hmm. I don't believe mount will do what I want, as every server has 
> different NFS mounts I need to modify. Can I say "modify every NFS mount so 
> that it's nosuid" without actually specifying the mountpoints?
>
>

No, you cannot do that via Mount resources.  Instead, the idiomatic 
approach here would be to put each mount for each server under individual 
Puppet management.  If you wished, you could also use the Resources 
resource to purge Mounts that Puppet is not otherwise managing, so that you 
could be sure that there were no fstab entries without 'nosuid'.  (Note, 
however, that a privileged user can mount filesystems that are not listed 
in fstab, with whatever options they choose.)


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/aed66f52-12af-4b7e-8146-d73c14d1a6b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet uses catalog of node B for node A

[Helmut Rickel]

 

Hello,

I installed puppet 2.6.17, 3.4.3 and finally 3.6.2 on SLES 11 SP1 or SLES 
11 SP3 and always ran in this problem: Puppet is using the wrong catalog on 
some nodes.

I can run „puppet agent –t“ many times on node A without problems. When I 
run „puppet agent –t“ on node B and afterwards on node A, puppet uses the 
catalog of node B for both, node B and node A!
My final tests where done with these packages on the only master with SLES 
11 SP3: 

facter-2.0.0-11.1.x86_64.rpm
puppet-3.6.2-2.2.x86_64.rpm
puppet-server-3.6.2-2.2.x86_64.rpm
ruby-1.8.7.p357-3.7.x86_64.rpm
ruby-devel-1.8.7.p357-4.1.x86_64.rpm
rubygem-hiera-1.2.1-21.3.x86_64.rpm
rubygem-json_pure-1_6-1.6.7-1.19.x86_64.rpm
rubygem-ruby-shadow-2.2.0-11.4.x86_64.rpm
rubygems-1.8.15-27.9.x86_64.rpm

Actually, the first 10 characters of the fqdn's are identical. Can this 
cause the problem?

The clients (SLES 11 SP1) use the same packages. I used „node“ definitions 
as well as hiera to assign my classes to the nodes. No configurations 
concerning environments are done.

Thanks in advance for any help on this!

Kind regards 

Helmut

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d36bb19d-d418-41c1-90f4-5b1ca7f7a80a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Issue with Role-Profile implementation

[Varun Utagikar]

Hello

I am trying to implement role-profile structure . I have referred below 
mentioned docs/links :

https://ask.puppetlabs.com/question/1655/an-end-to-end-roleprofile-example-using-hiera/
https://projects.puppetlabs.com/issues/16667

I have hit a brick wall. I am trying to pull a file on an agent from a 
master where I have defined a sample role and profile structure. I have 
tested using Puppet 3.6.2 , Puppet 3.6.1 and the free enterprise version of 
Puppet. I am getting the same error :


Error: /Stage[main]/Siler/File[/tmp/a]: Could not evaluate: Could not 
retrieve file metadata for puppet:///puppet/modules/siler/a: Error 400 on 
SERVER: Not authorized to call find on 
/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
:source_permissions=>"ignore"}
Wrapped exception:
Error 400 on SERVER: Not authorized to call find on 
/file_metadata/puppet/modules/siler/a with {:links=>"follow", 
:source_permissions=>"ignore"}



Debug: Evaluating match for Route /^\/v2\.0/
Debug: Did not match path 
("/production/file_metadata/puppet/modules/siler/a")
Debug: Evaluating match for Route /.*/
Error: Not authorized to call find on /file_metadata/puppet/modules/siler/a 
with {:links=>"follow", :source_permissions=>"ignore"}
Debug: Routes Registered:
Debug: Route /^\/v2\.0/


My puppet dir. hierarchy :

puppet/
├── auth.conf
├── environments
│   └── example_env
│   ├── manifests
│   ├── modules
│   └── README.environment
├── fileserver.conf
├── manifests
│   ├── nodes
│   │   └── pu.pp
│   └── site.pp
├── modules
│   ├── profile
│   │   └── manifests
│   │   └── init.pp
│   ├── role
│   │   └── manifests
│   │   └── init.pp
│   ├── siler
│   │   ├── file
│   │   │   ├── a
│   │   │   ├── b
│   │   │   ├── c
│   │   │   ├── d
│   │   │   └── e
│   │   └── manifests
│   │   └── init.pp
│   └── xyz
│   ├── files
│   │   └── xyz
│   └── manifests
│   └── init.pp
└── puppet.conf

I am attaching my sample manifest files. 
I am using CentOS 6.3 x86_64 on both master and agent.
# uname -a
Linux puppet.example.in 2.6.32-279.el6.x86_64 #1 SMP Fri Jun 22 12:19:21 
UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release
CentOS release 6.3 (Final)

I am using /etc/hosts file for name resolution.

I tried in vain all the troubleshooting steps that i could find . I am not 
sure whether its just a simple configuration issue or a bug. I am unable to 
troubleshoot further due to non availability of documentation on 
role-profile definitions.I request you to help me in sorting this out.

Varun A Utagikar
p.s. - Sorry for the long mail.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/acba6f33-34da-420b-a638-9837ca0d16d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


puppet_issue.tar
Description: Unix tar archive

[Puppet Users] Re: Puppet-Dashboard All Nodes "Unresponsive", Background Tasks

[Ximena Cardinali]

Hello,

I had to apply also this other Solution:

mysql> describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | blob | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql> ALTER TABLE report_logs MODIFY message VARCHAR(65536);
Query OK, 46574 rows affected, 2 warnings (0.97 sec)
Records: 46574  Duplicates: 0  Warnings: 2

mysql> describe report_logs;
+---+--+--+-+-++
| Field | Type | Null | Key | Default | Extra  |
+---+--+--+-+-++
| id| int(11)  | NO   | PRI | NULL| auto_increment |
| report_id | int(11)  | NO   | MUL | NULL||
| level | varchar(255) | YES  | | NULL||
| message   | mediumtext   | YES  | | NULL||
| source| text | YES  | | NULL||
| tags  | text | YES  | | NULL||
| time  | datetime | YES  | | NULL||
| file  | text | YES  | | NULL||
| line  | int(11)  | YES  | | NULL||
+---+--+--+-+-++
9 rows in set (0.00 sec)

mysql> 

For now, everything is working as expected. We will see in a few days, or 
after puppetdb Upgrade.

X.

On Monday, 16 June 2014 16:55:25 UTC+2, Ximena Cardinali wrote:
>
> Hello There,
>
> I've been struggling the last days with this issue. The situation is 
> happening since I've upgrade Puppet to 3.6.0.
>
> *- Problem:*
> On Puppet-Dashboard all Hosts are shown as *Unresponsive* and thousand of 
> tasks are queued as *Failed*.
>
> *- Environment:*
> OS: Debian Wheezy
> Puppet-Dashboard: 1.2.23
> Puppet: 3.6.0
> Facter: 2.0.1
> Hiera: 1.3.2
>
> *- Applied Solutions:*
>
> * Solution 1:
> cd /usr/share/puppet-dashboard/
> - Stop dashboard workers
> rm -v spool/*
> rake jobs:clear RAILS_ENV=production
> - Start dashboard workers.
>
> Good solution, but temporary, because the problem after a few days comes 
> back.
>
> * Solution 2: 
> I've also did the following update to the DB:
> mysql> ALTER TABLE delayed_job_failures MODIFY details BLOB;
> Which also did not work.
>
> Does anyone have any idea of what can be happening there?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/da0290f9-5120-4040-b1f4-227878317ebc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet pulling Apache Karaf's strings...

[Gavin Williams]

Morning all 

I've started working on a project that requires Puppet to pull strings on 
Apache Karaf[1]. 
This module can be found here[2]. 

Currently the module supports installation of Karaf, base level 
configuration such as adding Karaf to $PATH, and creation of a init.d 
service using the wrapper tool. 
It also supports managing some specific resources within karaf, such as 
'feature-repos', 'features' and 'kar' files. 

So for any of you out there already using Karaf with Puppet, or wanting to 
use Puppet to manage Karaf, feel free to install the module from Git and 
take it for a spin. Any feedback gratefully received. 

And for those of you out there already using Puppet with Karaf, how have 
you done it? 
Any pain points? 
How did you go about managing the multitude of Karaf config files? 

So yeh, feel free to provide any feedback/ideas etc. 
And thanks in advance for your time. 

Regards 
Gavin 

[1] http://karaf.apache.org/ 
[2] https://github.com/fatmcgav/fatmcgav-karaf/tree/develop

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3b90b397-2de6-42f2-9b5f-43e3c2f94e84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: How to read the files of puppet agent.

[Martijn]

Shashank,

The templates are compiled on the master but can incorporate data sent to 
it from several sources, such as built-in facts, custom facts and exported 
resources. Copying files from node to master isn't possible in the manner 
that you want.

I suppose in this case setting a custom fact is the easiest solution. You 
can create a custom fact in various ways. They can be simple hardcoded 
files on the node, or run a simple or complex program on the node to 
determine the desired value. In your case a simple script that reads a file 
on the agent node and outputs a fact would be easy. Check out the following 
docs for info and examples:

   - http://docs.puppetlabs.com/facter/2.0/custom_facts.html
   - http://docs.puppetlabs.com/facter/2.0/fact_overview.html
   
You could also look at Exported Resources 
(http://docs.puppetlabs.com/guides/exported_resources.html) which will 
'share' actual Puppet resources between nodes. Kind of hard to explain, so 
check the Nagios example in the doc.

Hope this helps,
Martijn

Op woensdag 9 juli 2014 09:30:31 UTC+2 schreef shashank sinha:
>
> Hi,
>
> I have written a code on template to open & read file i.e passwd but it 
> reads the file from the puppet server (Master-node) rather I want to read 
> the file of each agent-nodes.
>
> Is it possible to read files from the agent node or to copy the files from 
> agent to master?
>
> Thanks
> Shashank
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/71477672-dc66-4959-b2f3-41893d1b96c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] PuppetDB 2.1.0 final now available

[Nikola Petrov]

On Tue, Jul 08, 2014 at 06:38:53PM +0100, Ken Barber wrote:
> ** Final Release **
> 
> PuppetDB 2.1.0 final - July 8th, 2014.
> 
> PuppetDB 2.1.0 Downloads
> 
> 
> Available in native package format in the release repositories at:
> http://yum.puppetlabs.com and http://apt.puppetlabs.com
> 
> For information on how to enable the Puppet Labs repos, see:
> http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html#open-source-repositories
> 
> Blog: http://puppetlabs.com/blog/introducing-puppetdb-2.1.0
> 
> Binary tarball: http://downloads.puppetlabs.com/puppetdb/
> 
> Source: http://github.com/puppetlabs/puppetdb
> 
> Please report feedback via the Puppet Labs tickets site, using an
> affected PuppetDB version of 2.1.0:
> https://tickets.puppetlabs.com/browse/PDB
> 
> Documentation: http://docs.puppetlabs.com/puppetdb/2.1/
> 
> 
> Puppet module:
> http://forge.puppetlabs.com/puppetlabs/puppetdb
> 
> PuppetDB 2.1.0 Release Notes
> 
> 
> PuppetDB 2.1.0 is a feature release focusing on new query
> capabilities, streaming JSON support on all endpoints and a new report
> status field for determining if a Puppet run has failed. Note that
> this release is backward compatible with 2.0.0, but users must upgrade
> PuppetDB terminus to 2.1.0 when upgrading the PuppetDB instance to
> 2.1.0.
> 
> Things to take note of before upgrading:
> 
> * There is a known issue in Puppet 3.4.0, 3.4.1 and 3.4.2 with
> duplicate failed events here:
> https://tickets.puppetlabs.com/browse/PUP-1524. We recommend upgrading
> to Puppet 3.4.3 or greater.
> 
> * If you receive the error “Could not open
> /etc/puppet/log4j.properties”, this is because we have changed the
> packaged config.ini to point at a new logging configuration file:
> logback.xml. However during package installation some package managers
> will cowardly refuse to just update config.ini, this in particular
> affects RPM. After upgrading you should ensure any .rpmnew files are
> reviewed and that changes to our vendored version are now merged with
> your version of config.ini on disk. See this ticket for more
> information: https://tickets.puppetlabs.com/browse/PDB-656

Nice to see you switch to logback. I have found it to be much
better(more than most people actually expect) :)

> 
> * Make sure all your PuppetDB instances are shut down and only upgrade
> one at a time.
> 
> * As usual, don’t forget to upgrade your puppetdb-terminus package
> also (on the host where your Puppet Master lives), and restart your
> master service.
> 
> New Features:
> 
> * (PDB-660) Switch all query endpoints to stream JSON results
> 
>   The following endpoints have been switched over to streaming:
> 
>   - event-counts
>   - reports
>   - nodes
>   - environments
>   - events
> 
>   Using 'event-query-limit' is now deprecated, use the normal
>   paging/streaming functionality to achieve the same results.
> 
> * (PDB-658, PDB-697) Implement new "query engine" for v4
> 
>   This rewrite of the v4 API query infrastructure unifies query
>   operators across all endpoints. Each endpoint now supports all
>   operators appropriate for the given field of that type. As an
>   example, any string field can now be searched by regular expression.
>   All dates can be search with inequality operators like < or > for
>   searching via date ranges. There are also many new queryable fields.
>   Below summarizes the new features of the switch to this query engine
> 
>   events endpoint
>- Added configuration-version as a queryable field
>- Added containment-path as a queryable field (queryable in a way
> similar to tags)
> 
>   nodes endpoint
>- Added facts-timestamp, catalog-timestamp, report-timestamp  as a
> queryable field
> 
>   reports endpoint
>- Added puppet-version, report-format, configuration-version, start-time,
>  end-time, receive-time, transaction-uuid as queryable fields
> 
>   null? operator
>- new operator that checks for the presence or absence of a value
> 
>   Some endpoints previously returned NULL values when using a "not"
>   query such as ["not", ["=", "line", 10]]. The query engine follows
>   SQL semantics, so if you want NULL values, you should explicty ask
>   for it like:
> 
>   ["or",
> ["not", ["=", "line", 10]]
> ["null?", "line" true]]
> 
> * (PDB-162) Add regexp support to resource parameter queries
> 
>   The query engine supported this, but the existing "rewrite" rule, to go
>   from the shorthand parameter syntax to the nested resource query didn't
>   recognize ~. That is fixed with this commit, so regexps will now
> work on parameters.
> 
> * (PDB-601) Do not require query operator on reports endpoint
> 
>   With this pull request, hitting the reports endpoint without a query 
> argument
>   will return the full reports collection.  This behavior is consistent with
>   that of the nodes, facts, and resources endpoints.
> 
> * (PDB-651) Allow the web app URL prefix to

[Puppet Users] How to read the files of puppet agent.

[shashank sinha]

Hi,

I have written a code on template to open & read file i.e passwd but it 
reads the file from the puppet server (Master-node) rather I want to read 
the file of each agent-nodes.

Is it possible to read files from the agent node or to copy the files from 
agent to master?

Thanks
Shashank

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3b46f746-99fe-465e-a104-6d49810c0ea8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Regarding Puppet Agent process on Agent Machine

[Satish Katuru]

Thanks John for your reply.Now I am able to see the Puppet agent process on 
the machine.

Satish.

On Tuesday, July 8, 2014 6:35:37 PM UTC+5:30, jcbollinger wrote:
>
>
>
> On Tuesday, July 8, 2014 3:47:25 AM UTC-5, Satish Katuru wrote:
>>
>> Hi,
>>
>> I linked both Master and Agent machines.But I am unable to see the Agent 
>> process on Agent machine.
>> Can we have the Agent process on the Agent machine?
>>
>> I used below command to get the latest code 
>>
>>   puppet agent -t --waitforcert=60 
>>
>> When I Execute it every time it would take the code from master and 
>> deploy it on Agent machines.But how the agent machine looks for the latest 
>> code on Master machine for every 30 minutes?
>>
>> Do we need to do any configuration settings?
>>
>> and
>>
>> How can i see the agent process on agent machine?
>>
>>
>
> You are running the agent with the -t (--test) option, which implies 
> several other options including --no-daemonize (but *not* --noop).  If 
> you want to run the agent as a daemon then omit that option.  Rather than 
> launching it manually, though, it would be better to launch it via its 
> service management script, which should have been installed as part of the 
> package (supposing you used a package, rather than a source install).  On 
> many systems, the command would be "service puppet start".
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/97a248d7-79cd-4dcf-8427-830168cad0f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.