Re: [Puppet Users] Banned from RHN due to exessive connections; would like opions on my solution.

[José Luis Ledesma]

Hi,

I dont know if it will work, but have you tried adding provider => rpm in
the package resource?

Regards,
El 23/07/2014 02:37, "Stack Kororā"  escribió:

> Greetings,
>
> In my multiple hundred servers, I have <10 that are Red Hat based. We
> recently brought them under the same management as the rest of the servers
> utilizing Puppet. Then we ran into issues because we were hitting RHN too
> frequently and we got our servers banned. :-(
>
> I went digging for the culprit and found it in a section we wrote because
> audit is insistent that some packages should never be installed and they
> want regular checks that the packages are not installed. I rather liked my
> original solution (below) as I have dozens of packages that shouldn't be
> installed and occasionally I get another one to add to the list. This code
> made it really simple to add a new package.
>
> class audit::software_remove (
> ) {
> $removethesepackages = [
> 'telnet-server',
> 'telnet',
> # Dozens removed for sanity :-)
> ]
> case $operatingsystem {
> 'SLES' : { package {$removethesepackages : ensure=>absent,} }
> 'Scientific', 'CentOS', 'RedHat' : { package {$removethesepackages
> : ensure=>purged,} }
> default : {}
> }
> }
>
> Now SLES runs this code amazingly well because zypper just does a check
> against the local install before trying to remove a package and if it isn't
> installed it doesn't do anything at all. One of the many shortcomings of
> yum is that it always hits the repos. Since we have a local repo set up for
> SLES, Scientific, and CentOS we don't care if we beat up on them. However,
> we discussed the local repo caching with Red Hat and it didn't work out
> (too much complexity for too few servers; won't go into details). Not only
> that, but because every package is a separate transaction, we hit the repo
> /multiple/ times every puppet run. Thus, our servers hit Red Hat repos
> frequently and we get banned. :-(
>
> So I went thinking about how to solve both the problem of slamming the
> repo and checking for the package before trying to do a removal.
>
> We have and utilize the pkginventory module[1] (which we have applied the
> waiting patches plus done some of our own since that module hasn't been
> updated in a long while). This gives me a fact of pkg_telnet or
> pkg_telnet_server if those packages are installed. So I decided to utilize
> that and I came up with the code below.
>
> [1] https://forge.puppetlabs.com/ody/pkginventory
>
> class audit::software_remove (
> ) {
> if $pkg_telnet_server {
> case $operatingsystem {
> 'SLES' : { package { 'telnet-server': ensure=>absent,} }
> 'Scientific', 'CentOS', 'RedHat' : { package {'telnet-server'
> : ensure=>purged,} }
> default : {}
> }
> }
> else { notify {"Package telnet-server is not installed":}}
> #
> if $::pkg_telnet {
> case $operatingsystem {
> 'SLES' : { package { 'telnet': ensure=>absent,} }
> 'Scientific', 'CentOS', 'RedHat' : { package {'telnet' :
> ensure=>purged,} }
> default : {}
> }
> }
> else { notify {"Package telnet is not installed":}}
> }
>
> Hrm. It works, but it isn't a good solution in my opinion. Not at all. Too
> much code is being duplicated here. Well, there is some clean up I can do
> though now. Previously I used the case statement because audit wanted us to
> do a "yum purge" if any of the packages are found installed but SLES
> doesn't support "purged" and I don't really see a difference. That is a
> pointless case statement in my opinion with far too much code duplication.
>
> class audit::software_remove (
> ) {
> if $pkg_telnet_server { package { 'telnet-server': ensure=>absent,} }
> else { notify {"Package telnet-server is not installed":}}
> #
> if $pkg_telnet { package { 'telnet': ensure=>absent,} }
> else { notify {"Package telnet is not installed":}}
> }
>
> Ah. Better. Now there are only 3 lines I have to duplicate (if,else,my
> comment separator I use for my own sanity). Plus, there is a package check
> /before/ the yum command even has a chance to run. I *still* get hit with
> those REALLY annoying double notify messages in the logs (why twice? I
> still do not understand why twice! Ugh...another gripe for another day) but
> at least I don't hit the repo a million times every puppet run and that was
> the real goal here.
>
> So far in my testing environment, things are going well. Puppet runs are
> MUCH faster not having to hit yum all the time. Logs are a bit more crowded
> but at least they don't say "Software_remove/Package[telnet]/ensure:
> created" which was always a confusing statement in the puppet logs (another
> thing I never understood about puppet logging; how is a remove
> "created"...).
>
> Yet even still, there is something bothering me

[Puppet Users] Banned from RHN due to exessive connections; would like opions on my solution.

[Stack Kororā]

Greetings,

In my multiple hundred servers, I have <10 that are Red Hat based. We 
recently brought them under the same management as the rest of the servers 
utilizing Puppet. Then we ran into issues because we were hitting RHN too 
frequently and we got our servers banned. :-(

I went digging for the culprit and found it in a section we wrote because 
audit is insistent that some packages should never be installed and they 
want regular checks that the packages are not installed. I rather liked my 
original solution (below) as I have dozens of packages that shouldn't be 
installed and occasionally I get another one to add to the list. This code 
made it really simple to add a new package. 

class audit::software_remove (
) {
$removethesepackages = [
'telnet-server',
'telnet',
# Dozens removed for sanity :-)
]
case $operatingsystem {
'SLES' : { package {$removethesepackages : ensure=>absent,} }
'Scientific', 'CentOS', 'RedHat' : { package {$removethesepackages 
: ensure=>purged,} }
default : {}
}
}

Now SLES runs this code amazingly well because zypper just does a check 
against the local install before trying to remove a package and if it isn't 
installed it doesn't do anything at all. One of the many shortcomings of 
yum is that it always hits the repos. Since we have a local repo set up for 
SLES, Scientific, and CentOS we don't care if we beat up on them. However, 
we discussed the local repo caching with Red Hat and it didn't work out 
(too much complexity for too few servers; won't go into details). Not only 
that, but because every package is a separate transaction, we hit the repo 
/multiple/ times every puppet run. Thus, our servers hit Red Hat repos 
frequently and we get banned. :-(

So I went thinking about how to solve both the problem of slamming the repo 
and checking for the package before trying to do a removal.

We have and utilize the pkginventory module[1] (which we have applied the 
waiting patches plus done some of our own since that module hasn't been 
updated in a long while). This gives me a fact of pkg_telnet or 
pkg_telnet_server if those packages are installed. So I decided to utilize 
that and I came up with the code below.

[1] https://forge.puppetlabs.com/ody/pkginventory

class audit::software_remove (
) {
if $pkg_telnet_server {
case $operatingsystem {
'SLES' : { package { 'telnet-server': ensure=>absent,} }
'Scientific', 'CentOS', 'RedHat' : { package {'telnet-server' : 
ensure=>purged,} }
default : {}
}
}
else { notify {"Package telnet-server is not installed":}}
#
if $::pkg_telnet {
case $operatingsystem {
'SLES' : { package { 'telnet': ensure=>absent,} }
'Scientific', 'CentOS', 'RedHat' : { package {'telnet' : 
ensure=>purged,} }
default : {}
}
}
else { notify {"Package telnet is not installed":}}
}

Hrm. It works, but it isn't a good solution in my opinion. Not at all. Too 
much code is being duplicated here. Well, there is some clean up I can do 
though now. Previously I used the case statement because audit wanted us to 
do a "yum purge" if any of the packages are found installed but SLES 
doesn't support "purged" and I don't really see a difference. That is a 
pointless case statement in my opinion with far too much code duplication.

class audit::software_remove (
) {
if $pkg_telnet_server { package { 'telnet-server': ensure=>absent,} }
else { notify {"Package telnet-server is not installed":}}
#
if $pkg_telnet { package { 'telnet': ensure=>absent,} }
else { notify {"Package telnet is not installed":}}
}

Ah. Better. Now there are only 3 lines I have to duplicate (if,else,my 
comment separator I use for my own sanity). Plus, there is a package check 
/before/ the yum command even has a chance to run. I *still* get hit with 
those REALLY annoying double notify messages in the logs (why twice? I 
still do not understand why twice! Ugh...another gripe for another day) but 
at least I don't hit the repo a million times every puppet run and that was 
the real goal here.

So far in my testing environment, things are going well. Puppet runs are 
MUCH faster not having to hit yum all the time. Logs are a bit more crowded 
but at least they don't say "Software_remove/Package[telnet]/ensure: 
created" which was always a confusing statement in the puppet logs (another 
thing I never understood about puppet logging; how is a remove 
"created"...).

Yet even still, there is something bothering me about how much code 
duplication just got added. I feel that there is a simpler and better way 
of doing this. I played with a few things I found online, but either they 
were more complex or they still hit the repo really hard. 

So I thought I would ask: Does anyone have any tips/suggestions on how I 
might impr

Re: [Puppet Users] Re: puppetlabs-corosync help using multiple primitive operations

[Hunter Haugen]

On Tue, Jul 22, 2014 at 9:16 AM,  wrote:

> Hi Trey,
>
> I'm using Hiera and changed now:
>
> p_drbd_jira:
>   primitive_class:  ocf
>   primitive_type:   drbd
>   provided_by:  linbit
>   parameters:
> drbd_resource:  jira
>   operations:
> monitor:
>   - {interval:  '10s', role:  'Master'}
>   - {interval:  '20s', role:  'Slave'}
>
> puppet agent -t --debug:
> Error:
> /Stage[main]/H24-corosync::Config/H24-corosync::Resource[primitive]/Cs_primitive[p_drbd_jira]:
> Could not evaluate: undefined method `each_pair' for
> #
>
> My class to get the data from Hiera:
>
> class h24-corosync::config {
>
> $config = hiera('h24-corosync::config',
> {
> property => {},
> primitive => {},
> colocation => {},
> order => {},
> group => {}
> })
> h24-corosync::resource { 'property':
> params => $config[property],
> defaults => {ensure => present}
> } ->
> h24-corosync::resource { 'primitive':
> params => $config[primitive],
> #defaults => {operations => {monitor => { 'interval' => '30s' }}}
> } ->
> h24-corosync::resource { 'group':
> params => $config[group]
> } ->
> h24-corosync::resource { 'colocation':
> params => $config[colocation]
> } ->
> h24-corosync::resource { 'order':
> params => $config[order]
> }
>
> }
>
> Which code do I have to change?
>

You will have to update the provider code at
https://github.com/puppetlabs/puppetlabs-corosync/tree/master/lib/puppet/provider/cs_primitive
to support array values of the cs_primitive operations hash. If you take
the time to do this and send a pull request on github, that would be great
:).


>
> Regards - Willi
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/00d52bf6-835d-47ca-9e71-6b569f78d89b%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJaQvGBfL_sSZXDNpp%3DRc33udax5ynh7AOShbdFoez%3DgetroYw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] use client_data/catalog/.json for nagios check?

[Denmat]

This one from RIP works ok for me:
https://github.com/ripienaar/monitoring-scripts/blob/master/puppet/check_puppet.rb


> On 23 Jul 2014, at 5:47, Atom Powers  wrote:
> 
> I use a script that checks if the puppet client is running and parses the 
> lastrunreport for last run time and if any errors were reported applying the 
> catalog.
> 
> 
>> On Tue, Jul 22, 2014 at 12:36 PM, Bernard Clark  
>> wrote:
>> We need to be alerted whenever a puppet report from any puppet client is 
>> late. We were thinking of having Nagios monitor the last modification time 
>> of a client's /var/lib/puppet/client_data/catalog/.json and alert us 
>> when that file ages too much. Anyone have a better idea?
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/5d8181b7-6911-4af1-95dd-24331425d80e%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
> 
> 
> 
> -- 
> Perfection is just a word I use occasionally with mustard.
> --Atom Powers--
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOkfzUo9JD9Jt_s8z3zr-w5f5M%3DGrZACWc_s%2B52E0DrE4g%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/FF386C74-4A77-4EE4-BE09-62D0ACB129A1%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] custom function to read inifile

[Ritesh Nanda]

Hello ,

I was trying to write a custom function which would run on puppet master 
take input a ini file , parse a section of that ini file and assign 
its value to a variable .
Something like 

$test = iniread('example.ini', 'Program', 'path')

This would assign the value to test variable when the functions runs on the 
puppet master.

iniread.rb file looks like 

require 'rubygems'
require 'inifile'
module Puppet::Parser::Functions
  newfunction(:iniread, :type => :rvalue) do |args|
raise(Puppet::ParseError, 'inifile read(): Wrong number of arguments ' +
  "given (#{args.size} for 3)") if args.size != 3
   
filename = args[0]
section = args[1]
key = args[2]

file = IniFile.load(filename)
data = file[section]
value = data[key]
return value

  end
end

It gives an error while running 

Error 400 on SERVER: undefined method `[]' for nil:NilClass at 
/etc/puppetlabs/puppet/modules/example/manifests/init.pp:45

init.pp has 

$test =iniread("example.ini", "Program", "path") 


Doing that in ruby works 

require 'inifile'
filename = ARGV[0]
section = ARGV[1]
key = ARGV[2]
file = IniFile.load(filename)
data = file[section]
InstPath = data[key]
puts InstPath

Help to this would be really appreciated. 

Regards,
Ritesh 



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/460bb860-e8cb-4022-a1a3-47fb4b0015e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet API for Unsigned Certs

[Danny Roberts]

I'm trying to use the Puppet API in our monitoring to check for and alert 
on any unsigned certificates that might be waiting in Puppet.

As per http://docs.puppetlabs.com/guides/rest_api.html#certificate-status I 
should be able to use something like:

curl --cert /var/lib/puppet/ssl/certs/sql2.ourcompany.com.pem  --key 
/var/lib/puppet/ssl/private_keys/sql2.ourcompany.com.pem --cacert 
/var/lib/puppet/ssl/certs/ca.pem -H 'Accept: pson' 
https://puppet.ourcompanyhosting.co.uk:8140/production/certificate_statuses/no_key

However that errors:

Forbidden request: sql2.ourcompany.com(xx.xxx.xxx.xx) access to 
/certificate_status/no_key [search] authenticated  at :119

As far as I can see I should only be getting this response if I am not 
providing the required SSL certs. However as this is not the case I am at a 
loss.

Any ideas what is causing the issue? If this information can be pruned from 
PuppetDB instead I'd be happy to use that instead as we already have a 
PuppetDB instance running (I had a look through the PuppetDB API and could 
not see anything that did this).

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2253d597-7be6-42c3-bed3-bfd1b3851b36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] use client_data/catalog/.json for nagios check?

[Atom Powers]

I use a script that checks if the puppet client is running and parses the
lastrunreport for last run time and if any errors were reported applying
the catalog.


On Tue, Jul 22, 2014 at 12:36 PM, Bernard Clark 
wrote:

> We need to be alerted whenever a puppet report from any puppet client is
> late. We were thinking of having Nagios monitor the last modification time
> of a client's /var/lib/puppet/client_data/catalog/.json and alert us
> when that file ages too much. Anyone have a better idea?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/5d8181b7-6911-4af1-95dd-24331425d80e%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Perfection is just a word I use occasionally with mustard.
--Atom Powers--

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF-H%3DOkfzUo9JD9Jt_s8z3zr-w5f5M%3DGrZACWc_s%2B52E0DrE4g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] use client_data/catalog/.json for nagios check?

[Bernard Clark]

We need to be alerted whenever a puppet report from any puppet client is 
late. We were thinking of having Nagios monitor the last modification time 
of a client's /var/lib/puppet/client_data/catalog/.json and alert us 
when that file ages too much. Anyone have a better idea?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5d8181b7-6911-4af1-95dd-24331425d80e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Facter unable to parse custom fact

[José Luis Ledesma]

You are confusing custom and external facts, as david explained.

Regards,
El 22/07/2014 18:33, "Maxim Nikolaev"  escribió:

> As I understand from Facrer 2 manual (
> http://docs.puppetlabs.com/facter/2.1/custom_facts.html#adding-custom-facts-to-facter)
> I can set all custom facts to  /etc/facts/facts.d.
> Fact example:
>
> Facter.add("role") do
>   setcode do
> Facter::Util::Resolution.exec('ec2-describe-tags -O KEY -W KEY
> --filter "resource-id=$(ec2-metadata -i | cut -d " " -f2)" --filter
> "key=Role" | cut -f5 -')
>   end
> end
>
> It's not far from examples that are in manual.
>
> When I try to set this fact to /etc/facts/facts.d - I get error: Fact file
> /etc/facter/facts.d/role.rb was parsed but returned an empty data set
> Even if I try to use simple example from manual (
>
> hardware_platform.rb) - I get same error.
>
>
> On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote:
>>
>> Hello
>>
>> I have strange experience with facter on newly installed servers.
>>
>> Puppet: 3.6.2
>> Facter: 2.1.0
>> OS: Amazon Linux
>>
>> when I set custom fact to /etc/facter/facts.d and run facter locally I
>> get following error
>> Fact file /etc/facter/facts.d/services.rb was parsed but returned an
>> empty data set
>>
>>
>> When I copy same file to
>> /usr/lib/ruby/site_ruby/1.8/facter/
>> and run same command - facter works ok.
>>
>>
>> Can someone advise why thi can happen?
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/9e76db90-9ea3-4edf-811c-e29442e871b8%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3ddw_SOH5ocRBSBTkSOYz67UYdUT%2BWOB6E-58QrPm_RSdg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Facter unable to parse custom fact

[Maxim Nikolaev]

As I understand from Facrer 2 manual 
(http://docs.puppetlabs.com/facter/2.1/custom_facts.html#adding-custom-facts-to-facter)
 
I can set all custom facts to  /etc/facts/facts.d.
Fact example:

Facter.add("role") do
  setcode do
Facter::Util::Resolution.exec('ec2-describe-tags -O KEY -W KEY --filter 
"resource-id=$(ec2-metadata -i | cut -d " " -f2)" --filter "key=Role" | cut 
-f5 -')
  end
end

It's not far from examples that are in manual.

When I try to set this fact to /etc/facts/facts.d - I get error: Fact file 
/etc/facter/facts.d/role.rb was parsed but returned an empty data set
Even if I try to use simple example from manual (

hardware_platform.rb) - I get same error.


On Tuesday, July 15, 2014 5:10:59 PM UTC+3, Maxim Nikolaev wrote:
>
> Hello
>
> I have strange experience with facter on newly installed servers.
>
> Puppet: 3.6.2
> Facter: 2.1.0
> OS: Amazon Linux
>
> when I set custom fact to /etc/facter/facts.d and run facter locally I get 
> following error
> Fact file /etc/facter/facts.d/services.rb was parsed but returned an empty 
> data set
>
>
> When I copy same file to 
> /usr/lib/ruby/site_ruby/1.8/facter/
> and run same command - facter works ok.
>
>
> Can someone advise why thi can happen?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9e76db90-9ea3-4edf-811c-e29442e871b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Strange exec behavior on windows

[Rob Reynolds]

On Tue, Jul 22, 2014 at 6:18 AM, jcbollinger 
wrote:

>
>
> On Tuesday, July 22, 2014 3:35:01 AM UTC-5, cko wrote:
>>
>> Hi everyone,
>>
>> I am running Puppet 3.6.2 on the affected Windows Server 2008 R2 node.
>>
>> First of all the manifest that I'm trying to use:
>>
>> *   define static_route ($net,$netmask,$gw) *
>> *   {*
>> *  if $::kernel == 'Linux' *
>> *  {*
>> * exec { "$name":*
>> *command  => "route add -net ${net} netmask ${netmask} gw
>> ${gw}",*
>> *path => "$::path",*
>> *unless   => "route -n | grep -i
>> '${net}\s*${gw}\s*${netmask}'",*
>> * }*
>> *  }*
>> *  if $::kernel == 'windows' {*
>> * exec { "$name":*
>> *command  => "route ADD ${net} MASK ${netmask} ${gw}",*
>> *path => "$::path",*
>> *unless   => "cmd /c route PRINT -4 | FINDSTR /r
>> ${net}.*${netmask}.*${gw}",*
>> * }*
>> *  }*
>> *   }*
>>
>> *   # example values*
>> *   static_route { 'route01':*
>> *  net => '200.60.80.148',*
>> *  netmask => '255.255.255.128',*
>> *  gw  => '10.21.10.5',*
>> *   }*
>>
>>
>> This enables me to add a static route to Windows and Linux nodes with the
>> same Puppet syntax. On my Linux nodes this works just fine.
>>
>> But on my Windows node i notice a strange behavior:
>>
>>- When I test this manifest with 'puppet agent -t' ,Puppet creates
>>the static route in the first try. When I run 'puppet agent -t' again 
>> there
>>are *no* further changes. (this is the expected behavior)
>>- But when the Puppet run gets triggered* by the Puppet service* (every
>>30 minutes) it executes the route add command on EVERY following run. (As
>>if the route is not present. The agent sends a report to the Puppet
>>Dashboard that indicates an successfully executed "Exec" resource)
>>
>>
>> Is there a mistake in my Puppet code? Or is there any other logical
>> explanation for this behavior?
>>
>>
>
> Most likely, the 'unless' command is returning a false result every time
> it is run by the Puppet service.  The difference from when you run puppet
> manually could be the user context of the run, though I'm not enough of a
> Windows guy to suggest specifics.
>

I'd agree that it might be a user permission thing. You may want to try
changing the service over to your account and letting it run to see if it
does it. If so it could be the default user set on that is SYSTEM and may
not have access to that information. A suggestion if you do find it to be
that is to define an account for the agent that would be a local
administrator on these boxes.


>
>
> John
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/31986cb5-a76b-4a6e-a2f9-d88a5c556db5%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*Join us at PuppetConf 2014 , September
20-24 in San Francisco*
*Register by July 31st to take advantage of the Early Bird discount
 **--**save $249!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK63-eY7Qh8CbTcPv7AtvO6kanm_k0NXnQR9o-EYTRHsfg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Reports from puppet

[Maxim Nikolaev]

HI

I'm using puppetdb-2.1.0-1.el6.noarch
Puppetboard installed from pip yesterday, so I suppose it's also last.

I get mail about errors, so I know that report is generated. But I can't 
see it not in Puppetboard (
Overvie). When I check report in Node tab - I see that it's empty.

Error on client:

 puppet agent --no-daemonize --verbose --onetime
 Info: Retrieving pluginfacts
 Info: Retrieving plugin
 Info: Loading facts in /var/lib/puppet/lib/facter/puppet_vardir.rb
 Info: Loading facts in /var/lib/puppet/lib/facter/root_home.rb
 Info: Loading facts in /var/lib/puppet/lib/facter/facter_dot_d.rb
 Info: Loading facts in /var/lib/puppet/lib/facter/pe_version.rb
 Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find class rabbitmq::rabbitmq for 
mcollective-useast-00-d6f9.ec2.internal on node 
mcollective-useast-00-d6f9.ec2.internal
 Notice: Using cached catalog
 Error: Could not retrieve catalog; skipping run

In Dashboard I can see error, but in Puppetboard - not. Puppetboard sign 
node as unchanged and remove it from Overview tab. I can see it in Node, 
but again as unchanged and not failed.

On Monday, July 21, 2014 2:55:16 PM UTC+3, Maxim Nikolaev wrote:
>
> Hi
>
> I'm using Puppet with Dashboard and PuppetDB and Puppetdb board. I can see 
> all nodes and rfeports.
> Problem is that when puppet fail to run on instance - i get report 
> "unchanged" instead of "fail".
>
> For ex. I've changed postfix manifest to install package postfix1. Puppet 
> failed to run:
>
> Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Invalid relationship: File[/etc/postfix/main.cf] { require => 
> Package[postfix] }, because Package[postfix] doesn't seem to be in the 
> catalog
> But I got unchanged report instead of failed also in dashboard and in 
> puppetdb.
>
> Puppet: 3.6.2
> Facter: 2.1.0
> OS: Amazon Linux
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bbe9b960-3a07-40cc-8191-95c1c07a2d7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: puppetlabs-corosync help using multiple primitive operations

[willi . fehler]

Hi Trey,

I'm using Hiera and changed now:

p_drbd_jira:
  primitive_class:  ocf
  primitive_type:   drbd
  provided_by:  linbit
  parameters:
drbd_resource:  jira
  operations:
monitor:
  - {interval:  '10s', role:  'Master'}
  - {interval:  '20s', role:  'Slave'}

puppet agent -t --debug:
Error: 
/Stage[main]/H24-corosync::Config/H24-corosync::Resource[primitive]/Cs_primitive[p_drbd_jira]:
 
Could not evaluate: undefined method `each_pair' for 
#

My class to get the data from Hiera:

class h24-corosync::config {

$config = hiera('h24-corosync::config',
{
property => {},
primitive => {},
colocation => {},
order => {},
group => {}
})
h24-corosync::resource { 'property':
params => $config[property],
defaults => {ensure => present}
} ->
h24-corosync::resource { 'primitive':
params => $config[primitive],
#defaults => {operations => {monitor => { 'interval' => '30s' }}}
} ->
h24-corosync::resource { 'group':
params => $config[group]
} ->
h24-corosync::resource { 'colocation':
params => $config[colocation]
} ->
h24-corosync::resource { 'order':
params => $config[order]
}

}

Which code do I have to change?

Regards - Willi

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00d52bf6-835d-47ca-9e71-6b569f78d89b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Ruby, YAML & Hiera data

[Matthew Burgess]

Hi,

It's probably best for you to not ask why we're doing the following,
but here's what we're trying to achieve:

We'd like to programmatically edit our Hiera data, and we're using the
YAML backend.  I can successfully load the correct YAML file and make
the changes we require.  However, we've hit upon a bit of a stumbling
block if the YAML file contains an interpolation token, if gets
'corrupted' by the default Ruby YAML emitter like so:

ipaddress: "%{::ipaddress_eth0}"

becomes

ipaddress: ! '%{::ipaddress_eth0}'

When I inspect the data following the load of the YAML file, I can see
it's been loaded correctly, so it seems to be when I call YAML.dump()
that it gets 'corrupted'.

Just posting here to see if anyone else has done anything similar and
overcome the same problem; my google-fu led me down the path of some
custom Psych emitters, but the gist I re-used
(https://gist.github.com/mislav/2023978) exhibited the same issue.

The frustration here is that the data we need to change are guaranteed
to *not* have any interpolation tokens, but I can't see a way to
overwrite just the portion of the file that I've changed, hence why
I'm dumping out the full file again and hitting this issue.

Cheers,

Matt.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAKUTv3%2BUboAb_gL7bkq-3yeWnsdv75hMqhoe2yGo99ZMOzXsDA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Strange exec behavior on windows

[jcbollinger]

On Tuesday, July 22, 2014 3:35:01 AM UTC-5, cko wrote:
>
> Hi everyone,
>
> I am running Puppet 3.6.2 on the affected Windows Server 2008 R2 node.
>
> First of all the manifest that I'm trying to use:
>
> *   define static_route ($net,$netmask,$gw) *
> *   {*
> *  if $::kernel == 'Linux' *
> *  {*
> * exec { "$name":*
> *command  => "route add -net ${net} netmask ${netmask} gw 
> ${gw}",*
> *path => "$::path",*
> *unless   => "route -n | grep -i 
> '${net}\s*${gw}\s*${netmask}'",*
> * }*
> *  }*
> *  if $::kernel == 'windows' {*
> * exec { "$name":*
> *command  => "route ADD ${net} MASK ${netmask} ${gw}",*
> *path => "$::path",*
> *unless   => "cmd /c route PRINT -4 | FINDSTR /r 
> ${net}.*${netmask}.*${gw}",*
> * }*
> *  }*
> *   }*
>
> *   # example values*
> *   static_route { 'route01':*
> *  net => '200.60.80.148',*
> *  netmask => '255.255.255.128',*
> *  gw  => '10.21.10.5',*
> *   }*
>
>
> This enables me to add a static route to Windows and Linux nodes with the 
> same Puppet syntax. On my Linux nodes this works just fine.
>
> But on my Windows node i notice a strange behavior:
>
>- When I test this manifest with 'puppet agent -t' ,Puppet creates the 
>static route in the first try. When I run 'puppet agent -t' again there 
> are 
>*no* further changes. (this is the expected behavior)
>- But when the Puppet run gets triggered* by the Puppet service* (every 
>30 minutes) it executes the route add command on EVERY following run. (As 
>if the route is not present. The agent sends a report to the Puppet 
>Dashboard that indicates an successfully executed "Exec" resource)
>
>
> Is there a mistake in my Puppet code? Or is there any other logical 
> explanation for this behavior?
>
>

Most likely, the 'unless' command is returning a false result every time it 
is run by the Puppet service.  The difference from when you run puppet 
manually could be the user context of the run, though I'm not enough of a 
Windows guy to suggest specifics.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/31986cb5-a76b-4a6e-a2f9-d88a5c556db5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Resource without reporting of change

[jcbollinger]

On Monday, July 21, 2014 9:20:59 AM UTC-5, Georg Brunmayr wrote:
>
> Hi folks,
>
> i work with puppet for some time now and usually find what i need to know 
> but here my google skills fail...
>
> What i'm doing is roughly this:
> I have a pre and post stage where a node gets disabled in our build 
> system. This is done via a custom type that sets the attribute (some xml 
> handling) in the local file that is uploaded via another type that is just 
> there to do the upload on the client via ruby.
> That works perfect now but as a result of that mechanism every run reports 
> at least 4 changes -> the dis-/enabling of the node via the attribute and 
> the upload of the file. 
> These reports are correct as i really changed something in there but as i 
> do these 4 changes on every run my dashboard view no longer shows just real 
> changes but these as well which makes it a lot harder to see when a change 
> was rolled out to the node. 
>
> Does anybody have an idea how i can get rid of these reports?  I want to 
> suppress just the changes for 1 attribute and the upload as all other 
> attribute changes should show up as changes.
> Any ideas anyone?
>
>

Create a script wrapping a "puppet agent --onetime --no-daemonize" run, and 
perform the node disablement/re-enablement in that script.  Instead of 
running the agent in daemon mode, use an external scheduler (e.g. cron) to 
run the wrapper script on whatever schedule you like.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/76cf2582-7cf9-47e5-ad96-828917126022%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Passing undef as argument to classes & defines overrides default parameter

[jcbollinger]

On Monday, July 21, 2014 9:39:39 AM UTC-5, David Schmitt wrote:
>
> On 2014-07-21 15:00, jcbollinger wrote: 
> > 
> > 
> > On Monday, July 21, 2014 12:00:35 AM UTC-5, Atom Powers wrote: 
> > 
> > I think you should be able to send json to the yaml backend and it 
> > will work. I did some testing with hiera and had no problem with 
> > pure yaml, pure json, or a mix of the two. 
> > 
> > 
> > Yes, JSON is more or less a subset of YAML.  I don't recall at the 
> > moment what prevents JSON from being a complete subset, the kinds of 
> > JSON structures you're likely to want to use for your external data 
> > should all be fine. 
>
> JSON can only do simple values (string, number), lists and hashes. YAML 
> can additionally reference entities across the document (creating loops) 
> and do all sorts of other nasty things that rubyists found funny to put 
> into a serialization format. 
>
>

Yes, but that's beside the point.  The question is not what YAML can do 
that JSON can't, but rather what JSON can do that YAML can't.  YAML 1.2 is 
intended to be a superset of JSON, but (I had remembered reading) doesn't 
succeed 100% in that.  It turns out that the difference I was thinking of 
is that the JSON specs don't actually *require* mapping keys to be unique 
(JSON only suggests that keys be unique), whereas YAML does require unique 
keys (http://yaml.org/spec/1.2/spec.html#id2759572).  In practice, that may 
be a distinction without a difference.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f3f7959f-5dac-4b85-b7ee-ca746460adc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] How to install Tomcat

[phani krishna]

 hi i am new to puppet 

please can any one let me know how to install  tomcat on client machine 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20baecff-24d2-4344-bd77-02816745fec6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Managing config files...

[Felix Frank]

On 07/21/2014 09:52 AM, Gavin Williams wrote:
> Ah, forgot about the parsed file stuff... Good call, think that could be
> a good fit for the jre.properties file :)
> 
> Cheers
> Gavin

To clarify, though - do write Ruby code that will parse files, but
refrain from basing providers on Puppet's ParsedFile provider. It looks
neat enough, but just trust me on that one ;-)

Best,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53CE2A6F.9060102%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Strange exec behavior on windows

[cko]

Hi everyone,

I am running Puppet 3.6.2 on the affected Windows Server 2008 R2 node.

First of all the manifest that I'm trying to use:

*   define static_route ($net,$netmask,$gw) *
*   {*
*  if $::kernel == 'Linux' *
*  {*
* exec { "$name":*
*command  => "route add -net ${net} netmask ${netmask} gw 
${gw}",*
*path => "$::path",*
*unless   => "route -n | grep -i 
'${net}\s*${gw}\s*${netmask}'",*
* }*
*  }*
*  if $::kernel == 'windows' {*
* exec { "$name":*
*command  => "route ADD ${net} MASK ${netmask} ${gw}",*
*path => "$::path",*
*unless   => "cmd /c route PRINT -4 | FINDSTR /r 
${net}.*${netmask}.*${gw}",*
* }*
*  }*
*   }*

*   # example values*
*   static_route { 'route01':*
*  net => '200.60.80.148',*
*  netmask => '255.255.255.128',*
*  gw  => '10.21.10.5',*
*   }*


This enables me to add a static route to Windows and Linux nodes with the 
same Puppet syntax. On my Linux nodes this works just fine.

But on my Windows node i notice a strange behavior:

   - When I test this manifest with 'puppet agent -t' ,Puppet creates the 
   static route in the first try. When I run 'puppet agent -t' again there are 
   *no* further changes. (this is the expected behavior)
   - But when the Puppet run gets triggered* by the Puppet service* (every 
   30 minutes) it executes the route add command on EVERY following run. (As 
   if the route is not present. The agent sends a report to the Puppet 
   Dashboard that indicates an successfully executed "Exec" resource)


Is there a mistake in my Puppet code? Or is there any other logical 
explanation for this behavior?






-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6a9a32a3-b13f-4a2c-80ca-3ce614978312%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.