[Puppet Users] Re: Puppet Dashboard HTTP Basic Authentication Issues

2014-07-31 Thread Stella 
I figured it out. It is due to my settings.
 
In /etc/puppet/puppet.conf, I use "localhost":
 
 external_nodes = /usr/bin/env 
PUPPET_DASHBOARD_URL=http://localhost:3000 
/usr/share/puppet-dashboard/bin/external_node
But in the dashboard vhost config file, I gave the actual IP address of my 
puppet master (for example, 192.168.240.110 )
 
  Order allow,deny
  Allow from 192.168.240.110 
 
Once I changed the IP address to the word "localhost", it works:
 
  Order allow,deny
  Allow from 192.168.240.110
 
So my doubt is correct: as long as you have those two lines, puppet master 
access is allowed and you don't need to apply those two patches.  
 
Thanks!

On Thursday, July 31, 2014 1:43:35 PM UTC-4, Stella wrote:

> Hi Ellison,
>
> Thanks for the reply. 
>
> Yes, I replaced that IP address with my Puppet Master.
>
> So you think that as long as I have those two lines, I don't need to apply 
> those two patches and it should work? But it doesn't work for me. 
>
> I guess I will try to apply those two patches and see what will happen?
>
>
> On Thursday, July 31, 2014 1:32:54 PM UTC-4, Ellison Marks wrote:
>>
>> Where it has the IP address 192.168.240.110 and the comment "# your 
>> puppet master's IP", you are meant to replace the give IP address with the 
>> IP address that your puppet master will be using to submit reports.
>>
>> On Thursday, July 31, 2014 9:28:20 AM UTC-7, Stella wrote:
>>>
>>> Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
>>> Basic Authentication. I followed this document's "Security" section:
>>> http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html
>>>
>>> Basically, in Dashboard’s vhost configuration, I added those lines:
>>>
>>> 
>>> Order allow,deny
>>> Allow from 192.168.240.110 # your puppet master's IP
>>> Satisfy any
>>> AuthName "Puppet Dashboard"
>>> AuthType Basic
>>> AuthUserFile /etc/httpd/webaccess
>>> Require valid-user
>>> 
>>>
>>> Then I also created a user/password combination:
>>> htpasswd -c /etc/httpd/webaccess myusername
>>>
>>> Restart httpd service and Web access to the interface works fine. It 
>>> prompts me for username/password.
>>> However, when I ran "puppet agent --test", it failed. Puppet cannot get 
>>> nodes from the dashboard.
>>>
>>> Questions:
>>>
>>> 1. I googled and found this issue: 
>>> https://projects.puppetlabs.com/issues/4890. It points to another two 
>>> issues. Should I follow those two issues to fix my problem?
>>>
>>> issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
>>> puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
>>> out of the reporturl configuration option. 
>>> issue #5126  -- Puppet cannot get nodes from the dashboard. Modify 
>>> the external node script to properly parse usernames and passwords out of 
>>> its URL 
>>>
>>> 2. In the document, it has a notice
>>>
>>> Notice that you need to leave an access exception for your puppet 
>>> master. Although it’s possible to configure Puppet to use a password when 
>>> connecting to Dashboard (by adding a username and password to Puppet’s 
>>> reporturl and the URL used by the external_nodes script), this 
>>> currently requires patching Puppet’s http report handler; see issue 7173 
>>> for more details.
>>>
>>> I am a little confused here. "you need to leave an access exception for 
>>> your puppet master", does this refer to those two lines in the vhost config:
>>>
>>> Order allow,deny
>>> Allow from 192.168.240.110 # your puppet master's IP
>>>
>>> If yes, does that mean if I have those two lines to leave an access 
>>> exception for puppet master, I don't need to apply those two patches? But 
>>> now with those two lines, I still can't get puppet agent to get node from 
>>> dashboard. Maybe I should go ahead and apply those two patches?
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a592df47-559f-4aa4-8813-ce6fa1a620af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] puppet-postgres error

2014-07-31 Thread Huaqing Zheng 
I'm hitting the same issue with module version 3.4.1 and postgres version
9.3.

Looking at these selector statements:

  $cmd_host = $database_host ? {
default => "-h ${database_host} ",
undef   => "",
  }


Shoudln't undef be before default?




On Tue, Jul 15, 2014 at 2:29 PM, Hunter Haugen 
wrote:

> The validate_db_connection would come from
> https://github.com/puppetlabs/puppetlabs-postgresql#resource-postgresqlvalidate_db_connection
> which is declared by the postgresql::server -> postgresql::server::service
> class
> https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/manifests/server/service.pp#L29
> . The exec is
> https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/manifests/validate_db_connection.pp#L51
>
> So it appears that the service tries to start but isn't accepting
> connections via the psql command? There isn't enough information in the
> pasted errors to tell why though. One thing that is weird is the "-h  -U
>  -p  " arguments with double spaces, indicating that a
> hostname/user/password is blan, so that might be why (even though this code
> is supposed to guard against it
> https://github.com/puppetlabs/puppetlabs-postgresql/blob/master/manifests/validate_db_connection.pp#L23-L34
> ).
>
> What version of puppetlabs-postgresql is this?
>
>
>
>
>
> -Hunter
>
>
> On Tue, Jul 15, 2014 at 1:41 PM, Felix Frank <
> felix.fr...@alumni.tu-berlin.de> wrote:
>
>>  Hi,
>>
>> it would be helpful to see the manifest that declares the Exec[validate
>> postgres connection for /postgres].
>>
>> For debugging, the easiest approach is pasting the failing commands to a
>> shell.
>>
>> Regards,
>> Felix
>>
>>
>> On 07/14/2014 08:35 AM, Rajesh Taneja wrote:
>>
>> While running puppet agent, I am getting following error. Can someone
>> help me understand what might be wrong.
>>
>>  Warning: Exec[validate postgres connection for
>> /postgres](provider=posix): Cannot understand environment setting
>> "PGPASSWORD="
>> Warning: Exec[validate postgres connection for
>> /postgres](provider=posix): Cannot understand environment setting
>> "PGPASSWORD="
>> Notice:
>> /Stage[main]/Postgresql::Server::Service/Postgresql::Validate_db_connection[validate_service_is_running]/Exec[validate
>> postgres connection for /postgres]/returns: Unable to connect to defined
>> database using: /usr/bin/psql --tuples-only --quiet -h  -U  -p  --dbname
>> postgres
>> Error: echo 'Unable to connect to defined database using: /usr/bin/psql
>> --tuples-only --quiet -h  -U  -p  --dbname postgres ' && false returned 1
>> instead of one of [0]
>> Error:
>> /Stage[main]/Postgresql::Server::Service/Postgresql::Validate_db_connection[validate_service_is_running]/Exec[validate
>> postgres connection for /postgres]/returns: change from notrun to 0 failed:
>> echo 'Unable to connect to defined database using: /usr/bin/psql
>> --tuples-only --quiet -h  -U  -p  --dbname postgres ' && false returned 1
>> instead of one of [0]
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/d4866842-9ae8-4ade-89c9-34aa9e82e074%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/53C591E8.5060003%40Alumni.TU-Berlin.de
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAJaQvGAU%3DE5Wr-iJ33VowKD5tvi37XwEZxn%3DYnfGDNCq16vV9g%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Huaqing Zheng
Code Wrangler

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an emai

Re: [Puppet Users] iptables and number of ports

2014-07-31 Thread Trevor Vaughan 
This is fine, multiport can handle one or more ports and is a safe generic
way to handle this situation.

Trevor


On Thu, Jul 31, 2014 at 12:23 PM,  wrote:

> Hi,
>
> I'm trying to manage iptables with 'puppetlabs/firewall/1.0.2'. I use
> hiera to pass arguments to the firewall module like that:
>
> '032 accept dns traffic':
> source: '0.0.0.0/0'
> dport: '53'
>
> My problem is that after applying the configuration to a node iptables -nL
> shows:
>
> ACCEPT udp  --  0.0.0.0/00.0.0.0/0multiport
> dports 53 /* 032 accept dns traffic */
>
> As you can see even though I passed only one port iptables is set to
> multiports. Any idea how to fix that?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/79ca28ca-b882-463f-bd9a-d93b9623bf6b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaug...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANs%2BFoVXS%3DY%2BKuoD14xfmDVej8nCwnkrUNQT_Jm008paAvthvg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Hiera/Puppet: How to handle different versions of applications in multiple environments?

2014-07-31 Thread Pete Brown 
Hi,

I think the best way to achieve this is to use class variables for all
the versions of packages you want to manage and use hiera as the
backend.
You can actually use the $::environment fact in your hiera.yaml file
when defining the datadir.

I tend to put my hiera tree in a separate repository but you could
just as easily put it in your environment repository,

I would also recommend using r10k to manage your environment and hiera
checkouts.

Does that all make sense?

Pete.

On 29 July 2014 09:10, Devminded  wrote:
> Hello everybody.
>
> I'm a developer new to puppet and are working with a complex system made up
> of several subsystems. We have regulatory requirements which forces us to
> have several production environments (at-least one per jurisdiction). This
> is causing us some pains.
>
> The main problem is that the different jurisdictions "requires" different
> versions (and sometimes content) of the deployed applications. Due to a
> drawn out certification process some environments lags behind in versions by
> up to six month (that's how long it can take to get changes certified).
> Given that different environments require different versions of both puppet
> modules and application versions how do we handle this while still
> guaranteeing system integrity?
>
> I'm in the process of trying out some other things, like the roles and
> profiles pattern. Looking at the 'version' properties in my example below;
> is it a good idea to keep it hardcoded and release a new version of the
> puppet module for each version of the software (order_service in this case)
> and assign those modules per environment or should I make the application
> versions a hiera variable as well? And if I do decide to keep versions in
> hiera how do I ensure that no-one (in ops) deploys a version that has not
> been integration-tested with the rest of the system?
>
> Keeping versions in hiera would make everything much more dynamic but also
> so much more difficult to ensure consistency, especially in a Continuous
> Delivery workflow...
>
> Any takers? What obvious thing did I miss?
>
>
> *Example*
> class role::app_server {
> include profile::base
> include profile::linux
> include profile::jboss
> include profile::order_service::webapp
> }
>
> class profile::order_service::webapp {
> class { 'order_webapp'
> version => '3.1.2',
> db_address  => hiera('db_address'),
> etc...
> }
> }
>
> class profile::jboss {
> class { 'jbosseap':
> version => 6.3,
> port=> hiera('port'),
> broadcast_address   => hiera('broadcast_address'),
> user_roles  => hiera('user_roles'),
> user_groups => hiera('user_groups')
> }
> class { 'java'
> version => '>=1.7.0'
> }
> }
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/06c4d567-6785-45ec-ae4a-8a41c236d2fe%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAJ8DPF6QUMWYpJPA%3D7TaP6woR5%3DX4%3Dref7ZA-9gaL-26kmhYfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread yamakasi . 014 
HI John,

Thanks!

I had that class in my enable.pp and not in modules/enable/ssl.pp

Is it not possible at all to place it in modules/enable.pp ?

Thanks a lot for you great explanation... just didn't noticed it as I try 
to create a less pp's of possible.

Cheers,

Matt

Op donderdag 31 juli 2014 23:30:16 UTC+2 schreef jcbollinger:
>
>
>
> On Thursday, July 31, 2014 3:51:37 PM UTC-5, yamaka...@gmail.com wrote:
>>
>> Hi John,
>>
>> Thanks so far!
>>
>>
>> This is what I use now:
>>
>> class mypuppetmodule::modules::enable (
>> 
>> $enable_modules = undef
>> ) {
>>  
>>  
>>  $modules_split = split($enable_modules, ',')
>>  enableModules { $modules_split: }
>>   
>>  enableModules { 'mod1':}
>>   
>> }
>>
>> The issue is that when I do a require => 
>> Class['mypuppetmodule::modules::enable::ssl'] it says it cannot find the 
>> dependency.
>>
>>
>
> You have not presented any class named 
> mypuppetmodule::modules::enable::ssl.  If you in fact have such a class 
> then Puppet would expect to find its definition in manifest file 
> /mypuppetmodule/manifests/modules/enable/ssl.pp.  Moreover, in 
> order to require => that class you must ensure that it is declared at some 
> point during catalog compilation.  The 'require' metaparameter does not do 
> that for you (see my point (3)).
>
> HOWEVER, I suspect that you don't actually have such a class at all, and 
> you are instead trying to refer to some kind of artifact of 'ssl' being 
> among the substrings specified to class mypuppetmodule::modules::enable via 
> its parameter $enable_modules.  But Puppet has no such concept.  You could 
> consider using one of these instead:
>
>   require => Class['mypuppetmodule::modules::enable']
>
> or
>
>   require => EnableModules['ssl']
>
> Even so, it remains unclear to me what you hope to gain by that.  Perhaps 
> it's exactly what you need, but I can't tell.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/050d46e1-3ded-4980-89dc-0dc68f3aa0f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread jcbollinger 


On Thursday, July 31, 2014 3:51:37 PM UTC-5, yamaka...@gmail.com wrote:
>
> Hi John,
>
> Thanks so far!
>
>
> This is what I use now:
>
> class mypuppetmodule::modules::enable (
> 
> $enable_modules = undef
> ) {
>  
>  
>  $modules_split = split($enable_modules, ',')
>  enableModules { $modules_split: }
>   
>  enableModules { 'mod1':}
>   
> }
>
> The issue is that when I do a require => 
> Class['mypuppetmodule::modules::enable::ssl'] it says it cannot find the 
> dependency.
>
>

You have not presented any class named 
mypuppetmodule::modules::enable::ssl.  If you in fact have such a class 
then Puppet would expect to find its definition in manifest file 
/mypuppetmodule/manifests/modules/enable/ssl.pp.  Moreover, in 
order to require => that class you must ensure that it is declared at some 
point during catalog compilation.  The 'require' metaparameter does not do 
that for you (see my point (3)).

HOWEVER, I suspect that you don't actually have such a class at all, and 
you are instead trying to refer to some kind of artifact of 'ssl' being 
among the substrings specified to class mypuppetmodule::modules::enable via 
its parameter $enable_modules.  But Puppet has no such concept.  You could 
consider using one of these instead:

  require => Class['mypuppetmodule::modules::enable']

or

  require => EnableModules['ssl']

Even so, it remains unclear to me what you hope to gain by that.  Perhaps 
it's exactly what you need, but I can't tell.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d37a5c6a-f733-433f-b360-3adbcd9afe43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread yamakasi . 014 
Hi John,

Thanks so far!


This is what I use now:

class mypuppetmodule::modules::enable (

$enable_modules = undef
) {
 
 
 $modules_split = split($enable_modules, ',')
 enableModules { $modules_split: }
  
 enableModules { 'mod1':}
  
}

The issue is that when I do a require => 
Class['mypuppetmodule::modules::enable::ssl'] it says it cannot find the 
dependency.

I think this is the right way and include mypuppetmodule::modules::enable 
doesn't help me also.

Cheers,

Matt




Op donderdag 31 juli 2014 22:24:51 UTC+2 schreef jcbollinger:
>
>
>
> On Wednesday, July 30, 2014 7:30:20 PM UTC-5, yamaka...@gmail.com wrote:
>>
>>
>> mymodule::modules::enable{'modX': enable_modules => 'module'}
>>
>>
>>
>
> In fact, not only must that not appear at top level (outside a 
> starting-point manifest), it must not appear at all. 
> mymodule::modules::enable is a class not a resource type.
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/63f95274-9041-4792-a852-39eaf5c09c25%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread jcbollinger 

I came back to look at this, and I'm really not following what you are 
trying to do for fall-back behavior.  I suspect you have some 
misapprehensions that contribute both to your difficulty finding a solution 
to your problem, and to your difficulty explaining what you are trying to 
do.  Rather than guess at what you want to do, I offer some of the issues 
about which I think you might be confused:

1. Neither defined types nor defined type instances are classes.  The 
latter are resources.  Defined types themselves are, as their name implies, 
resource *types*, analogous to Puppet's built-in types such as File and 
Service.

2. The syntax for a reference to a class, such as you use with the chain 
operators or the 'require' metaparameter is Class['my::class::name'].  A 
reference of the form Mymodule::Some::Type['foo'] refers to a resource 
whose title is 'foo' and whose type is Mymodule::Some::Type (which is 
presumably a defined type if it has a qualified name like that).

3. The chaining arrows and the 'require' and 'before' metaparameters are 
exclusively about the relative order in which resources are applied by the 
agent.  They must refer to resources and/or classes that are ultimately in 
the catalog, but they themselves do nothing whatever to put those resources 
in the catalog.

4. The 'include', 'require', and 'contain' *functions* (not to be confused 
with resource metaparameters) cause classes to be included in the catalog.  
The 'require' and 'contain' functions additionally have effects on the 
order in which the agent applies classes.  These can be used on classes 
that are already in the catalog, which in that case has only the 
application-order consequences (if any) that the functions carry.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ce6dc675-3f6f-439a-a0f1-61be056d600f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread jcbollinger 


On Wednesday, July 30, 2014 7:30:20 PM UTC-5, yamaka...@gmail.com wrote:
>
>
> mymodule::modules::enable{'modX': enable_modules => 'module'}
>
>
>

In fact, not only must that not appear at top level (outside a 
starting-point manifest), it must not appear at all. 
mymodule::modules::enable is a class not a resource type.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/082f02af-3e13-4bc1-a5ee-984e411e9f1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet-dev] Re: [Puppet Users] Re: Announce: Facter 2.0.1

2014-07-31 Thread Kylo Ginsberg 
Hi Madd,

On Thu, Jul 31, 2014 at 5:08 AM, Madd Sauer 
wrote:

> [root@devel69 facts.d]# cat /var/lib/puppet/lib/facter/kis_horcm.rb
> if Facter.kernel == "Linux"
> Facter.add("kis_horcm") do
> setcode do
> File.exist?("/etc/horcm.conf")
>end
> end
> end
>
>
>
One other idea: try changing Facter.kernel to Facter.value(:kernel). The
former syntax was deprecated, and the latter works with older facter
versions as well.

Kylo
-- 
Kylo Ginsberg
k...@puppetlabs.com

*Join us at PuppetConf 2014 , September
20-24 in San Francisco*
*Register by July 31st to take advantage of the Early Bird discount
 **—**save $249!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CALsUZFE6Bu6iqa40Mb1FQknDp-p8RO2tu%2Bup678isGmvB297hw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet Dashboard HTTP Basic Authentication Issues

2014-07-31 Thread Stella 
Hi Ellison,

Thanks for the reply. 

Yes, I replaced that IP address with my Puppet Master.

So you think that as long as I have those two lines, I don't need to apply 
those two patches and it should work? But it doesn't work for me. 

I guess I will try to apply those two patches and see what will happen?


On Thursday, July 31, 2014 1:32:54 PM UTC-4, Ellison Marks wrote:
>
> Where it has the IP address 192.168.240.110 and the comment "# your puppet 
> master's IP", you are meant to replace the give IP address with the IP 
> address that your puppet master will be using to submit reports.
>
> On Thursday, July 31, 2014 9:28:20 AM UTC-7, Stella wrote:
>>
>> Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
>> Basic Authentication. I followed this document's "Security" section:
>> http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html
>>
>> Basically, in Dashboard’s vhost configuration, I added those lines:
>>
>> 
>> Order allow,deny
>> Allow from 192.168.240.110 # your puppet master's IP
>> Satisfy any
>> AuthName "Puppet Dashboard"
>> AuthType Basic
>> AuthUserFile /etc/httpd/webaccess
>> Require valid-user
>> 
>>
>> Then I also created a user/password combination:
>> htpasswd -c /etc/httpd/webaccess myusername
>>
>> Restart httpd service and Web access to the interface works fine. It 
>> prompts me for username/password.
>> However, when I ran "puppet agent --test", it failed. Puppet cannot get 
>> nodes from the dashboard.
>>
>> Questions:
>>
>> 1. I googled and found this issue: 
>> https://projects.puppetlabs.com/issues/4890. It points to another two 
>> issues. Should I follow those two issues to fix my problem?
>>
>> issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
>> puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
>> out of the reporturl configuration option. 
>> issue #5126  -- Puppet cannot get nodes from the dashboard. Modify 
>> the external node script to properly parse usernames and passwords out of 
>> its URL 
>>
>> 2. In the document, it has a notice
>>
>> Notice that you need to leave an access exception for your puppet 
>> master. Although it’s possible to configure Puppet to use a password when 
>> connecting to Dashboard (by adding a username and password to Puppet’s 
>> reporturl and the URL used by the external_nodes script), this 
>> currently requires patching Puppet’s http report handler; see issue 7173 
>> for more details.
>>
>> I am a little confused here. "you need to leave an access exception for 
>> your puppet master", does this refer to those two lines in the vhost config:
>>
>> Order allow,deny
>> Allow from 192.168.240.110 # your puppet master's IP
>>
>> If yes, does that mean if I have those two lines to leave an access 
>> exception for puppet master, I don't need to apply those two patches? But 
>> now with those two lines, I still can't get puppet agent to get node from 
>> dashboard. Maybe I should go ahead and apply those two patches?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a1ad0a5f-d4d9-42be-8de6-d0fbd068d8af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet Dashboard HTTP Basic Authentication Issues

2014-07-31 Thread Ellison Marks 
Where it has the IP address 192.168.240.110 and the comment "# your puppet 
master's IP", you are meant to replace the give IP address with the IP 
address that your puppet master will be using to submit reports.

On Thursday, July 31, 2014 9:28:20 AM UTC-7, Stella wrote:
>
> Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
> Basic Authentication. I followed this document's "Security" section:
> http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html
>
> Basically, in Dashboard’s vhost configuration, I added those lines:
>
> 
> Order allow,deny
> Allow from 192.168.240.110 # your puppet master's IP
> Satisfy any
> AuthName "Puppet Dashboard"
> AuthType Basic
> AuthUserFile /etc/httpd/webaccess
> Require valid-user
> 
>
> Then I also created a user/password combination:
> htpasswd -c /etc/httpd/webaccess myusername
>
> Restart httpd service and Web access to the interface works fine. It 
> prompts me for username/password.
> However, when I ran "puppet agent --test", it failed. Puppet cannot get 
> nodes from the dashboard.
>
> Questions:
>
> 1. I googled and found this issue: 
> https://projects.puppetlabs.com/issues/4890. It points to another two 
> issues. Should I follow those two issues to fix my problem?
>
> issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
> puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
> out of the reporturl configuration option. 
> issue #5126  -- Puppet cannot get nodes from the dashboard. Modify the 
> external node script to properly parse usernames and passwords out of its 
> URL 
>
> 2. In the document, it has a notice
>
> Notice that you need to leave an access exception for your puppet 
> master. Although it’s possible to configure Puppet to use a password when 
> connecting to Dashboard (by adding a username and password to Puppet’s 
> reporturl and the URL used by the external_nodes script), this 
> currently requires patching Puppet’s http report handler; see issue 7173 
> for more details.
>
> I am a little confused here. "you need to leave an access exception for 
> your puppet master", does this refer to those two lines in the vhost config:
>
> Order allow,deny
> Allow from 192.168.240.110 # your puppet master's IP
>
> If yes, does that mean if I have those two lines to leave an access 
> exception for puppet master, I don't need to apply those two patches? But 
> now with those two lines, I still can't get puppet agent to get node from 
> dashboard. Maybe I should go ahead and apply those two patches?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b9c50c8c-fe2b-4c8c-947b-a2a0c08f6485%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Dashboard HTTP Basic Authentication Issues

2014-07-31 Thread Stella 
Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
Basic Authentication. I followed this document's "Security" section:
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html

Basically, in Dashboard’s vhost configuration, I added those lines:


Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP
Satisfy any
AuthName "Puppet Dashboard"
AuthType Basic
AuthUserFile /etc/httpd/webaccess
Require valid-user


Then I also created a user/password combination:
htpasswd -c /etc/httpd/webaccess myusername

Restart httpd service and Web access to the interface works fine. It 
prompts me for username/password.
However, when I ran "puppet agent --test", it failed. Puppet cannot get 
nodes from the dashboard.

Questions:

1. I googled and found this issue: 
https://projects.puppetlabs.com/issues/4890. It points to another two 
issues. Should I follow those two issues to fix my problem?

issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
out of the reporturl configuration option. 
issue #5126  -- Puppet cannot get nodes from the dashboard. Modify the 
external node script to properly parse usernames and passwords out of its 
URL 

2. In the document, it has a notice

Notice that you need to leave an access exception for your puppet 
master. Although it’s possible to configure Puppet to use a password when 
connecting to Dashboard (by adding a username and password to Puppet’s 
reporturl and the URL used by the external_nodes script), this 
currently requires patching Puppet’s http report handler; see issue 7173 
for more details.

I am a little confused here. "you need to leave an access exception for 
your puppet master", does this refer to those two lines in the vhost config:

Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP

If yes, does that mean if I have those two lines to leave an access 
exception for puppet master, I don't need to apply those two patches? But 
now with those two lines, I still can't get puppet agent to get node from 
dashboard. Maybe I should go ahead and apply those two patches?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6b064326-2502-4576-a928-a3dda5370b6c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] iptables and number of ports

2014-07-31 Thread martin 
Hi,

I'm trying to manage iptables with 'puppetlabs/firewall/1.0.2'. I use hiera 
to pass arguments to the firewall module like that:

'032 accept dns traffic':
source: '0.0.0.0/0'
dport: '53'

My problem is that after applying the configuration to a node iptables -nL 
shows:

ACCEPT udp  --  0.0.0.0/00.0.0.0/0multiport 
dports 53 /* 032 accept dns traffic */

As you can see even though I passed only one port iptables is set to 
multiports. Any idea how to fix that?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/79ca28ca-b882-463f-bd9a-d93b9623bf6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet Master not serving out/reading manifests

2014-07-31 Thread Steve Marlow 
By default puppet loads only the site.pp manifest 
(see http://docs.puppetlabs.com/references/latest/configuration.html#manifest 
). 

The fastest solution is simply to add the node definition to site.pp. If 
you wish to keep the node definition in a separate file, the docs recommend 
setting up directory environments 
(see http://docs.puppetlabs.com/puppet/latest/reference/environments.html 
). To enable this in your case you would need to add the environmentpath 
directive to puppet.conf and move the kungfumaster definition to 
/etc/puppet/environments/production/manifests/kungfumaster.mydomain.com.pp.

-Steve

On Wednesday, July 30, 2014 11:16:14 PM UTC-4, Naftuli Tzvi Kay wrote:
>
> I have a really strange issue with my Puppet Master.
>
> I can't seem to get it to serve my manifests properly. I have installed 
> manifests in two locations:
>
>- /etc/puppet/manifests/kungfumaster.mydomain.com.pp
>- /etc/puppet/environments/production/kungfumaster.mydomain.com.pp
>
> Both of which contain something similar to this:
>
> node "kungfumaster.mydomain.com" { 
> notify { "found the one in environments!": }
> }
>
> Neither of them run when I connect with my agent. The only one which is 
> actually read appears to be /etc/puppet/manifests/site.pp, which does, in 
> fact, run:
>
> Notice: /Stage[main]/Main/Node[default]/Notify[thungs]/message: defined 
> 'message' as 'thungs'
>
> This node is defined like this:
>
> node default { 
> notify { 'thungs': }
> }
>
> No matter how I've tried, I haven't been able to get these manifests to 
> work properly, even when specifying a node default in the aforementioned 
> files.
>
> I'm seeing some strange logs emitted from my Puppet Master, but I'm not 
> quite clear as to what they mean or how to solve the problem mentioned in 
> them:
>
> Jul 31 01:50:28 kungfumaster puppet-master[443]: Could not retrieve fact fqdn
> Jul 31 01:50:28 kungfumaster puppet-master[443]: Could not retrieve fact 
> ipaddress
> Jul 31 01:50:28 kungfumaster puppet-master[443]: TrustedInformation expected 
> a certificate, but none was given.
>
> Configuration files:
>
>- /etc/puppet/puppet.conf 
>- /usr/share/puppet/rack/puppetmaster/config.ru 
> (config file for running the Puppet 
>Master rails app)
>- /etc/nginx/nginx.conf 
>- /etc/nginx/sites-enabled/puppetmaster 
>
> Log files:
>
>- /var/log/syslog 
>- Output of puppet apply --onetime --no-daemonize --debug --verbose: 
>here 
>- Output of puppet apply --onetime --no-daemonize --debug --verbose 
>--environment production: here 
>
> The Puppet Agent and Puppet Master are both on the exact same host.
>
> The strange message about expecting a certificate is generated here: 
> https://j.mp/1zxG08Q
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ea441a85-e6c1-4bb4-802f-c7b0823bbfb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Dashboard

2014-07-31 Thread Stella 
Hi, I am trying to configure Puppet (3.6.2) Dashboard (1.2.23) with HTTP 
Basic Authentication. I followed this document's "Security" section:
http://docs.puppetlabs.com/dashboard/manual/1.2/configuring.html

Basically, in Dashboard’s vhost configuration, I added those lines:


Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP
Satisfy any
AuthName "Puppet Dashboard"
AuthType Basic
AuthUserFile /etc/httpd/webaccess
Require valid-user


Then I also created a user/password combination:
htpasswd -c /etc/httpd/webaccess myusername

Restart httpd service and Web access to the interface works fine. It 
prompts me for username/password.
However, when I ran "puppet agent --test", it failed. Puppet cannot get 
nodes from the dashboard.

Questions:

1. I googled and found this issue: 
https://projects.puppetlabs.com/issues/4890. It points to another two 
issues. Should I follow those two issues to fix my problem?

issue #7173  -- Puppet cannot submit reports to dashboard. Modify 
puppet/lib/puppet/reports/http.rb to properly parse usernames and passwords 
out of the reporturl configuration option. 
issue #5126  -- Puppet cannot get nodes from the dashboard. Modify the 
external node script to properly parse usernames and passwords out of its 
URL 

2. In the document, it has a notice

Notice that you need to leave an access exception for your puppet 
master. Although it’s possible to configure Puppet to use a password when 
connecting to Dashboard (by adding a username and password to Puppet’s 
reporturl and the URL used by the external_nodes script), this currently 
requires patching Puppet’s http report handler; see issue 7173 for more 
details.

I am a little confused here. "you need to leave an access exception for 
your puppet master", does this refer to those two lines in the vhost config:

Order allow,deny
Allow from 192.168.240.110 # your puppet master's IP

If yes, does that mean if I have those two lines to leave an access 
exception for puppet master, I don't need to apply those two patches? But 
now with those two lines, I still can't get puppet agent to get node from 
dashboard. Maybe I should go ahead and apply those two patches?

Thanks a lot!

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/2cde8ded-302c-45b9-9aa2-4b9b118bfc63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] pe-puppetdb fails to start

2014-07-31 Thread Denis Labkovich 
Thank you Deepak
You are right
There was another process using the same port that was assigned to puppetdb.
Is there anything else to modify the port besides modifying it at the file 
below?
puppetdb/conf.d/jetty.ini


On Thursday, July 31, 2014 10:18:33 AM UTC-4, Deepak Giridharagopal wrote:
>
> On Thu, Jul 31, 2014 at 7:34 AM, Denis Labkovich  > wrote:
>
>> Hello,
>>
>> We have
>> 3.4.3 (Puppet Enterprise 3.2.3)
>> that is running on HyperV VM
>> After hard reset, it came back with the issue of failing pe-puppetdb 
>> service
>>
>> It starts and then in a minute fails.
>>
>> Here is the /var/log/pe-puppetdb/puppetdb-daemon.log
>> java.net.BindException: Address already in use
>>
>
> This would indicate that something else is using the ports PuppetDB wants 
> to use, and thus it can't complete its startup. By default, we choose ports 
> 8080 and 8081...those can be changed through config in 
> /etc/puppetlabs/puppetdb to something that isn't already taken.
>
> deepak
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3e153f00-edc6-4e41-b314-34699aabb7a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] pe-puppetdb fails to start

2014-07-31 Thread Deepak Giridharagopal 
On Thu, Jul 31, 2014 at 7:34 AM, Denis Labkovich 
wrote:

> Hello,
>
> We have
> 3.4.3 (Puppet Enterprise 3.2.3)
> that is running on HyperV VM
> After hard reset, it came back with the issue of failing pe-puppetdb
> service
>
> It starts and then in a minute fails.
>
> Here is the /var/log/pe-puppetdb/puppetdb-daemon.log
> java.net.BindException: Address already in use
>

This would indicate that something else is using the ports PuppetDB wants
to use, and thus it can't complete its startup. By default, we choose ports
8080 and 8081...those can be changed through config in
/etc/puppetlabs/puppetdb to something that isn't already taken.

deepak

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOjOXY0%2BXqWgs4ZwLYGvosAiZx8J5amafQzPP8ZLhSNe%2Bmfjhg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] pe-puppetdb fails to start

2014-07-31 Thread Denis Labkovich 
Hello,

We have
3.4.3 (Puppet Enterprise 3.2.3)
that is running on HyperV VM
After hard reset, it came back with the issue of failing pe-puppetdb service

It starts and then in a minute fails.

Here is the /var/log/pe-puppetdb/puppetdb-daemon.log
java.net.BindException: Address already in use
 at sun.nio.ch.Net.bind0 (Net.java:-2)
sun.nio.ch.Net.bind (Net.java:444)
sun.nio.ch.Net.bind (Net.java:436)
sun.nio.ch.ServerSocketChannelImpl.bind 
(ServerSocketChannelImpl.java:214)
sun.nio.ch.ServerSocketAdaptor.bind (ServerSocketAdaptor.java:74)
org.eclipse.jetty.server.nio.SelectChannelConnector.open 
(SelectChannelConnector.java:173)
org.eclipse.jetty.server.AbstractConnector.doStart 
(AbstractConnector.java:311)
org.eclipse.jetty.server.nio.SelectChannelConnector.doStart 
(SelectChannelConnector.java:251)
org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart 
(SslSelectChannelConnector.java:626)
org.eclipse.jetty.util.component.AbstractLifeCycle.start 
(AbstractLifeCycle.java:59)
org.eclipse.jetty.server.Server.doStart (Server.java:272)
org.eclipse.jetty.util.component.AbstractLifeCycle.start 
(AbstractLifeCycle.java:59)
ring.adapter.jetty$run_jetty.invoke (jetty.clj:85)
com.puppetlabs.jetty$run_jetty$fn__4560.invoke (jetty.clj:91)
clojure.core$with_redefs_fn.invoke (core.clj:6751)
com.puppetlabs.jetty$run_jetty.invoke (jetty.clj:90)
com.puppetlabs.puppetdb.cli.services$_main$fn__12105.invoke 
(services.clj:512)
clojure.core$binding_conveyor_fn$fn__4107.invoke (core.clj:1836)
clojure.lang.AFn.call (AFn.java:18)
java.util.concurrent.FutureTask.run (FutureTask.java:262)
java.util.concurrent.ThreadPoolExecutor.runWorker 
(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run 
(ThreadPoolExecutor.java:615)
java.lang.Thread.run (Thread.java:744)

Also, at the PE Console, at Events Tab it has error:
Could not connect to PuppetDB. Ensure that you can reach the PuppetDB node 
over the network. For more information, check 
/var/log/pe-puppet-dashboard/event-inspector.log 

Here is the file /var/log/pe-puppet-dashboard/event-inspector.log 

[2014-07-31 12:58:41.095 UTC] ERROR Failed to connect to PuppetDB. Check 
settings (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server 
hello A)
[2014-07-31 13:31:32.450 UTC] ERROR Failed to connect to PuppetDB. Check 
settings (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server 
hello A)

No config changes happened.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/90158b04-96cb-4061-8a51-3228b2a06c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] future parser changes undef to string inside create_resources (tested on puppet 3.5.1 and puppet 3.6.1)

2014-07-31 Thread Kevin Häfeli 
After some debugging, I finally found this post. 
Thank you for posting this issue, that saved me probably a lot of time :-)

I had this problem with jfryman's nginx module, when I tried to create some 
vhosts with or without the parameter "auth_basic". 
Atm I've some auth_basic => undef resulting in a broken nginx vhost file, 
because the nginx module getting an empty string and putting it into the 
vhost config.
Instead of an undef and doing nothing :-)

Anyway: "fixed" it with a condition like the following and looking forward 
to 4.x ;)
if $auth_basic == undef { create_resources $vhost_hash } else { 
create_resources $vhost_hash_without_auth_basic }









Am Montag, 2. Juni 2014 15:52:13 UTC+2 schrieb Henrik Lindberg:
>
> On 2014-31-05 2:15, Robert wrote: 
> > I've stumbled upon this very annoying bug with the future parser where 
> > it's replacing undef with empty strings when passed inside a hash to 
> > create_resources(). 
> > 
> > test.pp 
> > = 
> > define test($var = undef) { 
> >notice inline_template("<%= @name %> is <% if @var %>true<% else 
> > %>false<% end %> and of type <%= @var.class %>") 
> > } 
> > 
> > $config = { 
> >"from_create_resources" => { 
> >  var => undef 
> >} 
> > } 
> > 
> > create_resources('test', $config) 
> > = 
> > 
> > $ puppet apply ./test.pp 
> > Notice: Scope(Test[from_create_resources]): from_create_resources is 
> > false and of type NilClass 
> > 
> > $ puppet apply --parser future ./test.pp 
> > Notice: Scope(Test[from_create_resources]): from_create_resources is 
> > true and of type String 
> > 
> > Breaks most of my templates since I use <% if @var %> everywhere... 
> > 
>
> That is a bummer. The problem here is that the 3x API *expects* undefs 
> to be transformed to empty string (if that is not done, other functions 
> break). However, the 3x runtime does a poor job and only translates 
> *some* undefs to empty strings. 
>
> We faced a dilemma: which "bug" should future parser be compliant with? 
> We choose the strict; translate all undefs to empty string. 
>
> In the 4x function API there is no such transformation. The intent is 
> to gradually move functions to the new API on a "most urgent to fix" 
> basis. 
>
> Until this has been done, one way of solving this is to implement 
> bridging function using the new API (if it is named the same as the 3x 
> function, it will be chosen instead of the 3x function when using parser 
> == future). It can then simply relay the call to the 3x implementation 
> (without any transformation). 
>
> Tip: If attempting to do this, there may be need to transform other 
> values such as types - this because the 3x functions does not understand 
> the new type system, and something like File['/tmp'] results in a 
> PResourceType in the future parser/evaluator, and needs to be 
> transformed to a Puppet::Resource. 
>
> We are currently discussing, when and how we deal with functions 
> that needs to be transitioned to the 4x API. As an interim, maybe we 
> should make the future parser bug compatible wrt. transformation of 
> undef to empty string when these values are nested in arrays and hashes. 
>
> Sorry for the inconvenience. 
> Regards 
> - henrik 
>
> -- 
>
> Visit my Blog "Puppet on the Edge" 
> http://puppet-on-the-edge.blogspot.se/ 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a8b19019-2cf3-428b-8d28-4e41e1602899%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Master not serving out/reading manifests

2014-07-31 Thread Naftuli Tzvi Kay 


I have a really strange issue with my Puppet Master.

I can't seem to get it to serve my manifests properly. I have installed 
manifests in two locations:

   - /etc/puppet/manifests/kungfumaster.mydomain.com.pp
   - /etc/puppet/environments/production/kungfumaster.mydomain.com.pp

Both of which contain something similar to this:

node "kungfumaster.mydomain.com" { 
notify { "found the one in environments!": }
}

Neither of them run when I connect with my agent. The only one which is 
actually read appears to be /etc/puppet/manifests/site.pp, which does, in 
fact, run:

Notice: /Stage[main]/Main/Node[default]/Notify[thungs]/message: defined 
'message' as 'thungs'

This node is defined like this:

node default { 
notify { 'thungs': }
}

No matter how I've tried, I haven't been able to get these manifests to 
work properly, even when specifying a node default in the aforementioned 
files.

I'm seeing some strange logs emitted from my Puppet Master, but I'm not 
quite clear as to what they mean or how to solve the problem mentioned in 
them:

Jul 31 01:50:28 kungfumaster puppet-master[443]: Could not retrieve fact fqdn
Jul 31 01:50:28 kungfumaster puppet-master[443]: Could not retrieve fact 
ipaddress
Jul 31 01:50:28 kungfumaster puppet-master[443]: TrustedInformation expected a 
certificate, but none was given.

Configuration files:

   - /etc/puppet/puppet.conf 
   - /usr/share/puppet/rack/puppetmaster/config.ru 
    (config file for running the Puppet 
   Master rails app)
   - /etc/nginx/nginx.conf 
   - /etc/nginx/sites-enabled/puppetmaster 

Log files:

   - /var/log/syslog 
   - Output of puppet apply --onetime --no-daemonize --debug --verbose: here 
   
   - Output of puppet apply --onetime --no-daemonize --debug --verbose 
   --environment production: here 

The Puppet Agent and Puppet Master are both on the exact same host.

The strange message about expecting a certificate is generated here: 
https://j.mp/1zxG08Q

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a365ffdf-6497-492c-93d4-01eba29ce19d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Wrap class around define and use it as Require

2014-07-31 Thread jcbollinger 


On Wednesday, July 30, 2014 7:30:20 PM UTC-5, yamaka...@gmail.com wrote:
>
> Hi Guys,
>
> I'm using an ENC to define all my nodes including some modules I want to 
> load, I have the following class/define for this:
>
> class mymodule::modules::enable (
> 
> $enable_modules = undef
> ) {
>
>  $modules_split = split($enable_modules, ',')
>  enableModules { $modules_split: }
>   
> }
>
> define enableModules () {
>  exec { "mycommand  $name" :
>   command   => "/usr/sbin/mycommand $name",
>   notify => Service[myservice]
>  }
> }
>


You should give that definition a properly-qualified and preferrably 
all-lowercase name (maybe mymodule::modules::enable_modules) and put it in 
a corresponding file 
(/mymodule/manifests/modules/enable_modules.pp).  You should 
everywhere refer to it via its fully-qualified name.

 

>
> mymodule::modules::enable{'modX': enable_modules => 'module'}
>
>

That must not appear at the top level of any manifest other than a 
starting-point manifest.  In particular, if you follow the correct module 
layout then it must not appear at to scope in any manifest file in your 
module.  Put it in a class, in a node block if you are using those, or in a 
starting-point manifest.

 

>
> Now I'm using this per node using mod1,mod2,mod3 which works OK, I don't 
> want to use create_resources here as I want to have one filed for enable, 
> and one field for disable in my ENC
>
> For some fool-proof solution that when the module is not set in my ENC I 
> want to require the define enableModules in a different class and set a 
> static parameter:
>
> some::class ( )
>
> {
>
> Class['modulename'] -> MyModule::Modules::Enable['modX:']
>
> file { "/my/path/to/directory" :
> ensure  => directory,
> mode=> '0644',
> owner   => 'root',
> group   => 'root',
> require => Class['modulename'],
>   }
>
> }
>
> Well, I need to wrap a class around my define to get this all working as 
> you can see above but this is not working as my some::class says:
>
> Could not find dependency Class[Enable_mymodule] for 
> File[/my/path/to/directory] at...
>


Class[enable_mymodule] does not exist in the code you presented.  Do you 
perhaps mean to write (assuming the renaming described above)

  require => Mymodule::Modules::Enable_modules['modulename']

?

Otherwise, I can't advise you very well about code I haven't seen.  I *can* 
say that this whole thing is looking pretty convoluted.  I don't have time 
at the moment to analyze it well enough to suggest a better alternative, 
but I'll try to come back to it later.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/bbfd0df4-f0b5-4e50-867d-91d43db00101%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Mco doesn't apply classes from Hiera

2014-07-31 Thread Maxim Nikolaev 
Hello

I met some strange things with mco.

I installed Puppet with Hiera as ENC.

Puppet 3.6.2

I've installed MCO server. MCO version 2.5.3

Configured several classes in hera. Configured Puppet to use Hiera as ENC.

When I run "puppet agent --no-daemonize --verbose --onetime" form server 
itself - everything is working fine.
All classes applied according facts.

When I run "mco puppet runonce -vv -f -F hostname=" fomr mco 
server it's run ok, but apply only common class from Hiera.

On client I see 
ps aux | grep puppet
root  6976 52.7  4.2 277188 164080 ?   Sl   13:11   0:11 
/usr/bin/ruby /usr/bin/puppet agent --test --color=false --no-splay

If I run this command manually on client "/usr/bin/ruby /usr/bin/puppet 
agent --test --color=false --no-splay" - again all classes applied.

When run mco - again only common.

Can anyone advise?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f3520da8-6c43-4a38-aec6-d933be9d2699%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: duplicated resource with an exported resource

2014-07-31 Thread jcbollinger 


On Thursday, July 31, 2014 2:43:42 AM UTC-5, Jose Luis Ledesma wrote:
>
> Hi,
>
>   this doesn't work. You cannot have two resources with the same name:
>
>  Could not retrieve catalog from remote server: Error 400 on SERVER: 
> Duplicate declaration: Host[] is already declared in file 
> X/init.pp:17; cannot redeclare at /host.pp:5 on node X
>
>

Yes, although $title does not have to be the same as $name, Puppet enforces 
that (Type, $title) and (Type, $name) are *both* unique (with respect to 
the same collection, even).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d7786d46-76ce-4d89-95ee-0c1237b44e24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] increasing frequency of puppet agent runs during initial deployment?

2014-07-31 Thread jcbollinger 


On Wednesday, July 30, 2014 7:31:38 AM UTC-5, Jason Antman wrote:
>
> I've seen those environments. I've worked in them. A few host types in my 
> current environment are like that. IT IS A BUG. The only valid reason for 
> this is either a bug in your manifests/modules, or that things aren't 
> ordered properly.
>
>

You misunderstand me.  I can readily believe that some environments *do* 
take multiple Puppet runs to converge.  I'm saying that there is nothing in 
those environments that inherently prevents Puppet from syncing the whole 
system in just one run.  So, agreed, if systems take multiple Puppet runs 
to converge to a stable configuration then there is a bug in the manifest 
set, data, and/or ENC.

 

> That being said... don't run via cron.
>


... if all you want it for is provisioning.  For Puppet's core use -- 
ongoing configuration management -- there are a lot of advantages to 
scheduling agent runs via cron instead of running the agent as a daemon.  
Also a couple of limitations.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/eaaf4e5f-9346-4356-b85a-3d8cbc8ae5af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Dashboard can't find classes

2014-07-31 Thread Stella 
Hi Stefan, thank you so much for the quick reply! That solves my puzzle. I 
thought the modules available on my Puppet Master will be automatically 
detected by the Dashboard. 

As you suggested, I use the "Add Class" option to add all needed classes 
from the Puppet Master to the Dashboard, after that I use Group/Class 
option to assign them to a Node. It works!

Two more questions:

1. I am using Dashboard 1.2.23 and I see there is a newer version Dashboard 
2.0. Will the new version provide the "classes-auto-detect" function?
2. In Enterprise Puppet there is "Live Management", but I don't see it in 
this open source puppet and dashboard. What is the alternative then? And 
will this function be available in the new dashboard?

Thanks a lot!

Stella


On Thursday, July 31, 2014 1:55:32 AM UTC-4, Stefan Heijmans wrote:
>
> Hi,
>  
> >>However those classes on my puppet master are not being parsed into the 
> dashboard. There is no classed shown in dashboard, even I am sure I 
> downloaded a few modules.
> You mean, you have not added classes manually to the Dashboard?
> If so, you do need to do this. Modules available on your Puppet Master are 
> *not* automatically detected by the Dashboard.
> Use the "Add Class" option to add all needed classes from the Puppet 
> Master to the Dashboard, after that use Group/Class option to assign them 
> to a Node.
>  
> Stefan
>
> On Thursday, July 31, 2014 2:58:10 AM UTC+2, Stella wrote:
>
>> I followed this document to install and configure Puppet 3.6.2 and 
>> Dashboard 1.2.23 on Red Hat Linux 6.5, both using Apache as web server.
>>
>> http://docs.puppetlabs.com/guides/install_puppet/pre_install.html
>> http://docs.puppetlabs.com/guides/install_puppet/install_el.html
>> http://docs.puppetlabs.com/guides/install_puppet/post_install.html
>> http://docs.puppetlabs.com/dashboard/manual/1.2/bootstrapping.html
>>
>> My puppet master and agent are working: master can push class to agent. 
>> Also I can access the dashboard console and can see my nodes are listed: 
>> http://localhost:3000
>>
>> However those classes on my puppet master are not being parsed into the 
>> dashboard. There is no classed shown in dashboard, even I am sure I 
>> downloaded a few modules.
>> Do I missing any configuration (module path, or other parameters) ?
>>
>> NOTE:
>> 1. I have added the following to the masters puppet configuration file 
>> and the path is correct with the dashboard running on the master.
>>  node_terminus  = exec
>>  external_nodes = /usr/bin/env PUPPET_DASHBOARD_URL=http://localhost:3000 
>> /usr/share/puppet-dashboard/bin/external_node
>>
>> 2. I googled and someone mentioned that he changed the ruby path in the 
>> dashboard external node script to use the ruby that was installed (original 
>> /usr/bin/ruby doesn't work for ruby installs from source). I am using Ruby 
>> 1.8.7. How to find out where is the new ruby installed? 
>>
>>
>> I am stuck on this.  Please help.
>>
>> Thanks.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d2ff3cc6-3965-4938-acde-412a650109aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: duplicated resource with an exported resource

2014-07-31 Thread José Luis Ledesma 
Hi,

  this doesn't work. You cannot have two resources with the same name:

 Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Host[] is already declared in file
X/init.pp:17; cannot redeclare at /host.pp:5 on node X

regards,


On Wed, Jul 30, 2014 at 2:42 PM, Jason Antman  wrote:

> Just in case anyone comes by this in the future, maybe I'm missing
> something, but why not keep this really simple (did you read the type
> reference docs for host?):
>
> @@host { "${::hostname}_exported" :
>
>   name=> $::hostname,
>
>   ensure  => present,
>
>   ip => $secondary_ip,
>
> }
>
>
>
> host { $::hostname :
>
>   ensure  => present,
>
>   ip  => $primary_ip
> }
>
>
> On Tue, Jul 15, 2014 at 3:22 PM, José Luis Ledesma <
> joseluis.lede...@gmail.com> wrote:
>
>> It worked as you thought.
>>
>> Many thanks, perhaps the code is not so nice, but the config applied is,
>> by far, better.
>>
>> Regards,
>> El 15/07/2014 15:24, "jcbollinger"  escribió:
>>
>>
>>>
>>> On Monday, July 14, 2014 8:55:38 AM UTC-5, Kristof Willaert wrote:

 [snip]

 You will not be able to collect that resource on the node that exports
> it (you would again -- and rightfully -- get a duplicate resource
> complaint), but I think otherwise you should be ok.
>

 The documentation for exported resources suggests otherwise:

 Any node (including the node that exported it) can then *collect* the
 exported resource and manage its own copy of it. [1]

 I must say I haven't tried it myself, but unless I misinterpret the
 sentence above, it should be possible.

>>>
>>>
>>> You're not misinterpreting the docs, but you *are* misinterpreting my
>>> statement.  Although *generally* the node exporting a resource can
>>> collect that resource, if the OP used the approach I described then his
>>> nodes would not be able to collect the Site::Secondary_host resources they
>>> declare themselves.  If they tried to collect their own, then it would
>>> yield a duplicate Host resource (from the defined type body; because he
>>> already, separately, declares a Host for the node itself).  The key there
>>> is that -- I think -- the type's body will not be evaluated by the
>>> declaring node for instances that it does not collect, even those that it
>>> declares itself.
>>>
>>>
>>> John
>>>
>>>  --
>>> You received this message because you are subscribed to the Google
>>> Groups "Puppet Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to puppet-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/puppet-users/e05c726c-b0ca-40be-8f5a-a38df765a9cf%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to puppet-users+unsubscr...@googlegroups.com.
>>  To view this discussion on the web visit
>> https://groups.google.com/d/msgid/puppet-users/CAF_B3ddtHrbANnKirUdvic9wgC7DxWmgtLy%3D4_TErgEmn5vMWQ%40mail.gmail.com
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/CAFt4V4n3EW8oWAXTf6xgTF%3DG0%2B_KnU6SHL8CJ-pE02jEXJabZw%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
José Luis Ledesma

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAF_B3ddgTFE-yj%2B9Af-SokHdGkK1HXgz_Ef%2B4hwtr%3D4Oj1xq-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] mailalias that always refreshes

2014-07-31 Thread Gabriel Filion 
On 31/07/14 03:07 AM, Gabriel Filion wrote:
> I'm using puppet 2.7 and on one node, I have a mailalias resource to
> setup something for redmine like the following:
> 
> mailalias {
> "redmine":
> recipient =>
> '|/usr/share/redmine/extra/mail_handler/sub-mailhandler.py -e
> redm...@redmine.example.com --
> /usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb --url
> https://redmine.example.com --key somerandomalphanumstring
> --no-check-certificate --unknown-user accept --no-permission-check
> --allow-override project,tracker,category,priority,status';
> }
> 
> puppet is always refreshing the alias for no reason. changing the value
> to the same thing.

I did some more testing and mailalias bugs in the above manner as soon
as there is a comma in the recipient parameter value (e.g. with
"...project" it's ok but with "...project," I start seeing the issue).

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53D9EF94.5010306%40lelutin.ca.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] mailalias that always refreshes

2014-07-31 Thread Gabriel Filion 
Hi there,

I'm using puppet 2.7 and on one node, I have a mailalias resource to
setup something for redmine like the following:

mailalias {
"redmine":
recipient =>
'|/usr/share/redmine/extra/mail_handler/sub-mailhandler.py -e
redm...@redmine.example.com --
/usr/share/redmine/extra/mail_handler/rdm-mailhandler.rb --url
https://redmine.example.com --key somerandomalphanumstring
--no-check-certificate --unknown-user accept --no-permission-check
--allow-override project,tracker,category,priority,status';
}

puppet is always refreshing the alias for no reason. changing the value
to the same thing.

does anyone know of such a bug with mailalias (e.g. has it been fixed in
more recent versions?)

-- 
Gabriel Filion

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/53D9EB1C.6030507%40lelutin.ca.
For more options, visit https://groups.google.com/d/optout.