Re: [Puppet Users] SSL POODLE Vulnerability

2014-10-16 Thread Michael Stahnke 
On Wed, Oct 15, 2014 at 3:28 PM, Mike Seda  wrote:

> Puppet Developers,
> Based on the SSL POODLE vulnerability (
> https://www.openssl.org/~bodo/ssl-poodle.pdf ), will you be patching
> WEBrick to deny SSLv3 like you did with SSLv2 (
> https://projects.puppetlabs.com/issues/19151 )?
>

Yes, the next releases, commercial and open source will contain those
fixes. Webrick isn't recommended to use in environments very large, so
normally mitigation of this type can be done at the Apache/Nginx layer.

I did post something to our blog about remediation and exposure.

http://puppetlabs.com/blog/impact-assessment-sslv3-vulnerability-poodle-attack


>
> Mike
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/543EF513.3090300%40lillegroup.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMto7LJy_cEJ-oZ7wVQ-FqE8DGtEekFqiX0a6mRp-BeW6Chf4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] packages via puppet

2014-10-16 Thread Jeremy T. Bouse 
On 10/16/2014 10:02 AM, AAB !! wrote:
> Secondly,  would the following execute "apt-get update" every time on
> agent's scheduled execution (runinterval) ? or would it only run for the
> first time and would not run unless some changes are made to this class
> file on puppet master ?
> 
>exec {'apt-update':
> command => "/usr/bin/apt-get update",
> require => exec ['apt'],
> }
> Actually I can see *puppet-agent[2953]:
> (/Stage[main]/testing-server/Exec[apt-update]/returns) executed
> successfully *after every three minutes (runinterval=180) in the log
> file (syslog).
> 

Yes, your exec block there is telling it to run apt-get update ever
time it does a catalog run. A far better option would be to enable to
unattended upgrades options in the apt module and it should perform this
for you on a regular basis.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54403902.4080901%40UnderGrid.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Windows 3.7.1 Puppet Agent Upgrade - Completely Broken?!

2014-10-16 Thread Rob Reynolds 
On Thu, Oct 16, 2014 at 9:47 AM, Dan Gibbons 
wrote:

> Hi,
>
> Today I removed an old puppet version (3.4.3) and installed the new 64bit
> 3.7.1 on a Windows 2008 server.
>
> After installation it appears as if nothing works now:
>
> In C:\ProgramData\PuppetLabs\puppet\etc\puppet.config I have:
> [main]
> server=mypuppetserver
> pluginsync=true
> autoflush=true
> environment=dev
>
> In C:\ProgramData\PuppetLabs\facter\facts.d I have some custom facts:
> role.txt (with contentserver_role=icisapi)
>
> Problems:
> - When running puppet checks form the command line like"facter" it doesn't
> display any facts from the facts.d folder
> - When running puppet agent --configprint server it always returns
> "puppet"
> - When running puppet agent --configprint environment it always returns
> "production"
>
> It's as if the Puppet agent is ignoring
>  C:\ProgramData\PuppetLabs\puppet\etc\puppet.config.  I tried looking in
> the release notes to see if theres any breaking changes affecting this but
> can't see anything.
>

Hi Dan,
 Can you take a look at the file and ensure that it is named puppet.conf
and not puppet.config?


>
> Any ideas!?
>
> Thanks
>
> Dan
>
>
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/693cee37-fbc3-486e-9b9c-58dc56d5bb56%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Rob Reynolds
Developer, Puppet Labs

*Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
http://2015.puppetconf.com/
*Register early to save 40%!*

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMJiBK6z2wDaNwfMdvgmvTBgjagmUiRpFk_QSE5C%3D19yNkEFmg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Getting the last of site specific data out of manifest

2014-10-16 Thread Kenton Brede 
I'm using OS Puppet 3.7.1.  I'm using Hiera and *mostly* have our site
specific data out of our modules.

I could use some advice on how to handle the following two cases.

Case #1

node basenode {
  include files   # files common to all nodes
}

node 'hostname.example.com' inherits basenode {
  include files::hostname  # files specific to host
}

Case #2

In template files, flow control like:

<% if (hostname == "hostname1") -%>
X11Forwarding yes
<% else -%>
X11Forwarding no
<% end -%>

Any advice appreciated.

Thanks,

-- 
Kent Brede

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CA%2BnSE3_5QCHnNb2utzZwA8c1oobRGbOazoJEWYJcigMqgLyydA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Using r10k to deploy production. How to setup a local dev environment for modules?

2014-10-16 Thread Tony Thayer 
Nan Liu gave a talk at Puppet Conf 2014 about 
this: https://www.youtube.com/watch?v=GoLE6JJU6mA
I wasn't there in person, but I have been witness to it in an enterprise 
environment and it looks like a really good way to go for local dev. 
Instead of using a local puppetmaster you just just bring in a copy of your 
manifests and develop masterless. I think my only concerns with developing 
that way is that you won't get to test hiera in your environment, but that 
could be a misunderstanding on my part.

On Wednesday, October 15, 2014 9:30:16 AM UTC-7, JeremyCampbell wrote:
>
> Hi,
>
> We're using r10k with a 'control' repo to deploy to our production server 
> following Gary Larizza's excellent series 
>  
> workflow with r10k. Our current workflow requires engineers to commit 
> changes to the repo on a feature branch which is then deployed to a test 
> environment using r10k. They are unable to test changes locally before 
> making a commit as they don't have a local development puppetmaster. We'd 
> like to implement a local dev environment using VM's and vagrant. 
>
> Our aim is to allow a developer to spin up a local development environment 
> that has a puppetmaster VM and multiple puppet clients for testing. The 
> developer should be able to test changes locally before committing changes 
> for the live test environment. To spin up the environment we expect to 
> build a puppetmaster VM that will be deployed as a vagrant box. This box 
> will be more or less a generic puppetmaster without any of our manifests 
> installed. The developer would then run some scripts to clone the 'control' 
> repo and checkout the repo's in the Puppetfile. We can't use r10k to 
> checkout the modules in the Puppetfile as we need each individual module 
> cloned so developers can work on each module. Is the only solution to 
> manually clone each module in the Puppetfile?
>
> Any advice on how local development environments are being used with r10k 
> in production would be much appreciated!
>
> Jeremy.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/a0932fdc-9b83-40ee-9364-fb6904e2ba34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Windows 3.7.1 Puppet Agent Upgrade - Completely Broken?!

2014-10-16 Thread Dan Gibbons 
Hi,

Today I removed an old puppet version (3.4.3) and installed the new 64bit 
3.7.1 on a Windows 2008 server.

After installation it appears as if nothing works now:

In C:\ProgramData\PuppetLabs\puppet\etc\puppet.config I have:
[main]
server=mypuppetserver
pluginsync=true
autoflush=true
environment=dev

In C:\ProgramData\PuppetLabs\facter\facts.d I have some custom facts:
role.txt (with contentserver_role=icisapi)

Problems:
- When running puppet checks form the command line like"facter" it doesn't 
display any facts from the facts.d folder
- When running puppet agent --configprint server it always returns "puppet" 
- When running puppet agent --configprint environment it always returns 
"production" 

It's as if the Puppet agent is ignoring 
 C:\ProgramData\PuppetLabs\puppet\etc\puppet.config.  I tried looking in 
the release notes to see if theres any breaking changes affecting this but 
can't see anything.

Any ideas!?

Thanks

Dan




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/693cee37-fbc3-486e-9b9c-58dc56d5bb56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] packages via puppet

2014-10-16 Thread AAB !! 
Hi,
 Could someone tell me how can I answer different questions while 
installing package via puppet. For example password for mysql-server ? many 
packages have many questions during installation, how can I answer those 
when installing them via puppet ?

Secondly,  would the following execute "apt-get update" every time on 
agent's scheduled execution (runinterval) ? or would it only run for the 
first time and would not run unless some changes are made to this class 
file on puppet master ?

   exec {'apt-update':
command => "/usr/bin/apt-get update",
require => exec ['apt'],
}
Actually I can see *puppet-agent[2953]: 
(/Stage[main]/testing-server/Exec[apt-update]/returns) executed 
successfully *after every three minutes (runinterval=180) in the log file 
(syslog).

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/9b5013fc-b49a-4985-ac52-95008fc878c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Need help! Puppet could not request certificate: No route to host -connect(2)

2014-10-16 Thread Amarinder singh 
Thanks Rony, that worked for me. 

On Sunday, April 6, 2014 5:24:58 AM UTC+1, rony thomas wrote:
>
> Could you add the hostnames and IP addresses of master and client in 
> /etc/hosts on both master and client. On RHEL 5.8, I was able to fix this 
> error  after flushing the iptables with "iptables -F" and then saving it 
> with "service iptables save". 
>  
>  
> Kind Regards,
> Rony Thomas
>  
>
> On Tuesday, 23 April 2013 10:57:02 UTC-4, mart...@gmail.com wrote:
>
>> Hello,
>>
>> I am installing puppet and keep getting this error [Puppet could not 
>> request certificate:  No route to host -connect(2)]
>>
>> My DNS is resloving and i can ping the master from the agent.  
>>
>> I have added this line to the iptables [iptables  -I INPUT -s 
>> 192.168.1.20 -m tcp -p tcp --dport 8140 -j ACCEPT], where the IP is my 
>> agent.
>>
>> I have also added my master ip to /etc/puppet/puppet.conf
>>
>> Why am I still getting this error?  
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b652849a-dee4-4ad6-97fc-55c515085e77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Master Disk usage management

2014-10-16 Thread Mark Rosedale 
I went through your ask post. This was extremely helpful information. 
However, I wanted to add some updated information about reclaiming your 
space the hard way. 

According to the mysql documentation 
 you can 
change the innodb_file_per_table setting and then run the following command 
to split the table off into its own file. 

ALTER TABLE report_logs ENGINE=InnoDB;

Then you can run the following and you'll see that there is in fact a new 
ibd file. 
ls -lah /var/lib/mysql/dashboard/report*
-rw-rw. 1 mysql mysql 8.7K Oct 16 09:36 
/var/lib/mysql/dashboard/report_logs.frm
-rw-rw. 1 mysql mysql  36M Oct 16 09:40 
/var/lib/mysql/dashboard/report_logs.ibd

So I don't think you have actually nuke your mysql configuration 
altogether. 

mjr

On Wednesday, October 15, 2014 3:32:26 PM UTC-4, Ramin K wrote:
>
> On 10/15/14 9:11 AM, Mark Rosedale wrote: 
> > Hello, 
> > 
> > I'm running puppet  with puppetdb and puppet-dashboard all on my master. 
> > 
> > I want to make sure that I don't get overrun with disk usage by either 
> > the master (storing reports) or the dbs for puppetdb (I'm running 
> > postgres) or puppet-dashboard (mysql). 
> > 
> > I'm wondering what some people do to manage disk usage for each of 
> these? 
>
> In regards to Puppet Dashboard, the Mysql based one, I wrote this up 
> over a year ago 
>
> https://ask.puppetlabs.com/question/884/how-do-i-reduce-the-space-mysql-is-using-for-puppet-dashboard/
>  
>
> Remember just doing the prunes will not reclaim space. You must optimize 
> the table in order to shrink it. And running the optimize will not 
> reclaim space unless the table resides in its own file. 
>
> Ramin 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/32f09a1e-94c7-471b-8681-e79f80312cc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: One puppet run divided to two puppet runs

2014-10-16 Thread jcbollinger 


On Wednesday, October 15, 2014 10:53:33 AM UTC-5, Marcin Spoczynski wrote:
>
> Thanks for the answer, but the main question is why puppet need to have 2 
> puppet runs instead of one in the 2 nd example?  
>


It is impossible to answer that question definitively from the data 
provided.  The relevant manifests would be helpful, as would log output 
that has not had relevant information edited out.

Nevertheless, I observe that two different agent processes are logging 
results in the second case, with only a short interval between their 
entries.  It follows that the agent service was restarted in between.  In 
all likelihood, therefore, the catalog applied to the second machine either 
explicitly refreshed the puppet agent service before all other resources 
had been applied, or else implicitly triggered the daemon to restart by 
updating its config file.

I cannot speak directly to why only the second machine required the agent 
to be restarted.  I can offer only the rather unhelpful answer that either 
its initial state or its catalog or both differed from the first machine's.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d0f7986c-0f9a-405d-ab75-7eadc14264d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: LoadError: no such file to load -- facter/util/file_read

2014-10-16 Thread Spriya 
Thank you Craig, my issue solved. I had two versions of ruby. I removed one 
and followed your steps.

On Wednesday, October 15, 2014 12:12:22 PM UTC-4, Craig White wrote:
>
> OK - so am I at the moment anyway...
>
> # puppet -V
> 3.6.2 (Puppet Enterprise 3.3.2)
>
> I was rather frustrated by not having a system ruby so I did the 
> following...
> # ln -s /opt/puppet/bin/ruby /opt/puppet/bin/irb /opt/puppet/bin/gem 
> /usr/local/bin
>
> which made ruby/gem/irb available to any user any where. Before you do 
> that though, make sure you don't have another ruby installed - 'which ruby' 
> will tell you if it finds a ruby anywhere on your $PATH
>
> You should be able to do this - if you can't, there's something wrong with 
> your install of puppet/ruby/etc.
>
> # irb
> irb(main):001:0> require 'facter'
> => true
> irb(main):002:0>
>
> On Wednesday, October 15, 2014 6:50:41 AM UTC-7, Spriya wrote:
>>
>> Hi Craig,
>>
>> I am using PE. My installation was all in one(master,database,console). 
>> Yes  i have more than one ruby installed.
>>
>> *ruby -v*
>> *ruby 1.8.7 (2011-06-30 patchlevel 352) [x86_64-linux]*
>>
>>
>> *$ cd /opt/puppet/bin*
>> *./ruby -v*
>> *ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]*
>>
>>
>> let me know how to troubleshoot this issue.
>>
>>
>> On Tuesday, October 14, 2014 7:54:04 PM UTC-4, Craig White wrote:
>>>
>>> how did you install puppet?  Do you have more than one install of ruby 
>>> on your system?  Is it possible that when you invoke the interactive ruby 
>>> console (irb) that it starts a ruby binary that has nothing to do with your 
>>> puppet install?
>>>
>>> On Tuesday, October 14, 2014 4:41:07 PM UTC-7, Spriya wrote:

 Hi Craig,

 even if i do  require facter. It is throwing me error.

 *irb(main):002:0> require 'facter'*
 *LoadError: no such file to load -- facter*
 *from (irb):2:in `require'*
 *from (irb):2*
 *from :0*


 On Tuesday, October 14, 2014 5:22:26 PM UTC-4, Craig White wrote:
>
> I don't see a 'file_read' method for Factor::Util
>
> Facter::Util.methods
> => [:freeze, :===, :==, :<=>, :<, :<=, :>, :>=, :to_s, 
> :included_modules, :include?, :name, :ancestors, :instance_methods, 
> :public_instance_methods, :protected_instance_methods, 
> :private_instance_methods, :constants, :const_get, :const_set, 
> :const_defined?, :const_missing, :class_variables, 
> :remove_class_variable, 
> :class_variable_get, :class_variable_set, :class_variable_defined?, 
> :public_constant, :private_constant, :module_exec, :class_exec, 
> :module_eval, :class_eval, :method_defined?, :public_method_defined?, 
> :private_method_defined?, :protected_method_defined?, 
> :public_class_method, 
> :private_class_method, :autoload, :autoload?, :instance_method, 
> :public_instance_method, :psych_yaml_as, :yaml_as, :psych_to_yaml, 
> :to_yaml_properties, :to_yaml, :nil?, :=~, :!~, :eql?, :hash, :class, 
> :singleton_class, :clone, :dup, :initialize_dup, :initialize_clone, 
> :taint, 
> :tainted?, :untaint, :untrust, :untrusted?, :trust, :frozen?, :inspect, 
> :methods, :singleton_methods, :protected_methods, :private_methods, 
> :public_methods, :instance_variables, :instance_variable_get, 
> :instance_variable_set, :instance_variable_defined?, :instance_of?, 
> :kind_of?, :is_a?, :tap, :send, :public_send, :respond_to?, 
> :respond_to_missing?, :extend, :display, :method, :public_method, 
> :define_singleton_method, :object_id, :to_enum, :enum_for, :psych_y, 
> :equal?, :!, :!=, :instance_eval, :instance_exec, :__send__, :__id__]
>
> Craig
>
> On Tuesday, October 14, 2014 2:01:15 PM UTC-7, Spriya wrote:
>>
>> Hi,
>>
>> I am am trying to execute my puppet facts using irb. so when i use 
>> irb. It is throwing me error. No such file to load -- 
>> facter/util/file_read
>>
>> *$irb*
>> *irb(main):001:0> require 'facter/util/file_read'*
>> *LoadError: no such file to load -- facter/util/file_read*
>> *from (irb):1:in `require'*
>> *from (irb):1*
>> *from :0*
>> *irb(main):002:0> require 'facter'*
>> *LoadError: no such file to load -- facter*
>> *from (irb):2:in `require'*
>> *from (irb):2*
>> *from :0*
>>
>> Anyone help me
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/94e37ab6-31be-44c4-a14d-364785d007ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: how install foreman in suse 11 sp2

2014-10-16 Thread Byron Miller 
I'm not familiar with Suse at all, but there is an awesome google group 
'Foreman Users' and the irc channel on freenode #foreman where you can 
probably get quicker help :)

On Wednesday, October 15, 2014 8:01:30 PM UTC-5, tony jia wrote:
>
> My work environment is completely using SUSE 11 SP2 opereating system,now 
> i received a request to use the foreman. but "
> http://software.opensuse.org/"; only has "home" repos. how install foreman 
> better ?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d7f7b901-e57e-4c15-ac2c-84152a44bf44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.