[Puppet Users] PuppetDB errors

2014-11-19 Thread Paul Seymour
Hello,

Getting a couple of errors thrown with PuppetDB

2014-11-19 08:03:49,120 ERROR [c.p.p.command] 
[22329b48-7c20-4ec4-beb2-15cd02e11bff] [replace facts] Retrying after 
attempt 8, due to: org.postgresql.util.PSQLException: ERROR: update or 
delete on table fact_paths violates foreign key constraint 
fact_values_path_id_fk on table fact_values
  Detail: Key (id)=(512) is still referenced from table fact_values.
org.postgresql.util.PSQLException: ERROR: update or delete on table 
fact_paths violates foreign key constraint fact_values_path_id_fk on 
table fact_values
  Detail: Key (id)=(512) is still referenced from table fact_values.


Which is similar to PDB-1031 albeit with a different fact (ours is a custom 
one not _timestamp).

puppetdb=# select * from fact_paths where id = 512;
 id  | value_type_id | depth |  name  | 
 path
-+---+---++
 512 | 0 | 0 | XX_ethernet_eth0_intralink_unit_id | 
XX_ethernet_eth0_intralink_unit_id
(1 row)

puppetdb=# select * from fact_values where path_id = 512;
  id   | path_id | value_type_id |value_hash   
 | value_integer | value_float | value_string | value_boolean | value_json
---+-+---+--+---+-+--+---+
 50319 | 512 | 0 | 80e54cb487aed67b98d7dc92feaac988bf95bcc7 
|   | | 107827   |   |
 22128 | 512 | 0 | 47e3876c8d334accbeb827775e728643581bbb83 
|   | | 107292   |   |

Is it just noise or something to be concerned about ? This is with v2.2.1 
and PostGres 9.3.5

Thanks
Paul

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/08bf4cb9-6c80-489d-a0ef-26627f395f5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] Re: invalid checksum using template

2014-11-19 Thread Felice Pizzurro
Hi,

I use puppet 3.7.3-1puppetlabs1. Puppet master is ubuntu 12.04, client is
ubuntu 10.04.

I have a resource file, content is a template that have the string {FOO}.
inside

class test {

  file {'/tmp/test':
ensure = present,
content = template('test/template.erb')
  }
}

the template content is only the string {FOO}.

Result of agent execution is:

Error: Could not retrieve content for {FOO}.
 from filebucket: Error 400 on SERVER: Invalid checksum .\n
Wrapped exception:
Error 400 on SERVER: Invalid checksum .\n
Error: /Stage[main]/Test/File[/tmp/test]/ensure: change from absent to
present failed: Could not retrieve content for {FOO}.
 from filebucket: Error 400 on SERVER: Invalid checksum .\n


2014-11-18 18:36 GMT+01:00 Josh Cooper j...@puppetlabs.com:



 On Tue, Nov 18, 2014 at 7:28 AM, jcbollinger john.bollin...@stjude.org
 wrote:



 On Monday, November 17, 2014 9:38:17 AM UTC-6, Felice Pizzurro wrote:

 Hi all,

 I'm simply tryng to push a file with content in template:

 file {'/tmp/test':
   ensure  = present,
   content = template('modulename/template_file.erb')
 }

 Template file contains a line like this:

 {FOO}.

 note final dot character. The file is correctly created but I have the
 following error during the filebucket

 Error: Could not retrieve content for {FOO}.
  from filebucket: Invalid checksum .\n
 Wrapped exception:
 Invalid checksum .\n

 If I delete this line or the final dot it works fine. I've also tryed to
 put the string in a variable but nothing...

 Any ideas?



 This sounds very strange, but your account of the problem is a bit
 fragmented and incomplete.  Can you provide a complete example that
 exhibits this problem?  For example, how about this:

 file {'/tmp/test':
   ensure  = present,
   content = '{FOO}.'
 }

 And on what version of Puppet are you experiencing this?


 John

  --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/7cadb6e3-6d6b-4637-a03b-67e7c63aaf48%40googlegroups.com
 https://groups.google.com/d/msgid/puppet-users/7cadb6e3-6d6b-4637-a03b-67e7c63aaf48%40googlegroups.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.


 I'm pretty sure puppet has a bug whereby it thinks content of the form
 {FOO} specifies a checksum whose algorithm is FOO, and then tries to
 retrieve a file whose checksum is FOO from the filebucket.

 See
 https://github.com/puppetlabs/puppet/blob/master/lib/puppet/type/file/content.rb#L50-L53

 Josh

 --
 Josh Cooper
 Developer, Puppet Labs

 *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
 http://2015.puppetconf.com.
 *Register early to save 40%!*

 --
 You received this message because you are subscribed to the Google Groups
 Puppet Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to puppet-users+unsubscr...@googlegroups.com.
 To view this discussion on the web visit
 https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukOo6k3-q-0QRbztbwvBxcqE%3Dt0Jx8vR9i%2BUY2kRFO__w%40mail.gmail.com
 https://groups.google.com/d/msgid/puppet-users/CA%2Bu97ukOo6k3-q-0QRbztbwvBxcqE%3Dt0Jx8vR9i%2BUY2kRFO__w%40mail.gmail.com?utm_medium=emailutm_source=footer
 .

 For more options, visit https://groups.google.com/d/optout.




-- 
Felice PizzurroSystem Administrator  felice.pizzu...@softecspa.it
felice.pizzu...@softecspa.it
*MOBILE* +39 335.5966705

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMWW97P75xgRd5i%2BLxaaNeSb0Zbx1NbLbxeapiRF3bo2mFLroQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: How best to use hiera for Java options? (with hash_merge)

2014-11-19 Thread Steven Post
Hi,

So if I understand correctly, I can use 'null' as a value, and it will be 
used instead of the value somewhere lower on the hierarchy?
If that is the case, my problem is solved (I think). Completely preventing 
the nonsensical stuff is not the goal here, but it should be possible in 
hiera to avoid it by being able to remove already set options.

I can indeed modify the consumer of data as well, but since this is already 
used in production, I need to be a bit careful with the changes I do.
I don't know if our setup already supports yaml 1.2, our hiera version 
currently is 1.3.1

I'll test this out and get back with my findings.

Regards,
Steven

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/4948a75b-4ebc-4fc4-a184-0c58ed6cf84e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] SSL Cert issues - Puppet Agent and Master on same host

2014-11-19 Thread kevin . masteller
Currently trying to get puppet, katello and foreman to play nicely. 
 Everything except puppet is working as I would expect.  

No matter what I try, whether it be blasting the /var/lib/puppet/ssl 
directory, running --clean (or whatever the commands are), or trying all 
the steps on the Puppet troubleshooting page, I always get the same 
messages---

[root@- ]# puppet agent -t
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve 
information from environment production source(s) my-puppet-svr
err: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find node 'my-puppet-svr'; cannot compile
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

[root@- puppet]# ./node.rb my-puppet-svr
Could not send facts to Foreman: SSL_connect returned=1 errno=0 state=SSLv3 
read server certificate B: certificate verify failed

Since the puppet agent and master are running on the same machine and using 
the same physical certificate files, I do not understand what the issue 
is

Any help is greatly appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host

2014-11-19 Thread Johan De Wit

On 18/11/14 22:26, kevin.mastel...@gmail.com wrote:
Currently trying to get puppet, katello and foreman to play nicely. 
 Everything except puppet is working as I would expect.


No matter what I try, whether it be blasting the /var/lib/puppet/ssl 
directory, running --clean (or whatever the commands are), or trying 
all the steps on the Puppet troubleshooting page, I always get the 
same messages---


[root@- ]# puppet agent -t
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Could not evaluate: Could not 
retrieve information from environment production source(s) my-puppet-svr
err: Could not retrieve catalog from remote server: Error 400 on 
SERVER: Could not find node 'my-puppet-svr'; cannot compile

warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

[root@- puppet]# ./node.rb my-puppet-svr
Could not send facts to Foreman: SSL_connect returned=1 errno=0 
state=SSLv3 read server certificate B: certificate verify failed


Since the puppet agent and master are running on the same machine and 
using the same physical certificate files, I do not understand what 
the issue is


Any help is greatly appreciated.

--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/d1477d4d-451a-45ae-bfb5-5bd3d8b8a2f6%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.

netstat -tupln | grep 8140 : is puppet master up and running and listening

iptables -L -n :  firewall settings correct

ping my-puppet-svr : name resolution working

Just checking the obvious stuff first ...



--
Johan De Wit

Open Source Consultant

Red Hat Certified Engineer  (805008667232363)
Puppet Certified Professional 2013/2014 (PCP006)
_
 
Open-Future Phone +32 (0)2/255 70 70

Zavelstraat 72  Fax   +32 (0)2/255 70 71
3071 KORTENBERG Mobile+32 (0)474/42 40 73
BELGIUM http://www.open-future.be
_
 



Next Events:
Puppet Introduction Course | 
http://www.open-future.be/puppet-introduction-course-10th-november
Puppet Fundamentals Training | 
http://www.open-future.be/puppet-fundamentals-training-12-till-14th-november
Zabbix Certified Training | 
http://www.open-future.be/zabbix-certified-specialist-training-17-till-19th-november
Zabbix Certified Professional | 
http://www.open-future.be/zabbix-certified-professional-training-20-till-21st-november
Subscribe to our newsletter | http://eepurl.com/BUG8H

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546C7DE1.2050708%40open-future.be.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] PuppetDB IPv4 problems

2014-11-19 Thread Jonathan Gazeley

Hi peeps,

I'm rebuilding my old PuppetDB box on a new system, which is on a 
v6-capable subnet. It has both IPv4 and IPv6 addresses. However, 
PuppetDB is only listening on v6, regardless of what I put in the jetty.ini.


If I set ssl-host = 0.0.0.0 it ends up listening on :::8081

If I set ssl-host = 192.168.0.1 it ends up listening on 
:::192.168.0.1:8081


This seems broken behaviour to me. For the time being, my Puppetmaster 
master can't communicate with PuppetDB because the Puppetmaster is v4-only.


Anyone got any tips for making PuppetDB listen on both v4 and v6 properly?

Thanks,
Jonathan

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546C8024.1080508%40bristol.ac.uk.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Talk proposals, Puppet Contributor Summit and more

2014-11-19 Thread Dawn Foster
I wanted to let everyone know about some upcoming events where we need
contributions from the Puppet community.

Do you contribute to Puppet core projects, Forge modules or other
Puppet community projects? If so, you should join us in Ghent, Belgium
on February 4 for the 3rd Puppet Contributor Summit:
http://contributorsummitfeb2015.eventbrite.com/

The Puppet Contributor Summit is being held the day after
ConfigManagmentCamp, which is right after FOSDEM. ConfigManagementCamp
has a Puppet room, and FOSDEM has a bunch of devrooms, including one
for configuration management and another for testing / automation. I'm
one of the organizers for both of the config management events, and
we're looking for Puppet talks along with other topics.
http://cfgmgmtcamp.eu/#contributions

If you can't travel to Belgium, you should join us for our online
#puppethack contributor event over IRC on December 4 or at one of our
regular pull request triage hangouts.
https://puppetlabs.com/community/contributor-events

We have Call for Proposals (CFPs) open for Puppet Camps in Portland,
Amsterdam, LA (SCALE), Phoenix, Denver, Austin, and Berlin (OSDC). I
would love to see more talk proposals:
https://puppetlabs.com/community/puppet-camp#2465

Beginner, intermediate or advanced:
* FOSDEM, ConfigManagementCamp, Puppet Contributor summit and
#puppethack are more for intermediate / advanced Puppet users. If
you've been using Puppet for a while or want to propose talks about
advanced topics, these are the events for you.
* Puppet Camps tend to have a lot of beginners in the audience, so
talks about getting started with some aspect of Puppet or other
beginner topics for talk proposals are encouraged! If you are a
beginner, you should attend a camp, and if you are a more intermediate
/ advanced user, submit a talk proposal.

More details about all of these topics can be found in my blog post:
https://puppetlabs.com/blog/speak-puppet-camp-attend-puppet-contributor-summit

Regards,
Dawn Foster
Director of Community
http://puppetlabs.com/community

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAPUeXZrC5SKxLN_0vZabcXbigZNimNHqX3SC-qb%3DP5_RERNTSw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] how to compare facts using variables in a text file

2014-11-19 Thread Felix Frank
Hi,

so the .txt file is on the agent?

Where is the fact from?

On 11/18/2014 02:36 PM, Spriya wrote:
 Hi,
 
 I have a requirement how to compare facts using variables which are in a
 txt file
 
 For example i have a facts
 java_known_weblogic_version1  1.7.0_72
 
 
 I have txt file javaversion.txt file
 1.7.0_72
 
 I want to comapare these files java_known_weblogic_version !=
 javaversion.txt   file?
 
 How can i do that
 
 Anyone please help me
 
 Thank you

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CA1B0.6050701%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] PuppetDB service not running

2014-11-19 Thread Felix Frank
Hi,

I'm not well versed with the tool, but it reads as though your store
limits are too high, or your disk too small.

HTH,
Felix

On 11/18/2014 03:54 PM, mike wrote:
 Hello Eveyone
 I've Puppet Server 3.7 running on Centos 6, i try install Puppetdb but
 when upload service inside the log i have the next error: 
 
 [..]
 2014-11-18 11:33:56,676 INFO  [o.a.k.j.Journal] ignoring zero length,
 partially initialised journal data file: db-1.log number = 1 , length = 0
 2014-11-18 11:33:56,779 WARN  [o.a.a.b.BrokerService] Store limit is
 10 mb, whilst the data directory:
 /var/lib/puppetdb/mq/localhost/KahaDB only has 31266 mb of usable space
 2014-11-18 11:33:56,779 ERROR [o.a.a.b.BrokerService] Temporary Store
 limit is 5 mb, whilst the temporary data directory:
 /var/lib/puppetdb/mq/localhost/tmp_storage only has 31266 mb of usable space
 2014-11-18 11:33:56,780 INFO  [c.p.p.c.services] Starting 1 command
 processor threads
 [..]
 
 And the puppetdb port (8081) isn't running
 
 Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CA211.6010404%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] File resource

2014-11-19 Thread Евгений Троицкий
Hi, colleagues!

Can I repeatedly use a one file resource in Windows in follow case?

   1. Check file resource with md5 from source disk.
   2. If it changed - stop application - replace .exe on destination -
   start application.
   3. If not - noop.

'Define' with 'realize' don't help me - duplicate resource. For Windows 7 I
had successfully used validate_cmd, but in Windows XP stdlib with
validate_cmd is not supported.

Resource in Windows 7:

file { $app1exe:
  source = ${app1source}\\${appname}.exe,
  ensure = present,
  require= Exec['map_source'],
  checksum   = md5,
  source_permissions = ignore,
  validate_cmd   = ${cmd} /c start taskkill /f /im ${appname}.exe,
  notify = Acl[$app1path],
}

How to redeclare file resource to use it in Windows XP?

-- 
Thanks,
Evgeniy Troitskiy

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAEhtUhb%3DFbO4_ULfk9%3DLzfTfOg8jomUoth%2BSDJ6uVOueS%2BzR3g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: PuppetDB service not running

2014-11-19 Thread Stefan Heijmans
Hi,
 
These 2 values (Store limit , Temporary Store limit) are specified in 
/etc/puppetdb/conf.d/config.ini
and matched against your local diskspace.
 
Q: should it be an ERROR of just a WARN like the 'Store Limit' message.
 
And the puppetdb port (8081) isn't running
There should be messages in the logfile before these, where the 
ServerConnector is started;
[p.t.s.w.jetty9-service] Initializing web server.
[p.t.s.w.jetty9-service] Starting web server.
[o.e.j.s.Server] jetty-9.1.z-SNAPSHOT
[o.e.j.s.ServerConnector] Started 
ServerConnector@322efcd0{HTTP/1.1}{localhost:8080}
[o.e.j.s.ServerConnector] Started 
ServerConnector@1da50aba{SSL-HTTP/1.1}{0.0.0.0:8081}
[c.p.p.c.services] PuppetDB version 2.2.2
[c.p.p.s.migrate] There are no pending migrations
 
Stefan
 

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0169b6da-63f9-4e73-8df2-60a3be0eb779%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: How best to use hiera for Java options? (with hash_merge)

2014-11-19 Thread jcbollinger


On Wednesday, November 19, 2014 3:55:15 AM UTC-6, Steven Post wrote:

 Hi,

 So if I understand correctly, I can use 'null' as a value, and it will be 
 used instead of the value somewhere lower on the hierarchy?



YAML 1.2 defines the (unquoted) token null to be a scalar value 
representing the same (no)thing as Ruby nil.  A YAML parser that doesn't 
doesn't understand that will take that token as a scalar representing the 
four-character string null. I don't happen to know which way Hiera goes, 
which might in fact vary with the underlying version of Ruby, but either 
way, null is a value of some kind.

When you perform a deeper hash merge you should find that corresponding 
hashes at different levels of your data hierarchy are merged, where 
corresponding is defined with respect to nested hashes according to the 
chain of keys required to drill down through the data to each hash.  In 
such a merge, you should find that the (key, value) pairs from the 
higher-priority level are retained, and where the hash from the 
lower-priority level has keys that do not appear in the higher level hash, 
those keys and their associated values end up in the merged result.

 

 If that is the case, my problem is solved (I think). Completely preventing 
 the nonsensical stuff is not the goal here, but it should be possible in 
 hiera to avoid it by being able to remove already set options.



Hash merging always results in a hash whose key set is the union of the key 
sets of the merged hashes.  The value associated with each key is the 
question, and with hiera the questions are

   1. Whether nested hashes are merged at all (vs. hashes appearing as 
   values in higher-priority levels completely replacing lower-level values), 
   and
   2. If nested hashes are merged, which value appears in the result for 
   keys that appear in both original hashes.
   
At this time, those questions can be answered only globally in the Hiera 
configuration or, to some extent on a whole-lookup basis via explicit 
lookup functions (hiera() vs hiera_hash()).  That is a recognized flaw in 
Hiera, in that the appropriate form of lookup is (should be) a 
characteristic of the data, not of the query.  With that said, I don't 
think YAML is not a particularly good vehicle for expressing data that must 
carry such fine distinctions, so I suspect that the current limitations 
will be with us for a long time.

 

 I can indeed modify the consumer of data as well, but since this is 
 already used in production, I need to be a bit careful with the changes I 
 do.
 I don't know if our setup already supports yaml 1.2, our hiera version 
 currently is 1.3.1



You're missing my point there, I think: if you modify the form of the data, 
then almost surely you *must* modify the data consumer.  How else will it 
know what to do with your modified data structure?

 


 I'll test this out and get back with my findings.



I look forward to hearing how it turns out.


John

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/74aed43c-159c-4903-83ff-efc3fbbbc20d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host

2014-11-19 Thread kevin . masteller


On Wednesday, November 19, 2014 6:24:28 AM UTC-5, Johan De Wit wrote:

  

  netstat -tupln | grep 8140 : is puppet master up and running and listening

 iptables -L -n :  firewall settings correct 

 ping my-puppet-svr : name resolution working

 Just checking the obvious stuff first ...



[root@e-imgsrv puppet]# netstat -tulpn | grep 8140
tcp0  0 0.0.0.0:81400.0.0.0:*   
LISTEN  48905/ruby 

Don't have any firewall settings as network is unreachable from outside, 
but
[root@e-imgsrv puppet]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source   destination 

Chain FORWARD (policy ACCEPT)
target prot opt source   destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

PING e-imgsrv.ufhpc (172.16.168.80) 56(84) bytes of data.
64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=1 ttl=64 time=0.016 
ms
64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=2 ttl=64 time=0.020 
ms

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dc71c782-7921-4cd7-9a40-40c65040fdad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] SSL Cert issues - Puppet Agent and Master on same host

2014-11-19 Thread kevin . masteller
[root@e-imgsrv puppet]# netstat -tulpn | grep 8140
tcp0  0 0.0.0.0:81400.0.0.0:*   
LISTEN  48905/ruby 

Don't have any firewall settings as network is unreachable from outside, 
but
[root@e-imgsrv puppet]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source   destination 

Chain FORWARD (policy ACCEPT)
target prot opt source   destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

PING e-imgsrv.ufhpc (172.16.168.80) 56(84) bytes of data.
64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=1 ttl=64 time=0.016 
ms
64 bytes from e-imgsrv.ufhpc (172.16.168.80): icmp_seq=2 ttl=64 time=0.020 
ms

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ab6747f7-ec3b-4a9a-ac8e-ed6cac5fafba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Re: How best to use hiera for Java options? (with hash_merge)

2014-11-19 Thread Steven Post
Hi,

My problem is solved now, I'll see if I can change the topic title to 
reflect that.

The final solution looks like this:
jboss_application::app_version::jvm_defaults:
  additional_java_opts:
useconcmarksweepgc: '-XX:+UseConcMarkSweepGC'
newratio: '-XX:NewRatio=2'
cmsclassunloadingenabled: '-XX:+CMSClassUnloadingEnabled'
onoutofmemoryerror: '-XX:OnOutOfMemoryError=''kill -9 %p'''
heapdumponoutofmemoryerror: '-XX:+HeapDumpOnOutOfMemoryError'

I know it looks a bit like some kind of 'Frankenstein' solution, but it 
does the job.
Setting a value to 'null' causes the value from the same key (if present) 
from the next step in the hierarchy to be used, so that is not very useful.
However this is overcome by using 'false' as a boolean value (so no quotes) 
and checking that in the template like this:
%- if @additional_java_opts and ! @additional_java_opts.empty? -%
  %- @additional_java_opts.keys.sort.each do |key| -%
%- if @additional_java_opts[key] -%
  %- %JAVA_OPTS=$JAVA_OPTS %= @additional_java_opts[key] %
%- end -%
  %- end -%
%- end -%

This does not prevent anything weird occurring when someone makes a typo in 
a key, but at least I can be really specific in my configurations and don't 
need to alter the template or manifest for every possible option of the JVM.
The 'sort' is needed because the order of the hash entries is not 
predetermined in Ruby 1.8 (it is in Ruby 1.9).

 That is a recognized flaw in Hiera, in that the appropriate form of 
lookup is (should be) a characteristic of the data, not of the query.

Very true, for this reason I already use a (ugly) work-around in this case: 
https://www.2realities.com/blog/2014/07/05/puppet-hiera-hash-merge-and-automatic-parameter-lookup/

 You're missing my point there, I think: if you modify the form of the 
data, then almost surely you *must* modify the data consumer.

I was merely pointing out I need to be careful when I change it, not that I 
can ignore it.

Thanks for your insights.

Regards,
Steven

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/7ce70473-5820-4dbd-b22a-c1f86dad198b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] how to compare facts using variables in a text file

2014-11-19 Thread Spriya
Hi,

Yes .txt can be on agent.

The fact is already displayed on agent

Let me know

On Wednesday, November 19, 2014 8:57:17 AM UTC-5, Felix.Frank wrote:

 Hi, 

 so the .txt file is on the agent? 

 Where is the fact from? 

 On 11/18/2014 02:36 PM, Spriya wrote: 
  Hi, 
  
  I have a requirement how to compare facts using variables which are in a 
  txt file 
  
  For example i have a facts 
  java_known_weblogic_version11.7.0_72 
  
  
  I have txt file javaversion.txt file 
  1.7.0_72 
  
  I want to comapare these files java_known_weblogic_version != 
  javaversion.txt   file? 
  
  How can i do that 
  
  Anyone please help me 
  
  Thank you 



-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/65a00b97-982c-4de7-af48-39f0839095c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] PuppetDB service not running

2014-11-19 Thread Wyatt Alt
These errors are red herrings as far as PDB not running is concerned. 
You can make them go away by changing the temp-usage and store-usage in 
the command-processing section of your config file to limit ActiveMQ to 
a space less than the size of your disk.


https://docs.puppetlabs.com/puppetdb/latest/configure.html#store-usage

As far as PuppetDB not running, maybe you can provide more information? 
Have you tried restarting the service?


Wyatt

On 11/18/14 6:54 AM, mike wrote:

Hello Eveyone
I've Puppet Server 3.7 running on Centos 6, i try install Puppetdb but 
when upload service inside the log i have the next error:


[..]
2014-11-18 11:33:56,676 INFO  [o.a.k.j.Journal] ignoring zero length, 
partially initialised journal data file: db-1.log number = 1 , length = 0
2014-11-18 11:33:56,779 WARN  [o.a.a.b.BrokerService] Store limit is 
10 mb, whilst the data directory: 
/var/lib/puppetdb/mq/localhost/KahaDB only has 31266 mb of usable space
2014-11-18 11:33:56,779 ERROR [o.a.a.b.BrokerService] Temporary Store 
limit is 5 mb, whilst the temporary data directory: 
/var/lib/puppetdb/mq/localhost/tmp_storage only has 31266 mb of usable 
space
2014-11-18 11:33:56,780 INFO  [c.p.p.c.services] Starting 1 command 
processor threads

[..]

And the puppetdb port (8081) isn't running

Thanks.
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/25d53d3e-960e-4c8d-a5a3-51898be7b72c%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/25d53d3e-960e-4c8d-a5a3-51898be7b72c%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CCA4A.9090600%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] workarounds for ruby segfaults on puppet master

2014-11-19 Thread Tim Mooney


All-

For those of you that are using puppet on RHEL 6.x (/CentOS/Oracle
Linux/Scientific Linux/etc.) and have experienced ruby segfaults on
your puppet master(s), what workaround or workarounds have you been
using?

We have been using puppet 3.4.2 (from Puppet Labs repos) for some time,
with a RHEL 6.x puppetmaster under mod_passenger.  RHEL 6.x currently
has ruby 1.8.7 patchlevel 374 as its default ruby version.

In the past couple weeks we've started to see a couple of different
clients that are triggering segfaults in ruby on the master during a
puppet agent run.  Examples include:

/usr/lib/ruby/site_ruby/1.8/puppet/util/profiler.rb:30: [BUG] Segmentation
fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

/usr/lib/ruby/site_ruby/1.8/puppet/parser/type_loader.rb:110: [BUG] 
Segmentation fault ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]

Web searches related to this issue turned up a thread from puppet-users
earlier this year started by treydock:

https://groups.google.com/forum/#!topic/puppet-users/qWN6j-eNiZ0

Unfortunately, I've tried a lot of the workarounds suggested in that
thread, and none of them seem to reliably avoid the problem.

- I tried back-porting the small patch from PUP-1592 to our 3.4.2
  puppet master.  No luck.

- Yesterday, I bit the bullet and upgraded our entire puppet
  infrastructure from 3.4.2 to 3.7.3.  We still see the same
  segfaults on the master, both under mod_passenger and when
  running the master in standalone mode for testing.

Since RHEL 6.x has alternate versions of some packages (including ruby)
available via its Software Collections Library (SCL), I'm tempted to
try switching our puppet master to use the ruby193-* packages from
SCL.  A minor downside is that I won't be able to use the Puppet Labs packages
anymore, at least on the master.

The big concern I have relates to how advisable it is to use a different
version of ruby on the master vs. all of the clients?  Have other RHEL
users tried this, with any success?

Thanks,

Tim
--
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing  Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/alpine.SOC.2.11.1411191037010.18829%40dogbert.cc.ndsu.NoDak.edu.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] Beaker 2.0 to deprecate support for Ruby 1.8

2014-11-19 Thread Alice Nodelman
The merge of beaker PR 536 (https://github.com/puppetlabs/beaker/pull/536) 
will end beaker's support of Ruby 1.8.  The change will be effective with 
the planned release of beaker 2.0 in the next two weeks.

For most beaker users this will have no effect on their daily workflow.  
For those who have dependencies that rely upon Ruby 1.8 you will want to 
first pin to beaker 1.x and then repair/upgrade the gems in question as the 
1.x beaker line will not be maintained.

For beaker-rspec users the deprecation will take effect in the next month 
under beaker-rspec 3.0.  Again, pin to beaker-rspec 2.x line if you are 
currently unable to drop Ruby 1.8 in your workflow.

Thanks!

alice@puppetlabs

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0a2dfe5a-79de-4a12-b0c1-335f1ce8b033%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] PuppetDB errors

2014-11-19 Thread Wyatt Alt

Hey Paul,

That's some kind of DB corruption. Shouldn't be happening. Do you have 
any sense of when this started or whether it was tied to a recent 
upgrade? Is there a stacktrace in your logs that you could gist? Does it 
happen on every agent run or only occasionally? Is it always the same 
path_id like in the other ticket?


Also would you mind reporting the output of this?

select * from facts where fact_value_id in (50319,22128);

Wyatt
On 11/19/14 12:15 AM, Paul Seymour wrote:

Hello,

Getting a couple of errors thrown with PuppetDB

2014-11-19 08:03:49,120 ERROR [c.p.p.command] 
[22329b48-7c20-4ec4-beb2-15cd02e11bff] [replace facts] Retrying after 
attempt 8, due to: org.postgresql.util.PSQLException: ERROR: update or 
delete on table fact_paths violates foreign key constraint 
fact_values_path_id_fk on table fact_values

  Detail: Key (id)=(512) is still referenced from table fact_values.
org.postgresql.util.PSQLException: ERROR: update or delete on table 
fact_paths violates foreign key constraint fact_values_path_id_fk 
on table fact_values

  Detail: Key (id)=(512) is still referenced from table fact_values.


Which is similar to PDB-1031 albeit with a different fact (ours is a 
custom one not _timestamp).


puppetdb=# select * from fact_paths where id = 512;
 id  | value_type_id | depth |  name  |   
   path

-+---+---++
 512 | 0 | 0 | XX_ethernet_eth0_intralink_unit_id 
| XX_ethernet_eth0_intralink_unit_id

(1 row)

puppetdb=# select * from fact_values where path_id = 512;
  id   | path_id | value_type_id |  value_hash| 
value_integer | value_float | value_string | value_boolean | value_json

---+-+---+--+---+-+--+---+
 50319 | 512 | 0 | 
80e54cb487aed67b98d7dc92feaac988bf95bcc7 |   |   | 
107827   |   |
 22128 | 512 | 0 | 
47e3876c8d334accbeb827775e728643581bbb83 |   |   | 
107292   |   |


Is it just noise or something to be concerned about ? This is with 
v2.2.1 and PostGres 9.3.5


Thanks
Paul
--
You received this message because you are subscribed to the Google 
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/08bf4cb9-6c80-489d-a0ef-26627f395f5e%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/08bf4cb9-6c80-489d-a0ef-26627f395f5e%40googlegroups.com?utm_medium=emailutm_source=footer.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CD9C0.2050308%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] basic hiera question

2014-11-19 Thread Craig White
getting very frustrated and have covered the 7 or so pages on puppet's 
documentation on hiera several times.

# cat hiera.yaml
---
:backends:
  - yaml
:hierarchy:
  - defaults
  - %{clientcert}
  - %{environment}
  - global
  - common
  - ldap
:yaml:
  :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
  rootdn: cn=admin,dc=wl,dc=com
  rootpw: mySuperSecretPassword
  dn: dc=wl,dc=com
  directory: /var/lib/ldap

# hiera ldap
{rootdn=cn=admin,dc=wl,dc=com,
 rootpw=mySuperSecretPassword,
 dn=dc=wl,dc=com,
 directory=/var/lib/ldap}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

  $rootpw = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: 
Could not find data item ldap::rootpw in any Hiera data file and no default 
supplied at /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node 
$obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c07cb7bf-3aa3-4757-a900-da3bc05021d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] basic hiera question

2014-11-19 Thread Ramin K

On 11/19/14 10:42 AM, Craig White wrote:

getting very frustrated and have covered the 7 or so pages on puppet's
documentation on hiera several times.

# cat hiera.yaml
---
:backends:
   - yaml
:hierarchy:
   - defaults
   - %{clientcert}
   - %{environment}
   - global
   - common
   - ldap
:yaml:
   :datadir: /etc/puppetlabs/puppet/hieradata

# cat hieradata/ldap.yaml
---
ldap:
   rootdn: cn=admin,dc=wl,dc=com
   rootpw: mySuperSecretPassword
   dn: dc=wl,dc=com
   directory: /var/lib/ldap

# hiera ldap
{rootdn=cn=admin,dc=wl,dc=com,
  rootpw=mySuperSecretPassword,
  dn=dc=wl,dc=com,
  directory=/var/lib/ldap}

# head -n 5 modules/wl/manifests/config.pp
# script to setup OpenLDAP

class wl::config () inherits wl {

   $rootpw = hiera('ldap::rootpw')

but unfortunately...

# puppet agent --test --debug
results in the error...
Error: Could not retrieve catalog from remote server: Error 400 on
SERVER: Could not find data item ldap::rootpw in any Hiera data file and
no default supplied at
/etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node $obscured
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

what am I doing wrong?


1. Your hierarchy isn't. You can call it common, global, default, or 
whatever else but you only get one and it goes at the bottom. If it's 
not at the bottom, it's not common, default or global. Clientcert goes 
at the top because it's the most specific.


:hierarchy:
  - %{clientcert}
  - %{environment}
  - common

https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/

2. You're using a hash as your data. If you want to query for key 
ldap::rootpw, it'll look like the following.


ldap::rootdn:'cn=admin,dc=wl,dc=com'
ldap::rootpw:'mySuperSecretPassword'
ldap::dn:'dc=wl,dc=com'
ldap::directory: '/var/lib/ldap'

Note this has nothing to do with hiera_hash or hiera_array. 
http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/


3. You're not using hiera-eyaml. Don't put clear txt passwords in your 
yaml files, use hiera-eyaml instead. It's really nice.


https://github.com/TomPoulton/hiera-eyaml

Ramin

--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546CE7AF.7030201%40badapple.net.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] troubleshooting constraint violations in puppetdb?

2014-11-19 Thread Christopher Wood
(Following up to my own OP to complete the saga after much help from Ryan 
Senior. I'm replying here instead of to the end of the other thread branch so 
this will be more obvious in later searches. Warning, long and often ignorant.)

The problem might have been caused by factors external to puppetdb (kill -9 
from chaos monkey). This isn't very supported by evidence but it's better than 
most notions.

My solution was ultimately to drop the puppetdb database and recreate it 
(puppetized puppetdb host). I was fortunate to not care about the data save for 
how the latest agent run went and that would be repopulated soon enough. The 
procedure:

a) on the puppetdb host

su - postgres
psql
drop database puppetdb

b) on the puppetmaster host, scrub puppetdb integration so that the agent run 
won't choke

unalias rm
rm -f /etc/monit.d/puppet*
monit reload
/etc/init.d/puppet stop
/etc/init.d/httpd stop
rm /etc/puppet/puppetdb.conf
rm /etc/puppet/routes.yaml

From /etc/puppet/puppetmaster.conf (I use this in preference to puppet.conf 
for everything), remove the following settings from the master section of the 
file:

storeconfigs
storeconfigs_backend
reports

/etc/init.d/httpd start

c) on the puppetdb host, enforce the config including postgres createdb etc.

/etc/init.d/puppet restart

d) on the puppetmaster host, put things back how they should be

/etc/init.d/puppet restart


We didn't find direct evidence of what happened, but we came close. If this 
happens to me again I will apply the following to investigate:

The json in /var/lib/puppetdb/mq/discarded/replace-catalog has the name of the 
server causing the issue. For me this is serialized right near the end of the 
json line before the transaction uuid. In my case it was only one host for all 
failures which narrowed it down.

name:server.me.com,transaction-uuid:b97fa362-d7ed-499b-a3ac-3c558583f396

https://docs.puppetlabs.com/puppetdb/2.2/api/wire_format/catalog_format_v5.html

Checking the database schema, it looked like puppetdb was trying to insert an 
identical resourcehash+name.

puppetdb=# \d resource_params;
Table public.resource_params
  Column  | Type  | Modifiers 
--+---+---
 resource | character varying(40) | not null
 name | text  | not null
 value| text  | not null
Indexes:
resource_params_pkey PRIMARY KEY, btree (resource, name)
idx_resources_params_name btree (name)
idx_resources_params_resource btree (resource)
Foreign-key constraints:
resource_params_resource_fkey FOREIGN KEY (resource) REFERENCES 
resource_params_cache(resource) ON DELETE CASCADE

I cranked up logging by modifying /etc/puppetdb/logback.xml to change 
com.puppetlabs.puppetdb.scf.storage to debug, which was about as informative.

https://docs.puppetlabs.com/puppetdb/latest/configure.html#the-logback-logging-config-file

If I was able to squeeze more time out of my day I might have tried to hash all 
the resources in a catalog by myself and see which one was causing the failure, 
but I really had to get back to things.

This puppetdb host was previously running 1.6.3 and a random kill-9 sort of 
chaos monkey, so it's certainly possible that a puppetdb catalog replacement 
was destroyed halfway through and we had stale data left over. I stopped the 
chaos monkey from running on our puppet infrastructure hosts since we were way 
beyond knowing that services would be put back up after dying.

I thought that 'puppet node deactivate server.me.com' on the puppetmaster might 
help, but it didn't. That sounded like the resources were disassociated with 
the data about the hostname but it's not like I understand what's going on 
under the hood.

https://docs.puppetlabs.com/puppetdb/latest/maintain_and_tune.html

Per Ryan Senior this was the first time they've seen this sort of thing, so I'm 
favouring a theory where an interaction between the different sql commits from 
puppetdb, the chaos monkey, and some resource or another went a bit wrong and 
left stale data behind.

On Tue, Nov 11, 2014 at 09:13:21AM -0500, Christopher Wood wrote:
 Do any of you have troubleshooting tips for the puppetdb error log message 
 about violating database constraints? How would I tell which constraint and 
 which resource, short of logging all sql queries?
 
 2014-11-11 08:29:34,814 ERROR [c.p.p.command] 
 [6133d0c4-3350-4567-abb0-476980a9616e] [replace catalog] Retrying after 
 attempt 4, due to: org.postgresql.util.PSQLException: ERROR: duplicate key 
 value violates unique constraint resource_params_pkey
 
 The full error: https://gist.github.com/anonymous/3a169a2b9380196983c6
 
 
 More details...
 
 Per our logs, we've been seeing this with puppetdb 1.6.3 and 2.2.2.
 
 So far I've tried, with little success:
 
 -raising the storage log level to debug
 -digging through /var/log/puppetdb/puppetdb.log before/after debug; couldn't 
 see a pattern
 -stop puppetdb, purge files under 

Re: [Puppet Users] basic hiera question

2014-11-19 Thread Craig White
awesome - thanks

On Wednesday, November 19, 2014 11:55:51 AM UTC-7, Ramin K wrote:

 On 11/19/14 10:42 AM, Craig White wrote: 
  getting very frustrated and have covered the 7 or so pages on puppet's 
  documentation on hiera several times. 
  
  # cat hiera.yaml 
  --- 
  :backends: 
 - yaml 
  :hierarchy: 
 - defaults 
 - %{clientcert} 
 - %{environment} 
 - global 
 - common 
 - ldap 
  :yaml: 
 :datadir: /etc/puppetlabs/puppet/hieradata 
  
  # cat hieradata/ldap.yaml 
  --- 
  ldap: 
 rootdn: cn=admin,dc=wl,dc=com 
 rootpw: mySuperSecretPassword 
 dn: dc=wl,dc=com 
 directory: /var/lib/ldap 
  
  # hiera ldap 
  {rootdn=cn=admin,dc=wl,dc=com, 
rootpw=mySuperSecretPassword, 
dn=dc=wl,dc=com, 
directory=/var/lib/ldap} 
  
  # head -n 5 modules/wl/manifests/config.pp 
  # script to setup OpenLDAP 
  
  class wl::config () inherits wl { 
  
 $rootpw = hiera('ldap::rootpw') 
  
  but unfortunately... 
  
  # puppet agent --test --debug 
  results in the error... 
  Error: Could not retrieve catalog from remote server: Error 400 on 
  SERVER: Could not find data item ldap::rootpw in any Hiera data file and 
  no default supplied at 
  /etc/puppetlabs/puppet/modules/wl/manifests/config.pp:5 on node 
 $obscured 
  Warning: Not using cache on failed catalog 
  Error: Could not retrieve catalog; skipping run 
  
  what am I doing wrong? 

 1. Your hierarchy isn't. You can call it common, global, default, or 
 whatever else but you only get one and it goes at the bottom. If it's 
 not at the bottom, it's not common, default or global. Clientcert goes 
 at the top because it's the most specific. 

 :hierarchy: 
- %{clientcert} 
- %{environment} 
- common 


 https://ask.puppetlabs.com/question/3146/how-to-build-a-proper-hiera-hierarchy/
  

 2. You're using a hash as your data. If you want to query for key 
 ldap::rootpw, it'll look like the following. 

 ldap::rootdn:'cn=admin,dc=wl,dc=com' 
 ldap::rootpw:'mySuperSecretPassword' 
 ldap::dn:'dc=wl,dc=com' 
 ldap::directory: '/var/lib/ldap' 

 Note this has nothing to do with hiera_hash or hiera_array. 

 http://ask.puppetlabs.com/question/13592/when-to-use-hiera-hiera_array-and-hiera_hash/
  

 3. You're not using hiera-eyaml. Don't put clear txt passwords in your 
 yaml files, use hiera-eyaml instead. It's really nice. 

 https://github.com/TomPoulton/hiera-eyaml 

 Ramin 


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/fa294a8b-516c-452b-bd57-cdbf12bbe216%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] autosign with --allow-dns-alt-names

2014-11-19 Thread Dejan Golja
All,

I was wondering if it's possible to change the autosign behavior that it 
will allow to autosign certs with alternative DNS entries. Currently the 
problem is if an auto scaling events create another master the autosign on 
CA will fail, because it has alternative DNS entries. 

We also tried to use an external autosign script, but the result is the 
same.

I understand that's a potential security risk, but we have other measures 
in place to make it safe. Alternatively we could embed the presigned certs 
in the cloud init process, but we would like to avoid that.

thank you,
Dejan


-- 
You received this message because you are subscribed to the Google Groups 
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b19b3c8a-53f4-46b3-bc17-65f6900ac515%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] how to compare facts using variables in a text file

2014-11-19 Thread Ashish Jaiswal

Hi,

Just a quick hack.

!-- HTML generated using hilite.me --div style=background: #ff; 
overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em 
.8em;padding:.2em .6em;pre style=margin: 0; line-height: 125% 
javaversion.rb
span style=color: #00require/span span style=color: 
#aa5500#39;facter#39;/span


span style=color: #aaFacter/span.add(span style=color: 
#aa:is_javaversion/span) span style=color: #aado/span

setcode span style=color: #aado/span
a = span style=color: 
#aaFile/span.readlines(span style=color: 
#aa5500#39;javaversion.txt#39;/span).map { |x| x.chomp }.join
span style=color: #aaif/span span style=color: 
#aaFacter/span.value(span style=color: 
#aa:java_known_weblogic_version1/span) == a

span style=color: #aatrue/span
span style=color: #aaelse/span
span style=color: #aafalse/span
span style=color: #aaend/span
span style=color: #aaend/span
span style=color: #aaend/span
/pre/div

On Wednesday 19 November 2014 10:06 PM, Spriya wrote:

Hi,

Yes .txt can be on agent.

The fact is already displayed on agent

Let me know

On Wednesday, November 19, 2014 8:57:17 AM UTC-5, Felix.Frank wrote:

Hi,



so the .txt file is on the agent?



Where is the fact from?



On 11/18/2014 02:36 PM, Spriya wrote:

 Hi,



 I have a requirement how to compare facts using variables which
are in a

 txt file



 For example i have a facts

 java_known_weblogic_version1   1.7.0_72





 I have txt file javaversion.txt file

 1.7.0_72



 I want to comapare these files java_known_weblogic_version !=

 javaversion.txt   file?



 How can i do that



 Anyone please help me



 Thank you







--

You received this message because you are subscribed to the Google 
Groups Puppet Users group.


To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.


To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/65a00b97-982c-4de7-af48-39f0839095c8%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/65a00b97-982c-4de7-af48-39f0839095c8%40googlegroups.com?utm_medium=emailutm_source=footer.


For more options, visit https://groups.google.com/d/optout.







--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546D6AFC.80906%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [Puppet Users] how to compare facts using variables in a text file

2014-11-19 Thread Ashish Jaiswal

Sorry,

Was trying something..

A clear snippet.

require 'facter'

Facter.add(:is_javaversion) do
setcode do
a = File.readlines('javaversion.txt').map { |x| x.chomp }.join
if Facter.value(:java_known_weblogic_version1) == a
true
else
false
end
end
end
On Thursday 20 November 2014 09:45 AM, Ashish Jaiswal wrote:

Hi,

Just a quick hack.

!-- HTML generated using hilite.me --div style=background: 
#ff; overflow:auto;width:auto;border:solid gray;border-width:.1em 
.1em .1em .8em;padding:.2em .6em;pre style=margin: 0; line-height: 
125% javaversion.rb
span style=color: #00require/span span style=color: 
#aa5500#39;facter#39;/span


span style=color: #aaFacter/span.add(span style=color: 
#aa:is_javaversion/span) span style=color: #aado/span

setcode span style=color: #aado/span
a = span style=color: 
#aaFile/span.readlines(span style=color: 
#aa5500#39;javaversion.txt#39;/span).map { |x| x.chomp }.join
span style=color: #aaif/span span style=color: 
#aaFacter/span.value(span style=color: 
#aa:java_known_weblogic_version1/span) == a

span style=color: #aatrue/span
span style=color: #aaelse/span
span style=color: #aafalse/span
span style=color: #aaend/span
span style=color: #aaend/span
span style=color: #aaend/span
/pre/div

On Wednesday 19 November 2014 10:06 PM, Spriya wrote:

Hi,

Yes .txt can be on agent.

The fact is already displayed on agent

Let me know

On Wednesday, November 19, 2014 8:57:17 AM UTC-5, Felix.Frank wrote:

Hi,



so the .txt file is on the agent?



Where is the fact from?



On 11/18/2014 02:36 PM, Spriya wrote:

 Hi,



 I have a requirement how to compare facts using variables which
are in a

 txt file



 For example i have a facts

 java_known_weblogic_version1   1.7.0_72





 I have txt file javaversion.txt file

 1.7.0_72



 I want to comapare these files java_known_weblogic_version !=

 javaversion.txt   file?



 How can i do that



 Anyone please help me



 Thank you







--

You received this message because you are subscribed to the Google 
Groups Puppet Users group.


To unsubscribe from this group and stop receiving emails from it, 
send an email to puppet-users+unsubscr...@googlegroups.com 
mailto:puppet-users+unsubscr...@googlegroups.com.


To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/65a00b97-982c-4de7-af48-39f0839095c8%40googlegroups.com 
https://groups.google.com/d/msgid/puppet-users/65a00b97-982c-4de7-af48-39f0839095c8%40googlegroups.com?utm_medium=emailutm_source=footer.


For more options, visit https://groups.google.com/d/optout.









--
You received this message because you are subscribed to the Google Groups Puppet 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/546D6B6A.1050707%40gmail.com.
For more options, visit https://groups.google.com/d/optout.