[Puppet Users] Re: Bootstrap puppet client

[aries]

Hi Joseph:

Thanks your help.  

I have a question about the command.
Who is executing the command ? Puppet server or client ?

I need execute some Puppet tools from server.  It can login client and do 
some script.  (client is only OS and SSH)
The Chef knife tools can do.

Thanks
Aries

aries於 2015年2月3日星期二 UTC+8下午5時50分06秒寫道：
>
> Hi ~
>
> I use chef knife bootstrap a new chef client. It use ssh method to login 
> my client and run script to do any thing.
>
> # sudo knife bootstrap $CLIENT_IP -x $USER_NAME -P $PASSWORD -d $ERB_FILE
>
>
> Is there like tools for puppet ?
>
> thanks
>
> Aries
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/be07cc95-df74-43a9-be3d-1ff754dbf46e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet cron help

[keith . staley]

On Monday, February 2, 2015 at 5:55:58 PM UTC-5, bluethundr wrote:
>
> Hey all,
>
> I'm attempting to setup a cron job via the cron resource in puppet. 
>
> This is what I'm trying to express via puppet:
>
> */30 * * * * /usr/bin/facter -y > /etc/mcollective/facts.yaml
>
> This is what I've tried:
>
> cron { "facts-cron":
>command => "/usr/bin/facter -y > /etc/mcollective/facts.yaml",
>user=> 'root',
>hour=> 0,
>minute  => '0/30'
>}
>
> And this is the error I'm getting:
>
> Error: Failed to apply catalog: Parameter minute failed on 
> Cron[facts-cron]: 0/30 is not a valid minute at 
> /etc/puppet/environments/production/modules/mcollective/manifests/config.pp:18
> Wrapped exception:
> 0/30 is not a valid minute
>
> What's the best way to ask for a cron job to run every 30 minutes in 
> pupppet-ese?
>
> Thank you,
> Tim
>
> -- 
> GPG me!!
>
> gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
>



You can also try this:

https://groups.google.com/forum/#!topic/puppet-users/PZMv4hGpKiM


 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/cea5b350-c2bd-4575-86bb-8eb5111aed4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Augeas and grub.conf

[Paul Greenbank]

Hi You can try setm - I'm not expert but have managed to use setm to do 
what you need:

# Enable audit prior to daemon
augeas { 'set_audit':
incl=> '/boot/grub/grub.conf',
lens=> 'grub.lns',
changes => [
'setm title[*]/kernel/ audit 1',
],
}

and

# Ensure selinux=1 and enforcing=1 are set in grub.conf
augeas{ "grub-set-kernel-selinux":
incl=> "/etc/grub.conf",
lens=> "grub.lns",
changes => [
"setm title[*]/kernel/ selinux 1",
"setm title[*]/kernel/ enforcing 1",
],
}

On Thursday, 15 July 2010 09:23:21 UTC+12, Erinn Looney-Triggs wrote:
>
> I hope that the answer to this isn't posted up somewhere else, I have
> looked around and I haven't found much of anything, augeas documentation
> seems to be thin. Is there even full documentation for all the augeas
> function and language syntax? What I am trying to do is edit the
> grub.conf file and modify some parameters for each kernel line, remove
> rhgb, add audit = 1. I would like for this to happen on all kernels
> listed in /etc/grub.conf, so for audit I have:
>
> #Set audit=1 for grub.conf
> augeas {"kernel_audit":
> context => "/files/etc/grub.conf",
> changes => "set title[*]/kernel/audit 1",
> onlyif  => "get title[*]/kernel/audit != 1",
> }
>
> This suprisingly works, but only for the first entry in grub.conf I say
> surprisingly because running the set  command via augtool fails, so this
> behaviour is a bit different for the ruby bindings. Does anyone with
> some wicked augeas skill know how to express what I am trying to express
> here? Is it even possible?
>
> Second problem, rhgb. This is an empty node, as in it comes back rhgb =
> (none) in augtool, I am trying to write an onlyif rule but how do you
> match none?
>
> #Remove rhgb from kernel lines if it exists
> augeas {"kernel_rhgb":
> context => "/files/etc/grub.conf",
> changes => "remove title[*]/kernel/rhgb",
> onlyif  => "match title[1]/kernel/rhgb == ['none']",
> }
>
> Now again I would really like it to match all, and remove from all,
> removal from all seems to work, but the match, as I said, fails. I have
> tried a lot of variants to the point where I don't think it is a text
> match, but I am not sure how to match it. Again I am just getting
> started with this stuff, my apologies if the answer is glaringly
> obvious, but please at least point me in the right direction.
>
> -Erinn
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b797788a-169d-458a-8544-916e8966a6aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] size of fileserver files?

[Christopher Wood]

On Tue, Feb 03, 2015 at 04:59:01PM -0500, Trevor Vaughan wrote:
>Hi Chris,
> 
>It definitely works but I would not use it for large files due to the
>serialization/deserialization overhead issues, that it will checksum the
>file at each run, and that it will transfer the entire file should the
>transfer need to occur.

Yes and yes, and another really important feature: any resource change is 
recorded and that record is added to the report that is sent to puppetdb.

>I would recommend using something like rsync or creating a native package
>for your operating system and using the 'package' resource as the best way
>to get the files onto the system.

In any other situation I would agree with you about rsync and packages. 
Unfortunately there are interdepartmental issues about holes in firewalls and 
ssh keys and rsync daemons; I need to fight different battles right now. Every 
server that will obtain the files via file resources already has puppetmaster 
access. Also, a package resource doesn't monitor whether each individual file 
in the package has been manually replaced and automagically fix that.

(These would probably sound more reassuring if I explained them in business 
jargon, ahem.)

>Thanks,
> 
>Trevor
>On Tue, Feb 3, 2015 at 1:33 PM, Christopher Wood
><[1]christopher_w...@pobox.com> wrote:
> 
>  I've read through [2]tickets.puppetlabs.com bug reports and can't find
>  anything, asking here before I go down that road.
> 
>  Have any of you had trouble with large files served from the
>  puppetmaster fileserver? If you had any issues how big were the files
>  and what was your puppetmaster version (3.7.2 here)?
> 
>  The background:
> 
>  I'm trying to remove somebody's large binary from a module files subdir
>  and prototype some basic large file distribution (that's not manually
>  placing things on nfs mounts). Plus if I distribute via puppet I can
>  check the reports to see if we had any distribution issues.
>  --
>  You received this message because you are subscribed to the Google
>  Groups "Puppet Users" group.
>  To unsubscribe from this group and stop receiving emails from it, send
>  an email to [3]puppet-users+unsubscr...@googlegroups.com.
>  To view this discussion on the web visit
>  
> [4]https://groups.google.com/d/msgid/puppet-users/20150203183358.GA17576%40iniquitous.heresiarch.ca.
>  For more options, visit [5]https://groups.google.com/d/optout.
> 
>--
>Trevor Vaughan
>Vice President, Onyx Point, Inc
>(410) 541-6699
>[6]tvaug...@onyxpoint.com
> 
>-- This account not approved for unencrypted proprietary information --
> 
>--
>You received this message because you are subscribed to the Google Groups
>"Puppet Users" group.
>To unsubscribe from this group and stop receiving emails from it, send an
>email to [7]puppet-users+unsubscr...@googlegroups.com.
>To view this discussion on the web visit
>
> [8]https://groups.google.com/d/msgid/puppet-users/CANs%2BFoX0sJHFueh8u_VfbNSEg%3D0z7qgwG_9jKF5VD5gk2%2BOuUA%40mail.gmail.com.
>For more options, visit [9]https://groups.google.com/d/optout.
> 
> References
> 
>Visible links
>1. mailto:christopher_w...@pobox.com
>2. http://tickets.puppetlabs.com/
>3. mailto:puppet-users%2bunsubscr...@googlegroups.com
>4. 
> https://groups.google.com/d/msgid/puppet-users/20150203183358.GA17576%40iniquitous.heresiarch.ca
>5. https://groups.google.com/d/optout
>6. mailto:tvaug...@onyxpoint.com
>7. mailto:puppet-users+unsubscr...@googlegroups.com
>8. 
> https://groups.google.com/d/msgid/puppet-users/CANs%2BFoX0sJHFueh8u_VfbNSEg%3D0z7qgwG_9jKF5VD5gk2%2BOuUA%40mail.gmail.com?utm_medium=email&utm_source=footer
>9. https://groups.google.com/d/optout

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20150203231100.GA20831%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppetserver and LDAP terminus

[Steve Huston]

So, I've spent another day beating on this problem and finally
achieved success.  We started with:

> # puppetserver gem install ruby-ldap

Nobody pointed out, either here or in the documentation, that when
using puppetserver you have to use "jruby-ldap" instead.  Once I did
that, the gem installed, yay!  But it still didn't work.  When the
server attempted to do a lookup it would still report that the search
failed, even though tcpdump showed it asking for the CN and getting
the right answer.

After quite a bit of prodding and help from a colleague I found that
jruby-ldap does not have a to_hash method in LDAP::Entry.  This was
confirmed by a bit of code and comment at the top of
https://github.com/alibby/ldap_authenticated/blob/master/lib/ldap_authenticated.rb

I inserted that code into the ruby module, since I would have to
manually upgrade that but the puppetserver RPM might get upgraded (and
wipe out that change), and got a little further.  Now, however, it
failed with another error: "Puppet Cannot reassign variable macaddress
on node syrinx.astro.princeton.edu"

On our old server running under passenger, if I look at
/var/lib/puppet/yaml/node/syrinx.astro.princeton.edu I see there's
both a "macaddress" and a "macAddress", so I realized what's going on
- the downcase in that code snippet is causing two facts to appear at
once.

All in all, this tells me a few things:

1) The documentation for using LDAP with the new puppetserver needs to
be updated to reflect not only that one must use 'jruby-ldap' (and
puppetserver gem install at that) but that the tests listed (running
ruby -rpuppet -e 'p Puppet.features.ldap?' and such) are incorrect as
they will report 'true' if you have the gem installed through the
normal system commands but puppetserver will not see it.

2) There needs to be a patch, perhaps somewhere in puppetserver, that
makes sure the jruby-ldap LDAP::Entry class has a 'to_hash' method (or
code around the necessity of needing it), for example:

if RUBY_PLATFORM =~ /^java.*/i
  class LDAP::Entry
 def to_hash
h = {}
get_attributes.each { |a| h[a.to_sym] = self[a] }
h[:dn] = [dn]
h
 end
  end
end

3) I discovered when I spun up my VM this morning that puppetserver
failed to start because it wanted to create a /var/run/puppet (which
it does not appear to actually use thereafter).  Since /var/run is on
a tmpfs on RHEL7, and owned by root, yet the puppetserver process runs
as user 'puppet', this will fail on every reboot.  Admittedly I'm not
running the puppetlabs RPM, but our package maintainer does a very
good job of making sure that the scripts and setups are duplicated if
he rebuilds something - please correct me if the logic to recreate
this directory is included somewhere and I can point it out to him to
fix in our repository.

-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |ICBM Address: 40.346344   -74.652242
345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852  | headlong into mystery."  -Rush, 'Cygnus X-1'

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANnpg5SpJitWLjR4LvfMHfMH8NT4kALfgkzKbDatNBZwM7SDAg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet Dashboard/console

[PierreR]

> There's a good roundup of the options here:
>
> http://www.olindata.com/blog/2014/01/puppet-management-gui-comparison 
>
> Puppet Enterprise Console is arguably the best, but that's not available 
> if you're using the free open source option. If you want something similar 
> you are probably best looking at Foreman or Puppet Dashboard. Both are in 
> development, though Foreman may be seeing more attention as Red Hat have 
> started using it in their Satellite product.
>

Is Puppet Dashboard really deprecated as mentioned in the link ? It seems 
more active than both Puppetboard and Puppet Explorer. This last one looks 
promising but completely inactive apparently.

I guess you are right about Foreman. Even if it does not use the PuppetDB, 
it looks like the sole contender.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e8853117-a5c9-4375-bd3d-a8ccc994d2a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: Announce: Puppet Language Style Guide 2.0

[Hunter Haugen]

tl;dr Summarizing the feedback from Garrett, Trevor, and John (because
email is hard), and see if we have resolution on some points and which ones
we still need to clarify.



= Questions:
These need further discussion and clarification.

== Section 10.7 Defines can't use inherits for parameter defaults
Should this be reduced to only cover classes, or should the description be
expanded to cover the style of setting defined resource defaults also?
(Which happen to be the "bad" example; whoops.)

== Section 11.2 Recommendation against using "include" is unclear or harmful
I think this was to describe how an over-zealous use of `include` may cause
classes to be declared with the default parameters before a user may
declare them with parameters. Or it could have been about cross-module
class inclusion in public modules. What should we do with this section?



= Proposals:
If the below changes sound good, then we'll go with that.

== Section 5 line length is an issue
Managing line lengths in puppet is difficult. This point should change to
describe where to do syntax-wise linebreak rather than character-wise
breaks (ie, any hashes containing more than a single key/value pair, etc.).

== Section 9.6 symbolic modes
This was answered in that symbolic modes can perform operations that
numeric modes cannot. The style guide does not dictate which form to use,
so this should not be an issue.

== Section 10.6 No required class parameters
Some classes just MUST have required parameters and there is no way around
it. The style guide should be modified to include "should minimize the
number of required parameters" as a style recommendation.

== Section 10.2 item 7, resource ordering alphabetically
Remove the mention of ordering so that it is simply "Should declare
resources." This also impacts section 9.4 and should be reconciled.

== Section 10.2 includes vs validation first
Validation cannot come at the end of the file due to parse order, but it is
possible to allow includes to come before validation, so we should just not
dictate this bit of ordering.

(This issue will go away entirely after the release of puppet 4, as
validation may happen inline with the parameters themselves due to the
typing system.)

== Section 10.2 Unclear description of "items 7 & 8"
I'm not exactly sure what this is describing either. Most likely
superfluous and will be removed.

== Section 10.4 Chaining arrow syntax with only references, not declarations
Agreed. And perhaps that if there are line breaks around arrow syntax, they
must only happen to the right of the arrow and not the left so that arrows
are not "hidden" at the end of previous lines.

== Section 12.1 $unique_name = $name is unclear
I believe this was to describe how the continued use of $name throughout a
define can lead to confusion, as $name has no strong semantic meaning. Thus
a "good" example would be
https://github.com/puppetlabs/puppetlabs-apache/blob/1.2.0/manifests/listen.pp#L2
and a bad example would be...
https://github.com/puppetlabs/puppetlabs-apache/blob/1.2.0/manifests/vhost.pp
(because $name is scattered throughout the define and has no definite
meaning).

== Section 18 Parameter ordering unclear
The paragraph about ordering should be moved to 10.6 or removed altogether.

== Section 19 should be moved to Section 2
Because if becoming a specification for puppet-lint is a purpose, then
section 2 is best.

== "Style guide" vs "specification" discussion from jcbollinger
To paraphrase, "the 'language style guide' is written as a technical
specification covering more than the language; it covers module structure
and module contribution conduct. This is not 'style' and is beyond the
scope of this document."

In answer... we should change the title to something other than "The Puppet
Language Style Guide" :). I personally feel that "Module Style Guide" would
still encompass what is included here, when the above edits are taken into
account.

== JCB's "issues with guide text"
These seem fairly straightforward. Thanks.





-Hunter

On Tue, Feb 3, 2015 at 8:54 AM, jcbollinger 
wrote:

>
>
> On Monday, February 2, 2015 at 12:21:40 PM UTC-6, Lauren R wrote:
>>
>> The Modules team and I are excited to finally announce the newest version
>> of the Puppet Language Style Guide.
>>
>> We've reworked the guide to reflect the new features and capabilities of
>> Puppet 3.7, and we've expanded it to cover more topics related to building
>> manifests and modules. If you're interested in publishing a module to the
>> Puppet Forge or are looking to get your module "Puppet Approved," the
>> updated guide is a great place to start.
>>
>> It was a massive, company-wide effort to update this style guide, but I'm
>> sure we didn't catch everything. If you notice a mistake or would like more
>> information on something that's not currently covered, please file a
>> ticket. We plan to regularly update the guide from here on out, and we
>> definitely anticipate another big release in the months 

Re: [Puppet Users] size of fileserver files?

[Trevor Vaughan]

Hi Chris,

It definitely works but I would not use it for large files due to the
serialization/deserialization overhead issues, that it will checksum the
file at each run, and that it will transfer the entire file should the
transfer need to occur.

I would recommend using something like rsync or creating a native package
for your operating system and using the 'package' resource as the best way
to get the files onto the system.

Thanks,

Trevor

On Tue, Feb 3, 2015 at 1:33 PM, Christopher Wood  wrote:

> I've read through tickets.puppetlabs.com bug reports and can't find
> anything, asking here before I go down that road.
>
> Have any of you had trouble with large files served from the puppetmaster
> fileserver? If you had any issues how big were the files and what was your
> puppetmaster version (3.7.2 here)?
>
> The background:
>
> I'm trying to remove somebody's large binary from a module files subdir
> and prototype some basic large file distribution (that's not manually
> placing things on nfs mounts). Plus if I distribute via puppet I can check
> the reports to see if we had any distribution issues.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/20150203183358.GA17576%40iniquitous.heresiarch.ca
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
tvaug...@onyxpoint.com

-- This account not approved for unencrypted proprietary information --

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANs%2BFoX0sJHFueh8u_VfbNSEg%3D0z7qgwG_9jKF5VD5gk2%2BOuUA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] size of fileserver files?

[Christopher Wood]

I've read through tickets.puppetlabs.com bug reports and can't find anything, 
asking here before I go down that road.

Have any of you had trouble with large files served from the puppetmaster 
fileserver? If you had any issues how big were the files and what was your 
puppetmaster version (3.7.2 here)? 

The background:

I'm trying to remove somebody's large binary from a module files subdir and 
prototype some basic large file distribution (that's not manually placing 
things on nfs mounts). Plus if I distribute via puppet I can check the reports 
to see if we had any distribution issues.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20150203183358.GA17576%40iniquitous.heresiarch.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Custom Facts

[Steve Harp]

Thanks Wolf.

Sad news but now I know and I can structure my facts to deal with it.

On Tuesday, February 3, 2015 at 12:11:03 PM UTC-5, Wolf Noble wrote:
>
> Hi Steve,
>
> All custom facts are delivered to all nodes within a puppetmaster's 
> control. IOW, having a module that has a custom fact will deploy that fact 
> to every node, regardless of if that node uses, or is aware of the fact, or 
> module in question.
>
> It is generally expected that the fact author will ensure that the 
> behavior of a dormant custom fact is as close to a noop as possible.
>
>
>
>   Steve Harp 
>  February 3, 2015 at 10:45 AM
> Hi Guys,
>
> I've created some custom facts in /etc/puppet/MODULE_NAME/lib/facter/. 
>  When I run puppet I'm having facts that aren't even defined in a module 
> being called by the node deployed to the agent.  This is causing the facts 
> to fail on the agent.
>
> For instance, if I have the following custom fact files:
>
> /etc/puppet/modules/abc/lib/facter/abc.rb
>
> /etc/puppet/modules/xyz/lib/facter/xyz.rb
>
>
> When I define a node calling only module abc, it also delivers the fact 
> file defined under module xyz.  On the agent, I end up with abc.rb AND 
> xyz.rb.
>
> Am I doing something wrong or is this normal?
>
> Thanks. 
>
>  
>
>   

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/dafa9bd2-132a-4f43-9cad-85f7bdfbe896%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppetdlock and puppet dashboard

[puppetstan]

Hi,

I have a problem with the command: puppet -t agent

# Puppet -t agent
Record: Ignoring --listen we onetime run
Record: Run of Puppet client configuration already in progress; skipping

There are many tutorials that say to delete the file
# rm /var/lib/puppet/state/puppetdlock

and the command # puppet -t agent working again

This solution is ok but my problem is if the puppet service restarts, I have 
the 
same problem again and on my puppet dashboard, my server has not reported

the problem is random, I have servers that do not have a problem (even 
release agent puppet) and others have this problem

Is someone found why this problem and have a solution?

Cdlt

Puppet Server
# Rpm -qa | grep puppet
puppet-2.7.26-1.el5
puppet-server-2.7.26-1.el5
puppet-dashboard-1.2.23-1.el5

Puppet Client
# Rpm -qa | grep puppet
puppet-2.7.26-1.el5

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e8336b71-26f1-4d3d-9caf-9dd3d0b31825%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet Custom Facts

[Wolf Noble]

Hi Steve,

All custom facts are delivered to all nodes within a puppetmaster's 
control. IOW, having a module that has a custom fact will deploy that 
fact to every node, regardless of if that node uses, or is aware of the 
fact, or module in question.


It is generally expected that the fact author will ensure that the 
behavior of a dormant custom fact is as close to a noop as possible.





Steve Harp 
February 3, 2015 at 10:45 AM
Hi Guys,

I've created some custom facts in /etc/puppet/MODULE_NAME/lib/facter/. 
 When I run puppet I'm having facts that aren't even defined in a 
module being called by the node deployed to the agent.  This is 
causing the facts to fail on the agent.


For instance, if I have the following custom fact files:

/etc/puppet/modules/abc/lib/facter/abc.rb

/etc/puppet/modules/xyz/lib/facter/xyz.rb


When I define a node calling only module abc, it also delivers the 
fact file defined under module xyz.  On the agent, I end up with 
abc.rb AND xyz.rb.


Am I doing something wrong or is this normal?

Thanks.

--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00d60c9a-5c35-4a85-a552-9505be073f28%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/54D1011E.8060809%40wolfspyre.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet Custom Facts

[Steve Harp]

Hi Guys,

I've created some custom facts in /etc/puppet/MODULE_NAME/lib/facter/. 
 When I run puppet I'm having facts that aren't even defined in a module 
being called by the node deployed to the agent.  This is causing the facts 
to fail on the agent.

For instance, if I have the following custom fact files:

/etc/puppet/modules/abc/lib/facter/abc.rb

/etc/puppet/modules/xyz/lib/facter/xyz.rb


When I define a node calling only module abc, it also delivers the fact 
file defined under module xyz.  On the agent, I end up with abc.rb AND 
xyz.rb.

Am I doing something wrong or is this normal?

Thanks. 

 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/00d60c9a-5c35-4a85-a552-9505be073f28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Announce: Puppet Language Style Guide 2.0

[jcbollinger]

On Monday, February 2, 2015 at 12:21:40 PM UTC-6, Lauren R wrote:
>
> The Modules team and I are excited to finally announce the newest version 
> of the Puppet Language Style Guide.
>
> We've reworked the guide to reflect the new features and capabilities of 
> Puppet 3.7, and we've expanded it to cover more topics related to building 
> manifests and modules. If you're interested in publishing a module to the 
> Puppet Forge or are looking to get your module "Puppet Approved," the 
> updated guide is a great place to start.
>
> It was a massive, company-wide effort to update this style guide, but I'm 
> sure we didn't catch everything. If you notice a mistake or would like more 
> information on something that's not currently covered, please file a 
> ticket. We plan to regularly update the guide from here on out, and we 
> definitely anticipate another big release in the months after Puppet 4 
> comes out.
>


I'm pleased to see PL directing time and attention to such an effort, and I 
congratulate you on bringing it to this milestone.

With that said, I'm afraid I have a quite a few criticisms of the current 
version of the document.  I hope you will find them constructive in nature:

*Overall document issues*

The very first thing that hit me when I sat down to read the guide was 
section 1, with its reference to RFC 2119 terminology.  What in the world 
is such a thing doing in a **style** **guide**?  That describes the 
terminology of a specification document.  If a specification is what you 
mean this to be, then kindly position it that way.

In fact, the terminology matter is symptomatic of a deeper issue: the 
document appears to be at least two different documents mashed together.  
At times it wants to be a DSL style guide / specification, but at other 
times it wants to be a module layout specification (not much "guiding" on 
that side).  There is some overlap between those areas, to be sure, but it 
would be better to have two documents, each more tightly focused.  Some of 
my per-section comments will also reflect on this issue.

*Specific issues with guidelines*

Section 4: versioning is not a style issue.

Section 5: how is trailing whitespace a style issue of any consequence?  It 
has no *bona fide* relationship to the guiding principles enumerated in 
section 3 of the document.  It's not that I'm a big fan of trailing 
whitespace, but this seems so superfluous.  The only practical reason I see 
to include it (as a "must", no less) is to simplify the implementation of 
style checkers.  Not welcome.

Section 7: as a matter of style, why *shouldn't* comments explain the "how" 
of the code?  In the event that it is unclear how the code accomplishes the 
"why", documentation of that "how" is important for maintaining the code.  
I suspect that there are particular practices that this guideline is trying 
to rule out, but if so then a more nuanced guideline is needed.  
Additionally, I don't like *either* of the examples.  For what it's worth, 
the comment, if any, with which *I* would adorn the example declaration 
would be something like "Manages the main NTP configuration file".  (And I 
note that I would characterize that more as a "what" than as either a "why" 
or a "how".)

Section 8. Having module metadata is not a style issue.  I thought perhaps 
this point was about the style to be used for a module metadata file, which 
might be ok, but if that was the intention then the actual section is a 
complete miss.  Moreover, it is not clear either in the style guide or in 
the document it references what the metadata "format" actually is, unless 
the answer is simply "JSON".  Perhaps "format" is the wrong word for what 
you're trying to describe.

Section 10.2, item 7: in addition to comments in previous posts regarding 
this declaration-ordering recommendation, I observe that it conflicts with 
guideline 9.4 about putting declarations in logical groupings.

Section 10.2: the justification for the recommendation that "the last two 
items – declared resources and declared relationships to other 
classes/defines – not occur in the same class or type" is unclear.  I'm 
inclined to call such a recommendation altogether *un*justified, but 
perhaps I don't understand what the guide is trying to say.

Section 10.7: the specified style for parameter defaults is fine for 
classes, but it is not applicable to defined types.  I don't know how to 
safely satisfy the guide's recommendation that "Provided defaults should be 
specified with the parameter and not inside the [...] define."

Section 11.2: WHAT?  In the first place, what "non-deterministic scoping 
issues" are we talking about here?  In the second place, how are classes 
*supposed* to declare other classes?  The only other alternative -- 
resource-style class declarations -- are inferior in most situations, as 
even the language reference acknowledges: "*Most* users in *most* 
situations should use include-like declarations" (emphasis in the

[Puppet Users] Ubuntu service idempotence

[sorthum]

I'm seeing some idempotence issues around enabling services in Puppet 3.7.4 
on Ubuntu 12.04:

root@ubuntu-server-1204-x64:~# puppet resource service ntp enable=true
Notice: /Service[ntp]/enable: enable changed 'false' to 'true'
service { 'ntp':
  ensure => 'running',
  enable => 'false',
}
root@ubuntu-server-1204-x64:~# puppet resource service ntp enable=true
Notice: /Service[ntp]/enable: enable changed 'false' to 'true'
service { 'ntp':
  ensure => 'running',
  enable => 'false',
}


Does this Ubuntu version require a custom (read as: non-upstart) provider? 

-- Corey

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/41473df1-79a9-4a72-9dbc-7c5eccc08bed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Announce: Puppet Language Style Guide 2.0

[jcbollinger]

On Monday, February 2, 2015 at 2:58:51 PM UTC-6, Trevor Vaughan wrote:
>
> Inline
>
> On Mon, Feb 2, 2015 at 3:24 PM, Garrett Honeycutt <
> g...@garretthoneycutt.com > wrote:
>
 

I'd like to vote for putting all validation at the bottom of the file.
>
> Honestly, we're getting quite heavy in the amount of cruft in the files in 
> general.
>


Agreed.

 

> == Section 10.2.7
>
>  

> I tend to order things in resource alphabetical order because then, if I'm 
> looking for a file resource, it's in the 'F' section. And I still like the 
> fact that order doesn't matter in Puppet unless I tell it to. Accordingly, 
> should I happen to break my order accidentally, I really don't want to care.
>
>

Although I do tend to order my resource declarations as described by 
10.2.7, I agree that it is not a particularly useful as a style guideline.  
I use that order because it makes sense to me and helps me find things, not 
because of the functional implications (that anyway don't always apply), 
and I don't stick to that order rigorously.  I'd argue that a mandate to 
order resource declarations specifically by relative order of application 
is counter-productive.  It de-emphasizes the importance of using 
relationships to specify application order, and may sometimes mask bugs 
arising from failure to declare needed relationships.

 

>  
>
>> == Section 10.6
>> Suggest that while having required parameters for defines is OK, having
>> them for classes is not. There should never be required parameters for a
>> class. This breaks the ability to `include` a class.
>>
>>
> No, I disagree here. There are (many) times that I *need* you to give me a 
> parameter, I can't make one up that is magically correct. Moving this to a 
> define-only state means that we have to start slinging around singleton 
> defines which is what parameterized classes got us away from.
>
> I'd rather have my compile break than end up with a system doing something 
> nonsensical, particularly when the security of the system may be at risk.
>


I think the middle ground here would be best: the guide should recommend 
*minimizing* the number of mandatory class parameters.  Although I very 
much favor declaring classes via 'include', I acknowledge Trevor's point, 
and I observe that mandatory class parameters can be satisfied by automated 
data binding (i.e. Hiera), so they don't altogether *break* the ability to 
'include' such a class, they just limit it.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5649c5c9-7ce3-4467-874b-ce2c55f3ad5c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Unreported Windows nodes (Puppet 3.7.3, Exchange 2010)

[cko]

Icacls: http://i.imgur.com/s1xQy65.png

I will upgrade to Puppet 3.7.3 this week an see if that fixed the issue.


On Monday, February 2, 2015 at 9:49:01 PM UTC+1, Rob Reynolds wrote:
>
>
>
> On Mon, Feb 2, 2015 at 5:05 AM, cko > 
> wrote:
>
>> I just noticed that the affected agents do not update the files located 
>> in "C:\ProgramData\PuppetLabs\puppet\var\state".
>>
>> Also interesting: The "agent_catalog_run.lock" file is not properly 
>> removed after a puppet run.
>>
>> See the timestamps on the files ( http://i.imgur.com/qE87OB5.png )
>>
>
>
> Can you give me an icacls on that folder? icacls 
> C:\ProgramData\PuppetLabs\puppet\var\state. Also I wonder if you have a 
> connection issue in sending the report to the master? From the gist I 
> didn't see an issue jump out at me though.
>
> Also, 3.7.4 just came out. I don't know for sure if it will resolve the 
> issues or not.
>  
>
>>
>>
>>
>> On Monday, December 15, 2014 at 5:24:55 PM UTC+1, Rob Reynolds wrote:
>>>
>>>
>>>
>>> On Sun, Dec 14, 2014 at 9:17 AM, cko  wrote:

 The Puppet Service is actually running.

 The eventlog shows records about successfully finished catalog runs. 
 All files in the C:\ProgramData\PuppetLabs\puppet\var\state directory 
 indicate that the puppet run finishes without problems.

 I suspect there is a problem with the submission of the report to the 
 puppet master unless the puppet run is triggered manually. 

>>>
>>> What user does the puppet agent service run under? 
>>>
>>>  
>>>

 That might be the reason they are marked "out of sync" in any dashboard 
 application (puppetdb, puppetexplorer, foreman).




 On Sunday, December 14, 2014 4:48:59 AM UTC+1, Rob Reynolds wrote:
>
>
>
> On Tue, Dec 9, 2014 at 7:28 AM, cko  wrote:
>>
>> Hi,
>>
>> I'm currently having an issue with the Windows Server 2008R2 nodes in 
>> our Exchange 2010 environment.
>>
>> Since I upgraded the four nodes to Puppet 3.7.3 , they do not check 
>> in to the Puppetmaster via the Windows Service every 30 minutes like all 
>> the other nodes do. 
>>
>> Here is a gist of the output from "puppet agent -t --debug" that 
>> might help https://gist.github.com/anonymous/e972393ea742631ccaef
>>
>> Is there a problem in my environment or are there any known issues 
>> regarding this behavior? 
>>
>
> We are not aware of a known issue for this behavior. If you could 
> check the eventlog and determine what issues it may be reporting?  
>
>>  -- 
>> You received this message because you are subscribed to the Google 
>> Groups "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, 
>> send an email to puppet-users...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/puppet-users/4da95e8f-9c8f-4dca-a91d-dfae1ce1dd1d%40goog
>> legroups.com 
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
> -- 
> Rob Reynolds
> Developer, Puppet Labs
>
> *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
> http://2015.puppetconf.com/
> *Register early to save 40%!*
>  
  -- 
 You received this message because you are subscribed to the Google 
 Groups "Puppet Users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to puppet-users...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/
 msgid/puppet-users/311eff85-ba40-42bf-a983-a363fe5a61d1%
 40googlegroups.com 
 
 .

 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>> -- 
>>> Rob Reynolds
>>> Developer, Puppet Labs
>>>
>>> *Join us at **PuppetConf 2015, October 5-9 in Portland, OR - *
>>> http://2015.puppetconf.com/
>>> *Register early to save 40%!*
>>>  
>>  -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Puppet Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to puppet-users...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/puppet-users/74fa3e65-2974-46b5-95c4-a30bf6374a60%40googlegroups.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Rob Reynolds
> Developer, Puppet Labs
>
> *Join us at **PuppetC

Re: [Puppet Users] Announce: Puppet Language Style Guide 2.0

[jcbollinger]

On Monday, February 2, 2015 at 2:24:42 PM UTC-6, Garrett Honeycutt wrote:
 

> == Section 5 
> Why the arbitrary line length? Puppet's DSL does not have the ability to 
> break lines, such as '\' in bash, so imposing any limit does not buy 
> anything, certainly not readability. [...]
>


Agreed.

 

> == Section 9.6 
> This suggests that using symbolic modes (mode => 'u=rw,g=r,o=r') are 
> acceptable. What is the purpose of this? This decreases readability and 
> understanding. 
>
>

Agreed.

 

> == Section 10.2 
> Would add that includes should happen right after defining parameters 
> and before validation. 
>
>

Absolutely.

 

> == Section 10.4 
> Suggest adding that chaining arrow syntax should only be used with the 
> reference syntax and not between resources. The example below is a bad 
> use of the chaining arrows that leads to changing ordering by 
> inadvertently moving resources around. This is easy to do when merging 
> software. 
>


Excellent.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/38932690-e7ab-4448-9e7c-931c487da79c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Puppet array merge failure?

[jcbollinger]

On Monday, February 2, 2015 at 10:19:33 AM UTC-6, leam hall wrote:
>
> Hey John, thanks! 
>
> To add to your points, I'm referencing 
> https://docs.puppetlabs.com/hiera/1/lookup_types.html#array-merge 
>
> Your recommended Hiera command works fine on the master. Thanks! All 
> NTP servers show up. 
>
> However, they are not getting put into the ntp.conf file. I've 
> modified both the sandbox and remotenode json files to add extra 
> servers. The new servers show up in a hiera call on the puppet master 
> but are not showing up in the remotenode ntp config file. 
>
> Back to trouble-shooting... 
>


At this point, it sounds like we can conclude that the Hiera data files are 
not your problem.  If you want further help troubleshooting then we'll need 
to see the resource declaration by which the target file is being managed.  
If you are templating the file then the relevant part(s) of the template, 
too.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f8e03b49-6468-4070-99aa-660df0636dbd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Announce: Native Facter (cfacter) 0.3.0 is available!

[Paul Seymour]

 

> Thanks for this. Just put the RHEL7 x86_64 on a puppet client and it 
> complains:-
>
 
"Error: Could not initialize global default settings: cfacter version 0.2.0 
or later is not installed."

Tracing it through it is looking for the libraries in /usr/lib64 and they 
are installed via the RPM in /usr/lib this doesn't happen when running via 
the command line so maybe something with my environment.

Linking/Copying the libs to /usr/lib64 and all is well with Puppet agent

Thanks
Paul

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0ec19a79-5507-4a09-827d-40758e37078c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Bootstrap puppet client

[Joseph Karns]

Hello Aries:

Puppet Enterprise provides a single line command to complete the same 
thing. It would look something like this, "curl -k https://:8140/packages/current/install.bash | sudo bash"

You could add that to a cloud_init file if using AWS or add it to a 
kickstart file for local OS loading.

Thanks
Joey

On Tuesday, February 3, 2015 at 4:50:06 AM UTC-5, aries wrote:
>
> Hi ~
>
> I use chef knife bootstrap a new chef client. It use ssh method to login 
> my client and run script to do any thing.
>
> # sudo knife bootstrap $CLIENT_IP -x $USER_NAME -P $PASSWORD -d $ERB_FILE
>
>
> Is there like tools for puppet ?
>
> thanks
>
> Aries
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/db40cf3e-566c-4201-bc97-43e955ffdf00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Bootstrap puppet client

[aries]

Hi ~

I use chef knife bootstrap a new chef client. It use ssh method to login my 
client and run script to do any thing.

# sudo knife bootstrap $CLIENT_IP -x $USER_NAME -P $PASSWORD -d $ERB_FILE


Is there like tools for puppet ?

thanks

Aries

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d4401af6-607f-436d-a4c1-947d44165e92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.