Re: [Puppet Users] Open Source 4.0 version identifier vs. very different rpm and dpkg package versions

[Jason Slagle]

On 6/23/15, 9:03 PM, "Eric Sorenson"  wrote:

>
>> I suspect this confusion will hinder deployment ­ the AIO packaging is
>> certainly in the cons category for us.
>
>I really want to understand this, because it's a big deal. (My life goal
>at 
>this point is to get as many people as possible upgraded to Puppet 4, so
>anything that gets in the way of that is a problem!) There's been a bunch
>of 
>different points in the thread, some of them about the numbering and some
>about the packaging itself; what would reduce the confusion for you?

It’s actually interesting, because it came up at a PUG meeting here
locally, and I definitely got a more negative than positive vibe from the
AIO packaging, as well as my own feelings.

In the end, it comes down to the potential security implications for some
of my clients.  On the enterprise front, you provide an installer, which
you have a contractual obligation to support.  When security issues arise
with say the bundled ruby, you are going to quickly act on them.

On the open source side, I’m less sure about that obligation.  You guys
have been spectacular at keeping up with security patches, but when you
decide to deprecate 4.1, you’ll have people with it installed 2 years from
now.  You now have a much larger software ecosystem to worry about
vulnerabilities in.  Basically, it puts the open source users in a
position where they have to rely on puppetlabs for patches to upstream
projects such as the bundled ruby or openssl on the agent side.

A related concern comes with companies with infosec departments that have
to bless things.  I get Ruby 2.1.0 blessed, but then the bundled ruby gets
updated to 2.1.1.  Now there are a lot more compliance hoops to jump
through.

In the end, a lot of it comes down to it “not being the unix way”.  I have
many of the same arguments and dislikes against systemd.  I have no issue
with the AIO installer, and in fact might use it on some older
centos/rhel5 hosts where getting modern ruby is hard.  My heartburn comes
from it being the only REAL way to install these packages starting with
version 4.  I’d much prefer you also support a more traditional
metapackage approach for the operating systems that support it.

Finally, the AIO package creation is a lot less repeatable.  If I need to
modify 3.7 locally, I modify it, change the spec to add a local component
and build a new RPM.  With this AIO, I need to grab the packaging repo and
spend some amount of time trying to figure out how to navigate it.

Hope that helps.

Jason


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/D1AF95DF.60216%25raistlin%40tacorp.net.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Open Source 4.0 version identifier vs. very different rpm and dpkg package versions

[Eric Sorenson]

On Mon, 22 Jun 2015, Jason Slagle wrote:

On 6/22/15, 3:08 PM, "Vince Skahan"  wrote:


On Thursday, June 18, 2015 at 4:18:37 PM UTC-7, Ken Bowley wrote:

This is better than what is currently being used, but I'm strongly in the AIO
idea to be stupid.  Split it into multiple packages and use proper
dependencies like every other sane packaging system has done for a long, long
time.

If all you do is bump the version of facter, then only have me download and
install the meta package that depends on the new facter, and the new facter
package, not everything.


Agree.   Thought I'd chime in (late) as the original poster.

Versioning starting with 4.x is a good start, but I still think your AIO
approach is wrong.

Have collector rpms that 'require' the pieces of the puzzle and package
hiera/etc. in individually bundled standalone packages.  If you do that:
* you can keep versioning facter to 2.x.y if you want
* you can keep versioning puppetserver any way you want
* and just version the collection (bundle, pick a term) with the 4.x.x
identifier you want to publicize as release-4.x.x


If all anybody had to deal with were $osfamily==redhat systems, I feel pretty 
certain this is exactly what we'd do. But it's just not. Just to start from 
first principles, the primary goals of the packaging project were:


- unify the agent across open-source and PE so testing, delivery, and upgrades
  are as smooth as possible
- provide a consistently great out-of-the-box experience so you can get fresh
  Puppet versions with "batteries included" on any supported OS

I love metapackages too, but short of porting yum to Windows, Mac OS X, and 
Solaris I don't see how they meet those requirements.



To update the client, 'yum update puppet' and have it update the sub-pieces it
needs (hiera/mco/etc.)


So this happens today, it's just in all in one package :)


To update the server, 'yum update puppetserver' and have it do the server
piece.


And this is actually what happens today.


Lastly, if it's me, I would not bundle the agent/client stuff 'in' the
puppetserver package.  I would 'require' the client-stuff to be co-installed
with the server stuff using the packaging mechanisms the os providers already
give you.


This is also what happens today; there is no agent stuff in the puppetserver 
package.


(in other words, release 'empty' rpms that require x and y and z - works 
great if you don't cause dependency hell by getting too fancy)



FWIW, +1 from me too.  It seems like a lot of places that do packaging like
this end up doing it this way.


Fair enough.


If I¹m only doing a security update to facter, I shouldn¹t have to replace a
gigantic bundle with whatever else it pulls In.  I can see you release
management people hating this later, as well as security teams.


So the puppet-agent package is 17 megabytes on EL7, so "gigantic" is a bit of 
an overstatement here. Agreed that the release pipeline is more complicated, 
and I can definitely understand the desire to just update the one thing that 
needs a bugfix.



I suspect this confusion will hinder deployment ­ the AIO packaging is
certainly in the cons category for us.


I really want to understand this, because it's a big deal. (My life goal at 
this point is to get as many people as possible upgraded to Puppet 4, so 
anything that gets in the way of that is a problem!) There's been a bunch of 
different points in the thread, some of them about the numbering and some 
about the packaging itself; what would reduce the confusion for you?


Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles

[Puppet Users] Re: Command Exceeded Timeout on Basic Shell Commands

['Dan Finn' via Puppet Users]

Just noticed something else interesting.  When running puppet apply or 
puppet agent and it doesn't hang, puppet only spawns 1 process and there is 
no puppet process left running afterwards, it seems to clean itself up and 
die off.  When puppet runs and hangs, it spawns 2 processes each looking 
identical with the same name and even though the output from puppet apply 
or agent says it finished running (after letting it timeout on the hang) it 
leaves 1 process behind still running.  I attached strace to this running 
process and the output looks like so:

pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 263395792}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 248281920}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 170310944}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 16576}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 244956432}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 141958480}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 22737840}) = 
-1 ETIMEDOUT (Connection timed out)
[pid 61271] futex(0x7f5e2454b6a0, FUTEX_WAIT_PRIVATE, 2, {0, 78315952}) = 
-1 ETIMEDOUT (Connection timed out)

and as best as I can tell it would just keep repeating that indefinitely.

This seems quite odd to me and has to be related in some way but I'm not 
sure how.

On Tuesday, June 23, 2015 at 3:45:20 PM UTC-6, Dan Finn wrote:
>
> Hello,
>>
>
> I am Franck's coworker.  I spent some time looking into this today and 
> have some more info but unfortunately am still really lost as to what is 
> going on or what is causing this.
>
> Here is the output captured from a puppet agent -t --debug run where a 
> node hangs:
>
>
> https://github.com/danfinn/errors/blob/master/puppet_debug_output_during_hang.txt
>
> And here is the output from strace captured during the same host hanging 
> at the same point in the manifest (hangs at line 3441):
>
>
> https://github.com/danfinn/errors/blob/master/puppet_hang_strace_no_follow_forks.txt
>  
>
> I understand that this strace would be more helpful with -ff enabled but 
> unfortunately I couldn't get puppet to run like that, I'm not sure why but 
> it generated a bunch of errors and never ran the manifest.
>
> One thing I noticed is that while puppet is hanging running /usr/bin/test, 
> or at least it is telling me that it's running that and waiting, that 
> process does not show up in the command list.  Also, running that identical 
> /usr/bin/test command at the same time that puppet is hanging on it works 
> fine, it returns very quickly.
>
> I was able to get this test system to hang both via puppet agent and 
> running the manifest locally with puppet apply.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5949b475-91fb-463a-9ed8-4e4e672aaee6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Command Exceeded Timeout on Basic Shell Commands

['Dan Finn' via Puppet Users]

>
> Hello,
>

I am Franck's coworker.  I spent some time looking into this today and have 
some more info but unfortunately am still really lost as to what is going 
on or what is causing this.

Here is the output captured from a puppet agent -t --debug run where a node 
hangs:

https://github.com/danfinn/errors/blob/master/puppet_debug_output_during_hang.txt

And here is the output from strace captured during the same host hanging at 
the same point in the manifest (hangs at line 3441):

https://github.com/danfinn/errors/blob/master/puppet_hang_strace_no_follow_forks.txt
 

I understand that this strace would be more helpful with -ff enabled but 
unfortunately I couldn't get puppet to run like that, I'm not sure why but 
it generated a bunch of errors and never ran the manifest.

One thing I noticed is that while puppet is hanging running /usr/bin/test, 
or at least it is telling me that it's running that and waiting, that 
process does not show up in the command list.  Also, running that identical 
/usr/bin/test command at the same time that puppet is hanging on it works 
fine, it returns very quickly.

I was able to get this test system to hang both via puppet agent and 
running the manifest locally with puppet apply.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/aa1469c2-6b6d-4091-8c7a-6605dbec86d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Automating installations

[Cristian Falcas]

For all of them, yes.
For 6 and 8 you will have to use something like foreman.

Cristi


On Tue, Jun 23, 2015 at 3:16 PM, Santosh Gaddam 
wrote:

> here is my requirement, does it suitable.
> 1. Installations of our product.
> 2. Installations of thrid party softwares(java, oracle and etc...)
> 3. automating above installations.
> 4. we have 20 VM(virtual servers), can i handle them with one single URL.
> 5. running multiple installation at a same time.
> 6. viewing the results after running the script.
> 7. do have ur own language to write a script or global language u use.
> 8.  Is this creates an VM or we can handle VM using this?
> does this tool met my above requirement?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/puppet-users/017df386-4cbb-479c-8693-1650350c174a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAMo7R_eL%2BQXmJfMpDd4PiuYfZ7-AVBHxti-sinvPJt5qVDM9Ug%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Automating installations

[Santosh Gaddam]

here is my requirement, does it suitable.
1. Installations of our product.
2. Installations of thrid party softwares(java, oracle and etc...)
3. automating above installations.
4. we have 20 VM(virtual servers), can i handle them with one single URL.
5. running multiple installation at a same time.
6. viewing the results after running the script.
7. do have ur own language to write a script or global language u use.
8.  Is this creates an VM or we can handle VM using this?
does this tool met my above requirement?

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/017df386-4cbb-479c-8693-1650350c174a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Environment specific module paths not functioning as expected

[Alexander Dacre]

Resolved it - missing a configuration item in /etc/puppet/puppet.conf.

Thanks!

On Tuesday, June 23, 2015 at 11:26:21 AM UTC+1, Alexander Dacre wrote:
>
> Hi,
>
> I have three directory based environments: development, test, production. 
> Each environment is structured as follows:
>
> [root@puppet environments]# tree -L 2 production
> production
> ├── environment.conf
> ├── manifests
> │   └── site.pp
> ├── modules
> │   ├── apt
> │   ├── concat
> │   ├── nginx
> │   ├── ntp
> │   └── stdlib
> └── nodes
> └── fqdn.yaml
>
> I've tried setting modulepath configuration directive to 
> ./modules:$basemodulepath and /etc/puppet/environments/production/modules, 
> but Puppet config is not picking it up:
>
> [root@puppet environments]# puppet config print modulepath --environment 
> 'production'
> /etc/puppet/modules:/usr/share/puppet/modules
>
> Is there anything else I need to configure for this to work?
>
> Thanks,
> Alex
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1400edeb-1112-4096-83bc-822a0ba30173%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Puppet agent not picking up hiera

[Alexander Dacre]

This is running on Puppet 3.8.1

On Tuesday, June 23, 2015 at 10:52:45 AM UTC+1, Alexander Dacre wrote:
>
> Hi,
>
> I'm in the process of deploying my first Puppet instance with hiera and 
> environments but I'm having some difficulties. Configuration files listed 
> below with the host names removed.
>
> [me@puppet puppet]$ cat /etc/puppet/hiera.yaml
> ---
> :backends:
>   - yaml
> :yaml:
>   :datadir: "/etc/puppet/environments/%{::environment}"
> :hierarchy:
>   - "nodes/%{::fqdn}"
>
> [me@puppet puppet]$ cat 
> /etc/puppet/environments/production/nodes/servers-fqdn.yaml
> ---
> ntp::restrict:
>   -
> ntp::autoupdate: false
> ntp::enable: true
> ntp::servers:
>   - 0.us.pool.ntp.org iburst
>   - 1.us.pool.ntp.org iburst
>   - 2.us.pool.ntp.org iburst
>   - 3.us.pool.ntp.org iburst
>
> [me@puppet puppet]$ cat 
> /etc/puppet/environments/production/manifests/site.pp
> hiera_include('classes')
>
>
> Seems to work from the command line:
>
> [me@puppet puppet]$ sudo hiera ntp::servers ::fqdn=servers-fqdn 
> ::environment=production
> ["0.us.pool.ntp.org iburst",
>  "1.us.pool.ntp.org iburst",
>  "2.us.pool.ntp.org iburst",
>  "3.us.pool.ntp.org iburst"]
>
> But not on the agents?
>
> Any suggestions on what I;m doing wrong?
>
> Thanks,
> Alex
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/35f87fc7-4778-4d5f-94b7-4b08d466f489%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Environment specific module paths not functioning as expected

[Alexander Dacre]

This is running on Puppet 3.8.1

On Tuesday, June 23, 2015 at 11:26:21 AM UTC+1, Alexander Dacre wrote:
>
> Hi,
>
> I have three directory based environments: development, test, production. 
> Each environment is structured as follows:
>
> [root@puppet environments]# tree -L 2 production
> production
> ├── environment.conf
> ├── manifests
> │   └── site.pp
> ├── modules
> │   ├── apt
> │   ├── concat
> │   ├── nginx
> │   ├── ntp
> │   └── stdlib
> └── nodes
> └── fqdn.yaml
>
> I've tried setting modulepath configuration directive to 
> ./modules:$basemodulepath and /etc/puppet/environments/production/modules, 
> but Puppet config is not picking it up:
>
> [root@puppet environments]# puppet config print modulepath --environment 
> 'production'
> /etc/puppet/modules:/usr/share/puppet/modules
>
> Is there anything else I need to configure for this to work?
>
> Thanks,
> Alex
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d4c9137a-f56d-4236-bf50-844371bbb7f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Environment specific module paths not functioning as expected

[Alexander Dacre]

Hi,

I have three directory based environments: development, test, production. 
Each environment is structured as follows:

[root@puppet environments]# tree -L 2 production
production
├── environment.conf
├── manifests
│   └── site.pp
├── modules
│   ├── apt
│   ├── concat
│   ├── nginx
│   ├── ntp
│   └── stdlib
└── nodes
└── fqdn.yaml

I've tried setting modulepath configuration directive to 
./modules:$basemodulepath and /etc/puppet/environments/production/modules, 
but Puppet config is not picking it up:

[root@puppet environments]# puppet config print modulepath --environment 
'production'
/etc/puppet/modules:/usr/share/puppet/modules

Is there anything else I need to configure for this to work?

Thanks,
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1dcb695b-c11f-4cfc-906a-77683490d730%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet agent not picking up hiera

[Alexander Dacre]

Hi,

I'm in the process of deploying my first Puppet instance with hiera and 
environments but I'm having some difficulties. Configuration files listed 
below with the host names removed.

[me@puppet puppet]$ cat /etc/puppet/hiera.yaml
---
:backends:
  - yaml
:yaml:
  :datadir: "/etc/puppet/environments/%{::environment}"
:hierarchy:
  - "nodes/%{::fqdn}"

[me@puppet puppet]$ cat 
/etc/puppet/environments/production/nodes/servers-fqdn.yaml
---
ntp::restrict:
  -
ntp::autoupdate: false
ntp::enable: true
ntp::servers:
  - 0.us.pool.ntp.org iburst
  - 1.us.pool.ntp.org iburst
  - 2.us.pool.ntp.org iburst
  - 3.us.pool.ntp.org iburst

[me@puppet puppet]$ cat 
/etc/puppet/environments/production/manifests/site.pp
hiera_include('classes')


Seems to work from the command line:

[me@puppet puppet]$ sudo hiera ntp::servers ::fqdn=servers-fqdn 
::environment=production
["0.us.pool.ntp.org iburst",
 "1.us.pool.ntp.org iburst",
 "2.us.pool.ntp.org iburst",
 "3.us.pool.ntp.org iburst"]

But not on the agents?

Any suggestions on what I;m doing wrong?

Thanks,
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3eeaad2b-f928-4e9b-917b-878e2f9257c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.