[Puppet Users] Re: Help with setting up a profile

[Haani Niyaz]

You should be including the role, not the profile in your manifests/site.pp

node {
 include role::mysshrole
}


On Wednesday, 29 June 2016 15:48:07 UTC+10, Alex Samad wrote:
>
> Hi
>
> I have a new install.
>
> I want to use the node <- role <<- profiles  setup.
>
> I want to define a profile for sshd for my environment.
>
> So I want to use a sshd module (I will check the forge) and have some 
> things preset.
> 1) I would like to turn off password acces for root account
> 2) turn off x11 
> 3) turn on forwarding
> 4) also for root I would like to install a public for my master root
>
>
> so I have my environment location
>
> /etc/puppetlabs/code/environments/production
>
>
> i have (from the control repo)
> site/profile/manifests
> and
> site/role/manifests
>
> do I create 
> site/profile/manifests/mysshd.pp
>
> class profile::mysshd {
>
> package { 'sshd' :
> ensure => 'present',
> }
> ### options set ???
>
> }
>
> and then potentially a role in 
>
> site/role/manifests/mysshrole.pp
> class role::mysshrole {
>  include profile::mysshd
> }
>
> and then I go to 
>
> manifests/site.pp
>
> add in my node definition
>
> node {
>  include role:mysshd
> }
>
>
> Does that look about right ??
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/74405bb5-c853-41f0-8824-1be60f519ac3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

[Haani Niyaz]

Not all but most of it. I guess the intention was to use the PuppetDB since 
that is already an existing data source. Pushing the info will require 
setting up some more infrastructure but I understand that it might need to 
happen. Thanks. 



On Friday, 8 July 2016 10:52:29 UTC+10, LinuxDan wrote:
>
> Puppet is, IMHO, the wrong tool for this job.
> If you need info every 5 minutes, make a cron script to run and push the 
> info where it is needed.  I am guessing you do not need ALL the facts.  Is 
> that correct ?
>
> On Jul 7, 2016, at 8:19 PM, Haani Niyaz  
> wrote:
>
> *Background:*
>
> We are interested in building a simple dashboard and looking at leveraging 
> the PuppetDB API to retrieve the data (facts). However a requirement exists 
> to have some information update more frequently, say 5mins.
>
> *Question:*
>
> I suspect running the agent every 5mins will create too much of a load on 
> the Puppet Master so I was wondering if there is a way to gracefully exit 
> the agent after it has sent the facts to the master? I'm guessing this is 
> not the case but I thought I'd ask anyway.
>
> I am aware that *tags *can be used for this purpose but this would still 
> require some processing on the master to workout dependencies. I am not 
> looking for a hack but rather a way to leverage the existing solution.
>
> All ideas are welcome, thanks.
>
>
>
>
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users...@googlegroups.com .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/b51306e0-c6f0-4779-a443-7cca1c0a768e%40googlegroups.com
>  
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8f9fa5a9-2136-4759-905b-ae5caf986b2b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Best practise question around where to keep certain facts

[Alex Samad]

Hi

Think I have had a miss understanding of the scope of 

puppet variables
hiera data..

Think I have been mixing the two

I think my question here is how do you use hiera() in side a yaml to look 
up info outside that current yaml.


so if hiera has check 1.yaml then 2.yaml then 3.yaml.  How does 3.yaml get 
info from the 1.yaml ???


A


On Friday, 8 July 2016 10:14:13 UTC+10, Alex Samad wrote:
>
> Hi
>
> Using a global ENC - this is allocating facts like location and envornment.
>
> in my hiera I had
>
>   # Envornment - YB
>   - "ybenv/%{::ybenv}"
>
> so I would have say 
>
> prod.yaml
>
> and
>
>   # Location - YB
>   - "yblocation/%{::yblocation}"
>
> to id location or datacentre
>
> I setting
> yblocation: alc << not sure why I am setting this again as its set by the 
> ENC
> yblocation::ip: 33 << this is new not defined in the ENC
>
> but I have a common.yaml that tries to use this value and the only way I 
> get to view it is with a hiera lookup..
> and its not working the best.
>
> but https://docs.puppet.com/hiera/3.2/variables.html 
> Passing Variables to Hiera seciton 
>
>
>- Avoid referencing user-set local variables from Hiera. Instead, use 
>facts, built-in variables, 
>
> top-scope
>  
>variables, node-scope variables, or variables from an ENC whenever 
>possible.
>
> does that mean i should do it all in my ENC ??
>
>
>  hiera  -d   ybenv::file::osfamily=RedHat environment=production   
> ::trusted.certname=abc ::ybenv=alex  ::yblocation=ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Hiera YAML backend starting
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybenv::file in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
> DEBUG: 2016-07-08 09:58:10 +1000: Found ybenv::file in common
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybvlan in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
> DEBUG: 2016-07-08 09:58:10 +1000: Found ybvlan in common
> DEBUG: 2016-07-08 09:58:10 +1000: Looking up yblocation::ip in YAML backend
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
> DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
> DEBUG: 2016-07-08 09:58:10 +1000: Found yblocation::ip in yblocation/ybo
> {"ybenv_file1"=>
>   {"path"=>"/etc/ybenv",
>"ensure"=>"present",
>"content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
>"group"=>"root",
>"mode"=>"0444",
>"owner"=>"root"}}
>
> when i run this on a node it doesn't get the 172 ?? 
>
>
>
>
> Let me try and explain that again ...
>
> this is what I get from my ENC
> ---
> environment: production
> parameters:
>   ybenv: alex
>   yblocation: ybo
>
>
> my :hierarchy looks like
>
> :hierarchy:
>
>   # node specific
>   - "nodes/%{::trusted.certname}"
>
>   # Applicaiton - YB
>   - "ybapplication/%{::ybapplication}"
>
>   # Envornment - YB
>   - "ybenv/%{::ybenv}"
>
>   # Location - YB
>   - "yblocation/%{::yblocation}"
>
>   # OS specific
>   - "os/%{::osfamily}"
>
>   # common to all
>   - common
>
> in yblocation
>
> cat hieradata/yblocation/ybo.yaml
> ---
>
> ##
> yblocation: ybo
> yblocation::ip: 172
>
>
>
> and in cat hieradata/common.yaml
>
> #
> # Save it
> ybenv::file:
>   ybenv_file1:
> path: /etc/ybenv
> ensure: present
> content: "ybenv: %{::ybenv}\nyblocation: 
> %{::yblocation}\n%{hiera('ybvlan')}\n%{hiera('yblocation::ip')}\n"
> group: root
> mode: '0444'
> owner: root
>
>
>
> hiera  -d   ybenv::file::osfamily=RedHat environment=production   
> ::trusted.certname=abc ::ybenv=alex  ::yblocation=ybo
>
> gives me 
> "content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
>
> but on the node i get this
>
> Notice: /Stage[main]/Main/Node[default]/File[ybenv_file1]/content:
> --- /etc/ybenv  2016-07-08 10:01:55.121019861 +1000
> +++ /tmp/puppet-file20160708-30039-sdgvj0   2016-07-08 
> 10:10:24.007280395 +1000
> @@ -1,4 +1,4 @@
>  ybenv: alex
>  yblocation: ybo
>  0
> -
> +0
>
> looks like the hiera() is not working properly
>
>
> Thanks
> A
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/5daa6723-8bbe-4892-967a-995bb6929781%40googlegroups.com.
For more options, visit 

Re: [Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

[Dan White]

Puppet is, IMHO, the wrong tool for this job.
If you need info every 5 minutes, make a cron script to run and push the info 
where it is needed.  I am guessing you do not need ALL the facts.  Is that 
correct ?

> On Jul 7, 2016, at 8:19 PM, Haani Niyaz  wrote:
> 
> Background:
> 
> We are interested in building a simple dashboard and looking at leveraging 
> the PuppetDB API to retrieve the data (facts). However a requirement exists 
> to have some information update more frequently, say 5mins.
> 
> Question:
> 
> I suspect running the agent every 5mins will create too much of a load on the 
> Puppet Master so I was wondering if there is a way to gracefully exit the 
> agent after it has sent the facts to the master? I'm guessing this is not the 
> case but I thought I'd ask anyway.
> 
> I am aware that tags can be used for this purpose but this would still 
> require some processing on the master to workout dependencies. I am not 
> looking for a hack but rather a way to leverage the existing solution.
> 
> All ideas are welcome, thanks.
> 
> 
> 
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/puppet-users/b51306e0-c6f0-4779-a443-7cca1c0a768e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/1FFE740A-F969-4E97-9C4F-4E3CFEB9D42C%40icloud.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Is it possible to gracefully exit the puppet agent run after sending facts?

[Haani Niyaz]

*Background:*

We are interested in building a simple dashboard and looking at leveraging 
the PuppetDB API to retrieve the data (facts). However a requirement exists 
to have some information update more frequently, say 5mins.

*Question:*

I suspect running the agent every 5mins will create too much of a load on 
the Puppet Master so I was wondering if there is a way to gracefully exit 
the agent after it has sent the facts to the master? I'm guessing this is 
not the case but I thought I'd ask anyway.

I am aware that *tags *can be used for this purpose but this would still 
require some processing on the master to workout dependencies. I am not 
looking for a hack but rather a way to leverage the existing solution.

All ideas are welcome, thanks.






-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b51306e0-c6f0-4779-a443-7cca1c0a768e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Best practise question around where to keep certain facts

[Alex Samad]

Hi

Using a global ENC - this is allocating facts like location and envornment.

in my hiera I had

  # Envornment - YB
  - "ybenv/%{::ybenv}"

so I would have say 

prod.yaml

and

  # Location - YB
  - "yblocation/%{::yblocation}"

to id location or datacentre

I setting
yblocation: alc << not sure why I am setting this again as its set by the 
ENC
yblocation::ip: 33 << this is new not defined in the ENC

but I have a common.yaml that tries to use this value and the only way I 
get to view it is with a hiera lookup..
and its not working the best.

but https://docs.puppet.com/hiera/3.2/variables.html 
Passing Variables to Hiera seciton 


   - Avoid referencing user-set local variables from Hiera. Instead, use 
   facts, built-in variables, 
   
top-scope
 
   variables, node-scope variables, or variables from an ENC whenever 
   possible.

does that mean i should do it all in my ENC ??


 hiera  -d   ybenv::file::osfamily=RedHat environment=production   
::trusted.certname=abc ::ybenv=alex  ::yblocation=ybo
DEBUG: 2016-07-08 09:58:10 +1000: Hiera YAML backend starting
DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybenv::file in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
DEBUG: 2016-07-08 09:58:10 +1000: Found ybenv::file in common
DEBUG: 2016-07-08 09:58:10 +1000: Looking up ybvlan in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source os/RedHat
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source common
DEBUG: 2016-07-08 09:58:10 +1000: Found ybvlan in common
DEBUG: 2016-07-08 09:58:10 +1000: Looking up yblocation::ip in YAML backend
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source ybenv/alex
DEBUG: 2016-07-08 09:58:10 +1000: Looking for data source yblocation/ybo
DEBUG: 2016-07-08 09:58:10 +1000: Found yblocation::ip in yblocation/ybo
{"ybenv_file1"=>
  {"path"=>"/etc/ybenv",
   "ensure"=>"present",
   "content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",
   "group"=>"root",
   "mode"=>"0444",
   "owner"=>"root"}}

when i run this on a node it doesn't get the 172 ?? 




Let me try and explain that again ...

this is what I get from my ENC
---
environment: production
parameters:
  ybenv: alex
  yblocation: ybo


my :hierarchy looks like

:hierarchy:

  # node specific
  - "nodes/%{::trusted.certname}"

  # Applicaiton - YB
  - "ybapplication/%{::ybapplication}"

  # Envornment - YB
  - "ybenv/%{::ybenv}"

  # Location - YB
  - "yblocation/%{::yblocation}"

  # OS specific
  - "os/%{::osfamily}"

  # common to all
  - common

in yblocation

cat hieradata/yblocation/ybo.yaml
---

##
yblocation: ybo
yblocation::ip: 172



and in cat hieradata/common.yaml

#
# Save it
ybenv::file:
  ybenv_file1:
path: /etc/ybenv
ensure: present
content: "ybenv: %{::ybenv}\nyblocation: 
%{::yblocation}\n%{hiera('ybvlan')}\n%{hiera('yblocation::ip')}\n"
group: root
mode: '0444'
owner: root



hiera  -d   ybenv::file::osfamily=RedHat environment=production   
::trusted.certname=abc ::ybenv=alex  ::yblocation=ybo

gives me 
"content"=>"ybenv: alex\nyblocation: ybo\n0\n172\n",

but on the node i get this

Notice: /Stage[main]/Main/Node[default]/File[ybenv_file1]/content:
--- /etc/ybenv  2016-07-08 10:01:55.121019861 +1000
+++ /tmp/puppet-file20160708-30039-sdgvj0   2016-07-08 
10:10:24.007280395 +1000
@@ -1,4 +1,4 @@
 ybenv: alex
 yblocation: ybo
 0
-
+0

looks like the hiera() is not working properly


Thanks
A



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/59db9f38-4efb-48dd-8952-1f149da97e81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] most idiomatic way to set resource defaults

[Matthew Pounsett]

I have a defined resource type (let's call it `widget`) which gets defined 
multiple times per customer.  Each customer has their own default 
configuration values for their widgets, and these are very rarely (but 
occasionally) overridden.   I'd like to minimize the amount of typing 
necessary when someone adds a new widget to the systems, so I'm thinking of 
a Hiera structure similar to this:

widget_defaults:
   customer1:
 colour: green
 size: big
 outline: vague
   customer2:
 colour: blue
 size: big
 outline: crisp

widgets:
   customer1:
  foo:{}
  bar:
 colour: violet
  baz:{}
   customer2:
  froop:{}
  vroom:{}
  blargh:
 outline: circular

This will require multiple hiera lookups inside the profile that 
instantiates the resources though, in order to merge the defaults with any 
override values.   Is there a more idiomatic way to deal with something 
like this?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f90c1a2e-d597-4594-b06f-3051e34641fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] most idiomatic way to set resource defaults

[Matthew Pounsett]

I have a defined resource type (let's call it `widget`) which can be 
defined multiple times per customer.  Each customer has different default 
values for their set of widgets which are rarely overridden, and I'd like 
to minimize the typing necessary when someone adds a new widget to a 
customer's list.

I'm thinking of a hiera structure similar to this:

widget_defaults:



widget_defaults:

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f97251c7-9432-411d-8d7f-8c8b1f6fd7a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: cached file in module

[mike r]

using PE 2016.1.2 (4.4.2)



On Thursday, July 7, 2016 at 11:15:19 AM UTC-4, mike r wrote:
>
> Hi all, Im writing a module that serves a shell script located in 
> $basemodulepath/module/files/script.sh
>
> I recently had to update the shell script, but my agents are receiving the 
> old version of the script. 
>
> I checked the node's /opt/puppetlabs/puppet/cache but its not cached 
> there. Cant find a cached copy on the puppet master as well. 
>
> also checked /opt/puppetlabs/server on master and cached script isnt 
> there. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/c7130902-a0c6-4e52-a368-8cbcad710beb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] cached file in module

[mike r]

Hi all, Im writing a module that serves a shell script located in 
$basemodulepath/module/files/script.sh

I recently had to update the shell script, but my agents are receiving the 
old version of the script. 

I checked the node's /opt/puppetlabs/puppet/cache but its not cached there. 
Cant find a cached copy on the puppet master as well. 

also checked /opt/puppetlabs/server on master and cached script isnt there. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/f08f447f-3073-4ff2-b472-9da7de6b5758%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet master status

[Peter Faller]

# netstat -ntap | grep 8140

... will show what (if anything) is listening on port 8140.


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/8bb9ea93-e32f-4f44-8ffa-258795cd479f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.