Re: [Puppet Users] Puppet and SVN

2016-07-26 Thread Alex Samad 
Hi

Thanks for this again, its has helped allot.

Question would it be fair to say you can't do firewall rules from hiera, 
that they have to be associated with a module..

Alex

On Thursday, 26 May 2016 11:01:57 UTC+10, Rob Nelson wrote:
>
> Yep! I do that with some profiles:
> Base 
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/base.pp
>  calls 
> linuxfw and its pre/post subclasses 
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/linuxfw.pp
>  
> https://github.com/puppetinabox/controlrepo/tree/production/dist/profile/manifests/linuxfw
>  to 
> set up the genera rules all bodes have. 
> Component profiles like Apache allows port 80 
> https://github.com/puppetinabox/controlrepo/blob/production/dist/profile/manifests/apache.pp
>
> The names of the firewall rule resources are sorted numerically, so you 
> can have multiple 100 rules in different profiles and it won't cause a 
> problem unless one of them is a deny, in which case you probably want to 
> start the name with 99 - or have unique rules across profiles, though that 
> doesn't scale very well. 
>
> On Wednesday, May 25, 2016, Alex Samad > 
> wrote:
>
>> Hi
>>
>> Thanks for all the input.
>>
>> What I have gathered
>>
>> Start with GIT from the beginning. Okay I can do that
>>
>> /etc/*puppetwhatever*/environments/{production|stage|etc}/ is good
>>
>> Look at using / implementing r10k
>>
>>
>> Profiles / roles good.
>>
>> No need to reinvent modules - wasn't actually planning on that.
>>
>> From the puppet user group meeting I got that it is good to (example ntp)
>>
>> 1) reuse forge ntp module
>> 2) wrap it up with $job defaults
>> 3) use the new ntp profile
>>
>>
>> Something i was looking at doing was managing the server firewall.
>>
>> I was going to produce some sort of a template with places in it where
>> I can add dynamic content - depending on what apps where installed on
>> the server.
>>
>>
>> Example
>> profile - ABC Firewall
>> this would be basic
>>
>> allow related,connected
>> allow ssh
>> 
>> reject anything not from company ip address
>> 
>> drop broadcast
>> drop multicast
>> allow zabbix monitoring
>> log  with limit
>> reject with limit
>> drop
>>
>>
>> so if I applied this profile to server A it would get the basic firewall.
>>
>> The next step is if I had profile "app A"
>> if it had something like
>> rules to add to from anywhere
>> allow inbound port 80
>> allow inbound port 443
>>
>> rules to add to only from local network
>> allow inbound port 8080
>>
>>
>> I would hope to get puppet to update the basic firewall with info from
>> app A and other profiles.
>>
>>
>> Is this possible ?
>>
>> A
>>
>> On 24 May 2016 at 11:22, Rob Nelson  wrote:
>> > I wrote some articles on using Git with puppet and r10k. It's a little 
>> out
>> > of date in the referenced versions of puppet and r10k, so check to make 
>> sure
>> > you're using the modern file locations, but otherwise remains accurate.
>> > 
>> https://rnelson0.com/2014/05/19/puppet-and-git-201-r10k-setup-installation/
>> >
>> > There's a link to a Git 100 series I wrote if you need assistance with 
>> Git
>> > itself.
>> >
>> >
>> > On Monday, May 23, 2016, Alex Samad  wrote:
>> >>
>> >> Hi
>> >>
>> >> Is it really that painful to retro fit git. or is the way you think
>> >> about the DB that different ?
>> >>
>> >> Could you point a good starting point to read up on this ?
>> >>
>> >> Thanks
>> >> Alex
>> >>
>> >> On 24 May 2016 at 07:16, Christopher Wood 
>> >> wrote:
>> >> > On Mon, May 23, 2016 at 03:51:58PM +1000, Alex Samad wrote:
>> >> >> How hard is it to retro fit SVN / GIT onto a puppet install.
>> >> >>
>> >> >> I am building from scratch, working through the doco.
>> >> >>
>> >> >> Was thinking once I have a friendly setup then I would look at 
>> putting
>> >> >> that into SVN/GIT.
>> >> >
>> >> > Do yourself a huge favour, use git as the tool you use to construct 
>> the
>> >> > setup. Use it from the start of the process, not just as what you 
>> put things
>> >> > into when you're done.
>> >> >
>> >> >> Thoughts are
>> >> >> install puppet
>> >> >> install puppetDB
>> >> >> install heira ??
>> >> >>
>> >> >> setup environments, currently thinking
>> >> >> Prod - all prod env
>> >> >> SIM - testing for prod
>> >> >> INF - inf
>> >> >> NON Prod - anything thats not above
>> >> >> dev - testing
>> >> >> alex - personal
>> >> >>
>> >> >> Then I was going to create a whole bundle of profiles break up into
>> >> >>
>> >> >> OS app
>> >> >> things like
>> >> >> smtp
>> >> >> ssh
>> >> >> http
>> >> >> etc
>> >> >>
>> >> >> have the default company setup
>> >> >>
>> >> >> Company Apps
>> >> >> things that cover company apps
>> >> >>
>> >> >>
>> >> >> Then build some roles - based solely from profiles.
>> >> >>
>> >> >> Then some how dynamically assign nodes to a roles / environment.
>> >> >>
>> >> >>
>> >> >> Sounds okay ??
>> >> >>
>> >> >> A
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>>

Re: [Puppet Users] puppetdb instllation form source

2016-07-26 Thread Wyatt Alt 

Hi Joaquin,

If you're able to install with the module that's the best option by far, 
since it will handle all the configuration for you.


If something is requiring you to install from source, the instructions 
are here:

https://docs.puppet.com/puppetdb/4.1/install_from_source.html#step-2-option-a-install-from-source

Wyatt

On 7/26/16 9:39 AM, Joaquin Henriquez wrote:

Hi Guys

Trying to install puppetdb form source.
I downloaded it from git b but then what?

If I modify the puppet.conf to enable puppetdb it will lok into file 
confdir/puppetdb.conf which doesn't exist under the git version.


Doing the config.ini rename to that puppetdb.conf will need to add the 
# to few lines to comment them out.


Jetty for the puppetdb.conf (under /etc/puppetlabs/puppet) only allows 
Jetty port 8080 which even if I use "puppet master --verbose 
--no-daemonize" will not come up.
If adding to the puppetdb.conf the ssl-host and ssl-port will not work 
either as it give a parse error.


Error: Could not retrieve facts for testbedocg: Failed to find facts 
from PuppetDB at puppet:8140: undefined method `url_path' for 
Puppet::Util::Puppetdb:Module

Error: undefined method `puppet3compat?' for Puppet::Util::Puppetdb:Module


Should I install puppetdb from module or form git source?


--
You received this message because you are subscribed to the Google 
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to puppet-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b994a0ce-0736-40e9-8277-bfe5f3986284%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Puppet 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/ababb8f3-a03a-0933-2cf5-579445f4e5e3%40puppet.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Using the Puppet Catalog Preview tool in a rspec-puppet workflow?

2016-07-26 Thread robbyt 
I'd like to use the Catalog Preview tool as part of module spec tests, to 
ensure that code in each module will work correctly in both versions of 
Puppet?

Is it possible to use the Catalog Preview tool without a real Puppet Master 
infrastructure?

Thanks,
RT


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/92710a2d-dd87-4dd8-95bd-9b5cbf1d5ecd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] puppetdb instllation form source

2016-07-26 Thread Joaquin Henriquez 
Hi Guys

Trying to install puppetdb form source.
I downloaded it from git b but then what?

If I modify the puppet.conf to enable puppetdb it will lok into file 
confdir/puppetdb.conf which doesn't exist under the git version.

Doing the config.ini rename to that puppetdb.conf will need to add the # to 
few lines to comment them out.

Jetty for the puppetdb.conf (under /etc/puppetlabs/puppet) only allows 
Jetty port 8080 which even if I use "puppet master --verbose 
--no-daemonize" will not come up.
If adding to the puppetdb.conf the ssl-host and ssl-port will not work 
either as it give a parse error.

Error: Could not retrieve facts for testbedocg: Failed to find facts from 
PuppetDB at puppet:8140: undefined method `url_path' for 
Puppet::Util::Puppetdb:Module
Error: undefined method `puppet3compat?' for Puppet::Util::Puppetdb:Module


Should I install puppetdb from module or form git source?


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b994a0ce-0736-40e9-8277-bfe5f3986284%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: puppet agent

2016-07-26 Thread Joaquin Henriquez 
Finally manage to install puppet and make it work from source.
I have to tell you the instructions are almost non existant for that.

El martes, 12 de julio de 2016, 8:13:24 (UTC+1), jiminfote...@gmail.com 
escribió:
>
> When you do puppet agent -t check out your puppetserver.log. Post the 
> output from puppetserver.log file .
>
> Thanks
> Jim
>
> On Tuesday, July 12, 2016 at 8:06:39 AM UTC+10, Joaquin Henriquez wrote:
>>
>> Hi List
>>
>> Puppet agent (after puupet agent -t) is not sending th CSR to the Puppet 
>> master:
>>
>> Agent:
>> /etc/hosts
>> 172.16.173.31   spark-slave1 puppetmaster01 puppetmaster01.lebara.com 
>> testbedocg
>> 172.16.173.24   spark-slave2 preproi2000 preproi2000.lebara.com
>>
>>
>> hadoop@preproi2000:~/.puppetlabs/etc/puppet> more puppet.conf 
>> [main]
>> certname = preproi2000.lebara.com
>> server = puppetmaster01
>> environment = production
>> runinterval = 1h
>> strict_variables = true
>>
>> [agent]
>> server = puppetmaster01
>>
>> hadoop@preproi2000:~/.puppetlabs/etc/puppet/ssl/certificate_requests> ls
>> preproi2000.lebara.com.pem
>>
>> Any agent requet doesn't show the fingerprint (3rd line)
>> hadoop@preproi2000:~/.puppetlabs/etc/puppet> puppet agent --no-daemonize 
>> --server puppetmaster01.lebara.com --onetime --verbose
>> Info: Creating a new SSL key for preproi2000.lebara.com
>> Info: Caching certificate for ca
>> Info: Caching certificate_request for preproi2000.lebara.com
>> Info: Caching certificate for ca  <-- here no fingerprint
>> Exiting; no certificate found and waitforcert is disabled
>>
>> Master:
>> /etc/hosts
>> 172.16.173.31   spark-slave1 puppetmaster01 puppetdb 
>> puppetmaster01.lebara.com testbedocg
>> 172.16.173.24   spark-slave2 preproi2000 preproi2000.lebara.com
>>
>> hadoop@testbedocg:~/.puppetlabs/etc/puppet> more puppet.conf 
>> [main]
>> certname = testbedocg
>> server = puppetmaster01
>> environment = production
>> runinterval = 1h
>> strict_variables = true
>>
>> [master]
>> dns_alt_names = puppet,puppetmaster01,puppetmaster01.lebara.com
>> ,testbedocg
>> reports = puppetdb
>> storeconfigs_backend = puppetdb
>> storeconfigs = true
>> environment_timeout = unlimited
>>
>> hadoop@testbedocg:~/.puppetlabs/etc/puppet/ssl/certificate_requests> ls
>> hadoop@testbedocg:~/.puppetlabs/etc/puppet/ssl/certificate_requests> 
>>
>> It seems as the CSR is send only to the local agent machine not to the 
>> Master puppet server.
>> Why is this happending?
>>
>> BR
>>
>> Joaquin
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/3349da94-f131-4e31-aacb-d4e31f122517%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: what is the right way to ensure specific version installed on puppet agent?

2016-07-26 Thread Winn Johnston 
Syntax error 

  package { 'mysql': ensure => "${target_version}-${target_release)" }

  package { 'mysql': ensure => "${target_version}-${target_release}" }

-winn

On Wednesday, December 4, 2013 at 11:31:02 PM UTC-8, shlo@gmail.com 
wrote:
>
>
> Thank you very much for your detailed answer.
>  
>
> On Wednesday, December 4, 2013 4:56:34 PM UTC+2, jcbollinger wrote:
>>
>>
>>
>> On Wednesday, December 4, 2013 1:19:55 AM UTC-6, shlo@gmail.com 
>> wrote:
>>>
>>>
>>>
>>> Hi,
>>>
>>> I wanted to install mysql-5.1.66 and make sure mysql-5.5.34 removed so I 
>>> make a init.pp file and put in it:
>>> class mysql {
>>> package { 'mysql':
>>> ensure => "5.1.66-2.el6_3", 
>>> require => [Package['mysql-libs'], 
>>> Package['compat-mysql'], 
>>> Package['mysql-5.5.34']],
>>> }
>>>
>>> package { 'mysql-libs':
>>> provider => 'yum',
>>> ensure => 'purged',
>>> }
>>>
>>> package { 'compat-mysql':
>>> provider => 'yum',
>>> ensure => 'absent',
>>> }
>>>
>>> package { 'mysql-5.5.34':
>>> provider => 'yum',
>>> ensure => 'absent',
>>> }
>>>
>>
>>
>> That last bit is useless, except inasmuch as there is a (definitely 
>> useless) reference to Package[''mysql-5.5.34''] earlier.  Puppet's RPM and 
>> YUM package providers will recognize  and . as 
>> package names.  Ensuring Package['mysql-5.5.34'] absent is always a no-op 
>> because although Package['mysql'] might have version 5.5.34, that's doesn't 
>> make it a package *named* "mysql-5.5.34".
>>
>> Moreover, this isn't an issue for the vast majority of RPM packages, 
>> because few RPMs accommodate multiple versions of the same package 
>> installed.  Unless you're dealing with custom-packaged RPMs specifically 
>> built to accommodate multiple versions -- and it doesn't look like you are 
>> -- your earlier version-specific declaration of package "mysql" should be 
>> sufficient to ensure that the only version of the "mysql" package is the 
>> one you specify (5.1.66-2.el6_3).
>>
>>  
>>
>>> } 
>>>
>>> When I test it before, two weeks ago, it work okay. It remove 
>>> mysql-5.5.34 and install mysql-5.1.66.
>>> Today I saw the puppet agent don't have mysql install at all.
>>> I tried to install it from the Unix command line  and got:
>>>
>>> *No package mysql-server-5.1.66-2.el6_3 available.Error: Nothing to do*
>>>
>>> I believe that this version of mysql removed from the repository because 
>>> it's old, but I don't want the old version to delete from my puppet agent.
>>> I want my puppet agent to have mysql-5.1.66 even that it not exist in 
>>> the repository.
>>> Is it because the puppet did not find mysql in the repository so it 
>>> delete it from my agent?
>>>
>>
>>
>> No.
>>
>>  
>>
>>> or I'm doing something wrong?
>>>
>>>
>>
>> Yes.
>>
>> Your package declarations have a hidden inconsistency that Puppet is 
>> unable to diagnose.  You specify that package "mysql-libs" must be purged, 
>> but that's not actually what you want, because packages mysql and 
>> mysql-server depend on mysql-libs.  By ensuring mysql-libs purged, you 
>> force it and all packages that depend on it to be removed (if mysql-libs is 
>> present) every time the agent runs.  *That's* why mysql-5.1.66 and 
>> mysql-server-5.1.66 got removed.  It is surely not what you actually want, 
>> even if the mysql-5.1.66 packages were still available in your configured 
>> repositories.  (And this is yet another reason why the declaration of 
>> package "mysql-5.5.34" is useless.)
>>
>> You have committed one of the classic Puppet blunders: writing manifests 
>> that focus on state transitions instead of on the desired target state.  I 
>> say that because the only reason I can imaging for declaring mysql-libs 
>> purged is to facilitate downgrading mysql to version 5.1.66 from a later 
>> version.
>>
>> There are several things you should do:
>>
>>1. Create and maintain a local package repository for at least those 
>>packages you depend upon, plus their dependencies.  Myself, I maintain a 
>>complete local mirror of all the essential repositories I depend on.  
>> There 
>>are multiple advantages, but the most relevant one here is that you can 
>>avoid packages being yanked out from under you.
>>2. Remove the inconsistency in your declarations.
>>
>> There are several approaches to (2), but I'd recommend creating a custom 
>> fact to report the installed version of mysql-libs, and making its purge 
>> conditional on that value.  The Puppet side might look like this:
>>
>> class mysql {
>>   $target_version = '5.1.66'
>>   $target_release = '2.el6_3'
>>
>>   package { 'mysql': ensure => "${target_version}-${target_release)" }
>>
>>   # assumes that mysql-libs version must match mysql version;
>>   # $::mysql_libs_version is a custom fact you must provide:
>>   if $::mysql_libs_version != '' and versioncmp($target_version, 
>> $::mysql_libs_version) < 0 {
>>