[Puppet Users] hiera style guide

[Georg Faerber]

Hi all,

Searching the Internets didn't reveal anything: Is there some style
guide or best practice regarding syntax used in hiera, writing .yaml
files? For example, should it be:

array:
  - string
  - string

or 

array:
  - 'string'
  - 'string'

Thanks in advance,
all the best,
Georg

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20170928164345.GE15521%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

[Puppet Users] Re: Question regarding Puppet4 class params and Hiera5

[Sean]

John,
  I have no disagreement with your statements.  I've never done object 
oriented programming professionally, and only dabbled with java to learn 
some basics, so I guess I don't have as much bias in that regard...I really 
thought I was just going with the terminology flow.  The complexity of this 
module comes with trying to extend it's use to various platforms.  The goal 
is to have the end user just "include complex" and get what's broadly 
appropriate for that platform, while having the flexibility to exclude 
specific components as needed.  The module is implementing a system-wide 
configuration policy and touches many aspects things that would normally be 
done in individual modules.  This is a policy thing similar to what the 
SCAP Security Guide project might address.  So if other modules are in 
play, an end use could exclude or disable a feature in order to avoid a 
conflict of multiple resource declarations.

David,
  Currently, aside from using --strict, is what I am doing.  I think what 
made your explanations click most for me was referring to there being only 
one value for a parameter.  It seems a better approach to use the fully 
scoped names, and including class parameters only in init.pp, than 
attempting to include class params in the module's member classes (formerly 
addressed as sublcasses).

Thank you both!

On Thursday, September 28, 2017 at 9:24:49 AM UTC-4, jcbollinger wrote:
>
> Dear Sean,
>
> David has already given you great answers to the questions you posed.  I 
> have nothing to add to those, but I feel inclined to nitpick your question 
> a bit:
>
> On Tuesday, September 26, 2017 at 10:00:49 AM UTC-5, Sean wrote:
> [...]
>
>> The class arrays are strings of fully qualified subclass names, e.g. [ 
>> 'complex::redhat::subclass1', 'complex::redhat::subclass2', ] etc. 
>>
>> Is there a benefit to actually using class params or declaring all 
>> references to class variables directly as fully qualified in the subclasses?
>>
>> Here's a simplified example subclass, and yes the example is silly, if we 
>> enable/disable a feature in puppet code, why not just exclude the subclass 
>> altogether.  Typically, that is what happens, but I was failing to find any 
>> other simplistic examples to provide.
>>
>> class complex::redhat::subclass1 (
>>   Boolean $enable_feature1,
>> ) {
>>
>>   if $enable_feature1 {
>> notify("${::osfamily} Feature 1 is enabled")
>>   } else {
>> notify("${::osfamily} Feature 1 is disabled")
>>   }
>>
>> }
>>
>>
>>
>
> Puppet has subclasses, whose definitions can be recognized by their use of 
> the 'inherits' keyword.  What you are describing are not them.  Even *bona 
> fide* Puppet subclasses behave differently than most people tend to 
> expect based on the uses of the term "subclass" in object-oriented 
> programming languages, but the classes you are actually describing have 
> nothing at all recognizable as a superclass / subclass relationship, in any 
> accepted sense of the term.  In particular, each of the classes you 
> described defines its own namespace, separate from and independent of all 
> the others'.
>
> The thrust of some of your questions suggests uncertainty about the 
> relationship between those classes, which is an excellent reason to avoid 
> use of the term 'subclass' for it. Even if you understood (and when you do 
> understand) the relationship, describing it via the term 'subclass' is 
> prone to confuse.  In fact, one class having another's name as its 
> namespace has very little practical significance, other than putting them 
> in the same module.  Even that is primarily organizational, not functional. 
> I suggest just calling them "classes".
>
>
> John
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/6cbc4f8b-809f-4e5e-b2da-830b0e012d97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Puppet Users] Re: stdlib keys() and values()

[Robert]

Hey John,

I've just found out that notice() gives back the array indeed.

Thanks for clarifying that, I didn't know this until now and was really
confused :)

Best,
Rp

On Thu, Sep 28, 2017 at 3:02 PM, jcbollinger 
wrote:

>
>
> On Thursday, September 28, 2017 at 5:49:12 AM UTC-5, Robert wrote:
>>
>> Eh, sorry.
>>
>> So why's this with the above code:
>>
>> Notice: /Stage[main]/Main/Notify[sdf]/message: defined 'message' as '1'
>> and keys($hash) gives 'a'
>>
>> Why not arrays of the keys / values? Can't understand.
>>
>
> Although it is not explicitly spelled out in the docs, it should not be
> much of a surprise that the Notify type expects its 'message' parameter
> ("The message to be sent to the log") to be a string.  When you provide an
> array instead, Notify must either reject it with an error, or convert the
> array to a string by some unspecified mechanism.  In the version of Puppet
> you are running, it opts in such cases to convert the array to a string by
> choosing its first element (not necessarily recursively).  I'm uncertain
> whether this is intentional behavior or simply what happens to fall out
> from the implementation in this particular variation on providing a value
> of the wrong type.
>
> If you want to control how the arrays you're working with are converted to
> strings, then you ought to perform the conversion explicitly
> ,
> Details vary to some extent based on what Puppet version you are using (the
> link goes to the docs for Puppet 4).
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to puppet-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/puppet-users/e08aedc0-f6f7-46de-b634-c2b2ceb76fbb%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANwwCtyXuWuGajtgoYwOrES8Y4W5m0%2BDrAuo2%3D2ueUW3t6askQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: Question regarding Puppet4 class params and Hiera5

[jcbollinger]

Dear Sean,

David has already given you great answers to the questions you posed.  I 
have nothing to add to those, but I feel inclined to nitpick your question 
a bit:

On Tuesday, September 26, 2017 at 10:00:49 AM UTC-5, Sean wrote:
[...]

> The class arrays are strings of fully qualified subclass names, e.g. [ 
> 'complex::redhat::subclass1', 'complex::redhat::subclass2', ] etc. 
>
> Is there a benefit to actually using class params or declaring all 
> references to class variables directly as fully qualified in the subclasses?
>
> Here's a simplified example subclass, and yes the example is silly, if we 
> enable/disable a feature in puppet code, why not just exclude the subclass 
> altogether.  Typically, that is what happens, but I was failing to find any 
> other simplistic examples to provide.
>
> class complex::redhat::subclass1 (
>   Boolean $enable_feature1,
> ) {
>
>   if $enable_feature1 {
> notify("${::osfamily} Feature 1 is enabled")
>   } else {
> notify("${::osfamily} Feature 1 is disabled")
>   }
>
> }
>
>
>

Puppet has subclasses, whose definitions can be recognized by their use of 
the 'inherits' keyword.  What you are describing are not them.  Even *bona 
fide* Puppet subclasses behave differently than most people tend to expect 
based on the uses of the term "subclass" in object-oriented programming 
languages, but the classes you are actually describing have nothing at all 
recognizable as a superclass / subclass relationship, in any accepted sense 
of the term.  In particular, each of the classes you described defines its 
own namespace, separate from and independent of all the others'.

The thrust of some of your questions suggests uncertainty about the 
relationship between those classes, which is an excellent reason to avoid 
use of the term 'subclass' for it. Even if you understood (and when you do 
understand) the relationship, describing it via the term 'subclass' is 
prone to confuse.  In fact, one class having another's name as its 
namespace has very little practical significance, other than putting them 
in the same module.  Even that is primarily organizational, not functional. 
I suggest just calling them "classes".


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/d78f756a-715a-47be-a536-47e192c71030%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: stdlib keys() and values()

[jcbollinger]

On Thursday, September 28, 2017 at 5:49:12 AM UTC-5, Robert wrote:
>
> Eh, sorry.
>
> So why's this with the above code:
>
> Notice: /Stage[main]/Main/Notify[sdf]/message: defined 'message' as '1'
> and keys($hash) gives 'a'
>
> Why not arrays of the keys / values? Can't understand.
>

Although it is not explicitly spelled out in the docs, it should not be 
much of a surprise that the Notify type expects its 'message' parameter 
("The message to be sent to the log") to be a string.  When you provide an 
array instead, Notify must either reject it with an error, or convert the 
array to a string by some unspecified mechanism.  In the version of Puppet 
you are running, it opts in such cases to convert the array to a string by 
choosing its first element (not necessarily recursively).  I'm uncertain 
whether this is intentional behavior or simply what happens to fall out 
from the implementation in this particular variation on providing a value 
of the wrong type.

If you want to control how the arrays you're working with are converted to 
strings, then you ought to perform the conversion explicitly 
,  
Details vary to some extent based on what Puppet version you are using (the 
link goes to the docs for Puppet 4).


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/e08aedc0-f6f7-46de-b634-c2b2ceb76fbb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] custom resource type property to accept hash for input

[Harihara Narayanan B]

Does puppet allow to create a custom resource property to accept hash 
inputs, instead of arrays? Cant find this in the documentation. 

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/db03aa28-183d-4fbd-a1f2-bac34a505788%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Puppet masters switch cert issues

[Induja Vijayaraghavan]

I am moving from RHEL 6 to RHEL 7 puppet master. The new one is all set and 
ready to go. DNS name is also updated to have the new master.

We have 300 + nodes to be migrated from old puppet master to the new master.

What is the easiest way to move the certificates from the old master to the 
new master?

Please list the steps/commands in detail. 

Error message :

#sudo puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will 
continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify 
failed: [unable to get local issuer certificate for 
/CN=newmaster.domain.com]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate 
additional resources using 'eval_generate': SSL_connect returned=1 errno=0 
state=error: certificate verify failed: [unable to get local issuer 
certificate for /CN=newmaster.domain.com]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: 
Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect 
returned=1 errno=0 state=error: certificate verify failed: [unable to get 
local issuer certificate for /CN=newmaster.domain.com]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate 
additional resources using 'eval_generate': SSL_connect returned=1 errno=0 
state=error: certificate verify failed: [unable to get local issuer 
certificate for /CN=newmaster.domain.com]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could 
not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 
errno=0 state=error: certificate verify failed: [unable to get local issuer 
certificate for /CN=newmaster.domain.com]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect 
returned=1 errno=0 state=error: certificate verify failed: [unable to get 
local issuer certificate for /CN=newmaster.domain.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: 
certificate verify failed: [unable to get local issuer certificate for 
/CN=newmaster.domain.com]

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/995d4ae1-e794-44c9-9bb7-df06816a34c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] Re: stdlib keys() and values()

[Robert]

Eh, sorry.

So why's this with the above code:

Notice: /Stage[main]/Main/Notify[sdf]/message: defined 'message' as '1'
and keys($hash) gives 'a'

Why not arrays of the keys / values? Can't understand.

Thanks
Rp


On Thu, Sep 28, 2017 at 12:44 PM, Robert  wrote:

> Hello List,
>
> I can't think of a more basic question, but...
>
> $hash = {'a'=>1, 'b'=>2, 'c'=>3}
>
> notify { "sdf":
>
>   message => values($hash),
>
> }
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANwwCtyU1ybmN0P4f%3DcoYWD2fO5Jk1uiMkpivgU4NKC9nUnznw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Puppet Users] stdlib keys() and values()

[Robert]

Hello List,

I can't think of a more basic question, but...

$hash = {'a'=>1, 'b'=>2, 'c'=>3}

notify { "sdf":

  message => values($hash),

}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CANwwCtx%3DkXb-Tp_ftmH6q%3DEPwO_oUoaWjoxDCdKOQOmPg16VHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.