Re: [Puppet Users] Re: Adding then removing SW - best practices?
I've begun to shift to anticlass-by-default. This is driven by the need to provide documentation to auditors and the like. I foo::remove by default, then foo::install as needed (wrapped in appropriate logic to avoid resource conflicts). On Monday, October 27, 2014 1:21:55 PM UTC-7, JonY wrote: I've been using 'anti-classes' up to now.. hoping for a better way.. alas... On Monday, October 27, 2014 11:17:12 AM UTC-7, Trevor Vaughan wrote: One day, long ago in 2008, there was a discussion on anti-classes: http://comments.gmane.org/gmane.comp.sysutils.puppet.user/5884. Yeah, they're still irritating, but I don't really know how else to do it. init.pp ( $enable = true ) == Main Class init.pp ( $enable = false ) == Anti Class Trevor On Mon, Oct 27, 2014 at 11:54 AM, Brian Morris nomadic...@gmail.com wrote: This could be done in a stateful fashion. Start with a facter like this: Facter.add(:apache_exists) do confine :osfamily = Debian setcode do if Facter::Util::Resolution.exec(dpkg -l | grep apache2 | grep -v apache2-utils | grep ^ii) true end end end ... and then, in a manifest, reference the facter to see if it is true: if ( $::apache_exists ) { do something, } Brian On Sunday, October 26, 2014 5:18:44 AM UTC-7, JonY wrote: Let's say that I'm deploying a steady stream of identical hosts. Each has some piece of SW on it that's managed by Puppet. I continue to (regularly) add to and maintain this group over time. Day comes when this SW is no longer required. So I remove the module from Puppet to prevent it being included on future hosts in this group. What about the existing hosts? I ask. Add a module to remove the SW I think. What about the future hosts? Won't this seem a bit odd to tell puppet to remove SW that was never installed? I wonder. Puppet is idempotent! says the FM. Ok - but it still seems amiss. To a 'distant observer' it would seem an odd practice. says I. Should I break up the 'before' and 'after' hosts into separate groups / environments? I use an ENC to manage the modules. Maybe a DB entry to indicate who gets the extra module? Some other pathway? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/825cb051-76b9-4353-8ee7-20c7b81d2896%40googlegroups.com https://groups.google.com/d/msgid/puppet-users/825cb051-76b9-4353-8ee7-20c7b81d2896%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvau...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/eaa2c46c-8581-4a39-9725-53dee3364d73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [Puppet Users] Can't get past Permission denied error
Do you have selinux in enforcing mode? If so, try setting it to permissive mode and see if it starts working. On Mar 14, 2013 8:09 AM, Mike Canty cantyma...@yahoo.com wrote: I am running Centos 6 and was able to install Puppet 3.1.1. However, when trying to run puppet, as root, for the first time, I get the following message: # puppet master --nodaemonize --verbose --debug Could not prepare for exection: Permission denied - /etc/puppet/ssl/ca/ca_key.pem I'm not sure what the next steps are to troubleshoot this. Could anyone please provide insight and help? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] how to customize hiera lookups per node?
I don't know of a way to have multiple hierarchies, but if you need central control of parameters like profile you can use an ENC. At one point I even experimented with a yaml- based ENC that used my hiera data files to keep all the information in one place. On Mar 8, 2013 10:54 AM, Chad Huneycutt chad.huneyc...@gmail.com wrote: Hi James, We are in a similar situation. I think of it slightly differently, though. We are trying to use the roles/profiles pattern, and I am having trouble figuring out how to get hiera to use the profile to do the lookup. So rather than explicitly listing the values in the hierarchy, I want: :hierarchy: - host/%{::fqdn} - profiles/%{profile} - common So not per node, but per profile, but it seems like that is what you really want anyway? I could, as Brendan suggests, distribute a fact out to all the nodes, but I worry about the security of that solution since it puts the node in control of its configuration. I have come up with a scheme that will work if I can figure out the class that included the class that does the hiera lookup, but that is a bit of a hack and probably not scalable. Ideally, I would love it it puppet supported a pattern like roles/profiles directly in the dsl and could expose that to hiera. - Chad On Thu, Mar 7, 2013 at 3:11 PM, James Ralston rals...@pobox.com wrote: We have a small and growing Puppet infrastructure we started a few months ago: about 30 modules and 40 hosts. At this point, all of the modules we have written use parameterized classes. That way, when we call the module from the host's node.pp file, we can override defaults (if necessary). We knew using parameterized classes wouldn't scale. Now that we've upgraded to Puppet 3 on the server and all of our clients, we want to do things the Hiera way. The problem is, we've been unable to find any good documentation on how to use hiera and Puppet together. Yes, we've read the hiera documentation on the puppetlabs web site. That was helpful in explaining hiera general concepts, but it doesn't really explain how to integrate hiera data lookup with Puppet. The main thing we're trying to understand is how each host manifest can declare its own hiera hierarchy for data lookup. We can't do this with the yaml backend, because the yaml backend will apply the same hierarchy to EVERY client, because all Puppet clients use the /etc/puppet/hiera.yaml file on the puppetmaster. Granted, we can customize the hierarchy on the puppetmaster with facter facts, but that doesn't give us enough control. For example, host foo might want: :hierarchy: - host/%{::fqdn}/config - app/external-nameserver/config - common/config But host bar might want: :hierarchy: - host/%{::fqdn}/config - app/internal-mailserver/config - common/config That's what we can't figure out how to do with hiera. Frustratingly, the one section of the hiera documentation on the puppetlabs web site that looks like it might explain what we need to know—the Usage with Puppet section—just says Coming soon. There's just no way we're the only site out there using Puppet who needs to vary the hiera lookup hierarchy per node. What's the secret to it? How do you actually do it? Thanks, James -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- Chad M. Huneycutt -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter Puppet disagree on RHEL 6?
I've checked, but there's only one set of RPMs installed and the facter binary points to those. # rpm -qa | grep puppet pe-puppet-enterprise-release-2.0.3-0.pe.el6.noarch pe-puppet-2.7.9-3.pe.el6.noarch pe-rubygem-puppet-module-0.3.4-2.pe.el6.noarch rpm -qa | grep facter pe-facter-1.6.4-2.pe.el6.noarch # which facter /usr/local/bin/facter # which puppet /usr/local/bin/puppet There's nothing installed from tarball or gem, this is a newly built box with just our standard RPM setup on it. On Thu, Feb 21, 2013 at 8:57 AM, jcbollinger john.bollin...@stjude.orgwrote: On Wednesday, February 20, 2013 8:11:20 PM UTC-6, Aaron Grewell wrote: It's not that simple. Puppet thinks osfamily is 'Linux' whereas facter returns 'RedHat' at the command prompt. I can only assume, then, that the facter you are running from the command line is not the same (or same-configured) facter that the agent is running. Perhaps it is using different libdirs in the two cases, or maybe you have two completely separate Facters on the system. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter Puppet disagree on RHEL 6?
Argh, never mind. It's a garden variety client-server version mismatch. I must've grabbed the wrong version when building the image. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Facter Puppet disagree on RHEL 6?
I've run into an odd one on one of my new RHEL 6 boxes. Puppet and Facter seem to disagree about the value of a fact. Puppet version: 2.7.9 Facter version: 1.6.4 Module: puppetlabs-apache apache::params falls through its if structure: if $::osfamily == 'redhat' or $::operatingsystem == 'amazon' { ... } elsif $::osfamily == 'debian' { ... } else { fail(Class['apache::params']: Unsupported operatingsystem: $::operatingsystem or osfamily: $::osfamily) } The module returns the following error: Error 400 on SERVER: Class['apache::params']: Unsupported operatingsystem: RedHat or osfamily: Linux Facter, however, seems to think osfamily is 'RedHat' as it should be: facter -p osfamily RedHat It's very strange. Have any of you seen this one before? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Facter Puppet disagree on RHEL 6?
It's not that simple. Puppet thinks osfamily is 'Linux' whereas facter returns 'RedHat' at the command prompt. On Feb 20, 2013 5:33 PM, Len Rugen lenru...@gmail.com wrote: I wasn't sure, too many different languages I guess for a test you could code it == RedHat, but we have a lot of RHEL 6 and I suspect would have hit this somewhere. On Wed, Feb 20, 2013 at 7:12 PM, Nick Fagerlund nick.fagerl...@puppetlabs.com wrote: On Wednesday, February 20, 2013 5:08:27 PM UTC-8, LenR wrote: CaSe SenSitiVe? RedHat vs. redhat? Puppet's == operator is case-insensitive. http://docs.puppetlabs.com/puppet/3/reference/lang_expressions.html#equality If it's a case issue, it's a horrible compatibility-breaking bug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Re: Dynamic yum.conf 'exclude' line
Take a look at the yum versionlock plugin. It allows you to lock a particular package at a given version for situations like this. We use the following define to manage our locked packages. If I were writing it today I'd probably use file_line, but it's worked well for us so I've had more important things to do. # # Actions: # Implements a versionlock define to make version locking easy # # Requires: # # Sample Usage: # # To lock a package version: # packages::yum::versionlock{ kernel-uek: # epoch = '(none)', # version = '2.6.32', # release = '100.26.2.el5', # } # # To remove a version lock: # packages::yum::versionlock{ kernel-uek: # epoch = '(none)', # version = '2.6.32', # release = '100.26.2.el5', # ensure = 'absent', # } define packages::yum::versionlock ($epoch,$version,$release,$ensure = 'present', $version_lock_list = '/etc/yum/pluginconf.d/versionlock.list') { include packages::yum case $ensure { present: { exec { yum_add_versionlock_${name}: command = /bin/echo '${epoch}:${name}-${version}-${release}' '${version_lock_list}', unless = /bin/grep -q '${epoch}:${name}-${version}-${release}' '${version_lock_list}', require = Package['yum-versionlock'], } # exec } # case 'present' absent: { exec { yum_del_versionlock_${name}: command = sed -i -e /'${epoch}:${name}-${version}-${release}'/d '${version_lock_list}', onlyif = /bin/grep -q '${epoch}:${name}-${version}-${release}' '${version_lock_list}', require = Package['yum-versionlock'], } # exec } # case 'absent' } # case $ensure } # define On Mon, Jan 28, 2013 at 6:40 AM, jcbollinger john.bollin...@stjude.orgwrote: On Friday, January 25, 2013 4:05:37 PM UTC-6, Gonzalo wrote: On Sat, Jan 26, 2013 at 1:38 AM, jcbollinger john.bo...@stjude.orgwrote: Puppet's architecture does not lend itself to constructing values iteratively, and what Hiera brings to the table in that area does not apply to the scenario you describe. There are a couple of ways you might be able to work around Puppet's constraints there, but before you go that way I would suggest that you consider alternative strategies. Let's start with why you want to add package exclusions to yum.conf via multiple modules. I have some ideas of why you might be trying to implement such a design, but I'd prefer to avoid guessing. Hi John, Thanks for your reply. To be honest, I think in this particular case it's more about trying to work out how to solve this type of problem, perhaps not necessarily useful with this exclude line issue. One hypothetical example might be constructing a users= line for some config file and I want to set users from various modules to construct the line. As I said, Puppet's architecture does not lend itself to that kind of thing. In particular, variables and resource properties can be assigned values only once each. Moreover, it is pretty much always a mistake for manifest sets to attempt introspection, as this introduces unneeded extra sensitivity to manifest parse order. Instead, one generally needs to step back and take a different approach. One such approach might be to build up your data in a custom external node classifier (ENC), which provides it to your classes via either a global Puppet variable or a class parameter. Another approach is for modules to declare independent resources instead of collaborating on a single resource. The Concat add-on module, for example, provides a way to implement that for files. You could, in principle, implement similar facilities to serve other purposes. Or you may find that you don't actually need quite the degree of flexibility you describe after all. For this exclude line question, I have a class that many nodes include and they all need to exclude one particular RPM to ensure a yum update never upgrades it. These same servers include another class, which also have a package to be excluded. Do you have any ideas on how to solve this type of problem? For packages in particular, you have additional options: 1. In your Package declarations, you can use ensure = 'present' or even ensure = 'package-version' instead of ensure = 'latest'. That won't prevent a manual package update, but it will prevent Puppet from performing unwanted package updates. The variation where you specify a package version may even get Puppet to revert unwanted manual updates. 2. You really ought to take control of your package repositories. Creating and curating local repositories not only ensures access and reduces demands on your network connection to the outside world, but it also allows you to exercise complete control over what packages are available for installation / update. Depending on your package management system, local repositories may confer additional benefits. For example, on
Re: [Puppet Users] function to map actual pubkeys to ssh_authorised_key {} resources?
If you move the keys into Puppet variables (ideally retrieved via Hiera) you can then use them to create both the key files and the ssh_authorized_key entries. . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: two mounts with the same name (one present, one absent)
On Jan 18, 2013 11:31 AM, jcbollinger john.bollin...@stjude.org wrote: On Friday, January 18, 2013 12:11:42 PM UTC-6, iamauser wrote: What's the best practice to define two mount resources with same name, but different fstypes or ensure parameter ? In my particular case, I have the following : Two mounts defined as virtual resources with same name but different fstype. One is is ensuring present, other absent. Puppet doesn't like it, Looking at a bug report earlier ( http://projects.puppetlabs.com/issues/7491 ), I followed the suggestion, but it doesn't help. puppet throws this error : Instead, declare the resource once, and either set its parameters conditionally or override them, where needed, by one of the supported mechanisms for doing so. John If I understand correctly the conditional would be based on the current fstype of the mount. It seems like a custom fact would be needed. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: puppet-dashboard load balanced report processing issues.
Even an nfs share will not fix this. We tried it. We had to make dashboard active - passive to fix it. Otherwise lots of dashboard errors result which must be cleared via rake task or the dashboard slows to a crawl. On Jan 2, 2013 1:56 PM, jemmorey jor...@obsecurities.com wrote: Looks like there is no current method to prevent multiple dashboard nodes from stomping on each others reports, the delayed_jobs table does have a locked_by, but that is only used during the actual event processing. mysql describe delayed_jobs; ++--+--+-+-++ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-++ | id | int(11) | NO | PRI | NULL| auto_increment | | priority | int(11) | YES | MUL | 0 || | attempts | int(11) | YES | | 0 || | handler| longtext | YES | | NULL|| | last_error | text | YES | | NULL|| | run_at | datetime | YES | | NULL|| | locked_at | datetime | YES | | NULL|| | failed_at | datetime | YES | | NULL|| | locked_by | varchar(255) | YES | | NULL|| | created_at | datetime | YES | | NULL|| | updated_at | datetime | YES | | NULL|| ++--+--+-+-++ 11 rows in set (0.00 sec) I suppose I will open this as an RFE. If anyone has any other ideas how to do this (other than the dreaded NFS share) please let me know. Thanks! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/KufkHt4fpc8J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Have Class Only Perform Actions When There Is Work To Do (i.e. Making Them Idempotent)
I would highly recommend you just package your custom python and install it using a package management system, rather than doing what you're doing. In this case you really ought to consider packaging, but there's always *something* that doesn't work that way for whatever reason (badly-wrapped vendor software is a favorite here). IMHO a tarball installer is a necessary evil in certain situations. It'll probably take a bit of tweaking to get it working in your environment , but this works well for me. # Define: packages::tar::install # # This define installs tar-based packages, including making sure they're # only installed once and performing cleanup after the installation. # # Sample Usage: # packages::tar::install { 'vmware-solaris-tools': # package = 'vmware-solaris-tools-381511.tar.gz', # name of tarball # repo = 'http://hostname/path', # ftp or http path minus filename # dir = 'vmware-tools-distrib', # top-level directory in the tarball # installer = 'vmware-install.pl', # name of install script # options = '-d', # options to pass to install script # tmpdir= '/opt/tmp', # dir to extract tarball into # } define packages::tar::install($repo,$package,$dir,$installer,$options,$tmpdir='/var/tmp', $timeout='600',$dotdir='/opt/puppet/libexec'){ exec { wget -O $tmpdir/$package $repo/$package: unless = /usr/bin/test -f ${dotdir}/.${package}, path= [/opt/csw/bin,/usr/bin], alias = wget_${package}, require = File[$tmpdir], } exec { gunzip -c $tmpdir/$package | tar xf - : unless = /usr/bin/test -f ${dotdir}/.${package}, path= [/bin,/usr/bin,/usr/sbin], alias = untar_${package}, cwd = $tmpdir, require = Exec[wget_${package}], } exec { $tmpdir/$dir/$installer $options: unless = /usr/bin/test -f ${dotdir}/.${package}, cwd = $tmpdir/$dir, alias = install_${package}, timeout = $timeout, require = Exec[untar_${package}], } exec { touch ${dotdir}/.${package}: path= [/bin,/usr/bin], unless = /usr/bin/test -f ${dotdir}/.${package}, alias = ${package}_dotfile, require = Exec[install_${package}], } exec { rm -rf $tmpdir/$dir: path= [/bin,/usr/bin], onlyif = /usr/bin/test -d $tmpdir/$dir, cwd = $tmpdir, alias = rm_${dir}, require = Exec[install_${package}], } exec { rm -f $tmpdir/$package: path= [/bin,/usr/bin], onlyif = /usr/bin/test -f $tmpdir/$package, cwd= $tmpdir, alias = rm_${package}, require = Exec[install_${package}], } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Static IP assignment
I'm currently experimenting with an option added in vSphere 5 that has promise: assuming your VM Template has VMware Tools preinstalled you can use the Perl API to run programs directly in the resulting VM. Assuming you have API access (vSphere or commercially licensed ESXi have this, the free version doesn't) you can address the VM by name once it's started and run whatever programs you like. No need for network, etc. See: http://www.virtuallyghetto.com/2011/07/automating-new-integrated-vixguest.html On Wed, Oct 17, 2012 at 8:19 AM, GordonJB g.bonth...@gmail.com wrote: OK, that all makes sense, thanks for the help! On Wednesday, 17 October 2012 16:02:55 UTC+1, Matthew Burgess wrote: On Wed, Oct 17, 2012 at 3:49 PM, GordonJB g.bon...@gmail.com wrote: So I take it that when the new VM announces itself to the network, it will go off to the DHCP server and pick a static IP if there is one defined already for it's MAC address in a config file somewhere? Yes, that's correct. You can also set up a generic pool of addresses that a VM may get one from if you don't know its MAC address, but then you're not guaranteed to get the same IP address every time. The problem I encountered with VMWare VMs was that the MAC address wasn't generated until the VM was first powered on, so configuring DHCP ahead of time wasn't possible. As we didn't have any automated provisioning set up, the process was to do an initial boot and interrupt the boot process fairly quickly and power the VM off. Then I'd grab the MAC address from VSphere and pop it into the DHCP server's config. Is there a way to have a MAC address/IP pairing generated if one does not exist? I think the approach I'd take with this is to have a fairly small pool of addresses used for temporary IPs while a box is being provisioned. Once the box is up, you could have another puppet module that would figure out, using some other policy (potentially as simple as doing a DNS lookup on your VM's hostname), what the IP address of the box should be, find the MAC address of the NIC (exposed by facter), then put that in to the DHCP server's config. Automated provisioning solutions such as Foreman or Razor (http://puppetlabs.com/blog/puppet-razor-module/) may have better/other ways of doing it, but that would be my initial approach. That Razor page also links to Puppetlabs' own DHCP module (https://github.com/puppetlabs/puppetlabs-dhcp), so I'd be prone to try that for your DHCP config needs first, before looking at modules on the Forge. Regards, Matt. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/UJQuzY-oj_kJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Open Source to Enterprise migration?
On Wed, Oct 10, 2012 at 9:01 AM, Shawn Knight shawnkni...@gmail.com wrote: Hi, Can any users of Puppet tell me about experiences in upgrading a Puppet Open Source environment to Enterprise? Hi Shawn, We went through this with Puppet 2.6 and PE 2.0. It wasn't particularly painful, though we did have Puppet Labs PS on site to help. For a standalone installation of Puppet I wouldn't consider that necessary, but if you want to add HA, multiple masters, or other complex configs you may want to consider it. It depends on whether you've already done those things in your existing Puppet install. At a basic level we configured our CA's, had our old Puppet Masters configure the clients to use the PE Masters, then had the PE Masters install the PE Agent. It was easier than running the PE Installer everywhere. If your existing Puppet infrastructure is too new you may not be able to go this route since the agents can't be newer than the master. Planning elements: if you're not using the Puppet Dashboard already you'll want to think about whether the MySQL server and PE Console services need to be HA. If you're going to use the PE Console as an ENC then I'd vote yes, since the ENC becomes a single point of failure regardless of how many Masters you have. You'll also want to read up on the Puppet Certificate Authority since you'll be dealing with your existing certificates one way or another. If you're not using MCollective it's one of the nice things about PE since it comes pre-configured and you don't have to learn how to configure ActiveMQ and friends right away. Unfortunately it doesn't run arbitrary programs so in order to extend it to do new things you'll have to read up on a little bit of Ruby. All-in-all the complexity of it mostly depends upon the complexity of your existing environment. As far as downtime goes, you can easily run them side-by-side (managing different clients obviously) so you shouldn't need to worry about having completely unmanaged systems. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How to prevent puppet clients from updating to version 3?
If you really want control over this you should build your own local repo mirror. That way you can be absolutely certain of what your systems will have access to. RHEL and friends come with all the tools to do this so it's not a major undertaking. On Oct 3, 2012 7:37 AM, Mister Guru misteritg...@gmail.com wrote: I'm sending this email to start this thread, feel free to comment as appropriate. I'm going to assume that it's going to take a while for most people to actually realise that the puppet update may be giving them some issues, so, comments and suggestion please! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Where do you store sensitive files with puppet+git approach?
We use hiera-gpg for ours. Files containing sensitive information are converted into templates so that only the necessary strings are included in gpg. If we really needed to distribute full files I would probably build a separate directory tree backed by its own repository for this. It's just never been necessary for us. On Oct 1, 2012 6:47 AM, Vaidas Jablonskis jablons...@gmail.com wrote: Hi People, I have a quick question, which hopefully you will have an answer to. I am slowly moving towards puppet and git with multiple branches for different environments. Things are going pretty well, but now I have a small issue. The question is where should I store sensitive files, for instance SSL private keys or some files which contain sensitive data? I am aware of hiera-gpg storage backend, but that is more suitable for storing plain text strings rather than actual files - correct me if I am wrong? I am looking forward to hear your opinion on this subject. Thanks in advance. -- Vaidas -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/DjQqqdK2NJ4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Re: [Puppet-dev] Do you rely on 'param=undef' being equal to '(nothing)'?
I'm using the current behavior in inherited classes to unset parameters set by the parent class. If that no longer works it will definitely impact my code. On Sep 14, 2012 11:31 AM, Eric Sorenson eric.soren...@puppetlabs.com wrote: Hi, there's an issue that came up recently in the 3.0RCs -- Big thanks to Erik Dalén for reporting it in #16221 -- that involves a behaviour change to part of the DSL. In a nutshell, this code: define foobar ($param='Hello world') { notice($param) } foobar { 'test': param = undef } in 2.7, causes 'Hello world' in the notice. In 3.x, it's nothing. As I said in the bug, this seems more correct to me -- I've overriden the default with an explicit 'undef', taking off the default. The same thing goes for invoking parameterised classes with undef arguments, which is perhaps more ambiguous (example from matthaus): class toplevel ( $maybe = false, $optional = undef ) { if ($maybe) { class { toplevel::secondlevel: optional = undef } } } In order to make use of the default for the `optional` parameter in toplevel::secondlevel, you'd now need to either test in `toplevel` whether `$optional` was passed into it, or have toplevel::secondlevel use an `$optional_real` value inside it, similar to what's commonly done to append to defaults that are array values. The closest thing to documentation around this suggests the new behaviour is what's intended http://docs.puppetlabs.com/puppet/2.7/reference/lang_classes.html#overriding-resource-attributes : You can remove an attribute’s previous value without setting a new one by overriding it with the special value undef: class base::freebsd inherits base::unix { File['/etc/passwd'] { group = undef, } } So, I'm trying to determine whether this is a widespread pattern or an edge-case. Do you expect 'param=undef' to be the same as not specifying param at all, or for the receiver to see the undef? Eric Sorenson - eric.soren...@puppetlabs.com PuppetConf'12 - 27-28 Sep in SF - http://bit.ly/pcsig12 -- You received this message because you are subscribed to the Google Groups Puppet Developers group. To post to this group, send email to puppet-...@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Problem with hiera arrays not obeying the hierachy
The hiera function works as you described and supports strings, arrays and hashes. The hiera_array and hiera_hash functions build additive arrays and hashes that include the values of all matching variables across the entire hierarchy. For your use case you should use hiera() instead of hiera_array(). On Sep 3, 2012 8:42 AM, Josh j...@chickenmonkey.co.uk wrote: ...my hiera.conf since it would probably help. %{datacentre} is a custom fact that is set at build time: --- :hierarchy: - node/%{hostname} - common/%{datacentre} - common/common :backends: - yaml - puppet :yaml: :datadir: '/local/puppet/env/%{environment}/hieradata' :puppet: :datasource: data -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7FV-TOufBLcJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The rewritten Puppet 2.7 language reference is live
On Thu, Aug 23, 2012 at 4:32 PM, Nick Fagerlund nick.fagerl...@puppetlabs.com wrote: On Thursday, August 23, 2012 12:47:16 PM UTC-7, Aaron Grewell wrote: In http://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#hashes it would be helpful to have a hash example that contains multiple keys each with multiple subkeys. You're right, I'll put one in. (Although since sometime before 2.7, you can actually use trailing commas in hashes the same way you do in resource declarations. I'll add that to the docs too!) That looks really good. After reviewing my code, I suspect that my issue was not that Puppet's approach was inconsistent but rather that I never use this kind of nesting in my resource declarations. It's common for hashes though, so the new examples are a definite plus. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] The rewritten Puppet 2.7 language reference is live
Hi Nick, I have a suggestion. In http://docs.puppetlabs.com/puppet/2.7/reference/lang_datatypes.html#hashes it would be helpful to have a hash example that contains multiple keys each with multiple subkeys. The way the commas are distributed in that scenario is different from how commas are handled in resources and properties which can be confusing. After reading the hash section I ended up having to google for a more complete example and I'm sure I'm not the only one. Thanks again for your work, I really like the new layout. -Aaron On Tue, Aug 21, 2012 at 1:40 PM, Nick Fagerlund nick.fagerl...@puppetlabs.com wrote: Hi all, I've finished the all new Puppet 2.7 language reference. EXCITING! Well, exciting to me, at least. Table of contents: http://docs.puppetlabs.com/puppet/2.7/reference/ Visual index (for when you know what you're looking for but you don't know what it's called): http://docs.puppetlabs.com/puppet/2.7/reference/lang_visual_index.html And of course, use the navigation in the left sidebar to jump between pages. Our goal here is to nail down every detail of how the Puppet language works, then cut new versions along with major Puppet releases. We'll eventually be expanding this versioned document with non-language details -- we've been referring to this plan as the Puppet reference manual. Its purpose isn't to replace any of the guides or how-tos, but to lay down a just the facts baseline that lets you get in and out fast. Anyway, we hope you find it useful. Thanks for using Puppet. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/bDBvT082CjQJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera targetted value lookup
On Tue, Jul 24, 2012 at 8:08 AM, tomash tom.ash...@gmail.com wrote: Hi, I'm trying to get to grips with hiera and yaml as the backend. given a yaml file like this: --- user: dave: home: /home/dave shell: /bin/bash steve: home: /home/steve shell: /bin/zsh How would I do a hiera lookup for steve's shell? on the cli, I cannot do hiera steve.shell as I might expect. Try something like this: $user = hiera('user') $shell = $user['dave']['shell'] -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hiera vs LDAP
On Wed, Jul 18, 2012 at 2:09 PM, Trevor Vaughan tvaug...@onyxpoint.com wrote: So, I was following the thread how to conditionally add users to a virtualized group? and had a bit of a realization that I'm not quite sure why Hiera is a better backend than LDAP. In our environment at least, messing around with the LDAP schema is a non-starter. I can change my Hiera setup any time. That alone makes it better for me. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] file_line type issue, possible bug
Depending on your sudo version you could also put snippets in /etc/sudoers.d. This has the advantage of allowing each class to manage its own sudoers file without any Puppet conflicts. On Jun 10, 2012 3:56 AM, Ryan Bowlby rbowlb...@gmail.com wrote: Hi All, I am using the file_line type included in stdlib to add a line to /etc/sudoers. On each run the sudo module replaces /etc/sudoers, then file_line resource adds the line back. It's happening on each run and I can't seem to figure out to get the sudo module's file resource to stop replacing the file on each run. I was hoping the file resource would ignore any lines propagated by the file_line resource. Is this a bug or am I just missing something? -Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/L7OtmlWKio0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Newbie question: what to start from?
On Fri, May 18, 2012 at 11:07 AM, Christopher Wood christopher_w...@pobox.com wrote: When we started using cfengine long time ago cookbooks _with_examples_ were available, it was very convenient. There's an integrated set of example modules here that are worth a look: http://www.example42.com/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Using Puppet to manage preexisting servers
On Wed, May 16, 2012 at 5:07 AM, Mister IT Guru misteritg...@gmx.com wrote: Ordinarily, I'd say lets upgrade your working practices while we're at it, and properly manage your whole workflow, manage access and manage who can make changes. Lets start by rebuilding your boxes to specification, and migrating your existing data over. Sounds great, Client says no huh? - Now I need to rethink my strategy. One of the tools that's helpful in this situation is Puppet's no-op mode. This gives you the ability to report in advance on what would change during a Puppet run. It's helpful for reassuring angsty customers as well as making a list of what might need to be reverted in an emergency. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] how best to combine business data (Hiera) and machine data (Facts)
I suppose you could create a separate class for the entries that will be fact-driven versus Hiera-driven. You wouldn't be able to use a single template, but either augeas or concat should work. I wouldn't call it elegant, but the code might be less ugly. On Fri, May 11, 2012 at 9:47 AM, Luke Bigum luke.bi...@lmax.com wrote: Hi Gary, Not quite... Let me go into more detail. I'm trying to handle sysctl perfectly which is probably my real problem. Hiera's ability to merge hashes together makes it perfect for arriving at one set of sysctl options for a server based on business logic (my hierarchy). For Hiera data on 'someserver' below which has 'some_role', calling hiera_hash in a Puppet manifest will give me IP forwarding set and rp_filter set, which is what I want: - some_role.json { sysctl : { net.ipv4.ip_forward : { comment : Controls IP packet forwarding, value : 1 } } - common.json -- { sysctl : { net.ipv4.ip_forward : { comment : Controls IP packet forwarding, value : 0 }, net.ipv4.conf.default.rp_filter : { comment : Controls source route verification, value : 1 } ... ... } - Where it becomes difficult is trying to then incorporate pure Fact data to influence or modify these decisions. Lets say that I actually get back 20 keys of sysctl data, one of those is 'vm.swappiness'. Most of my nodes have a value of '10', but lets say hypothetically that I have a small set of nodes that require a different value because of the amount of RAM available in the machine (a decision needs to be made based on hardware, not business logic). This is purely a Fact. Introducing another level of hierarchy for Fact 'memorytotal' is a bit silly in this case. The sysctl class looks roughly like this: --- sysctl.pp -- class sysctl { $sysctl_hash = hiera_hash('sysctl') create_resources('sysctl', $sysctl_hash) } -- I love that simplicity, however it's difficult to introduce edge cases that modify the data retrieved from Hiera based on Facts. Class inheritance won't work because create_resources() seems to insert into the catalog in an uninheritable way - bug report or fixable with Ruby DSL perhaps? Filling this class full of if ($fact) modify hash to munge the data pulled from Hiera seems dirty too. There may be no elegant solution and as you say, 80-90% may have to do. -Luke On 11/05/12 16:53, Gary Larizza wrote: I see this with people looking to move to the hierarchical system that Hiera brings. It essentially boils down to How do I do this without having a ton of hierarchy levels?. Usually we tend to recommend using the hierarchy to hit the 80% mark for the data you need in your modules. Anything that's module-specific-data should then be broken out to a data.pp or params.pp file with conditional logic there. I tend to ask people: Is this something others are going to hit when they try to use the module too?, as in - Are there path differences between operating systems?, or Are there important changes to the data between RHEL 5 and 6?. If the answer to these is yes, then I tend to favor putting that data into a module's data class so that it's exposed for ANYONE who wants to use the module. Why would you want to hide these differences in the hierarchy - especially if others might run into them? Does this sound similar to the problems you're facing? Or is this a case where you have custom facts that are specific to your organization that determine how you manage sysctl? On Fri, May 11, 2012 at 8:42 AM, Luke Bigum luke.bi...@lmax.com wrote: Hi all, I've been improving our sysctl module and come across an interesting design problem I'd like feedback on. I approached the re-factor with Hiera in mind - I would put all our sysctl data in Hiera hash and pull that into a hiera_hash, merging the hierarchy of data and allowing higher priority sysctl settings to override the baseline defaults. I then use create_resources to write sysctl.conf. Works great to start with, but now I come across more and more cases where the sysctl data is dependent on machine logic (virtual vs physical, types of hardware, etc) that doesn't seem right to put into Hiera as I'd have a complex hierarchy for a bunch of edge case Facts. I seem to need to make decisions on two sources: business logic in Hiera hierarchy (that's easy with merging hashes) as well as considering what Facts or Classes applies to a node (machine logic). That's not trivial to do, especially with a potentially large set of data like sysctl.conf keys. Does anyone have any thoughts or tips on how they might be managing a similar situation? Thanks, -Luke -- Luke Bigum Information Systems Ph: +44
Re: [Puppet Users] distributing updates to multiple puppet masters (Subversion)
Our SVN repo box is shared with some other projects so I haven't implemented a post-commit hook at this point. We used to have Puppet perform the checkouts, but since a commit may break Puppet's ability to run it didn't seem like the best way. For now we're doing it via MCollective. On 05/02/2012 07:18 AM, Scott Merrill wrote: For folks with multiple Puppet Masters, how are you pushing out manifest and module updates to them? We intend to use Subversion for our version control. Obviously one option would be to have each Puppet Master perform a checkout of the svn repo. We could schedule periodic updates via cron. Or we could use a post-commit hook to rsync the updates out from the repo to each Puppet Master. What are you doing? What works well, and what headaches have you experienced? Thanks, Scott -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] scaling puppet, skipping puppetmaster?
Note that using multiple masters is one way to solve this. On Apr 27, 2012 10:46 AM, Philip Brown p...@bolthole.com wrote: I've heard that after (some # of machines) x (some size of manifests) puppet does not scale well, due to bottlenecking on the puppetmaster. Anyone doing large scale use by some other methods? For example, running puppet on each machine individually using cron or something? With the manifest distributed (via NFS? http? something else?) I'd be interested to hear alternatives. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ucp6vuDFbjYJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
[Puppet Users] Does create_resources support virtual resources?
Hi all, I'm interested pushing my user list out of my users manifest and into Hiera. Unfortunately I haven't been able to get it to work the way I thought it would. The error suggests that perhaps create_resources cannot create virtual resources, but the docs I've read so far don't address it. The class (in init.pp): class users { $system_users = hiera('system_users') $system_groups = hiera('system_groups') create_resources(@users::mkuser,$system_users) create_resources(@users::mkgroup,$system_groups) } # class users The define (in mkuser.pp): define users::mkuser ( $uid, $gid = undef, $group = undef, $shell = '/bin/bash', $home = undef, $ensure = 'present', $managehome = true, $dotssh = 'ensure', $comment = 'created via puppet', $groups = undef, $password = undef, $symlink = undef, $mode = undef ) { SNIP } The error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: could not create resource of unknown type @users::mkuser at /etc/puppetlabs/puppet/configurations/se/environments/development/modules/users/manifests/init.pp:29 Is this the expected behavior, or have I missed something obvious? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Does create_resources support virtual resources?
Thanks Gary. I'll go figure out how that works. :) On 03/30/2012 12:04 PM, Gary Larizza wrote: Create_resources doesn't support virtual users, but Hiera DOES support hash-merging, so it could find all users in all hierarchies with hiera_hash and then declare them at once. On Friday, March 30, 2012, Aaron Grewell wrote: Hi all, I'm interested pushing my user list out of my users manifest and into Hiera. Unfortunately I haven't been able to get it to work the way I thought it would. The error suggests that perhaps create_resources cannot create virtual resources, but the docs I've read so far don't address it. The class (in init.pp): class users { $system_users = hiera('system_users') $system_groups = hiera('system_groups') create_resources(@users::mkuser,$system_users) create_resources(@users::mkgroup,$system_groups) } # class users The define (in mkuser.pp): define users::mkuser ( $uid, $gid = undef, $group = undef, $shell = '/bin/bash', $home = undef, $ensure = 'present', $managehome = true, $dotssh = 'ensure', $comment = 'created via puppet', $groups = undef, $password = undef, $symlink = undef, $mode = undef ) { SNIP } The error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: could not create resource of unknown type @users::mkuser at /etc/puppetlabs/puppet/configurations/se/environments/development/modules/users/manifests/init.pp:29 Is this the expected behavior, or have I missed something obvious? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com javascript:;. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com javascript:;. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Gary Larizza Professional Services Engineer Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I get puppet onto a closed network ?
Thanks Mike, it's great to see the improvements that have been made to the repos over the last few months. You guys have clearly been hard at work. On Mar 25, 2012 4:17 PM, Michael Stahnke stah...@puppetlabs.com wrote: The EL5 repos on yum.puppetlabs.com should not require epel anymore. If it does, please file a bug. On Thu, Mar 22, 2012 at 5:27 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I would install yum-utils and use reposync on a system with internet access to create a local repo. Yum.puppetlabs.com has most of what you need, but you may also need a copy of the epel repo. On Mar 22, 2012 4:42 PM, Peter Bukowinski pmb...@gmail.com wrote: I'd copy down from the yum.puppetlabs.com site all the packages in the products and dependencies repos and set up your own local repos. Point your rhel boxes at it and install that way. The repos would be easier to mirror locally if puppetlabs setup an rsync server for them, but right now scraping them with curl/wget or manually downloading is your only option. -- Peter On Mar 22, 2012, at 6:52 PM, BigCod mar...@gmail.com wrote: I've a network of RHEL5.3 servers with no internet acess that I'd like to get puppet onto. All I have is the RHEL5.3 DVD media set up as a yum repo. Is there some way I can download puppet and all its dependencies so I can bundle them together and install them on my closed network ? I'm thinking I could install centos on a machine with net access, download and save all the puppet rpms to that ad copy accross to my closed network, is this the correct method ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] How can I get puppet onto a closed network ?
I would install yum-utils and use reposync on a system with internet access to create a local repo. Yum.puppetlabs.com has most of what you need, but you may also need a copy of the epel repo. On Mar 22, 2012 4:42 PM, Peter Bukowinski pmb...@gmail.com wrote: I'd copy down from the yum.puppetlabs.com site all the packages in the products and dependencies repos and set up your own local repos. Point your rhel boxes at it and install that way. The repos would be easier to mirror locally if puppetlabs setup an rsync server for them, but right now scraping them with curl/wget or manually downloading is your only option. -- Peter On Mar 22, 2012, at 6:52 PM, BigCod mar...@gmail.com wrote: I've a network of RHEL5.3 servers with no internet acess that I'd like to get puppet onto. All I have is the RHEL5.3 DVD media set up as a yum repo. Is there some way I can download puppet and all its dependencies so I can bundle them together and install them on my closed network ? I'm thinking I could install centos on a machine with net access, download and save all the puppet rpms to that ad copy accross to my closed network, is this the correct method ? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] net ads join
I'm not sure how much membership-specific code you have, but if it's more than just this you may want a custom fact rather than using unless/onlyif every time. We use QAS instead of Samba for domain membership but the idea is the same: --vas_status.rb-- require 'facter' vastool = '/opt/quest/bin/vastool' if File.exists? vastool `#{vastool} status` if $?.success? Facter.add(vas_status) do setcode { joined } end else Facter.add(vas_status) do setcode { unjoined } end end else Facter.add(vas_status) do setcode { uninstalled } end end On 03/05/2012 12:35 PM, Kinzel, David wrote: exec { path = /usr/bin, onlyif = 'test `net ads testjoin 21 | grep Join | sed -e \'s/ *Join is OK*/1/g\' -ne 1' command = 'net ads join -U administrator%password createcomputer=Samba } The onlyif doesn't work if the result of the testjoin returns Join is OK, depending on the test syntax, it just runs or doesnt regardless. There has to be a better way to do this... anyone with experience That regex doesn't look very nice. Are you sure running it from a regular shell produces what you want? What exactly is the net ads testjoin output look like? It would be much simpler to use: onlyif = net ads testjoin 21 | grep 'Join is OK' Which will use the return code of grep. If your code is exactly as shown in this email you are also missing a ` in your only if test, and your command = is not closed either. setting this up that cares to share? Anyone try using the refreshonly option somehow? Again, my goal here is just for the net ads join to run when the server is NOT joined to the domain (which should be rarely). Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet apache config for vhost
On 02/28/2012 06:45 AM, Tony G. wrote: You might want to use a parametrized class instead of the define, there is a discussion in removing or not from future puppet releases[1] No, you've misunderstood. The 'defined()' function is/was under consideration for removal. That's not the same as a 'define' resource, nor is a paramaterized class a replacement for a define. As much as I hate telling people to RTFM, this explains the differences much better than I can: http://docs.puppetlabs.com/guides/language_guide.html#resource-collections -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Unresponsive Agents - PE 2.0
Are you running RHEL 5? Did you recently patch your kernel? If so, you've probably been bitten by a kernel bug. I've successfully used kernel-2.6.18-274.17.1.el5 and backrev versions from the kernel-2.6.18-238.x.x series. On 02/22/2012 12:26 PM, Robert Stinnett wrote: Hi there, I am relatively new to Puppet (totally new) and had been cruising right along for a few days until about a week ago when our puppet agents went unresponsive. I've restarted both them and the servers several times to no avail. Can anyone point me down the path of how to diagnose this issue? We are currently evaluating Puppet to bring into our Enterprise for managing server provisions/configs/etc. Thanks, Robert Stinnett -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: overriding parts of a collection of defined resources
Resource defaults may help you. If you create a default file resource : File{ owner = root, group = root, mode = 644, } The file resources in the class will assume these defaults unless their own definition specifies otherwise. For large numbers of resources of the same type there is also a more concise declaration style : file { /etc/passwd: source = 'puppet:///someplace '; /etc/other: mode = 400, source = 'puppet:///someplace/else'; } Combining these two should be a relatively efficient way of getting there. On Feb 19, 2012 6:12 AM, Marc DiBlasi marc.dibl...@gmail.com wrote: I have a couple pointers that may help you. - The default user and group is root. - You can set type defaults like this: File { user = root, group = root} and if you put this in a class, it only applies to the class. If you put it in site.pp, it applies globally. - You can define multiple resources in the same declaration separated by a semi-colon. i.e. file { /etc/passwd: source = ...; /etc/ group: source = ...} Hopefully these allow you to speed things up a bit. On Feb 19, 12:43 am, David dnblankedel...@gmail.com wrote: Hi- Being relatively new to the language, I find myself in a situation where it seems like there must be an elegant way to handle this situation using the DSL, but I'm not really certain what it could be. I'm trying to describe a configuration that contains 20-30 or so file { } resources, all with the same attributes except for their mode and source. I could write them all out explicitly like this: file { '/etc/passwd': uid = root, gid = root, mode = 0644, source = 'puppet:///modulename/etc/passwd',} ... file { '/var/lib/someotherfile': uid = root, gid = root, mode = 0400, source = 'puppet:///modulename/var/lib/someotherfile', } but that seems unnecessarily repetitive. I originally started down the path of writing something like this (ignore the difference in the mode attribute for a moment): file { [ '/etc/passwd', ... , '/var/lib/someotherfile' ]: uid = root, gid = root, mode = 0400, source = puppet:///modules/modulename/${title}, } but this bug:http://projects.puppetlabs.com/issues/5259 and this mailing list discussion: https://groups.google.com/d/topic/puppet-users/bj_uPi_WxC4/discussion helped me understand that that attempting to reference the title attribute (the file's namevar) would never work and I would have to use a defined resource instead. Taking Nan's advice in that thread, I then wrote: define basefiles::conf($mode){ $serversource = 'puppet:///modules/modulename' file { ${name}: source =${serversource}/${name}, owner = root, group = root, mode = ${mode} } } basefiles::conf { '/etc/passwd:' mode = 0644 } ... basefiles::conf { '/var/lib/otherfile:' mode = 0400 } and that's all groovy. The manifest looks concise and readable. But here's where I stare at a tree and get lost in the forrest: the manifest I'm writing contains my base list of files. On some of my machines, I will want to override that base and substitute a different copy of one or two files from that list (e.g. I will want a different /etc/passwd put in place). Further research leads me to this discussion of overriding defined resources and the futility of trying: https://groups.google.com/d/topic/puppet-users/SDa1F817UBA/discussion That discussion leads me to believe it isn't possible to override defined resources in the same way you might with a class. That makes me think I have to either: a) move the files I might want to override out to their own separate class or b) add some logic to the resource definition to do something magical for certain invocations Both of these options seem icky to me because it means the base module has to be coded in such a way that it has some specific knowledge about when and how it might be overridden. That feels like bad coding mojo to me. So, is there a concise way to describe a collection of file resources, yet be able to override parts of that collection definition in an equally elegant fashion? My instinct says there must be (and it is probably palm-meets-forehead simple), but I can't seem to determine what that might be. Thanks for any help you can offer! -- dNb -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To
Re: [Puppet Users] Re: Strange behavior by service
On 02/09/2012 06:16 AM, jcbollinger wrote: On Feb 8, 5:34 pm, Aaron Grewell aaron.grew...@gmail.com wrote: I've got a bit of a head-scratcher here, though I'm sure it must be something small. I'm trying to enable a service for next boot without starting it. That usually just works but for some reason this time around it isn't. The node keeps trying to start the service which will always fail because it requires a reboot in order to enable the necessary kernel parameters. How do I make Puppet stop trying to start the service? I would try adding ensure = undef to the service's parameters. If that doesn't work then I can't imagine what would. John Thanks John, that did the trick. I'm not sure if I've got a service default set somewhere I didn't realize or what but at least now it's doing the right thing. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Strange behavior by service
On 02/09/2012 11:39 AM, Daniel Pittman wrote: I would try adding ensure = undef to the service's parameters. If that doesn't work then I can't imagine what would. Thanks John, that did the trick. I'm not sure if I've got a service default set somewhere I didn't realize or what but at least now it's doing the right thing. Thanks, John, indeed. I hoped to find a bit more time to dig in and understand exactly why, but my intuition is that we have a default of `ensure = true` for anything that doesn't explicitly mention the value. For a service that is the equivalent of `ensure = running`, which would explain the behaviour you saw. For most types that is the right thing to do, if the user is trying to manage something about it. If so it's not well covered in the Type docs. I tested this class under 2.6.x previously and did not experience this issue so it may be a 2.7.x change. A lot has changed about our environment since then so I can't definitively point at anything but if it's a change in the Puppet default value for 'ensure' then the docs should be updated to reflect that. Currently the type docs for 2.7.9 have the following to say about setting 'ensure' on a service: ensure Whether a service should be running. Valid values are stopped (also called false), running (also called true). -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On 02/08/2012 04:11 PM, Daniel Pittman wrote: You can't: if you tell Puppet to ensure the service is running, it will try to start it every time it finds it out of compliance. Look at the code. I didn't ensure = running. I set enable = true. AFAIK that doesn't mean 'start the service'. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Strange behavior by service
On 02/08/2012 04:29 PM, Daniel Pittman wrote: On Wed, Feb 8, 2012 at 16:13, Aaron Grewell aaron.grew...@gmail.com wrote: On 02/08/2012 04:11 PM, Daniel Pittman wrote: You can't: if you tell Puppet to ensure the service is running, it will try to start it every time it finds it out of compliance. Look at the code. I didn't ensure = running. I set enable = true. AFAIK that doesn't mean 'start the service'. Ah. Sorry, I missed that one small - but critical - detail. My bad. No worries. I didn't mean to sound so cranky, for a moment I was afraid I'd been whacked by the blindingly obvious again... I hate it when that happens. I looked through the manifest for errant defaults or something like that but found nothing. It's a puzzle. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What is the fully-qualified variable name format for external and factors variable in template erb file?
There's a couple of ways to do this, but I usually take the easy route: assign a local variable that has the global's value in the related manifest. In this case, in centrifydc's init.pp just set $domain=$::domain. This will appear as a local variable in the template and you don't have to change your ERB at all. On Mon, Feb 6, 2012 at 8:53 AM, Kenneth Lo k...@paydiant.com wrote: Trying to cleanup warning messages like the following: Dynamic lookup of $domain at /etc/puppetlabs/puppet/modules/centrifydc/templates/centrifydc.conf.erb:222 is deprecated. Support will be removed in Puppet 2.8. Use a fully-qualified variable name (e.g., $classname::variable) or parameterized classes. Do I simply replace %= domain % with %= ::domain % ? Same goes with variables define via dashboard? Thx in advance. --KL This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet can't start service (dropbox) but init.d command works manually
However, if I run the above command manually, it works fine and returns 0: root@webhost:~# /etc/init.d/dropbox start ; echo $? Starting dropbox... 0 Any ideas why puppet can't start the dropbox daemon? I had the same problem when running ssh-keygen via an exec. It ran fine from the CLI but not via Puppet. In my case it turned out that SELinux had been left enabled, so that's one thing to check. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Mining hash field out of the /etc/shadow shadow file
Since it's the shell redirection that Puppet seems not to like, why not wrap the commands in a shell script and use generate on that? On Jan 29, 2012 6:18 PM, Olivier ofran...@gmail.com wrote: and then lookup the hash in the /etc/shadow file or use the mkpasswd utility (with which I am not familiar) Once you have the hashed value of your desired clear text password you can copypaste that in the user definition. -Stefan your answer is just the text of my original question. So the question still stands: how do I get the hashed value from /etc/shadow? Here is the background of my problem. I have 40 puppet clients and one master. The password of each user expires after 90 days. Instead of changing their password manually on 40 different servers by logging into each server,each user will have to change his/her password on the puppet server only and Puppet will replicate the hash value on each puppet client. Obviously I will never know the user's password and am not interested in replicating the root password. NIS and LDAP are not an option. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Cross-module (package) dependencies
I was thinking more in terms of an exception handler: package { foo: ensure = installed, exceptDefined = skip} Or something of that nature. This could also be used in other situations where you want to bypass default behaviors. We've seen situations where users want to apply a file if it exists in the module but otherwise proceed without errors. This could be done like so: file {$foo: ensure = present, source = ${foo}.txt, exceptAbsent = skip} On Tue, Jan 24, 2012 at 1:28 AM, Felix Frank felix.fr...@alumni.tu-berlin.de wrote: Hi, there was a discussion in the can we deprecate defined() in Telly thread about how we can even begin to design Forge modules without it. A recurring problem is that multiple modules rely on certain packages, and there is no good model (yet) to unite their resource declarations. Therefore it's a common (although imho disgusting) workaround to do things like if !defined(Package[foo]) { package { foo: ensure = installed } } On 01/20/2012 11:34 PM, Cody wrote: Defining all somewhat common packages in a central location becomes unrealistic when you no longer control the code that is in every module you use. If you obtain five modules from the forge and they all require a specific package and so all define that package your not going to convince, nor is it a good design to require everyone to move the package definitions from that collection of modules. They need to function as a collection out of the box. Agreed. How can this be accomplished? Perhaps there needs to be some kind of Forge common module that by policy can only ever declare virtual resources (packages are a prominent example). A user who wishes to retain the capability of using modules from the Forge would be required to install this common module, and replace their own resource declarations with realizations of the common resources. For this to work, it's definitely a plus that you can override attributes in collections: Package| title == apache2: | { ensure = 2.2.12 } ...although that does bear some caveats. Does this still work in recent versions? If we can take this for granted, all Forge modules can adhere to that same standard. This is a rough sketch of how things might possibly work, and surely has lots of wrinkles of its own. Still, I'm quite sure we need a proper way to rid ourselves of the horror that is the parse order dependent check for defined resources ;-) Cheers, Felix -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error at the end of a puppet agent run...
If you didn't specifically configure Puppet to use Passenger then you're using Mongrel by default. Scalability = false. On Tue, Jan 24, 2012 at 8:24 AM, Peter Berghold salty.cowd...@gmail.com wrote: On Sun, Jan 22, 2012 at 7:54 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: What version of puppet are you using on the agent side and for your puppet master? Do you use mongrel or passenger or how do you run your puppet master? puppetmasterd 2.7.9 puppet agent 2.7.9 As of right now I am using neither passenger or mongrel. Considering doing so in the future. The puppet master and the puppet agents run as daemons both on the client side and the master side. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Error at the end of a puppet agent run...
Depending on your hardware and ruleset a dozen might be more than Mongrel will handle. On Tue, Jan 24, 2012 at 11:32 AM, Peter Berghold salty.cowd...@gmail.com wrote: Aaron, What does scalability have to do with this case? There are maybe a dozen systems being managed in this case (soon will be more, so then scalability may play into this) and the configs aren't that complicated. On Tue, Jan 24, 2012 at 2:21 PM, Aaron Grewell aaron.grew...@gmail.com wrote: If you didn't specifically configure Puppet to use Passenger then you're using Mongrel by default. Scalability = false. On Tue, Jan 24, 2012 at 8:24 AM, Peter Berghold salty.cowd...@gmail.com wrote: On Sun, Jan 22, 2012 at 7:54 PM, Stefan Schulte stefan.schu...@taunusstein.net wrote: What version of puppet are you using on the agent side and for your puppet master? Do you use mongrel or passenger or how do you run your puppet master? puppetmasterd 2.7.9 puppet agent 2.7.9 As of right now I am using neither passenger or mongrel. Considering doing so in the future. The puppet master and the puppet agents run as daemons both on the client side and the master side. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On Fri, Jan 20, 2012 at 2:34 PM, Cody c.a.herri...@gmail.com wrote: Defining all somewhat common packages in a central location becomes unrealistic when you no longer control the code that is in every module you use. If you obtain five modules from the forge and they all require a specific package and so all define that package your not going to convince, nor is it a good design to require everyone to move the package definitions from that collection of modules. They need to function as a collection out of the box. Are we sure it can't be fixed? What makes defined() so different from the code that implements require? Shouldn't if not defined be the same as if a require would fail? That seems to be what people are expecting, why not give it to them? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: RFC: Deprecate defined() function for Telly.
On Fri, Jan 20, 2012 at 2:49 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Are we sure it can't be fixed? What makes defined() so different from the code that implements require? Shouldn't if not defined be the same as if a require would fail? That seems to be what people are expecting, why not give it to them? Never mind that last bit, it took me a second to realize the order of operations would make that Very Hard. A better question would be do we have a proper replacement in the pipeline for Telly? Perhaps exception handling for require? If not then something's better than nothing IMHO. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Display correctly any array
As long as we're lacking a builtin method for pretty-printing data structures during a debug session inline templates are going to continue to be popular in scenarios like this. On Tue, Jan 17, 2012 at 10:06 AM, Krzysztof Wilczynski krzysztof.wilczyn...@linux.com wrote: Hi Felix, Seeing as this has not been mentioned in the thread yet, I'm compelled to add: $array_to_str = inline_template(%= array * ', ' %) or even notify { my-notify: message = inline_template(Here is the %= array * ', ' %.); } Ah, the oldie but goodie inline_template() abuse :-) We should stop endorsing this, really, hehe :) KW -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Display correctly any array
This (or something like it) should be a candidate for stdlib. On Tue, Jan 17, 2012 at 10:47 AM, Krzysztof Wilczynski krzysztof.wilczyn...@linux.com wrote: Hi Aaron, As long as we're lacking a builtin method for pretty-printing data structures during a debug session inline templates are going to continue to be popular in scenarios like this. Sadly, you are right. I personally dislike inline_template() hackety hacks and would rather solve a problem by making a more appropriate newfunction etc :) For instance, I have this simple dump() of mine, but something like a built-in var_dump() (a'la PHP) would be handy, indeed :) P.S. I am about to move dump() from Gists to a proper place on my github. KW -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: augeas error: Could not evaluate: unknown error - Failed to initialize Augeas
The rpm-based installs of the other components probably expect different paths than the gem is providing. IMHO you shouldn't mix rpm and gem-based installs. Weirdness is virtually guaranteed. Pick one style or the other and stick with it. On Jan 12, 2012 8:03 PM, LawrieC lawrie.ca...@gmail.com wrote: Thanks for the reply. I have now installed the augeas ruby bindings on the client by getting wget http://augeas.net/download/ruby/ruby-augeas-0.4.1.gem and running gem install ruby-augeas-0.4.1 Building native extensions. This could take a while... Successfully installed ruby-augeas-0.4.1 1 gem installed Installing ri documentation for ruby-augeas-0.4.1... Installing RDoc documentation for ruby-augeas-0.4.1... Alas, i am still getting the same error message. Is there any extras i need on the server or client? Thanks On Jan 12, 9:29 am, R.I.Pienaar r...@devco.net wrote: - Original Message - augeas-devel-0.8.1-7.8.2 libaugeas0-0.8.1-7.8.2 ruby-devel-1.8.7.p72-5.30.5 rubygem-rake-0.8.7-0.1.4 ruby-1.8.7.p72-5.30.5 rubygems-1.3.7-1.3.3 also need the augeas ruby bindings -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Exec depends on ressources that are several different types
require accepts an array, so you should be able to do this: require = [File['foo'],Exec['bar']] On Mon, Jan 9, 2012 at 5:23 PM, Patrick Viet patrick.v...@learnosity.com wrote: Hi dear puppet users. I have an perl file that depends on a lib, that I want to execute. I have stripped the parts of config that weren't relevant here such as owner, group and so on In perl script : use Config::Tiny. Script is stored on puppet master. Manifest : file { /path/to/file.pl: source = puppet:///file.pl, mode = 0755 } package { libconfig-tiny-perl: ensure = installed } exec { /path/to/file.pl: require = } at XX I would like to put Package['libconfig-tiny-perl] AND File[/path/to/file.pl] which doesn't work. In the docs ( http://docs.puppetlabs.com/guides/language_guide.html ) it gives an example service { 'sshd': require = File['sshdconfig', 'sshconfig', 'authorized_keys'] } But this only works for multiple dependencies that have the same nature, here File I have found a workaround which is to put the package dependency in the file section (file depends on package, exec depends on file, all solved), but while this does work in my specific case, I'm sure there are others where it wouldn't work. So is there any way to specify multiple resource dependency when the resources have a different nature ? Thanks all Patrick -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Agents seem to hang during updates, Run already in progress; skipping
That's interesting - PE isn't affected? On Thu, Jan 5, 2012 at 12:26 AM, Ger Apeldoorn i...@gerapeldoorn.nl wrote: Hi Radek, It's a bug that acts up on a specific kernel; see: http://projects.puppetlabs.com/issues/10819 I've upgraded to Puppet Enterprise and do not have this issue anymore. Regards, Ger. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/GXaYE-tuyMUJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Another hostnames best-practice question
You must be getting the real hostname from somewhere programmatically. I would either override $hostname and $fqdn or create a $realname custom fact using that info. The override might be cleaner, otherwise you may want to use either run stages or a deployment-specific environment to make sure the hostname takes effect before the rest of your resources are instantiated. On Jan 2, 2012 10:32 AM, Steph Gosling st...@chuci.org wrote: Hi all, In the process of converting a largish installation (around 150 hosts, mixed cloud and physical) to Puppet and I have a question about how folks manage hostnames. The TL; DR version: On first run, I can't use $hostname from facter as it's 'wrong'; for things like doing host { $certname: ...} that's fine as it gets corrected but for other things it's not. What's the best way to have a client set it's hostname correctly, first time? The long version: My plan has been to base all node names on $certname as provided on the clients by puppet.conf. Ideally, puppet will manage everything beyond initially being told where the puppetmaster is, then it's just cert, sign, let the agent do it's thing and life is all good. Some of our configurations rely on having the short hostname explicitly specified on the client and I initially was setting this via $hostname from facter. These are RH style boxes so I'm setting /etc/sysconfig/network via a template, /etc/hosts via the host resource and the hostname in the kernel either by hostname(1) or echo'ing to /proc/sys/kernel/hostname. That's all well and good but facter runs before the first puppet run so even if I set the FQDN everywhere $hostname is still the original one at boot. For most things this is OK as puppet corrects them on the second run but other things then end up with obsoleted names kicking around or incorrect configs for the length of the run interval. How is everyone else managing this? as so far I can't think of an elegant solution: * Set the hostname by hand/whatever sets certname in puppet.conf (seems ugly to me and potentially error-prone) * split() $certname and use $certname[0] (seems like a kludge, and I think also will have scoping issues) * Create a custom fact that basically does the split() on the client? * Would stages help? is there anyway to force facter to re-evaluate its variables (overriding them also seems kludgey)? Is there anything else I've missed? how do you all manage it? I've seen folks talking about Kickstart/Cobbler but that's not going to work for my environment. Thoughts, pointer and discussion welcome. -- Steph Gosling st...@chuci.org -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppetserver error
Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root 12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/
Re: [Puppet Users] Puppetserver error
You'll have to re-sign your node's cert using puppetca --sign hostname On Fri, Dec 30, 2011 at 9:28 AM, Mohammad Khan makhan...@gmail.com wrote: I removed ssldir from clients and ran the puppetca --clean from the server. It ran fine finally. Now I am stuck on where client complains that 'certificate verify failed I dont know what to do now? On Fri, Dec 30, 2011 at 11:42 AM, Aaron Grewell aaron.grew...@gmail.com wrote: Did you remove the ssldir on the server or the client? Usually to completely reset the cert you run clean on the server, remove the contents of the ssldir on the client, then re-run puppet and it should rebuild the cert. I wouldn't recommend removing the ssldir on the server except as a last resort, otherwise you'll have to rebuild all your client certs. If that's what you already did, make sure that your ssldir and its contents are owned by user group puppet as well. On Fri, Dec 30, 2011 at 8:02 AM, Mohammad Khan makhan...@gmail.com wrote: Do I need to make any changes to server or delete sl info on the server. I am still getting the certificate verify failed error on clients? On Fri, Dec 30, 2011 at 8:54 AM, Mohammad Khan makhan...@gmail.com wrote: I was able to sign the certificate to the client but still I am getting this error now on the client: Client puppet-agent[15030]: Starting Puppet client version 2.6.12 Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog from remote server: certificate verify failed Dec 30 08:52:52 Client puppet-agent[15030]: Using cached catalog Dec 30 08:52:52 Client puppet-agent[15030]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 8:26 AM, Mohammad Khan makhan...@gmail.com wrote: I have gone little further nowwhat I have done is to delete the ssl folder from one of the client and ran this command on server: puppetca --clean clientname it has generated new certificate but in the end I get the same error: err: Could not call revoke: Cannot convert into OpenSSL::BN Further more when i restart the agent from the client now I get this message under server message log: client has a waiting certificate request Under my client message log: hostname puppet-agent[13385]: Did not receive certificate On Fri, Dec 30, 2011 at 7:36 AM, Mohammad Khan makhan...@gmail.com wrote: I have tried to deleted the ssl folder under puppet. And then tried to clean the certificate from the server but did not work. #puppetca --clean hostname notice: Revoked certificate with serial # Inventory of signed certificates # SERIAL NOT_BEFORE NOT_AFTER SUBJECT err: Could not call revoke: Cannot convert into OpenSSL::BN On Fri, Dec 30, 2011 at 7:23 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks guys; I am getting closer but still some errors. I am getting these errors now. Starting Puppet client version 2.6.12 Dec 30 07:20:40 puppet puppet-agent[19918]: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Dec 30 07:20:40 server puppet-agent[19918]: Using cached catalog Dec 30 07:20:40 server puppet-agent[19918]: Could not retrieve catalog; skipping run On Fri, Dec 30, 2011 at 2:31 AM, Bernd Adamowicz bernd.adamow...@esailors.de wrote: I'm pretty sure that, besides the other answers already provided, your main problem is the wrong user for your Puppet configuration. It should be user 'puppet' and not 'root'. That's how '/etc/puppet' should look like: drwxr-xr-x 5 puppet puppet 4.0K Dec 12 17:48 . drwxr-xr-x 79 root root 12K Dec 26 04:03 .. -rw-r--r-- 1 puppet puppet 3.1K Dec 12 17:48 auth.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 12 17:48 environments drwxr-xr-x 3 puppet puppet 4.0K Dec 12 17:48 manifests -rw-r--r-- 1 puppet puppet 838 Dec 12 17:48 namespaceauth.conf -rw-r--r-- 1 puppet puppet 1.8K Dec 12 17:48 puppet.conf drwxr-xr-x 6 puppet puppet 4.0K Dec 30 08:20 .svn So a command like 'chown -R puppet:puppet /etc/puppet' issued as 'root' should solve your main problem which is the 'Permission denied' error as well as the non starting Puppet process. Bernd -Ursprüngliche Nachricht- Von: puppet-users@googlegroups.com [mailto:puppet- us...@googlegroups.com] Im Auftrag von Khan Gesendet: Donnerstag, 29. Dezember 2011 17:37 An: Puppet Users Betreff: [Puppet Users] Puppetserver error Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder
Re: [Puppet Users] External nodes in different dirs.
You get only the host name from the agent. When I did this using a YAML-based ENC I checked each environment directory in turn for a file matching the hostname and just made sure to only create it in the proper place. On Fri, Dec 30, 2011 at 12:29 PM, Douglas Garstang doug.garst...@gmail.com wrote: I'm using external nodes. I wanted to break up the node files into directories based on say, the environment, dev, prod etc. Does puppet set anything besides the host name when it calls the external node script, such as the environment? Are these variables available as environment variables ? Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] External nodes in different dirs.
Well isn't that handy! On Fri, Dec 30, 2011 at 12:57 PM, R.I.Pienaar r...@devco.net wrote: - Original Message - Thanks. On Fri, Dec 30, 2011 at 12:51 PM, Aaron Grewell aaron.grew...@gmail.com wrote: You get only the host name from the agent. When I did this using a YAML-based ENC I checked each environment directory in turn for a file matching the hostname and just made sure to only create it in the proper place. before calling your ENC it will write out the YAML files for each node in the vardir, so you could load that up and get the current facts - including the environment fact On Fri, Dec 30, 2011 at 12:29 PM, Douglas Garstang doug.garst...@gmail.com wrote: I'm using external nodes. I wanted to break up the node files into directories based on say, the environment, dev, prod etc. Does puppet set anything besides the host name when it calls the external node script, such as the environment? Are these variables available as environment variables ? Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- R.I.Pienaar -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppetserver error
Run puppet --genconfig for an example. On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan makhan...@gmail.com wrote: same results after changes , what should i add into master section? On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell aaron.grew...@gmail.com wrote: You'll want to change [puppetd] to [agent], as well as adding a [master] section with appropriate contents. On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan makhan...@gmail.com wrote: [main] # Where Puppet stores dynamic and growing data. # The default value is '/var/puppet'. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [puppetd] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Can you post your config? It sounds like there may be an error in it. On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks for your response. I have cahnge the permission to 655 on manifests and still the same thing. My puppetmaster was not even starting then and now. The user/group is root for this folder. Every time when I try to start puppetmaster is get this error message: server puppet-master[20965]: Starting Puppet master version 2.6.12 Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $classfile specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $localconfig specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:27 server puppet-master[21035]: Reopening log files Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version 2.6.12 On Thu, Dec 29, 2011 at 12:35 PM, Justin justin.stol...@gmail.com wrote: Hello Khan, I'm fairly new to Puppet as well. I'm assuming that `manifests/classes/sysctl.pp` is being referenced by the line 3 of `manifests/site.pp` from the error msgs. My first thing would be to double check the permissions on `manifests/ classes/sysctl.pp` After that I would check the content and files being referenced by sysctl.pp and see if it's a permission issue at a lower level and Puppet is errorring at an unhelpfully high level. If that doesn't help, what the users/groups for the manifests and files being created by the manifests? Are you using filebucket? - Justin On Dec 29, 8:36 am, Khan makhan...@gmail.com wrote: Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse
Re: [Puppet Users] Re: Puppetserver error
You'll want to change [puppetd] to [agent], as well as adding a [master] section with appropriate contents. On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan makhan...@gmail.com wrote: [main] # Where Puppet stores dynamic and growing data. # The default value is '/var/puppet'. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [puppetd] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Can you post your config? It sounds like there may be an error in it. On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks for your response. I have cahnge the permission to 655 on manifests and still the same thing. My puppetmaster was not even starting then and now. The user/group is root for this folder. Every time when I try to start puppetmaster is get this error message: server puppet-master[20965]: Starting Puppet master version 2.6.12 Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $classfile specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $localconfig specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:27 server puppet-master[21035]: Reopening log files Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version 2.6.12 On Thu, Dec 29, 2011 at 12:35 PM, Justin justin.stol...@gmail.com wrote: Hello Khan, I'm fairly new to Puppet as well. I'm assuming that `manifests/classes/sysctl.pp` is being referenced by the line 3 of `manifests/site.pp` from the error msgs. My first thing would be to double check the permissions on `manifests/ classes/sysctl.pp` After that I would check the content and files being referenced by sysctl.pp and see if it's a permission issue at a lower level and Puppet is errorring at an unhelpfully high level. If that doesn't help, what the users/groups for the manifests and files being created by the manifests? Are you using filebucket? - Justin On Dec 29, 8:36 am, Khan makhan...@gmail.com wrote: Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server
Re: [Puppet Users] Re: Puppetserver error
Can you post your config? It sounds like there may be an error in it. On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks for your response. I have cahnge the permission to 655 on manifests and still the same thing. My puppetmaster was not even starting then and now. The user/group is root for this folder. Every time when I try to start puppetmaster is get this error message: server puppet-master[20965]: Starting Puppet master version 2.6.12 Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $classfile specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $localconfig specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:27 server puppet-master[21035]: Reopening log files Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version 2.6.12 On Thu, Dec 29, 2011 at 12:35 PM, Justin justin.stol...@gmail.com wrote: Hello Khan, I'm fairly new to Puppet as well. I'm assuming that `manifests/classes/sysctl.pp` is being referenced by the line 3 of `manifests/site.pp` from the error msgs. My first thing would be to double check the permissions on `manifests/ classes/sysctl.pp` After that I would check the content and files being referenced by sysctl.pp and see if it's a permission issue at a lower level and Puppet is errorring at an unhelpfully high level. If that doesn't help, what the users/groups for the manifests and files being created by the manifests? Are you using filebucket? - Justin On Dec 29, 8:36 am, Khan makhan...@gmail.com wrote: Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root root 419 May 19 2010 fileserver.conf drwxr-xr-x 3 root root 4096 Dec 23 10:48 manifests drwxr-xr-x 21 root root 4096 Oct 22 2010 modules -rw-r--r-- 1 root root 980 May 27 2010 puppet.conf -rw-r--r-- 1 root root 855 May 17 2010 puppet.conf.rpmnew I am getting these error in the log: puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/classes/sysctl.pp at /etc/ puppet/manifests/site.pp:3 on node client1 Dec 27 14:25:46 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client2 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client3 Dec 27 14:27:15 server puppet-master[3519]: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node client4 Dec 27 14:27:15 server puppet-agent[10407]: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not parse for environment production: Permission denied - /etc/puppet/manifests/ classes/sysctl.pp at /etc/puppet/manifests/site.pp:3 on node server Any Help will be greatly appreciated. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Mohammad -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppetserver error
I've never integrated Puppet with LDAP so I can't help much there. On Thu, Dec 29, 2011 at 12:25 PM, Mohammad Khan makhan...@gmail.com wrote: I am getting these messages now at the puppetmaster start: Denying access: Forbidden request: server(ip) access to /catalog/server.domain.co [find] at line 93 Dec 29 15:13:20 server puppet-master[3311]: Forbidden request: server (ip) access to /catalog/server.domain.co [find] at line 93 Dec 29 15:13:20 server puppet-agent[4382]: Could not retrieve catalog from remote server: Error 403 on SERVER: Forbidden request: server (ip) access to /catalog/server.domain.co [find] at line 93 And also the same error: but on 17 line now. Which represent my ldap if i disable ldap line then the error moves to next line and so on. On Thu, Dec 29, 2011 at 2:22 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Run puppet --genconfig for an example. On Thu, Dec 29, 2011 at 11:12 AM, Mohammad Khan makhan...@gmail.com wrote: same results after changes , what should i add into master section? On Thu, Dec 29, 2011 at 2:08 PM, Aaron Grewell aaron.grew...@gmail.com wrote: You'll want to change [puppetd] to [agent], as well as adding a [master] section with appropriate contents. On Thu, Dec 29, 2011 at 10:57 AM, Mohammad Khan makhan...@gmail.com wrote: [main] # Where Puppet stores dynamic and growing data. # The default value is '/var/puppet'. vardir = /var/lib/puppet # The Puppet log directory. # The default value is '$vardir/log'. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is '$vardir/run'. rundir = /var/run/puppet # Where SSL certificates are kept. # The default value is '$confdir/ssl'. ssldir = $vardir/ssl [puppetd] # The file in which puppetd stores a list of the classes # associated with the retrieved configuratiion. Can be loaded in # the separate ``puppet`` executable using the ``--loadclasses`` # option. # The default value is '$confdir/classes.txt'. classfile = $vardir/classes.txt # Where puppetd caches the local configuration. An # extension indicating the cache format is added automatically. # The default value is '$confdir/localconfig'. localconfig = $vardir/localconfig On Thu, Dec 29, 2011 at 1:43 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Can you post your config? It sounds like there may be an error in it. On Thu, Dec 29, 2011 at 10:35 AM, Mohammad Khan makhan...@gmail.com wrote: Thanks for your response. I have cahnge the permission to 655 on manifests and still the same thing. My puppetmaster was not even starting then and now. The user/group is root for this folder. Every time when I try to start puppetmaster is get this error message: server puppet-master[20965]: Starting Puppet master version 2.6.12 Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $classfile specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:26 server puppet-master[20982]: You have configuration parameter $localconfig specified in [puppetd], which is a deprecated section. I'm assuming you meant [agent] Dec 29 13:29:27 server puppet-master[21035]: Reopening log files Dec 29 13:29:27 server puppet-master[21035]: Starting Puppet master version 2.6.12 On Thu, Dec 29, 2011 at 12:35 PM, Justin justin.stol...@gmail.com wrote: Hello Khan, I'm fairly new to Puppet as well. I'm assuming that `manifests/classes/sysctl.pp` is being referenced by the line 3 of `manifests/site.pp` from the error msgs. My first thing would be to double check the permissions on `manifests/ classes/sysctl.pp` After that I would check the content and files being referenced by sysctl.pp and see if it's a permission issue at a lower level and Puppet is errorring at an unhelpfully high level. If that doesn't help, what the users/groups for the manifests and files being created by the manifests? Are you using filebucket? - Justin On Dec 29, 8:36 am, Khan makhan...@gmail.com wrote: Hello everyone, I am new to puppet. I have installed on redhat Enterprise 5and seems to be working fine. Couple days ago I was testing some permissions on / etc folder and applied 600 /etc and sub folders. Although I have reverted the permission but I am having issues on puppetmaster. Currently I have these permission on etc 755 and puppet folder: my /etc folder is 755 and puppet folder with tese permsions: -rw-r--r-- 1 root root 2346 May 8 2010 auth.conf -rw-r--r-- 1 root
Re: [Puppet Users] Re: Ruby error when running puppet agent on host
More information will be needed I suspect. Can you post: rpm -qi puppet rpm -qa | grep ruby gem list --local On Wed, Dec 28, 2011 at 3:39 AM, eRefre row...@gmail.com wrote: Bump. No one that has a clue? On Dec 14, 4:00 am, Richard Olofsson row...@gmail.com wrote: Hi. We have started to receive some strange errors when running puppet agent on some hosts in our datacenter. We have about 500 clients and there are about 30 that gives us this error: /usr/lib/ruby/site_ruby/1.8/puppet/application/agent.rb:53:in `handle_serve': uninitialized constant Puppet::Network::Handler (NameError) from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:329:in `send' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:329:in `parse_options' from /usr/lib/ruby/1.8/optparse.rb:1247:in `call' from /usr/lib/ruby/1.8/optparse.rb:1247:in `order!' from /usr/lib/ruby/1.8/optparse.rb:1205:in `catch' from /usr/lib/ruby/1.8/optparse.rb:1205:in `order!' from /usr/lib/ruby/1.8/optparse.rb:1279:in `permute!' from /usr/lib/ruby/1.8/optparse.rb:1300:in `parse!' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:335:in `parse_options' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:284:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:393:in `exit_on_fail' from /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:284:in `run' from /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:55:in `execute' from /usr/bin/puppet:4 It has worked before and there has not been any change to the system configuration. This affects both Suse and Redhat servers. I have reinstalled the ruby dependencies and puppet but the error still persists. When checking the logs it says that the service has been executed and i can see that the files and configuration has been applied. *puppet-agent[7067]: Finished catalog run in 1.11 seconds * *puppet agent --version* 2.6.4 * ruby-libs-1.8.5-5.el5_4.8 ruby-1.8.5-5.el5_4.8 puppetmasterd --version* 2.6.4 Any clues what might be the problem? Regards Richard. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: packages and Solaris
We decided to distribute the pkg files the same way we do Linux packages - via http. This define has been very useful to us: define pkg_http($version,$source, $adminfile, $responsefile=undef){ exec {/usr/sfw/bin/wget $source -O /var/tmp/$name-$version.pkg: unless = /usr/bin/test -f /var/tmp/$name-$version.pkg, alias = wget_$name, } # exec package { $name: ensure = 'installed', provider = 'sun', source = /var/tmp/$name-$version.pkg, adminfile = $adminfile, responsefile = $responsefile, require = Exec[wget_$name], } # package } # define pkg_http Our typical admin file looks like this: mail= instance=unique partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck networktimeout=60 networkretries=3 authentication=quit keystore=/var/sadm/security proxy= basedir=default On Wed, Dec 28, 2011 at 8:55 AM, Bill Proud billpr...@yahoo.com wrote: You need to use the adminfile and source parameters - once you have done that the provider works just fine. On Dec 28, 4:19 pm, Peter Berghold salty.cowd...@gmail.com wrote: Hi folks, I'm about to propose to my current company that we use puppet to manage releases of home grown software. The environment is a mix of Solaris 8/9/10 and RHEL 56. I've got a handle on how to create recipes to release software into the RHEL environment. The unknown for me is how to manipulate the pkgadd provider to load the locally grown package stream. Can someone guide me in the right direction. -- Peter L. Berghold Owner, Shark River Technical Solutions LLC Custom hosting provider. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
It's an interesting question, but I wouldn't want to structure my modules that way. There are two methods of getting data into a define that are guaranteed to work: passing variables and file retrieval (extlookup/hiera). Especially given the changes being made to scoping anything else is fraught with peril. On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: I just ran into an interesting scenario where I didn't know how to scope my variables and I'd just like to share for the crowd. Suppose you have two modules 'foo' and 'bar'. You also have two defines, 'foo::do_stuff' and 'bar::more_stuff'. define foo::do_stuff ( $var1 = 'a', $var2 = 'b' ) { bar::more_stuff { 'test': } } define bar::more_stuff ( $optional_var = 'ignore' ) { file { '/tmp/test': content = template('bar/random.erb') } +++ random.erb +++ var1 = %= var1 % var2 = %= var2 % So, here, puppet complains about the scope of var1 and var2 but what should the correct scope be? foo::do_stuff::var1, etc...? But how does that work with multiple define calls to foo::do_stuff? This, of course, can be avoided by putting the template under foo/templates and forcing the passage of content to bar::more_stuff but I'm not quite sure *why* this isn't supposed to work and what to do about it with the notice that 2.8 will force the scoping of all variables. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
If you were actually passing the variable, yes. But you're not, you're expecting to reach into a non-class (essentially a grab-bag of resources) and extract data as though it were a class. It isn't and AFAIK you can't. You'll have to put the data in an actual class and address it from there. On Dec 27, 2011 11:21 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: There are actually pretty good reasons for doing it if you have a fully modular setup. For example: Web Server module define - Firewall code define - ERB using higher level variables. There's no reason to stuff everything into a big data store when you can easily pass it down. *But* if you try to use the top level variable in the second define call ERB, then you've got issues. I feel that this needs to be either forbidden (break the compile) or allowed. But we'd need to know how to allow it. Trevor On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell aaron.grew...@gmail.com wrote: It's an interesting question, but I wouldn't want to structure my modules that way. There are two methods of getting data into a define that are guaranteed to work: passing variables and file retrieval (extlookup/hiera). Especially given the changes being made to scoping anything else is fraught with peril. On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: I just ran into an interesting scenario where I didn't know how to scope my variables and I'd just like to share for the crowd. Suppose you have two modules 'foo' and 'bar'. You also have two defines, 'foo::do_stuff' and 'bar::more_stuff'. define foo::do_stuff ( $var1 = 'a', $var2 = 'b' ) { bar::more_stuff { 'test': } } define bar::more_stuff ( $optional_var = 'ignore' ) { file { '/tmp/test': content = template('bar/random.erb') } +++ random.erb +++ var1 = %= var1 % var2 = %= var2 % So, here, puppet complains about the scope of var1 and var2 but what should the correct scope be? foo::do_stuff::var1, etc...? But how does that work with multiple define calls to foo::do_stuff? This, of course, can be avoided by putting the template under foo/templates and forcing the passage of content to bar::more_stuff but I'm not quite sure *why* this isn't supposed to work and what to do about it with the notice that 2.8 will force the scoping of all variables. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
Yeah, I'd file a bug against that. There may be other considerations, but unless there's a really good reason for the current behavior I would expect it to throw an error. On Tue, Dec 27, 2011 at 1:24 PM, Trevor Vaughan tvaug...@onyxpoint.com wrote: In that case, it should probably just fail instead of working (and yes, it works). Trevor On Tue, Dec 27, 2011 at 4:01 PM, Aaron Grewell aaron.grew...@gmail.com wrote: If you were actually passing the variable, yes. But you're not, you're expecting to reach into a non-class (essentially a grab-bag of resources) and extract data as though it were a class. It isn't and AFAIK you can't. You'll have to put the data in an actual class and address it from there. On Dec 27, 2011 11:21 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: There are actually pretty good reasons for doing it if you have a fully modular setup. For example: Web Server module define - Firewall code define - ERB using higher level variables. There's no reason to stuff everything into a big data store when you can easily pass it down. *But* if you try to use the top level variable in the second define call ERB, then you've got issues. I feel that this needs to be either forbidden (break the compile) or allowed. But we'd need to know how to allow it. Trevor On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell aaron.grew...@gmail.com wrote: It's an interesting question, but I wouldn't want to structure my modules that way. There are two methods of getting data into a define that are guaranteed to work: passing variables and file retrieval (extlookup/hiera). Especially given the changes being made to scoping anything else is fraught with peril. On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: I just ran into an interesting scenario where I didn't know how to scope my variables and I'd just like to share for the crowd. Suppose you have two modules 'foo' and 'bar'. You also have two defines, 'foo::do_stuff' and 'bar::more_stuff'. define foo::do_stuff ( $var1 = 'a', $var2 = 'b' ) { bar::more_stuff { 'test': } } define bar::more_stuff ( $optional_var = 'ignore' ) { file { '/tmp/test': content = template('bar/random.erb') } +++ random.erb +++ var1 = %= var1 % var2 = %= var2 % So, here, puppet complains about the scope of var1 and var2 but what should the correct scope be? foo::do_stuff::var1, etc...? But how does that work with multiple define calls to foo::do_stuff? This, of course, can be avoided by putting the template under foo/templates and forcing the passage of content to bar::more_stuff but I'm not quite sure *why* this isn't supposed to work and what to do about it with the notice that 2.8 will force the scoping of all variables. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe
Re: [Puppet Users] New variable scoping question regarding defines calling defines.
Hmm, I just thought of this. Normally when referencing an instance of a define you would use this syntax (note the caps): Foo::Do_stuff['name'] Did you try: Foo::Do_stuff['name']::var1 On Tue, Dec 27, 2011 at 1:37 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Yeah, I'd file a bug against that. There may be other considerations, but unless there's a really good reason for the current behavior I would expect it to throw an error. On Tue, Dec 27, 2011 at 1:24 PM, Trevor Vaughan tvaug...@onyxpoint.com wrote: In that case, it should probably just fail instead of working (and yes, it works). Trevor On Tue, Dec 27, 2011 at 4:01 PM, Aaron Grewell aaron.grew...@gmail.com wrote: If you were actually passing the variable, yes. But you're not, you're expecting to reach into a non-class (essentially a grab-bag of resources) and extract data as though it were a class. It isn't and AFAIK you can't. You'll have to put the data in an actual class and address it from there. On Dec 27, 2011 11:21 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: There are actually pretty good reasons for doing it if you have a fully modular setup. For example: Web Server module define - Firewall code define - ERB using higher level variables. There's no reason to stuff everything into a big data store when you can easily pass it down. *But* if you try to use the top level variable in the second define call ERB, then you've got issues. I feel that this needs to be either forbidden (break the compile) or allowed. But we'd need to know how to allow it. Trevor On Tue, Dec 27, 2011 at 11:40 AM, Aaron Grewell aaron.grew...@gmail.com wrote: It's an interesting question, but I wouldn't want to structure my modules that way. There are two methods of getting data into a define that are guaranteed to work: passing variables and file retrieval (extlookup/hiera). Especially given the changes being made to scoping anything else is fraught with peril. On Mon, Dec 26, 2011 at 5:56 AM, Trevor Vaughan tvaug...@onyxpoint.com wrote: I just ran into an interesting scenario where I didn't know how to scope my variables and I'd just like to share for the crowd. Suppose you have two modules 'foo' and 'bar'. You also have two defines, 'foo::do_stuff' and 'bar::more_stuff'. define foo::do_stuff ( $var1 = 'a', $var2 = 'b' ) { bar::more_stuff { 'test': } } define bar::more_stuff ( $optional_var = 'ignore' ) { file { '/tmp/test': content = template('bar/random.erb') } +++ random.erb +++ var1 = %= var1 % var2 = %= var2 % So, here, puppet complains about the scope of var1 and var2 but what should the correct scope be? foo::do_stuff::var1, etc...? But how does that work with multiple define calls to foo::do_stuff? This, of course, can be avoided by putting the template under foo/templates and forcing the passage of content to bar::more_stuff but I'm not quite sure *why* this isn't supposed to work and what to do about it with the notice that 2.8 will force the scoping of all variables. Thanks, Trevor -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug
Re: [Puppet Users] file for specific os question
The $::operatingsystem fact may be what you're looking for. Alternatively take a look at $::kernel. One of these combined with an if or case statement should allow you to do whatever you need to by OS. On Tue, Dec 20, 2011 at 10:47 AM, Stuart Cracraft smcracr...@me.com wrote: anyone know how, in puppet, you would include a file only on a specific operating system? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] certificate sync methods?
In our case the ssldir is on a shared filesystem. On Mon, Dec 19, 2011 at 5:15 PM, Ryan Bowlby rbowlb...@gmail.com wrote: Hi All, We are going to setup two puppet masters, each will include the full stack of services. Apache as the frontend on both load balancing to the backend services on both. We will be using keepalived and VIP whose A record is puppet.domain. We would like to have the CA in active/active on the two servers. The question then is what is the best method for synchronizing certs between these hosts bi-directionally? My first thought was doing something with inotify but then there is also unison. While we may end up doing as Pro Puppet suggests and having only one be active and the other CA a hot standby, it would still be best to sync bi-directionally. What are others doing? -Ryan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Can Puppet be configured to one-time deployment for modules?
If you really don't want ongoing configuration management then Puppet may not be your tool of choice. Cobbler perhaps? On Tue, Dec 20, 2011 at 10:41 AM, Craig White craig.wh...@ttiltd.com wrote: On Dec 20, 2011, at 9:49 AM, Swampcritter wrote: We are developing in-house RHEL VM provisioning (similar to Satellite/ Spacewalk) along with a customized kickstart template, but also including Puppet to handle the actual configuration of the environment. One thing we need to see is does Puppet have a variable that will deploy one module only once and not check against it just in case the configuration file it has created has been altered or not and try to revert back. Example: Boot using PXEBoot w/ DHCP, build RHEL VM using custom kickstart configuration, create local repo file with pointers to in- house repository and comment out the variables to use the RHN driven one, download from the repo and apply the RHN/Errata updates, then reconfigure the rc.local to install Puppet on the reboot and apply the actual environment requirements (i.e. check to see if its a Apache web server, Oracle database, Weblogic/JBoss portal, etc). The last part is the deciding factor -- as this part of the requirements are quite possibly going to change via the developers that are actually using the environment for testing and tweaking the RHEL OS memory and TCP communication needs (/etc/sysctl.conf) or the Apache /etc/httpd/httpd.conf code. We don't want Puppet to revert back the code variables as these are being modified by hand and not using SVN or any other type of code version control at this time. Anyone know if module exclusion is possible for a deploy once, don't touch again scenario? this sort of goes against the grain of what puppet intends but this is what I do for a few things... (watch out for mail driven line wrapping) class mod_puppet::deployment_files { exec{ Make /etc/puppet/deployment_files: command = /bin/mkdir /etc/puppet/deployment_files, unless = /bin/ls -l /etc/puppet/deployment_files, } } class postfix::configure { include mod_puppet::deployment_files file{/etc/puppet/deployment_files/postfix-main.cf: ensure = present, owner = postfix, group = postfix, mode = 0664, content = template(postfix/main.cf.erb), require = Class[postfix::install, mod_puppet::deployment_files], notify = Class[postfix::service], } exec{Deploy postfix/main.cf from template: command = /bin/cp /etc/postfix/main.cf /etc/postfix/main.cf-backup; /bin/cat /etc/puppet/deployment_files/postfix-main.cf /etc/postfix/main.cf; /bin/touch /etc/puppet/deployment_files/postfix-main.cf-deployed, unless = /bin/ls -l /etc/puppet/deployment_files/postfix-main.cf-deployed, require = File[/etc/puppet/deployment_files/postfix-main.cf] , } } -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Modules in Environments
Ours are completely independent. It creates management overhead to do it that way but ensures that changes to dev can't break prod. On Dec 18, 2011 10:27 AM, Douglas Garstang doug.garst...@gmail.com wrote: Question... for those that have multiple environments, dev, prod etc... do you share your modules directory, or does each environment have it's own copy of the modules directory? Which one has worked better? Doug -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [SPAM] Re: [Puppet Users] problem with fund service
SL is an RHEL derivative, so it's still using the traditional init system. No need to worry about upstart or systemd until 7.x hits. On Fri, Dec 9, 2011 at 7:54 AM, Jeffrey Watts jeffrey.w.wa...@gmail.com wrote: Not sure if you're aware, but 'init' is no longer init. Upstart is the default init in many distributions, though Fedora/RHEL (and others) are now moving to systemd, which is much better. rpm -qf /sbin/init Jeffrey. On Fri, Dec 9, 2011 at 9:38 AM, David Alden d...@alden.name wrote: I'm running Scientific Linux 6.1. What do you mean by upstart script? I get the same think with /etc/init.d/funcd status as I do service funcd status -- both return funcd is not running and the exit status is 3. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] module can't find other modules
Hi Berry, create_resources doesn't have an init.pp so you can't 'include' it AFAIK. As long as you've enabled pluginsync you shouldn't have to include it, it should just work. On Tue, Dec 6, 2011 at 12:13 PM, Berry Sizemore berry.sizem...@gmail.com wrote: I have these three modules with the following structure: |-- modules | |-- create_resources | | |-- LICENSE | | |-- Modulefile | | |-- README | | |-- lib | | | `-- puppet | | | `-- parser | | | `-- functions | | | `-- create_resources.rb | | |-- spec | | | |-- spec.opts | | | |-- spec_helper.rb | | | `-- unit | | | `-- puppet | | | `-- parser | | | `-- functions | | | `-- create_resources_spec.rb | | `-- tests | | `-- users.pp | |-- hiera | | |-- CHANGES.txt | | |-- COPYING | | |-- README.md | | |-- Rakefile | | |-- bin | | | `-- extlookup2hiera | | |-- example | | | |-- README.md | | | |-- etc | | | | |-- hiera.yaml | | | | |-- hieradb | | | | | |-- common.yaml | | | | | |-- dc1.yaml | | | | | `-- development.yaml | | | | `-- puppet.conf | | | |-- modules | | | | |-- data | | | | | `-- manifests | | | | | `-- common.pp | | | | |-- ntp | | | | | |-- manifests | | | | | | |-- config.pp | | | | | | `-- data.pp | | | | | `-- templates | | | | | `-- ntp.conf.erb | | | | `-- users | | | | `-- manifests | | | | |-- common.pp | | | | |-- dc1.pp | | | | `-- development.pp | | | `-- site.pp | | |-- lib | | | |-- hiera | | | | |-- backend | | | | | `-- puppet_backend.rb | | | | `-- scope.rb | | | `-- puppet | | | `-- parser | | | `-- functions | | | |-- hiera.rb | | | |-- hiera_array.rb | | | |-- hiera_hash.rb | | | `-- hiera_include.rb | | `-- spec | | |-- spec.opts | | |-- spec_helper.rb | | `-- unit | | |-- puppet_backend_spec.rb | | `-- scope_spec.rb | `-- tomcat | |-- files | | `-- war | | |-- jenkins_1.423.war | | |-- jenkins_1.424.war | | |-- jenkins_1.425.war | | |-- snoop-servlet.war | | |-- snoop-servlet_1.0.war | | `-- snoop-servlet_2.0.war | |-- manifests | | |-- demo.pp | | |-- init.pp | | |-- instance.pp | | `-- war.pp | |-- templates | | |-- server.xml.erb | | |-- start.sh.erb | | `-- stop.sh.erb | `-- tests | `-- init.pp Puppet apply gives the following: [root@puppetmaster puppet]# puppet apply -vd --noop modules/tomcat/ tests/init.pp info: Loading facts in facter_dot_d info: Loading facts in facter_dot_d warning: Could not retrieve fact fqdn warning: Host is missing hostname and/or domain: puppetmaster debug: importing '/etc/puppetlabs/puppet/modules/tomcat/manifests/ init.pp' in environment production debug: Automatically imported tomcat from tomcat into production debug: Failed to load library 'selinux' for feature 'selinux' debug: hiera(): Hiera YAML backend starting debug: hiera(): Looking up tomcat_instance in YAML backend debug: hiera(): Looking for data source puppetmaster debug: importing '/etc/puppetlabs/puppet/modules/tomcat/manifests/ instance.pp' in environment production debug: Automatically imported tomcat::instance from tomcat/instance into production warning: Could not find class create_resources for puppetmaster Could not find class create_resources at /etc/puppetlabs/puppet/ modules/tomcat/tests/init.pp:3 on node puppetmaster Init.pp looks like this in tests: [root@puppetmaster puppet]# cat modules/tomcat/tests/init.pp node default { include tomcat include create_resources include hiera } I don't understand why my class doesn't find the other classes. Can anyone shed some light? Thanks, Berry Sizemore -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to
Re: [Puppet Users] Puppet for Oracle Enterprise Linux
Make sure you've set 'provider = yum'. Last I checked OEL defaulted to up2date. On Fri, Dec 2, 2011 at 10:39 AM, Rayson Ho raysonlo...@gmail.com wrote: AFAIK, the yum rpm backends for package are versionable, and you should not see the Provider must have features 'versionable' to set 'ensure' to '9.5.3-1' at message. Rayson = Grid Engine / Open Grid Scheduler http://gridscheduler.sourceforge.net/ Scalable Grid Engine Support Program http://www.scalablelogic.com/ On Thu, Dec 1, 2011 at 9:58 PM, Douglas Garstang doug.garst...@gmail.com wrote: Sure... package { 'forgerock-openam': ensure = '9.5.3-1', before = Class['tomcat::enable']; } Doug. On Thu, Dec 1, 2011 at 6:41 PM, Matthew Black mjbl...@gmail.com wrote: Can you provide the resource defined in the error message? On Thu, Dec 1, 2011 at 8:38 PM, Douglas Garstang doug.garst...@gmail.com wrote: Finally got the dependancies sorted out, and on the first run on the client, I am seeing: Dec 1 20:37:35 ip-10-123-21-192 puppet-agent[2562]: Failed to apply catalog: Parameter ensure failed: Provider must have features 'versionable' to set 'ensure' to '9.5.3-1' at /etc/puppet/devmp/modules/openam/manifests/common.pp:9 I thought puppet on OEL was identical to Redhat? Don't see this error on redhat. Doug. On Thu, Dec 1, 2011 at 5:21 PM, Douglas Garstang doug.garst...@gmail.com wrote: Rayson, Thanks. Having all sorts of issues with that. Our server is running 2.6.2, which means that the client packages needs to have 2.6.2 or older, but when I try and install older versions of puppet, I get dependancy failures :( Doug. On Thu, Dec 1, 2011 at 4:37 PM, Rayson Ho raysonlo...@gmail.com wrote: There are only a few minor differences between RHEL, CentOS, and Oracle Linux... so if a package works on RHEL, then it also works on Oracle Linux. IIRC, if you point to the correct repo, you can even update Oracle Linux with CentOS repo. Further, Oracle has a public yum for Oracle Linux even for users not paying for the Oracle Unbreakable Linux Support subscription: http://public-yum.oracle.com/ BTW, Puppet Enterprise 2.0 officially supports Oracle Linux: http://docs.puppetlabs.com/pe/2.0/install_system_requirements.html Rayson = Grid Engine / Open Grid Scheduler http://gridscheduler.sourceforge.net/ Scalable Grid Engine Support Program http://www.scalablelogic.com/ On Thu, Dec 1, 2011 at 7:16 PM, Douglas Garstang doug.garst...@gmail.com wrote: My bad had to do a yum clean all. D'oh. On Thu, Dec 1, 2011 at 4:15 PM, Douglas Garstang doug.garst...@gmail.com wrote: Gonzalo, Nope. Ran: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm and got the epel repo. Then I ran: $ yum repolist Loaded plugins: security http://epel.mirror.freedomvoice.com/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.its.uidaho.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://ftp.linux.ncsu.edu/pub/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. http://mirror.us.leaseweb.net/epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno 14] HTTP Error 404: Not Found Trying other mirror. epel/primary_db | 0 B 00:00 ftp://mirror.cs.princeton.edu/pub/mirrors/fedora-epel/5/x86_64/repodata/d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2: [Errno -3] Error performing checksum Trying other mirror. and so on and so on. Funny cuz that long number file d7e9a86e48be583371a8d5a3055017b313dd6cc92d57147c6c8ee03b50a0312b-primary.sqlite.bz2 doesn't exist when I look at it with a web browser... Doug. On Thu, Dec 1, 2011 at 4:09 PM, Gonzalo Servat gser...@gmail.com wrote: Try the EPEL repo -- http://fedoraproject.org/wiki/EPEL. - Gonzalo On Fri, Dec 2, 2011 at 11:07 AM, Douglas Garstang doug.garst...@gmail.com wrote: On Thu, Dec 1, 2011 at 4:03 PM, Michael Stahnke stah...@puppetlabs.com wrote: Puppet works fine on OEL. You can add yum.puppetlabs.com as a repo and use the el based stuff. rpm -Uvh http://yum.puppetlabs.com/el/5/products/i386/puppetlabs-release-5-1.noarch.rpm That should get you going. Mike Mike, Almost see below. As I said, there are NO other repo's installed. I guess puppet doesn't provide ruby-augeas... $ yum install puppet Loaded plugins: security Setting up Install Process Resolving
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
I'm not the OP Nigel, I think you meant Graham. It sounds like Augeas has some capabilities that I just wasn't aware of. In any case Augeas is not something I use if I can avoid it. Templates and concat are my preferred methods for managing config files. Straightforward clever for the general case. On Mon, Nov 28, 2011 at 12:47 PM, Nigel Kersten ni...@puppetlabs.com wrote: On Mon, Nov 28, 2011 at 9:59 AM, Aaron Grewell aaron.grew...@gmail.com wrote: I'm not aware of any file editing method in Puppet that will modify multiple files as part of the same resource. The usual approach would be to create multiple resources, one for each file, and then cause each resource to notify the postfix service to restart. Note that you can wrap these multiple resources in a single defined resource so that it looks like a single resource from the point of view of the person editing the manifest code. Puppet's smart enough to only restart it once. As far as setting up the files the way you want them, if you need to edit the files in place Augeas is your only built-in option. You can also do hacky things with exec but it's not pleasant. Most folks don't edit in place, they replace the file with known good contents. For that you can use templates or something like puppet-concat (a third-party module that allows you to build files from fragments). On Mon, Nov 28, 2011 at 6:17 AM, Graham Leggett minf...@sharp.fm wrote: On 27 Nov 2011, at 20:04, Graham Leggett wrote: I have a task to convince puppet and augeas to modify multiple postfix files, most specifically /etc/postfix/main.cf and /etc/postifx/ acceptdomains.cf (and other LDAP related files), and I'm struggling to find out how to do that. I have found examples on how to use augeas to modify just one file at a time, but no information seems to be available when multiple files are involved. I started with the config published here, and have no idea what to change to convince puppet+augeas to edit both /etc/postfix/main.cf and /etc/postfix/acceptdomains.cf at the same time: https://github.com/camptocamp/puppet-postfix/blob/master/manifests/config.pp Does anyone have a sample configuration on how you would modify multiple files at once, or have a clue on where to start? Answering my own question, I've discovered that augeas doesn't support multiple files at all without a custom lens being created to support it. Or to declare it more accurately, augeas only knows about specific files defined in specific locations, it has no concept of a general file in a general location that you might want to apply a lens to. I eventually worked around the issue by making a custom lens copied from the augeas postfix_main.aug lens that listed the extra ldap templates as matching a wildcard, at this point augeas started working correctly. Something else I discovered is that augeas has no error handling of any kind - if it doesn't recognise a file as matching one of the predetermined locations built into the lens, it will silently ignore the file, and not tell you why. Do you get the same results with the command line 'augtool' Aaron? If not, please bug report that we need to fix this in the Puppet Augeas integration. -- Nigel Kersten Product Manager, Puppet Labs -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Using puppet+augeas to modify multiple files
I'm not aware of any file editing method in Puppet that will modify multiple files as part of the same resource. The usual approach would be to create multiple resources, one for each file, and then cause each resource to notify the postfix service to restart. Puppet's smart enough to only restart it once. As far as setting up the files the way you want them, if you need to edit the files in place Augeas is your only built-in option. You can also do hacky things with exec but it's not pleasant. Most folks don't edit in place, they replace the file with known good contents. For that you can use templates or something like puppet-concat (a third-party module that allows you to build files from fragments). On Mon, Nov 28, 2011 at 6:17 AM, Graham Leggett minf...@sharp.fm wrote: On 27 Nov 2011, at 20:04, Graham Leggett wrote: I have a task to convince puppet and augeas to modify multiple postfix files, most specifically /etc/postfix/main.cf and /etc/postifx/ acceptdomains.cf (and other LDAP related files), and I'm struggling to find out how to do that. I have found examples on how to use augeas to modify just one file at a time, but no information seems to be available when multiple files are involved. I started with the config published here, and have no idea what to change to convince puppet+augeas to edit both /etc/postfix/main.cf and /etc/postfix/acceptdomains.cf at the same time: https://github.com/camptocamp/puppet-postfix/blob/master/manifests/config.pp Does anyone have a sample configuration on how you would modify multiple files at once, or have a clue on where to start? Answering my own question, I've discovered that augeas doesn't support multiple files at all without a custom lens being created to support it. Or to declare it more accurately, augeas only knows about specific files defined in specific locations, it has no concept of a general file in a general location that you might want to apply a lens to. I eventually worked around the issue by making a custom lens copied from the augeas postfix_main.aug lens that listed the extra ldap templates as matching a wildcard, at this point augeas started working correctly. Something else I discovered is that augeas has no error handling of any kind - if it doesn't recognise a file as matching one of the predetermined locations built into the lens, it will silently ignore the file, and not tell you why. Regards, Graham -- -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Multiple nodes.pp files
Curly braces perhaps? content = file(/home/${realuser}/puppet/files/smb.conf), On Tue, Nov 22, 2011 at 10:15 AM, Alexander Fortin alexander.for...@gmail.com wrote: On 11/21/11 9:28 PM, jcbollinger wrote: What if you spell it like so: mysersource { /etc/$::myvariable: ensure = present } ? This is the actual code now: file { /etc/samba/smb.conf: ensure = present, content = file(/home/$::realuser/puppet/files/smb.conf), require = Package[samba], notify = Service[$sambaservices], } but I get the same output from apply: Could not find any files from /home//puppet/files/smb.conf at /home/alex/puppet/manifests/samba.pp:7 on node blah -- Alexander Fortin http://about.me/alexanderfortin/ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Windows: Should I use dedicated environment ?
Another way to handle this is to have class-level logic: class something { if ( $operatingsystem == windows ) { include something::windows } if ( $operatingsystem == redhat ) { include something::redhat } } Then put your resources in something::windows, something::redhat, etc. You may duplicate some code this way, but when the OS'es are very different you'll ultimately save coding time and increase readability by avoiding resource-level logic. On Mon, Nov 21, 2011 at 10:11 AM, Evan Hisey ehi...@gmail.com wrote: On Sun, Nov 20, 2011 at 8:05 PM, Mohamed Lrhazi lrh...@gmail.com wrote: I stated tweaking my puppet modules and site.pp to support the new OS.. things like: if ( $operatingsystem == windows ) { Exec { path = C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Ruby187\\bin } } else { And now am thinking, would be better to just have an independent environment for all my Windows clients? what would be the draw backs of that? Thanks a lot, Mohamed. I use multiple environments for separating development and production systems. The only really draw back I encounter is the need to make the same change twice for certain things that are shared between both environments. I ma sure there is wa way around that, but it has not become enough of an issue to make me find it. evan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet Windows: Should I use dedicated environment ?
I wouldn't expect a lot of class overlap, so it might be simpler to do it that way, but it also means a completely different directory tree. It's going to come down to the personal taste of the admins I expect. On Mon, Nov 21, 2011 at 11:31 AM, Mohamed Lrhazi lrh...@gmail.com wrote: Thanks guys. We do use environments already, and we also do use this pattern for separating operating system specific details to sub classes... but we only had to deal with Red Hat/CentOS/Oracle Enterprise Linux, and Solaris I guess I was thinking that windows is so different that it should be totally separate :) Thanks. Mohamed. On Mon, Nov 21, 2011 at 1:26 PM, Aaron Grewell aaron.grew...@gmail.com wrote: Another way to handle this is to have class-level logic: class something { if ( $operatingsystem == windows ) { include something::windows } if ( $operatingsystem == redhat ) { include something::redhat } } Then put your resources in something::windows, something::redhat, etc. You may duplicate some code this way, but when the OS'es are very different you'll ultimately save coding time and increase readability by avoiding resource-level logic. On Mon, Nov 21, 2011 at 10:11 AM, Evan Hisey ehi...@gmail.com wrote: On Sun, Nov 20, 2011 at 8:05 PM, Mohamed Lrhazi lrh...@gmail.com wrote: I stated tweaking my puppet modules and site.pp to support the new OS.. things like: if ( $operatingsystem == windows ) { Exec { path = C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Ruby187\\bin } } else { And now am thinking, would be better to just have an independent environment for all my Windows clients? what would be the draw backs of that? Thanks a lot, Mohamed. I use multiple environments for separating development and production systems. The only really draw back I encounter is the need to make the same change twice for certain things that are shared between both environments. I ma sure there is wa way around that, but it has not become enough of an issue to make me find it. evan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] [foreman-users] dropping support for ruby 1.85?
I'm not sure about the Ruby packages specifically, but Fedora has diverged so much from RHEL5 that building recent packages is a major undertaking. You'd probably be better off with tarballs and FPM. On Thu, Nov 17, 2011 at 2:42 PM, Michael Stahnke stah...@puppetlabs.com wrote: On Thu, Nov 17, 2011 at 11:34 AM, Jo Rhett jrh...@netconsonance.com wrote: On Nov 17, 2011, at 11:02 AM, Ohad Levy wrote: On Thu, Nov 17, 2011 at 8:55 PM, Jo Rhett jrh...@netconsonance.com wrote: On Nov 17, 2011, at 10:30 AM, Ohad Levy wrote: if its not clear, what it means, is that if you want to run it on RHEL5, you can either keep running the current 0.4.x versions or upgrade your ruby stack. otherwise use a more recent distribution. Given that upgrading the ruby stack means either build your own RPMs from scratch or download from a random internet site this is going to limit the number of sites which can do this. Since we understand its a pain upgrading to a newer distribution, we've built a puppet module which helps with foreman installation... if you have any better ideas of how we can try helping our ruby community… Um… as I suggested, provide el5 rpms of ruby 1.8.7 and the various gems? Myself, I'm looking at this right now -- but open to better options: https://github.com/largon/centos-ruby-spec_files -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. A while back you could just take the srpms from Fedora's 1.8.7 and they would build pretty easily on EL5. I haven't tried that for a while, but you can at least get the RPMs from a known source that way. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: How to use built-in resource in custom provider?
Any parameters you don't always want to provide have to have sensible defaults in the define. define dostuff (ImOptional=true, ImRequired){} On Mon, Nov 14, 2011 at 12:12 PM, tmpup justin.francesc...@gmail.com wrote: An update - I went with a define as you suggested, and just made had my type/provider handle s3 only. This is working great, so I guess this is the method I'll go with. Only issue I'm having now - all the parameters available with file() type. Sometimes we may want to specify owner, sometimes not, but it seems I have to predefine all the variables in the define (), and then if I DON'T use one of those variables, the puppet run fails. Conversely, if I do use a parameter but don't have it as a variable in the define, it fails. So, basically, I need a way to specify optional parameters with defines(). I'll keep looking around, but if anyone has any quick tips, it would be appreciated. On Nov 14, 6:32 am, jcbollinger john.bollin...@stjude.org wrote: On Nov 13, 11:28 pm, tmpup justin.francesc...@gmail.com wrote: I'm trying to use the existing type: file in a custom provider. I've tried about every single thing I can find, and each way presents a different problem. Here's how it looks now: --- require 'puppet/file_serving/configuration' require 'puppet/file_serving/fileset' require 'puppet/type' require 'fileutils' Puppet::Type.type(:tmfile).provide(:pupfile) do def create @catalog.add_resource Puppet::Type.type(:file).new({ :name = @resource.value(:path), :path = @resource.value(:path), :source = @resource.value(:source), :ensure = 'present', }) @catalog.apply #def generate #Puppet::Type.type(:file).new(:path = resource[:path], :source = resource[:path], :ensure = 'present') #end end def destroy FileUtils.rm_rf resource[:path] end def exists? File.exists?(@resource[:path]) end end As you can see, another method I tried is commented out: Puppet::Type.type(:file).new(:path = resource[:path], :source = resource[:path], :ensure = 'present'). With this method, the puppet run actually succeeds and it says it created the resource. However, the file doesn't actually get created, and next run, it simply creates the resource again without error. However, the file is never there. With the current method (not commented out), I get: .. ensure: change from absent to present failed: Could not set 'present on ensure: undefined method `add_resource' for nil:NilClass at .. I will admit that I'm pretty new at custom types and providers. I have researched as much as I can but can't really find any clear documentation on how to do this. Any ideas/suggestions would be greatly appreciated! For what you appear to be doing, a Ruby custom type is too heavy. If that's all you need to do then you should use a definition (a.k.a. defined type) instead, or perhaps just a bare File resource. I think it unlikely that any variation on your approach will work, inasmuch as it is surely incorrect for a provider to invoke @catalog.apply. The agent will invoke that method, so you'll get duplicate invocations, and anyway the provider's invocation(s) cannot help but be timed wrongly. You could try just removing that, but I suspect that also a provider's create() method is too late for catalog.add_resource(). In general, I don't think that the catalog API is intended to be used by types or providers at all. It is far more typical for providers that want to manage files to do so via the standard Ruby APIs (e.g. class File). If you want to use Puppet's File resouce then you should do so from within your manifests, not within a custom provider. If a Puppet defined type isn't powerful enough to do all of what you want, then perhaps your design concept needs to be reconsidered. We might be able to help with that if you'll give us the big picture. John -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Need a second set of eyes... cannot find a class..
Try removing the hyphen from the class name. If that fixes it then you've hit this: http://projects.puppetlabs.com/issues/5268 On Nov 12, 2011 3:14 PM, Peter Berghold salty.cowd...@gmail.com wrote: In one of my modules I have the following : postfix/ manifests/ conf.pp conf/access-all.pp (as well as the obligatory init.pp and a few others) and the access-all.pp file contains: class postfix::conf::access-all inherits postfix::conf { $hosts = $all_hosts $domains = $all_domains $ips = $all_ips @file { postfix-access-file: path = /etc/postfix/access, owner = root, group = root, mode = 0644, content = template(postfix/templates/access.erb), notify = Exec[ hash-access] } exec { hash-access: path=/usr/bin:/usr/sbin:/usr/local/bin:/bin:/sbin, cwd = /etc/postfix, command = postmap access } realize File[postfix-access-file] } and yet when I run puppetd on my configured host: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class postfix::conf::access-all for chicweb0.chi.sharkrivertech.com at /etc/puppet/manifests/nodes/chicweb0.pp:2 on node chicweb0.chi.sharkrivertech.com Can anybody spot anything I'm fat fingering? -- Peter L. Berghold Owner, Shark River Technical Solutions LLC -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Concat module
As far as concat goes, I wouldn't call my concat resource and my concat::fragment resource by the same name. In theory it shouldn't break anything, but... On Thu, Nov 3, 2011 at 12:20 PM, Douglas Garstang doug.garst...@gmail.com wrote: Actually I can. That's sweet! Thanks! On Thu, Nov 3, 2011 at 12:10 PM, Douglas Garstang doug.garst...@gmail.com wrote: Just from looking at the example there, it doesn't appear that I can call sysctl::conf more than once That's what I like about concat, ie each module that needs to add to it can do so individually. Doug. On Thu, Nov 3, 2011 at 12:04 PM, Mark Christian mchri...@altera.com wrote: Can't speak to concat, but you might consider using augeas for managing /etc/sysctl.conf. There is an excellent example of this at: http://projects.puppetlabs.com/projects/1/wiki/Puppet_Augeas , see Working Examples -Original Message- From: puppet-users@googlegroups.com [mailto:puppet-users@googlegroups.com] On Behalf Of Douglas Garstang Sent: Thursday, November 03, 2011 11:59 AM To: Puppet Users Subject: [Puppet Users] Concat module All, Trying to use the concat module with: class sysctl::common { include concat::setup concat { '/etc/sysctl.conf': owner = 'root', group = 'root', mode = '0644'; } concat::fragment { '/etc/sysctl.conf': target = '/etc/sysctl.conf', content = 'kernel.sem=250 32000 32 2048', order = '99'; } } Getting this error: Nov 3 14:54:04 dev-c3-app-90 puppet-agent[8143]: Failed to apply catalog: Parameter path failed: File paths must be fully qualified, not 'undef' at /etc/puppet/devmp/modules/concat/manifests/setup.pp:37 What am I doing wrong? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet- users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. Confidentiality Notice. This message may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, or copying of this message, or any attachments, is strictly prohibited. If you have received this message in error, please advise the sender by reply e-mail, and delete the message and any attachments. Thank you. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet certificate
When I did this in my test environment I removed the entire contents of the ssldir from the client to make sure that both the client server cert were pulled down anew. On Wed, Nov 2, 2011 at 10:25 AM, TFML mailingl...@theflux.net wrote: I'm running in circles with this issue... I accidentally did a 'puppetca --clean --all' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: warning: peer certificate won't be verified in this SSL session info: Caching certificate for w0f.lagged.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed info: Loading facts in snmpd info: Loading facts in diskdrives info: Loading facts in snmpd info: Loading facts in diskdrives err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet certificate
What version of Puppet are you using? The old method of doing this had a serious security problem, so the newer releases have a different config method for assigning the acceptable aliases for a cert. On Wed, Nov 2, 2011 at 11:26 AM, TFML mailingl...@theflux.net wrote: I'm curious... the server FQDN is puppetmaster.lagged.com but I have the server as puppet.lagged.com, can that be the cause of the problem? If so how would I create the certificate to be valid for puppet.lagged.com and not be puppetmaster.lagged.com On Nov 2, 2011, at 2:01 PM, Aaron Grewell wrote: When I did this in my test environment I removed the entire contents of the ssldir from the client to make sure that both the client server cert were pulled down anew. On Wed, Nov 2, 2011 at 10:25 AM, TFML mailingl...@theflux.net wrote: I'm running in circles with this issue... I accidentally did a 'puppetca --clean --all' and lost all certificates. I was able to get the puppetmaster running and re-created certificates for the client system, but I get the following error: warning: peer certificate won't be verified in this SSL session info: Caching certificate for w0f.lagged.com info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet.lagged.com/plugins: certificate verify failed info: Loading facts in snmpd info: Loading facts in diskdrives info: Loading facts in snmpd info: Loading facts in diskdrives err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
If tomcat::enable is in a separate file you'll want to 'include' it in tomcat::server to ensure it's in scope. On Thu, Oct 20, 2011 at 4:27 PM, Douglas Garstang doug.garst...@gmail.com wrote: Thanks, tried that. I moved the tomcat service out of tomcat::server into tomcat::enable, but... I had this in my tomcat::server class: File { require = Package['apache-tomcat6'], before = Service['tomcat'] } which now doesn't work, because it can't find the tomcat service. I tried this: File { require = Package['apache-tomcat6'], before = Class['tomcat::enable'] #Service['tomcat'] } but puppet complains Could not find dependent Class[Tomcat::Enable]. Any ideas? Doug. On Thu, Oct 20, 2011 at 2:46 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I suspect you may want a separate class, something like tomcat::enable to handle the service independently. On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have a tomcat module, and another module, containing a tomcat application called OpenAM. In the OpenAM module, I 'require' the tomcat module, which ensures that all the tomcat bits are in place before trying to install the OpenAM bits. That works great except the tomcat bits includes the tomcat service. I want the OpenAM module to require the tomcat module, but I don't want the tomcat service to start until the OpenAM module is complete. What's the best practice way to arrange this? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
True. But your 'before' already creates that dependency. Instead try using 'require' in tomcat::enable. tomcat::enable should depend upon tomcat::server but not vice-versa in order to make this work. On Fri, Oct 21, 2011 at 1:50 PM, Douglas Garstang doug.garst...@gmail.com wrote: Isn't the net result of including something the same as it's really there already? If so, the final result is the same... the service resource ends up in the tomcat::server class no? Doug. On Fri, Oct 21, 2011 at 10:25 AM, Aaron Grewell aaron.grew...@gmail.com wrote: If tomcat::enable is in a separate file you'll want to 'include' it in tomcat::server to ensure it's in scope. On Thu, Oct 20, 2011 at 4:27 PM, Douglas Garstang doug.garst...@gmail.com wrote: Thanks, tried that. I moved the tomcat service out of tomcat::server into tomcat::enable, but... I had this in my tomcat::server class: File { require = Package['apache-tomcat6'], before = Service['tomcat'] } which now doesn't work, because it can't find the tomcat service. I tried this: File { require = Package['apache-tomcat6'], before = Class['tomcat::enable'] #Service['tomcat'] } but puppet complains Could not find dependent Class[Tomcat::Enable]. Any ideas? Doug. On Thu, Oct 20, 2011 at 2:46 PM, Aaron Grewell aaron.grew...@gmail.com wrote: I suspect you may want a separate class, something like tomcat::enable to handle the service independently. On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have a tomcat module, and another module, containing a tomcat application called OpenAM. In the OpenAM module, I 'require' the tomcat module, which ensures that all the tomcat bits are in place before trying to install the OpenAM bits. That works great except the tomcat bits includes the tomcat service. I want the OpenAM module to require the tomcat module, but I don't want the tomcat service to start until the OpenAM module is complete. What's the best practice way to arrange this? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Regards, Douglas Garstang http://www.linkedin.com/in/garstang Email: doug.garst...@gmail.com Cell: +1-805-340-5627 -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Module Dependency with a service
I suspect you may want a separate class, something like tomcat::enable to handle the service independently. On Thu, Oct 20, 2011 at 1:55 PM, Douglas Garstang doug.garst...@gmail.com wrote: All, I have a tomcat module, and another module, containing a tomcat application called OpenAM. In the OpenAM module, I 'require' the tomcat module, which ensures that all the tomcat bits are in place before trying to install the OpenAM bits. That works great except the tomcat bits includes the tomcat service. I want the OpenAM module to require the tomcat module, but I don't want the tomcat service to start until the OpenAM module is complete. What's the best practice way to arrange this? Doug. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Puppet node fails to pass facts to master
Make sure you have all the lsb packages installed. That's usually what causes LSB facts not to resolve. On Tue, Oct 18, 2011 at 6:22 AM, Yann H y...@plista.com wrote: Hello Puppet list, I am taking over the puppet configuration of a sysadmin who left, and am having troubles deploying puppet to a new node. We are using puppet v2.7.3 both on the client and the puppetmaster, on Ubuntu 10.10. The node asks for a certificate fine, and I signed it on the puppetmaster. For the following logs extract I ve replaced the FQDN of my node by puppet.example.com. When doing a puppet run I am getting the following error: err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to parse template linux/dput.cf.erb: Could not find value for 'lsbdistid' at 2:/etc/puppet/modules/linux/templates/ dput.cf.erb at /etc/puppet/modules/linux/manifests/dput.pp:7 on node puppetnode.example.com The line in dput.cf.erb is this one: # packages for %= lsbdistid % to a private repository (not the official So I guess there is a problem passing the $lsbdistid variable. Before I had another related error, it was complaining here: content = template($operatingsystem ? { Debian = root/profile-linux.erb, Ubuntu = root/profile-linux.erb, OpenBSD = root/profile-openbsd.erb, default = root/profile.erb }), That root/profile.erb didn´ t exist. It is true it didn´ t exist, but being an Ubuntu node, it should ave picked the root/profile-linux.erb one, so I guess the $operatingsystem variable is not being passed correctly. On the puppetmaster I can see this: Oct 18 14:49:41 p41 puppet-master[6001]: Host is missing hostname and/ or domain: puppetnode.example.com So I guess it is complaining because the puppet node is not passing the appropriate facts... However on the puppet node: root@plista47 /etc/puppet # sudo facter -p | egrep (operatingsystem| lsbdistid|hostname|domain) domain = example.com hostname = puppetnode lsbdistid = Ubuntu operatingsystem = Ubuntu operatingsystemrelease = 10.10 There is no file for that node in /var/lib/puppet/yaml/facts/ . Puppetnode.example.com resolves both on the server and the client, as well as puppetnode, to the external IP address of the puppet node. My best guess is that for some reason, the client fails to send its facts to the master, and the master fails to compile because of this. I am out of ideas as to why this is happening though... Hope someone here will be more inspired! Thanks -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Puppet on Centos 6.0
It also depends on how many machines you're managing. If you've got very many I'm with John: don't cross the streams. It's so easy to make RPMs from gems that there's really no reason not to if you need a newer version than what's provided. On Tue, Oct 18, 2011 at 10:14 AM, Craig White craig.wh...@ttiltd.com wrote: On Oct 18, 2011, at 6:19 AM, jcbollinger wrote: On Oct 17, 3:03 pm, Russell Van Tassell russel...@gmail.com wrote: Personally, I've had better luck letting gem managed its own gems, rather than depending on Yum repositories (specifically on CentOS). I'd take a list of the Ruby gems you've installed via rpm (rpm -q -a | grep ruby) and then consider installing them directly, as so: % sudo gem install mysql % sudo gem list I, on the other hand, would recommend avoiding gems altogether if you're using the system's Ruby (i.e. one you installed from an RPM, whether via yum or otherwise). Ruby modules installed via RPM are not (should not be) gems. Using both gem and rpm to manage the same Ruby installation is begging for trouble. probably depends upon your ruby needs. If all you need is puppet then this might be reasonable but if you are actually doing anything else with ruby, you are going to need access to many gems that aren't going to be available in rpm packages or like many other things with OS distribution packages, may be very outdated. The ruby community has been extremely active in solving the complexities involved in deploying all things ruby and things like bundler and gem clearly are more versatile on virtually every platform. Craig -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Issues switching over to using environments
No, as I understand it environments are designed to be completely independent of one another. The idea is that you wouldn't want changes in testing or qa to be able to affect production for any reason. So it's expected that there would be duplication across environments due to SLA differences between the environments. On Tue, Oct 11, 2011 at 6:29 PM, Gonzalo Servat gser...@gmail.com wrote: Thanks Dan. I thought Puppet may have a way to automagically search for a file based on environment first (e.g. modules/nfs/$environment/foo), then a default as specified by source (e.g. modules/nfs/foo). I can see how what you pasted helps, but it could become tedious having to specify the search path in various places. On Wed, Oct 12, 2011 at 12:14 PM, Dan White y...@comcast.net wrote: http://docs.puppetlabs.com/references/stable/type.html#file under source If you specify multiple file sources for a file, then the first source that exists will be used. This allows you to specify what amount to search paths for files: file { /path/to/my/file: source = [ /modules/nfs/files/file.$host, /modules/nfs/files/file.$operatingsystem, /modules/nfs/files/file ] } This will use the first found file as the source. On Oct 11, 2011, at 5:43 PM, Gonzalo Servat wrote: Somewhat related to this, is there a way for Puppet to source files in this manner: First: /etc/puppet/modules/module/$environment/file Default: /etc/puppet/modules/module/file Just to avoid having the same directory structure under /etc/puppet/$environment/ as Deven has done. Best regards, Gonzalo On Wed, Oct 12, 2011 at 8:26 AM, Deven Phillips deven.phill...@gmail.com wrote: Jacob, That was the problem!! Thanks so much for the help. And Aaron and everyone else as well. Much appreciated!! Deven On Tue, Oct 11, 2011 at 3:56 PM, Deven Phillips deven.phill...@gmail.com wrote: Trying that out now.. I will respond back in a bit with results. Thanks!!! Deven On Tue, Oct 11, 2011 at 3:42 PM, Jacob Helwig ja...@puppetlabs.com wrote: The layout should look something more like this: /etc/puppet/prod/modules/$module_name/files/generic_node/etc/ssh/sshd_config With the source lines looking like: puppet://lou1/modules/$module_name/generic_node/etc/ssh/sshd_config If you wanted 'generic_node' to be the name of the module, then you'd have the layout as /etc/puppet/prod/modules/generic_node/files/etc/ssh/sshd_config and the source line as puppet://lou1/modules/generic_node/etc/ssh/sshd_config -- Jacob Helwig On Tue, 11 Oct 2011 15:26:16 -0400, Deven Phillips wrote: Date: Tue, 11 Oct 2011 15:26:16 -0400 From: Deven Phillips deven.phill...@gmail.com To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Issues switching over to using environments Message-ID: cajw+4nd2kwpgc5-mre1k23of_ym9equbaa+09xmukzkou-o...@mail.gmail.com The manifest which calls this looks like: file {/etc/ssh/sshd_config: owner = root, group = root, mode= 0644, ensure = present, source = puppet://lou1/modules/files/generic_node/etc/ssh/sshd_config, require = Package['openssh'], notify = Service['ssh'], } And the current error on the agent node shows: err: /Stage[main]/Secureshell/File[/etc/ssh/sshd_config]: Could not evaluate: Could not retrieve information from environment production source(s) puppet://lou1/modules/files/generic_node/etc/ssh/sshd_config at /etc/puppet/prod/manifests/classes/ssh.pp:55 TIA, Deven On Tue, Oct 11, 2011 at 3:23 PM, Deven Phillips deven.phill...@gmail.com wrote: Nope, that didn't seem to help the way I tried it... So, here's my layout: /etc/puppet/ prod/ modules/ files/ generic_node/ etc/ ssh/ sshd_config From a machine which is using production as it's environment, and production points to prod/modules for it's modules; I still get errors trying to get the sshd_config file. TIA!! Deven -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at
Re: [Puppet Users] file server not right directory?
IIRC the mysql user gets created by the mysql rpm, so your file will have to require Package['mysql-server'] and possibly mysql-client as well. On Wed, Oct 12, 2011 at 3:09 PM, olympus stance olympus.sta...@gmail.comwrote: Hello Nathan, I tried that: here is mysql-server.pp --- class mysql-server { package { mysql-server: ensure = installed } package { mysql-client: ensure = installed } service { mysql: enable = true, require = Package[mysql-server], } file { /etc/mysql: ensure = directory, mode = 0755, owner = root, group = root, } file { /etc/mysql/my.cnf: source = puppet:///modules/mysql-server/my.cnf, owner = mysql, group = mysql, mode = 644, notify = Service[mysql], require = File[/etc/mysql] } exec { set-mysql-password: path = [/bin, /usr/bin], command = mysqladmin -uroot password secret, } exec { set-nagios-password: path = [/bin, /usr/bin], command = /usr/bin/mysql -u root -e \CREATE USER 'nagios'@'%' IDENTIFIED BY 'secret';\, } } Here is is the output on the client: --- root@pclient:~# puppetd --no-daemonize --verbose notice: Starting Puppet client version 2.7.5 info: Caching catalog for pclient.local.net info: Applying configuration version '1318457031' notice: /Stage[main]/Mysql-server/File[/etc/mysql]/ensure: created err: /Stage[main]/Mysql-server/File[/etc/mysql/my.cnf]/ensure: change from absent to file failed: Could not set 'file on ensure: Could not find user mysql at /etc/puppet/modules/mysql-server/manifests/init.pp:23 notice: /Stage[main]/Mysql-server/Package[mysql-client]/ensure: ensure changed 'purged' to 'present' notice: /Stage[main]/Mysql-server/Package[mysql-server]/ensure: ensure changed 'purged' to 'present' notice: /Stage[main]/Mysql-server/Exec[set-nagios-password]/returns: executed successfully info: FileBucket adding {md5}1090e28a70ebaae872c2ec78894f49eb info: /Stage[main]/Sudo/File[/etc/sudoers]: Filebucketed /etc/sudoers to main with sum 1090e28a70ebaae872c2ec78894f49eb notice: /Stage[main]/Sudo/File[/etc/sudoers]/content: content changed '{md5}1090e28a70ebaae872c2ec78894f49eb' to '{md5}36bd2385741a3f03c08b7b6729ae8df5' notice: /Stage[main]/Mysql-server/Exec[set-mysql-password]/returns: executed successfully notice: /Stage[main]/Mysql-server/Service[mysql]: Dependency File[/etc/mysql/my.cnf] has failures: true warning: /Stage[main]/Mysql-server/Service[mysql]: Skipping because of failed dependencies info: Creating state file /var/lib/puppet/state/state.yaml notice: Finished catalog run in 28.63 seconds Note that mysql does run and i am able to log into it, but my.cnf does not get imported On Wed, Oct 12, 2011 at 5:55 PM, Nathan Clemons nat...@livemocha.comwrote: Try: file { /etc/mysql: ensure = directory, mode = 0755, owner = root, group = root, } file { /etc/mysql/my.cnf: source = puppet:///modules/mysql-server/my.cnf, owner = mysql, group = mysql, mode = 644, notify = Service[mysql], require = File[/etc/mysql] } -- Nathan Clemons http://www.livemocha.com The worlds largest online language learning community On Wed, Oct 12, 2011 at 2:49 PM, olympus stance olympus.sta...@gmail.com wrote: Hi Jacob, My init.pp file is a symbolic link to the mysql-server.pp in the classes directory. It looks like this: --- class mysql-server { package { mysql-server: ensure = installed } package { mysql-client: ensure = installed } service { mysql: enable = false, require = Package[mysql-server], } file { /etc/mysql/my.cnf: source = puppet:///modules/mysql-server/my.cnf, owner = mysql, group = mysql, mode = 644, notify = Service[mysql], } exec { run-mysqld: path = [/bin, /usr/sbin], command = /usr/sbin/mysqld , } exec { set-mysql-password: path = [/bin, /usr/bin], command = mysqladmin -uroot password secret, } exec { set-nagios-password: path = [/bin, /usr/bin], command = /usr/bin/mysql -u root -e \CREATE USER 'nagios'@'%' IDENTIFIED BY 'secret';\, } } --- It looks like it does indeed try to create the my.cnf file before mysql gets installed. How can i rectify that Thanks!! On Wed, Oct 12, 2011 at 5:37 PM, Jacob Helwig ja...@puppetlabs.comwrote: On Wed, 12 Oct 2011 14:33:47 -0700, John Bower wrote: Hello, I'm trying to share a file between the client and the server. On the server the file is located at: /etc/puppet/modules/mysql-server/ files/my.cnf the code that references to this file is as follows: file { /etc/mysql/my.cnf: source = puppet:///modules/mysql-server/my.cnf,
Re: [Puppet Users] update vulnerable packages only if installed
AFAIK there's no native way. I would do this with a set of defines wrapped around the yum-security package (which allows you to list and operate on security updates only). On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett jrh...@netconsonance.com wrote: Am I overlooking a native way to update vulnerable packages only if they are already installed? There's no option to set a package to 'latest' only if installed. OnlyIf and Unless don't operate on package resources. (Yum/CentOS but I imagine the issue is the same for all platforms) No, running a yum upgrade all is not plausible. Maintaining a list of packages which should be upgraded is plausible and expected. The obvious thing seems to be creatinga ruby fact that loads all packages into facts and then doing the logic based around that, but Luke and other have expressed concerns over doing this in the past. Is there a better way? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] update vulnerable packages only if installed
How annoying. You could hack it up after installing yum-changelog with 'yum changelog 1 package | grep CVE' I guess. Not pretty. On Mon, Oct 10, 2011 at 2:36 PM, Jo Rhett jrh...@netconsonance.com wrote: yum-security doesn't work with CentOS. On Oct 10, 2011, at 1:18 PM, Aaron Grewell wrote: AFAIK there's no native way. I would do this with a set of defines wrapped around the yum-security package (which allows you to list and operate on security updates only). On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett jrh...@netconsonance.comwrote: Am I overlooking a native way to update vulnerable packages only if they are already installed? There's no option to set a package to 'latest' only if installed. OnlyIf and Unless don't operate on package resources. (Yum/CentOS but I imagine the issue is the same for all platforms) No, running a yum upgrade all is not plausible. Maintaining a list of packages which should be upgraded is plausible and expected. The obvious thing seems to be creatinga ruby fact that loads all packages into facts and then doing the logic based around that, but Luke and other have expressed concerns over doing this in the past. Is there a better way? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with sensitive data
Sure, but that doesn't really address the issue (at least not out-of-box). Hiera puts your data outside your manifests, but at least in our case it's still in revision control. Are you putting your Hiera data elsewhere? If so, how do you control access to it? This came up recently for us as well so I've been poking around. I see there's a project for this sort of thing: https://github.com/duritong/trocla It looks interesting, but I haven't tried it. On Mon, Oct 3, 2011 at 3:03 PM, Bruno Leon nonolem...@gmail.com wrote: Have a look at hiera. -- Bruno On 11-10-03 06:02 PM, Alan Evans wrote: Puppet Uesrs, How do you deal with sensitive data in your puppet config that does not belong in revision control? Think about things like SSL keys or passwords. i.e. /etc/ldap.conf ... binddn cn=foo,dc=example,dc=com bindpw mysocratesnote ... As of now we store the bindpw as a variable then reference that in a template. But this means that bindpw exists in our node definitions since there are different pws for different groups of hosts. Regards, -Alan -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@** googlegroups.com puppet-users%2bunsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/** group/puppet-users?hl=enhttp://groups.google.com/group/puppet-users?hl=en . -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Dealing with sensitive data
Now that sounds cool. On Mon, Oct 3, 2011 at 3:42 PM, R.I.Pienaar r...@devco.net wrote: it would be pretty trivial to create an encrypted hiera backend that can only be decrypted by machines that have a key stored on their disks. You'd check into SCM the encrypted file and on your masters store the decrypt key -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: Hostname fact doesn't handle hostnames with periods
I'd prefer that the existing behavior remain the same and that a new fact be added for those that require it. I'd rather not have to interrogate a hypothetical Facter config file to determine what it means by 'hostname' on each given system. On Fri, Sep 30, 2011 at 10:49 AM, Ken Barber k...@puppetlabs.com wrote: So the two solutions I'm groking from this conversation are: 1) New fact that maps closer to the 'hostname' command (for example) 2) Configuration item that changes behaviour of the hostname fact. Obviously we don't support configuration specifically in facter at this point - but ignoring that for now - what would people prefer? What would create the least amount of surprise? Or is there more options available ... ken. On Fri, Sep 30, 2011 at 12:40 AM, easybeats dext...@gmail.com wrote: Just to weigh into the debate. To give the Unix administrator choice to set the hostname to what they determine falls into line with what Unix already provides. Generally whether its a bad or good decision to use the returned uname() system call variable or uname() regexed to the first dot its up to the application. I would argue it should be a per site decision through a configuration parameter as to what they deem to be the hostname. Yes there certainly are RFCs that outline best practice but an administrator may decide to go against RFCs based on a company/individual decision (Take SMTP servers switching on RFC filters or disabling). I think that facter should empower the administrator to make that decision making them own the issue. IE some applications that adhere to this... Linux Kernel - # hostname myhost.dev.domain.site # sysctl -n kernel.hostname myhost.dev.domain.site # hostname myhost.dev # sysctl -n kernel.hostname myhost.dev # hostname myhost # sysctl -n kernel.hostname myhost bash - From the bash man page \H the hostname (IE Because of no qualification, it considers this to be the hostname not the short form of it) \h the hostname up to the first `.' A site admin is allowed the flexability to set either PS1=\u@\H (username + value in kernel.hostname) or PS1=\u@\h (username + value to the first dot of kernel.hostname) Anything that uses the uname system call will more than likely use the struct value directly (I would suspect this to be the vast majority of Unix applications). If application owner decides to use the short from they would employ a regex to the first dot. So in this vain of empowering the puppet user... A suggestion of a configuration parameter (possibly as another fact itself or in a configuration file) IE hostname_shortform = true | 1(Default value) hostname_shortform = false | 0 (Set by the user) This would allow the puppet user to decide what goes into facter and ultimately their application configuration files, whether its the short form or standard hostname let them take the credit or hang themselves. -Dex -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] What's the best way to deal with multiple OS's
We use different manifests per OS. It makes the underlying logic much simpler, and is easily called by using either the 'kernel' fact or the 'operatingsystem' fact depending. For things that are the same across supported Linuxes but different on Solaris: include module::$kernel Where moduledir/manifests contains linux.pp and sunos.pp. For things that differ between Linuxes as well: include module::$operatingsystem Where moduledir/manifests contains redhat.pp, oel.pp, solaris.pp On Fri, Sep 30, 2011 at 11:33 AM, Jeff Falgout jtfalg...@gmail.com wrote: We're in the situation of dealing with multiple operating systems (and will likely add another) and I'm quickly realizing that building logic in the manifest to deal with the differences in Red Hat i386 vs Red Hat x86_64 vs SuSE i586 vs SuSE x86_64 vs Mac is getting tedious. For instance, in the sshd_config: SLES i586 has the sftp-server binary in a different path than the x86_64 version and it's different than RHEL - so I end up with logic as such: # Set the SFTP Path if $lsbdistid == 'SUSE LINUX' { if $architecture == 'x86_64' { $sftppath = '/usr/lib64/ssh/sftp-server' } else { $sftppath = '/usr/lib/ssh/sftp-server' } } else { $sftppath = /usr/libexec/openssh/sftp-server } Is there a better way to deal with different OS's or is the long and winding road of config mgmt? Do people do something like: include ssh::server::$operatingsystem class ssh::server::RedHat { blah } class ssh::server::SLES { blah } Different modulepath? Different puppet servers based on OS? Cheers, Jeff -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Re: CPAN package provider?
Assuming cPanel's Perl isn't too special you might just grab the CentOS SRPM, tweak the dependencies so it will install, give it a custom version number and rebuild. You would then use Yum's version pinning module to block any patches for that specific package to avoid future issues. I totally understand the just make it work idea, but if you do that this system will always be broken. Eventually I find the broken ones come back and bite me... On Wed, Sep 28, 2011 at 7:47 AM, Jeffrey Ollie j...@ocjtech.us wrote: On Wed, Sep 28, 2011 at 9:33 AM, jcbollinger john.bollin...@stjude.org wrote: On Sep 27, 11:13 am, Aaron Grewell aaron.grew...@gmail.com wrote: We're not using CPAN. Modules are installed as RPMs in our environment. As it should be on an RPM-based distro. Yes, I wish it could be so... Unfortunately the one system that I need this for is running cPanel on a CentOS 5 system. cPanel installs its own custom Perl (as well as many other packages, including Ruby so I have to install Puppet and Facter via GEM rather than RPMs). I'm trying to get munin installed on this system so that I can monitor the system. Since cPanel installed a custom Perl the CentOS Perl module RPMs won't install. I strongly recommend installing software only via the system's native package manager. If you violate that by installing Perl itself some other way (e.g. manually), then anything goes for that Perl installation (or Ruby, Python, ...), but if you are using the system's Perl then you should use the system's Perl packages. If you need Perl modules not available pre-packaged then package them yourself; it's not that hard, especially if they are already available from CPAN. Doing otherwise introduces a significant risk of incompatibilities arising and even your Perl modules being mangled, plus it makes management more than twice as hard. I totally agree, but since I can't get rid of cPanel and I don't want to go to the trouble of building RPMs for just one system I'm kinda stuck doing it the wrong way. -- Jeff Ollie -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.